UID Resources

Please scroll down for updates (apologies in advance for the awful formatting)

Send me an email if you want to get involved. There’s also an active group in Bangalore. Most people who are actively following this debate are on the google group uid-indias-orwell. For others, look at the article list below.

There is little discussion or clarity about the UID project in mainstream media. Most newspaper reports are essentially excerpts from the draft approach document with little critical analysis. However, many people in the civil society are raising important questions about the project. These concerns are around two main themes: the potential use of the database by the State for repressive and undemocratic ends; and the monetization of the database for private profit. There are multiple issues under each that should have been debated in the public domain before going full steam on the project. Following are some critiques that discuss some less publicized aspects of the UID project. If you have any other resources, please email me or add in the comments section.

• UID – Issue Overview (Download as PDF) (NEW)
• Justifying the UIDAI – A Case Of PR Over Substance?, Ruchi Gupta (EPW) (NEW)
• Biometrics are “inherently fallible” – conclusion of a 5 year US study by the National Research Council commissioned by none other than CIA, amongst others (NEW)
• For comments on the draft NIA Bill, please scroll down to updates on July 13 and 14 (4 sets – me, Usha, Graham and CIS)
• Draft Right to Privacy Bill
• UID Press Conference – Statement, Signatures and Short Video Transcript
• Profile of First UID Number Recipient and Possible Ramifications
• Unique Identity Bill, Usha Ramanathan (EPW)
• The Foundations of Aadhaar, Himanshu (Mint)
• Not All That Unique, Reetika Khera (HT)
• UID An Assault On Individual Liberty (Business Standard)
• Reimagining Citizenship, Ravi Shukla (EPW)
• Sovereign State and Mobile Subjects, Anant Maringanti (EPW)
• The Personal is Personal, Usha Ramanathan (Indian Express)
• High cost; high risk, R. Ramakumar (Frontline)
• The Politics of Identity, Ruchi Gupta (Indian Express)
• The Tips of Your Fingers, Jay Griffiths (Orion)
• UID Critique
• A Gathering Storm – How UID Will Transform India Into A Police State
• Implications of Registering, Tracking and Profiling, Usha Ramanathan (Hindu)
• An evaluation of biometrical fingerprint systems, Ton van der Putte and Jeroen Keuning
• UID Numbers – A Discussion
• Eyeing IDs, Usha Ramanathan (Indian Express)
• Prof. Kundu on the exclusionary use of the UID project
• A National ID Card Won’t Make Us Safer (Bruce Schneier via Nikhil Tripathi) (Talks about ID cards but most logic holds)
• UID Debate in Bangalore – Agenda, Panelists and Videos

Archive of  all articles critical of UID / Aadhaar

UIDAI Documents here

An archive of all news reports, blog posts on UID here

Aadhaar / UID related tweets here

Video Excerpts from the UID Press Conference

Fallibility of Biometrics here

While the very concept of the UID project should have been discussed and debated in the civil society, given the advanced stage of the project (first #s expected between August 2010 – February 2011), complete transparency around the following questions is essential to ensure democratic end-use and rationalize costs.

Update (March 6, 2010): Response from Deepika Mogilishetty (Legal Advisor, UIDAI) in italics below

What is the primary purpose of the UID number – to improve delivery of government services or improve security (which could help identify illegal immigrants, purported naxals etc)? If the purpose depends on the organization, are there any in-built constraints to limit end use?

The primary purpose of the UID is to provide the infrastructure that will enable better delivery of services and benefits. The UID System is envisioned as a means for residents to easily establish their identity, anywhere in the country. The UID can have a significant impact on service delivery. In the UID system , each new entry is de-duplicated consequently, residents can only have one UID number, which is mobile and can be used anywhere in the country. The lack of duplicates, and accuracy and mobility in identity verification, would reduce opportunities for fraud and enable agencies across the country to provide residents with targeted, effective services and benefits.

Over the last week, there have been several policy statements such as the Economic Survey, Finance Commission Report and the Budget Speech of the Finance Minister, all of which clearly reflect the intent of improving services and the vision for the UID as an enabling infrastructure for targeted delivery of services.

