The Unique Identification Authority of India (UIDAI) came under attack. Its very existence was threatened. Naturally enough, UIDAI decided to defend itself.
It's worked. UIDAI survives for the moment.
But theirs is a Pyrrhic victory. The UIDAI defence could undermine the credibility of every public authority in the world which has nailed its colours to the mast of biometrics – which is most of them – and could destroy the multi-billion dollar mass consumer biometrics industry.
The job of the Unique Identification Authority of India (UIDAI) is to use biometrics to identify every resident of India and to issue them with a unique corresponding number, a so-called "Aadhaar number".
"Aadhaar" means foundation or support and the idea is that, once everyone has an identifying number, it will be easier for the various arms of government to build systems on that foundation to provide social security benefits, for example, and to facilitate national security. And beyond government, the banks will supposedly find it easier to authenticate payments.
UIDAI is not without its critics:
You've spent years refusing to divulge any figures about the reliability of your technology:
You could say that UIDAI's figures haven't been audited and may turn out to be false. Now you've got a fight with UIDAI on your hands. And what's the best result you can hope for? UIDAI's figures turn out to be a pack of lies and actually the reliability of Aadhaar is just as appalling as the Australian system. Not what you wanted. It doesn't help to explain why you've been squandering your own citizens' tax money on joke technology.
The same applies to the UK, of course, and our planned deployment of smart gates at airports. Another catastrophic failure? And all those states in the US busy incorporating face recognition biometrics into driving licences. These people – the Australian Customs and Border Protection Service, UK Border Agency, et al – are not going to be pleased with UIDAI. UIDAI have let the cat out of the bag and have almost certainly started a fresh collapse of confidence in public administration as a result.
And neither are the biometrics suppliers going to be pleased. How are Morpho going to sell their products now without giving warranties? They're not.
And how are IBM and CSC going to be able to sign any more nine-figure biometrics contracts with credulous governments? They're not.
And how are PA Consulting going to sell any more biometrics assignments? They're not.
UIDAI are going to be persona non grata worldwide. Especially in India, where the Prime Minister may yet regret his decision to carry on funding them. And stop. He may give almost any reason but the big reason, the one several people have pointed out for a long time, is that far from curtailing corruption, Aadhaar was simply going to automate it.
A tragedy with a happy ending, the only people who will be pleased is absolutely everyone else in the world, who can now keep some of their tax money and spend it themselves rather than paying public authorities to waste it for them.
UIDAI's Pyrrhic victory? From now on it's going to be known as an "Aadhaar victory". At least it will when the business schools write it up and teach it all around the world. And when the Economist faithfully report UIDAI's defence, under the heading "Poison pill – that's not the way to do it".
It's worked. UIDAI survives for the moment.
But theirs is a Pyrrhic victory. The UIDAI defence could undermine the credibility of every public authority in the world which has nailed its colours to the mast of biometrics – which is most of them – and could destroy the multi-billion dollar mass consumer biometrics industry.
The job of the Unique Identification Authority of India (UIDAI) is to use biometrics to identify every resident of India and to issue them with a unique corresponding number, a so-called "Aadhaar number".
"Aadhaar" means foundation or support and the idea is that, once everyone has an identifying number, it will be easier for the various arms of government to build systems on that foundation to provide social security benefits, for example, and to facilitate national security. And beyond government, the banks will supposedly find it easier to authenticate payments.
UIDAI is not without its critics:
- The Standing Committee on Finance (SCoF), a committee of the Indian Parliament, has considered the National Identification Authority of India Bill, 2010. That Bill would establish UIDAI on a statutory basis if it was ever enacted, but it hasn't been. Meanwhile, UIDAI is operating under executive order only. It's not operating very well according to the SCoF report and it's about time UIDAI came under the control of Parliament.
- And then there's the Ministry of Home Affairs. They're a properly constituted body and not just a creature of the Executive. And they have a competing identity management scheme, NPR (the National Population Register). Result – a turf war, Aadhaar v. NPR.
- Role of Biometric Technology in Aadhaar Enrollment
- India boldly takes biometrics where no country has gone before
- Both reports are produced by UIDAI only. There is no sign that they have been audited by any independent expert body.
- Both reports quote reliability figures. No other public authority in the world does that. Not operational figures – figures measuring the reliability of biometrics in the field, at the border, for example. They should. But they don't. Now, thanks to UIDAI, they will all come under pressure to quote independently audited figures themselves, figures for reliability, to justify their investment of public funds. It is likely that the public are going to be shocked at just how unreliable the biometrics are, that their governments are using. The public will at last understand why their governments have been so reluctant for so long to quote any figures.
- Why is that likely? Because the figures quoted by UIDAI are hundreds of times better than anything anyone else has ever claimed following tests of biometrics. Hundreds.
- The second report says that (a) Aadhaar uses flat print fingerprinting and iris scanning, (b) the two biometrics are fused to form one composite biometric, so-called "multi-modal" biometrics, and (c) UIDAI use not one matching algorithm, but three of them. Any large-scale identity management scheme that doesn't do the same, they say – (a), (b) and (c) – is doomed to "catastrophic failure".
- The suppliers of biometric technology have never had to give public warranties before. Now they will have to.
You've spent years refusing to divulge any figures about the reliability of your technology:
Now UIDAI have released figures, how are you going to hold the line? You can't.
Customs refused to disclose the rates at which the system inaccurately identified people.
"For security reasons, Customs does not disclose the false positive and false negative rates," a spokesman said.
You could say that UIDAI's figures haven't been audited and may turn out to be false. Now you've got a fight with UIDAI on your hands. And what's the best result you can hope for? UIDAI's figures turn out to be a pack of lies and actually the reliability of Aadhaar is just as appalling as the Australian system. Not what you wanted. It doesn't help to explain why you've been squandering your own citizens' tax money on joke technology.
The same applies to the UK, of course, and our planned deployment of smart gates at airports. Another catastrophic failure? And all those states in the US busy incorporating face recognition biometrics into driving licences. These people – the Australian Customs and Border Protection Service, UK Border Agency, et al – are not going to be pleased with UIDAI. UIDAI have let the cat out of the bag and have almost certainly started a fresh collapse of confidence in public administration as a result.
And neither are the biometrics suppliers going to be pleased. How are Morpho going to sell their products now without giving warranties? They're not.
And how are IBM and CSC going to be able to sign any more nine-figure biometrics contracts with credulous governments? They're not.
And how are PA Consulting going to sell any more biometrics assignments? They're not.
UIDAI are going to be persona non grata worldwide. Especially in India, where the Prime Minister may yet regret his decision to carry on funding them. And stop. He may give almost any reason but the big reason, the one several people have pointed out for a long time, is that far from curtailing corruption, Aadhaar was simply going to automate it.
A tragedy with a happy ending, the only people who will be pleased is absolutely everyone else in the world, who can now keep some of their tax money and spend it themselves rather than paying public authorities to waste it for them.
UIDAI's Pyrrhic victory? From now on it's going to be known as an "Aadhaar victory". At least it will when the business schools write it up and teach it all around the world. And when the Economist faithfully report UIDAI's defence, under the heading "Poison pill – that's not the way to do it".
