When a Palm Reader Knows More Than Your Life Line #biometrics #privacy


By NATASHA SINGER, New York Times
Published: November 10, 2012

“PLEASE put your hand on the scanner,” a receptionist at a doctor’s office at New York University Langone Medical Center said to me recently, pointing to a small plastic device on the counter between us. “I need to take a palm scan for your file.”

I balked.

As a reporter who has been covering the growing business of data collection, I know the potential drawbacks — like customer profiling — of giving out my personal details. But the idea of submitting to an infrared scan at a medical center that would take a copy of the unique vein patterns in my palm seemed fraught.

The receptionist said it was for my own good. The medical center, she said, had recently instituted a biometric patient identification system to protect against identity theft.

I reluctantly stuck my hand on the machine. If I demurred, I thought, perhaps I’d be denied medical care.

Next, the receptionist said she needed to take my photo. After the palm scan, that seemed like data-collection overkill. Then an office manager appeared and explained that the scans and pictures were optional. Alas, my palm was already in the system.

No longer the province of security services and science-fiction films, biometric technology is on the march. Facebook uses facial-recognition software so its members can automatically put name tags on friends when they upload their photos. Apple uses voice recognition to power Siri. Some theme parks take digital fingerprints to help recognize season pass holders. Now some hospitals and school districts are using palm vein pattern recognition to identify and efficiently manage their patients or students — in effect, turning your palm into an E-ZPass.

But consumer advocates say that enterprises are increasingly employing biometric data to improve convenience — and that members of the public are paying for that convenience with their privacy.

Fingerprints, facial dimensions and vein patterns are unique, consumer advocates say, and should be treated as carefully as genetic samples. So collecting such information for expediency, they say, could increase the risks of serious identity theft. Yet companies and institutions that compile such data often fail to adequately explain the risks to consumers, they say.

“Let’s say someone makes a fake ID and goes in and has their photo and their palm print taken as you. What are you going to do when you go in?” said Pam Dixon, the executive director of the World Privacy Forum, an advocacy group in San Diego. “Hospitals that are doing this are leaping over profound security issues that they are actually introducing into their systems.”

THE N.Y.U. medical center started researching biometric systems a few years ago in an effort to address several problems, said Kathryn McClellan, its vice president who is in charge of implementing its new electronic health records system. More than a million people in the New York area have the same or similar names, she said, creating a risk that medical personnel might pull up the wrong health record for a patient. Another issue, she said, was that some patients had multiple records from being treated at different affiliates; N.Y.U. wanted an efficient way to consolidate them.

Last year, the medical center adopted photography and palm-scan technology so that each patient would have two unique identifying features. Now, Ms. McClellan said, each arriving patient has his or her palm scanned, allowing the system to automatically pull up the correct file.

“It’s a patient safety initiative,” Ms. McClellan said. “We felt like the value to the patient was huge.”

N.Y.U.’s system, called PatientSecure and marketed by HT Systems of Tampa, has already scanned more than 250,000 patients. In the United States, over five million patients have had the scans, said Charles Yanak, a spokesman for Fujitsu Frontech North America, a division of Fujitsu, the Japanese company that developed the vein palm identification technology.

Yet, unless patients at N.Y.U. seem uncomfortable with the process, Ms. McClellan said, medical registration staff members don’t inform them that they can opt out of photos and scans.

“We don’t have formal consent,” Ms. McClellan said in a phone interview last Tuesday.

That raises red flags for privacy advocates. “If they are not informing patients it is optional,” said Joel Reidenberg, a professor at Fordham University Law School with an expertise in data privacy, “then effectively it is coerced consent.”

He noted that N.Y.U. medical center has had recent incidents in which computers or USB drives containing unencrypted patient data have been lost or stolen, suggesting that the center’s collection of biometric data might increase patients’ risk of identity theft.

Ms. McClellan responded that there was little chance of identity theft because the palm scan system turned the vein measurements into encrypted strings of binary numbers and stored them on an N.Y.U. server that is separate from the one with patients’ health records. Even if there were a breach, she added, the data would be useless to hackers because a unique key is needed to decode the number strings. As for patients’ photos, she said, they are attached to their medical records.

Still, Arthur Caplan, the director of the division of medical ethics at the N.Y.U. center, recommended that hospitals do a better job of explaining biometric ID systems to patients. He himself recently had an appointment at the N.Y.U. center, he recounted, and didn’t learn that the palm scan was optional until he hesitated and asked questions.

“It gave me pause,” Dr. Caplan said. “It would be useful to put up a sign saying ‘We are going to take biometric information which will help us track you through the system. If you don’t want to do this, please see’ ” an office manager.

Other institutions that use PatientSecure, however, have instituted opt-in programs for patients.

At the Duke University Health System, patients receive brochures explaining their options, said Eliana Owens, the health system’s director of patient revenue. The center also trains staff members at registration desks to read patients a script about the opt-in process for the palm scans, she said. (Duke does not take patients’ photos.)

“They say: ‘The enrollment is optional. If you choose not to participate, we will continue to ask you for your photo ID on subsequent visits,’ ” Ms. Owens said.

Consent or not, some leading identity experts see little value in palm scans for patients right now. If medical centers are going to use patients’ biometric data for their own institutional convenience, they argue, the centers should also enhance patient privacy — by, say, permitting lower-echelon medical personnel to look at a person’s medical record only if that patient is present and approves access by having a palm scanned.

Otherwise, “you are enabling another level of danger,” said Joseph Atick, a pioneer in biometric identity systems who consults for governments, “instead of using the technology to enable another level of privacy.”

At my request, N.Y.U. medical center has deleted my palm print.

E-mail: slipstream@nytimes.com.

 

Delhi University to get biometric attendance system by January 2013


By NEHA PUSHKARNA

PUBLISHED: 21:24 GMT, 4 November 2012 | UPDATED: 21:25 GMT, 4 November 2012

Teachers may have mixed views, but Delhi University is going to introduce a biometric system for recording their attendance within the next two months.

The executive council on Saturday ‘authorised’ the vice-chancellor to take appropriate steps regarding the long-standing issue of teachers’ attendance in colleges and departments.

Now with a go-ahead from university’s highest decision-making body, the vice-chancellor is planning to usher in the new system by January.

DUTA members protest against the university's vice-chancellor (file picture)DUTA members protest against the university’s vice-chancellor (file picture)

“The EC has unanimously authorised me to take measures in respect of teachers’ attendance. It should be up by January,” vice-chancellor, Professor Dinesh Singh, said.

The biometric system has been in the pipeline for last three years, though opposition from teachers had put it on the backburner.

However, a PIL in the high court following an affidavit from the university in September had made it clear that recording the attendance of teachers was inevitable now.

“The V-C has received feedback from students saying that a large number of teachers still do not attend classes regularly. The biometric system is necessary to make them fall in line,” a senior DU official, said.

The V-C has been making surprise rounds of colleges to find out what the real situation is.

“In fact, the registrar’s office keeps an eye on the teachers who have been protesting outside V-C’s office for last three weeks,” the official said.

The biometric devices will be installed in all colleges and departments in the coming weeks. They can record teachers’ attendance by matching their fingerprints or retina with the records in the databank.

“Teachers of DU are scandalised by the manner in which the executive council, despite opposition from the elected members, has allowed itself to be completely subverted and misled into abdicating its own statutory responsibility,” a statement released by DU Teachers’ Association, said.

Read more: http://www.dailymail.co.uk/indiahome/indianews/article-2227758/Delhi-University-biometric-attendance-January-2013.html#ixzz2BNM0Hl2X
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Cash transfers: UIDAI’s newest battle is with finance ministry #uid #biometrics #aadhar


200 px

200 px (Photo credit: Wikipedia)

 

 

 

30 OCT, 2012, 05.59AM IST, M RAJSHEKHAR,ET BUREAU

In its short life, the Unique Identification Authority of India (UIDAI) has seen its fair share of skirmishes. Its latest skirmish is with an arm of the finance ministry, thedepartment of financial services (DFS), the genesis of which can be traced back to their different models to make payments.

 
Under the UIDAI model, Aadhaar forms the basis of every transaction. UIDAI plans to capture every person’s fingerprint and iris scan and store it on a central database.

Also read: How Congress can use cash transfers as a main weapon in the 2014 elections

So, when the government transfers money, to avoid duplication, it does so only to Aadhaar-verified accounts. Likewise, for transactions. When a villager wants to, say, withdraw money from her bank account, her fingerprint will be verified on a handheld machine of an agent. That scan will travel for instant verification to the central database.

On verification, the agent gives her the money. The DFS has other ideas. Under its current secretary, DK Mittal, it has been aggressively pursuing its mandate of financial inclusion. A senior official of DFS says, on the condition of anonymity, its thinking is that Aadhaar will take time to reach everyone and that cash transfers can be rolled out without Aadhaar. A senior UIDAI official, who did not want to be named, describes this as a purely “anti-Aadhaar play”.