Further, the information collected by the UIDAI is limited and does not throw light on where a person has come from and what they do.

What are the terms of the Mou’s signed with the different states so far?

The MOU’s are being discussed with State Governments once finalised will be made available as public documents.

What are the legislative and design safeguards to ensure that state and central governments do not use UID numbers to selectively track individuals/communities, and/or withhold/withdraw essential services?

The UID system has some basic features that will safeguard individuals and will be reflected in the legislative and regulatory framework:

• information on the UID database about the individual is limited and the sole purpose is to establish identity of the UID holder,
• authentication services of the UIDAI will respond with a yes or no in relation to queries about a UID holder,
• UID database will not hold information on religion, caste, community, etc.
• UID database will not be able to confirm anything else about the person other than their identity in relation to their UID number.
• there will be no data flow out of the UID database, except under due process of law (e.g. court order).
• UID database will not contain any transaction data.

As regards delivery of services, this is the responsibility of the service provider, if there is unjust denial or withdrawal of service that is a matter to be resolved with the service provider.

If there is a denial of service due to authentication problems, UIDAI will have sufficient support systems in place to resolve the matter in a quick and effective manner so as to avoid any inconvenience to the individual.

The legislative and regulatory framework for the UIDAI is being developed and will be put up for discussion, comments and input from the public.

What are the incentives (in addition to the ~100 as registration fee) provided to private operators (insurance, telecom and banks) to share their customer database with UIDAI? Additionally how will the Authority prevent data convergence by these registrars and other private organizations?

Anyone who wishes to have a UID number can approach a Registrar and enrol as per the procedure prescribed. People who choose to enrol give their information with the full knowledge that it is for the UID number. The UIDAI is not paying Registrar’s to share their customer databases. Registrar’s who partner with the UIDAI are doing so with the intent of providing enrolling services to people.

The mechanisms to compensate Registrars are being examined and will be made available once a final decision is taken.

The data collected by the UIDAI is for establishment of identity and authentication, the UID database will be secure and there will be strict protocols in place to protect against unauthorised access and use. Convergence of existing databases will need to be addressed and governed under a larger data protection regime applicable to the whole country and therefore this is a matter beyond the mandate of the UIDAI.

The approach document estimates annual savings of Rs. 20K crore by eliminating duplicates in state welfare schemes. What are the underlying assumptions and calculations for this number?

The sum of Rs 20,000 crores is an assumption which has been arrived at based on reports of the Planning Commission and Comptroller and Auditor General which have quantified leakages in the PDS system (food and fuel subsidies), NREGS.

Various reports peg UIDAI cost at Rs. 15K-30K crore. What are the Authority’s internal calculations and what are the measures/processes in place to ensure rationalization of expenditure incurred? Where has the money allocated last year been spent, and what is the targeted expenditure for the Rs. 1900 crore allocated in this year’s budget?

The accounts for last year will be finalised by the end of March and will be published as soon as it is available. We propose to put into the public domain a detailed plan for spending RS 1900 crores allocated in this year’s budget.

The complete budget of the UID project is in the process of being formulated and will be made public when the exercise has been completed.

Update (March 3):

Ravi Shukla argues that the UID will be be used “

as a node point bearing citizen data and therefore capable of operating  as a  facilitator and mediator of  market  information

[...] [to move the definition of a citizen]

to debt legible consumer citizen as opposed to the relatively more inclusive idea of the political citizen

.” (Reimagining Citizenship, EPW). The following

news report

in Economic Times supports his contention. UID #s will form the basis of collecting resident/citizen credit history to “score” their credit worthiness. This history is developed by information sharing by banks, telecoms, insurance etc companies thus essentially killing the individual’s right to privacy. Relevant excerpts below.A host of new credit information companies (CICs) are coming up to provide banks with a comprehensive database of borrowers’ track record. [...] Helping link the borrowers to their credit histories will be the Unique Identification Authority of India (UIDAI) with its social security-like number, which has received a government support of Rs 1,900 crore in the recent Budget. [...] Last week, the Reserve Bank of India (RBI) gave operating licence to Experian Credit Information Company [...] Experian is the first credit information company to receive operating licence after the Credit Information Companies (Regulation) Act was passed in May 2005. [...] Earlier in 2009 the central bank had given in-principle approvals to two companies — Equifax Credit Information Services and High Mark Credit Information Services. Both are expected to get full-fledged operational licences before the end of FY10. [...] CICs maintain a centralised database on borrowers and rate their creditworthiness based on the information on their existing liabilities and past repayment record. The scoring is based on the analysis of the information provided by banks, which have already extended credit facilities to the borrowers. If a borrower goes to multiple lenders, then new lenders will benefit from these scores while making a lending decision and pricing the loan appropriately.

