LAW RESOURCE INDIA

UNIQUE IDENTIFICATION PROJECT

Posted in UID IDENTITY by NNLRJ INDIA on January 22, 2010

The UIDAI – evolving an approach to identity The Government of India undertook an effort to provide a clear identity to residents first in 1993, with the issue of photo identity cards by the Election Commission. Subsequently in 2003, the Indian Government approved the Multipurpose National Identity Card (MNIC). The Unique Identification Authority of India (UIDAI) was established in February 2009, attached to the Planning Commission. The purpose of the UIDAI is to issue a unique identification number (UID) to all Indian residents that is (a) robust enough to eliminate duplicate and fake identities, and (b) can be verified and authenticated in an easy, costeffective way. The UIDAI’s approach will keep in mind the learnings from the government’s previous efforts at issuing identity.

The UIDAI will be created as a statutory body under a separate legislation to fulfill its objectives. The law will also stipulate rules, regulations, processes and protocols to be followed by different agencies partnering with the Authority in issuing and verifying unique identity numbers.

Features of the UIDAI model

The UID number will only provide identity: The UIDAI’s purview will be limited to the issue of unique identification numbers linked to a person’s demographic and biometric information. The UID number will only guarantee identity, not rights, benefits or entitlements.

The UID will prove identity, not citizenship: All residents in the country can be issued a unique ID. The UID is proof of identity and does not confer citizenship.

A pro-poor approach: The UIDAI envisions full enrolment of residents, with a focus on enrolling India’s poor and underprivileged communities. The Registrars that the Authority plans to partner with in its first phase – the NREGA, RSBY, and PDS – will help bring large numbers of the poor and underprivileged into the UID system. The UID method of authentication will also improve service delivery for the poor.

Enrolment of residents with proper verification: Existing identity databases in India are fraught with problems of fraud and duplicate/ghost beneficiaries. To prevent this from seeping into the UIDAI database, the Authority plans to enrol residents into its database with proper verification of their demographic and biometric information. This will ensure that the data collected is clean from the start of the program. However, much of the poor and underserved population lack identity documents, and the UID may be the first form of identification they have access to. The Authority will ensure that the Know Your Resident (KYR) standards don’t become a barrier for enrolling the poor, and will devise suitable procedures to ensure their inclusion without compromising the integrity of the data.

A partnership model: The UIDAI approach leverages the existing infrastructure of government and private agencies across India. The UIDAI will be the regulatory authority managing a Central ID Data Repository (CIDR), which will issue UID numbers, update resident information, and authenticate the identity of residents as required. In addition, the Authority will partner with agencies such as central and state departments and private sector agencies who will be ‘Registrars’ for the UIDAI. Registrars will process UID applications, and connect to the CIDR to de-duplicate resident information and receive UID numbers. These Registrars can either be enrollers, or will appoint agencies as enrollers, who will interface with people seeking UID numbers. The Authority will also partner with service providers for authentication.

The UIDAI will emphasize a flexible model for Registrars: The Registrars will retain significant flexibility in their processes, including issuing cards, pricing, expanding KYR (Know Your Resident) verification, collecting demographic data on residents for their specific requirements, and in authentication. The UIDAI will provide standards to enable Registrars maintain uniformity in collecting certain demographic and biometric information, and in basic KYR. These standards will be finalized by the KYR and biometric committees the Authority constitutes.

Enrolment will not be mandated: The UIDAI approach will be a demand-driven one, where the benefits and services that are linked to the UID will ensure demand for the number. This will not however, preclude governments or Registrars from mandating enrolment. The UIDAI will issue a number, not a card: The Authority’s role is limited to issuing the number. This number may be printed on the document/card that is issued by the Registrar.

The number will not contain intelligence: Loading intelligence into identity numbers makes them susceptible to fraud and theft. The UID will be a random number.

