PRS LEGISLATIVE RESEARCH
The central government plans to issue a unique identification number (called Aadhaar) to every resident of India. The number shall be linked to a resident’s demographic and biometric information. A resident can use his Aadhaar number to identify himself anywhere in the country in order to access certain benefits and services. The Bill seeks to establish the National Identification Authority and lay down the properties of Aadhaar, process of issuing the Aadhaar and safeguards for protection of privacy of Aadhaar number holders.
Highlights of the Bill
- The Bill seeks to establish the National Identification Authority of India (NIAI) to issue unique identification numbers (called ‘Aadhaar’) to residents of India.
- Every person residing in India is entitled to obtain an Aadhaar number after furnishing relevant demographic and biometric information. No information related to race, religion, caste, language, income or health shall be collected.
- The information collected shall be stored in the Central Identities Data Repository. This shall be used to provide authentication services.
- Sharing of data is prohibited except by the consent of the resident; by a court order; or for national security, if directed by an authorised official of the rank of Joint Secretary or above.
- The Bill also establishes an Identity Review Committee which shall monitor the usage patterns of Aadhaar numbers.
Key Issues and Analysis
- The Bill does not make it mandatory for an individual to enroll with the NIAI. However, it does not prevent any service provider from prescribing Aadhaar as a mandatory requirement for availing services.
- The information collected by NIAI may be shared with agencies engaged in delivery of public benefits and services with prior written consent of the Aadhaar holder. The safeguards provided for preventing misuse of this information may be inadequate.
- The Bill requires the NIAI to disclose identity information in the interest of national security, if so directed by an authorised officer. The safeguards for protection of privacy differ from the Supreme Court guidelines on telephone tapping.
- The Bill states that no court shall take cognizance of any offence, except on a complaint made by the NIAI. This could result in a conflict of interest situation if the offence is committed by a member of the NIAI.
- Details of demographic and biometric information to be recorded have been left to regulations. This empowers the NIAI to collect additional information without prior approval from Parliament.
PART A: HIGHLIGHTS OF THE BILL
At present, the central and the state governments in India issue different identity documents for specific purposes. These documents may be issued to individuals (passport, Election Card, PAN Card, driving license), or to households (ration card, Rashtriya Swasthya Bima Yojana card).1
In April 2000, a Group of Ministers was set up to review the national security system and to consider the recommendations of the Kargil Review Committee. The report on “Reforming the National Security System”, submitted in 2001, recommended that a multi-purpose National Identity Card (MNIC) should be issued, starting from the border districts.2 The purpose was to prepare a National Register of Indian Citizens.3 In 2003, the Citizenship Act, 1955 was amended to allow the central government to compulsorily register every citizen and issue them with identity cards.4 In March 2006, another project called the “Unique ID for the Below Poverty Line families” was approved by the Department of Information Technology. It was decided to merge the two schemes for which an Empowered Group of Ministers (chaired by Shri Pranab Mukherjee) was set up in December 2006.5
In November 2008, the EGoM approved certain decisions: (i) initially the Unique Identification Authority of India (UIDAI) would be notified as an executive authority (statutory authority to be constituted later); (ii) an initial database would be created from electoral rolls; (iii) UIDAI would take its own decision on how to build the database; and (iv) it would be anchored in the Planning Commission for five years.6 The UIDAI was notified by the Planning Commission on January 28, 2009 and Shri Nandan Nilekani was appointed as the Chairman.5
The Bill seeks to establish the National Identification Authority (earlier UIDAI) as a statutory authority and to specify its functions. It also entitles every resident of India to obtain a unique identification number.
- The National Identification Authority of India (NIAI) will issue unique identification numbers (called ‘Aadhaar’ numbers) to residents of India and any other category of people that may be specified. The NIAI shall have a chairperson and two part-time members.
- Every resident of India (regardless of citizenship) shall be entitled to obtain an Aadhaar number after furnishing demographic and biometric information. Demographic information shall include items such as name, age, gender and address. Biometric information shall include some biological attributes of the individual. Collection of information pertaining to race, religion, caste, language, income or health is specifically prohibited.
