7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 1/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/

Aadhaar –

Identication

Simplied, MythsBustedBY PIYUSH PESHWANI AND BHUWAN JOSHI ON 14/03/2016 • 9 COMMENTS

The questions and criticism of the Aadhaar initiativeare often generated from an inadequateunderstanding of the programme, say two UIDAIteam members.

Aadhaar cards. Credit: PTI

Passports: 57 million. Ration cards: 150 million. PAN Cards: 170

FEA TURED

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 2/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 2

million. Driving Licence: 173 million. Voter ID Cards: 600 million.

Aadhaar: 950 million. And this was in December 2015.

As on March 10, 2016, Aadhaar numbers issued by the Unique

Identification Authority of India (UIDAI) stand close to 990 million.

Aadhaar is already the world’s largest biometric database and the first

online biometric-based identity system in the world. Its technology,

architecture and accuracy have been tested in different proof of concept

(POC) studies, field trials and various system implementations, such as

LPG subsidy disbursal, Public Distribution System (PDS), MNREGS

wages, bank account opening and passport issuance. We will soon reach

a point where more than 1 billion Aadhaar numbers would have been

issued, with more than 95% adults in the country having an Aadhaar.

This has been quite a journey since Ranjana Sonawne from Tembhli

village in Maharashtra became the first person to get an Aadhaar in

August 2010. To understand the inclusive nature of this program, join

any queue where establishing your identity is mandatory to receive a

government or private service, and observe the proportion of people

relying on their Aadhaar to prove their identity. For many, Aadhaar is

perhaps the first document of their existence – a robust proof of their

identity and address that can be verified online. No more closed doors

for them!

Despite the benefits, many people have raised concerns and questions

regarding Aadhaar and its potential misuse. One such representation is

made by independent law researcher Usha Ramanathan in her article

The Law Needs to Catch Up With Aadhaar, But Not in the Way Jaitley is

Promising (http://thewire.in/2016/03/03/the-law-needs-to-catch-up-with-aadhaar-

but-not-in-the-way-jaitley-is-promising-23543/) on The Wire. Ramanathan

seems to have an incorrect comprehension of information and

technology around Aadhaar, and we believe it’s important to bring out

the facts and dispel the myths.

Since we are not experts on legislation, we will not delve into

the Aadhaar (Target Delivery of Financial and Other Subsidies, Benefits

and Services) Bill, 2016 (http://thewire.in/2016/03/03/the-law-needs-to-catch-

up-with-aadhaar-but-not-in-the-way-jaitley-is-promising-23543/); that’s best left to

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 3/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 3

a parliamentary discussion. However, let’s touch upon the other critical

aspects and bust the myths surrounding Aadhaar.

Myth 1 – High Cost

Was there a need to have yet another identity system? Does it justify the

cost? Yes, absolutely, according to the World Bank

(http://indianexpress.com/article/india/india-news-india/aadhaar-id-saving-indian-

govt-about-usd-1-bln-per-annum-kaushik-basu/) , who said the initiative is

estimated to be saving the Indian government about $1 billion annually

by thwarting corruption, even as it underlined that digital technologies

promote inclusion, efficiency and innovation.

How are such savings possible? The answer lies in Aadhaar’s

‘uniqueness efficiency’ in the delivery of food subsidy, fuel (LPG and

kerosene) subsidy, fertiliser subsidy, MNREGS wages, pensions,

scholarships and other government benefits, which it achieves by

curbing leakages in benefits disbursement. Aadhaar means no fake,

ghost or duplicate beneficiaries. Double-dipping will become more and

more difficult with Aadhaar, a number that is well de-duplicated with

the use of biometrics. Direct benefits transfer removes the middle layers

where most inefficiencies lie. Reduced leakages will further ensure that

a higher percentage of these benefits end up reaching the intended/real

beneficiaries. All this at a total cost of less than a dollar per Aadhaar,

which, incidentally, is the lowest in the world for the issuance of a

similar identity.

Even before the World Bank’s endorsement of Aadhaar, Delhi-based

National Institute of Public Finance and Policy conducted a detailed

cost-analysis study on Aadhaar

(http://planningcommission.nic.in/reports/genrep/rep_uid_cba_paper.pdf) in 2012.

Their analysis took into account the costs of developing and

maintaining Aadhaar, and of integrating Aadhaar with the schemes

over the next decade. The study found that substantial benefits would

accrue to the government by integrating Aadhaar with schemes such as

PDS, MNREGS, fertiliser and LPG subsidies, as well as housing,

education and health programmes. It found that the benefits would

arise from the reduction in leakages that occur due to identification and

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 4/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 4

authentication issues. Even after taking all costs into account and

making modest assumptions about leakages of about 7-12% value of

transfer/subsidy, the study found that the Aadhaar project would yield

an internal rate of return in real terms of 52.85% to the government.

