Upload
trisha9313
View
112
Download
2
Embed Size (px)
DESCRIPTION
the whole project is on uniqe identtity
Citation preview
CHAPTER 1
INTRODUCTION
Unique identification in India is a Unique ID Project in which every citizen
would have one unique identification number that will identify him/ her. It
would not just the government track down individuals as is highlighted by
the media, but would make life far easier for citizens as they would not have
to submit so many documents each time they want to avail a new service –
private or government. The Unique Identification Authority of India is being
established under the aegis of the Planning Commission for which a
notification has been issued in January 2009. A provision of Rs.100 crore
has been made in the annual Plan 2009-10.
The Unique Identification Authority of India or the UIDAI, is an agency of
the Government of India responsible for implementing the envisioned
Multipurpose National Identity Card or Unique Identification card (UID
Card) project in India. It was established in February 2009, and will own and
operate the Unique Identification Number database. The authority will aim
at providing a unique number to all Indians, but not smart cards. The
authority would provide a database of residents containing very simple data
in biometric.
1
The agency is headed by a chairman, holds a cabinet rank. The UIDAI is
part of the Planning Commission of India. Nandan Nilekani, a former co-
chairman of Infosys Technologies, was appointed as the first Chairman of
the authority in June 2009.
R.S Sharma, an IAS Officer of Jharkhand Government cadre has been
appointed as the Director General and Mission Director of the Authority. He
is known for his best effort in e-Governance project for Jharkhand State and
working as an IT secretary he received a number of awards for best
Information Technology Trends State in India.
It may be recallled that an Empowered Group of Ministers (EGOM) headed
by the then External Affairs Minister, Pranab Mukherji, had approved the
establishment of a Unique Identity Authority for all the residents of the
country in November 2008. The UID Authority would be under the Planning
Commission. The Home Ministers and Ministers for IT and
Communications, Law and Panchayati Raj were members of the EGOM
while the Deputy Chairman, Planning Commission, was a standing invitee.
The proposed system envisages collaboration among several government
agencies backed by intensive use of information technology.
This would end needless harassment that people face for availing of basic
government services like issuance of passports, driving licences, Electoral
2
Identity Cards, PAN Card, ration card, etc. This scheme is designed to
leverage intensive usage of the UID for multipurposes to provide an efficient
and convenient mechanism to update information. Photographs and
biometric data will be added progressively to make the identification
foolproof. Easy registration and information change procedures are
envisaged for the benefit of the people.
The authority was notified on January 28 this year as an attached office
under the aegis of the Planning Commission with an initial core team of 115
officials and staff. The scheme will be implemented in three years.
The UID project, however, has been in the offing for over six years. For
instance, in 2008, the government implemented a pilot project for a ‘Multi-
purpose National Identity Card (MNIC)’ in 13 districts of 12 states and one
Union Territory wherein more than 1.2 million identity cards were issued to
people above 18 years of age. Besides, to facilitate the project, Section 14A
was inserted in the Citizenship Act, 1955 to issue a national identity card to
every citizen of the country.
However, the MNIC project was initiated under the Vajpayee-led NDA
government (2002), which was continued by the current UPA government
under Prime Minister Manmohan Singh.
3
The necessity for a centrally-issued ID was accentuated by the growing
problems of illegal immigrants in various parts of the country. However, the
events of November 26 in Mumbai accelerated the setting up of the UIDAI.
The body was set up on January 27, 2009. The initial phase of the project is
expected to cover nine states and four Union Territories.
The UID will be issued to people living in the coastal villages of Gujarat,
Maharashtra, Goa, Karnataka, Kerala, Tamil Nadu, Andhra Pradesh, Orissa
and West Bengal. The Union Territories of Dadar and Nagar Haveli,
Lakshadweep, Puducherry and Andaman & Nicobar Islands shall also be
covered in this first phase expected to deliver the identity cards by early
2010.
The project envisages assigning a unique identification (ID) number to each
resident in the country to eliminate the need for multiple identification
mechanisms. Moreover, the project will eventually become the underpinning
of the Citizens Smart Card Project, which will enable citizens to avail
subsidies on food, energy, education, etc, depending on their entitlements,
according to the 11th report of the Second Administrative Reforms
Commission.
4
The unique ID will require creation of a database that links an individual to
unique identifier that remains constant over his life-span, like parentage,
date and place of birth. The card automatically gets activated as a voter
identity card at the age of 18. The identification will act as a check against
illegal immigration into the country as it is a serious threat to national
security. The project lays special focus on the border areas of the country
with illegal immigration in mind.
Almost all the firms with an India focus will be eyeing this deal — players
like TCS, Infosys, Wipro, HCL Technologies, along with smaller players
like Spanco, Bartronics, Gemini Traze and NXP Semiconductors.
5
CHAPTER
OBJECTIVES OF UID PROJECT
Objectives of the NAUID (MNIC) Project
Obviate need for multiple documentary proof
Facilitate easy verification
Facilitate easy availing of government or private services
Help welfare programmes reach intended beneficiaries
Serve as basis for e-governance services
The ID shall also serve the following purposes
To prepare a National Population Register (NPR).
To prepare National Register of Indian Citizens (NRIC).
To prepare National Register of Residency (NRR) – for non-citizens.
To provide National Identity Number (NIN) to each person.
To provide Multi-purpose National Identity Card (MNIC) to each
citizen.
To provide Multi-purpose Residency Card to non-citizens.