The Authority will only collect basic information on the resident:

The UIDAI may seek the following demographic and biometric information in order to issue a UID number:
Name
Date of birth
Gender
Father’s name1
Father’s UID number (optional for adult residents)
Mother’s name
Mother’s UID number (optional for adult residents)
Address (Permanent and Present)
Expiry date
Photograph
Finger prints

Process to ensure no duplicates: Registrars will send the applicant’s data to the CIDR for deduplication. The CIDR will perform a search on key demographic fields and on the biometrics for each new enrolment, to ensure that no duplicates exist.

1 Individuals with both parents deceased can provide a Guardian’s name and UID number. The incentives in the UID system are aligned towards a self-cleaning mechanism. The existing patchwork of multiple databases in India gives individuals the incentive to provide different personal information to different agencies. Since de-duplication in the UID system ensures that residents have only one chance to be in the database, individuals will provide accurate data. This incentive will become especially powerful as benefits and entitlements are linked to the UID.

Online authentication: The Authority will offer a strong form of online authentication, where agencies can compare demographic and biometric information of the resident with the record stored in the central database. The Authority will support Registrars and agencies in adopting the UID authentication process, and will help define the infrastructure and processes they need.

The UIDAI will not share resident data: The Authority envisions a balance between ‘privacy and purpose’ when it comes to the information it collects on residents. The agencies may store the information of residents they enrol if they are authorized to do so, but they will not have access to the information in the UID database. The UIDAI will answer requests to authenticate identity only through a ‘Yes’ or ‘No’ response. The Authority will also enter into contracts with Registrars to ensure the confidentiality of information they collect and store.

Technology will undergird the UIDAI system: Technology systems will have a major role across the UIDAI infrastructure. The UID database will be stored on a central server. Enrolment of the resident will be computerized, and information exchange between Registrars and the CIDR will be over a network. Authentication of the resident will be online. The Authority will also put systems in place for the security and safety of information.

Benefits

For residents: The UID will become the single source of identity verification. Once residents enrol, they can use the number multiple times – they would be spared the hassle of repeatedly providing supporting identity documents each time they wish to access services such as obtaining a bank account, passport, driving license, and so on. By providing a clear proof of identity, the UID will also facilitate entry for poor and underprivileged residents into the formal banking system, and the opportunity to avail
services provided by the government and the private sector. The UID will also give migrants mobility of identity.

For Registrars and enrollers: The UIDAI will only enrol residents after de-duplicating records. This will help Registrars clean out duplicates from their databases, enabling significant efficiencies and cost savings. For Registrars focused on cost, the UIDAI’s verification processes will ensure lower KYR costs. For Registrars focused on social goals, a reliable identification number will enable them to broaden their reach into groups that till now, have been difficult to authenticate. The strong authentication that the UID number offers will improve services, leading to better resident satisfaction.

For Governments: Eliminating duplication under various schemes is expected to save the government exchequer upwards of Rs. 20,000 crores a year. It will also provide governments with accurate data on residents, enable direct benefit programs, and allow government departments to coordinate investments and share information.

READ THE DETAILS OF UID PROJECT

Creating a unique identity for every resident in India

FREQUENTLY ASKED QUESTIONS

What is the Unique Identification Authority of India (UIDAI) and where does it get its authority from?

The Unique Identification Authority of India (UIDAI) was constituted as an attached office under the Planning Commission, to develop and implement the necessary legal, technical and institutional infrastructure to issue unique identity to residents of India.  On June 25th 2009, the Cabinet approved the creation of the position of the Chairperson of the UIDAI, and appointed Mr. Nandan Nilekani as the first Chairperson with the rank of the Cabinet Minister.On August 3rd 2009, the Prime Minister constituted a Council under his chairmanship to advise the UIDAI and ensure coordination between the Ministries, Departments, stakeholders and partners. The Council will advise the UIDAI on the program, methodology and implementation to ensure this coordination. The Council will also identify specific milestones for the early completion of the project.

What is the problem the UIDAI seeks to address?

One of the key challenges that people in India face is the difficulty of establishing identity. People have multiple identity documents, with each serving a different purpose. There are often separate sets of requirements to be fulfilled in order to get these documents. The singular problem that the UIDAI will seek to solve is that of “identity”. Once a person has a UID number, their basic identity linked to their biometrics is established and can be used to uniquely identify the individual.