Myth 2 – Profiling

A prominent criticism of Aadhaar is that it ‘profiles’ people. The UIDAI

has emphasised several times that information related to religion or

caste is neither collected nor stored in the Aadhaar database. Applicants

and holders are encouraged to look at their Aadhaar to confirm this.

The three biometrics collected are fingerprints, an iris scan and a face

photograph. The four mandatory demographic information fields are

name, address, gender and date of birth (or age). Optional information

fields, such as mobile number and email, are collected for

communication efficiency, including for sending a one-time password

(OTP) for e-Aadhaar, updates or OTP authentication. Information on

parent/guardians is mandatory only for children below the age of five.

This is the only information collected from applicants, and no

information that can result in profiling on the basis of religion and caste

is sought.

Myth 3 – Proof of residence vs citizenship

Another criticism of the Aadhaar programme is that it is being given to

everyone without identifying citizenship. The UIDAI has clarified that

Aadhaar is for ‘residents’ and not just for ‘citizens’, a position that has

remained unchanged since the programme was first initiated. Anyone

who states otherwise is misrepresenting the facts.

Many Indians who go to the US obtain a social security number, which

makes it easy and convenient for them to access services. This is similar

to Aadhaar. As for the concern of illegal Bangladeshi migrants getting

an Aadhaar, a reality check is required. What is the objective of refusing

someone an Aadhaar if he/she already has a ration card, a voter ID card

and/or other government documents? The Demographic Data

Standards and Verification Procedures committee

(https://uidai.gov.in/UID_PDF/Committees/UID_DDSVP_Committee_Report_v1.0.pd

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 5/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 5

f) prescribes a list of valid 18 proof of identity and 33 valid proof of

address documents for getting an Aadhaar. If someone already has

those documents, the UIDAI can hardly be blamed for issuing them an

Aadhaar. Who decides legality? If an enrollment operator uses his

discretion to decide who is and isn’t eligible for an Aadhaar on personal

whims, we’ll only be encouraging exclusion and fraudulent practices.

Myth 4 – Biometric and data theft

The Aadhaar programme has often been questioned because UIDAI

collects biometrics and data “that can be stolen” or “sold to other

countries”, and the security of which cannot be guaranteed. All

government data resides in government databases just like all bank

account data, including passwords, resides in bank databases. But does

this mean we should stop putting our money into bank accounts?

The UIDAI has ensured security of data – both physically and at the

application level – by applying leading technical and process practices.

The UIDAI has also established two large-scale data centres to ensure

complete security of data and applications, and it regularly conducts

audits by reputed third party agencies to keep its systems and processes

up to date.

In a utopian world, perhaps such government programs can exist

without any private contractors. In the real world, however, private

technology companies’ expertise and experience must be leveraged to

successfully implement programs of such scale and ambition. Having

said this, it’s important to clarify that the Aadhaar platform is built

mostly on open source technologies, with propriety technologies being

used only where necessary.

While adopting any propriety software for biometrics, the design

approach followed by the UIDAI is to have multiple vendors in an

architectural layer, with a payment model put in place such that the

vendors are incentivised to improve quality, accuracy and speed. These

vendors or their services can be replaced, as has happened, if they do

not meet stringent service level agreements. The involvement of private

sector players is designed such that the guiding principles for scale-up

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 6/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 6

and quality are followed, and the business model encourages only the

best to remain. An example of this is the more than 100 enrolment

agencies deployed on ground, such that no monopolistic practices can

creep in, and that they are penalised for any compromise of quality and

conditions of contract.

Myth 5 – Exclusion

The Aadhaar programme is often said to be exclusivist. But with over

990 million Aadhaar numbers issued, it is the most inclusive identity

system in India today. The number of Jan Dhan accounts that have

been opened because of Aadhaar in the last two years is further

testimony to the impact of the programme in enabling financial

inclusion. Aadhaar-enabled micro-ATMs at post-offices are expected to

have a transformational impact in furthering the cause of financial

inclusion with respect to basic services, including deposits, withdrawals

and balance inquiries, even in remote areas.

As far as exclusion in delivery of other services due to biometric

authentication accuracy is concerned, it is important to go beyond

scratching the surface. A detailed iris authentication POC done by the

UIDAI in a semi-urban setting found that the accuracy was 99.73% for

“two iris authentication” with a false acceptance rate of one in one

million. Further, eight POCs done on fingerprint authentication proved

that 99% accuracy could be achieved at a false acceptance rate of one in

10,000.

Biometric authentication is a platform, and service providers are

expected to use their wisdom in using the platform. Biometric

authentication is not the only platform available from the UIDAI; it

offers demographic and OTP authentication as well. The UIDAI’s focus

to get mobile numbers updated indicated the direction it wants to take

– to give service providers another reliable option for authentication.