CHAPTER
6
SCOPE OF THE PROJECT
Every individual citizen of the country is expected to be provided with a
UID by 2012.The UID authority shall work closely with the National
Population Register proposed to be created by the Home Ministry through
the Registrar General of the Census of India concurrently with the census
2011 in accordance with the provisions of the Indian Citizenship Act.
The UID Authority approved by the EGOM will be responsible for creating
and maintaining the core database and to lay down all necessary procedures
for issuance and usage of UID including arrangements for collection,
validation and authentication of information, proper security of data, rules
for sharing and access to information, safeguards to ensure adequate
protection of privacy and all aspects related to all of these issues.
7
CHAPTER
COVERAGE, GOALS AND LOGISTICS
It is believed that Unique National IDs will help address the rigged state
elections, widespread embezzlement that affects subsidies and poverty
alleviation programs such as NREGA. Addressing illegal immigration into
India and terrorist threats is another goal of the program.
Most reports suggest that the plan is for each Indian citizen to have a unique
identification number with associated identifying biometric data and
photographs by 2011. However, other reports claim that obtaining a unique
number would be voluntary, but those that opt to stay out of the system "will
find it very inconvenient: they will not have access to facilities that require
you to cite your ID number."
Government issued IDs are fragmented by purpose and region in India,
which results in widespread bribery, denial of public services and loss of
income, especially afflicting poor citizens. As the unique identity database
comes into existence, the various identity databases (voter ID, passports,
ration cards, licenses, fishing permits, border area id cards) that already exist
in India are planned to be linked to it. The Authority is liaising with various
8
national, state and local government entities to begin this process. The
Union Labor Ministry has offered its verified Employment Provident Fund
(EPFO) database of 42 million citizens as the first database to be integrated
into the unique ID system.
9
CHAPTER
DESIGN OF THE CARDS
10
CHAPTER
CARDS CONFIGURATION
The card will be available with all functions like card no, Magnetic tape with
chip.
Codes Description
# Use for Unique Identity cards
* Use for NRI.
// Use for foreigners working in embassies or Ministers/
Officials.
= Use for foreign visitors in India.
*/ Foreigners are working in Indian corporate.
0091 Country code for NRI we can use (his/ her country
code)
0011 Delhi (state code) NRI belongs to this state
0000 District Code. NRI belongs to this district.
11
**** **** **** Person’s Identity NRI’s Identity No….
The total card codes will be …
# 0091 0011 0000 **** **** **** for Indian
* 0001 0212 0000 **** **** **** for NRI
// 0001 0212 0000 **** **** **** for foreigners working in India.
= 0001 0011 0000 **** **** **** for foreign visitors.
*/ 0001 0032 0000 **** **** **** for foreigners working in corporate.
0001 Country code of NRI/ Foreigner
12
CHAPTER
APPOINTMENT OF CHAIRMAN OF UNIQUE
IDENTIFICATION AUTHORITY OF INDIA
NEW DELHI: Nandan M. Nilekani, co-chairman of the Board of Directors
of Infosys Technologies, is all set to join the Central government, as
chairperson of the Unique Identification (UID) Authority of India. It is a
new agency set up to provide unique identification numbers or UID numbers
to all citizens for accessing various government services.
According to reports from Bangalore, following the Cabinet decision, Mr.
Nilekani has resigned from the membership of the Infosys’ Board of
Directors as also as its co-chairman.
The Union Cabinet on Thursday cleared the creation of the new post, which
will have the rank and status of a Cabinet Minister. The authority will have
the mandate to own and operate a database of the UID numbers and be
responsible for its updating and maintenance regularly.
The cards will serve as a means to access a variety of government-related
activities. For instance, the UID numbers and the database will be linked to
agencies such as the Election Commission of India and the Income Tax
13
Department, which deal with the general public and issue special number
cards such as voters photo identity cards in the case of ECI and PAN Cards
in the case of IT Departments.
In addition, it will be used for providing services under government schemes
such as the public distribution system, and the National Rural Employment
Guarantee Scheme for families living below the poverty line. It will also be
used for delivering financial and other assistance to the needy.
Mr. Nilekani has been chosen to head the authority considering that the
project will be based on various tools and techniques of Information
Technology and there will be need to keep updating the system.
Nandan Nilekani (born June 2, 1955) is an Indian entrepreneur and
businessman. He currently serves as the Chairman of the new Unique
Identification Authority of India (UIDAI), after a successful career at
Infosys Technologies Ltd.
14
CHAPTER
LIFE OF MR. NANDAN M. NILEKANI
15
CAREER
Nandan Nilekani, after graduating from IIT Bombay in 1978, he joined
Mumbai-based Patni Computer Systems where he was interviewed by N.R.
Narayana Murthy. Three years later, in 1981, Murthy walked out of Patni
following a dis-agreement with one of the Patni brothers. His entire division
walked out with him. The defectors decided to start their own company,
Infosys.
Nilekani became the Chief Executive Officer of Infosys in March 2002,
taking over from Murthy. Nilekani served as CEO and MD of the company
from March 2002 to April 2007, when he relinquished his position to his
colleague Kris Gopalakrishnan, becoming Co-Chairman. He left Infosys on
9 July 2009 to serve as the chairperson of the Unique Identification
Authority of India, in the rank of a cabinet minister under invitation from the
Prime Minister of India, Dr. Manmohan Singh.
He co-founded India’s National Association of Software and Service
Companies (NASSCOM) as well as the Bangalore Chapter of The IndUS
Entrepreneurs (TiE).He appeared on The Daily Show with Jon Stewart on
March 18, 2009 to promote his book "Imagining India." He has been a
16
speaker at the prestigious TED conference where he talked about his ideas
for India's future.
