BACKGROUND

Aadhaar came into being when the Unique Identification Authority of India (UIDAI) was constituted in January 2009. Earlier there had been substantial deliberations at least since March 2006 that finally shaped the constituting of the UIDAI. Some even trace the genesis of the program to the Kargil Review Committee report on the state of national security in 1999.

In 2010, the National Identification Authority Bill was tabled that would have given the UIDAI and the Aadhaar program comprehensive legal status. But this did not happen, as the bill was not passed by the Indian Parliament. However the deliberations during this period, that are documented quite substantially in the forty-second report of the standing committee on Finance submitted in December 2011 clearly show the wide ambit of consideration that have gone into the discourse, and include policy and administration as well as technology and civil rights, represented by extremely competent persons from the respective fields. Some of the apprehensions expressed then, seem less important today, but some continue to be extremely relevant.

Following this, there have been petitions before the Supreme Court – in 2013, 2014 and then 2015 – that give Aadhaar its present shape – a scheme that the state can deploy for welfare programs, and can be called upon to address national security, but which is voluntary and at the same time recognizes individual privacy.

Some of the old fundamental questions still remain – the modalities of enrolment entrusted to private agencies, its relation to the National Population Register and concerns related to inclusion and exclusion due to reasons as diverse as politics and logistics.

On the other hand, Aadhaar has been extremely popular among the people, and even if somewhat sporadic, it has served various exemplary purposes such as enrolling extremely vulnerable individuals like the street children, perhaps for the first time in the history of independent India.

Aadhaar had already been successfully deployed for managing the subsidy extended to consumers for purchase of cooking fuel such as Liquefied Petroleum Gas (LPG) and accessing the Public Distribution System (PDS). With the Supreme Court of India giving the go-ahead for its use for other government welfare programs, there is little doubt about its sustained economic success. What is more, it has the potential to address more complex welfare programs in areas such as energy and health.

On the sidelines, it is interesting to note that Aadhaar does provide significant commercial opportunities, directly and indirectly that is certainly contributing to the momentum that is likely to see the largest ever identity program on the planet soon cross the one billion enrolment mark.

Even though unwritten, there also seems to be an underlying aspirational positivity that contributes to the phenomenal public participation in the program and thus contributes to its acceptance and success.

The significance of this study is to see how the Aadhaar model could be implemented in other nations and societies, because in India its success has had to depend on such a variety of factors. Are these always necessary or could Aadhaar-like systems exist in significantly different nations and societies? This paper attempts to list out critical success factors and suggest possible enhancements, especially to meet the ambitious target set out by the United Nations – to provide legal identity and birth registration to all by 2030 (refer SDG 16.9) – a target that is likely to involve nearly two billion individuals worldwide.

UIDAI FORMATION

The Aadhaar program, under which every resident of India is to be enrolled with multiple biometrics is currently administered by the Unique Identity Authority of India (UIDAI). Within about five years since its inception, the program is about to cross the magic one billion mark that constitutes 77% of India’s population, and equally important, 13.5% of the world.

How the UIDAI itself came to be, is best described in a parliamentary report (Standing Committee on Finance 2011-12 Forty-Second report – December, 2011) under Part-IC titled – Evolution of the UIDAI – that lists the following:

03-March-2006: The concept of a Unique Identification (UID) was provided an administrative approval under the scheme “Unique ID for Below Poverty Line (BPL) families” by the Ministry of Communications and Information Technology, Government of India.

03-July-2006: A Processes Committee was set up to “suggest processes for updation, modification, addition and deletion of data fields from the core database”. This committee appreciated the need for setting up a UID authority for this purpose that must be “pan-departmental and neutral” and thus created by an executive order under the planning commission.

04-December-2006: The Prime Minister constituted an Empowered Group of Ministers (EGoM). Since the Registrar General of India was already engaged in the creation of the National Population Register (NPR), the issue of how to collate the two schemes – the NPR and the proposed UID – needed to be examined. The EGoM met four times, on 22-November-2007, 28-January-2008, 07-August-2008 and then finally on 04-November-2008, and went into issues such as: whether to create the database de novo, or base it on existing data, the institutional mechanism, ownership and responsibility. The fourth meeting, inter alia, decided to notify UIDAI as an executive authority. Decision on investing it with statutory authority was deferred for later. Also, the UIDAI would be anchored in the Planning Commission (directly under the Prime Minister’s office) for a period of five years.

While the UIDAI was constituted soon thereafter on 28-January 2009, two bodies were set up along with – the Prime Minister’s Council of UIDAI on 30-July-2009 and a Cabinet Committee (CC-UIDAI)  on 22-October 2009.

The First Meeting of the Prime Minister’s Council of UIDAI Authority took place on 12 August 2009, and decided on issues such as the legislative framework, strategy endorsement, budget, biometric and demographic standards as well as organization structure. Also setting a precedent by appointing an eminent person from the IT industry – Nandan Nilekani as the first Chairman of the UIDAI for a period of five years, the Prime Minister’s council sought to break new ground by facilitating an open, broad, flexible and market-oriented human resource policy.

The Cabinet Committee provided a high-level coordination mechanism among ministries. However, this was one of the four cabinet committees to be disbanded immediately upon the taking over by the new central government in April 2014.