What will the UIDAI do?

  • Issue a unique identity number to a resident.
  • Authenticate the identity of a person who is in the UID database

CREATION OF THE UID DATABASE

What will the institutional framework created by the UIDAI be?

The UIDAI will establish an institutional microstructure to facilitate issuance of UID. This will include a Central Identity Data Repository, which will manage the central system and a network of Registrars, which will establish resident touch points through Enrolling Agencies.The Registrars would include both Government and Private Sector Agencies which already have the infrastructure in place to interface with the public to provide specified services for e.g. Insurance companies, LPG marketing companies,  RSBY, NREGA etc. The UIDAI also expects that the creation of the national population register process will provide data on residents which will add to the UIDAI database and this will also enable the Authority access “hard to reach” and marginalized groups. The UIDAI will also engage with Outreach Groups which will essentially be civil society groups working on social issues to target women, children, the homeless, urban poor, tribals, the differently-abled population of the country.

What will be the nature of relationship between UIDAI and the players in the eco system?

CIDR and UIDAI – The CIDR is essentially a service provider to the UIDAI and will provide services which include the processing of enrolment and authentication requests as prescribed, and following pre-defined service standards. The CIDR will also develop the operating procedure for interface between the CIDR and Registrars. The CIDR will also establish and maintain a grievance redressal system to address grievances about the failure of service of any of the service providers.

  • Registrar and UIDAI – This is a partnership where the Registrar and UIDAI will work together to enrol people into the UID database as per the regulations and specifications laid down by the Authority for relevant fields and operating procedures. The Registrar delivers services to the people and has a keen business and social interest in ensuring the authentic identity of the people availing their services.
  • Registrar and Enrolling Agencies – The Enrolling Agencies are the agents of the Registrar and the touch points on the ground to enrol people into the UID database. The Enrolling Agency will directly interact with and enrol residents into the CIDR and will be monitored by the Registrars.

Why is the UIDAI following the partnership model? Would it not be better to go door to door and register people, or use the already available database of the Election Commission, PAN, PDS etc?

The UIDAI recognizes that the only way to uniquely establish identity of a resident is through the biometric attributes of each individual. The Authority will use registrars who may have basic demographic information of the resident, and confirm the relevant fields and seek biometric information for each resident while enrolling the resident for the UID. Upon collecting and de-duplicating the biometric information, a unique ID database can be created.
There is no established database in the country that can serve the purpose of a Unique ID. The available databases act as a starting point to get a register of residents in place, but cannot do anything towards identity. Further, they exist in manual and varied electronic forms that do not allow for comparison or creation of an authentic database. The UIDAI is primarily using the partnership model to leverage the existing infrastructure of registrars, instead of creating something new and expensive – some registrars may use the door to door methodology and others may use other means.

Why should service providers such as banks and government agencies want to be Registrars? What are the benefits for Registrars?

The UIDAI will only enrol residents after de-duplicating records. This will help registrars clean out duplicates from their databases, enabling significant efficiencies and cost savings. For registrars and enrollers focused on cost, the UIDAI’s verification processes will ensure lower KYR costs. For registrars focused on social goals, a reliable identification number will enable them to broaden their reach into groups that till now, have been difficult to authenticate.

RESIDENT AND UNIQUE IDENTITY

Who can get a UID number?

Any person who is a temporary or ordinary resident of India can get a UID number.

Who is a resident? Will this include illegal migrants and also visitors (with visas) to India?

It will include all residents who are in India and who may want to avail services. The decision on the legal status of immigrants is the role of other Government Departments.

Will getting a UID be compulsory?

No, it will not be compulsory to get a UID, it is voluntary. However in time, certain service providers may require a person to have a UID to deliver services.

What are the benefits for the resident? Why should a person get on the UID database and get a UID number?

Once a person is on the UID database the person will be able to establish identity easily. The UID will become the single source of identity verification. Residents would be spared the hassle of repeatedly providing supporting identity documents each time they wish to access services such as obtaining a bank account, passport, driving license, and so on.By providing a clear proof of identity, the UID will also facilitate entry for poor and underprivileged residents into the formal banking system, and the opportunity to avail services provided by the government and the private sector.  The UID will also give migrants mobility of identity.