He has an estimated net worth of the Indian rupee equivalent of US$1.3
billion. In 2009, Time magazine placed Nilekani in the Time 100 list of
'World's Most Influential People'
PERSONAL LIFE
Nandan Nilekani is married to Rohini, whom he met at a quizzing event at
IIT. They have two children, both studying at Yale University. Their names
are Nihar and Akanksha.
HONOURS AND AWARDS
One of the youngest entrepreneurs to join 20 global leaders on the
prestigious World Economic Forum (WEF) Foundation Board in
January 2006.
Member of the Board of Governors of the Indian Institute of
Technology (IIT) Bombay
17
Member of the review committee of the Jawaharlal Nehru National
Urban Renewal Mission.
Forbes “Businessman of the Year” for Asia in 2007.
He, along with Infosys founder (and currently non-executive
chairman) N. R. Narayana Murthy, also received Fortune magazine’s
‘Asia’s Businessmen of the Year 2003’ award.
Named among the ‘World’s most respected business leaders’ in 2002
and 2003, according to a global survey by Financial Times and
PricewaterhouseCoopers.
Awarded the Corporate Citizen of the Year award at the Asia
Business Leader Awards (2004) organized by CNBC.
Joseph Schumpeter Prize for innovative services in economy,
economic sciences and politics - 2005.
Padma Bhushan , one of the highest civilian honors awarded by the
Government of India - 2006.
Was presented the 'Legend in Leadership Award' by the Yale
University in November 2009. He is the first Indian to receive the top
honour.
18
CHAPTER
NANDAN NILEKANI AND UID PROJECT
The news of the Government of India appointing Nandan Nilekani to head
the Unique Identity Authority (UIDA) of India has been received positively
not just by the corporate sector—anyone would feel happy with the success
of a member of his tribe—but even the media and the informed public. This
makes Nilekani’s spectacular journey from code jock to corporate honcho to
public intellectual to governmental leader complete.
The idea of a unified and unique identification system was first mooted by
the Ministry of Home Affairs (MHA) under L K Advani towards the end of
his tenure (1999-2004), and given the name of Multipurpose National
Identity Card (MNIC). In fact the MHA set up a pilot project under the aegis
of the Office of the Census Commissioner and Registrar General of India,
before planning a nation-wide rollout.
But because the project was a NDA-initiated one, it was left to languish
under the UPA Government (2004-2009). The pilot project remained a pilot
project, and nothing more. Therefore it was surprising that towards the end
of its tenure, the UPA Government suddenly woke up to announce the
setting up of a UIDA under the Planning Commission. Nothing was
19
mentioned about the logic of setting up a parallel authority when a
governmental body—in this case the Office of the Census Commissioner
and Registrar General of India—was already entrusted with a similar work.
Nor did the Government say if—and how—the Unique ID Project would be
different from the MNIC Project. We did not know whether it was a classic
Governmental case of the right hand not knowing what the left hand was
doing, or was it a deliberate policy to kill the MNIC project just because it
was a baby of the NDA Government.
In any case, the BJP’s IT Vision, that was released by the Party just before
the elections, made a strong case for a unique national ID system, and placed
it at the centre of its proposed eGovernance plan. BJP’s idea was that using
this unique ID system it would be possible to have more efficient delivery of
targeted social welfare interventions. In fact the BJP went ahead and made
three corollary promises:
(a) a bank account for each citizen,
(b) direct cash transfers of welfare grants, and
(c) a smart phone to each BPL family. BJP hoped that together they would
plug the leakage made famous by Rajiv Gandhi when he said that of every
20
rupee spent by the Government, only 15 paisa reached the intended
beneficiary.
As someone who was closely associated with the formulation of BJP’s IT
Vision, I am sad that we could not get the people’s mandate to operationalise
our dreams. But I am happy with the fact that this Government has picked up
someone so eminently qualified to lead this project and, more importantly,
recognised its potential to change the paradigm of government service
delivery. Most of the media is still to wake up to the potential of this project;
some see it only as a multi-billion dollar project that could impact the placid
fortunes of our domestic IT majors, and others are focused on the glamour of
a corporate chieftain making a lateral move to the top echelons of the
government.
But should the project be seen not so much as card-issuing projects in the
manner of our Election ID Cards, income tax PAN Cards, etc, and looked
upon as a ‘change management’ initiative; should it be used by all
governmental departments to track its interactions with its citizens; this
could be among the biggest ‘game changers’ this Government could have.
Just think about it: governmental welfare spending could be tracked to the
individual level, as well as aggregated under different geographical areas,
21
social groupings, economic categories, etc. Privacy advocates would have a
lot to debate, but this does not distract from the fact that tracking financial
transactions, and thereby tax collection, could become so much more
efficient and transparent.
However, creating a unique ID system is one thing, its application in the
machinery of the government is quite another. This project would have been
another of those white elephants had it not been sponsored from the top. It is
still early to say whether this project would go the way of most other
government projects, but several things give me hope.
One, Nilekani would be able to draw in the best of Programme Management
skills from the IT industry. It is high time that some of the lessons from
Infosys’ attainment of the Capability Maturity Model (CMM) Level 5 are
applied to the execution of governmental processes. Two, Nilekani has the
backing of the Prime Minister. Without this, the project would have been
dead even before it started. One of the main reasons that Sreedharan has
been able to execute the Delhi Metro project the way he has, is the political
backing he has received.