The DFS plan rides on an architecture created by the National Payments Corporation of India (NPCI), which was set up to create a national payment architecture. This National Accounts Clearing House (NACH) can make cash transfers into beneficiary accounts using their IFSC codes and bank account numbers. This system, which is essentially a beefed up version of the Electronic Clearing System (ECS), can handle 10 million transactions a day now and 40 million transactions per day after six months.

Eventually, says M Balakrishnan, chief operating officer of NPCI, the Aadhaar payments bridge will be subsumed into the NACH. “This will give the government flexibility to use either Aadhaar or bank accounts to make payments,” he says. But the story gets complicated as one moves closer to the field. NACH is not Aadhaar-dependent-it doesn’t use Aadhaar to identify the beneficiary’s bank account, but rather uses IFSC codes and bank account numbers.

As such, it is akin to the systems already being followed by the government to make NREGA payments electronically. District administration and panchayat officials send to the state department a list of those who worked on a worksite, their bank account numbers and the amounts to be paid to each of them. The state department, in turn, asks the lead bank to credit the money into the workers’ accounts.

The UIDAI official says the DFS-NPCI model does not close the payment loop. “Aadhaar has created a system where biometric authentication at the last mile also tells us the correct person got the money,” he says.

“In the DFS system, that loop of confirmation-the targeted beneficiary received the money-will not be closed.” Put another way, the UIDAI system uses biometrics to verify twicewhen money is deposited into an account and when money is withdrawn from it. By comparison, the DFS-NPCI model does it only in the second leg, by verifying biometrics with the bank; in the first leg, it relies on bank account number.

Adds Himanshu, a professor in JNU: “If the government later decides to migrate everything to Aadhaar, we might well find that the biometrics captured by the banks cannot be compared with those in the Aadhaar servers. We might need to capture biometrics all over again.”

UIDAI feels its way is the best. The UIDAI official points out that Mittal of DFS, who has stamped his personality on many recent decisions on financial inclusion, is due to retire in January. The UIDAI, he adds, might wait for him to retire or escalate the matter with finance minister P Chidambaram now. How this plays out will determine the cash transfers architecture that finally takes shape.
___________________________________________

 

Aadhaar letters lost: Phase I was tough, says India Post- #UID #NandanNilekani


Geeta Gupta : New Delhi, Sat Aug 25 2012, 

With the Delhi government voicing concern over loss of Aadhaar letters during transit — Newsline reported many are being dumped in bulk at certain places — India Post, the designated carrier for the Unique Identification Authority of India (UIDAI), has acknowledged that it struggled to deal with bulk orders during Phase I of the project owing to shortage of manpower and equipment.

The postal department, which was responsible for printing, dispatch and delivery of Aadhaar numbers, said the printing work has been outsourced and it will now only dispatch and deliver under Phase II.

Y P S Mohan, Chief General Manager (Business Development and Marketing Directorate), Department of Posts, told Newsline there were problems and shortage of resources “but Phase II will be a smooth sail”.

“We are very low on manpower and cities have expanded very fast. If a postman had a 3-km area under him, now the same has increased to 10-km or more.”

Mohan said the UIDAI had initially placed an order for printing 25 lakh letters in 2010. These were printed in Delhi and Kolkata.

“The UIDAI articles is a one-off project which will get over in another couple of years. But it was a very big challenge for us. Enrolment started on a large scale in 2011 and we had the task of printing, dispatch and delivery of 2.5 crore speed posts a month. We have handled a maximum of 11 lakh articles in a single day. But our capacity was less, we were ill-equipped to take up such mass printing, and the UIDAI understood that. It was then decided to outsource printing. From January 2012 onward, we have been able to clear our backlog,” Mohan said.

Given that the official time limit for delivery of speed post is seven days, Mohan said postmen have been asked to devote extra time. “Since the beat areas have expanded and there are too many letters to be delivered, post offices have been asked to ensure accuracy and take extra time if needed,” he said.

Meanwhile, UIDAI chairperson Nandan Nilekani met Chief Minister Sheila Dikshit on Wednesday and proposed implementation of the Aadhaar-based “business correspondent (BC)” model in Delhi, so far implemented in rural areas to facilitate doorstep banking services to workers under the Mahatma Gandhi National Rural Employment Guarantee Scheme.

Under this model, accredited agents provide doorstep banking services using a micro-ATM. People use their Aadhaar-enabled bank accounts and the portable ATMs work with biometric authentication as identification proof.

A senior government official said: “The Chief Minister has given a go ahead that all major social security schemes in Delhi, Delhi Annashree Yojna to begin with, be primarily based on Aadhaar.” Officials of the UIDAI said modalities of the model will be worked out to help the Delhi government in implementing schemes.

Sujata Chaturvedi, Deputy Director General of UIDAI’s Delhi zone, said: “The idea behind implementation of the BC model here is to enable the Delhi government in implementing various social security schemes more effectively. Modalities of working out this model in Delhi are still being worked out in consultation with other stakeholders. While the Delhi government will lead the schemes, UIDAI will provide support services with the use of Aadhaar, like direct cash transfers to beneficiaries.” 

 

Israel’s Biometric Database Deemed “Harmful” by High Court Judges #UID #Aadhar


JULY 27, 2012 | BY REBECCA BOWE

Cartoon of a man being checked on biometric fe...

Cartoon of a man being checked on biometric features (Photo credit: Wikipedia)

In Israel, a heated debate is underway about whether Israel’s Interior Ministry will move ahead with the creation of a governmental biometric database containing digital fingerprints and facial photographs, which would be linked to “smart” national ID cards containing microchips. At the heart of the issue is a major concern about privacy: Aggregated personal information invites security breaches, and large databases of biometric information can be honeypots of sensitive data vulnerable to exploitation.

On July 23, Israel’s High Court of Justice held a hearing on a petition filed by civil rights advocates who sought to strike down a law establishing a governmental biometric database and an associated two-year pilot program. The law approving the database, enacted in 2009, met with public resistance until the government backed down and agreed to begin with only the pilot program. The pilot was supposed to be a test for determining whether it was actually necessary to move forward with building the biometric database, but an Interior Ministry decree that sanctioned the program did not actually contain any criteria to measure whether the program succeeded or failed.

While three justices voiced harsh criticism of the database, they didn’t move to cancel the project altogether. Instead, they determined that the pilot program description has to present clear criteria for success and failure, so that it would be conducted as a true test. The ruling requires the Interior Ministry to examine the very necessity of a central database, and to seriously weigh possible alternatives. The court also called for an independent review of the program, and preserved petitioners’ right to return and present their claims against the database and pilot program.

In the course of the hearing, several justices characterized the proposed database as a “harmful” and “extreme” measure. They have good reason to be skittish: Last fall, officials discovered that information in Israel’s primary population database had been hacked in 2006, and the personal records of some 9 million Israelis—both living and dead—were uploaded to the Internet and made freely available. The database contained substantial information including full names, identity numbers, addresses, dates of birth and death, immigration dates and familial relationships. Given this blemished track record, there is naturally a concern that a database that also contained biometric information would meet the same fate.

“Every once in a while, we find the census in .torrent files all over the web,” noted Jonathan Klinger, an attorney who teamed up with Association for Civil Rights in Israel (ACRI) lawyer Avner Pinchuk in opposing the biometric database. The petitioners included ACRI, the Movement for Digital Rights, Professor Karin Nahon of the University of Washington and Hebrew University, and Doron Ofek, an information security expert.

“The State in fact accepted the position of the petitioners and the Justices, according to which the order establishing the biometric database is illegal and does not enable an examination of the database’s necessity,” noted Pinchuk, the ACRI attorney. “The Interior Ministry’s intention to establish a database even before this essential flaw is amended demonstrates the hastiness and aggression that have characterized this dangerous project since its inception.”

Israel’s biometric database is just one of several massive governmental identification programsmoving forward at the global level. India is still working toward creating the world’s largest database of irises, fingerprints and facial photos, while Argentina is building a nationwide biometric database of it own. As more of these identity schemes crop up across the world, serious critical examination of these systems is urgently needed.

ID crisis: Is Aadhaar/UID going the UK way to doom?


200 px

200 px (Photo credit: Wikipedia)

The future of UID cards

The UIDAI claims to have enrolled about 20 crore people so far, but many questions remain unanswered on the issues clouding the ambitious project to give a number to every resident of the country, intended for equal social benefits
Chokkapan S

Thursday, April 19, 2012

BANGALORE, INDIA: After a few setbacks, the second phase of Unique Identity (UID) card enrollment is poised to begin this month.

Until April, there were about 200 million (20 crore) enrollments from across the states, of which 140 million (14 crore) numbers have been issued. And the Unique Identification Authority of India, helmed by chairman Nandan Nilekani, has an ambitious target of tripling this figure by early 2014. That is, scaling up by another 400 million (40 crore) in about two years.

So far, the UID’s journey had been quite bumpy, with a lot of questions raised on individual privacy and national security concerns, among other issues.