- The Aadhaar number shall be issued after the information provided by the person is verified. It shall serve as proof of identity, subject to authentication. However, it should not be construed as proof of citizenship or domicile. The Aadhaar number holder may be required to update his biometric and demographic information.
- The Aadhaar number shall be a random number and shall not bear any information of the individual. An Aadhaar number issued to an individual shall not be re-assigned to any other person.
Process of Issuing and Authenticating Aadhaar Numbers
- There are three main steps in the process. First, information for each person shall be collected and verified after which an Aadhaar number shall be allotted. Second, the collected information shall be stored in a database called the Central Identities Data Repository. Finally, this repository shall be used to provide authentication services.
- The NIAI shall appoint registrars and enrolling agencies to collect demographic and biometric information for the purpose of issuing Aadhaar numbers. Special measures shall be taken to issue Aadhaar numbers to certain groups such as women, children, migrant workers and others without a permanent address.
- Service providers (such as banks, fair price shops etc.) may ask a customer to provide his Aadhaar number and biometrics as proof of identity. The service provider shall submit this information to NIAI through an electronic channel for online authentication. The NIAI, after verifying the correctness of the information provided, shall respond to the query with a positive or negative response but shall not divulge any demographic or biometric information.
- The NIAI shall establish a grievance redressal mechanism to redress grievances of residents, registrars, enrolling agencies and service providers.
Disclosure of information
- The NIAI shall be responsible for the security and confidentiality of information. It is required to take measures to protect information against loss or unauthorised access.
- The NIAI or any agency which maintains the Central Identities Data Repository is forbidden from revealing any information stored in the repository.
- There are four exceptions to this rule. First, an Aadhaar number holder may request the NIAI to provide access to his own identity information. He may also ask for information on authentication requests of his Aadhaar number. Second, the NIAI may share information of Aadhaar number holders, based on their written consent, with agencies engaged in delivery of public benefits and services. Third, the NIAI may reveal information in response to a court order. Finally, information may be revealed in the interest of national security, if directed by an authorised official of the rank of Joint Secretary or above in the central government.
Identity Review Committee
- The central government may constitute an Identity Review Committee to analyse the extent and pattern of usage of Aadhaar numbers across the country. The Committee shall prepare a report annually and submit its recommendations to the central government. The report shall be laid before Parliament.
- The Committee shall consist of a Chairperson and two members who shall be appointed on the advice of the Prime Minister, a Union Cabinet Minister and the Leader of Opposition in the Lok Sabha.
Offences and Penalties
- The Bill lists several offences such as unauthorised collection of information, impersonation, manipulation of biometric information, and unauthorised access or damage to the Data Repository. Penalties vary from three years imprisonment and a fine of Rs 10,000 (for impersonation) to a fine of Rs 1 crore (for unauthorised access to the Data Repository). Penalties have also been prescribed for offences committed outside India.
- The Bill states that no court shall take cognizance of any offence except on a complaint made by the NIAI.
PART B: KEY ISSUES AND ANALYSIS
The Bill aims to issue unique identification numbers to residents of India and to provide for a reliable method of identifying individuals. The UIDAI Strategy Overview7 states that identification will facilitate access to benefits and services, especially for vulnerable groups such as homeless persons, migrant labour etc. Issuance of biometric based identities is expected to reduce problems of identity frauds and ghost beneficiaries.
However, any database that stores personal information carries the risk of its misuse by various agencies (both public and private), which may affect an individual’s privacy. The UK National Identity Card scheme was scrapped in 2011. Some of the main reasons cited for scrapping the scheme were the cost of implementing the scheme and the infringement of civil liberties.8 The Real ID Act passed by the US in 2005 has also been opposed by many states on grounds of privacy and threat to data security.9
We discuss below the safeguards that are built into this Bill to protect Aadhaar holders against invasion of their privacy.