But the reason I am most hopeful is that Nilekani’s move to the Government
probably marks the start of an easy mobility of talent between academia,
22
industry and government. Please note that I am talking about government,
not bureaucracy. While this is not the first time that a private sector manager
has moved to assume a position in a public sector undertaking (PSU) or the
government—after retiring from Hindustan Lever, Prakash Tandon joined as
the Chairman of the State Trading Corporation (STC), a PSU; Yogi
Deveshwar took a sabbatical from ITC to work as the Chairman and
Managing Director (CMD) of Air India; and R V Shahi left BSES as its
CMD to become the union Power Secretary—this is probably the first time
that a business leader has moved laterally to assume a role with cabinet rank,
even if not a place on the Cabinet!
The principles of parliamentary democracy demands that only elected
representatives assume leadership roles in the government. But this should
not be a barrier to importing top-rate talent from other sectors like academia,
business, military and even NGOs, and sufficiently empowering them to
deliver their mandate. If a Condoleeza Rice could move from being an
academician to assuming a top role in government, and then going back to
academia again, what stops us from being a little more creative.
23
VIEWS OF MR. NANDAN ON FOLLOWING FIVE POINTS
1. UID without a UID Card:
2. Data Association
3. Responsibility for Data Accuracy
4. Responsibility for Data Security
5. Voice of the People
1. UID without a UID Card:
Mr Nandan Nilekani has taken a strategically correct and intelligent decision
to keep the issue of "Cards" away from the immediate discussion by
declaring that in the first two or three years, the UIDAI will focus only on
creating the "Unique Number" and not focus on the instrument that holds the
ID such as the "ID Card". As a result, unnecessary commercial intervention
of whether it should be a smart card or some thing else, what should be the
technology for it etc is now not the immediate issue.
In view of this vital decision, the UIDs when created will be held only in
digital form and therefore there will be a "Virtual UID Card" for every
Citizen which will be dynamically created whenever the data base is queried
24
and values returned. If this Virtual UID Card works, then the next task will
be easy since it only means a transport of this "Virtual ID Card" to the face
of a plastic card with or without memory in the form of a smart card.
Since Mr Nandan has clarified during his TV interviews in the last few days,
the UID Card will eventually be having limited data and service related data
would be incorporated in other service related Cards. For example, UID will
contain certain data such as the serial number, name and photograph of the
holder . There may also be other associated data such as as the father's name,
mother's name, data of birth, sex, place of birth, UID of the father, UID of
the mother, finger print, and address .
When a decision on the Physical card is taken, it will be necessary to
determine if all the UID data has to be placed in the card itself or not. The
current thinking of the UIDAI is therefore similar to what Naavi has been
advocating except that the issue of Card has been completely kept out of the
responsibility of the UIDAI and left to the individual service organizations
which will use the UID for delivering their services. For example, the
NREGS may issue it's own cards to its members where UID is one of the
components. They may use either a Smart Card or a Zemo card as they deem
fit.
25
This leaves the flexibility which was necessary for the UIDAI to avoid
commercial influences on its activity since the Smart Card lobby is a
powerful lobby which could have single handedly derailed the UID project.
Mr Nandan should be specially congratulated for the master stroke of
dividing the two aspects of creating a UID and issuing of the Cards. This
may turn out to be the single most important decision at this point of time to
take the project forward. May be once the data is created, UIDAI can
register itself as a Certifying Authority in India and issue Digital
Certificates under their digital signature which will become a document
acceptable in a Court of law as per the provisions of the ITA 2000.
In the absence of the physical card however, the virtual data base becomes
critical to the integrity of the system and will be a target of attack for cyber
terrorists and data thieves. The security of the data therefore becomes
paramount and there is a need for appropriate measures in this regard.
26
2. Data Association
At present the indications are that the following 12 parameters would be
associated with the UID data.
a. Name
b. UID Number of the holder
c. Photograph
d. Right hand fore finger print
e. Name of the Father
f. Name of the Mother
g. UID of the Father
h. UID of Mother
i. Date of Birth
j. Sex
k. Place of Birth
l. Address
27
It is necessary to debate if all these 12 parameters are required and whether
some more are to be added. It is also necessary to consider if all of them
need to be considered as a primary ID parameters or can be classified further
as "Primary" and "Secondary". The UID will be a Root ID for downstream
services available to the Citizen of India, there is a need to recognize one
single "Root UID Parameter" so that in the event of any dispute, the UID
would be owned by the person in undisputable control of the "Root ID
Parameter".
The reason of segregating the ID data into "Primary" and "Secondary" is that
some of the ID parameters can be kept out of the Primary data base and can
even be kept offline. While the primary database has to be accessible on the
Internet and despite the authentication mechanisms used or DRP strategies,
they are still amenable to hacking attacks. The secondary data base however
can be kept away from the Internet and in multiple formats so that the data in
the secondary data base can be used for verification when the primary data is
disputed.
For example, we may collect multiple biometric features say
1. Left hand thumb print scan
28
2. fingers scan
3. geometry scan
4. scan, etc
If the technology vendors prefer the forefinger (index finger) because the
finger print readers are more easily operated with the fore finger than the
thumb, it can be used as the primary biometric print but the remaining
biometric features can be considered for the secondary data base.
"Left Hand Thumb Impression" is an age old tradition in India and given an
option it should be considered more suitable than the forefinger. Since there
are already a host of property documents where the left hand thump
impressions are recorded, it may be perhaps good if the left hand thumb
impression is made the primary ID parameter and other 9 finger prints be
accepted as secondary and tertiary finger print references. This will also
counter the problem of some of the labour class people not having clear
finger prints.
The Primary UID data base may contain the actual name with the initials
used by the person, the secondary data base may contain the expansion of
29
the initials, name of the father, name of the grand father and name of the
great grand father.