DEBATE ON LEGAL STATUS & BIOMETRICS

In the first among numerous written references as to why conferring a statutory status was deferred, the Ministry of Planning responded:

“Based on the proposal that formation of the UIDAI under the Planning Commission would ensure better coordination with different departments, it was decided that initially the UIDAI may be notified as an executive authority under the Planning Commission and the issue of investing the UIDAI with statutory authority and the reconciliation of such statutory role with National Registration Authority (NRA) can be considered at an appropriate time.”

Subsequently, there are other references to the issue of “the executive versus the statutory” and a balance between the two seems to have been considered critical for the success of the program.

Two other points came up for discussion and were concluded through a written response.

The first was perhaps the most far-reaching and had three sub-parts: that the UID scheme be extended to “all” residents and “other categories of individuals”. The second was that it minimizes future field-level data collection and the third that the UID number become the common link between existing and future identity based databases.

The second was a claim from an eminent scientist that the failure to enroll fingerprints in the Indian environment would be as high as 15% especially among the poor, who depend on hard physical labor with their hands, and thus the scheme would not be suitable in the Indian situation. In its reply the Ministry contended that while failure to enroll is a reality, but was not anticipated to be so high and provisions were made to manage exceptions.

Since then, issues pertaining to the former – coverage and linkage – continue to be contested. Some aspects of it even came up for hearing in the 2015 Supreme Court hearing.

However, misgivings regarding the latter have been largely dispelled. When Aadhaar enrolment had touched the 100 Million mark, the failure to enroll was as low as 0.14% (FRR 0.057% and FAR 0.0352%) which is around the universal norm. As Aadhaar aims to be as inclusive as possible, an exception-handling system is also in place to enroll individuals who report failure to enroll. Here it may be noted that it was this exception-handling system that was exploited by insider individuals to create identity spoofs – the most famous being an Aadhaar identity being issued to Lord Hanuman – the monkey God and also to the humble coriander leaf. Since 2012, controls and systems have been strengthened and recurrence of such frivolous exceptions has not been reported since.

Of course, the question still remains if the accuracy would hold when the system touches the One Billion mark that is ten times the volume since the last test results were reported. As such, a major deviation should not be expected, as volume increase is usually handled through increasing processing power in a parallel configuration. To re-cap – Aadhaar continues to provide evidence of uniqueness of identity based on face, ten fingerprints and two iris – which has been a phenomenal vindication of this nineteenth century discovery using twenty-first century computing power.

Regarding the tenability of UIDAI operations in the absence of corresponding law, there are also written replies of the Planning Ministry, opinion of the Attorney-General of India, and lastly the reply of an independent expert, Dr. Usha Ramanathan. A large part of this discussion veered towards “legislature versus the executive” arguments, with only some attention to data security and privacy, or confidentiality.

Essentially, the position taken was that based on the executive order, the UIDAI could go ahead in collecting data including biometrics. Perhaps, the crux of the justification lies in this: “ … it is a settled position that powers of the Executive are co-extensive with the legislative power of the Government and that the Government is not debarred from exercising its executive power in the areas which are not regulated by specific legislation …” As expected, this argument is placed in the context that it is for the time being, and at some time in the future legislation would be framed. As for dealing with breach of data security and confidentiality, it was stated that this has not happened, and should it happen before legislation is in place, these matters will be covered by the “relevant laws”.

The excerpt of the opinion of the Attorney-General of India states, “… The Authority presently functioning under the Executive Notification dated 28^th January 2009 is doing so under valid authority …”.

It also goes on to state, “The power of the Executive is clear and there is no question of circumventing Parliament or the Executive becoming a substitute of Parliament. On the contrary, what is sought to be done is to achieve a seamless transition of the authority from an Executive Authority into a statutory authority.”

Finally Dr. Usha Ramanathan invokes Article 73 of the Indian Constitution and continues discussion on the delineation of the extent of executive power.

THE UID SCHEME

It has been stated that any resident can obtain an Aadhaar number by providing the requisite demographic and biometric information to the enrolling agencies. In case no documentary proof is available, a resident can be introduced by an introducer. To be operated across the country, the UIDAI has signed memoranda of understanding (MoU) with all the states and union territories as well as financial institutions. Further, the UIDAI only requires basic identity data and bare minimum demographic information.

Also, a number of flaws and loopholes began appearing early enough and inter alia, pertained to false affidavits being used for enrolment, data accuracy and the need for conducting checks. For this, the response was to put in place verifiers to be appointed by the registrars. Also, the need to monitor adherence to the procedures came up due to non-standard conditions in some of the MoUs – a typical occurrence in a federal polity.

AADHAAR COMPARED TO GLOBAL EXPERIENCE

A specific reference was made to the UK Identity Cards program that was abandoned on the basis of the findings of a London School of Economics (LSE) report, and as a result the Identity Cards Act, 2006 was repealed. Four specific differences were high-lighted: the UK system involved issuing a card with individual information and biometrics, Aadhaar is only a number, the UK ID card was to me made statutorily mandatory, while Aadhaar is voluntary, the number of data fields in the UK are large and requires accurate information on other ID numbers, Aadhaar collects limited information and its database is not linked to other databases, and finally the UK approached it from a security perspective, while Aadhaar focuses on welfare benefits and services.

