By now almost everyone in the world is aware of India’s Aadhaar system, the Unique Identifier System that came into existence out of noble intentions but limitations of technology forced them to choose a centralized way of designing and implementing it.
This post is not about how flawed the Aadhar system is or the policy implications of data privacy and surveillance, but an optimistic projection into the future of such identity systems across the globe.
- What is Aadhaar & UIDAI
- Why is Aadhaar / Unique National Identity Important
- Implementation of Aadhaar — Primer
- Cost of Aadhaar Implementation
- Criticisms against Aadhaar
- Way Forward
What is Aadhaar & UIDAI
Aadhaar (meaning ‘Foundation’ in English) is a 12-digit unique identity number that can be obtained by residents of India, based on their biometric (iris and finger prints) and demographic data.
The data is collected by the Unique Identification Authority of India (UIDAI), a statutory authority established in January 2009 by the government of India. Aadhaar is the world’s largest biometric ID system. World Bank Chief Economist Paul Romer described Aadhaar as “the most sophisticated ID programme in the world”. Considered a proof of residence and not a proof of citizenship, Aadhaar does not itself grant any rights to domicile in India.
Fun Fact: Bitcoin was launched 25 days before UIDAI (Unique Identification Authority of India) was established on Jan 28, 2009!
Why is Aadhaar / a national Identity System Important?
Some five millennia ago, the ancient civilization of Babylon had a problem at hand — how to identify the numerous slaves that thronged the capital of the empire? they solved that problem — by tattooing or branding the face or back of hands of the slaves. This took place in Babylon, which produced the first code of civil law.
More recently, In 1999 after the Kargil war in India, the Kargil Review Committee, submitted its report to the then Prime Minister of India, Atal Bihari Vajpayee, among its various recommendations was the proposal that citizens in villages in border regions be issued identity cards on a priority basis, with such ID cards issued later to all people living in border states. This formed the basis for Aadhaar. Result? almost every nation in the world has some kind of national identity.
We live in a society which thrives on countless civil laws, and therefore, the very thought of having a centralized identification does not come as a surprise. Thus, the scheme of national identification has a strong foothold and backing in history.
From a government perspective, a national identity gives more control over its citizens for its national security and offer better social services such as direct cash transfers and implementing other socialist policies. From a citizen’s angle, it gives a sense of belonging.
How was Aadhaar Implemented?
- 28 January 2009 — The UIDAI was established
- 23 June 2009 — Nandan Nilekani, the co-founder of Infosys, was appointed by the then-government, UPA, to head the project.
- Top Down Enrolment: In July 2010 UIDAI published a list 15 of agencies which were qualified to provide training to personnel to be involved in the enrolment process. It also published a list of 220 agencies that were qualified to take part in the enrolment process.
- Authentication: On 7 February 2012 the UIDAI launched an online verification system for Aadhaar numbers.
- Direct Cash Transfers: On 26 November 2012 Prime Minister Manmohan Singh launched an Aadhaar-linked direct benefit transfer scheme.
How much did it cost to implement the Aadhar system?
On 9 November 2012, the National Institute of Public Finance and Policy (NIPFP) published a paper titled A cost-benefit analysis of Aadhaar. The paper claimed that by 2015–2016 the benefits of the project would surpass the costs, and by 2020–2021 the total benefit would be ₹251 billion (US$3.5 billion) against a total expenditure of ₹48.35 billion (US$670 million).
Enrolment — 526 million USD
Logistics — 161 million uSD
Total — 1.2 Billion USD
Timeframe — 8 years
Criticisms against Aadhaar
Today, 26/9/2018, is a very important day for the Unique Identification Authority of India (UIDAI), the institution behind the Aadhar system, as the Supreme court of India is giving a verdict on the way forward for UIDAI & the validity of the Aadhaar system. But since its inception the Aadhaar system has faced several criticisms.
Andreas M. Antonopoulos, Bitcoin Evangelist, called Aadhaar the ‘hack me’ / ‘bribe me & I’ll make you whoever you want to be’ system.
Aadhaar a.k.a. ‘Hackme’
UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
NEW DELHI-The authenticity of the data stored in India’s controversial Aadhaar identity database, which contains the…www.huffingtonpost.in
IIT Kharagpur graduate hacked Aadhaar data through Digital India app: Police
An IIT Kharagpur graduate who has been accused of hacking into the central identities data repository of the Unique…indianexpress.com
Aadhaar a.k.a. ‘Bribe me & I’ll make you whoever you want to be’
Bangladeshis living illegally in Mumbai found with Aadhaar cards
Tribune News Service Mumbai, March 27 A crackdown on Bangladeshi nationals living illegally in Mumbai has unearthed…www.tribuneindia.com
Any identity system by a government is centralised which is the source of corruption, inequality, injustice, misery and poverty in a massive scale. — Andreas M. Antonopoulos.
