200 px

Image via Wikipedia

By- David Moss

The Unique Identification Authority of India (UIDAI) came under attack. Its very existence was threatened. Naturally enough, UIDAI decided to defend itself.

It’s worked. UIDAI survives for the moment.

But theirs is a Pyrrhic victory. The UIDAI defence could undermine the credibility of every public authority in the world which has nailed its colours to the mast of biometrics – which is most of them – and could destroy the multi-billion dollar mass consumer biometrics industry.

The job of the Unique Identification Authority of India (UIDAI) is to use biometrics to identify every resident of India and to issue them with a unique corresponding number, a so-called “Aadhaar number”.

“Aadhaar” means foundation or support and the idea is that, once everyone has an identifying number, it will be easier for the various arms of government to build systems on that foundation to provide social security benefits, for example, and to facilitate national security. And beyond government, the banks will supposedly find it easier to authenticate payments.

UIDAI is not without its critics:
The Standing Committee on Finance (SCoF), a committee of the Indian Parliament, has considered the National Identification Authority of India Bill, 2010. That Bill would establish UIDAI on a statutory basis if it was ever enacted, but it hasn’t been. Meanwhile, UIDAI is operating under executive order only. It’s not operating very well according to the SCoF report and it’s about time UIDAI came under the control of Parliament.
And then there’s the Ministry of Home Affairs. They’re a properly constituted body and not just a creature of the Executive. And they have a competing identity management scheme, NPR (the National Population Register). Result – a turf war, Aadhaar v. NPR.
SCoF and the Ministry of Home Affairs pressed their case with the Prime Minister but UIDAI proved too adept for them. The Chairman threatened to resign, which would be embarrassing for the prime Minister – good move no.1. Good move no.2 – UIDAI arranged some convenient PR with the compliant Economist magazine. And then they published not one but two reports making unprecedented claims for the reliability of the biometrics used in Aadhaar:
Role of Biometric Technology in Aadhaar Enrollment
India boldly takes biometrics where no country has gone before
Oops. Bad move. There are five problems here:
Both reports are produced by UIDAI only. There is no sign that that they have been audited by any independent expert body.
Both reports quote reliability figures. No other public authority in the world does that. Not operational figures – figures measuring the reliability of biometrics in the field, at the border, for example. They should. But they don’t. Now, thanks to UIDAI, they will all come under pressure to quote independently audited figures themselves, figures for reliability, to justify their investment of public funds. It is likely that the public are going to be shocked at just how unreliable the biometrics are, that their governments are using. The public will at last understand why their governments have been so reluctant for so long to quote any figures.
Why is that likely? Because the figures quoted by UIDAI are hundreds of times better than anything anyone else has ever claimed following tests of biometrics. Hundreds.
The second report says that (a) Aadhaar uses flat print fingerprinting and iris scanning, (b) the two biometrics are fused to form one composite biometric, so-called “multi-modal” biometrics, and (c) UIDAI use not one matching algorithm, but three of them. Any large-scale identity management scheme that doesn’t do the same, they say – (a), (b) and (c) – is doomed to “catastrophic failure”.
The suppliers of biometric technology have never had to give public warranties before. Now they will have to.

Read more here