Secrecy fears over India's epic ID project
By Raja Murthy
MUMBAI - As India embarks on the largest citizen identity project in history,
the high-profile agency implementing it was left red-faced after its
confidential working paper was leaked onto the Internet.
Titled "Creating a Unique Identity Number for Every Resident in India", the
leaked document reveals in-depth details about the government project to reach
1.03 billion citizens - an undertaking on a scale never tried before in the
The unique identity document (UID) number, stored and verifiable online from a
central database, can be used for a lifetime - for passports, bank accounts,
social welfare programs, phone services to airport check-ins. The ID number
would be verified with individual biometrics such as fingerprints and iris
But as with centralized citizen ID programs in other countries, critics fear
the US$4 billion project threatens privacy, as well as
being vulnerable to hackers, crooks and governmental misuse. They call the
leaked document a sign of security risks to come.
For unknown reasons, the government has not made available details about the
UID project, apart from project chief Nandan Nilekani's public comments. Asia
Times Online contacted some potentially key stakeholders in the UID project,
but strangely none were forthcoming with information.
National Informatics Center director general B K Gairola, who heads the UID
project's committee on biometrics, chairman OP Bhatt of the State Bank of India
(Asia's largest bank), and even Pradeep Bhatia, managing director of leading
Indian biometrics company BioEnable, had not responded to basic questions about
the UID project at the time of writing. The leaked working paper is now the
primary source for information about a project that will supposedly affect
every one of India's citizens.
On November 13, a website, Wikileaks - which describes itself as an
"anti-corruption group" and a "whistleblowers site" - published the working
paper on the project.
"Because the project will likely become a model for many countries, the
document is of global interest," claimed an editorial note from the anonymous
professional journalists and anti-corruption analysts said to be controlling
The 41-page document, saying "Version1.1 Property of UADAI - Confidential",
must have seemed like an early Christmas gift to Right to Information 
activists in India fighting to wring out more project details from the Unique
Identification Authority of India (UIDAI), the executing body. With textbook
irony, the leaked document also admitted that the "UID Database will be
susceptible to attacks and leaks at various levels".
Data security fears are inevitable, but the more basic question yet to have
healthy debate is whether India needs the project. Centralized citizen identity
verification runs counter to a more common sense policy for India to administer
its population through more de-centralization and distribution of federal
powers to regional state governments.
Whether the UID will solve problems or become a problem, global information
technology companies seem to think it will be profitable. Google, IBM, Yahoo,
Microsoft and India's own Tata Consultancy Services and Infosys are lobbying
the government for slices of the pie. On November 12, Yahoo chief executive
officer Carol Bartz met Prime Minister Manmohan Singh, fishing for her
company's involvement in the project.
The UID project shot up in profile when Nilekani, chief executive officer and
co-founder of Infosys, resigned his corporate job and took over as UIDAI
chairman. Manmohan attached sufficient importance to the project to give
Nilekani the rank and status of cabinet minister.
Fifty-four-year old Nilekani, among the 100 most influential people in the
world in Time magazine's 2006 list, has his work cut out in a project whose
scale he says is 10 times anything similar elsewhere in the world. He estimates
needing thousands of servers to verify billions of sets of biometric data for
hundreds of thousands of requests every second.
Many countries have either a card or a number as national identity - such as
the US Social Security Number for citizens, China and Hong Kong with ID cards,
and South Korea with a 13-digit ID number - but India is the first country to
begin a biometrics-based, multi-purpose ID number verifiable online on such a
India's UID will be a randomly generated number, without "intelligence" being
added to it such as birth dates, as in the South Korea's citizen ID number.
This is to reduce chances of fraud and identity theft, says the UIDAI working
Launched this February, the UID project primarily targets disadvantaged people.
"In India, an inability to prove identity is one of the biggest barriers
preventing the poor from accessing benefits and subsidies," says the working
paper in its opening line. It expects social welfare schemes to include people
at present cut off without identity documents.
In the process, the UID think-tank expects less corruption and cheaper
transactions for the poor, the bane of every governmental welfare program. The
leaked working paper says the UID would save taxpayers $4.3 billion annually by
removing duplicate and fraud identity applications.
The UID partners would be public and private service providers such as banks,
insurance companies, hotels, airlines and other business. After registering
with the UIDAI and making their computer systems compatible, business
establishments can receive online confirmation of their customers' UID number
in a "yes" or "no" format.
Applications for UID numbers would at first be voluntary. Nilekani said the
first ID numbers would be released by end of 2010, that 600 million numbers
will be released in six years, and be available to the entire population in a
decade. After this, the UID number may be made compulsory.
That's when the problems, from risks of misuse to logistical headaches, could
start. Biometric data will have to be collected from 400 million children, 60
million disabled people and 90 million tribal members.
It will be interesting, for instance, to see how a UIDAI missionary preaches
the good word about biometric identity numbers to the fiercely shy Sentinelese
and Shompen tribes in India's Andaman and Nicobar islands.
The government is pushing ahead with the project without much public, media or
even parliamentary discussion. The secretive nature could have been avoided,
but the UIDAI seems to have adopted a "Big Brother" attitude of "We know what's
best for you, and we don't need to know what you think". Or, it could have
something to hide.
For all its troubles, the UID number will not confer citizenship but only be a
proof of residence. Other government-acceptable identity cards in India include
the Permanent Account Number, or PAN, card used for income tax; voter ID;
ration cards; driving licenses and passports.
However, unlike the UID number, none of those keep a lifetime track-record of
transactions. Whether the UID project will reduce corruption or become part of
it, the more debatable question is the wisdom and dangers of a centralized
database for a billion people, and whether India unnecessarily risks a new kind
of identity crisis.
1. The landmark Right to Information (RTI) law of 2005 enables citizens of
India to request information - for personal and public interest - from
government departments and mandates bureaucrats to respond to queries within a
time frame. Since then, activists have used the RTI to expose corruption and
mismanagement at various levels of governance. A recent major RTI success was
in inducing Supreme Court judges to disclose details of their wealth and assets
on the court website.