Forbes India 15th Anniversary Special

Will UID start to deliver?

A lot of infrastructure has to work together for UID to succeed, says Edgar Whitley

Published: Jan 9, 2013 06:44:04 AM IST
Updated: Jan 7, 2013 05:35:11 PM IST
Will UID start to deliver?
Image: Getty Images
Digitising databases and changing work processes are complex activities that take time to be done

The PMO has announced that the government will start UID-based cash transfers in 51 districts from January 1, 2013, and it will be expanded to 18 states from April 1, 2013. However, given the practical problems involved, as well as the time required to put in place the requisite infrastructure, I expect it will take time before significant benefits are being delivered in the coming year.  Here’s why.

Journalists often ask whether UID is foolproof. First of all, by definition, it is never going to be a perfect process because if you are talking about fingerprints or iris scans, what you are effectively doing is comparing a digital image of the fingerprint or the iris against similar images held on the centralised system. This is difficult to do. What fingerprint matching algorithms do is to look for particular identifying features on the fingerprint like loops and whorls and use 16 to 20 such points of information as the basis for the comparison. That is, the comparison happens not based on the image but this computer-generated template. And while you are unlikely to get a perfect match, you can evaluate the degree of confidence that two templates are the same.

Further practical problems that one can face while using biometrics is that in a population of over a billion, many of whom are manual labourers, you will still get a large number of people—albeit it may be a small percentage—who aren’t able to provide fingerprints because their fingerprints are worn out. Even the UIDAI data reveals that 1.87 percent of their own trial samples were unable to provide fingerprints which were of sufficient quality to enrol. Now 1.87 percent of a billion people becomes quite a significant number! What makes it worse is that the ones losing out are not the frequent flyers or the middle class. They are the ones towards whom most of the benefits are being targeted—the ones who don’t have birth certificates, driving licences.

The other practical problem that one can face—the coriander plant incident in April 2012 (where a UID number was issued to Mr Kothimeer [coriander], in Andhra Pradesh, with a photo of a mobile phone on the card) is an illustration of it—is that even if the technology got better, you’ve still got to ensure that the whole enrolment and verification process is undertaken properly and securely. That means you must have people who check and ensure that the data given is correct. Again, when you are enrolling over a billion people, predominantly in rural areas in a large country, this is a ‘non-trivial problem’.

So there are lots of technical issues about how good the quality of the data collected is, but those aren’t insurmountable. Of course, you can improve processes over time, but when you are talking of a billion people, it has to be done at 0.000001 percent problem rate if you want to avoid tens of thousands of people being affected.

There are also challenges at the verification stage. Because UID is simply a number, the only way to check that it is valid and belongs to the person in front of you is to check the details against the central database. In contrast, credit card companies that use a local check (example, chip-and-pin or signature) can take a risk-based assessment and allow low-value transactions to proceed quickly and only do (slower) checks against the database (example, to see if the card has been reported lost or stolen) for high-value transactions.

Another risk of verifying the fingerprint against the database is that the service provider does not bother to check fingerprints. They just accept the number and hope the number is sufficient. Even if the service provider does normally check the fingerprint in real time, there will be times when you cannot connect to the server. What do you do on such occasions? What is the fallback option? Do you hold back the transaction? If you allow the transaction even without verification, then the possibility of fraud appears again.

So a lot of infrastructure has to work together for UID to succeed—fingerprint readers, power supplies and secure connections to the server.
It is also unclear how important the issue of identification is for many of the reported frauds and leakages. For example, a recent study has noted a problem with teacher absenteeism which, according to one report, is as high as two-third in some states. If the problem is that huge, then I don’t think forcing people to verify their ID against an online system is suddenly going to transform their behaviour and make them all show up for work.

The nature of some of the leakages is due to fake or ghost recipients, people who don’t exist or manage to get two Aadhaar numbers. Now that is possible in two broad ways.

One, that I use my real identity at one distribution centre (say a PDS shop) and then use a fake identity at the second distribution point, but this involves a lot of work and travel on my part. The other way is to use my real and fake identities at the same distribution point. In the latter case, you’d expect the distributor is aware of the issue (corruption) as well. If leakages are taking place due to the second situation, UID will not help matters unless the PDS shop is required to verify all identities against the database before proceeding with the transaction.

Another complex task, as outlined by the PMO to the various ministries, is ensuring that you have the complete list of beneficiaries in digitised form seeded with the UID numbers for your schemes. The PMO release says, “Digitisation of beneficiaries’ database is critical for rolling out direct cash transfers and maximum effort on this needs to be put in at the state and district levels.”

It is a fairly complex task to take over all the existing databases, digitise them, then check for errors, then de-duplicate. Again, these are all non-trivial problems.

They may be starting on January 1, 2013, but there does seem to be an awful lot of system and work processes that need to be completed before widespread benefits are realised. And certainly all the experience from all over the world suggests that digitising databases and changing work processes, training staff are complex activities that take time to be done properly.

The same press release says, “Departments will work towards digitising their databases quickly.” Now, that is so vague. I suspect they [the government] would not want to tell the journalists how long it will take between digitising databases and the actual transfer of money. Because anything that involves giving out money needs to be checked and double-checked before rolling it out. So it would be interesting to know the detailed timelines.

(As told to Udit Misra)

Will UID start to deliver?

Edgar Whitley is a reader in information systems, London School of Economics

(This story appears in the 11 January, 2013 issue of Forbes India. To visit our Archives, click here.)

Post Your Comment
Required, will not be published
All comments are moderated
  • Ashok Pai

    whats the point of UID ? was it created to ensure than congress remains in power through cash transfer ?

    on Jan 14, 2013
  • Ram Das

    Fear of biometric failure is a red herring. Dr. Whitley is incorrectly using UIDAI published stats. The number of people without biometric during enrollnent is 0.14%, not 1.87%. This means 0.14% people cannot use biometric for authentication. It was recently reported that Aadhaar numbers were revoked for most of these cases presumably because of fraudulent enrollment. This means that nearly every Aadhaar holder can use biometric authentication. 1.87% number referred to fingerprint authentication in one test. When combined with iris, the number of people who can not authenticate using biometric is nearly zero. Aadhaar technology works. Question is if bureaucracy is willing to use it.

    on Jan 9, 2013
    • Edgar Whitley

      My figure of 1.87% came from the report \"Role of Biometric Technology in Aadhaar Authentication Authentication Accuracy – Report Date: 27 March 2012 \"Finally 1.87% of residents participating in the study were found to have fingerprint quality not sufficient for fingerprint authentication\" My understanding is that iris is (currently) used in enrollment only (for deduplication purposes) not for authentication purposes. Edgar

      on Mar 8, 2013