The success of the model is based on information sharing between members

[emphasis added] — NBFCs and banks. While Cibil enjoys a patronage of 200 credit grantors as members and has a database of about 1.5 million credit accounts, Experian has already obtained commitments from 39 lenders, even before starting full operations. Though the CIC Act has similar provisions for telecom and insurance companies, these are yet to take off commercially.

Update (March 19)

UIDAI MoUs with MP and AP read section 9 (i), (j) and 10.

9 (i) states that the registrars can collect any additional information they may require in order to provide services. This renders the UIDAI assurance that only basic identity information will be collected (to prevent discriminatory profiling) useless.

9 (j) states that the registrar can charge the user a fee for UID enrollment. This is wrong because the beneficiary is essentially coerced into sharing the colossal costs of the UID project since service delivery will likely be made contingent on enrollment.

10 states that if UID is unhappy with the registrars (if processes and standards for enrollment are violated), then the Authority will make some attempt to work things out, failing which UIDAI “will have the option”  de-register registrar or demand replacement. What will happen to the users who are enrolled through this “de-registered” registrar? Will they need to be enrolled again? What about the services they are using in the meanwhile? Also, registrars will likely get some financial benefit for providing enrollment services – if a registrar is de-registered, what about the penalties?

Update (March 14)

Get fingerprinted or pay Rs. 1000 fine

Census, NPR and UID Related queestion: UIDAI is using the Census as a registrar. However, information in the Census will be recorded as given, without documentary proof or other verification checks. On the basis of this information, the UIDAI will de-duplicate the NPR and issue UID numbers. How will the verification and enrollment standards of UIDAI be met?

Update (March 15)

This surprised even me – apparently biometric readers accept even photocopied fingerprints.

Update (March 18)

Census to skip Naxal controlled villages This news is significant because the Census will feed into the NPR, which will then be used to issue ID cards and also a UID #. In fact Nilekani calls the Census an “important registrar“. Another news report above talks about a Rs. 1000 fine for refusing to participate in the Census. The two combined together will essentially criminalize those individuals who are left out of the Census/NPR exercise as evidenced by the ID card/UID #. In Chhattisgarh especially, a villager without n ID card can easily be labeled by the police as a Maoist.

Update (May 4)

Significant differences between UIDAI’s PR speak and their actions. Some examples below.
Stated Position  ->       Actual

1. Constitution by Parliament Act -> Plan Comm Notification
2. UID # will be voluntary -> Conflated with mandatory Census and NPR; registrars may mandate enrollment before providing service
3. UID # to improve delivery of welfare services -> UIDAI not responsible for any improvements/leakages. Home Ministry launching a fingerprint database for criminals (Rs. 15K fingerprint reader in each police station of 22 states)

4. Data collection restricted to basic identity info -> MoU with AP/MP states that registrars can collect additional info required by them
5. Individual privacy will be protected -> We have no privileged information since the data already exists in many public databases
6. UID # will be random with no intelligence in # itself -> 12 digit number with 4 hidden digits (for pin/residence)
7. UIDAI will ensure data quality -> Registrar responsible for data quality; UIDAI and registrar not liable in case of intentional fraud by user

Update (May 5)

“The UIDAI would be proposing a UIDAI Act to provide for statutory powers and responsibilities to the authority. This Act would address the issues of privacy and data security of the UIDAI database,” Mr Nilekani said. This Act if it is to be meaningful and truly intended for regulation and not just parliamentary sanction for UIDAI must include certain safeguards to preemptively block certain types of usage, and protect the public in case of misuse or implementation glitches. Some draft UID-LegislativeSafeguards