INCLUSION

How will the UIDAI ensure that the poor and marginalized are covered and that there is no identity divide created as a result of this process?

The UIDAI recognizes that inability to prove identity is one of the biggest barriers preventing the poor from accessing benefits and subsidies. The Authority is committed to inclusion and ensuring that woman, children, differently-abled persons, the poor and marginalized are able to secure a unique id. To this end the UIDAI will have an extensive registrar network which will include agencies of the government that implement schemes such as National Rural Employment Guarantee Scheme and Rashtriya Swastya Bhima Yojana. In addition, the UIDAI will be working with outreach groups to access hard to reach communities like tribals, the differently-abled and people in remote areas of the country.

PROCEDURE OF SECURING A UID NUMBER

What is the process that will be followed to issue a UID number?

  • A resident will have to go to an enrolling agency, fill up an application form and provide the supporting documentation including photo and finger print.
  • The enrolling agency will collect this information and send the data, either singly or in batches, to the registrar who will pass this on to the UID database.
  • The system will engage in a de-duplication exercise.
  • If the individual is not already in the database, a UID number will be issued and sent to the person at their residence. The UID number will also be sent to the Registrar for use in their service database.
  • If the individual is already in the database the registration will be rejected and the person will be informed of the same.
  • The registrar will scan the supporting documentation and send it to the UIDAI and keep the physical copies with themselves.

What is the verification process that will be followed by the enrolling agency before processing the documents for a UID number?

A Know Your Resident Committee is being formed to establish what would be acceptable forms of supporting documentation. The recommendations should be made within 6 months of being set up and these standards would be used for verification.

Will there be a card issued? How will the resident know what their number is?

No card will be issued by the UIDAI, but the resident will receive a letter from the UID authority giving the person the UID number and the information of the person that was collected. If there are any inaccuracies in the information, the person can correct them. There will be a tear away portion in the letter that can act as a card for referencing the number. The registrar may issue a card for their purpose in which they may include the UID number.

Why no card?

The UIDAI is focused on the identity of the person and not the identity document.  The best match is the individual’s biometric and a card cannot be a substitute. The UID can only establish unique identity if authentication is done against the central database. Further, cards can be forged, stolen, faked and identity process diluted. While the UID authority only guarantees online authentication, the service providers are free to issue cards to people if it serves their purpose.

INFORMATION FROM RESIDENT AND ACCESS TO DATABASE AND SECURITY

What is the information that the UIDAI will seek from the resident?

  • NameDate of birthGenderFather’s nameFather’s UID number (optional for adult residents)Mother’s nameMother’s UID number (optional for adult residentsAddress (Permanent and Present)Expiry datePhotograph
  • Finger print

How will the information in the database be used? What does authentication mean and how will it work on a daily basis?

The information in the database will be used only for authentication purposes. If anyone seeks to authenticate the identity of another person using the UID database, they will only receive a response in the affirmative or the negative. The UID database will not transmit information or share data with anyone.

Will the resident be allowed to access their own information and make corrections if necessary?

A procedure will be established through which a resident will be able to view their complete information on the UID database and a procedure for correcting information will be laid down.

Who will have access to the UID database? How will the security of the database be ensured?

The UID database will be guarded both physically and electronically by a few select individuals with high clearance. It will not be available even for many members of the UID staff and will be secured with the best encryption, and in a highly secure data vault. All access details will be properly logged.

AUTHENTICATION

How will the authentication process work?

The only 100% accurate authentication service that the UIDAI can provide is online authentication. In this, the biometric of the person will be matched online with the biometric in the system – a one is to one match will be run. There are other types of authentication which the registrar can choose for their use and which the UIDAI does not guarantee.  Such authentication will be offline – the finger print is stored on a card issued by the Registrar for delivery of their services and can be authenticated against a finger scan. In addition a basic photo authentication can also be done, similar to what is now done in the airports.

What happens if the authenticating agency denies that a person has been authenticated in order to wrongfully deny services?