The ball was set rolling by the Parliament’s Standing Committee on Finance submitted a report, that recommended scrapping of the Aadhaar scheme. While Ashok Dalwai, deputy director general, head of UIDAI technology centre, iterates that collecting multiple biometrics was through adaptation of the global best practices, including a fusion approach of combining fingerprints and iris for identification purposes, for the Indian context, the Standing Committee stressed that the Rs.. 18,000-crore UIDAI project was directionless and lacked proper implementation.

When U.K. failed…

It would be relevant to look at a similar identity project in the United Kingdom that was abandoned in 2010, following a report from the prestigious London School of Economics (LSE) that categorically stated that the project could turn out to be a “potential danger to the public interest and to the legal rights of the individuals.”

Also, that there were other undeniable reasons, such as huge costs, unreliable and untested technology and the risks to the safety and security of citizens, didn’t help the cause of the National Data Register, either.

Dr Edgar Whitley, research coordinator and lead author of the study of the London School of Economics Identity Project, would state later, “In the U.K., in 2002, there was a discussion about ‘entitlement cards’ that slowly gave way to ‘identity cards’. I think the idea that there was a single policy reason or a few policy reasons behind the identity card project would not fit the facts well.”

The team had also identified six key areas of concern with the government’s plans, including evidence from other national identity systems that showed that such schemes performed best when established for clear and focussed purposes. “The U.K. scheme had multiple, rather general, rationales, suggesting that it had been ‘gold-plated’ to justify the high-tech scheme,” Whitley was quoted saying in an interview.

That apart, there was also concern over whether the technology would work and in Whitley’s own words, no scheme on that scale had been undertaken anywhere in the world. “The India project is, of course, even bigger. Smaller and less ambitious schemes had encountered substantial technological and operational problems, which may get amplified in a large-scale national system.”

Is Aadhaar similar?

Referring to the U.K. instance, the Parliamentary Panel pointed that the UID project also involved high costs, was complex in nature, had unreliable technology and posed safety risks.

According to Prof. R. Ramakumar, associate professor at the Tata Institute of Social Sciences, Mumbai, who has been vocal in his stance on the UID issue, “Each conclusion in the report should be discussed threadbare in the public domain. Biometrics should be withdrawn from government projects as a proof of identity.”

Alternative, and cheaper, measures to provide people with valid identity proofs should be explored, is his solution. “However, it would be a travesty of democratic principles, if the government disregards the Parliament’s Standing Committee on Finance report and pushes the project in through the backdoor.”

Boon or curse?

In the context of having a common denominator for all people, says Dr N. Seshagiri – who founded the National Informatics Centre and served as its director-general till 2000 – it is a good project for a developing country. But, he adds, the correlation should not be misused thereby amounting to privacy breach and security concerns.

“It can either be a boon or a curse, depending on how you implement and use it. You can’t put a bind to technology, if it is implemented properly. Also, maintenance of the project in the long run is important. Those concerned with the project should have the foresight for the times to come and think right now about updation and other issues that might crop up in future.”

What if the project gets eroded in about 10 years, as there is a strong possibility that those involved at present might not be around by then? questioned Seshagiri.

Like Maneka Gandhi, who went to get her UID number only to find to her dismay that someone else had signed on her behalf, many concerned people – but less affluent – are awaiting their cards, with a lot of hope that it might make a difference to their lives.

Will it or will it not? Is it facing a similar fate as the UK identity project? Only those entrusted with rolling out the project can ensure. Not through their words, but by deeds.

©CIOL Bureau

UIDAI invades privacy, endangers security


In a letter to the prime minister, Union home minister P Chidambaram is reported to have demanded that the Planning Commission be instructed to bring a note to the Cabinet on the status of the Unique Identification Authority of India (UIDAI) so that there is clarity over which agency — the Registrar-General of India (RGI) or the UIDAI — will carry on with the task of capturing the biometric data of the population. The letter expresses unhappiness over media reports over turf wars between the UIDAI, which comes under the nodal authority of the Planning Commission, and the RGI under the home ministry. The crux of the issue is the security of the biometric data being collected by the two agencies. While the RGI collects data through officials visiting homes, the UIDAI collects it through private agencies, who ask people to come over to their collection centres.

This is a much more important issue than the dispute over jurisdiction and, though belatedly, Chidambaram has raised the right issue. Only last month, the parliamentary standing committee on finance had rejected the National Identification Authority of India (NIDAI) Bill, 2010 — which was supposed to provide the legal basis to the UIDAI — raising questions about the ethics, feasibility and purpose of the project as well as its legality. The committee said the UID scheme was “built up on untested, unreliable technology and several assumptions” and large-scale involvement of private agencies in collection of biometric data about the citizens of India was not only unconstitutional but a threat to national security.

In the backdrop of the parliamentary committee’s severe indictment, further continuance of the scheme is untenable. That such an ambitious project with wider implications for the citizen’s right to privacy and national security was launched without Parliament’s approval shows the UPA government’s utter disregard for law and democratic traditions. The government should scrap this scheme, which was initiated without legislative sanction, feasibility study and cost-benefit analysis.

How reliable is UID? – R. Ramachandran


Biometric scanning of fingerprints during the launch of UID enrolment at the General Post Office in Bangalore

Biometric scanning of fingerprints during the launch of UID enrolment at the General Post Office in Bangalore

THE Unique Identification (UID) project, the national project of the Government of India, aims to give a unique 12-digit number – called Aadhaar – to every citizen of the country, a random number that is generated and linked to a person’s demographic and biometric information. The key word is “unique”. Launched in 2009 with the objective of reaching various benefits such as the public distribution system (PDS) to the poor, better targeting of developmental schemes such as the Mahatma Gandhi National Rural Employment Guarantee Scheme (NREGS) and enabling services such as the opening of a bank account, this uses technology based on a biometrics recognition system. Significantly, there will only be a UID number and no UID card as had been proposed earlier by the National Democratic Alliance (NDA) regime.

The advocates of the project believe that this will eliminate the multiple bureaucratic layers that the people of the country, particularly the rural poor, are confronted with and the multiplicity of documents that they have to present in order to access their legitimate entitlements, and the channels of corruption that these have bred over the years. But it has been clearly stated that “Aadhaar will only guarantee identity, not rights, benefits or entitlements”. It is only envisaged as a “robust” mechanism to eliminate duplicate and fake identities by uniquely verifying and authenticating genuine beneficiaries and legitimate claimants.

After authentication by a centralised database of biometric and demographic information to which service providers will be linked, this unique identification number alone will enable every individual to access services and entitlements anywhere in the country and at any time. The centralised database, Central ID Repository (CIDR), will be maintained and regulated by the UID Authority of India (UIDAI), which has been set up with the technocrat Nandan Nilekani, former co-chairman of the IT enterprise Infosys, as its chairman.

So will the system do what it claims it will? Socio-political issues and those of ethics and breach of privacy have been raised in this regard in different quarters. But purely at a technical level, the question is whether the technology deployed for identification will return answers that are unambiguous. Can it be that definitive that the authentication and verification made by matching the presented data with the stored data for a given individual in the CIDR will be unique and refer only to that individual? Are there no errors in such biometric systems?

What is biometrics? Biometrics, as defined by the report of the Whither Biometrics Committee (2010) of the National Research Council (NRC) of the United States, “is the automated recognition of individuals based on their behavioural and biological characteristics. It is a tool for establishing confidence that one is dealing with individuals who are already known (or not known) and consequently that they belong to a group with certain rights (or to a group to be denied certain privileges). It relies on the presumption that individuals are physically and behaviourally distinct in a number of ways.” The UID biometric system is a “multi-modal” one and uses data on the ten (single) fingerprints, palm print or slap fingerprint (which combines the features of fingerprints and hand geometry), iris characteristics and facial images of every person.

The NRC study concludes thus: “Human recognition systems are inherently probabilistic and hence inherently fallible. The chance of error can be made small but not eliminated…. The scientific basis of biometrics – from understanding the distribution of biometric traits within given populations to how humans interact with biometric systems – needs strengthening particularly as biometric technologies and systems are deployed in systems of national importance.” A biometric identification system basically involves the matching of measured biometric data against previously collected data, the reference database, for a given individual. Since the sources of uncertainty in a biometric system are many, this can only be approximate. So biometric systems can only provide probabilistic results.

Sources of uncertainty

The sources of uncertainty include variations in biological attributes both within and between persons, sensor characteristics, feature extraction and matching algorithms. Traits captured by biometric systems may change with age, environment, disease, stress, occupational factors, socio-cultural aspects of the situation in which data submission takes place, changes in human interface with the system and, significantly, even intentional alterations. This would be so particularly of the poor engaged in labour-intensive occupations such as farming, where hands are put to rough use causing weathering of finger and hand prints. Recently, it has also been shown that the three “accepted truths” about iris biometrics involving pupil dilation, contact lenses and template aging are not valid. Kevin Bowyer and others from the University of Notre Dame, U.S., have demonstrated that iris biometric performance can be degraded by varying pupil dilation, by wearing non-cosmetic prescription contact lenses, by time lapse between enrolment and verification and by cross-sensor operation and that all these factors significantly alter the matching done to identify an individual uniquely.