Service providers can even build their own OTP authentication for

exception handling. There can be multiple factors of authentication to

ensure that nobody gets left out, including electronic and traditional

paper-based authentication. Of course a good system design would

require service providers to do exception handling in tandem with fraud

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 7/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 7

detection.

To draw an analogy with the banking world, saying that biometric

authentication accuracy causes exclusion is similar to saying ATMs

cause exclusion because many places in India do not have ATMs. Or

perhaps, saying that internet banking causes exclusion because many

people in India do not have internet access. It’s an unnecessary and

false connection of ‘cause’ and ‘effect’.

Also, the Aadhaar number, similar to the US’ social security number,

has multiple applications that are not even linked to the use of the

authentication platform. Direct benefits transfer for LPG subsidy is one

such example of an Aadhaar-based application where authentication is

not required.

Myth 6 – Wrongful inclusion

The Aadhaar programme has also been criticised for wrongful

inclusion, which means one person is able to the benefits of another

person. This criticism has no foundation in truth as no such case has

been pointed out. One can draw an analogy to forgery, and the using a

fake document or signature. The Aadhaar authentication platform

works at a minimum false acceptance rate of around one in 10,000.

This means a person with fraudulent intent will have to try 10,000

different Aadhaar numbers at different service delivery outlets in the

country till a false match happens and he/she is able to wrongly access

someone else’s benefit. Given the odds, such forgery is unlikely.

Myth 7 – Last-mile service delivery using Aadhaar is a

problem

Connectivity trends and Internet infrastructure will continue to

improve in India, boosting the Aadhaar programme. But Aadhaar

authentication works over GPRS connectivity too. When heavy rains

marooned large parts of Tamil Nadu, and all banks and ATMs were shut

down, banking correspondents armed with Aadhaar-enabled micro-

ATMs helped people withdraw cash from their bank accounts. The

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 8/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 8

Aadhaar-enabled payment system is just one of the applications of the

Aadhaar authentication platform.

Of course there are other challenges in last-mile delivery, such as the

literacy levels of service delivery operators and the risks in cash

handling. But it is pertinent to realise that the UIDAI cannot be blamed

for such environmental factors, and that solutions to these problems

have to be found outside the realm of the UIDAI.

Myth 8 – Privacy violations

Most of us have one or more identity/address documents, such as a

passport, ration card, PAN card, driving licence, vehicle registration

documents or a voter ID card. The government departments managing

these already have our data. Aadhaar is no different. We give our data

to banks, to insurance companies and to telecom companies for

accounts, policies and mobile connections. LPG distributors get our

data when we get a gas connection. Similarly when you create an email

account, the service provider gets your data, as does an app provider

when you install an app on your phone. An article in The Huffington

Post (http://www.huffingtonpost.com/entry/facebook-terms-

condition_n_5551965.html?section=india) illustrated what most people miss

when they sign up on Facebook and choose not to read the terms and

conditions – the social networking site has access to all your

information.

We believe that the world has more access to personal details of ‘privacy

supporters’ through their articles, blogs, and email, Facebook and

Linkedin accounts, where they probably signed off their rights to

privacy by accepting, without realising, the terms and condition. These

have far greater chances of ‘misuse’ than the Aadhaar database, which

CANNOT be shared with anyone without the consent of the Aadhaar-

holder.

We live in a connected world and we trust reputed agencies to be the

custodians of our data. Privacy must be respected, but suspecting a

programme like Aadhaar of violating privacy is clearly going overboard.

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 9/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 9

Benefits outweigh the risks

The increased savings and efficiency in public service delivery due to

the usage of Aadhaar would make dubious business practices redundant

(which is just the beginning of Aadhaar usage) and will encourage

public debate to be muddled with myths and misinformation. Readers

need to be aware to make intelligent judgement based on data, facts and

logic.

Every new change of system comes with inherent risks and challenges.

But when the benefits, especially to the weaker and underprivileged

sections of society, outweigh the risks and challenges significantly, it

makes sense to adopt the new system and a new way of life that is more

efficient and more effective. Needless to say, the UIDAI should continue

to focus on secure and convenient updates, the enrollment of children

and newborns, the enrollment of those who are still left out, accessible

permanent locations for enrollment and update, and most importantly,

continued and absolute de-duplication through an optimal

orchestration of biometric and demographic data checks. Over the next

few years, biometric technology and accuracy is expected to improve

and become more cost-effective, and the same goes for connectivity up

to the village level. Our estimate is that over the next two to three years,

service providers will figure out how to use the Aadhaar platformeffectively, thus making it ubiquitous for secure and convenient

identification, and for better delivery of public and private services.

