A year of UID: Much more than a number

The Unique Identification Authority of India (UIDAI), set up to issue a unique identification (UID) number to all 1.2 billion Indian residents, completes a year this month.

“We will be issuing the first set of UIDs between August 2010 and February 2011,” asserts former Infosys co-chairman Nandan Nilekani, who now heads the UIDAI. It’s a little over six months since he took charge, and he expects to issue 600 million UIDs over the next five years.

His team is being expanded; the headquarters is in Delhi and it has eight regional offices. During the 2009-10 budget, Rs 120 crore was allocated.

The project is also breathing life into other areas. For instance, the human resource development ministry will take its help to introduce educational reforms. Foremost among its goals is to use UID to bring the over eight million “out of school” children into the education system. Nilekani was also recently asked to head a National Highways Authority of India panel to select a technology to unify toll plazas across the country.

Discovery of Indians
Key points about the UID project
* Enrolment will not be mandated: The UIDAI approach will be a demand-driven one, where the benefits and services that are linked to the UID will ensure demand for the number. This will not however, preclude governments or Registrars from mandating enrolment
* The UIDAI will issue a number, not a card: The Authority’s role is limited to issuing the number. This number may be printed on the document/card that is issued by the Registrar
* The number will not contain intelligence: Loading intelligence into identity numbers makes them susceptible to fraud and theft. The UID will be a random number
* The Authority will only collect basic information like name, date of birth, gender, photo and fingerprints
* Process to ensure no duplicates: Registrars will send the applicant’s data to the central repository. The CIDR will perform a search on key demographic fields and on the biometrics for each new enrolment, to ensure that no duplicates exist

The bid to eliminate duplicate and fake identities, reasons Nilekani, could annually save the government exchequer upwards of Rs 20,000 crore. As an example, he says the ministry of petroleum could save the Rs 1,200 crore a year in subsidies now reportedly lost on cooking gas cylinders registered under duplicate or ghost identities.

The project is also expected to become a catalyst to achieve financial inclusion, he says. For instance, online authentication could be done even through a cellphone. And banks could have business correspondents (BCs) in villages, equipped with a mobile phone, a finger print reader and an ATM kind of software, to enable cash transactions in the village itself. Any NREG worker, notes Nilekani, could go to any BC and withdraw money, because UID would be an open architecture. Any shop owner could be appointed a BC, and there is no need to open branches in mofussil areas.

The approach
UIDAI leverages the existing infrastructure of government and private agencies. It will be the regulatory authority managing a Central ID Data Repository (CIDR), which will issue UID numbers, update resident information, and authenticate identities as required. “Tenders have been floated for various purposes. This is an ongoing process. The tender for a Consultant for the CIDR has already been called,” says Nilekani.

Registrars will be state governments or central government agencies such as the petroleum ministry and Life Insurance Corporation. Registrars may also be private sector participants such as banks and insurance companies. “The process of entering into MoUs with state governments is underway,” says Nilekani. He has also enlisted the assistance of close to 30 information technology professionals in the task, with the help of software body Nasscom.

The UID number will be issued to all residents who satisfy the verification procedure, explains Nilekani. “The number does not confer citizenship or nationality. Its primary purpose is to establish the identity of the person,” he clarifies. While enrolment into the UID system will not be online, authentication of identity will be online. The UIDAI itself will not be issuing cards.

How will it work?
Based on initial estimates, the enrolment of each resident may cost between Rs 20 and Rs 25, leading to a potential total enrolment cost of Rs 3,000 crore. The strategy will explore if the various beneficiaries could fund this. The Registrars have the option here of charging for the cards they issue. UIDAI may issue guidelines around such pricing.

Once the UID number is assigned, the authority will forward the resident a letter which contains his/her registered demographic and biometric details and a tearaway portion with the UID number, name, photograph and a 2D barcode of the fingerprint minutiae.

Residents can also update their information with UIDAI. The UID number is a lifetime number, but the biometric information contained in the central database will have to be regularly updated. Children may have to update their biometric information every five years, while adults do so their information every 10 years.

The Biometrics Standards Committee set up by UIDAI has also given its recommendations. The UIDAI would be taking the face, all 10 fingerprints and both iris scans for the biometrics of each person.

It will employ a GIS internet-based visual reporting system to track enrolment trends and patterns across India, as the project is rolled out. The GIS system will show all UID enrolments by state, as well as by Registrar. The system will also be able to drill down within states and into districts.

Revenue potential
UIDAI pegs its annual revenue potential, through both address verification and biometrics confirmation, at Rs 288 crore. It has identified three transaction types. The basic ID confirmation will be free, where the potential user agencies could be, for instance, the airlines which do passenger check-ins. The second type of transaction is that of ‘address verification’, which will cost Rs 5 and can be levied by banks when users open accounts. The third one comprises ‘biometrics confirmation’, which will be charged Rs 10. Its potential user agencies can be credit card companies.

Registrars and service providers will also be able to charge for the cards they issue residents with the UID number. Such pricing will be within UIDAI guidelines, states a draft paper.

Business opportunity
Biometrics (which includes fingerprint, face and iris recognition) and computing power hold the keys to the UID project, which is estimated to offer a Rs 15,000-20,000 crore opportunity to computing, database, smartcard and storage vendors besides systems integrators. For every rupee of IT spend on the project, industry experts estimate, around 60 per cent of this will go to hardware vendors.

Nilekani also speaks of “online authentication which has not been done anywhere in the world till date”. Online authentication is currently being tested out by researchers in institutes abroad. This will require added computing power, data connectivity.

The real business opportunities will start flowing once various government departments start using UID numbers to issue smartcards to citizens, says Ashok Chandak, Senior Director, Global Sales & Management, NXP Semiconductor.

Many government departments, for instance, will have to issue smartcards — for driving licences, for health insurance, for ID cards, etc., — and all these smartcards will draw on the UID database. Many other companies like Genpact, Microsoft, Google, TCS, Wipro and even Infosys have evinced interest in the project.

Privacy concerns
Experts are sceptical about the protection of the private data once the rollout of UID numbers begins towards the later half of the current calendar year. They fear the UID number which will be issued based on personal information given by a person might be leaked to various other agencies.

“If the UID is used by 10 different agencies for 10 different purposes, then a cross-linking of that data will, some time or other, happen. A common man won’t be able to take legal measures for the violation of privacy happening out of the data leakage,” cautioned Dinesh Charak, legal counsel for Nokia in India, at a recent discussion.

The UID Authority says it is trying to collect personal data in a very limited manner, to make sure there is no leakage. “We are not going to collect information about a person’s religion, but only names, gender, date of birth and address. It is just the basic information, whereas a lot of countries have loaded up their ID cards with a lot of (more) information,” says Deepika M of its legal team