Update (May 11)

UIDAI CSO meeting in Delhi on May 6h. Discussion was around three main areas: potential misuse (privacy, security etc); implementation ((in)efficiency of registrars; exclusion of marginalized groups like homeless, remote rural etc); and technological (feasibility; open-source software etc). Since there were around 35 people with diverse interests, the discussion wasn’t focused; however the following was agreed upon:

- UIDAI will share draft of UIDAI Act before submitting to govt (news report here)

- UIDAI will redesign website for RTI Section 4 compliance

- Future CSO meetings will be organized around specific interests – technology, economics, security concerns etc

- UIDAI will list concerns raised in previous CSO meetings and actions/decisions taken for each on their website

Update (May 12)

PM okays NATGRID despite opposition by Pranab (violation of privacy) and Antony (existing Joint Intelligence Committee satisfactory). Chidambaram, our resident human rights advocate says  “The NatGrid will provide a system of information to all the agencies about any person the moment a button is pressed,” and “country can’t pay price in name of privacy”

UK moves to cancel National Identity Cards and National Identity Register: Both Parties that now form the new Government stated in their manifestos that they will cancel Identity Cards and the National Identity Register. We will announce in due course how this will be achieved.

Update (June 02)

Committee comprising officials from the Prime Minister’s office (PMO), home ministry, planning commission and the UIDAI to review UID.

“Even if iris leads to de-duplication with 99 per cent accuracy, given the fact that close to 60 crore people to be given the UID number, will this level of accuracy be acceptable especially in matters related to security?” said the source.

“Therefore, the planning commission has to keep in mind that over the next five years, the cost of the UIDAI to be borne by the public exchequer would be in the range of Rs 35,000-40,000 crore (this cost is estimated for enrollment of 60 crore people -> total cost of project at least Rs. 70-80K crores). Before deciding on enhancing the scope of the UIDAI and prescribing the most stringent standards, the government’s ability to finance such an exercise also needs to be considered,” an official in the planning commission said.

Update (June 02)

UIDAI CSO Meeting on May 6th – Minutes

Update (June 21)

Responses received from Raju Rajagopal and Srikanth Nadamuni

Raja Rajagopal

1. All the CSO meeting notes are now up on the UIDAI website. As for action taken, I am not sure that the earlier meeting action items were specific enough to track point by point, but I do plan to write a consolidated action taken report soon. We will, however, start with the May 6th meeting notes for a point by point update as action is taken.

2. We have been striving to get the UID draft law into shape for public comment and expect it to be available very soon. FAQs will be updated once the UID Law is out for comments.

3. Srikanth Nadhamuni heads up the technology group (he was at the May 6th meeting, as you may recall). You may reach him at srikanth@egovernments.org. By copy of this e-mail, I am forwarding to him the technology/biometrics related questions you have asked.

4. Re:NPR and UIDAI, as our DG mentioned on May 6th, there is a joint institutional mechanism set up to go into the details and we will update our FAQs as we get better clarity on the interfaces.

5. I understand that a third party vendor is about to commence work on redesigning the UIDAI website soon. If you have a specific list of criteria to make the website RTI compliant, please do share them with us so we can discuss them with the vendor. At some point in the next few weeks, I do plan to come and meet Nikhil, Shekar and other MKSS folks for a follow up discussion of the May 6th dialogue.

6. As for your questions related to budgets and other matters, responses to which will involve several disciplines with UIDAI, I plan to internally discuss practical mechanisms to respond to questions from CSOs and citizens, and I will get back to you. That aside, UIDAI has not been routinely responding to news reports such as the one you have referred to.

Srikanth Nadamuni

• UIDAI is using the Census as a registrar. However, information in the Census will be recorded as given, without documentary proof or other verification checks. On the basis of this information, the UIDAI will de-duplicate the NPR and issue UID numbers. How will this verification and enrollment standards of the UIDAI be met?

The FARs and FRRs have to be tuned as the system is operationalized for best results.

A very good question, The NPR exercise does incorporate a verification check, although it is not based on documentary proof. The process of verifying enrolments in the NPR is based on public display of the name and other fields with photograph at the village, any corrections that gets reported will get incorporated and only the verified list is sent to UID for enrolment.