Piyush Peshwani and Bhuwan Joshi were part of the UIDAI team from

the private sector, and can be reached at piyush.peshwani@gmail.com

and bcjoshi77@gmail.com.

What to read next:

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 10/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 10

9 Comments 1

• •

Innocent •

Modis Vision !!!

BANK the Unbanked - Jan dhan, FUND the Unfunded - Mudra

yojana and TAX the Untaxed - GST

Peetambar Ratnam •

Security is a major major concern with Aadhaar.

What they're not telling you is, that they're trying to bring all things

under one umbrella that is Aadhaar. So today the y talk about just

subsidies. Tomorrow it is KYC then it is something else. Altogether

they it is like systematically packaging everything and bringing it

under one umbrella. While that is OK, who can have access to it is

very sad !

First the government said they wanted to the subsidies to go to the

Categories: Featured (http://t hewire.in/category/featured/), Politics

(http://thewire.in/category/politics/)

Tagged as: Aadhaar (http://t hewire.in/tag/aadhaar/), Aadhaar Bill

(http://thewire.in/tag/aadhaar-bill/), Aadhaar card (http://t hewire.in/tag/aadhaar-card/), LPG subsidy

(http://thewire.in/tag/lpg-subsidy/), MNREGA (http://t hewire.in/tag/mnrega/), Public Distribution

System (http://thewire.in/tag/public-distribution-system/), Ranjana Sonawne

(http://thewire.in/tag/ranjana-sonawne/), UID

(http://thewire.in/tag/uid/), UIDAI

(http://thewire.in/tag/uidai/), Unique Identification Authority of India

(http://t hewire.in/tag/unique-identification-authority-of-india/)

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 11/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

http://thewire.in/24713/aadhaar-identification-simplified-myths-busted/ 1

• •

right people so they wanted Aadhar gard and/or bank accounts. Now

they say they want to get rid of LPG subsidy ! Then why was all this

dram performed of Aadhaar card and bank accounts ? All is a game

of lies !

All our data ends up with the government. That means all your

sensitive information is in the hands of corrupt ! What people very

well know but don't quote is, government sector is the most corrupt

and least citizen friendly sector. Imagine if they have all your data

how they can harass you.

Example think what a police can do if he knows your bank details

and you are in the police station for something which you're dragged

into. As of today we have head so many news that a police has to be

bribed to even register an FIR. Think of other situations !

This is the big big risk.

• •

Reader •

Could you then clarify why Aadhaar-like proposals never took off in

UK and other countries?

• •

dk bond •

"Even after taking all costs into account and making modest

assumptions about leakages of about 7-12% value of transfer/subsidy,

the study found that the Aadhaar project would yield an internal rate

of return in real terms of 52.85% to the government"

that's a problem with the NIPFP study. it only uses assumptions to

estimate the benefits.Not their fault, since there isn't any data that

can tell us reliably the magnitude of the leakages, and definitely not

(as the study itself admits) the magnitude of the leakages that Aadhar

would be able to correct.

• •

Hector •

Very good read and this article should go some way in dispelling fears

over the use of aadhar. One concern is regarding data security

inherent in online systems and aadhar is the biggest such globally.

Given that Indian government, companies are under daily cyber

attackscarried out by third countries - it's a huge exposure for any

country to maintain such a system online. What measures are being

taken to protect aadhar given that Indian railways - irctc faced such

an attack recently which impacted services and scores of users.

7/25/2019 Aadhaar – Identification Simplified, Myths Busted _ the Wire

http://slidepdf.com/reader/full/aadhaar-identification-simplified-myths-busted-the-wire 12/12

6/27/2016 Aadhaar – Identification Simplified, Myths Busted | The W ire

• •

Bhuwan Joshi •

Thanks Hector for your good words. As you understand that

in cyber world there is no company , which has not faced cyber

attacks or can say that they can never be attacked but as all

large companies ensure that they have no single point of

failure, even in case of attack, nobody can steal business

critical data and even if it get it some way could not use it.

UIDAI has also ensure all this by only allowing access to its API through some trusted partners which are called ASA,

AUA, KSA and KUA. There partners are connected to UIDAI

through a secure pipeline, UIDAI ensures security using

standard security process as well as through state of the art

security tools. UIDAI uses 2048 key based encryption to

encrypt data. For more details please go through this link

which has a detailed information about authentication API

and its security features (https://www.uidai.gov.in/image....

UIDAI also has an in-house dedicated security team which

monitor and take action against possible threats and keeps on

updating security polices and technologies. Hope this will

help.

• •

R Joseph •

In a country where the Government cannot maintain roads and

drainage systems properly, I am sorry to say this Aadhar business is a

oke. Moreover no other democratic country in the world has such a

system where it is always open to the Government to carry out masssurveillance on its citizens. .