Also, while the date of birth is one of the parameters used, extending it to the
time of birth (as known and declared by the person) would make it more
specific. This is also more suited for the secondary data base while "Age"
(as on the date of the issue of the card) alone can be added to the primary
data base.
"Address" is one parameter which is subject to change. It is therefore not
suitable as part of the ID document. It is better that it is removed from the
database. If required, it can be part of the secondary data base and used as
"Registered Address at the time of first creation of the data".
Out of the other parameters, Photograph is also subject to change over the
period. If present, it can be a source of misinterpretation. A serious
consideration has to be given to discuss if this has to be considered as part of
the primary data base or to be pushed to the secondary data base.
The UID of the father and mother are also parameters more ideally suited
for the secondary data base.
30
The primary data base may have to contain the UID issue date as a reference
for the photograph and the age of the person.
Since the UID data is in digital form and may have to be accessed by the
subject online with the use of a digital signature, it may be useful to include
an "E-Mail ID" as an additional ID parameter perhaps in the secondary data
base.
3. Responsibility for Data Accuracy
Apart from the risk of impersonation, the other risk associated with the UID
system which is also going to be integrated with many downstream data is
the possibility of "Errors" of the data. Today, many of the Voters find that
the information about their name, sex and age on the Card are incorrect and
make them ineligible to exercise their franchise. The reason for such
inaccuracies is that the system for "Correction" is too complicated and once
a clerical error gets into the system, they tend to remain.
In view of the criticality of the UID system, it is essential that inaccuracies
need to be eliminated at the time of generation and then there should be an
expeditious but strong process of correction of inaccuracies.
31
It must be remembered that UID will be "Information Residing Inside a
Computer Resource" and is subject to the provisions of Information
Technology Act 2000 (ITA 2000) and the proposed amendments through
Information Technology Amendment Act 2008. (ITA 2008).
Any alteration of UID information which is unauthorised and causes
wrongful harm is therefore an "offence" under Section 66, 72, 72A of ITA
2000/8 and is also subject to payment of compensation under Section 43 and
43A ITA 2000/8.
The UID authority is also subject to the provisions of Sec 67C since the
ultimate owner of the data is that of the data subject and the UIDAI is only
an "Intermediary" as per the provisions of ITA 2000/8
Maintenance of "Inaccurate Data" leading to wrongful loss would constitute
lack of "Due Diligence" and could make the UIDAI liable.
One option for the Government is to pass a law making the UIDAI and its
staff immune to any legal challenges. This would be perhaps the most likely
happening since this is the trend in Government functioning. This would
however result in "Authority without Responsibility" and ideally should be
avoided.
32
4. Responsibility for Data Security
Data Security will remain to be the biggest challenge in the UID project and
multiple strategies are required to be adopted for the purpose.
The law of the land provides some protection to the data subjects through the
ITA 2000/8 and imposes certain responsibilities to the UIDAI for reasonable
security practices to be maintained by UIDAI.
If there is no attempt by the Government to shield the UIDAI from the
provisions of the existing law, then we may consider that there is a legal
structure for data security. It may still be necessary to define the
"Reasonable Security Practice" for this service.
In view of the criticality of the UID operation, the "Reasonable" security
practices may have to be substantially stringent. It is necessary to implement
globally acceptable principles of data security and privacy protection to meet
the requirements.
Some of the specific requirements under this framework for ITA 2008
compliance includes
33
a) Obtaining the consent of the UID holders for inclusion of the data
which would be in the form of an application made by the data subject
and validated in its electronic form.
If data is validated on paper and the UIDAI takes the responsibility for
digitization then some member of UIDAI should be held accountable for any
inaccurate data that may creep in . Such a person has to validate the
electronic form of the data with his digital signature and take the legal
liability for the inaccuracies.
A copy of the data as entered in the data base has to be provided to the data
subject in print form with appropriate certification under Section 65B of
Indian Evidence Act as per established principles of Cyber Evidence
Archival.
As a part of this data validation process, it may be necessary to provide
access to the data in the data base to the holder of the UID so that he can
verify the data any time and any number of times during the lifetime of the
data.
This may require validation of the person making the query. If we need to
use "Digital Signatures" for validation, the UID itself may have to also
34
include an "E-Mail Address" in the minimum as a "Digital Identity
parameter".
b) Data has to be encrypted in storage and every element of the data
base has to be digitally signed by an officer of the UID.
c) Appropriate audit trail of who accessed the data and what was the
hash value of the data accessed before and after the access session etc
will have to be captured along with the mode of access, IP address etc
and archived in such a manner that they are available for judicial
scrutiny when required.
d) The hardware and software used by UIDAI should be source code
audited and certified for integrity. Supplies from countries suspected
to be preparing for Cyber Warfare against India must be avoided.
5. Voice of the People
As some one who is working on Netizen Welfare for over a decade, the
undersigned would like to make a strong demand with the Government of
India as well as Mr Nandan Nilekani himself that the UIDAI should
establish appropriate systems and procedures which would ensure that
Netizens are protected against the inefficiency and malicious intentions
35
of the staff of UIDAI. Even if they tend to be honest, they may be used
by others to inconvenience honest Netizens.
This requires constitution of an "Ombudsman" and " UID Dispute
Resolution Board". Such a UID Dispute Resolution Board should not be
solely constituted out of Government servants (eg: Proposed Review
Committee under ITA 2008 for Section 69/69A/69B issues) and must
consist of Netizen Activists and Netizen Interest bodies such as Digital
Society of India or Cyber Society of India.