AADHAAR – OTHER ISSUES

Various other issues were also pondered upon and addressed. These include Aadhaar’s relationship with other (and existing) identity systems such as the voter ID card. Aadhaar was sought to be positioned as being the single document that is uniformly acceptable as proof of identity across India, and the Aadhaar number as an “enabler”.

An important point came up in July 2011, focusing on the difference between Identity and Eligibility. This was important for welfare schemes, and the question of inclusion (and exclusion) arose. Dr. Reetika Khera, an independent expert with background of economic welfare schemes such as the MGNREGA (Mahatma Gandhi National Rural Employment Guarantee Act) and the PDS in India and a student of the eminent economist, Dr. Jean Dreze, deposed before the committee that “… exclusion is more on account of poor coverage of these schemes. Say, for instance, in the Public Distribution System, the Planning Commission says that only ‘x’ per cent of the rural population will get the BPL cards and because of that cap that is set at the Central level, we find that lots of people are excluded.”

It is in the context of more effectively managing the duality of Identity and Eligibility that perhaps UIDAI can consider enhancements in its data search and match capabilities, well within its existing mandate.

On the question of the Aadhaar number and the National Population Register (NPR), it has been made clear that, “… the UIDAI is adopting a multiple registrar approach and the Registrar General of India (RGI) will be one of the Registrars of the UIDAI.” To an outsider it would appear that this view has neither been reconciled, nor settled till now.

Lastly, coordination issues have cropped up every now and then and already by October 2011 a number of news items had appeared for which explanations were provided. Inter alia this included issues with the Finance Ministry, Ministry of Home Affairs, the Reserve Bank of India and even between the Planning Commission itself and the UIDAI. Some of these claims were later found to be incorrect, others related to the so-called “turf” war between departments and finally those that were unforeseen, and arising for the first time, primarily due to the size of the program and multiplicity of stakeholders.

AADHAAR & CIVIL LIBERTY

The civil liberties perspective was addressed by the Planning Commission (Ministry of Planning) itself stating that appropriate steps had been taken. PRS, a voluntary body that supports the parliament on policy matters had queried about the possibility of the unique identifier being used to link various databases and the Ministry had responded that this would be addressed by a separate data protection legislation that is being considered by the DOPT (Department of Personnel and Training), custodian of the Right To Information (RTI) Act in India.

The National Human Rights Commission (NHRC) was also asked to comment and an excerpt of their contribution to the proceedings states: “… the right of privacy presupposes that such information relating to an individual which he would not like to share with others will not be disclosed. It may be mentioned that the right to privacy is not an absolute right …”

However, it was the individual expert, Dr. Usha Ramanathan who made a crucial connection among: constitutional protection, privacy, security and safety, the invasive nature of biometrics and finally of prevailing upon individuals to share such private information as a pre-condition for availing basic welfare. To highlight the inherent dangers, she further quoted a Philippines Supreme Court ruling, “… the data may be gathered for gainful and useful government purposes; but the existence of this vast reservoir of personal information constitutes a covert invitation to misuse, a temptation that may be too great for some of our authorities to resist”.

FINANCIAL IMPLICATIONS

Over time, this issue has largely been settled, as Aadhaar has proven to be one of the least expensive foundational identity systems in the world. Against systems that have costed countries as much as Euro 25 per capita, Aadhaar has costed the exchequer as low as just one Euro.

However, during the committee proceedings, the process of arriving at and approving the expenditure were highlighted. This included, for example pointing out that a DPR had been prepared (Ernst & Young, April 2011) but no formal process (committee) was created for discussing, evaluating and accepting this.

After all has been said and done, at the end of August 2015, approximately 890 Million Aadhaar enrolments had been completed (about 920 Million as of now – November 2015) the precise cost incurred is about Euro 1.05 (INR 75.04) per person.

At that time the Ministry of Planning was unable to produce comparative costs of other ID programs in India such as the voter ID, income tax PAN card and the Driving License. However as some of this data is publically available now, it can be said that the costs are comparable subject to differences in deployment and technology. For example, the Voter ID (and PAN card) has no biometrics and the Driving License has only fingerprint biometrics deployed in verification or one-to-one mode and not in the one-to-many mode. Moreover, there are also differences in the type of card.

A point was also made about the revenue model, but it was clarified that to start with Aadhaar based services would be provided free of cost. There was no discussion about any comparative cost-benefit analysis with and without Aadhaar as a basis for identity. However this has been discussed separately, especially in the case of LPG distribution.

TECHNOLOGY

Biometrics is certainly the key issue when discussing technology for the Aadhaar project. At the start, the big apprehension was that biometrics for unique identification was proven for numbers such as 50 Million (FBI), but would it work for 1.2 Billion? Besides unique identification, there were also related questions that is technical parlance are known as “false acceptance”, “false rejection” and more important, “failure to enroll”. To reduce these possibilities, multiple biometrics were introduced: face, fingerprints and iris. In layman’s terms it was reckoned that one face, ten fingerprints and two iris would be adequate to differentiate this large number of individuals. As such, while detailed reports are awaited, this assumption seems to have held so far.

CITIZENSHIP, SECURITY & QUALITY

Aadhaar, by definition is available to everyone residing in the territory of India. The issue of citizenship was by implication to be addressed separately, and it is not too far-fetched to imagine that the NPR would continue to be the custodian on the issue of citizenship. In this case the question left unanswered was: what if an illegal resident, or in the worst case, a terrorist enrolled with Aadhaar? The answer was administrative in nature – it was the responsibility of each registering entity to ensure the legality of each enrollee. Further, in case an illegal resident has been enrolled, the Aadhaar number could be omitted or deactivated.

There is also a lingering problem of the data capture quality and this is often attributed to the franchised private enrolment companies, which are hundreds in number. It is well-understood that a number of problems encountered in the initial stages, were subsequently addressed and this itself led to significant reduction in errors and anomalies. However, operator complicity continues to be a recurring problem, often casting grave doubts on the managed security aspects of the Aadhaar program, and time and again this has been in the news. This has included, as already stated, issuing the Aadhaar number to the gods and vegetables, and recently it was detected that a franchise was blatantly issuing identity cards at a price to gullible Aadhaar holders. However, such cases seem to have been exceptions, and have not recurred widely.

THE COMMITTEE’S CONCLUSION

To re-cap and sum up – these were the proceedings of the Standing Committee on Finance (2011-12) Fifteenth Lok Sabha, Ministry of Planning – The National Identification Authority of India Bill, 2010 – Forty second report and completed in December 2011.

Part II of this document are the Observations / Recommendations (sic), which took a very adverse view and the concluding para (13) states:

“In view of the afore-mentioned concerns and apprehensions about the UID scheme, particularly considering the contradictions and ambiguities within the Government on its implementation as well as implications, the Committee categorically convey their unacceptability of the National Identification Authority of India Bill, 2010 in its present form. The data already collected by the UIDAI may be transferred to the National Population Register (NPR), if the Government so chooses. The Committee would, thus, urge the Government to reconsider and review the UID scheme as also the proposals contained in the Bill in all its ramifications and bring forth a fresh legislation before Parliament.”

This Parliamentary Committee had a total of thirty two members, of which four submitted notes of dissent with this finding. However the story did not end here.

AADHAAR – POST THE FORTY-SECOND REPORT

Post December, 2011 many departments, often under the state administrations, came up with directives requiring the Aadhaar number as the proof of identity, some even with cut-off dates after which no proof other than Aadhaar would be acceptable. Socially, this was becoming reasonably acceptable as larger percentage of population now had an Aadhaar number. However, at the same time, resistance from civil society also continued to spread. Many petitions were submitted in lower courts that were eventually consolidated at the Supreme Court of India. Till date, one can count thirteen distinct petitions (after bunching together many which were similar in nature) on which the Supreme Court has given six interim orders and final orders, in all.

On 23-Sep-2013 the court ruled that the Aadhaar card or the UID number will not be mandatory for availing services or benefits under various government schemes. It listed: LPG subsidy, transfer benefits, food security, vehicle registration, scholarships, marriage registration, salaries, provident fund etc. This was in light of the fact that in various states, such schemes had started asking for the Aadhaar number from applicants.

Another aspect of the petition was that of Aadhaar cards and illegal migrants, to which the court simply said that – while issuing Aadhaar card, government should verify whether the person is an Indian citizen or not. The cards cannot be issued to illegal migrants and that, Aadhaar is not compulsory for government benefits. In subsequent judgements, the Supreme Court continued to reiterate this view, and has essentially remained consistent and in later orders, it has also been prescriptive about where and how the Aadhaar number can be used, and where not.

On 24-March-2014 the Supreme Court further restrained the UIDAI from transferring any biometric information to any other agency without consent. Further, the interim order added that no person shall be deprived of any service for want of an Aadhaar number, if otherwise entitled and to modify any forms and circulars that might have communicated the notion that the Aadhaar number is a compulsory requirement.

On 17-March-2015 the Supreme Court (or rather “a fuming Supreme Court” – as many newspapers were to report) once again reiterated that – No person should be denied any benefit, or “suffer” for not having the Aadhaar cards issued by the UIDAI. Thus clarification was issued because there were many departments still giving the impression that the Aadhaar Card is mandatory. By then over 750 Million Aadhaar numbers had been generated.

On 11-August-2015 however, the Supreme Court, after a longer hearing before a three-judge bench and considering nearly thirteen different petitions on the subject, passed a more considered order and reiterated that: the government must give wide publicity to the fact that the program in not mandatory, the Aadhaar card will not be a condition for obtaining any benefits otherwise due to the citizen, the UID number shall not be used for any other purpose than the PDS and LPG (functions managed till now using the ration card) and lastly, it shall not be used for any other purpose except as directed by court for criminal investigation.

However, another important aspect was that the matter had to be more fully (and finally) decided by a larger bench (usually five judges or more) and the important issue to be settled is the right to privacy which came up for discussion during the hearing.

One contention before the Supreme Court was that the collection of biometric data is violative of the “right to privacy”. One point of view has been that this right is implied under Article 21 of the Constitution of India (the right to life and personal liberty), and others have also stated that it is embodied within the fundamental rights guaranteed under Part III  – especially Article 19(1)(a) – the fundamental right to freedom of speech and expression. However in light of various judgments especially two subsequent landmark cases (in 1954 and 1963) the legal position of these rights is also considered doubtful, and that this was somehow contradictory and inconclusive.  This was reflected in the usage of the phrase “jurisprudentially impermissible divergence of judicial opinions” by the Attorney-General during the arguments in this case. In an oversimplification, the newspapers had then reported that under the Constitution of India, the right to privacy does not exist.