The person can contact the UIDAI/CIDR and prove that she has been positively authenticated and a grievance lodged with the concerned Registrar or service provider.

PROTECTION FROM EXPANDING DATA FIELDS

How will the UIDAI protect against functional creep?

The full board of the UIDAI may add additional data fields related to identity, and the law will contain a prescription against collecting any other information besides the information permitted, with specific prohibitions against collection of information regarding religion, race, ethnicity, case and other similar matters and the facilitation of analysis of the data for anyone or to engage in profiling or any similar activity.

CHILDREN

How will children be captured in the database?

The biometric of young children are not stable. However, it is crucial to capture children in the database. Children’s fingerprint and photograph will be taken and updated in the UID database every 5 years until the age of 18 (the exact details will be specified by the biometric committee). This will be enforced by an expiry-date attached to the UID number, which will become invalid after the expiry date. Until the time the biometric of the child stabilizes, any one of the parents/guardian will need to provide their biometric information for authentication.

DIFFERENTLY-ABLED

How will the biometric of the Differently-abled and people with no finger prints or rugged hands e.g. beedi workers or people with no fingers be captured?

The policy will take into consideration these exceptions and the biometric standards prescribed will ensure that these groups are not excluded. In the case of people without hands/ fingers only photo will be used for identity determination and there will be markers to determine uniqueness.

LANGUAGE

In what language will the database be maintained? In what language will authentication services be provided? In what language will communication between UIDAI and the resident take place?

The database will be maintained in English. The communication between resident and UIDAI will be in English and the local language. Authentication services will be provided in English.

CORRECTION OF INFORMATION ON THE UID DATABASE

What happens when wrong information is entered into the UID database?

A procedure for correction of data will be laid down and wrong information can be corrected at specified enrolling agencies.

PRIVACY AND FRAUD

What are the privacy protections in place to protect the right to privacy of the resident?

The information being sought from the person is basic information which is currently available with several government and private agencies. The information that is unique to UIDAI is the biometric information. In order to protect the right to privacy of the individual the information on the database will not be shared with anyone; all queries will get a ‘Yes’ or ‘No’ response. The UIDAI will also put in place regulations and protocols which have to be followed by the Central Identification Data Repository, Registrar and Enrolling agencies to protect the right to privacy.

What are the kinds of fraud that can occur in the UID system?

Two different kinds of fraud can occur in the UID system, Document fraud and Identity fraud. This distinction is important in the context of UIDAI. The UID is focused on identity fraud where a person intentionally impersonates another, dead or alive, and doesn’t necessarily require the use of an identity document.  Document fraud, however – the use of counterfeited documents or those with misleading information – is the responsibility of the registrar issuing the relevant document like passport, PAN card etc.

What happens in case of identity fraud or the system not working properly? • “X” registers in the name of “Y” with Y’s demographic details. “Y” could be living or dead?

“X” will have to live with the identity of “Y” for the rest of his life because if he tries to get one more UID it will be rejected.  If “Y” comes to register, the system will be able to pick up that there are similarities between “X” and “Y” and an investigation will be launched and Ys identity will be enrolled after the amending X.  If “Y” is a dead person it would be more difficult to detect. In either case it will be an offence to take on the identity of another person and there may be legal action against this offence.

X” appears to get one more UID number and presents different information?

De – duplication process returns the application, person will be sent a response with reasons for rejection.

Person appears as himself hoping for a second UID number.

De – duplication process returns the application, person will be sent a response with reasons for rejection and be informed about the existing UID existing number and warning against misuse. If all the details given are the same, the person can be sent one more letter informing the person about their UID no.

Person appears to get second card in another person’s name.

De – duplication process returns the application, person will be sent a response with reasons for rejection and warning against misuse.

De-duplication works incorrectly and throws up a false positive on the biometric

There will be a process defined for resolving such false rejection and the person concerned could also access the grievance redressal mechanism.

GRIEVANCE REDRESSAL MECHANISM

Will there be a grievance redressal mechanism?

For Further Details Visit :http://uidai.gov.in/

Tagged with:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: