The myth of the technology fix
THE myth of the technology fix is currently in the making. Corruption, inefficiency and ‘leakages’ are persuasive reasons for replacing the human element with technology. In a milieu where there are many users of technology, but remarkably few who understand it, or its consequences, or its application, technology is easily perceived as value-neutral and not sharing the traits and frailties of the human, social condition.
The depths to which public morality has sunk evokes desperation, which seeks answers somewhere other than where the problem now abides, viz. in the human person. Technology and the machine can, in the land of desperate optimism, seem relatively incorruptible. The potential intrusiveness of technology is shielded by the extent to which the temptations of technology have upended ideas of privacy, confidentiality, personal security and fraud. This seems to have prepared the ground for a technology fix.
First, there was the UID (Unique Identification Number).
In January 2009, the UIDAI was set up within the Planning Commission by an executive order. In July 2009, Nandan Nilekani was hand-picked by the prime minister to head the UIDAI. Since then, the promotional literature on the UID has kept close to the section titled ‘Getting rid of our phantoms: Single Citizen ID’ in the chapter on ‘ICT in India’ in Nandan Nilekani’s Imagining India (2008). The pitch is that there are many people in India who have no identity and, therefore, are not known to the state. Once they can demonstrate to the state that they exist – and the UID will do it for them – it will be one step towards reaching services and entitlements which the state provides to its poor.
The project has been in the popular imagination as being about the poor, with the convenience of a KYC (Know Your Customer) facility that will help those with multiple identity documents not having to prove, time after time, that they are who they say they are – the UID will do it for them. All they need to do is enrol and, to do that, they have to give simple and basic information to the enrolling agency, which will pass it on to the UIDAI, which will get it ‘de-duplicated’ (that is, make sure that they have not already been given a number; the biometrics are to help achieve de-duplication through the use of fingerprints and the iris metrics) and allot each individual a unique 12 digit number. Enrolment is voluntary. And, with this, the myths begin to take shape.
The myth of voluntariness stands exploded even as it is stated. For, as the project document acknowledges, the compulsion will not come from the UIDAI, but other agencies may demand that a person must have a UID number to be provided a service. Banks, for instance, may make UID a prerequisite to opening, or maintaining, accounts. Or to get onto the NREGA muster roll. Or to be entitled to a BPL card. And so on. Voluntarism is not a norm that is compatible with the unrelenting ambition of the UID to have universal enrolment.
The ‘document’ on ‘UID and Public Health’ reads: ‘We surmise that the starting point (for providing a UID to every Indian citizen) would be to aggregate records for various population databases such as the census, the PDS (Public Distribution System), voter identity systems etc., while dealing with the challenges of duplication. Existing databases would probably still leave a large percentage of the population uncovered. Therefore, every citizen must have a strong incentive or a "killer application" to go and get herself a UID, which one could think of as a demand side pull. The demand pull for this needs to be created de novo or fostered on existing platforms by the respective ministries.’ So, ‘the launch of the RSBY (Rashtriya Swasthya Bima Yojana) by the Ministry of Labour is a great example of a killer app waiting for a platform… partnering with the scheme will (1) provide an additional and fresh, unlikely to be duplicated, source of registration for the UID.’1
It is this aspect of the UIDAI, where the project piggybacks on the schemes and services of the government, that propelled over 100 activists to issue a public statement asking the UID not to ride on the fragile NREGA system to achieve its enrolment targets.2
The UID, it is being said, will provide the poor with an identity, and that will take them closer to that to which they are entitled. However, this is immediately followed up with a disclaimer: that the UID does not guarantee services and entitlements. That the driving force is not delivery of services but enrolment is in evidence, for instance, in the UID document on ‘UID and PDS’: ‘To support enrolment into the UID database, the central government will mandate that the UID numbers of each family member should be recorded in the ration card.’
And, linking it up with the PDS will improve UID coverage – ‘If the UID enrolment is integrated into the process of the creation of a beneficiary database for PDS, the coverage for UID improves significantly’ – and aid data updating.
‘Ration cards are a persistent source of citizen transactions with a monthly frequency. If there is a change in the family structure, or the family moves, the ration card is sure to be updated. At this time, the data can also be updated to the UID database.’3 And, again: ‘The legislative support in form of the need for submitting the UID number for several transactions will push residents to acquire a UID.’ Those working on food security such as Jean Dreze and Ramakumar4 have explained that the problem having been inaccurately identified, the UID as an answer was, in effect, a misrepresentation.
‘The real game plan for social policy,’ writes Jean Dreze ‘seems to be a massive transition to "conditional cash transfers" ... If the backroom boys have their way, India’s public services as we know them will soon be history, and every citizen will just have a smart card – food stamps, health insurance, school vouchers...’5 , a move that will reductively recast the role of the state in the contexts of malnourishment, unemployability, access to education and services in the social sector. There are indications even within the ‘UID and PDS’ document, in the language of ‘direct cash transfer programmes’ and ‘food stamps’.
There is the myth that this will be inclusive. Yet, even the keenness to enrol as quickly and as many people as possible has not produced a method by which enrolment will be simple, painless and precise. There are two ways in which a person gets enrolled: the documentary route, and through an ‘introducer’. There is a third way, through the ‘National Population Register’ process of public scrutiny, but that is still in the future.
Those who possess identity documents which are accepted by the enrolling agency as sufficient and accurate may use a document as the primary identifier for enrolment. Those who do not possess such a document, or where the enrolling agency is unwilling to rely on its authenticity or accuracy, will need an introducer. An introducer can only be a person who has got a UID number on the basis of an identifying document. ‘Essentially’, the Vittal Committee report says, ‘this idea has been borrowed from the account opening procedure in the banks... In effect, there will be several approved "introducers" who can help residents without supporting documents to enrol for a UID. Having multiple introducers within and outside government agencies should provide a needy resident access to people who can assert their identity while minimising harassment.’6
The UIDAI has busied itself with signing on NGOs to introduce the excluded into the system. They are expected to ensure that the information that is fed into the system is accurate. Yet, how many will know the unidentified well enough to even know each person’s name? And what does the ‘address’ of the homeless person mean? And how are the vagaries of pronunciation and spelling to be met? How much do the poor have to remember to be authenticated as being the person they say they are? If the biometric does not match the name or address as spelt out, what is to happen to the individual?
None of this has been addressed, anywhere, except in the Vittal report where they have said that the responsibility of an introducer needs to be engrafted into law. The National Identification Authority of India Bill 2010 does not acknowledge the ‘introducer’; so they continue without any certainty of how they may be held answerable for errors and omissions. Those for whom no one is willing to take responsibility will, of course, stay out of the system altogether.
There is the myth that biometrics are a sure-fire way of pinning identity. This is entirely unproven. In September 2010, it was reported that there was a report jointly commissioned by the CIA, the US Department of Homeland Security and the Defence Advanced Research Projects Agency, and carried out by the National Research Council in the US. It has concluded that the current state of biometrics is ‘inherently fallible’. While the technology may work on a small scale, it will cause major problems if utilized on a wide scale, it reportedly argued. In the current state of biometrics, the results are probabilistic; and the technology assumes that the parameters are static, which they are not.7 On 17 July 2010, the Economic Times reported that the UID project had run into trouble because ‘scores of people that Aadhaar project will help the most do not have the sharp curving lines on their fingers as depicted in its logo. Millions of Indians working in agriculture, construction workers and other manual labourers have worn-out fingers due to a lifetime of hard labour, resulting in what is euphemistically referred to in technical literature as "low-quality" fingerprints. This is precisely the demographic that UID aims to help – those that are outside government records and welfare schemes.’
Yet, a ‘proof of concept’ study, limited to enrolment (and not authentication) of a number in the thousands, excluding persons whose biometrics could be more complex such as workers in tea gardens, has given a thumbs up to biometrics.8 The UIDAI Biometrics Committee had cautioned that two factors raised uncertainty: the scaling up of the database from 50 million (which is the largest number of persons on a biometric database so far) to one billion plus that has not been adequately analysed; and the fingerprint quality, the most important variable for determining accuracy, has not been studied in depth in the Indian context.9
The influence of demographics – rural, urban, manual work, work in water – and environmental conditions – hot, cold, clammy, air-conditioned or otherwise – is not clear as yet. What seems certain is that malnourishment-induced cataract blights millions, and corneal injury is uncounted in occurrence, which makes the iris an unworkable measure. The work of millions causes calloused hands, and imperfect fingerprints. Yet, myth-making allows biometrics to be certain and sure.
There is a myth that the UIDAI will collect a very limited data set which will not allow profiling. The UIDAI will not engage in ‘convergence’ of data by breaching, or bridging, discrete silos in which information is held. When questions are raised about the UID number’s potential in surveillance, tracking, profiling, tapping and convergence – which makes privacy a redundant concept – the response so far has been that the UID will be doing none of this. That the information held will be limited. That the only information that will flow out of the UIDAI will be a ‘yes’ or a ‘no’ to a request for authentication.
The mythical nature of these claims has already begun to be evident, and what will be is beginning to appear. For a start, the UIDAI had limited the information it was to gather to name, address, names and UID numbers of father, mother, guardian, gender, date of birth and biometrics. This was in the phase when the idea was being sold. The form being administered, however, has a ‘Part B: Additional Information’. This includes the ‘phone number/mobile number’ and ‘email’ which are parenthetically indicated to be ‘optional’. However, Reetika Khera, watching the enrolment process in Jharkhand, saw no signs that a choice of giving the information or not was being offered.10 There is a ‘Part C – Financial Information’ where a person may tick a box to declare, ‘I want to link my existing bank account to Aadhaar and I have no. this issue (sic)’, followed by ‘Bank name and branch’ and ‘A/c number’.
In the ‘office copy’ of the ‘consent for enrolment form’, an asterisk reads: ‘I confirm that information (including biometrics) provided by me to the UIDAI and the information contained therein is my own and is true, correct and accurate. I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services including financial services.’11 The Department of Information Technology speaks of the UID project as the ‘National Citizen Database’ which ‘envisages provision of linking of existing databases, as well as providing for future additions, by user agencies.’
The approach paper on privacy that was prepared for the Department of Personnel and Training as a prelude to a law on the subject says: ‘Data privacy and the need to protect personal information is almost never a concern when data is stored in a decentralised manner... However, all of this is likely to change with the implementation of the UID project. One of the inevitable consequences of the UID project will be that the UID number will unify multiple databases. As more and more agencies of the government sign on to the UID project, the UID number will become the common thread that links all those databases together. Over time, private enterprises could also adopt the UID number as an identifier for the purposes of the delivery of their services or even for enrolment as a customer. Once this happens, the separation of data that currently exists between multiple databases will vanish.’12 Despite these direct connections being made between the UIDAI, convergence of data and concerns of privacy, the potential invasiveness of the UID is, simply, denied.
There is the myth of data security. The many places through which the data travels before it rests in the Central Identities Data Repository (CIDR) – the enrollers, the Registrars, the UIDAI, the de-duplicating agency; the many places where fingerprints and the UID number will be left to be used; and the incongruence between electronically held data and secrecy, make data security improbable, at best. The idea that the data of a whole populace be gathered and held in a ‘repository’ is not comforting. If corruption and abuse of power are problems that the UID is intended to overcome, how is one to view the role that these characteristics may have in data security? There are, of course, no answers other than this: that the technologists know what they are doing, and we should trust their competence and knowledge.
Even the idea that the UID is a state project is emerging as a myth. The project has been without the authority of law since its inception. It continues to run without a feasibility report or estimate of how much it may cost – estimates vary from Rs 45000 crore to Rs 1.5 lakh crore, and the UIDAI has not said a word either way. It is peopled by staunch allies of Nandan Nilekani, with whom he has a history of working together. On its technical staff are those who have joined, been lent, are on sabbatical, or are volunteering from the technology industry. The actual work of capturing the data, de-duplicating and allocating numbers is outsourced; the UIDAI has made contractual arrangements, and entered into MoUs, that take care of that.
State governments and ministries and departments are linked to the UIDAI through MoUs. The Ministry of Human Resources Development, for instance, signed an MoU with UIDAI on 27 October 2010. A Press Information Bureau release speaks of the HRD ministry ‘cooperating and collaborating’ with the UIDAI in, among other things, ‘putting in place an institutional mechanism to effectively oversee and monitor the implementation of the UID project and provide logistic and liaison support to the staff and representatives of UIDAI.’13 The Government of India set up the UIDAI and is funding the project, but control and normative boundaries are remarkably fuzzy.
This becomes significant in the context of questions raised about the companies that have passed the pre-qualification. Accenture is a company that has been working closely with the US Department of Homeland Security on a Smart Borders Project.14 A report on the web dated 7 May 2007 speaks of L-1 Identity Solutions being the ‘company with the closest ties to the CIA’ and being ‘the nation’s biggest player in biometric identification.’ L-1 Identity Solutions, according to this report, assists the Pentagon, US Intelligence, the State Department, and the Department of Homeland Security. It had George Tenet, the ex-chief of the CIA on its board until 2007.15 The National Corruption Index, which analyses and assesses corruption, cites the company in its 2008 records. What due diligence could have passed these two companies and given them a role in de-duplication and allotment of UID numbers?
The National Identification Authority of India Bill, 2010 (NIAI Bill) has been piloted into the Rajya Sabha by the prime minister, but the bill is in his name, and without reference to the capacity in which he is introducing it in Parliament. There are connections between the UID and other processes that are underway about which little is known. We now know that the National Population Register is being constructed primarily to feed into the UID enrolment process; that it is being built up along with the census exercise but lacks the strict terms of confidentiality that are in the Census Act; and, that it is being conducted under the Citizenship Rules of 2003. But we have heard only a little about the Public Information Infrastructure (PII) which has Sam Pitroda in charge of it.
In a promo on YouTube, Pitroda explains that the starting point is a nationwide network of fibre-optics and wireless systems.16 This is how he says it: ‘For government PII, it is very important to first identify all beneficiaries, essentially people. So one task is to tag people. We also at the same time need to identify all our physical assets all over the country, like primary schools, railways stations, hospitals. Then we also need to tag all our programmes... Once you tag people, places and programmes, then it is easier to organize information for public services. Hopefully, with new focus on PII, where we could essentially tag people, tag places, tag programmes, we will be able to restructure delivery systems to get lot better productivity, efficiency, reduced cost.’ Hopefully. And, as he said elsewhere, the UID will tag people, the GIS will tag places, and the PII will tag programmes.17
There is a further link to the UIP project: institutions are to be given UID numbers, too.
Then, there is Chidambaram’s NATGRID, where 21 databases will feed information to eleven security and intelligence agencies including RAW and IB; which, as we know, are accountable to no one, are beyond parliamentary oversight, and outside the RTI. Its chief, Captain Raghu Raman, authored a report entitled ‘A Nation of Numb People’ in his earlier incarnation as the CEO of Mahindra Special Services Group. ‘Let’s face it,’ he said, ‘security forces are stretched. With four belligerent and two troubled neighbours (and internal aid to civil authorities thrown in), the defence forces don’t have any bandwidth to spare. Jammu and Kashmir, Naxalite problems, and the North-East keep paramilitary forces occupied. Internal security is falling apart and the bureaucracy and government know this.’ So, ‘It’s time for the corporates to step in.’
As part of the prescription, ‘Enterprises would need to raise their own protection units...’ ‘Think of it,’ he says ‘as a private territorial army.’ And the write-up acquires a rhythmic cadence: ‘15 years ago the enemy was in the distant Kashmir and North-East. Five years ago, the enemy was at the gates hitting cities from outside. Now the enemy is inside the gates. If the commercial czars don’t begin protecting their empires now, they may find the lines of control cutting across those very empires.’18
It may not have invited serious attention, except that this is now the NATGRID’s chief who has spoken.
Corporate insecurities, and the desire to control a population that is too vast and complex, has produced reports such as FICCI’s 2008 December report on National Security and Terrorism, and ASSOCHAM’s 2010 report on Homeland Security in India, which opens with invoking the NATGRID and the UID as tracking devices. The state is supporting, funding and partnering in these enterprises, and acting, when it can do so, in the silence of secrecy. Technology seems to be a shield that lulls people into acquiescence, and allows incomprehension to lead us to unquestioning acceptance. The myth of the technology fix is asking to be challenged.
5. Jean Dreze, Unique Facility or Recipe for Trouble, The Hindu, 2010/11/25, (http://www.hindu.com/2010/11/25/stories/2010112563151300.htm).
6. http://uidai.gov.in/UID_PDF/Committees/UID_DDSVP_Committee_Report_v1.0.pdf, p.16
7. http://homelandsecuritynewswire.com/ report-biometric-id-technologies-inherently-fallible
8. http://uidai.gov.in/images/FrontPage Updates/uid_enrolment_poc_report.pdf
10. Personal communication, dated 19 December 2010.
11. This is the one clause in the form only in English.
14. http://newsroom.accenture.com/article_ display.cfm?article_id=4112
16. http://www.youtube.com/watch?v= Ktn3oqY6NVE