Docstoc

Project UID

Document Sample
Project UID Powered By Docstoc
					                              CHAPTER 1

                           INTRODUCTION


Unique identification in India is a Unique ID Project in which every citizen

would have one unique identification number that will identify him/ her. It

would not just the government track down individuals as is highlighted by

the media, but would make life far easier for citizens as they would not have

to submit so many documents each time they want to avail a new service –

private or government. The Unique Identification Authority of India is being

established under the aegis of the Planning Commission for which a

notification has been issued in January 2009. A provision of Rs.100 crore

has been made in the annual Plan 2009-10.


The Unique Identification Authority of India or the UIDAI, is an agency of

the Government of India responsible for implementing the envisioned

Multipurpose National Identity Card or Unique Identification card (UID

Card) project in India. It was established in February 2009, and will own and

operate the Unique Identification Number database. The authority will aim

at providing a unique number to all Indians, but not smart cards. The

authority would provide a database of residents containing very simple data

in biometric.


                                     1
The agency is headed by a chairman, holds a cabinet rank. The UIDAI is

part of the Planning Commission of India. Nandan Nilekani, a former co-

chairman of Infosys Technologies, was appointed as the first Chairman of

the authority in June 2009.

R.S Sharma, an IAS Officer of Jharkhand Government cadre has been

appointed as the Director General and Mission Director of the Authority. He

is known for his best effort in e-Governance project for Jharkhand State and

working as an IT secretary he received a number of awards for best

Information Technology Trends State in India.

It may be recallled that an Empowered Group of Ministers (EGOM) headed

by the then External Affairs Minister, Pranab Mukherji, had approved the

establishment of a Unique Identity Authority for all the residents of the

country in November 2008. The UID Authority would be under the Planning

Commission.     The    Home    Ministers   and   Ministers    for   IT   and

Communications, Law and Panchayati Raj were members of the EGOM

while the Deputy Chairman, Planning Commission, was a standing invitee.

The proposed system envisages collaboration among several government

agencies backed by intensive use of information technology.

This would end needless harassment that people face for availing of basic

government services like issuance of passports, driving licences, Electoral



                                     2
Identity Cards, PAN Card, ration card, etc. This scheme is designed to

leverage intensive usage of the UID for multipurposes to provide an efficient

and convenient mechanism to update information. Photographs and

biometric data will be added progressively to make the identification

foolproof. Easy registration and information change procedures are

envisaged for the benefit of the people.

The authority was notified on January 28 this year as an attached office

under the aegis of the Planning Commission with an initial core team of 115

officials and staff. The scheme will be implemented in three years.


The UID project, however, has been in the offing for over six years. For

instance, in 2008, the government implemented a pilot project for a ‗Multi-

purpose National Identity Card (MNIC)‘ in 13 districts of 12 states and one

Union Territory wherein more than 1.2 million identity cards were issued to

people above 18 years of age. Besides, to facilitate the project, Section 14A

was inserted in the Citizenship Act, 1955 to issue a national identity card to

every citizen of the country.


However, the MNIC project was initiated under the Vajpayee-led NDA

government (2002), which was continued by the current UPA government

under Prime Minister Manmohan Singh.



                                      3
The necessity for a centrally-issued ID was accentuated by the growing

problems of illegal immigrants in various parts of the country. However, the

events of November 26 in Mumbai accelerated the setting up of the UIDAI.

The body was set up on January 27, 2009. The initial phase of the project is

expected to cover nine states and four Union Territories.


The UID will be issued to people living in the coastal villages of Gujarat,

Maharashtra, Goa, Karnataka, Kerala, Tamil Nadu, Andhra Pradesh, Orissa

and West Bengal. The Union Territories of Dadar and Nagar Haveli,

Lakshadweep, Puducherry and Andaman & Nicobar Islands shall also be

covered in this first phase expected to deliver the identity cards by early

2010.


The project envisages assigning a unique identification (ID) number to each

resident in the country to eliminate the need for multiple identification

mechanisms. Moreover, the project will eventually become the underpinning

of the Citizens Smart Card Project, which will enable citizens to avail

subsidies on food, energy, education, etc, depending on their entitlements,

according to the 11th report of the Second Administrative Reforms

Commission.




                                      4
The unique ID will require creation of a database that links an individual to

unique identifier that remains constant over his life-span, like parentage,

date and place of birth. The card automatically gets activated as a voter

identity card at the age of 18. The identification will act as a check against

illegal immigration into the country as it is a serious threat to national

security. The project lays special focus on the border areas of the country

with illegal immigration in mind.


Almost all the firms with an India focus will be eyeing this deal — players

like TCS, Infosys, Wipro, HCL Technologies, along with smaller players

like Spanco, Bartronics, Gemini Traze and NXP Semiconductors.




                                      5
                                CHAPTER

                 OBJECTIVES OF UID PROJECT

Objectives of the NAUID (MNIC) Project


     Obviate need for multiple documentary proof


     Facilitate easy verification


     Facilitate easy availing of government or private services


     Help welfare programmes reach intended beneficiaries


     Serve as basis for e-governance services


The ID shall also serve the following purposes


     To prepare a National Population Register (NPR).

     To prepare National Register of Indian Citizens (NRIC).

     To prepare National Register of Residency (NRR) – for non-citizens.

     To provide National Identity Number (NIN) to each person.

     To provide Multi-purpose National Identity Card (MNIC) to each

      citizen.

     To provide Multi-purpose Residency Card to non-citizens.



                                      6
                                 CHAPTER

                      SCOPE OF THE PROJECT


Every individual citizen of the country is expected to be provided with a

UID by 2012.The UID authority shall work closely with the National

Population Register proposed to be created by the Home Ministry through

the Registrar General of the Census of India concurrently with the census

2011 in accordance with the provisions of the Indian Citizenship Act.