It is important to note that at this stage, pressure was mounting to deploy Aadhaar for a number of other programs as well. After the Aadhaar program had been launched, the government had specifically reconfigured welfare schemes that assumed its effective deployment. Both the targeting and fraud-prevention were essentially dependent on Aadhaar.

On 08-October-2015 once again, this time the Government being the petitioner raised the issue before the Supreme court to allow a wider use, encompassing banks, stock markets and phone companies, with some of the uses that went well-beyond welfare, and into the realm of security, money laundering as well as terrorism. Significant institutions backed this petition, such as the Reserve Bank of India (RBI), The Securities & Exchange Board of India (SEBI), The Telecom Regulatory Authority of India (TRAI) as well as the newly formed Pension Regulatory Authority. The Attorney-General specifically sought to give an assurance that no personal information would be shared. The government also made the plea that it had gone too far down the road to roll the scheme back.

However, the three-judge bench refused to concede to this demand for wider use and stated that this could only be decided by a larger Bench and only when the broader issues such as the right to privacy were resolved. Thus a status-quo was maintained, reiterating once again, the limited use, non-sharing of information and the voluntary nature of the Aadhaar scheme.

On 16-October-2015, it is interesting to note that despite a huge backlog of over 150 cases requiring a five-judge (or larger) Bench, Aadhaar came up for the next hearing, and was heard by a five-judge Bench headed by the Chief Justice of India, himself. At the end of this hearing, while still reserving opinion on the larger issues like privacy, the use of Aadhaar was indeed extended to the Mahatma Gandhi National Rural Employment Guarantee Act (MGNREGA), various pension schemes, the Jan Dhan Yojana (JDY) and the Employee Provident Fund (EPF).

During this hearing, the petitioners went to great lengths to establish that Aadhaar was a voluntary authentication system and not a snooping device. In the end, the submission that it will continue to be voluntary, no person will be denied benefits and that the matter still needs to be “finally decided” won the day, and the five-judge Bench seemed to agree to this extended use, and the Attorney General agreed to submit a letter to the court for all the assurances made.

Meanwhile at the end of October 2015, the Aadhaar enrolments touched 928 Million, and the overall expenditure still stood at just over One Euro per person or Rupees Seventy Five.

THE DRAFT BILL

The draft National Identification Authority of India Bill, 2010 (Bill No. LXXV of 2010) may have been sent back to the drawing board by the Parliamentary Committee in 2011, however its essential features are likely to survive any re-drafting. These are:

• The establishment of the National Identification Authority of India (NIAI) to issue the Aadhaar number to residents of India.
• Every person in India can obtain one after furnishing relevant demographic and biometric information, and no information pertaining to race, religion, caste, language, income or health shall be collected.
• The information shall be stored in a Central Identities Data Repository (CIDR) and used for providing authentication services.
• Sharing data is prohibited, except with the consent of the holder himself through a court order or for security purposes, authorized by a high-ranking government official.
• The draft bill also envisages an Identity Review Committee which shall monitor the usage of Aadhaar numbers.
• Penalties are prescribed (prison terms and / or monetary fines) for: impersonation at the time of enrolment, disclosure of identity information, unauthorized access to the CIDR, tampering of data, manipulating biometric information, among others.
• It is made clear that Aadhaar is not evidence of citizenship or domicile.

The key issues and analysis inter alia (as per the commentary prepared by PRS and others) are:

• The bill does not make it mandatory for an individual to enroll, however at the same time, it does not prevent a service provider from prescribing Aadhaar as a mandatory requirement.
• The individual information shall be shared with agencies engaged in delivery of welfare services only with prior written permission from the holder. However it is not adequately clear if the data is adequately protected, once signed off in this manner.
• The bill requires the NIAI to disclose identity information in the interest of national security. However, the protection of privacy is considered inadequate, and differs, for example from the Supreme Court guidelines for telephone tapping, which requires authorization at a much higher level (Home Secretary) and can only be allowed for a limited periods of time (two months).
• Cognizance of an offence can only be filed by the NIAI, and this is viewed as a potential conflict of interest, in case NIAI members are involved.
• Details of what data needs to be recorded is left to the NIAI, and it has been suggested that this should be under review of the Parliament.

The most potential stress-points seem to be related to:

• Having so much personal data in a CIDR. It is felt that despite safeguards and checks, this will always be vulnerable to theft as well as misuse and no real protection is possible.
• The Right to Privacy Bill is yet to come into being and some of the incumbent issues are already discussed in this context. It is felt that that first the Right to Privacy Bill could be enacted and only then the NIAI Bill.

In general, comparison of the draft NIAI bill is made with the UK National Identity Card scheme that was scrapped in 2011 and the Real ID Act of 2005 in the USA, which has also been opposed in many states on the basis of both privacy and security.

Work on a legislation on the Right to Privacy has also been initiated, back in 2010 itself (when the draft NIAI bill came up for legislation) and is being managed by Department of Personnel and Training (DOPT), custodian of the Right to Information (RTI) Act. A draft for discussion is available in the public domain (reference 17/1/2010-1R dated 18-October 2010). Surely this discussion has subsequently evolved since then.

THE WAY FORWARD

Recently, the United Nations has stated among its Strategic Development Goals (refer SDG 16.9) that legal identity has to be provided for all with birth registration by 2030. It is estimated that nearly Two Billion individuals will need to be covered for this to happen, mainly located in Africa and South Asia.

To achieve this an international effort is underway calling not only for mobilization of resources, but also revamping many of the aspects that need to support this and related initiatives. For this Aadhaar is being looked upon as a best practice that is viable for transplanting into most of the geographies where it will be needed in the coming decade and a half. In this context, it is useful to evaluate further, many aspects of Aadhaar and finally look at how these can be adapted in the African situation.

Balance between Identity & Registration – as can be seen from the discussion and debate that has been generated, this is clearly an important concern. In the case of Aadhaar, it has been kept separate from the National Population Register (NPR) which includes the civil registration of births and deaths. Both are also under the purview of separate ministries and are governed by separate acts and executive orders. The situation differs from country to country and is also dependent on what is assumed to be the prime record and which system is attributed greater reliability. In some African countries, the electoral role for example could be the principal record of persons in the country and all others are derived from it. Each application has principal short-comings (for example – electoral rolls are not amenable for registering children, Aadhaar is not suitable for citizenship etc.) and thus one line of thinking is to have composite records spread across multiple applications.

The process of registration (births, for example) has three problems. One is that births take place in every possible location and at any given time. For them to be timely communicated and authentically recorded still remains a challenge in many parts of the world. The second is to create an authentic connection between the event and its related documents (a register and a certificate) – the breeder document problem. Finally, all this is part of statistical models that endeavor to accurately predict population numbers. Such models can simply be empirical time-series, or somewhat more parameterized – consisting of estimates for: population, birth and death rates, sex ratio, age pyramid, number of females in the reproductive age, fertility rate etc.

It is often the dream to be able to build increasingly reliable models, however these will at best still be estimates, corrected periodically through a decadal census, for example. However, these are important in order to continuously assess if identity systems are comprehensively inclusive and do not become tools for exclusionary action between the citizen and the state.

In India Aadhaar plays the role of the foundational ID system with biometrics and is managed by the UIDAI which falls under the Department of Electronics and Information Technology (DEITY) currently (the Ministry of Planning having been disbanded), and the NPR, civil registration and census are managed by the office of the Registrar General of India (RGI) which falls under the Ministry of Home Affairs (MHA).

In practical terms, some additional systems will be required that can help synchronize these, but do not violate essential principles of privacy and data security, which is usually a function of all three: system, process and environment.

Harmony among functional applications – is important to ensure consistency but inter-linking identities across applications or databases in most cases extremely violates principles of privacy. In India, for example there is the electoral roll, income tax PAN, Aadhaar and the NPR. Other very-massive identity databases also include EPF and the RSBY. However, the Supreme Court has blocked the linking of these databases using the common Aadhaar number. What are the alternatives? Some thought needs to be given to this, both in order to recognize possible benefits (examples – verify address, name spelling etc.) and to have strategies in place about how it can be implemented.

Identity & Eligibility – Even at the initial stages of discussion, it was settled that Aadhaar would only address Identity and not eligibility, which would be within the ambit of separate functional systems. For example, a pension scheme might need data on an individual’s age and employment. In India some welfare benefits are provided to family as a unit, and thus requires identification of an individual as head of family and also put in place checks that any family does not draw benefits more than once.

Eligibility check and its relationship to identity varies by application, context and country. However it is possible to look at more generalized ways of managing this, given the range of tools and techniques available.

History & cultural acceptance of citizenship – This is one of the intangible aspects that influence and affect identity systems often at a day-to-day working level as well. Take the example of Kashmir, where the governments are moving towards soft borders and making it easier for the local population to move in relative freedom across the international border. Thousands of workers travel daily across borders in Africa for work and trade (examples: Lesotho – South Africa, DRC – Rwanda) and the EU is barrier-free for Europeans. It is not unrealistic to expect identity systems to address such issues in the near-future.

Geo-politics surrounding the nation – Some regions are more complex and sensitive than others, and this could require identity systems to address issues in different ways. For example the Syrian crisis has caused a spurt in international migration spreading right across the middle-east, central Asia, Eastern Europe and finally reaching Western Europe.

In India, for example the land borders are with unfriendly neighbors and often in inhospitable terrain. As can be seen from the Aadhaar enrolments, despite widespread success in the heartland, it is still to catch up in many border regions. This could be a commonly occurring phenomenon in Africa as well. South Africa is an example of contrasts. The country itself has an effective and elaborate identity system (HANIS). Its border with Lesotho is well-managed – with about 80,000 workers, either crossing daily or at weekends. However the situation with Zimbabwe continues to be alarmingly ill-defined. Just the estimate varies hugely from one to five million, and the crossings continue to be a mix of legal, illegal and under assumed names. All combinations are known to exist – one person having multiple identities and curiously multiple persons sharing a single identity.

Internal demographic forces – Vicious politics seems to come to the fore and affect identity systems when internal demographics are deeply divided, as it can affect democratic outcomes and the power base of politics. Issues related to addressing minorities, subtle and even unintended caste bias often come into play, for example in the location of enrolment centers or voting booth. Recently a national identity system has been introduced and is likely to be a significant part of the reconstruction of Iraq. But how it pans out still needs to be seen.

Coverage of Population – certainly a major plus-point for Aadhaar, that has completed the enrolment and assignment of unique Aadhaar numbers to 928 Million individuals by the end of October 2015. This somewhat exceeds the population of the entire continent of Africa. While statistics are generally not available about how the numbers are distributed across the socio-economic spectrum, minorities, age-groups and gender, the coverage is quite overwhelmingly large, to believe that the enrolment has been deployed fairly and evenly. An interesting apprehension is that perhaps those that matter have been covered, and not the same enthusiasm would be sustained to cover the last 100 (or 200) Million – belonging to perhaps a combination of economically weak, minorities living in remote areas. Currently there is no sign of this happening. On the other hand, there is the not-uncommon almost mythical suspicion as well, that the Indian population is over-estimated by a similar number. In any case Aadhaar is now closing the gap on this last 200 Million.

African population figures too still need to be rigorously tested. As discussed separately, Aadhaar was a viable opportunity for thousands of small local enterprises (often franchised under a central umbrella) to be the entrepreneurial force behind the enrolment operation, the logistics of which can be back-breaking, as there is no real conveyor-belt short-cut to enrolling individuals. They need to arrive at a center, queue and wait. Systems need to be operational often under challenging conditions, and finally processes need to be meticulously followed – checking of breeder documents, accurate data entry and finally biometric capture.

In African countries, often the population is spread more thinly (persons per square kilometer: India 436, Libya 4, Namibia 3) and country sizes being different, requires the costs and business models to be viewed differently. However, this is something that is already manifest in the existing project costs and is reasonably well-understood.

Relative strengths and maturity of the institutions – one of the ideas of presenting a summary of discussions around Aadhaar was to show that India has a vibrant and enthusiastic public space where the issues continue to be discussed with an eclectic mix of international scholarship and local politics. Aadhaar is also currently going through a second wave of political leadership and in the end it is hoped that there will be lasting consensus for its continued existence and deployment. It is almost as if the politics, bureaucracy, business and the people have come together. This is certainly a reason for its continued success in the enrollment numbers, despite an absence of legislation and repeated court orders. Also the cost of the program has continued to be consistently low. If all this will be possible in all or some African nations, still remains to be seen.

Multiplicity of departments & levels – As with identity programs, it needs to reach out to every individual and is often interrelated with many administrative aspects. In India it was possible because, for its love for the bureaucracy, there is a department for everything and also administration exists at every level: center, state, district, tehsil and village. Every village will have a semblance of a public place – a primary school, an aanganwadi or a panchayat office that could be readily deployed for Aadhaar enrolments. Experience in Africa has often revealed the absence of such public spaces, even in urban townships.

In India, for example the civil registration in often delegated to various departments – dedicated cells of the RGI, civil supplies and even health and family welfare. Thus required skills are more widely available. The same can be expected from African countries as well, but perhaps not in as ample quantities.

State of economic development & infrastructure – Sustaining the Aadhaar program has had its own challenges and does assume a minimum infrastructure like reasonably good internet connectivity, power and say motorable roads to the last mile. India has all this today, and maybe three decades earlier, a program like Aadhaar would have been extremely difficult to manage across the length and breadth of the country. Recently in an African country (as recent as 2013) it was reckoned that at least 50% of the population would need to be covered on horse or mule-back. Or else, people would need to travel to distant enrolment stations, which was generally found to be infeasible. These type of differences would also likely stress on adapting the Aadhaar model for the African situation.

State of technology & human resources – India also has a ready workforce of computer professionals as well as human resources required for the mass enrolment – data entry, maintenance & installation, basic computer operations, backup & recovery – often simple yet mission-critical tasks that needed to be done endlessly to keep Aadhaar going. This also needed to be combined with abilities for local language, cultural and even ethnic affinity. Often this is not found in as much abundance in many parts of Africa. Many Aadhaar enrolment franchises had already been involved in the electoral roll enrolments that provided a learning ground, and indeed the mistakes made then have largely been avoided in Aadhaar.

Sensitivity to empowerment issues – While gender statistics of Aadhaar enrollment were not readily available at the time of this compilation, the UIDAI has been conscious about the significant shortfall in the enrollment of children, and have recently announced a tablet based enrolment version that can be deployed more easily by inter alia, providing to health workers. Also, biometrics of those below a cut-off age can be collected later.

Amongst children below five years of age, only 11.6 Million have been covered as against an estimated 112.8 Million. Of the 351.2 Million people still to be covered, about 235.8 Million are estimated to be below 18 years of age.

It has been recognized that implementation of identity programs needs to be sensitive to almost every human factor. The Aadhaar guidelines for enrolment make interesting reading, as they cater to the wide variety of situations that could arise, especially in a diverse country like India.

The same would be true for African countries, and it is expected that each country situation will require both innovation and flexibility, as well as dedication and sensitivity to achieve this.