CHAPTER
NEWSPAPER EDITION
36
CHAPTER
PRIVACY IMPLICATIONS
37
There are many potential privacy fallouts of this project, not the least of
which is triggered by the Government's official plan to link the databases
together. The MNIC is also unconstitutional as it violates fundamental right
to privacy.
The right to privacy of citizens will be greatly compromised if MNICs
are made compulsory. Although there is sometimes a tension between
individual privacy rights and national security, international law and
India’s domestic law expressly set a standard in tort law and through
constitutional law to protect an individual’s privacy from unlawful
invasion. Under the International Covenant on Civil and Political
Rights (ICCPR), ratified by India, an individual’s right to privacy is
protected from arbitrary or unlawful interference by the state. The
Supreme Court also held the right to privacy to be implicit under
article 21 of the Indian Constitution in Rajgopal v. State of Tamil
Nadu.
Moreover, India has enacted a number of laws that provide some
protection for privacy. For example the Hindu Marriage Act, the
Copyright Act, Juvenile Justice (Care and Protection of Children) Act,
38
2000 and the Code of Criminal Procedure all place restrictions on the
release of personal information.
Privacy is a key concern with respect to the MNIC scheme as all of an
individual’s personal information will be stored in one database where the
possibility of corruption and exploitation of data is far greater than when
having the information disbursed. Risks that arise from this centralisation
include possible errors in the collection of information, recording of
inaccurate data, corruption of data from anonymous sources, and
unauthorised access to or disclosure of personal information. Other countries
with national identification systems have confronted numerous problems
with similar risks such as trading and selling of information, and India,
which has no generally established data protection laws such as the U.S.
Federal Privacy Statute or the European Directive on Data Protection, is ill-
equipped to deal with such problems. The centralised nature of data
collection inherent in the MNIC proposal only heightens the risk of misuse
of personal information and therefore potentially violates privacy rights.
In consideration of the risks involved in the creation of a centralised
database of personal information, it is imperative that such a programme not
be established without the proper mechanisms to ensure the security of each
39
individual’s privacy rights. Unfortunately, India’s proposed MNIC
programme lacks any provision for judicial review at the present time.
Without credible and independent oversight, there is a risk of ‘mission
creep’ for MNICs; the government may add features and additional data to
the MNIC database bureaucratically and reflexively, without re-evaluating
the effects on privacy in each instance.
CHAPTER
40
GOVERNMENT PROPOSAL TO LINK DATABASES
CHAPTER
IMPLEMENTATION STATUS
41
The MNIC Project is currently in pilot mode in at least 12 states of India.
While the exact status of the project is unknown, as of this writing on May
26, 2007, the project has kicked off a fresh round of card distribution to
provide two million cards to people above 18 years in 13 districts across 12
States and the Union Territory of Puducherry.
Earlier plans and reports indicated that the project was in pilot, or was
attempted in the following 20 selected sub-districts of 13 States and Union
territories.
Legal amendments made to facilitate the project. The Citizenship Act, 1955,
has been amended and now a specific section on registration of citizens &
issuing cards has been included. In addition the Citizenship (Registration of
Citizens and Issue of National Identity Cards) Rules, 2003 has been notified
in the Government of India Gazette Vide GSR No. 937(E) dated:- 10
December, 2003.
Important amendments to the provisions of the Citizenship Act, 1955
Section 14A :
42
(1) The Central Government may compulsorily register every citizen of
India and issue national identity card to him.
(2) The Central Government may maintain a National Register of Indian
Citizens and for that purpose establish a National Registration Authority.
(3) On and from the date of commencement of the Citizenship (Amendment)
Act, 2003, the Registrar General, India, appointed under sub-section (1) of
section 3 of the Registration of Births and Deaths Act, 1969 shall act as the
National Registration Authority and he shall function as the Registrar
General of Citizen Registration.
(4) The Central Government may appoint such other officers and staff as
may be required to assist the Registrar General of Citizen Registration in
discharging his functions and responsibilities.
(5) The procedure to be followed in compulsory registration of the citizens
of India shall be such as may be prescribed.
In sub-section(2) of section 18 (ia) has been inserted after clause (i)
the procedure to be followed in compulsory registration of the citizens
of India under sub-section (5) of section 14A;
In sub-section (3) of section 18 the following proviso has been
inserted “PROVIDED that any rule made in respect of a matter
specified in clause (ia) of sub-section (2) may provide that a breach
43
thereof shall be punishable with imprisonment for a term which may
extend to three months, or with fine which may extend to five
thousand rupees, or with both”.
CHAPTER
PURPOSE AND USE
44
The ID is fundamentally being prepared to identify Indian citizens so that
better security can be provided by identifying illegal immigrants and
terrorists. However, the real power of the ID is in its ability to provide ease
of identity establishment to Indian citizens when accessing a variety of
governmental and private-sector services.
The likely benefits of the new ID system to the citizens will be as below:
1) Subsidies on food, energy, education, etc to people who are entitled to
receive them.
2) Opening bank accounts
3) Getting new telephone, mobile or internet connections,
4) New light or gas connections
5) Getting a passport
6) The same card may act as a driving license and store your traffic violation
records
7) It may act as your electoral card
8) Family genealogy may be traced
45
CHAPTER
ADVANTAGES OF UNIQUE IDENTIFICATION
NUMBERS
46
The UIDs will provide unique identity to residents of India. Indians
will not require to prove their identity to various government
departments over and over again.
It will streamline benefits so that they reach the right people.
The numbers will eliminate duplication an attempts to obtain fake
documents.
They will facilitate mobility, especially for India's migrant population.
The numbers will ensure that different public service delivery
organisations work efficiently.
It will help to reduce illegal immigration.
CHAPTER
DIFFERENTIATION OF UID FROM PERMANENT
ACCOUNT NUMBER (PAN)
47
PAN will be one of our enrolling partners. It has been decided that the UID
will be embedded in new PAN cards that will be issued once the UID project
gets underway. We have had fruitful discussions on this with the income tax
department.
The people who already have PAN cards will be issued a letter containing
the UID. For those who will be getting new PAN or NREGA cards,
passports, etc, henceforth, the numbers will be embedded in that.
These numbers, you have said, will not only provide an identity to residents
but also help them in obtaining benefits of government schemes and
undertake with ease activities like opening bank accounts, availing an
electricity connection, etc.
Yes, these numbers will be unique in the sense that residents would no
longer need to go to various government departments and prove their
identity each time.
CHAPTER
LEGAL AMENDMENTS
48
Legal amendments made to facilitate the project
The Citizenship Act, 1955, has been amended and now a specific section on
registration of citizens & issuing cards has been included.
In addition the Citizenship (Registration of Citizens and Issue of National
Identity Cards) Rules, 2003 has been notified in the Government of India
Gazette Vide GSR No. 937(E) dated:- 10 December, 2003.
Important amendments to the provisions of the Citizenship Act, 1955
Section 14A
(1) The Central Government may compulsorily register every citizen of
India and issue national identity card to him.
(2) The Central Government may maintain a National Register of Indian
Citizens and for that purpose establish a National Registration Authority.
(3) On and from the date of commencement of the Citizenship (Amendment)
Act, 2003, the Registrar General, India, appointed under sub-section (1) of
section 3 of the Registration of Births and Deaths Act, 1969 shall act as the
National Registration Authority and he shall function as the Registrar
General of Citizen Registration.
49
(4) The Central Government may appoint such other officers and staff as
may be required to assist the Registrar General of Citizen Registration in
discharging his functions and responsibilities.
(5) The procedure to be followed in compulsory registration of the citizens
of India shall be such as may be prescribed.
In sub-section(2) of section 18 (ia) has been inserted after clause (i) the
procedure to be followed in compulsory registration of the citizens of India
under sub-section (5) of section 14A;
In sub-section (3) of section 18 the following proviso has been inserted
“PROVIDED that any rule made in respect of a matter specified in clause
(ia) of sub-section (2) may provide that a breach thereof shall be punishable
with imprisonment for a term which may extend to three months, or with
fine which may extend to five thousand rupees, or with both”.
CHAPTER
MNIC TECHNOLOGY
50
The MNIC is a smart card with 16KB of memory designed to be in line with
the specifications laid out in ISO/IEC 7816 and SCOSTA. Earlier smart card
applications of the Government of India have adapted the ISO/IEC 7816
specifications under the SCOSTA (Smart Card Operating System for
Transport Applications) program of the government of India. The cards are
designed to support a minimum of 300,000 EEPROM write cycles and will
retain data for at least 10 years.
The official Government of India Press release that followed the media
launch of the MNIC on 25 May 2007 describes the technology as follows:
The identity card being given to each individual citizen, has a micro
processor chip with a memory of 16 KB which is a secure card. Besides
having several physical features into the design of the card, it is the cyber
security using ‘asymmetric key cryptography’ and ‘symmetric key
cryptography’ that has made the card secure against the risk of tempering
and cloning. The National Informatics Centre has made a major
contribution towards developing the processes for database management and
smart card technology.
The identity card has a microprocessor chip (imported) with a memory of 16
KB which is a secure card. Besides having several physical features in the
51
design of the card, it is the cyber security using ‘asymmetric key
cryptography’ and ‘symmetric key cryptography’ that has made the card
secure against tampering and cloning. The National Informatics Centre
(NIC) has made a major contribution towards developing the processes for
database management and smartcard technology.
“A 16KB card will not hold much if the scope of data in the smartcard is
humungous. An ideal memory would be around 64KB, which will help the
government make the card have enough space to accommodate all service
links”.
CHAPTER
HOW TO UPDATE THE INFORMATION
52
For instance, when a child is born, the parents will need to get the birth
registered. And that data will reach us. The villager will register the
childbirth as he/she sees value in registration. Such registration will come
with a lot of benefits. For instance, it will ensure the child's immunisation
process.
CHAPTER
FUNDING
53
With the central government announcing a panel to implement the
programme of giving identity cards to all citizens of the country, it appears
that this much hyped scheme is finally getting some traction. It is estimated
that this gigantic and complex exercise will involve an expenditure of over
Rs 1.5 lakh crore. It will put India in the club of about 56 countries around
the world, which have some form of national identity cards. These include
most of continental Europe (not UK), China, Brazil, Japan, Iran, Israeland
Indonesia. The idea itself is not new, but in the past it had not received a
clear centralized push. As a result, several pretenders emerged and vied with
each other, creating confusion typical of India. There is the PAN card
created by the tax department but now used for diverse financial
transactions. Then there is the photo ID card issued by the Election
Commission, primarily meant for voting. Earlier, ration cards were the main
stay of identity proof, but lost their relevance as the ration system became
restricted. Driving licenses are popularly used as ID but only a very small
fraction of the country’s billion-plus citizens have them.In 2003, the
government decided to launch a pilot project for providing the Multipurpose
National Identity Card (MNIC) to 31 lakh people in 12 states and one UT.
This exercise was to give a taste of what is entailed in giving ID cards to
citizens. The first card was delivered only in 2007 and it is still in progress.