1. As per the Iris Paper, 10 fingerprints would yield de-duplication accuracy of 95%; the addition of iris scan will improve accuracy up to 99% (though the committee declines to make an accuracy prediction). Even assuming a 1% error rate, on a population size of 1.2B, this is still 12M errors (the incidence of error will be likely highest in poor rural areas given the quality of data collection and bad fingerprints). The UIDAI position seems to be that corrections/updation will be initiated by the user – are there any supplementary mechanisms?

There are 2 kinds of errors that can exist in such a biometric system:

1)FAR – False Acceptance Rate – The system falsely accepting person A for person B since their biometrics are very similar.

2)FRR – False Reject Rate – The system falsely rejects the biometrics from the same person as not matching.

The FAR and FRR of a biometric system are inversely proportional to each other (if you try to get better FAR, the FRR increases and the vice versa). In order to maintain a high level of accuracy as well as to reduce vendor lock-in we are designing 2 different sub-systems for ‘enrolment’(needs better FRR) and ‘authentication’(needs better FAR).

As you will see from the “UID Biometric Design Standards” report page 44( biometric accuracy) that with 10 fingerprints the FAR error is close to zero, this is relevant during ‘authentication’ another important consideration is UID authentication takes the UID number and the biometrics, which means we pull up the resident’s record and simply match the captured fingerprint against the 10 for that person only – a lot simpler problem, WE ARE NOT COMPARING THE FINGERPRINTS AGAINST 1.2BILLION PEOPLE during authentication.

During enrolment when we de-duplicate the enrolment records to maintain uniqueness, here the FRR become more important(don’t want to accept 2 duplicate biometric records as different and hence not catch a duplicate enrolment), but since the enrolment sub-system is quite separate from authentication we can try and improve FRR without any need to keep FAR low.

Update June 30

Email from Raju Rajagopal (CSO Coordinator)

Dear Friends,

It has been several weeks since our meeting in Delhi, so I thought I would share a brief update with you on several fronts:

1. The draft ‘National Identification Authority of India Bill 2010′ is now ready for public comments and has been posted on the UIDAI website under ‘Latest News’ and under the ‘Legislation/Guidelines’ tab. We expect a great deal of interest in the draft law and we would appreciate it if you could share it with your outreach domain to help us elicit civil society responses rapidly.

2. A larger national policy on data privacy was a topic discussed at the May meeting. In this connection I would like to refer you to a recent announcement headlined “New law to protect individual privacy — Govt sets up panel to prepare blueprint after concerns over immense amount of data govt proposes to collect”
http://www.livemint.com/2010/06/20225220/New-law-to-protect-individual.html

3. A separate space for CSO interactions has been created on our website and detailed notes from all the past CSO meetings as well as the May 6th meeting have been posted. We intend to update these notes with Action-Taken notes in the coming weeks and months.

4. A vendor (TCS) has been selected for redesigning our website, and we are now seeking specific input and shared experiences to help us towards our commitment to make UIDAI website RTI compliant. There will also be a Hindi version of the website, and other language versions will follow.

5. On the technology side, we are hoping to organize an open house in the next few weeks in Bangalore and our technology team will be on hand to answer any questions. Please look forward to an announcement in this regard.

6. We continue to press forward with CSO consultations, especially with groups representing marginalized and vulnerable communities. Our most recent meeting was with the advocates for the 100 million or so migrant labour, a growing segment of our work force, for whom lack of transportable identity documents has meant being left out of their entitlements and services both at the source and at their destination states. We expect to broaden our discussion with CSOs representing other neglected sections of our society, such as the homeless, children, aged/widows, and nomadic tribes in the coming weeks to ensure that they are enrolled in Aadhaar on a priority basis.

7. We now have a defined communication strategy for Aadhaar, which may be found on our website at:http://uidai.gov.in/documents/AADHAAR_PDF.pdf

8. We are in the process of setting up a call center to answer questions related to Aadhaar.

Please do keep in touch with us as the Aadhaar pilot roll-out begins in the next few weeks and please continue to share with us your views on opportunities, concerns, and challenges as we move forward.