Enrolment – Voluntary or Mandatory
The Bill does not make it mandatory for an individual to obtain an Aadhaar number. However, it does not prevent any service provider from prescribing Aadhaar as a mandatory requirement for availing services. This differs from the US where government agencies cannot deny benefits to individuals who do not possess or refuse to disclose their Social Security Number, unless specifically required by law.10
However, it must be noted that the success of Aadhaar in weeding out ‘ghost’ beneficiaries (in programmes such as the public distribution system) depends on mandatory enrollment. If enrollment is not mandatory, both authentication systems (identity card based and Aadhaar based) must coexist. In such a scenario, ‘ghost’ beneficiaries and people with multiple cards will choose to opt out of the Aadhaar system.
Safeguards for maintaining confidentiality and privacy of information
Information collected may be misused if safeguards to maintain privacy are inadequate. Though the Supreme Court has included privacy as part of the Right to Life,11 India does not have a specific law governing issues related to privacy. The government has formed a committee to draft a suitable law.12
We examine whether the Bill has sufficient safeguards if information is (a) shared with agencies engaged in delivery of public benefits and services; (b) disclosed to intelligence or law enforcement agencies; and (c) used to identify behaviour patterns through data mining.
Sharing information with agencies engaged in delivery of public benefits and services
The Bill allows NIAI to share the information of an Aadhaar number holder, based on his written consent, with agencies engaged in the delivery of public benefits and public services. However, it does not specify whether consent should be taken only once or at each instance a person avails of a new service. A one-time consent may be prone to misuse and this may affect an individual’s privacy.
Disclosure of information to intelligence or law enforcement agencies
The Bill requires the NIAI to disclose information (including identity information of individuals) in the interest of national security. This will be on the direction of an authorised officer of the rank of Joint Secretary or above in the central government.
In 1996, the Supreme Court held that the state may tap telephones “only at the occurrence of any public emergency or in the interest of public safety” if (a) it is authorised by the Home Secretary of the central or state government; and (b) it is for a maximum period of six months. Each order of telephone tapping must also be investigated by a separate Review Committee within a period of two months from the date of issuance.13
The safeguards for protection of privacy in this Bill differ from those set out for phone tapping. First, the Bill permits sharing in the interest of ‘national security’ rather than for public emergency or public safety. Second, the order can be issued by an officer of the rank of Joint Secretary. Third, there is no limit for the time period for which the authentication data may be collected. Fourth, there is no mechanism for review.
Potential to profile individuals
The Bill does not specifically prohibit intelligence agencies from using the UID as a link (key) while running computer programmes across various datasets (such as telephone records, air travel records etc.) in order to recognise patterns of behaviour. Such techniques for pattern recognition can be used for various purposes such as detecting potential illegal activities.14 However, these can also lead to harassment of innocent individuals who get identified incorrectly as potential threats.15 As a safeguard against misuse, the US had introduced (but not passed) a legislation that required each agency that was engaged in data mining to submit an annual report to Congress on all such activities.16
Compensation for loss or unauthorised disclosure of information
Clauses 30, 37, 38, 39, 40
The Bill requires all persons with access to Aadhaar related information to keep it secure and confidential. It prescribes penalties for unauthorised access or intentional disclosure of information. However, it does not penalise any negligence that leads to loss of information. Also, it does not have a specific provision to compensate an individual in case his personal information is misused. This differs from the Information Technology Act, 2000, which states that a company handling ‘sensitive personal data’ is liable to pay compensation upto Rs 5 crore if it is ‘negligent in implementing and maintaining reasonable security practices and procedures’ with respect to such data.
Conflict of interest
The Bill states that no court shall take cognizance of any offence punishable under the Act, except on a complaint made by the NIAI. Such a provision is usually included to ensure that the regulatory body vets all complaints before a criminal charge is filed.
However, unlike regulators such as the Securities and Exchange Board of India or the Reserve Bank of India, the NIAI also has a role in implementation and its members and employees have duties related to data security. This could result in a conflict of interest situation if the offence is committed by an employee of the NIAI.