54
In January this year, the apex court got involved, suggesting to that nation
identity cards should be made mandatory for all citizens. This contributed to
energizing the languishing program. The first step in issuing ID cards is
building a complete computerized record of all citizens above the age of 18.
It needs to be computerized so that it is accessible and it can be updated
constantly. The task is being done by the Registrar General of India (RGI)
under the home ministry, because they have the requisite experience after
all, the RGI carries out the census every decade. In fact, this database is
going to be generated along with the next Census, slated for 2011. It will be
called the National Population Register. The technical challenge is to create
a tamper-proof smart card, which can function in Indian conditions.
A sophisticated software called SCOSTA will reportedly be used for
creating the cards. The cards would contain as many as 16 pieces of personal
information. This information will be stored in micro-chips embedded in the
card and it will be accessible only to authorized users, like police officials.
Apart from carrying personal details like photo, age, address and
fingerprints, the MNIC will contain a National Identity Number, which will
be unique to the individual. The other challenge is to computerize the civil
registration system across the country so that all births and deaths are
entered into the population register.
55
The Government had allocated Rs 100 crore in the interim Budget to startup
this project. The overall cost estimated for the project is likely to be in
excess of Rs 10,000 CroreThe government has earmarked Rs 100 crore in
the interim budget to kickstart the UID project. This pilot is expected to be
on the lines of the social security number in the US and will help in
identifying and providing better services to below-the-poverty (BPL) line
residents. Industry estimates indicate the entire project will be worth at least
Rs 10,000 crore. It’s a transformational project for the country as it will
overlay many underlying projects, creating huge efficiencies for the country
leading to enhanced governance and reduced costs.
One estimate of the cost to completely roll-out National IDs to all Indian
residents above the age of 18 has been placed at Rs 150,000 crore (US$ 30.9
billion). A different estimate puts it at US$ 6 billion. A sum of Rs. 100
crore (US$ 20.6 million) was approved in the 2009-2010 union budget to
fund the agency for its first year of existence.
Initial estimates project that the initiative will create 100,000 new jobs in the
country, and business opportunities worth Rs 6,500 crore (US$ 1.34 billion)
in the first phase of Implementation.
56
CHAPTER
RBI TO ROPE IN MORE ENTITIES FOR UID PROJECT
57
The Reserve Bank of India (RBI) is set to rope in more entities, such as
owners of Kirana stores, medical shops, petrol pumps, as business
correspondents and also ramp up the range of services to be offered by them.
The services will include allowing business correspondents to authenticate
the unique identification number (UID) of a customer and function like a
micro-ATM. The move will help provide over 41% of India’s unbanked
population access to banking facilities. A formal announcement is likely to
be made in the quarterly-review of monetary and credit policy and an
indication to this effect was given by KC Chakrabarty, deputy governor,
RBI. Business correspondents are allowed to do banking business as agents.
“Even an owner of a kirana store could be a business correspondent
equipped with a phone, a finger print reader, a software that mimicks an
ATM and allows a person to withdraw, say, cash in remote villages that do
not have bank branches. The finger print reader will authenticate the
beneficiary and allow him to undertake a financial transaction,” said Nandan
M Nilekani, chairperson, Unique Identification Authority of India (UIDAI),
and co-founder of Infosys Technologies. He was delivering the foundation
day lecture at RBI’s Institute for Development and Research in Banking
Technology in Hyderabad. Mr Nilakeni reckons that the float-funds in
58
accounts, especially of beneficiaries of government-sponsored schemes,
such as the National Rural Employment Guarantee Scheme, will rise as
many of them may withdraw only in tranches. “There will be a huge
opportunity for banks, given that the allocation under the NREGA alone is
around Rs 39,000 crore. The UID will be a powerful catalyst for financial
inclusion,” he said. Currently, over 90% of the retail payments are cash-
based and once they become electronic-based, it would help prune
transaction costs and make banking business more viable. Cash transactions
account for over 2.5% of the country’s GDP and even a 50 bps drop will be
significant. The cost of equipping the business correspondent with the
required infrastructure is estimated at around Rs5,000. The average value of
transaction through this channel will be around Rs 50, far lower than the
average value of a transaction done on an ATM. The UIDAI is also in talks
with banks, Life Insurance Corporation of India, other insurers, state-owned
oil companies, among others, to become registrars or points for enrollment.
It intends to provide on-line authentication of residents. The first batch of
UID will be rolled out by August or by the end of next year, with the
authority setting a target of 12-18 months for the roll-out. The authority
would shortly draw up a plan to implement the UID pilot project in Andhra
Pradesh as the state was ready with a team and required infrastructure.
59
CONCLUSION
60
It has been concluded that the project entitled “Unique Identification in
India” will proved to be beneficiary to the citizens of India as it is a unique
number given to every citizen which contains basic information of every
person. After the ID will be issued there is no need to carry driving licence,
voter cards, pan card, etc for any govt. or private work. For example, foe
opening a new account one has to show his/her unique ID only.
But to some extent it is harmful to the general public as all the data related to
them is stored on computers and can be misused by hijackers if the multiple
security strategies will not be adopted.
REFERENCES
61
MNIC Official site
SCOSTA Official Site
The HINDU Newspaper
Economic Times
The Times of India
http://timesofindia.indiatimes.com
http://economictimes.indiatimes.com
http://pib.nic.in/release/release.asp
http://infotech.indiatimes.com
http://www.indianexpress.com
http://www.google.com
http://www.yahoo.com
http://www.wikipedia.com
62