According to the NRC report, there are many gaps in our understanding of the nature and distinctiveness and stability of biometric characteristics across individuals and groups. “No biometric characteristic,” it says, “is known to be entirely stable and distinctive across all groups. Biometric traits have fundamental statistical properties, distinctiveness, and differing degrees of stability under natural physiological conditions and environmental challenges, many aspects of which are not well understood, especially at large scales.” (Emphasis added, given its particular relevance to the UID, which has to deal with 1.21 billion registrations in the database.)

Calibration changes and aging of sensors and the sensitivity of sensor performance to variations in the ambient environment (such as light levels) can affect the measurements. Biometric characteristics cannot be directly compared, but their stable and distinctive features are extracted from sensor outputs. Differences in feature extraction algorithms – chiefly pattern recognition algorithms – can affect performance, particularly when they are designed to achieve interoperability among different proprietary systems. However, in the case of UID, customised enrolment and extraction software are supposed to have been used in all systems used by enrolment (registration) agencies across the country. The same will have to be done for systems at the service provider level, where a beneficiary’s data will be captured for authentication. Similar will be the issue with regard to matching algorithms. However, since matching is generally expected to be done at a centralised database at CIDR, only the algorithm’s performance or sensitivity in handling variations in biometric data presented will be important, but this needs to be known and quantified.

Biometric match

A fundamental characteristic of a biometric system is that a biometric match represents “not certain recognition but probability of a correct recognition, while a non-match represents a probability rather than a definitive conclusion that an individual is not known to the system”. Thus, even the best designed biometric systems will be incorrect or indeterminate in a fraction of cases, and both false matches and false non-matches will occur. Recognition errors of biometric systems are stated in terms of false match rate (FMR) – the probability that the matcher recognises an individual as a different enrolled subject – and the false non-match rate (FNMR) – the probability that the matcher does not recognise a previously enrolled subject. (Correspondingly, 1–FNMR means the probability that a trait is correctly recognised and 1–FMR that an incorrect trait is not recognised.)

“Assessing the validity of the match results, even given this inherent uncertainty,” the NRC report points out, “requires knowledge of the population of users who are presenting to the system — specifically, what proportions of those users should and should not match. Even very small probabilities of misrecognitions — the failure to recognise an enrolled individual or the recognition of one individual as another — can become operationally significant when an application is scaled to handle millions of recognition attempts. Thus, well-articulated processes for verification, mitigation of undesired outcomes, and remediation (for misrecognitions) are needed, and presumptions and burdens of proof should be designed conservatively, with due attention to the system’s inevitable uncertainties.”

India’s current population is 1.21 billion and the UID scheme aims to cover all the residents. No country has attempted an identification and verification system on this scale. Though enrolment for the proposed system is stated to be voluntary, it will be on an unprecedented scale because a potential beneficiary can be denied access to a particular scheme or service if the individual does not enrol himself/herself and obtain the Aadhaar number. Indeed, many countries that had launched a biometric identification system have scrapped the idea as there are many unanswered questions about the reliability of a biometric system for the purposes they had considered it. It should be remembered that the objective of the Indian system is developmental, rather than security and related issues that countries of the West have been concerned with, and is aimed at delivering specific benefits and services to the underprivileged and the poor of the country. The envisaged system is also correspondingly different from those proposed elsewhere. To see if the system envisaged by the UIDAI meets these criteria and can deliver unique identification of all, it is important to understand the way the system is supposed to work.

The process

The process of enrolment that is currently on – already about 70 million have enrolled – involves presenting oneself to one of the agencies, termed registrars, identified by the UIDAI for enrolment purposes across the country. This involves the registrar recording the individual’s properly verified basic demographic information – which includes name, address, gender, date of birth, relationship – and capturing biometric information – which includes palm print (slap fingerprint), ten single fingerprints, iris imaging and face imaging – and this is encrypted and transmitted to the UIDAI electronically, including physical transmission using pen-drives for locations that lack any data connectivity. In principle, unknown errors or data corruption could occur at the transmission stage.

Even assuming that the transmission is perfect, data presented during enrolment need to be compared and checked to avoid duplication – “de-duplication” – and thus prevent any fraud. Otherwise one individual may end up with two Aadhaar numbers. So any new set of biometric data – fingerprints and iris prints – need to be compared with those of already enrolled individuals and shown to be different from every other set. This comparison was trivial when the first person, Ranjana Sonawne of Tembhli village in Maharashtra, enrolled because there was no one before that to be compared against. But it is clear that when the nth person goes to enrol, the data will have to be compared against the already enrolled n–1 sets of data. So registrars will send the applicant’s data to the CIDR for de-duplication. The CIDR will perform a search on key demographic fields and on the biometrics for each new enrolment so as to minimise duplication in the database.

Can one totally eliminate duplication? As noted earlier, this will depend on the FNMR which, in a probabilistic system, will be a finite number, however small. So there will be a small but finite probability for duplication to occur. It is easy to see that this matching exercise will involve n(n-1)/2 comparisons, which, as n becomes large, obviously, is a highly computationally intensive exercise requiring large computing power. The number of comparisons will be several orders of magnitude more than the numbers enrolled. So in a population of 1.21 billion, when the (1.21 billion+1)th person comes in to enrol, the CIDR server will have to perform about 700 million billion (7×10 {+1} {+7}) comparisons. This may seem mind-boggling, but a modern-day high-performance computer can do this pretty fast. And since such a de-duplication exercise will be done off-line before issuing the Aadhaar numbers, the time involved in doing the comparisons is not the issue. The key issue is the magnitude of probabilistic error in these comparisons. In case of a false match, for example, the system will reject a genuine applicant. A computer cannot resolve FMR and FNMR cases; it has to be done physically by tracking down individuals and carrying out the re-enrolment-cum-matching exercise.

One way to improve the performance (reducing error rates) of the biometric system is to use the multimodal approach. Data from different modalities – face, palm print, fingerprints and iris in the UID case – are combined. Such systems obviously require different kinds of sensors and software (essentially different algorithms) to capture and process each modality being used for comparison. Already, using 10 single fingerprints provides additional information compared with a single fingerprint and this improves the performance, especially in very large-scale operations. Of course, this will be computationally intensive, particularly when matching is to be done from among millions of references in the database. Multimodality, in addition, will require even greater computational resources.

(Spoofing a single fingerprint has been demonstrated to be possible and such an impostor fingerprint can be used to fool a biometric reader. But this seems nearly impossible to do for all the 10 fingerprints and the palm print without being caught. And, combined with multimodal comparison, chances of such impersonation become extremely low.)

Error rate

The crucial issue, therefore, is the error rate and how many false positive identifications and false negative identification cases can potentially arise? A Proof of Concept (POC) exercise was carried out by the Authority with 40,000 subjects, divided into two sets of 20,000, in rural Andhra Pradesh, Karnataka and Bihar. This was done to analyse data from rural groups where quality of fingerprints is likely to be uneven.

For POC analyses, only 10 fingerprint data and two iris data were used. The face biometric was not used. According to the report, the study – which clearly was a multimodal one – observed an FNMR – that is a person is identified to be a different individual and re-enrolled resulting in duplication – of 0.0025 per cent.

Similarly, the study observed an FMR – where a new applicant is rejected because of false matching – of 0.01 per cent using irises alone and 0.25 per cent with fingerprints alone. But the concluding claim of the report that “by doing analysis as shown in the examples above on real data captured under typical Indian conditions in rural India, we can be confident that biometric matching can be used on a wider scale to realise the goal of creating unique identities” is clearly misleading as the order of magnitude of such cases of misrecognition in the real situation involving much larger numbers (say hundreds of millions) will be pretty large. The corresponding exercise of resolving these cases would be huge. If not resolved, large numbers would either be denied the benefits due to them or large number of impostors would get benefits that are not legitimately theirs because of inherent errors in the technology.

Also, as the NRC report emphasises, “Although laboratory evaluations of biometric systems are highly useful for development and comparison, their results often do not reliably predict field performance. Operational testing and blind challenges of operational systems tend to give more accurate and usable results than developmental performance evaluations and operational testing in circumscribed and controlled environments.” As against this one-to-many comparisons at the stage of identification of an individual during the enrolment process, the process of authentication or verification when a claimant presents his/her UID number is a case of one-to-one match. The process of Aadhaar authentication, as outlined by the UIDAI, is as follows:

Aadhaar number, along with other attributes (including biometrics), is submitted to the UIDAI’s CIDR for verification. The CIDR verifies whether the data (demographic and/or biometric) submitted match the data available in the CIDR and respond with a “yes/no” answer. No personal identity information is returned as part of the response. And this process can be done online by the service provider linked to the UIDAI. But the authentication is based entirely on the Aadhaar number submitted so that this operation is reduced to a 1:1 match (emphasis added).