Best Regards,

Raju Rajagopal

Civil Society Outreach Coordinator, UIDAI

Update July 13

NIA Draft Bill. Brief comments (for detailed list, please download below)

The Bill states that the purpose of the identification numbers issues by the National Identification Authority (NIA) is to “facilitate access to benefits and services”. The range of services where these identification numbers will be used need to be explicitly defined, benefits quantified and the associated costs calculated.

Further, given that the identification numbers (UID) are being issued to facilitate access for the beneficiary, enrollment for a identification number must be 100% voluntary (for all services, regions, in the present and future). Given the voluntary nature of the UID number and its beneficent purpose for the enrolled individual, legislation should include only the essential enabling framework to realize benefits and safeguards against the misuse of the UID number and its database.

The comments on the draft NIA Bill have been made keeping the above in mind. It is also suggested that comments and feedback received on the draft NIA Bill must be made available to the public through the UIDAI website. Further a public meeting should be held to discuss comments received to develop public consensus. Last, the two-week window for comments should be extended to allow other interested persons to send feedback.

___________________________________

The main Sections of the Act, which need amendment/further specification, are summarized below. Detailed comments follow.

1.The National Identification Authority of India Bill, 2010 (NIA Bill) appears to be largely aimed at achieving statutory status for the Authority rather than its regulation

2.The Bill does not contain details of implementation, which are covered by the phrase, “as may be specified by regulations”. Parallel draft regulations should be put out for public review since potential for misuse is contingent on the details of implementation and safeguards included therein

3.Safeguards against misuse of UID numbers must be included in the Bill (see enclosure: 0713_UID_LegislativeSafeguards)

4.Clause 32(1) and 33(b) in conjunction are tantamount to tracking of individuals by the State. Further these two clauses have no relevance to the stated purpose of improving delivery of welfare services, and must be deleted

5.An explicit list should be made and included in the Act, for which UID numbers can be used. Any other use should be barred and enforced with strict penalties

6.UIDAI assumes no liability for any consequences to due security breach/inaccuracies. Moreover clause (46) gives it sole locus standing to move court. This clause must be deleted

7.The National Identification Authority must be an autonomous body, completely independent of the Central and state governments. The NIA must be answerable only to the Judiciary as per the provisions of the Act.

Comments and email sent to UIDAI

Dear Deepika Mittal:

I am attaching comments on the Draft NIA BIll, 2010, and suggested LegislativeSafeguards to include in the Bill. Please let us know the next steps and associated timelines with reference to the Bill.

Further, I think it will be useful if the comments and feedback received on the draft NIA Bill were made available to the public through the UIDAI website; and if a public meeting could be held on the same to develop public consensus.  Last, some interested persons have been unable to respond due to the short two-week window for comments – it will be helpful if the deadline for comments could be extended for at least another week.

Thank you,

Ruchi Gupta

Update July 14

Another set of comments on the Draft NIA Bill by Prof. Graham Greenleaf <graham@austlii.edu.au>. He has also asked UIDAI to publish all comments received.

Dear Ms Mittal

Please find attached my submission and covering letter.

Could you please confirm they have been received.

Will  you be publishing submissions on your website? If so, you have my consent to publish both documents.

I hope you do publish submissions, as it will allow all those who have submitted, and other interested parties, to be better informed.

Regards,

Graham Greenleaf
–
Graham Greenleaf AM
Professor of Law

Faculty of Law, University of New South Wales – Room 224   UNSW SYDNEY NSW 2052  Australia (UNSW CRICOS Provider No: 00098G)
Co-Director, Australasian Legal Information Institute (AustLII)
Co-Director, Cyberspace Law and Policy Centre
Asia-Pacific Editor, Privacy Laws & Business InternationalInternational Scholar, Kyung-Hee Law School, Seoul, Korea, 2009-10 Third set of comments on the draft NIA Bill here (Center for Internet and Society, Bangalore)

