Today I had the opportunity of listening to Nandan Nilekani talk about the Unique Identification (UID) project. He also referred us to the UIDAI website which has an approach paper to creating the UID database. The points he mentioned are the same as those contained in the approach paper, and I am summarising them below to try and understand the implications of this project. But first, I would also like to state a few points Mr. Nilekani mentioned, which I think are important:
1. The project will be launched in 2011, but will not achieve complete enrollment for almost a decade.
2. Though UID will greatly facilitate delivery of services, its role is just that – of a facilitator or an enabler. Government or private services will have to re-engineer their delivery mechanisms to gain benefit from the UID database.
3. By his, and the approach paper’s lack of verbosity on what in their opinion constitutes ‘privacy’, one may safely surmise that regulatory authorities might want to use information collected for purposes other than just ‘delivery of services’.
He, and the approach paper, make the following points:
a. The UIDAI will issue a number, not a card. The number will be completely random, and will not have any ‘intelligent’ programming to make it fraud-proof.
b. Enrollment in the project will not be mandatory. “The UIDAI approach will be a demand-driven one, wherethe benefits and services that are linked to the UID will ensure demand for the number. Thiswill not however, preclude governments or Registrars from mandating enrolment.”
c. The UID number will only provide identity. It will therefore prove identity, not citizenship.
d. Only basic information will be collected. This includes – Name, Date of birth, Gender, Father’s name, Father’s UID number (optional for adult residents), Mother’s name, Mother’s UID number (optional for adult residents), Address (Permanent and Present), Expiry date, Photograph, Finger prints. What he mentioned, but is missing from the approach paper is the Iris Scan image of every individual.
e. His proposed structure for enrollment and issuance is the following:
A needs a public service such as a bank account/PAN card/ NREGA card. —>
A goes to any of them and is asked to give personal details. —>
While applying for any of these services, the service provider (Bank/Income Tax Office/designated authority for NREGA, such as the Panchayat) will also complete the process of enrollment for UID. —>
The service provider (termed ‘registrars’) may be public or private service providers. They shall be linked to the UIDAI central database which will check for fraud or duplication. —>
On being satisfied that the person does not already have a UID number, a number will be issued by the UID, and handed over to A by the registrar. —>
The UID number will be printed on the cheque-book/pass-book/PAN-card/credit card/NREGA card, or whatever other document is issued by the service providers. The number is important, the document on which it is printed does not seem to be. —>
Once issued, the number stays with A for life. If A wants say, a passport (which might require the UID number in the future) he will have to provide his UID number and his fingerprints to the passport officer (who will obviously have a finger-print scanner). —>
To check the authenticity of the UID number, the passport officer will log on to the UID database online and enter the UID number. A correct number will generate only the name of the individual, and certify that A is indeed A, and not X. No other details will be generated.
f. A major part of the enrollment process will be devoted to ensuring ‘de-duplication‘, or preventing duplication and identity-theft.
All these points will combine to make the UID a single reference point for proving one’s identity, will make government services more efficient, and increase access to public services for the poor by giving them a proper and permanent identity.
I would however like to discuss the legal issues related to the structure being created. It is now a given that efforts are on to make the UID a statutory authority. A law is being drafted presently, and might well be enacted before the project becomes fully operational. The approach paper states that the law will have the following broad features:
1. It will allow the UIDAI to collect personal information (mentioned above) and prevent it from collecting any other information from individuals.
2. It will allow the UID to create a central database, and allow third parties (service providers) to authenticate information from the database.
3. It will prescribe procedures and regulations for collecting information, for maintaining confidentiality and privacy, for maintenance of information, to set up grievance redressal mechanisms for individuals.
4. The law will contain a list of offences and penalties relating to confidentiality, unauthorised sharing of data, etc.
The approach paper however does not mention any inter-governmental sharing of information. To protect against this, I believe a proper understanding of the notion of ‘privacy’ is essential. Only if privacy is well-defined, and covers situations where the state or different wings of the state can access personal information, will it address the question of individual privacy from the state. A vast majority of the population might not bother about giving up sensitive personal information for better public services, but we know majoritarian governments to sometimes become brutish.
This is especially significant in the wake of the plans to create NATGRID by the Home Ministry. NATGRID (National Intelligence Grid) will help law enforcement and spy agencies to get quick access to desired information, including about terror suspects like David Headley. “The NATGRID will give access to 21 categories of database like railway and air travel, Income Tax, phone calls, bank account details, credit card transactions, visa and immigration records, property records, driving licence of all citizens in the country.” While the importance of national security cannot be underestimated, parallel developments in privacy laws and protections of individual liberties must keep pace as well. If NATGRID is in any way able to gain access to the UID (which will be pointless for about 10 years, though), my right to not be a part of greater societal development might be subverted. It sounds anarchist, but knowing the option exists is essential all the same.