This means that the Authority has only to match the presented data with the copy of the individual’s biometrics that was captured earlier and stored in the CIDR corresponding to that UID number. The CIDR will, in turn, say ‘yes’ or ‘no’ to a particular query on, say, the demographic information of the individual, which can be verified against documents such as Proof of Address (PoA) or Proof of Identity (PoI) by the service provider. This is quite different from the verification required in biometric systems for security purposes, say entry through airports, where every verification procedure may be a one-to-many matching exercise. But authentication, despite being a 1:1 match, could have its own error rates largely arising from inevitable human errors, especially in large-scale implementation – for example, transmitting the wrong Aadhaar number or wrongly keyed-in query – and since the system is designed to answer only in “yes/no”, the service provider, say NREGA, may not be in a position to know that the error has originated at the agency-end itself. While, in principle, the UID number holder should be able to crosscheck what is being transmitted, in the rural Indian context, given the level of illiteracy, this may not always happen.

More pertinently, the verification process could itself become the channel of new ways of corruption. Suppose the service provider deliberately transmits the wrong Aadhaar number during the authentication process and in return obviously gets a ‘no” for an answer to any query pertaining to the claimant of service or benefits that he/she is entitled to. Now this could become the basis of corruption. The service provider could say that the service/benefit can be provided – which the claimant is entitled to legitimately – on payment of ‘x’ amount of money.

This socio-cultural trait of corruption will always find new ways of doing it, especially when such a project is sought to be implemented on such a countrywide scale involving hundreds of million transactions. It is not clear how this manual error – deliberate or otherwise – at the man-machine interface in the UID system can be avoided on a real-time basis during the interaction between a potential beneficiary and the service provider. In addition to probabilistic errors in the biometric identification scheme, perhaps such issues could also become cause of real concern.

FRONTLINE- Volume 28 – Issue 24 :: Nov. 19-Dec. 02, 2011

Opposition to the world’s biggest biometric identity scheme is growing


FOR a country that fails to meet its most basic challenges—feeding the hungry, piping clean water, fixing roads—it seems incredible that India is rapidly building the world’s biggest, most advanced, biometric database of personal identities. Launched in 2010, under a genial ex-tycoon, Nandan Nilekani, the “unique identity” (UID) scheme is supposed to roll out trustworthy, unduplicated identity numbers based on biometric and other data. Any resident who wants one can volunteer. The scheme combines work by central and state governments and a number of other partners—largely technology firms that capture and process individuals’ data. The goal, says Mr Nilekani, is to help India cope with the past decade’s expansion of welfare provision, the fastest in its history: “it is essentially about better public services”.

All that should have been the recipe for a project mired in delays, infighting, empire-building, graft and bad results. Few expected UID to hit its ambitious targets. A year ago, only a few million had enrolled and barely 1m identity numbers had been issued. Warnings about fragile technology, overwhelmed data-processing centres and surging costs suggested slow progress.

Instead this week saw the 110-millionth UID number issued. Enrolments (which precede issued numbers by some months) should reach 200m in a couple of weeks. Mr Nilekani, eagerly hopping about his office to call up data on his laptop, says that over 20m people are now being signed up every month. He expects to get to 400m by the year’s end. That is an astonishing outcome. For a government that has achieved almost nothing since re-election in May 2009, the scheme is emerging as an example of real progress.

By 2014, the likely date of the next general election, over half of all Indians could be signed up. If welfare also starts flowing direct into their accounts, the electoral consequences could be profound. To get a sense of the scale of UID’s achievement, linger at a mosquito-ridden enrolment centre in Uttan Gaon, a coastal village north of Mumbai. Huddled in a damp fire-station a young man connects a laptop, a binocular-style iris scanner and a glowing green machine that records 30 points from a set of fingerprints.

In the gloom, his contraption could be a robot from an early Star Wars film. Employed by Wipro, a technology firm and agent for the UID project, he has to get through 40 to 50 residents a day. His hassles, and those of armies of others deployed all across India, look endless. At times no one comes to enroll. Local government is supposed to run campaigns to lure them in, but indifference, bad weather and non-stop religious festivals keep them at home or partying. Other days, as when a (false) rumour crackles through a nearby slum that 100-rupee notes will be dished out to those who sign up, hordes pour in. Nerdy technicians are ill-prepared to manage frustrated and even violent crowds. To hit his targets, the agent in Uttan Gaon must process each of the residents, who perch in turn on a red plastic chair, in 12 minutes or less. That is fine—but only for the young and educated. The day’s first arrivals are a barely literate rickshaw driver, an elderly couple and a call-centre worker. Each one overruns. By mid-morning a long queue has formed, but the pace picks up. Wipro and the rest work fast, since that is the only way to turn a profit. One of 35 agents active in Maharashtra state, it bid to be paid just 26 rupees (50 cents) for each person processed, with a higher rate in rural areas. It supplies all equipment and staff, and uploads the huge amounts of data to central processors. It also copes with thefts, damp cables that break the iris scanners, and labourers’ fingers so worn that their prints do not show. Still, contractors look far nimbler at solving myriad problems than civil servants, who are still hampered, for example, by rules ordering that all official communication be done on paper (e-mails will not do). Speed matters. An agent hitting targets can bid to take work off laggards.

This flexible “ecosystem”, designed with help from Indians working in Silicon Valley, thus lets the most efficient prosper. To fund it, the central government dishes out 100 rupees, which various partners share, but only once each identity number is issued: “we have built a system where everyone has an incentive to get results”, says Mr Nilekani. And these are striking: Wipro alone has had nearly 6m numbers issued, of more than 22m issued in the state as a whole. As it grows, however, the project is drawing fire. Most pressing, the mandate of the UID authority will expire within weeks—once the 200 millionth resident is signed up. The cabinet has so far failed to extend it, though reformers are keen. Montek Singh Ahluwalia, the powerful deputy head of the national planning commission, for example, says he will allocate billions more rupees to UID as “the money will be more than fully covered from efficiency gains from government schemes”.

Total costs are rising as UID expands: its budget has more than doubled from nearly 32 billion rupees ($614m) for the first five years, to over 88 billion rupees for the next phase. But the government’s chief economic adviser, Kaushik Basu, among others, agrees that savings by “plugging leakages”—that is, stopping huge theft and waste in welfare and subsidies—will be “very big, very beneficial”. The real difficulties are political. They fall into two areas. Most immediate is the home minister, Palaniappan Chidambaram, who is blocking the new mandate. He says he worries about national security. He also looks annoyed that a rival biometric scheme to build a National Population Register (for citizens, not just residents) has been cast into the shade. Run by his home ministry, by late last year it had only issued some 8m identity numbers. He also has a longstanding rivalry with the finance minister, Pranab Mukherjee, who is associated with UID. The prime minister, Manmohan Singh, will probably have to tell the home minister to give way. Then officials need to respond to a second, much broader, band of critics. Last month, for example, parliament’s powerful finance standing committee issued a 48-page report attacking UID, calling it hasty, directionless, ill-conceived and saying it must be stopped. Headed by Yashwant Sinha, a stalwart of the opposition Bharatiya Janata Party, the committee was eager to throw all criticism possible at the scheme. Yet the report contains testimony from a range of experts with legitimate objections. Some were procedural, including a demand that UID be based on law passed by parliament, not, as now, on a mere executive order.

Other worries, such as cost, should abate as the unique identities are tied to bank accounts of welfare recipients, and so help track the flow of public money. The omens are good. Last week Karnataka state claimed that by paying welfare direct to bank accounts it had cut some 2m ghost labourers from a rural public-works project.

Yet there are also tougher accusations from activists and development economists, such as Jean Drèze and Reetika Khera, in Delhi. They worry that the voluntary programme will turn compulsory, that individuals’ privacy is under attack and that biometric data are not secure. Along with others, they also oppose the logical next step in welfare reform that UID enables. Once recipients have bank accounts, India can follow the likes of Brazil and replace easily stolen benefits in kind, such as rations of cheap food and fuel, with direct cash transfers.

Not only do these cut theft, but cash payments also let beneficiaries become mobile—for example so they can leave their state to seek work, while not jeopardising any benefits. Yet Ms Khera is wary of change. She points out that well-run southern states get rations efficiently to the poor, and cites a survey which found many recipients, especially women, would prefer to keep getting rations over cash. They fear money is more easily wasted, say on alcohol. Worse, in the most remote places, cash welfare is no use since food and fuel markets do not even exist. Such fears need answering. India will have to pass a law on data protection and privacy.

A shift to cash welfare would have to ensure that mothers benefit most, not feckless fathers. And perhaps only as Indians grow more urban, mobile and well-connected will they see the full advantage of cash over rations. But for all the headaches, applying the UID to an expanding and reforming welfare system opens the way for profound social change. Indians need to get ready.

source- The Economist

State Govt Should Put a Stay on Aadhaar/UID Project & Biometric based NPR for MNIC after Parliamentary Committee Report


FOR IMMEDIATE RELEASE

Parliamentary Committee Cites Global Experience and Citizens Testimony to Reject Central Govt’s database project 

Patna, 10/1/2012: A compelling logic has emerged for the Bihar Government to put a stay on the execution of the aadhaar related projects in the state following a revealing report of a multi-party Parliamentary Standing Committee (PSC) on Finance that considered the National Identification Authority of India (NIDAI) Bill, 2010 and following the grave concerns expressed by eminent citizens, former judges and academicians. Unique Identification Authority of India (UIDAI) had signed a MoU with Bihar Government on August 20, 2010 without any legal and constitutional mandate.