The UID Authority approved by the EGOM will be responsible for creating

and maintaining the core database and to lay down all necessary procedures

for issuance and usage of UID including arrangements for collection,

validation and authentication of information, proper security of data, rules

for sharing and access to information, safeguards to ensure adequate

protection of privacy and all aspects related to all of these issues.




                                        7
                                 CHAPTER


             COVERAGE, GOALS AND LOGISTICS


It is believed that Unique National IDs will help address the rigged state

elections, widespread embezzlement that affects subsidies and poverty

alleviation programs such as NREGA. Addressing illegal immigration into

India and terrorist threats is another goal of the program.


Most reports suggest that the plan is for each Indian citizen to have a unique

identification number with associated identifying biometric data and

photographs by 2011. However, other reports claim that obtaining a unique

number would be voluntary, but those that opt to stay out of the system "will

find it very inconvenient: they will not have access to facilities that require

you to cite your ID number."


Government issued IDs are fragmented by purpose and region in India,

which results in widespread bribery, denial of public services and loss of

income, especially afflicting poor citizens. As the unique identity database

comes into existence, the various identity databases (voter ID, passports,

ration cards, licenses, fishing permits, border area id cards) that already exist

in India are planned to be linked to it. The Authority is liaising with various



                                       8
national, state and local government entities to begin this process. The Union

Labor Ministry has offered its verified Employment Provident Fund (EPFO)

database of 42 million citizens as the first database to be integrated into the

unique ID system.




                                      9
     CHAPTER

DESIGN OF THE CARDS




        10
                                CHAPTER

                     CARDS CONFIGURATION


The card will be available with all functions like card no, Magnetic tape with

chip.


Codes                Description


#                     Use for Unique Identity cards


*                     Use for NRI.


//                    Use for foreigners working in embassies or Ministers/


                       Officials.


=                     Use for foreign visitors in India.


*/                    Foreigners are working in Indian corporate.


0091                  Country code for NRI we can use (his/ her country


                      code)


0011                  Delhi (state code) NRI belongs to this state


0000                  District Code.        NRI belongs to this district.

                                       11
**** **** ****       Person‘s Identity NRI‘s Identity No….


The total card codes will be …


# 0091 0011 0000 **** **** **** for Indian


* 0001 0212 0000 **** **** **** for NRI


// 0001 0212 0000 **** **** **** for foreigners working in India.


= 0001 0011 0000 **** **** **** for foreign visitors.


*/ 0001 0032 0000 **** **** **** for foreigners working in corporate.


0001 Country code of NRI/ Foreigner




                                    12
                                CHAPTER

        APPOINTMENT OF CHAIRMAN OF UNIQUE

          IDENTIFICATION AUTHORITY OF INDIA


NEW DELHI: Nandan M. Nilekani, co-chairman of the Board of Directors

of Infosys Technologies, is all set to join the Central government, as

chairperson of the Unique Identification (UID) Authority of India. It is a

new agency set up to provide unique identification numbers or UID numbers

to all citizens for accessing various government services.


According to reports from Bangalore, following the Cabinet decision, Mr.

Nilekani has resigned from the membership of the Infosys‘ Board of

Directors as also as its co-chairman.


The Union Cabinet on Thursday cleared the creation of the new post, which

will have the rank and status of a Cabinet Minister. The authority will have

the mandate to own and operate a database of the UID numbers and be

responsible for its updating and maintenance regularly.


The cards will serve as a means to access a variety of government-related

activities. For instance, the UID numbers and the database will be linked to

agencies such as the Election Commission of India and the Income Tax



                                        13
Department, which deal with the general public and issue special number

cards such as voters photo identity cards in the case of ECI and PAN Cards

in the case of IT Departments.


In addition, it will be used for providing services under government schemes

such as the public distribution system, and the National Rural Employment

Guarantee Scheme for families living below the poverty line. It will also be

used for delivering financial and other assistance to the needy.


Mr. Nilekani has been chosen to head the authority considering that the

project will be based on various tools and techniques of Information

Technology and there will be need to keep updating the system.


Nandan Nilekani (born June 2, 1955) is an Indian entrepreneur and

businessman. He currently serves as the Chairman of the new Unique

Identification Authority of India (UIDAI), after a successful career at

Infosys Technologies Ltd.




                                      14
          CHAPTER

LIFE OF MR. NANDAN M. NILEKANI




              15
CAREER


Nandan Nilekani, after graduating from IIT Bombay in 1978, he joined

Mumbai-based Patni Computer Systems where he was interviewed by N.R.

Narayana Murthy. Three years later, in 1981, Murthy walked out of Patni

following a dis-agreement with one of the Patni brothers. His entire division

walked out with him. The defectors decided to start their own company,

Infosys.


Nilekani became the Chief Executive Officer of Infosys in March 2002,

taking over from Murthy. Nilekani served as CEO and MD of the company

from March 2002 to April 2007, when he relinquished his position to his

colleague Kris Gopalakrishnan, becoming Co-Chairman. He left Infosys on

9 July 2009 to serve as the chairperson of the Unique Identification

Authority of India, in the rank of a cabinet minister under invitation from the

Prime Minister of India, Dr. Manmohan Singh.


He co-founded India‘s National Association of Software and Service

Companies (NASSCOM) as well as the Bangalore Chapter of The IndUS

Entrepreneurs (TiE).He appeared on The Daily Show with Jon Stewart on

March 18, 2009 to promote his book "Imagining India." He has been a




                                      16
speaker at the prestigious TED conference where he talked about his ideas

for India's future.


He has an estimated net worth of the Indian rupee equivalent of US$1.3

billion. In 2009, Time magazine placed Nilekani in the Time 100 list of

'World's Most Influential People'




PERSONAL LIFE


Nandan Nilekani is married to Rohini, whom he met at a quizzing event at

IIT. They have two children, both studying at Yale University. Their names

are Nihar and Akanksha.




HONOURS AND AWARDS


      One of the youngest entrepreneurs to join 20 global leaders on the

       prestigious World Economic Forum (WEF) Foundation Board in

       January 2006.

      Member of the Board of Governors of the Indian Institute of

       Technology (IIT) Bombay


                                    17
   Member of the review committee of the Jawaharlal Nehru National

    Urban Renewal Mission.

   Forbes ―Businessman of the Year‖ for Asia in 2007.

   He, along with Infosys founder (and currently non-executive

    chairman) N. R. Narayana Murthy, also received Fortune magazine‘s

    ‗Asia‘s Businessmen of the Year 2003‘ award.

   Named among the ‗World‘s most respected business leaders‘ in 2002

    and 2003, according to a global survey by Financial Times and

    PricewaterhouseCoopers.

   Awarded the Corporate Citizen of the Year award at the Asia

    Business Leader Awards (2004) organized by CNBC.

   Joseph Schumpeter Prize for innovative services in economy,

    economic sciences and politics - 2005.

   Padma Bhushan, one of the highest civilian honors awarded by the

    Government of India - 2006.

   Was presented the 'Legend in Leadership Award' by the Yale

    University in November 2009. He is the first Indian to receive the top

    honour.




                                  18
                               CHAPTER

           NANDAN NILEKANI AND UID PROJECT


The news of the Government of India appointing Nandan Nilekani to head

the Unique Identity Authority (UIDA) of India has been received positively

not just by the corporate sector—anyone would feel happy with the success

of a member of his tribe—but even the media and the informed public. This

makes Nilekani‘s spectacular journey from code jock to corporate honcho to

public intellectual to governmental leader complete.


The idea of a unified and unique identification system was first mooted by

the Ministry of Home Affairs (MHA) under L K Advani towards the end of

his tenure (1999-2004), and given the name of Multipurpose National

Identity Card (MNIC). In fact the MHA set up a pilot project under the aegis

of the Office of the Census Commissioner and Registrar General of India,

before planning a nation-wide rollout.


But because the project was a NDA-initiated one, it was left to languish

under the UPA Government (2004-2009). The pilot project remained a pilot

project, and nothing more. Therefore it was surprising that towards the end

of its tenure, the UPA Government suddenly woke up to announce the

setting up of a UIDA under the Planning Commission. Nothing was

                                     19
mentioned about the logic of setting up a parallel authority when a

governmental body—in this case the Office of the Census Commissioner

and Registrar General of India—was already entrusted with a similar work.

Nor did the Government say if—and how—the Unique ID Project would be

different from the MNIC Project. We did not know whether it was a classic

Governmental case of the right hand not knowing what the left hand was

doing, or was it a deliberate policy to kill the MNIC project just because it

was a baby of the NDA Government.


In any case, the BJP‘s IT Vision, that was released by the Party just before

the elections, made a strong case for a unique national ID system, and placed

it at the centre of its proposed eGovernance plan. BJP‘s idea was that using

this unique ID system it would be possible to have more efficient delivery of

targeted social welfare interventions. In fact the BJP went ahead and made

three corollary promises:


(a) a bank account for each citizen,


(b) direct cash transfers of welfare grants, and


(c) a smart phone to each BPL family. BJP hoped that together they would

plug the leakage made famous by Rajiv Gandhi when he said that of every



                                       20
rupee spent by the Government, only 15 paisa reached the intended

beneficiary.


As someone who was closely associated with the formulation of BJP‘s IT

Vision, I am sad that we could not get the people‘s mandate to operationalise

our dreams. But I am happy with the fact that this Government has picked up

someone so eminently qualified to lead this project and, more importantly,

recognised its potential to change the paradigm of government service

delivery. Most of the media is still to wake up to the potential of this project;

some see it only as a multi-billion dollar project that could impact the placid

fortunes of our domestic IT majors, and others are focused on the glamour of

a corporate chieftain making a lateral move to the top echelons of the

government.


But should the project be seen not so much as card-issuing projects in the

manner of our Election ID Cards, income tax PAN Cards, etc, and looked

upon as a ‗change management‘ initiative; should it be used by all

governmental departments to track its interactions with its citizens; this

could be among the biggest ‗game changers‘ this Government could have.

Just think about it: governmental welfare spending could be tracked to the

individual level, as well as aggregated under different geographical areas,



                                       21
social groupings, economic categories, etc. Privacy advocates would have a

lot to debate, but this does not distract from the fact that tracking financial

transactions, and thereby tax collection, could become so much more

efficient and transparent.


However, creating a unique ID system is one thing, its application in the

machinery of the government is quite another. This project would have been

another of those white elephants had it not been sponsored from the top. It is

still early to say whether this project would go the way of most other

government projects, but several things give me hope.


One, Nilekani would be able to draw in the best of Programme Management

skills from the IT industry. It is high time that some of the lessons from

Infosys‘ attainment of the Capability Maturity Model (CMM) Level 5 are

applied to the execution of governmental processes. Two, Nilekani has the

backing of the Prime Minister. Without this, the project would have been

dead even before it started. One of the main reasons that Sreedharan has

been able to execute the Delhi Metro project the way he has, is the political

backing he has received.


But the reason I am most hopeful is that Nilekani‘s move to the Government

probably marks the start of an easy mobility of talent between academia,


                                      22
industry and government. Please note that I am talking about government,

not bureaucracy. While this is not the first time that a private sector manager

has moved to assume a position in a public sector undertaking (PSU) or the

government—after retiring from Hindustan Lever, Prakash Tandon joined as

the Chairman of the State Trading Corporation (STC), a PSU; Yogi

Deveshwar took a sabbatical from ITC to work as the Chairman and

Managing Director (CMD) of Air India; and R V Shahi left BSES as its

CMD to become the union Power Secretary—this is probably the first time

that a business leader has moved laterally to assume a role with cabinet rank,

even if not a place on the Cabinet!


The principles of parliamentary democracy demands that only elected

representatives assume leadership roles in the government. But this should

not be a barrier to importing top-rate talent from other sectors like academia,

business, military and even NGOs, and sufficiently empowering them to

deliver their mandate. If a Condoleeza Rice could move from being an

academician to assuming a top role in government, and then going back to

academia again, what stops us from being a little more creative.




                                      23
VIEWS OF MR. NANDAN ON FOLLOWING FIVE POINTS


1. UID without a UID Card:


2. Data Association


3. Responsibility for Data Accuracy


4. Responsibility for Data Security


5. Voice of the People


1. UID without a UID Card:


Mr Nandan Nilekani has taken a strategically correct and intelligent decision

to keep the issue of "Cards" away from the immediate discussion by

declaring that in the first two or three years, the UIDAI will focus only on

creating the "Unique Number" and not focus on the instrument that holds the

ID such as the "ID Card". As a result, unnecessary commercial intervention

of whether it should be a smart card or some thing else, what should be the

technology for it etc is now not the immediate issue.


In view of this vital decision, the UIDs when created will be held only in

digital form and therefore there will be a "Virtual UID Card" for every

Citizen which will be dynamically created whenever the data base is queried

                                      24
and values returned. If this Virtual UID Card works, then the next task will

be easy since it only means a transport of this "Virtual ID Card" to the face

of a plastic card with or without memory in the form of a smart card.


Since Mr Nandan has clarified during his TV interviews in the last few days,

the UID Card will eventually be having limited data and service related data

would be incorporated in other service related Cards. For example, UID will

contain certain data such as the serial number, name and photograph of the

holder . There may also be other associated data such as as the father's name,

mother's name, data of birth, sex, place of birth, UID of the father, UID of

the mother, finger print, and address .


When a decision on the Physical card is taken, it will be necessary to

determine if all the UID data has to be placed in the card itself or not. The

current thinking of the UIDAI is therefore similar to what Naavi has been

advocating except that the issue of Card has been completely kept out of the

responsibility of the UIDAI and left to the individual service organizations

which will use the UID for delivering their services. For example, the

NREGS may issue it's own cards to its members where UID is one of the

components. They may use either a Smart Card or a Zemo card as they deem

fit.



                                      25
This leaves the flexibility which was necessary for the UIDAI to avoid

commercial influences on its activity since the Smart Card lobby is a

powerful lobby which could have single handedly derailed the UID project.

Mr Nandan should be specially congratulated for the master stroke of

dividing the two aspects of creating a UID and issuing of the Cards. This

may turn out to be the single most important decision at this point of time to

take the project forward. May be once the data is created, UIDAI can

register itself as a Certifying Authority in India and issue Digital

Certificates under their digital signature which will become a document

acceptable in a Court of law as per the provisions of the ITA 2000.


In the absence of the physical card however, the virtual data base becomes

critical to the integrity of the system and will be a target of attack for cyber

terrorists and data thieves. The security of the data therefore becomes

paramount and there is a need for appropriate measures in this regard.




                                      26
2. Data Association


At present the indications are that the following 12 parameters would be

associated with the UID data.


   a. Name

   b. UID Number of the holder

   c. Photograph

   d. Right hand fore finger print

   e. Name of the Father

   f. Name of the Mother

   g. UID of the Father

   h. UID of Mother

   i. Date of Birth

   j. Sex

   k. Place of Birth

   l. Address


It is necessary to debate if all these 12 parameters are required and whether

some more are to be added. It is also necessary to consider if all of them

need to be considered as a primary ID parameters or can be classified further

as "Primary" and "Secondary". The UID will be a Root ID for downstream


                                     27
services available to the Citizen of India, there is a need to recognize one

single "Root UID Parameter" so that in the event of any dispute, the UID

would be owned by the person in undisputable control of the "Root ID

Parameter".


The reason of segregating the ID data into "Primary" and "Secondary" is that

some of the ID parameters can be kept out of the Primary data base and can

even be kept offline. While the primary database has to be accessible on the

Internet and despite the authentication mechanisms used or DRP strategies,

they are still amenable to hacking attacks. The secondary data base however

can be kept away from the Internet and in multiple formats so that the data in

the secondary data base can be used for verification when the primary data is

disputed.


For example, we may collect multiple biometric features say


1. Left hand thumb print scan


2. fingers scan


3. geometry scan


4. scan, etc



                                     28
If the technology vendors prefer the forefinger (index finger) because the

finger print readers are more easily operated with the fore finger than the

thumb, it can be used as the primary biometric print but the remaining

biometric features can be considered for the secondary data base.


"Left Hand Thumb Impression" is an age old tradition in India and given an

option it should be considered more suitable than the forefinger. Since there

are already a host of property documents where the left hand thump

impressions are recorded, it may be perhaps good if the left hand thumb

impression is made the primary ID parameter and other 9 finger prints be

accepted as secondary and tertiary finger print references. This will also

counter the problem of some of the labour class people not having clear

finger prints.


The Primary UID data base may contain the actual name with the initials

used by the person, the secondary data base may contain the expansion of

the initials, name of the father, name of the grand father and name of the

great grand father.


Also, while the date of birth is one of the parameters used, extending it to the

time of birth (as known and declared by the person) would make it more

specific. This is also more suited for the secondary data base while "Age"


                                      29
(as on the date of the issue of the card) alone can be added to the primary

data base.


"Address" is one parameter which is subject to change. It is therefore not

suitable as part of the ID document. It is better that it is removed from the

database. If required, it can be part of the secondary data base and used as

"Registered Address at the time of first creation of the data".


Out of the other parameters, Photograph is also subject to change over the

period. If present, it can be a source of misinterpretation. A serious

consideration has to be given to discuss if this has to be considered as part of

the primary data base or to be pushed to the secondary data base.


The UID of the father and mother are also parameters more ideally suited

for the secondary data base.


The primary data base may have to contain the UID issue date as a reference

for the photograph and the age of the person.


Since the UID data is in digital form and may have to be accessed by the

subject online with the use of a digital signature, it may be useful to include

an "E-Mail ID" as an additional ID parameter perhaps in the secondary data

base.


                                       30
3. Responsibility for Data Accuracy


Apart from the risk of impersonation, the other risk associated with the UID

system which is also going to be integrated with many downstream data is

the possibility of "Errors" of the data. Today, many of the Voters find that

the information about their name, sex and age on the Card are incorrect and

make them ineligible to exercise their franchise. The reason for such

inaccuracies is that the system for "Correction" is too complicated and once

a clerical error gets into the system, they tend to remain.


In view of the criticality of the UID system, it is essential that inaccuracies

need to be eliminated at the time of generation and then there should be an

expeditious but strong process of correction of inaccuracies.


It must be remembered that UID will be "Information Residing Inside a

Computer Resource" and is subject to the provisions of Information

Technology Act 2000 (ITA 2000) and the proposed amendments through

Information Technology Amendment Act 2008. (ITA 2008).


Any alteration of UID information which is unauthorised and causes

wrongful harm is therefore an "offence" under Section 66, 72, 72A of ITA




                                       31
2000/8 and is also subject to payment of compensation under Section 43 and

43A ITA 2000/8.


The UID authority is also subject to the provisions of Sec 67C since the

ultimate owner of the data is that of the data subject and the UIDAI is only

an "Intermediary" as per the provisions of ITA 2000/8


Maintenance of "Inaccurate Data" leading to wrongful loss would constitute

lack of "Due Diligence" and could make the UIDAI liable.


One option for the Government is to pass a law making the UIDAI and its

staff immune to any legal challenges. This would be perhaps the most likely

happening since this is the trend in Government functioning. This would

however result in "Authority without Responsibility" and ideally should be

avoided.


4. Responsibility for Data Security


Data Security will remain to be the biggest challenge in the UID project and

multiple strategies are required to be adopted for the purpose.


The law of the land provides some protection to the data subjects through the

ITA 2000/8 and imposes certain responsibilities to the UIDAI for reasonable

security practices to be maintained by UIDAI.

                                      32
If there is no attempt by the Government to shield the UIDAI from the

provisions of the existing law, then we may consider that there is a legal

structure for data security. It may still be necessary to define the

"Reasonable Security Practice" for this service.


In view of the criticality of the UID operation, the "Reasonable" security

practices may have to be substantially stringent. It is necessary to implement

globally acceptable principles of data security and privacy protection to meet

the requirements.


Some of the specific requirements under this framework for ITA 2008

compliance includes


   a) Obtaining the consent of the UID holders for inclusion of the data

      which would be in the form of an application made by the data subject

      and validated in its electronic form.


If data is validated on paper and the UIDAI takes the responsibility for

digitization then some member of UIDAI should be held accountable for any

inaccurate data that may creep in . Such a person has to validate the

electronic form of the data with his digital signature and take the legal

liability for the inaccuracies.



                                      33
A copy of the data as entered in the data base has to be provided to the data

subject in print form with appropriate certification under Section 65B of

Indian Evidence Act as per established principles of Cyber Evidence

Archival.


As a part of this data validation process, it may be necessary to provide

access to the data in the data base to the holder of the UID so that he can

verify the data any time and any number of times during the lifetime of the

data.


This may require validation of the person making the query. If we need to

use "Digital Signatures" for validation, the UID itself may have to also

include an "E-Mail Address" in the minimum as a "Digital Identity

parameter".


   b) Data has to be encrypted in storage and every element of the data

        base has to be digitally signed by an officer of the UID.

   c) Appropriate audit trail of who accessed the data and what was the

        hash value of the data accessed before and after the access session etc

        will have to be captured along with the mode of access, IP address etc

        and archived in such a manner that they are available for judicial

        scrutiny when required.


                                       34
   d) The hardware and software used by UIDAI should be source code

      audited and certified for integrity. Supplies from countries suspected

      to be preparing for Cyber Warfare against India must be avoided.


5. Voice of the People


   As some one who is working on Netizen Welfare for over a decade, the

   undersigned would like to make a strong demand with the Government of

   India as well as Mr Nandan Nilekani himself that the UIDAI should

   establish appropriate systems and procedures which would ensure that

   Netizens are protected against the inefficiency and malicious intentions

   of the staff of UIDAI. Even if they tend to be honest, they may be used

   by others to inconvenience honest Netizens.


   This requires constitution of an "Ombudsman" and " UID Dispute

   Resolution Board". Such a UID Dispute Resolution Board should not be

   solely constituted out of Government servants (eg: Proposed Review

   Committee under ITA 2008 for Section 69/69A/69B issues) and must

   consist of Netizen Activists and Netizen Interest bodies such as Digital

   Society of India or Cyber Society of India.




                                     35
    CHAPTER


NEWSPAPER EDITION




       36
                               CHAPTER

                     PRIVACY IMPLICATIONS


There are many potential privacy fallouts of this project, not the least of

which is triggered by the Government's official plan to link the databases

together. The MNIC is also unconstitutional as it violates fundamental right

to privacy.


    The right to privacy of citizens will be greatly compromised if MNICs

       are made compulsory. Although there is sometimes a tension between

       individual privacy rights and national security, international law and

       India‘s domestic law expressly set a standard in tort law and through

       constitutional law to protect an individual‘s privacy from unlawful

       invasion. Under the International Covenant on Civil and Political

       Rights (ICCPR), ratified by India, an individual‘s right to privacy is

       protected from arbitrary or unlawful interference by the state. The

       Supreme Court also held the right to privacy to be implicit under

       article 21 of the Indian Constitution in Rajgopal v. State of Tamil

       Nadu.


      Moreover, India has enacted a number of laws that provide some

       protection for privacy. For example the Hindu Marriage Act, the

                                     37
      Copyright Act, Juvenile Justice (Care and Protection of Children) Act,

      2000 and the Code of Criminal Procedure all place restrictions on the

      release of personal information.


Privacy is a key concern with respect to the MNIC scheme as all of an

individual‘s personal information will be stored in one database where the

possibility of corruption and exploitation of data is far greater than when

having the information disbursed. Risks that arise from this centralisation

include possible errors in the collection of information, recording of

inaccurate data, corruption of data from anonymous sources, and

unauthorised access to or disclosure of personal information. Other countries

with national identification systems have confronted numerous problems

with similar risks such as trading and selling of information, and India,

which has no generally established data protection laws such as the U.S.

Federal Privacy Statute or the European Directive on Data Protection, is ill-

equipped to deal with such problems. The centralised nature of data

collection inherent in the MNIC proposal only heightens the risk of misuse

of personal information and therefore potentially violates privacy rights.


In consideration of the risks involved in the creation of a centralised

database of personal information, it is imperative that such a programme not



                                      38
be established without the proper mechanisms to ensure the security of each

individual‘s privacy rights. Unfortunately, India‘s proposed MNIC

programme lacks any provision for judicial review at the present time.

Without credible and independent oversight, there is a risk of ‗mission

creep‘ for MNICs; the government may add features and additional data to

the MNIC database bureaucratically and reflexively, without re-evaluating

the effects on privacy in each instance.




                                      39
              CHAPTER

GOVERNMENT PROPOSAL TO LINK DATABASES




                 40
                               CHAPTER

                  IMPLEMENTATION STATUS


The MNIC Project is currently in pilot mode in at least 12 states of India.

While the exact status of the project is unknown, as of this writing on May

26, 2007, the project has kicked off a fresh round of card distribution to

provide two million cards to people above 18 years in 13 districts across 12

States and the Union Territory of Puducherry.


Earlier plans and reports indicated that the project was in pilot, or was

attempted in the following 20 selected sub-districts of 13 States and Union

territories.


Legal amendments made to facilitate the project. The Citizenship Act, 1955,

has been amended and now a specific section on registration of citizens &

issuing cards has been included. In addition the Citizenship (Registration of

Citizens and Issue of National Identity Cards) Rules, 2003 has been notified

in the Government of India Gazette Vide GSR No. 937(E) dated:- 10

December, 2003.




                                     41
Important amendments to the provisions of the Citizenship Act, 1955

Section 14A :

(1) The Central Government may compulsorily register every citizen of

India and issue national identity card to him.

(2) The Central Government may maintain a National Register of Indian

Citizens and for that purpose establish a National Registration Authority.

(3) On and from the date of commencement of the Citizenship (Amendment)

Act, 2003, the Registrar General, India, appointed under sub-section (1) of

section 3 of the Registration of Births and Deaths Act, 1969 shall act as the

National Registration Authority and he shall function as the Registrar

General of Citizen Registration.

(4) The Central Government may appoint such other officers and staff as

may be required to assist the Registrar General of Citizen Registration in

discharging his functions and responsibilities.

(5) The procedure to be followed in compulsory registration of the citizens

of India shall be such as may be prescribed.

    In sub-section(2) of section 18 (ia) has been inserted after clause (i)

      the procedure to be followed in compulsory registration of the citizens

      of India under sub-section (5) of section 14A;




                                      42
 In sub-section (3) of section 18 the following proviso has been

  inserted ―PROVIDED that any rule made in respect of a matter

  specified in clause (ia) of sub-section (2) may provide that a breach

  thereof shall be punishable with imprisonment for a term which may

  extend to three months, or with fine which may extend to five

  thousand rupees, or with both‖.




                                43
                                CHAPTER

                         PURPOSE AND USE


The ID is fundamentally being prepared to identify Indian citizens so that

better security can be provided by identifying illegal immigrants and

terrorists. However, the real power of the ID is in its ability to provide ease

of identity establishment to Indian citizens when accessing a variety of

governmental and private-sector services.


The likely benefits of the new ID system to the citizens will be as below:


1) Subsidies on food, energy, education, etc to people who are entitled to

receive them.


2) Opening bank accounts


3) Getting new telephone, mobile or internet connections,


4) New light or gas connections


5) Getting a passport


6) The same card may act as a driving license and store your traffic violation

records



                                      44
7) It may act as your electoral card


8) Family genealogy may be traced




                                       45
                                CHAPTER


       ADVANTAGES OF UNIQUE IDENTIFICATION

                                NUMBERS


   The UIDs will provide unique identity to residents of India. Indians

    will not require to prove their identity to various government

    departments over and over again.

   It will streamline benefits so that they reach the right people.

   The numbers will eliminate duplication an attempts to obtain fake

    documents.

   They will facilitate mobility, especially for India's migrant population.

   The numbers will ensure that different public service delivery

    organisations work efficiently.

   It will help to reduce illegal immigration.




                                    46
                               CHAPTER

     DIFFERENTIATION OF UID FROM PERMANENT

                      ACCOUNT NUMBER (PAN)

PAN will be one of our enrolling partners. It has been decided that the UID

will be embedded in new PAN cards that will be issued once the UID project

gets underway. We have had fruitful discussions on this with the income tax

department.

The people who already have PAN cards will be issued a letter containing

the UID. For those who will be getting new PAN or NREGA cards,

passports, etc, henceforth, the numbers will be embedded in that.

These numbers, you have said, will not only provide an identity to residents

but also help them in obtaining benefits of government schemes and

undertake with ease activities like opening bank accounts, availing an

electricity connection, etc.

Yes, these numbers will be unique in the sense that residents would no

longer need to go to various government departments and prove their

identity each time.




                                     47
                                CHAPTER


                       LEGAL AMENDMENTS


Legal amendments made to facilitate the project


The Citizenship Act, 1955, has been amended and now a specific section on

registration of citizens & issuing cards has been included.


In addition the Citizenship (Registration of Citizens and Issue of National

Identity Cards) Rules, 2003 has been notified in the Government of India

Gazette Vide GSR No. 937(E) dated:- 10 December, 2003.


Important amendments to the provisions of the Citizenship Act, 1955

Section 14A

(1) The Central Government may compulsorily register every citizen of

India and issue national identity card to him.

(2) The Central Government may maintain a National Register of Indian

Citizens and for that purpose establish a National Registration Authority.

(3) On and from the date of commencement of the Citizenship (Amendment)

Act, 2003, the Registrar General, India, appointed under sub-section (1) of

section 3 of the Registration of Births and Deaths Act, 1969 shall act as the




                                      48
National Registration Authority and he shall function as the Registrar

General of Citizen Registration.

(4) The Central Government may appoint such other officers and staff as

may be required to assist the Registrar General of Citizen Registration in

discharging his functions and responsibilities.

(5) The procedure to be followed in compulsory registration of the citizens

of India shall be such as may be prescribed.

In sub-section(2) of section 18 (ia) has been inserted after clause (i) the

procedure to be followed in compulsory registration of the citizens of India

under sub-section (5) of section 14A;

In sub-section (3) of section 18 the following proviso has been inserted

―PROVIDED that any rule made in respect of a matter specified in clause

(ia) of sub-section (2) may provide that a breach thereof shall be punishable

with imprisonment for a term which may extend to three months, or with

fine which may extend to five thousand rupees, or with both‖.




                                        49
                                     CHAPTER

                         MNIC TECHNOLOGY


The MNIC is a smart card with 16KB of memory designed to be in line with

the specifications laid out in ISO/IEC 7816 and SCOSTA. Earlier smart card

applications of the Government of India have adapted the ISO/IEC 7816

specifications under the SCOSTA (Smart Card Operating System for

Transport Applications) program of the government of India. The cards are

designed to support a minimum of 300,000 EEPROM write cycles and will

retain data for at least 10 years.


The official Government of India Press release that followed the media

launch of the MNIC on 25 May 2007 describes the technology as follows:


The identity card being given to each individual citizen, has a micro

processor chip with a memory of 16 KB which is a secure card. Besides

having several physical features into the design of the card, it is the cyber

security using ‗asymmetric key cryptography‘ and ‗symmetric key

cryptography‘ that has made the card secure against the risk of tempering

and cloning. The National Informatics Centre has made a major

contribution towards developing the processes for database management and

smart card technology.

                                       50
The identity card has a microprocessor chip (imported) with a memory of 16

KB which is a secure card. Besides having several physical features in the

design of the card, it is the cyber security using ‗asymmetric key

cryptography‘ and ‗symmetric key cryptography‘ that has made the card

secure against tampering and cloning. The National Informatics Centre

(NIC) has made a major contribution towards developing the processes for

database management and smartcard technology.


―A 16KB card will not hold much if the scope of data in the smartcard is

humungous. An ideal memory would be around 64KB, which will help the

government make the card have enough space to accommodate all service

links‖.




                                    51
                               CHAPTER

           HOW TO UPDATE THE INFORMATION

For instance, when a child is born, the parents will need to get the birth

registered. And that data will reach us. The villager will register the

childbirth as he/she sees value in registration. Such registration will come

with a lot of benefits. For instance, it will ensure the child's immunisation

process.




                                     52
                               CHAPTER

                               FUNDING

With the central government announcing a panel to implement the

programme of giving identity cards to all citizens of the country, it appears

that this much hyped scheme is finally getting some traction. It is estimated

that this gigantic and complex exercise will involve an expenditure of over

Rs 1.5 lakh crore. It will put India in the club of about 56 countries around

the world, which have some form of national identity cards. These include

most of continental Europe (not UK), China, Brazil, Japan, Iran, Israeland

Indonesia. The idea itself is not new, but in the past it had not received a

clear centralized push. As a result, several pretenders emerged and vied with

each other, creating confusion typical of India. There is the PAN card

created by the tax department but now used for diverse financial

transactions. Then there is the photo ID card issued by the Election

Commission, primarily meant for voting. Earlier, ration cards were the main

stay of identity proof, but lost their relevance as the ration system became

restricted. Driving licenses are popularly used as ID but only a very small

fraction of the country‘s billion-plus citizens have them.In 2003, the

government decided to launch a pilot project for providing the Multipurpose

National Identity Card (MNIC) to 31 lakh people in 12 states and one UT.


                                     53
This exercise was to give a taste of what is entailed in giving ID cards to

citizens. The first card was delivered only in 2007 and it is still in progress.

In January this year, the apex court got involved, suggesting to that nation

identity cards should be made mandatory for all citizens. This contributed to

energizing the languishing program. The first step in issuing ID cards is

building a complete computerized record of all citizens above the age of 18.

It needs to be computerized so that it is accessible and it can be updated

constantly. The task is being done by the Registrar General of India (RGI)

under the home ministry, because they have the requisite experience after

all, the RGI carries out the census every decade. In fact, this database is

going to be generated along with the next Census, slated for 2011. It will be

called the National Population Register. The technical challenge is to create

a tamper-proof smart card, which can function in Indian conditions.

A sophisticated software called SCOSTA will reportedly be used for

creating the cards. The cards would contain as many as 16 pieces of personal

information. This information will be stored in micro-chips embedded in the

card and it will be accessible only to authorized users, like police officials.

Apart from carrying personal details like photo, age, address and

fingerprints, the MNIC will contain a National Identity Number, which will

be unique to the individual. The other challenge is to computerize the civil



                                      54
registration system across the country so that all births and deaths are

entered into the population register.


The Government had allocated Rs 100 crore in the interim Budget to startup

this project. The overall cost estimated for the project is likely to be in

excess of Rs 10,000 CroreThe government has earmarked Rs 100 crore in

the interim budget to kickstart the UID project. This pilot is expected to be

on the lines of the social security number in the US and will help in

identifying and providing better services to below-the-poverty (BPL) line

residents. Industry estimates indicate the entire project will be worth at least

Rs 10,000 crore. It‘s a transformational project for the country as it will

overlay many underlying projects, creating huge efficiencies for the country

leading to enhanced governance and reduced costs.


One estimate of the cost to completely roll-out National IDs to all Indian

residents above the age of 18 has been placed at Rs 150,000 crore (US$ 30.9

billion). A different estimate puts it at US$ 6 billion. A sum of Rs. 100

crore (US$ 20.6 million) was approved in the 2009-2010 union budget to

fund the agency for its first year of existence.




                                        55
Initial estimates project that the initiative will create 100,000 new jobs in the

country, and business opportunities worth Rs 6,500 crore (US$ 1.34 billion)

in the first phase of Implementation.




                                        56
                               CHAPTER

  RBI TO ROPE IN MORE ENTITIES FOR UID PROJECT



The Reserve Bank of India (RBI) is set to rope in more entities, such as

owners of Kirana stores, medical shops, petrol pumps, as business

correspondents and also ramp up the range of services to be offered by them.

The services will include allowing business correspondents to authenticate

the unique identification number (UID) of a customer and function like a

micro-ATM. The move will help provide over 41% of India‘s unbanked

population access to banking facilities. A formal announcement is likely to

be made in the quarterly-review of monetary and credit policy and an

indication to this effect was given by KC Chakrabarty, deputy governor,

RBI. Business correspondents are allowed to do banking business as agents.

―Even an owner of a kirana store could be a business correspondent

equipped with a phone, a finger print reader, a software that mimicks an

ATM and allows a person to withdraw, say, cash in remote villages that do

not have bank branches. The finger print reader will authenticate the

beneficiary and allow him to undertake a financial transaction,‖ said Nandan

M Nilekani, chairperson, Unique Identification Authority of India (UIDAI),

and co-founder of Infosys Technologies. He was delivering the foundation


                                    57
day lecture at RBI‘s Institute for Development and Research in Banking

Technology in Hyderabad. Mr Nilakeni reckons that the float-funds in

accounts, especially of beneficiaries of government-sponsored schemes,

such as the National Rural Employment Guarantee Scheme, will rise as

many of them may withdraw only in tranches. ―There will be a huge

opportunity for banks, given that the allocation under the NREGA alone is

around Rs 39,000 crore. The UID will be a powerful catalyst for financial

inclusion,‖ he said. Currently, over 90% of the retail payments are cash-

based and once they become electronic-based, it would help prune

transaction costs and make banking business more viable. Cash transactions

account for over 2.5% of the country‘s GDP and even a 50 bps drop will be

significant. The cost of equipping the business correspondent with the

required infrastructure is estimated at around Rs5,000. The average value of

transaction through this channel will be around Rs 50, far lower than the

average value of a transaction done on an ATM. The UIDAI is also in talks

with banks, Life Insurance Corporation of India, other insurers, state-owned

oil companies, among others, to become registrars or points for enrollment.

It intends to provide on-line authentication of residents. The first batch of

UID will be rolled out by August or by the end of next year, with the

authority setting a target of 12-18 months for the roll-out. The authority



                                     58
would shortly draw up a plan to implement the UID pilot project in Andhra

Pradesh as the state was ready with a team and required infrastructure.




                                     59
                              CONCLUSION



It has been concluded that the project entitled ―Unique Identification in

India‖ will proved to be beneficiary to the citizens of India as it is a unique

number given to every citizen which contains basic information of every

person. After the ID will be issued there is no need to carry driving licence,

voter cards, pan card, etc for any govt. or private work. For example, foe

opening a new account one has to show his/her unique ID only.

But to some extent it is harmful to the general public as all the data related to

them is stored on computers and can be misused by hijackers if the multiple

security strategies will not be adopted.




                                       60
                          REFERENCES


 MNIC Official site


 SCOSTA Official Site

 The HINDU Newspaper

 Economic Times

 The Times of India

 http://timesofindia.indiatimes.com

 http://economictimes.indiatimes.com

 http://pib.nic.in/release/release.asp

 http://infotech.indiatimes.com

 http://www.indianexpress.com

 http://www.google.com

 http://www.yahoo.com

 http://www.wikipedia.com




                                   61