Quick Recap: Till now, we have understood that there is enough merit in having a national identity and almost every nation has some kind of national identity system which is defined, controlled and executed by the governments. But the problem is centralization of these government-led identity systems. So what’s the alternative? Read on.
Centralized, De-centralised, Distributed — a short primer
Let’s take a break here to understand centralized, decentralized and distributed networks (a bunch of computers connected by the internet) before we proceed.
Centralized- Centralised source of data storage and decision making. In Aadhaar’s case, it’s the UIDAI & Indian government stores our data and act as the decision making authority. Also, we as citizens have no say over how the data will be used. Though policies like GDPR and DEPA (India Stack) are laid out to allay our fears of privacy and surveillance, I see these policies as trying to build a bottle around a genie that has come out of a small bottle. You can never do that.
Decentralized means that there is no single point where the decision is made. Every node makes a decision for its own behavior and the resulting system behavior is the aggregate response. Think of Bitcoin, no one place where the validation happens any miner (node/server running machine) can validate a block through mining (computer program to find a nonce that will match the rule set by the network). In Identity context, this would mean all our identities are on a public blockchain with the network validating our identity and skills. Although we are heading in this direction we gotta set the foundation strong so that the de-centralized community has a solid ground to work on.
Distributed means that the processing is shared across multiple nodes, but the decisions may still be centralized and use complete system knowledge. Think of Ripple / any permissioned /private blockchain that sets boundaries as to who can run a node / participate in the consortium and the decision making happening through selected nodes. In Identity context, this would mean we close the blockchain and give access to necessary institutions for validation. If you say you are “Sam”, a government id proof may be required or a government institution would have validated that proof. your Educational record would have been validated by the respective institution. We are essentially distributing the validating power to existing institutions.
A de-centralized #DigitalUniversalIdentity (DUI) is the ideal state where anyone can be identified uniquely irrespective of boundaries and no decision making is centralized. Which means if you say you are “Sam” the network will validate and accept it with no middlemen (government/institutions) whatsoever. But, for us to get there we gotta move through a distributed solution first marked by boundaries (nation states) and records validated by the network. We gotta learn from the governments across the globe that have implemented identity systems, take the best out of it and come up with a better solution.
The government initially bankrolls any innovation. Any new frontier needs the government money. Then we learn from them, from their mistakes, we come up saying we can do it better at half the money.
Think of Space Exploration, government bodies such as the NASA and ISRO came first. They test out the technologies and means to execute high-risk space science and exploration. After years of trying, failing, succeeding and documenting where the hostiles are, where the friendlies are, where the food is, where it isn’t. etc they pave way for the likes of SpaceX & ExseedSpace to come in and share the mantle by bringing in operational efficiencies and a capitalist work ethic.
As we understand that a centralized identity system can be hacked and manipulated, we gotta look at de-centralized identities.
Unlike centralised Identity solutions backed by nation states, Blockchain-based identity places control of identity in the hands of the individuals or corporations that that the identity represents. Central databases and certificate authorities are not necessarily replaced. Data still needs a secure home, and it still makes sense to have third parties validate the authenticity of documents.
The value in changing the order of responsibility around identity is that it becomes harder to steal, hold hostage, or manipulate the underlying documents that represent your identity. Information is shared as needed without exposing unnecessary information. — “Blockchain for Dummies”
De-centralised Identities – #BUIDL
The crypto community that wants to de-centralise everything would tell you that a de-centralised identity is the ideal future and the community is churning out some really cool projects.
Tieto and Evernym — the leading developer of self-sovereign identity technologies — have launched a Sovrin Pilot Program with the aim of introducing a global identity network to Nordic customers.
Signicat has been doing a proof of concept with the sovereign identity idea. Below are the components of this PoC.
Civic — Secure Identity Platform. Verified identity de-centralized with blockchain technology.
U.K. Government has been urged to provide citizens greater control over how their information is shared with public services, says the Reform think tank.A report by Reform, The Future of Public Service Identity: Blockchain [PDF], states that the government requires a new approach, adding that it should be: One which is secure, efficient and puts the individual at the centre of identity management. Blockchain offers this.
The issue with purely de-centralised systems is that the consensus algorithms such as proof of work / proof of stake giving complete power to the network based on computational difficulty is a little hard to digest now in the identity context.
Distributed Identities — #BUIDL
Like mentioned above, before we go completely de-centralised we need a distributed solution. We gotta create private blockchains specific to states or countries involve all the necessary stakeholders yet make sure the data is with the citizen.
A comprehensive profile of an individual, not just bio metrics and demographic data will be captured , cryptographically secured and distributed via distributed ledger technology / blockchain. The validating parties are the respective institutes and institutions.
Peoplechain is our version of such a distributed identity.