This disdain for the law has been characterised by the Standing Committee as `unethical and violative of Parliament’s prerogatives’. Citizens have been protesting against the UID and NPR based MINIC project across the country from the very outset but prior to PSC’s report it was ignored. By now it is clear that it is an unnecessary project which must be stopped.

The Parliamentary Standing Committee on Finance considering the National Identification Authority of India (NIDAI) Bill, 2010 presented its report to the Parliament on December 13, 2011. The report rejects biometric data based identification of Indians. The report is a severe indictment of the hasty and `directionless’ project which has been “conceptualised with no clarity of purpose”. Even the functional basis of the Unique Identification Authority of India UIDAI is unclear and yet the project has been rolled out. The Standing Committee found the biometric technology `uncertain’ and ‘untested’. As early as December 2009, the Biometric Data Committee had found that the error rate using fingerprints was inordinately high. In a recent interview to the press, the Director General and Mission Director of the UIDAI had admitted that fingerprints are likely not to work for authentication. The error rate could end up excluding up to 15% of the population. Yet, the UIDAI has gone on with the exercise.

There is no data protection law in place. Even though the government had recognised the need for a law to deal with security and confidentiality of information, imposition of obligation of disclosure of information in certain cases, impersonation at the time of enrolment, investigation of acts that constitute offences and unauthorised disclosure of information, the Unique Identification (UID) project was allowed to march on without any such protection being put in place.

The Parliamentary Report has raised questions of great severity about the legality and constitutionality of the Unique Identification (UID) project. It has acknowledged the many concerns that have been voiced in the past two years about the absence of a feasibility study, no cost-benefit assessment, uncertain and untested technology, an enrolment process that has national security repercussions, the lack of data protection and privacy legislation and the disrespect for Parliament by going ahead with a project that was pending parliamentary approval. It is also noticed that the data that is being collected is not being held by a government agency, about which the National Informatics Centre has expressed anxiety.

Prof. D M Diwakar, Director, ANISS said, in the aftermath of this report of the PSC, the continuance of the project as also the ongoing collection of demographic and biometric data needs to be rigorously examined, as also its ramifications for the project in Bihar. UIDAI has been trying to push for the adoption of the UID through multiple committees of several ministries and for the re-engineering of current systems to fit the requirements of the UID. There have been attempts to withdraw services such as LPG if a person has not enrolled for a UID. The creeping of voluntariness into compulsion through threat of discontinuance of services has been roundly castigated by the Standing Committee.

There has been an extraordinary amount of duplication of work. The NPR is doing the same exercise, except that the Ministry of Home Affairs has found that the excessive outsourcing and the methods used by the UIDAI for enrolment make the data inaccurate and insecure.  The multiplicity of Registrars with whom the UIDAI has entered into MoUs produces their own problems of duplication. The Standing Committee is categorical that the Empowered Group of Ministers (EGoM) constituted for the purpose of collating the two schemes namely, the UID and National Population Register (NPR), has failed.

The project has been replete with unanswered questions. The 17 eminent citizens, as also other civil society activists and academics, had asked  that the project authorities acknowledge that many countries had abandoned  identity schemes such as had happened in the UK, China, USA, Australia and the Philippines. The Standing Committee has taken on board studies done in the UK on the identity scheme that was begun and later withdrawn in May 2010, where the problems were identified to include “(a) huge cost involved and possible cost overruns; (b) too complex; (c) untested, unreliable and unsafe technology; (d) possibility of risk to the safety and security of citizens; and (e) requirement of high standard security measures, which would result in escalating the estimated operational costs.”

Echoing citizens’ concerns, the Parliamentary Committee has noted that the government has “admitted that (a) no committee has been constituted to study the financial implications of the UID scheme; and (b) comparative costs of the aadhaar number and various existing ID documents are also not available.” It discloses that while the UIDAI was constituted on January 28, 2009 without parliamentary approval, and UID numbers were begun to be rolled out in September 2010, the Detailed Project Report of the UID Scheme was done much later in April, 2011. The Standing Committee expressed its anxiety that, the way the project had been run, “the scheme may end up being dependent on private agencies, despite contractual agreement made by the UIDAI with several private vendors.” The report records the views of Dr Usha Ramanathan, a noted jurist saying, “It is a plain misconception to think that the executive can do what it pleases, including in relation to infringing constitutional rights and protections for the reason that Parliament and legislatures have the power to make law on the subject.” In view of the above, the Memoranda of Understanding (MoU) signed by UIDAI with the partners including all the States and Union Territories, 25 financial institutions (including LIC) to act as Registrars for implementing the UID scheme has become of doubtful legality.

Prof. (Dr) Mohan Rao, Centre for Social Medicine & Community Health, Jawaharlal Nehru University said, UID is dangerous for public health. It should be rejected unequivocally because it violates confidentiality and privacy which is considered sacred in medical practice and is sought to be used for accuracy in clinical trials”. At the meeting J T Dsouza, Expert, Biometrics Technology, Mumbai said, “Both the UID and NPR project has been about technology that is flawed, with risks to national and individual security, ill conceived in its aims and uses, and has attempted to occupy a place where it can be above the law.” In relation to biometrics, the NPR too is guilty of going beyond the mandate give to it by law. Neither the Citizenship Act 1955 nor the Citizenship Rules of 2003 permit the collection of biometrics. The Standing Committee, recognising this, has asked that the use of biometrics in the NPR be examined by Parliament. Till then the collection of biometrics must be suspended. “It is apprehended that once the database is ready it can be used to eliminate minority communities, migrants and political adversaries by some regime which finds them unsuitable for their political projects. The fact is a centralized electronic database and privacy both are conceptually contradictory; it is advisable to let it remain in decentralized silos something which even the central government’s Discussion Paper on Privacy implied,” said Gopal Krishna, Member, Citizens Forum for Civil Liberties.

Taking cognizance of these concerns, Indo-Global Social Service Society (IGSSS), a civil society organization based in Delhi working with the homeless,  has disassociated itself from UID Number project which was being undertaken under Mission Convergence in Delhi. Withdrawal of IGSSS that works in 21 states of the country merits the attention of all the states and civil society organisations especially those who are unwittingly involved in the UID Number enrollment process. In its withdrawal letter IGSSS said, “we will not be able to continue to do UID enrolment, as we discussed in the meeting of 10th May 2011.” It is clear that both Mission Convergence and UIDAI have been hiding these crucial facts. The letter reads, “IGSSS like many other leading civil society groups and individuals are opposed to conditional cash transfers and the UID will be used to dictate it.”Most manual workers of both organised and unorganised sector lose their finger prints. The project claimed to work for them but it is they who would get excluded. It is not the question of onetime cost being incurred but also of the recurring cost of the UID and NPR project that reveals its character which does not have any constitutional or rational basis.

A Round Table on the PSC Report and its implications for the Unique Identification (UID) project and for the Union Home Ministry’s National Population Register (NPR) and the issuance of Multipurpose National Identity Cards (MNIC) was organised on January 10, 2012 at AN Sinha Institute of Social Studies (ANISS), Patna. It was organised jointly by A N Sinha Institute of Social Studies, Indian Social Action Forum (INSAF) and CFCL. This meeting was a follow up to the Round Table on Unique Identification (UID) project & Bihar Govt’s role held on 3rd January, 2011, the National Seminar on Idea of Unique Identification (UID) Project held on February 21, 2011 held in the state capital. Several eminent intellectuals from various sections of society expressed their concerns about the effect of this project on the liberty of citizens and sovereignty of the country.

It emerged that journalists appear to have been compelled to accept biometric identification in the offices where they work. They have been made to accept it as a fait accompli. As a consequence they have not reported about violation of privacy rights due to biometric identification of citizens and residents of India under UID and NPR.

For Details: Gopal Krishna, Member, Citizens Forum for Civil Liberties, Mb: 09818089660, E-mail:krishna1715@gmail.com


निराधार करती आधार और जनसँख्या रजिस्टर परियोजना का सच 

दिसम्बर १३ को वित्त की संसदीय समिति की जो रिपोर्ट संसद के दोनों सदनों में पेश की गयी उसने ये जगजाहिर कर दिया की भारत सरकार की शारीरिक हस्ताक्षर या जैवमापन (बायोमेट्रिक्स) आधारित विशिष्ट पहचान अंक (यू.आई.डी./आधार परियोजना) असंसदीय, गैरकानूनी, दिशाहीन और अस्पष्ट है और राष्ट्रीय सुरक्षा और नागरिक अधिकारों के लिए खतरनाक है। बायोमेट्रिक पहचान तकनीक और ख़ुफ़िया तकनीक के बीच के रिश्तो की पड़ताल अभी बाकी है.