Discretionary powers under delegated legislation
Regulation of demographic and biometric information to be recorded
Clause 2(e), (h)
Demographic information: The Bill empowers the NIAI to specify demographic information that may be recorded. The only restriction imposed on NIAI is that it shall not record information pertaining to race, religion, caste, language, income or health of the individual. Keeping this definition in the Regulations provides the NIAI with the power to collect additional personal information, without prior approval from Parliament.
It may be noted that the enrolment form currently being used contains fields for capturing information such as the National Population Register (NPR) receipt number, mobile number, bank account number, etc.17 Though these fields are labelled ‘optional’, it is unclear why this additional information is being recorded.
Biometric information: The definition of biometric information will be specified in the Regulations. Currently, the UIDAI is capturing 10 fingerprints, iris scan and photograph as biometric information of each resident.18 However, the Bill does not prevent it from collecting other biometric information such as DNA.
Storage of authentication information
The NIAI is required to maintain details of every request for authentication and the response provided. The Bill does not specify the maximum duration for which authentication data may be stored by the NIAI. This has been left to Regulations. Authentication data provides insights into usage patterns of an Aadhaar number holder. Data that has been recorded over a long duration of time may be misused for activities such as profiling an individual’s behaviour.
Different dates for notification of different clauses
Some clauses of the Bill provide the NIAI with the power to collect and maintain data. Some other clauses provide safeguards against misuse. The Bill contains a blanket provision that allows the central government to notify different clauses on different dates. There is no requirement that the safeguard clauses should come into force by the time the provisions enabling collection of data are notified.
Appendix 1: Possible Applications of UID
We list below some possible applications of the Aadhaar number in facilitating access to benefits and services.
Table 1: Potential benefits of UID
|Proof of Identity||The Aadhaar number would provide proof of identity to every resident including migrants, homeless people, etc. The number is unique to each individual and a person’s biometric information is linked to it. This could facilitate access to various services, which need identity proof.||Presently, various identity cards such as PAN card, voter’s identity card, ration card etc are accepted as proof of identity. About 82% of the adult population have the election card, 74% of the population have ration cards and 38% of the population have Rashtriya Swasthya Bima Yojana card.|
|Public Distribution System||The Aadhaar number can eliminate duplicate cards and cards for non-existent persons (estimated to be about 17% of all cards). It could also reduce diversion at Fair Price Shops by ensuring that goods are distributed to the beneficiaries only after their biometrics are verified.||UID cannot address errors in targeting of Below Poverty Line (BPL) families. Some estimates suggest that about 61% of the eligible population is excluded from the BPL lists while 25% of the non-poor household are included in the BPL list.|
|Financial Inclusion||RBI has declared Aadhaar to be sufficient proof of identity to open a bank account. It could also facilitate authentication with Business Correspondents in remote areas.||Currently, 41% of the adult population do not have bank accounts.|
|National Rural Employment Guarantee Act, 2005||It would be possible to identify duplicate and fake beneficiaries of NREGA.||UID cannot address other problems of NREGA such as incorrect measurement of work, payment delays etc.|
|Sources: “Envisioning a role for Aadhaar in the Public Distribution System,” Working Paper, UIDAI, 2010; Performance Evaluation of Targeted Public Distribution System, Planning Commission, March 2005; “Management of Food Grains,” 73rd Report of the Public Accounts Committee, 2007-08, “Report of the Expert Group to Advise the Ministry of Rural Development on the Methodology for Conducting the Below Poverty Line Census for the 11th Five Year Plan,” Chairperson: Shri N.C. Saxena, August 2009; Discussion Paper on Aadhaar based Financial Inclusion, Report of the Working Group to Review the Business Correspondent Model, RBI, August 2009, Know Your Customer Guidelines, RBI, 2004; UID and NREGA, Working Paper; Lok Sabha Unstarred Question No. 2357, Dec 3, 2009; Lok Sabha Unstarred Question no. 4135 Answered on Dec 15, 2009; Public Distribution System and Other Sources of Household Consumption, 2004-05, NSSO Report (see http://mospi.nic.in/press_note_510-Final.htm), Lok Sabha Unstarred Question no. 2838 Answered on March 14, 2011.|
. Report of the Committee on Financial Sector Reforms, Planning Commission, Govt of India, 2009
. “Group of Ministers’ Report on Reforming the National Security System,” Press Information Bureau, May 23, 2001
. “Parliamentary Consultative Committee of MHA discusses Multi-purpose National Identity Card Project,” Press Information Bureau, Aug 21, 2003
. Section 12 of The Citizenship (Amendment) Act, 2003
. Unique Identification Authority of India, Planning Commission, Govt of India (see http://uidai.gov.in)
. “Government approves issue of unique identity (UID) number to all residents,” PIB, Nov, 10, 2008
. “UIDAI Strategy Overview”, UIDAI, Planning Commission, Govt of India, April 2010
. Identity Documents Act, 2010 cancelled the ID card; “Identity cards scheme will be axed ‘within 100 days,’ BBC News, May 27, 2010; House of Commons debate on Identity Documents Bill on 9th July, 2010 (see http://www.publications.parliament.uk/pa/cm201011/cmhansrd/cm100609/debtext/100609-0006.htm).