Public aspirations – In India public aspirations seem to be aligned well with the principal ideas behind Aadhaar. Perhaps these stemmed from the promise of empowerment for harassment-free access to public services. Even though limited, its application to LPG distribution has been well-received. However similar situations may not exist in all African countries, and advocacy, especially to set realistic expectations, may be required.

Summary of Issues

	Particulars	Aadhaar Context	Africa Context
1	Balance between identity & registration	Relationship with the NPR, which has legislation and system in place, but implementation needs to be strengthened	Legislation and systems may also be required
2	Harmony among functional applications	Not legally permissible using Aadhaar number on grounds of privacy	Both legal and system requirements need to be understood
3	Identity & eligibility (w.r.t. programs)	Does not address eligibility	Composite systems may be required addressing both
4	History and cultural acceptance of citizenship	Does not address the issue of citizenship	Citizenship laws need to be aligned to international norms with advocacy for its acceptance
5	Geo-politics surrounding the nation	No specific provision, but the genesis lay in border area citizen identification	May be critical in some countries
6	Internal demographic forces (affecting inclusion & exclusion)	High enrolment coverage belies any counter-forces	Additional safeguards may be needed
7	Issues regarding coverage	Aadhaar model has been successful	May need to find country-specific strategies based on politics, logistics and system availability
8	Strengths & maturity of institutions	Active role of the legislature, administration and the judiciary	May exist only to a certain extent in country-specific situations
9	Multiplicity of departments & levels	Creates bureaucratic hurdles, but also a safety net in some cases	Could be inadequate in certain countries
10	State of economic development & infrastructure	Current Indian situation was adequate for implementation	Could require additional inputs in country-specific situations
11	State of technology & human resources	Is more than adequate in India, e.g. mobile infrastructure	Could require additional inputs in country-specific situations
12	Sensitivity to Empowerment issues	Still evolving in India, but backed by strong civil rights activism	May be inconsistent and sporadic
13	Public aspirations	Public are by and large aligned with the idea of Aadhaar	May require additional advocacy

CONCLUSION

While country-specific solutions will usually need to be formulated in order to maximize their effectiveness for a successful identity program, these could incorporate the following features, in order to successfully extend the Aadhaar model to other countries:

• Multiple enrolment modes like birth registration, followed by full identity enrolment including biometrics.
• More comprehensive biographic capabilities for managing inter alia, names and locations. These capabilities can help give a system orientation to existing cultural practices. Many countries also require streamlining of location – specification practices as well. Biographic search and match can be more effective than biometric search in many situations.
• Encapsulation of citizenship laws so as to support adjudication to be as objective as possible. Various models are possible.
• An open framework of functional identity applications can be provided along with, so as to make it easy to use at the local level. These could relate to maternal and child health for example. This could also address the registration side of vital statistics.
• Flexibility pertaining to devices and technologies, for example greater use of mobile technology, even for birth registration.
• Flexibility on the deployment of biometrics – modes, algorithms and fusion, depending on country-specific situations.
• Initiate the use of cost-effective techniques associated with data security and privacy such as anonymization, tokenization and limited temporary storage.

Lastly, it is felt that even though more study might be required of specific issues, Aadhaar provides adequate background and reference material to find the right trajectory, to take on the onerous challenge for providing legal identity with birth registration, and reach out to the last two billion people on the planet.

REFERENCES

NOTE: Most of the information presented here is from public sources and is widely known in the public domain. However, the paper attempts to consolidate the information to date, so as to bring a fresh perspective, especially in the light of the recent Supreme Court of India orders on the subject. The sources referred to include the following:

1. Forty-second Report – Standing Committee on Finance (2011-12) – The National Identification Authority of India Bill, 2010, December, 2011 (Agrahyana, 1933 Saka)

2. Text of – The National Identification Authority of India Bill (Bill No. LXXV of 2010)

3. Legislative Brief – The National Identification Authority of India Bill, 2010, PRS Legislative Research, Centre for Policy Research, June 2011

4. Various articles on “Aadhaar Card Not Mandatory for Government Benefits: Supreme Court of India” – various Indian newspapers, reported on 24-Sep-2013

5. Government of Maharashtra letter on the subject: Non-sharing of Aadhaar database with any third party or agency / Aadhaar to be non-mandatory for availing Government services, dated 3-April-2014

6. Various articles on “Supreme Court confirms that Aadhaar Card is not compulsory once again” – various Indian newspapers, reported on 17-March-2015

7. Text of the judgement of the Supreme Court of India, reference Writ Petition (Civil) No. 494 of 2012, Justice K.S. Puttaswamy (Retd.) & Another versus Union of India & others, dated 11-August-2015

8. Various articles on “Supreme Court refuses to modify its order on use of Aadhaar card” – various Indian newspapers, reported on 08-October-2015

9. Various articles on “Supreme Court extends Aadhaar use to more schemes while saying it’s purely voluntary”- various Indian newspapers, reported on 16-October-2015

10. Approach paper for the legislation on privacy (ref. No. 17/1/2010-1R) of the Department of Personnel and Training, Government of India, dated 18-October-2010

11. Information from the Wikipedia on the topic “Unique Identification Authority of India” with a list of 121 references, dated (circa 12-November-2015)

12. Information from the official website of the Unique Identification Authority of India (UIDAI) at uidai.gov.in, referenced last circa 12-November-2015