यह संसदीय रिपोर्ट कहती है की सरकार ने विश्व अनुभव की अनदेखी की है. इस बात पर ध्यान नहीं दिया गया की मौजूदा पहचान प्रणाली को कारगर कैसे बनाया जाए. हैरानी की बात है की जल्दबाजी में ऐसी कोई तुलनात्मक अध्ययन भी नहीं की गयी जिससे यह पता चलता की मौजूदा पहचान प्रणाली कितनी सस्ती है और आधार और जनसँख्या रजिस्टर जैसी योजनाये कितनी खर्चीली है. आजतक किसी को यह नहीं पता है की आधार और जनसँख्या रजिस्टर पर कुल अनुमानित खर्च कितना होगा.

सरकार यह दावा कर रही थी कि यह परियोजना को देशवासियों और नागरिको को सामाजिक सुविधा उपलब्ध कराने की परियोजना है. अब यह पता चला है की इस योजना के पैरोकार गाड़ियो और जानवरों पर भी ऐसी ही योजना लागु करने की सिफारिश कर चुके है, ये बाते परत दर परत सामने आ रही है. यह परियोजना १४ विकासशील देशो में फ्रांस, दक्षिण कोरिया और संयुक्त राष्ट्र अमेरिका की कंपनियों और विश्व बैंक के एक पहल के जरिये लागु किया जा रहा है. दक्षिण एशिया में यह पाकिस्तान में लागु हो चुका है और नेपाल और बंगलादेश में लागु किया जा रहा है.

संसदीय समिति ने कानुनविदों, शिक्षाविदो और मानवाधिकार कार्यकर्ताओ की इस बात को माना है की यह देशवासियों के निजी जीवन पर एक तरह का हमला है जिसे नागरिक स्वतंत्रता और मानवाधिकार के हनन के रूप में ही समझा जा सकता है. समिति ने अपनी रिपोर्ट में ब्रिटेन सरकार द्वारा ऐसे ही पहचानपत्र कानून  2006 को समाप्त करने के फैसले का भी जिक्र किया है जिसका उद्धरण देश के न्यायाधिशो ने दिया था.

भारत में इस बात पर कम ध्यान दिया गया है कि कैसे विराट स्तर पर सूचनाओं को संगठित करने की धारणा चुपचाप सामाजिक नियंत्रण, युद्ध के उपकरण और जातीय समूहों को निशाना बनाने और प्रताड़ित करने के हथियार के रूप में विकसित हुई है। भारत के निर्धनतम लोगों तक पहुंचने में 12 अंकों वाला आधार कार्ड सहायक होने का दावा करने वाले इस विशिष्ट पहचान परियोजना का विश्व इतिहास के सन्दर्भ में नहीं देखा गया।

खासतौर पर जर्मनी और आमतौर पर यूरोप के अनुभवों को नजरअंदाज करके, निशानदेही को सही मानकर वित्तमंत्री ने 2010-2011 का बजट संसद में पेश करते हुए फर्माया कि यू.आई.डी. परियोजना वित्तीय योजनाओं को समावेशी बनाने और सरकारी सहायता (सब्सिडी) जरूरतमंदों तक ही पहुंचाने के लिए उनकी निशानदेही करने का मजबूत मंच प्रदान करेगी। जबकि यह बात दिन के उजाले की तरह साफ है कि निशानदेही के यही औज़ार किसी खास धर्मो, जातियों, क्षेत्रों, जातीयताओं या आर्थिक रूप से असंतुष्ट तबकों के खिलाफ भी इस्तेमाल में लाए जा सकता हैं। भारत में राजनीतिक कारणों से समाज के कुछ तबकों का अपवर्जन लक्ष्य करके उन तबकों के जनसंहार का कारण बना- 1947 में, 1984 में और सन् 2002 में। अगर एक समग्र अध्ययन कराया जाए तो उससे साफ हो जाएगा कि किस तरह संवेदनशील निजी जानकारियां और आंकड़े जिन्हें सुरक्षित रखा जाना चाहिए था, वे हमारे देश में दंगाइयों और जनसंहार रचाने वालों को आसानी से उपलब्ध थे।

भारत सरकार भविष्य की कोई गारंटी नहीं दे सकती। अगर नाजियों जैसा कोई दल सत्तारूढ़ होता है तो क्या गारंटी है कि यू.आई.डी. के आंकड़े उसे प्राप्त नहीं होंगे और वह बदले की भावना से उनका इस्तेमाल नागरिकों के किसी खास तबके के खिलाफ नहीं करेगा? योजना योग की यू.आई.डी. और गृह मंत्रालय की राष्ट्रीय जनसंख्या रजिस्टर वही सब कुछ दोहराने का मंच है जो जर्मनी, रूमानिया, यूरोप और अन्य जगहों पर हुआ जहां वह जनगणना से लेकर नाजियों को यहूदियों की सूची प्रदान करने का माध्यम बना। यू.आई.डी. का नागरिकता से कोई संबंध नहीं था, वह महज निशानदेही का साधन है। दरअसल यह जनवरी 1933 से जनवरी 2011 तक के ख़ुफ़िया निशानदेही के प्रयासों का सफरनामा है।

इस पृष्ठभूमि में, ब्रिटेन की साझा सरकार द्वारा विवादास्पद राष्ट्रीय पहचानपत्र योजना को समाप्त करने का निर्णय वैसे ही स्वागत योग्य है जैसे अपनी संसदीय समिति की अनुसंसा ताकि नागरिकों की निजी जिंदगियों में हस्तक्षेप से उनकी सुरक्षा हो सके। पहचानपत्र कानून 2006 और स्कूलों में बच्चों की उंगलियों के निशान लिए जाने की प्रथा का खात्मा करने के साथ-साथ ब्रिटेन सरकार अपना राष्ट्रीय पहचानपत्र रजिस्टर बंद कर देगी। वह की सरकार ने घोषणा की है की अगले कदम में (बायोमेट्रिक) जैवसांख्यिकीय पासपोर्ट, सम्पर्क-बिन्दुओं पर इकट्ठा किये जाने वाले आंकड़ों तथा इंटरनेट और ई-मेल के रिकार्ड का भंडारण खत्म किया जाएगा।

18 मई, 2010 की प्रेस विज्ञप्ति में भारत सरकार ने बताया था कि कैबिनेट कमेटी ने भारतीय विशिष्ट पहचान प्राधिकरण द्वारा निवासियों के जनसांख्यिकीय और बायोमेट्रिक आंकड़ों को इकट्ठा करने की जो पद्धति सुझाई गई है, उसे सिद्धांततः स्वीकार कर लिया है। इसमें चेहरे, नेत्रगोलक (पारितारिका) की तस्वीर लेने और सभी दस उंगलियों के निशान लेने का प्रावधान है। इसमें 5 से 15 आयुवर्ग के बच्चों के नेत्रगोलक के आंकड़े इकट्ठा करना शामिल है। इन्हीं मानकों और प्रक्रियाओं को जनगणना के लिए रजिस्ट्रार जनरल आफ इंडिया और यू.आई.डी. व्यवस्था के अन्य रजिस्ट्रारों को भी अपनाना पड़ेगा। संसदीय समिति ने सरकार के इस कदम को असैधानिक और कार्यपालिका के अधिकार से बाहर पाया.

भारत की आधार परियोजना की ही तरह ब्रिटेन में भी इसका कभी कोई उद्देश्य बताया जाता था, कभी कोई। इस परियोजना को गरीबों के नाम पर थोपा जा रहा था. कहा जा रहा था कि पहचान का मसला राशन कार्ड, ड्राइविंग लाइसेंस, पासपोर्ट, बैंक खाता, मोबाइल कनेक्शन आदि लेने में अवरोध उत्पन्न करता है। पहचान अंक पत्र गरीब नागरिकों को शिक्षा, स्वास्थ्य और वित्तीय सेवाओं सहित अनेक संसाधन प्राप्त करने योग्य बनाएगा। ब्रिटेन की बदनाम हो चुकी परियोजना के पदचिन्हों पर चलते हुए यह भी कहा जा रहा था कि पहचान अंकपत्र से बच्चों को स्कूल में दाखिले में मदद मिलेगी। ब्रिटेन सरकार के हाल के निर्णय के बाद कहीं भारत में भी इस परियोजना को तिलांजलि न दे देनी पड़े, इस बात की आशंका के चलते अब सरकार के द्वारा कहा जा रहा था यह वैकल्पिक है अनिवार्य नहीं जबकि हकीकत कुछ और ही थी।