. Real ID Act, 2005 (see http://thomas.loc.gov/cgi-bin/bdquery/z?d109:H.R.418:).
. Section 7 of the Privacy Act, 1974 (see http://www.justice.gov/opcl/1974ssnu.htm).
. See, for example, Kharak Singh vs State of UP, 1 SCR 332 (1964) and R. Rajagopal v. State of T.N (1994) 6 SCC 632.
. “Approach Paper for a Legislation on Privacy,” Oct 18, 2010, Ministry of Personnel, Public Grievances and Pensions, Govt of India.
. Writ Petition (C) No. 256 of 1991, People’s Union of Civil Liberties (PUCL) Vs. Union of India (UOI)
. “Data Mining: Federal Efforts Cover a Wide Range of Uses,” US General Accounting Office, May 2004.
. Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms
while countering terrorism, Martin Scheinin, UN Human Rights Council, Dec 28, 2009.
. US Federal Agency Data Mining Reporting Act of 2007 (Introduced on Jan 10, 2007) (see http://thomas.loc.gov/cgi-bin/bdquery/z?d110:SN00236:@@@L&summ2=m&).
. Enrolment Form of UID (see http://uidai.gov.in/images/FrontPageUpdates/ROB/D9%20Enrolment%20Form.JPG).
. Biometrics Design Standards for UID Applications, UIDAI Committee on Biometrics, December 2009.
Kaushiki Sanyal and Rohit Kumar June 02, 2011
Bill Text (233.11 KB)
Legislative Brief (160.07 KB)
PRS Bill Summary (129.92 KB)
UIDAI Strategy Overview (3.72 MB)
Approach Paper for a Legislation on Privacy (96.86 KB)
Role for Aadhaar in PDS (738.52 KB)
The UIDAI – evolving an approach to identity The Government of India undertook an effort to provide a clear identity to residents first in 1993, with the issue of photo identity cards by the Election Commission. Subsequently in 2003, the Indian Government approved the Multipurpose National Identity Card (MNIC). The Unique Identification Authority of India (UIDAI) was established in February 2009, attached to the Planning Commission. The purpose of the UIDAI is to issue a unique identification number (UID) to all Indian residents that is (a) robust enough to eliminate duplicate and fake identities, and (b) can be verified and authenticated in an easy, costeffective way. The UIDAI’s approach will keep in mind the learnings from the government’s previous efforts at issuing identity.
The UIDAI will be created as a statutory body under a separate legislation to fulfill its objectives. The law will also stipulate rules, regulations, processes and protocols to be followed by different agencies partnering with the Authority in issuing and verifying unique identity numbers.
Features of the UIDAI model
The UID number will only provide identity: The UIDAI’s purview will be limited to the issue of unique identification numbers linked to a person’s demographic and biometric information. The UID number will only guarantee identity, not rights, benefits or entitlements.
The UID will prove identity, not citizenship: All residents in the country can be issued a unique ID. The UID is proof of identity and does not confer citizenship.
A pro-poor approach: The UIDAI envisions full enrolment of residents, with a focus on enrolling India’s poor and underprivileged communities. The Registrars that the Authority plans to partner with in its first phase – the NREGA, RSBY, and PDS – will help bring large numbers of the poor and underprivileged into the UID system. The UID method of authentication will also improve service delivery for the poor.
Enrolment of residents with proper verification: Existing identity databases in India are fraught with problems of fraud and duplicate/ghost beneficiaries. To prevent this from seeping into the UIDAI database, the Authority plans to enrol residents into its database with proper verification of their demographic and biometric information. This will ensure that the data collected is clean from the start of the program. However, much of the poor and underserved population lack identity documents, and the UID may be the first form of identification they have access to. The Authority will ensure that the Know Your Resident (KYR) standards don’t become a barrier for enrolling the poor, and will devise suitable procedures to ensure their inclusion without compromising the integrity of the data.
A partnership model: The UIDAI approach leverages the existing infrastructure of government and private agencies across India. The UIDAI will be the regulatory authority managing a Central ID Data Repository (CIDR), which will issue UID numbers, update resident information, and authenticate the identity of residents as required. In addition, the Authority will partner with agencies such as central and state departments and private sector agencies who will be ‘Registrars’ for the UIDAI. Registrars will process UID applications, and connect to the CIDR to de-duplicate resident information and receive UID numbers. These Registrars can either be enrollers, or will appoint agencies as enrollers, who will interface with people seeking UID numbers. The Authority will also partner with service providers for authentication.
The UIDAI will emphasize a flexible model for Registrars: The Registrars will retain significant flexibility in their processes, including issuing cards, pricing, expanding KYR (Know Your Resident) verification, collecting demographic data on residents for their specific requirements, and in authentication. The UIDAI will provide standards to enable Registrars maintain uniformity in collecting certain demographic and biometric information, and in basic KYR. These standards will be finalized by the KYR and biometric committees the Authority constitutes.
Enrolment will not be mandated: The UIDAI approach will be a demand-driven one, where the benefits and services that are linked to the UID will ensure demand for the number. This will not however, preclude governments or Registrars from mandating enrolment. The UIDAI will issue a number, not a card: The Authority’s role is limited to issuing the number. This number may be printed on the document/card that is issued by the Registrar.
The number will not contain intelligence: Loading intelligence into identity numbers makes them susceptible to fraud and theft. The UID will be a random number.
The Authority will only collect basic information on the resident:
The UIDAI may seek the following demographic and biometric information in order to issue a UID number:
Date of birth
Father’s UID number (optional for adult residents)
Mother’s UID number (optional for adult residents)
Address (Permanent and Present)
Process to ensure no duplicates: Registrars will send the applicant’s data to the CIDR for deduplication. The CIDR will perform a search on key demographic fields and on the biometrics for each new enrolment, to ensure that no duplicates exist.
1 Individuals with both parents deceased can provide a Guardian’s name and UID number. The incentives in the UID system are aligned towards a self-cleaning mechanism. The existing patchwork of multiple databases in India gives individuals the incentive to provide different personal information to different agencies. Since de-duplication in the UID system ensures that residents have only one chance to be in the database, individuals will provide accurate data. This incentive will become especially powerful as benefits and entitlements are linked to the UID.
Online authentication: The Authority will offer a strong form of online authentication, where agencies can compare demographic and biometric information of the resident with the record stored in the central database. The Authority will support Registrars and agencies in adopting the UID authentication process, and will help define the infrastructure and processes they need.
The UIDAI will not share resident data: The Authority envisions a balance between ‘privacy and purpose’ when it comes to the information it collects on residents. The agencies may store the information of residents they enrol if they are authorized to do so, but they will not have access to the information in the UID database. The UIDAI will answer requests to authenticate identity only through a ‘Yes’ or ‘No’ response. The Authority will also enter into contracts with Registrars to ensure the confidentiality of information they collect and store.
Technology will undergird the UIDAI system: Technology systems will have a major role across the UIDAI infrastructure. The UID database will be stored on a central server. Enrolment of the resident will be computerized, and information exchange between Registrars and the CIDR will be over a network. Authentication of the resident will be online. The Authority will also put systems in place for the security and safety of information.
For residents: The UID will become the single source of identity verification. Once residents enrol, they can use the number multiple times – they would be spared the hassle of repeatedly providing supporting identity documents each time they wish to access services such as obtaining a bank account, passport, driving license, and so on. By providing a clear proof of identity, the UID will also facilitate entry for poor and underprivileged residents into the formal banking system, and the opportunity to avail
services provided by the government and the private sector. The UID will also give migrants mobility of identity.
For Registrars and enrollers: The UIDAI will only enrol residents after de-duplicating records. This will help Registrars clean out duplicates from their databases, enabling significant efficiencies and cost savings. For Registrars focused on cost, the UIDAI’s verification processes will ensure lower KYR costs. For Registrars focused on social goals, a reliable identification number will enable them to broaden their reach into groups that till now, have been difficult to authenticate. The strong authentication that the UID number offers will improve services, leading to better resident satisfaction.
For Governments: Eliminating duplication under various schemes is expected to save the government exchequer upwards of Rs. 20,000 crores a year. It will also provide governments with accurate data on residents, enable direct benefit programs, and allow government departments to coordinate investments and share information.
READ THE DETAILS OF UID PROJECT
FREQUENTLY ASKED QUESTIONS
- Issue a unique identity number to a resident.
- Authenticate the identity of a person who is in the UID database
CREATION OF THE UID DATABASE
Registrar and UIDAI – This is a partnership where the Registrar and UIDAI will work together to enrol people into the UID database as per the regulations and specifications laid down by the Authority for relevant fields and operating procedures. The Registrar delivers services to the people and has a keen business and social interest in ensuring the authentic identity of the people availing their services.
Registrar and Enrolling Agencies – The Enrolling Agencies are the agents of the Registrar and the touch points on the ground to enrol people into the UID database. The Enrolling Agency will directly interact with and enrol residents into the CIDR and will be monitored by the Registrars.
There is no established database in the country that can serve the purpose of a Unique ID. The available databases act as a starting point to get a register of residents in place, but cannot do anything towards identity. Further, they exist in manual and varied electronic forms that do not allow for comparison or creation of an authentic database. The UIDAI is primarily using the partnership model to leverage the existing infrastructure of registrars, instead of creating something new and expensive – some registrars may use the door to door methodology and others may use other means.
RESIDENT AND UNIQUE IDENTITY
PROCEDURE OF SECURING A UID NUMBER
A resident will have to go to an enrolling agency, fill up an application form and provide the supporting documentation including photo and finger print.
The enrolling agency will collect this information and send the data, either singly or in batches, to the registrar who will pass this on to the UID database.
The system will engage in a de-duplication exercise.
If the individual is not already in the database, a UID number will be issued and sent to the person at their residence. The UID number will also be sent to the Registrar for use in their service database.
If the individual is already in the database the registration will be rejected and the person will be informed of the same.
The registrar will scan the supporting documentation and send it to the UIDAI and keep the physical copies with themselves.
INFORMATION FROM RESIDENT AND ACCESS TO DATABASE AND SECURITY
- NameDate of birthGenderFather’s nameFather’s UID number (optional for adult residents)Mother’s nameMother’s UID number (optional for adult residentsAddress (Permanent and Present)Expiry datePhotograph
- Finger print
PROTECTION FROM EXPANDING DATA FIELDS
CORRECTION OF INFORMATION ON THE UID DATABASE
PRIVACY AND FRAUD
GRIEVANCE REDRESSAL MECHANISM
For Further Details Visit :http://uidai.gov.in/
USHA RAMANATHAN IN THE INDIAN EXPRESS
The air is thick with schemes that will enable the state, and its agencies, to identify every resident, and to track what they are doing. A home ministry project for creating a National Population Register which will be prepared along with the 2011 Census has been propelled through its pilot stage. Now, an ambitious programme has been launched to load all the residents of the country on to a data base, providing each of us with a unique identity number. What distinguishes this exercise from any other undertaken so far?
First of all, the intention is provide a Unique Identity Number to the whole population, including the just born. The state is to have data on each individual literally from birth to death; and beyond, for a person’s UID is not destroyed at death, merely disabled. The numbers are to be so generated that it will not have to be repeated for between a hundred and two hundred years.
The UIDAI, in its working paper, says that enrolment will not be mandatory, but acknowledges that in practice it is expected not to be voluntary. The ‘Registrars’, who will enroll people on to the data base, will be both private operators and government agencies, and they will be encouraged to insist that they will entertain only those who are willing to enroll. Over a short time, only those with UID numbers may find themselves able to access services. That is the effort.
The UID has nothing to do with citizenship. The information on the UID database is expected to be basic, and to cover all residents: name, date of birth, place of birth, gender, the name and UID numbers of both parents, address, date of death and photograph and fingerprints. This is because the UID is only to identify the individual to the agency that is looking for authentication.
Just on its own, it could even seem benign.
There are two phenomena that take the innocence out of the exercise. The first is ‘convergence’. ‘Convergence’ is about combining information. There are presently various pieces of information available separately, and held in discrete ‘silos’. We give information to a range of agencies; as much as is necessary for them to do their job. The passport agencies do not need to know how many bank accounts you have, or whether you drive a car. The telephone company need not know how you have insured your house. The police do not need to know how often you travel, not unless you are a suspect anyway. It is this that makes some privacy possible in a world where there are so many reasons why, and locations where, we give information about ourselves. The ease with which technology has whittled down the notion of the private has to be contained, not expanded. The UID, in contrast, will act as a bridge between these silos of information, and it will take the control away from the individual about what information we want to share, and with whom.
This is poised to completely change norms of privacy, confidentiality and security of personal information. There are already indications about how convergence will work. Consider the reports that the Apollo Hospitals group has offered to manage health records through the UIDAI. It has already invested in a company called Health Highway that reportedly connects doctors, hospitals and pharmacies who would be able to communicate with each other and access health records. In August 2009, Business Standard reported that Apollo Hospitals had written to the UIDAI and to the Knowledge Commission to link the UID number with health profiles of those provided the ID number, and offered to manage the health records. The terms ‘security’ and ‘privacy’ seem to be under threat, where technological possibility is dislocating many traditional concerns.
The second phenomenon is ‘tracking’. Once the UID is in place, and convergence becomes commonplace, the movement of people, their monies, their activities can be brought together, especially since transactions from buying rice in a PDS shop to receiving wages to bank withdrawals to travel could begin to require the number. There is a difference between people tracking a state, and the state, and the ‘market’ tracking people. The UID is clearly not what it is presented as being: it is not benign, nor a mere number which will give an identity to those who the state had missed so far.
Interestingly, the working paper of the UIDAI starts with a claim that the UID will bring down barriers that prevents the poor from accessing services and subsidies by providing an identity, but soon goes on to clarify that the “UID number will only guarantee identity, not rights, benefits or entitlements”. Given that it is the powerlessness of the poor, inefficiency, the perception of the poor as not deserving of support, sympathy or rights, and the status of illegality foisted on them that stops them from getting what is due to them, and given that corruption and leakages in the system mutate and persist, this quick stepping back is wise indeed.
In the excitement about technology being deployed to do something that has not been done anywhere in the world, the importance of privacy and protection from misuse of personal information is getting eclipsed.
It is significant that the UIDAI working paper makes no mention of national security concerns, and the surveillance, and profiling, possibilities it will create. Yet, the UID is not a project in isolation. The NATGRID, which the UID will facilitate, places the whole population under surveillance; and the home minister is talking about a DNA bank.
Fallibility, the difficulties inherent in reaching those in extreme poverty, the choiceless existence on a database and the possibility of undesirable others getting hold of information only add to the scariness of the scenario that we seem to have accepted without discussion, challenge or debate. And, once accomplished, we would have reached a point of no return.
The writer is an independent law researcher.