Update July 15

With reference to Draft NIA BIll (Clause 33b): “It remains to be seen whether the legislative process will continue to exempt CIDR from all laws concerning, say, requests for data concerning criminal suspects, where perhaps the authorities hold fingerprints of a suspect but no other identifying data. Will the Authority be able to deny them access to the fingerprint matching which could disclose the name, addresses, photo, telephone number and email address of such wanted persons? It is also not unreasonable to ask whether, even if the first version of the legislation does do this, will it continue unamended?”, Graham Green, in response to the Draft NIA Bill. Download paper (recommended read)

Related: Ajay Maken recently announced fingerprinting in all police stations of the country, allocating Rs. 15K per police station to buy biometric readers. With UID fingerprinting all residents of the country, there’s the risk of police lifting fingerprints from various crime scenes, and asking UIDAI to match against database to get names, address etc of all people. There are many problems with this – fingerprint matching is not 100% accurate and innocent people could be harassed (read this article: http://www.nature.com/news/2010/100317/full/464344a.html); second, more likely, ordinary people will become suspects just by virtue of having been present at the scene; third, this type of evidence could be manipulated in insurgent areas, esp. given poor accountability record of our law-and-order machinery.

July 16

Even individuals pro UID concept have serious misgivings about the registration process and the potential for exclusion therein. UIDAI enrollment model is two-step outsourcing – first to the Registrars (state government; banks etc), who will further outsource part/whole enrollment to enrollment agencies (EA). UIDAI has therefore put out a list of 221 agencies authorized for enrollment. These enrollment agencies  will be accountable not to UIDAI but to the Registrars, who will be accountable to UIDAI. Quick glance through the list – some of the qualified EAs include #21 Baruanagar Tea Estates; #34 Classic Coal P Ltd; #117 Manish Agarwal Engineers & Contractors; #160 Rhyme Organics & Chemicals Ltd; #163 Sagar Foods. Many of these will function in rural areas with low literacy rates. Each EA will incur a hardware cost of Rs. 3 lakhs and additional costs for training and space. UIDAI will pay EA for each enrollment. The eligibility threshold is just Rs. 50L turnover and 2-years of incorporation (see Amendments to RFE and Clarifications to Pre-Bid Queries for more details).

It’s very hard to imagine that all private companies (with a primary profit motive) will somehow fulfill their duties with complete honesty and sensitivity towards the marginalized enrollee.

July 22 

Email to UIDAI

Dear Raju:

Hope you’re well. Just wanted to check in with you regarding the status of a few things we discussed earlier:

1. Budget: You mentioned in your previous email the inability to provide details since it involved several disciplines within UIDAI. Since then news reports indicate that UIDAI submitted an annual budget of ~Rs. 7000 crore – can you please share?
2. FAQ section: You indicated that the FAQ will be updated once the draft law’s been put out. Please let us know the status. One FAQ that many people are interested in is the potential linkage between UID and the National Investigative Agency and/or NATGRID. This seems to be substantiated by the draft NIA Bill, specifically clause 32(1) and 33(b). Please do include this question in the update (and circulate response prior).
   
3. NIA Bill: Please let us know the next steps on the draft NIA Bill. Further, given the immense amount of interest in the Bill, it will be helpful if all the public comments received be uploaded online.
   
4. CSO Meetings: Finally, is the tech open house in Bangalore (and any other CSO meeting) finalized? If yes, please do update the website so that interested persons may participate. In addition, can you please upload the minutes of the CSO meeting on migrant labor that you mentioned in your last email.
   

Thanks,

Ruchi.

July 25

“From an e-governance perspective, if everything was in one place, a credit card company could access it, my own company could do a background check, anyone could go online and pull up my information—it would make a big difference.” Sunil Chandiramani, Partner, Ernst and Young

This sounds like assisted data convergence/state surveillance (“everything in one place”) available to private corporations (“company could do a background check”). And this is not random conjecture – E&Y was awarded the consulting contract by UID to design the roadmap for the UID project, so when E&Y’s UID point person makes this statement, it’s reasonable to assume that this is UIDAI’s official intent.

July 27

UIDAI’s presentation (May 20, 2010) at the committee to discuss Privacy Law states that UIDAI will not “keep data more than functional requirement”, and that UIDAI will not store transaction records (Slide #3: Data Protection in UIDAI).

This means that UIDAI thinks that storing transaction data both not a functional requirement and is a breach of individual privacy. However just about a month later (June 30, 2010), UIDAI inserted clause 32 (1) in its draft NIA Bill, which states “The Authority shall maintain details of every request for authentication of the identity of every aadhaar number holder and the response provided thereon by it in such manner and for such time as may be specified by regulations“.

Why the turnaround? Answer in Clause 33 (b) “information (including identity information)

may be disclosed “in the interests of national security”. Clearly transaction records are being saved for “national security” (NATGRID).

August 3

Have forwarded your request to attend the Aug 5th meeting to the organizers of the meeting. As for the budgets, the details will be on the new website to be into beta version very soon (August 15 as per phone conversation). NIA Law comments are being collated.

Best Regards,

Raju

Email to UIDAI

Thanks Raju.

Since the NIA Bill is already listed for introduction in the LS – are the collated comments going to be placed before the LS when the Bill is taken up, or is the Bill being pulled back to incorporate comments? Further I know of at least four sets of comments on the Bill – will there be a public meeting to understand different viewpoints/develop consensus?

Update (Sep 22)

RBI calls bankers meet on NatGrid and UID (same day but “separate” meeting): 

Update (Sep 22)

In a letter to banks, RBI has said the meeting is called to discuss NatGrid — for putting in place an automated system for sending queries by law enforcement agencies to banks and providing information by banks to such agencies. 

NatGrid is expected to collect information from different sources and authorities on individual record like land record, bank account, income tax record and insurance cover and this data will be available real time to intelligence agencies and thus help the home ministry to counter terrorism.

In a parallel development, RBI has also called a separate meeting with bank chiefs on the same day to discuss issues related to Unique Identity (UID) number which will also be attended by Nandan Nilekani, chairman of the Unique Identity Authority (UIDA).

Update (Sep 25)

Email to Raju Rajgopal (UIDAI CSO Ccordinator):

News reports indicate that the NIA Bill was approved by the Cabinet for introduction in Parliament yesterday. Is this a revised draft, which incorporates public comments? If yes, can you please place this draft on the UIDAI website? Further, you said (on Aug 3) that the public comments are being collated – please upload the comments as well.

Finally like discussed, the UIDAI project budget is still not online – only the annual budget is.

Thanks,

Ruchi.

Update: Feb 11, 2011

Email on a UID group listserve

Dear friendsI just have some good news from Delhi.There was a standing committee meeting in the morning, which was
attended by Nandan Nilekani and Pronab Sen from the PC. After an
initial intro, there was a flurry of questions from Moinul Hassan of
the CPI (M). He was quite provocative and it appears Nandan and Pronab
did not have answers for most of the questions. With Moinul Hassan
leading, the BJP members also joined in with many critical questions
and ultimately Nandan had to leave saying that he would come back
better prepared.

The main points raised were this:

1) Why do you want a Bill for this? Why cant you function under the PC
as a department?

2) Why do you want to come to us after starting the work? Are we to
stamp it uncritically?

3) How can you make this UID number compulsory for social schemes? If
we have universal rights over entitlements, how can we deny a right to
someone, just because he/she does not have a UID number?

I heard that for the 3rd question, even Pronab Sen agreed with the members.

In sum the social sector part came in for huge criticism. “Why are you
linking this number with all socail sector schemes?” was a constant
question.

So, much work ahead. We are not to get complacent with this.

Ram

Update: March 20, 2011

There have been recent reports of hard questions asked by the Standing

Committee on Finance to Nandan Nilekani on the NIA Bill – however the same

committee is already advocating UID linked cash transfers, so how serious

can those questions be – esp the one questioning the compulsory linking of

social sector schemes with UID?

“The Committee would like to emphasise that direct cash transfers to bank
accounts of beneficiaries will also facilitate the process of ‘financial
inclusion’ being attempted by the banking sector. Such a scheme may also be
integrated with the Aadhar project of the Unique Identification programme to
be implemented on a national scale, which will go a long way in plugging the
rampant leakages in the dissemination of benefits to the poor,” said the
Committee.

http://www.indianexpress.com/news/Don-t-bring-food–law-without-proper-BPL-survey–Panel/764667/

June 11, 2011

Draft Right to Privacy Bill 2011