योजना मंत्रालय की आधार यानि यू.आई.डी. योजना से गृह मंत्रालय का राष्ट्रीय जनसंख्या रजिस्टर (एन.पी.आर.) परियोजना शुरू से ही जुडा हुआ था जिसका खुलासा प्रधानमन्त्री द्वारा दिसम्बर ४, २००६ को गठित शक्ति प्राप्त मंत्रिसमूह की घोषणा से होता है जिसकी तरफ कम ध्यान दिया गया है. । यह पहली बार है कि जनसंख्या रजिस्टर बनाई जा रही है। इसके जरिए रजिस्ट्रार जनरल आफ इंडिया जो की सेन्सस कमिश्नर भी है देशवासियों के आंकड़ों का भंडार तैयार करेंगे। यह समझ जरुरी है कि जनगणना और राष्ट्रीय जनसंख्या रजिस्टर अलग-अलग चीजें हैं। जनगणना जनसंख्या, साक्षरता, शिखा, आवास और घरेलू सुविधाओं, आर्थिक गतिविधि, शहरीकरण, प्रजनन दर, मृत्युदर, भाषा, धर्म और प्रवासन आदि के संबंध में बुनियादी आंकड़ों का सबसे बड़ा स्रोत है जिसके आधार पर केंद्र व राज्य सरकारें योजनाएं बनती हैं और नीतियों का क्रियान्वयन करती हैं, जबकि राष्ट्रीय जनसंख्या रजिस्टर देशवासियों और नागरिकों के पहचान संबंधी आंकड़ों का समग्र भंडार तैयार करने का काम करेगा। इसके तहत व्यक्ति का नाम, उसके माता, पिता, पति/पत्नी का नाम, लिंग, जन्मस्थान और तारीख, वर्तमान वैवाहिक स्थिति, शिक्षा, राष्टीयता, पेशा, वर्तमान और स्थायी निवास का पता जैसी तमाम सूचनाओं का संग्रह किया जाएगा। इस आंकड़ा-भंडार में 15 साल की उम्र से उपर सभी व्यक्तियों की तस्वीरें और उनकी उंगलियों के निशान भी रखे जाएंगे।

राष्ट्रीय जनसंख्या रजिस्टर के आंकड़ो-भंडार को अंतिम रूप देने के बाद, अगला कार्यभार होगा हर नागरिक को विशिष्ट पहचान पत्र प्रदान करना। प्रस्तावित यह था कि पहचानपत्र एक तरह का स्मार्ट-कार्ड होगा जिसके उपर आधार पहचान अंक के साथ व्यक्ति का नाम, उसके माता, पिता, पति/पत्नी का नाम, लिंग, जन्मस्थान और तारीख, फोटो आदि बुनियादी जानकारियां छपी होंगी। सम्पूर्ण विवरण का भंडारण चिप में होगा।

ब्रिटेन की ही तरह यहां भी 1.2 अरब लोगों को विशिष्ट पहचान अंक देने की कवायद को रोके जाने की जरूरत thi, क्योंकि मानवाधिकार उलंघन की दृष्टि से इसके खतरे कल्पनातीत है इसे संसदीय समिति ने समझा है । बिना संसदीय सहमती के 13वें वित्त आयोग ने प्रति व्यक्ति 100 रूपए और प्रति परिवार 400-500 रूपए गरीब परिवारों को विशिष्ट पहचान अंक के लिए आवेदन करने हेतु प्रोत्साहन के बतौर दिए जाने का प्रावधान किया था। यह गरीबों को एक किस्म की रिश्वत ही है। इस उद्देश्य के लिए आयोग ने राज्य सरकारों को 2989.10 करोड़ की राशि मुहैया कराने की संस्तुति की है।

सवाल यह है की सरकार ने नागरिकों के अंगुलियों के निशान, नेत्रगोलक की छवि जैसे जैवमापक आंकड़ों का संग्रह करने के बारे में विधानसभाओं और संसद की मंजूरी क्यों नहीं ली और इस बात को क्यों नज़र अंदाज़ किया की ऐसी ही परियोजना को ब्रिटेन में समाप्त कर दिया गया है किया है.?

प्राधिकरण की ही जैवमापन मानक समिति (बायोमेट्रिक्स स्टैंडर्डस कमिटि) यह खुलासा किया कि जैवमापन सेवाओं के निष्पादन के समय सरकारी विभागों और वाणिज्यिक संस्थाओं द्वारा प्रामाणिकता स्थापित करने के लिए किया जाएगा। यहां वाणिज्यिक संस्थाओं को परिभाषित नहीं किया गया। जैवमापन मानक समिति जैवमापन में अमेरिका और यूरोप के पिछले अनुभवों का भी हवाला दिया और कहा कि जैवमापक आंकड़े राष्ट्रीय निधि हैं और उन्हें उनके मौलिक रूप में संरक्षित किया जाना चाहिए। समिति नागरिकों के आंकड़ाकोष को राष्ट्रीय निधि बताती है। यह निधि कब कंपनियों की निधि बन जाएगी कहा नहीं जा सकता.

संसदीय समिति ने यह समझा की ऐसी योजनाये सरकार आम नागरिक समाज के खिलाफ हथियार के रूप में इस्तेमाल हो सकते है. समिति इसे संसद के विशेषाधिकार का हनन का मामला मानती है कि विधेयक के पारित हुए बिना ही ३ करोड़ ७३ लाख यूनिक आइडेन्टटी नंबर/आधार संख्या बना लिए.

विशिष्ट पहचान अंक और राष्ट्रीय जनसंख्या रजिस्टर सरकार द्वारा नागरिकों पर नजर रखने के उपकरण हैं। ये परियोजनाएं न तो अपनी संरचना में और न ही अमल में निर्दोष हैं। विशिष्ट पहचान अंक प्राधिकरण के कार्य योजना प्रपत्र में कहा गया है कि विशिष्ट पहचान अंक सिर्फ पहचान की गारंटी है, अधिकारों, सेवाओं या हकदारी की गारंटी नहीं। आगे यह भी कहा गया है कि यह पहचान की भी गारंटी नहीं है, बल्कि पहचान नियत करने में सहयोगी है।

एक गहरे अर्थ में यशवंत सिन्हा की अध्यक्षता वाली संसद की स्थायी समिति विशिष्ट पहचान अंक जैसे ख़ुफ़िया उपकरणों द्वारा नागरिकों पर सतत नजर रखने और उनके जैवमापक रिकार्ड तैयार करने पर आधारित तकनीकी शासन की पुरजोर मुखालफत करने वाले व्यक्तियों, जनसंगठनों, जन आंदोलनों, संस्थाओं के अभियान का समर्थन करती है. समिति यह अनुसंसा करती है की संसद बायोमेट्रिक डाटा को इकठ्ठा करने के कृत्य की जांच करे. जनसंगठनों की मांग है की सी.ए.जी. विशिष्ट पहचान अंक प्राधिकरण की कारगुजारियों की जांच करे और इसके और जनसँख्या रजिस्टर द्वारा किये जा रहे कारनामो को तत्काल रोका जाये. देशवासियों के पास अपनी संप्रभुता को बचाने के लिए आधार अंक योजना और जनसँख्या रजिस्टर का बहिष्कार ही एक मात्र रास्ता है.

गौरतलब है की कैदी पहचान कानून, १९२० के तहत किसी भी कैदी के उंगलियों के निशान को सिर्फ मजिसट्रेट की अनुमति से लिया जाता है और उनकी रिहाई पर उंगलियों के निशान के रिकॉर्ड को नष्ट करना होता है. कैदियों के ऊपर होनेवाले जुल्म की अनदेखी की यह सजा की अब हर देशवासी को उंगलियों के निशान देने होंगे और कैदियों के मामले में तो उनके रिहाई के वक्त नष्ट करने का प्रावधान रहा है, इन योजनाओं के द्वारा देशवासियों के पूरे शारीरिक हस्ताक्षर का रिकॉर्ड रखा जा रहा है. यह एक ऐसे निजाम के कदमताल की गूंज है जो नागरिको को कैदी सरीखा मानता है. बायोमेट्रिक डाटाबेस आधारित राजसत्ता का आगाज हो रहा है बावजूद इसके जानकारी के अभाव में कुछ व्यस्त देशवासियों को बायोमेट्रिक तकनीक वाली कंपनियों के प्रति प्रचार माध्यम द्वारा तैयार आस्था चौकानेवाली है. मगर लाजवाब बात तो यह है की उन कर्मचारियों से यह आशा कैसे की जा सकती है की वो बायोमेट्रिक निशानदेही की मुखालफत करेंगे जो अपने दफ्तरों में बायोमेट्रिक हस्ताक्षर करके अन्दर जाते है. ऐसे में संसदीय समिति की सिफारिशों में एक उम्मीद की किरण दिखती है. कुछ राज्यों ने भी केंद्र सरकार को ऐसी परियोजनायो के संबध में आगाह किया है. संसद और राज्य की विधान सभाओ को संसदीय समिति के सिफारिशों को सरकार से अमल में लाने के लिए तत्काल निर्णय लेने होंगे.

For Details: Gopal Krishna, Member, Citizens Forum for Civil Liberties, Mb: 09818089660, E-mail:krishna1715@gmail.com

__._,_.___

Next Newer Entries

Archives

Kractivism-Gonaimate Videos

Protest to Arrest

Faking Democracy- Free Irom Sharmila Now

Faking Democracy- Repression Anti- Nuke activists

JAPA- MUSICAL ACTIVISM

Kamayaninumerouno – Youtube Channel

UID-UNIQUE ?

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 6,228 other followers

Top Rated

Blog Stats

  • 1,844,809 hits

Archives

June 2021
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
282930  
%d bloggers like this: