Friday, November 27, 2009

Should India Implement the National ID card scheme?

Weighing the Pros and Cons of the National Id card scheme will allow us to assess the costs and benefits of the National ID card project, enabling us to conclude whether the project should be implemented or not and what manner of fail safes and inbuilt corrective mechanisms are required.

The main costs in implementing a national ID card project include the huge administrative and logistical costs of collecting the required data from India’s 60,000 plus villages and massive cities as well as authenticating and validating this information. Maintaining the UID database is another huge cost and ensuring the efficient and timely production of the physical ID cards with accurate stored bio metric data is another large complication. Dividing up the task between numerous software firms is a way in which costs can be reduced and efficiency can be increased but privacy and the protection of data becomes a worrying issue.

The benefits of implementing a national ID card include an enhanced ability to identify and provide services to individuals below the poverty line, a foundation for the implementation of numerous schemes such as the Citizens Smart Card Project which lead to enhanced governance with reduced costs, elimination of the need for multiple identification mechanisms and the reduced costs associated with such streamlining, a comprehensive voter ID system reducing the current costs associated with authenticating voters at polling station, checks against illegal immigration enabling more efficient border control systems and a large boost to the IT industry as such a large scale project will certainly facilitate the growth of the industry providing employment and resources for research and development as firms develop systems which can be used to implement the national ID card database.

In order to deal with the worrying issue of privacy and the possibility of the data stored on the UID database being exploited, comprehensive rules and regulations must be put in place regarding the sharing and access of information data stored on the database. A body must be created which reviews the national ID cards effects on the privacy of citizens and the security of the information stored on the database. Proper legislation must be created which protects the privacy of individuals by mandating harsh penalties for groups or individuals who attempt to access or abuse the database and a body with the expertise to enforce such regulation must be established, a cyber police force of sorts.

If such measures are put in place to protect the sensitive data stored on the UID card database, the implementation of the National ID card could occur with less risk to the citizens who would be a part of the system and with a coherent, structured and efficient implementation program the benefits of the National ID card system certainly seem to outweigh the costs and potential risks. Even after taking all of this into account, we must remember that the national ID card is still in the early stages of its implementation and there is still time to, as Nanden Nilekani puts it, "balance the benefits with the risks.” and ensure the National ID card system is a success.

History and Current status of the national ID card implementation process.

A National Identity Card scheme for India, referred to as the Multi-Purpose National Identity Card or MNIC, was first initiated in 2002 by the NDA government under Prime Minister A.B Vajpyee and was then continued by the current UPA government led by Prime Minister Manmohan Singh. The UPA government initiated a pilot project of the MNIC scheme in 2008 in 13 districts of 12 states and one Union Territory wherein more than 1.2 million identity cards were issued to people above 18 years of age and in order to facilitate the national ID card project, Section 14A was inserted in the Citizenship Act, 1955 to issue a national identity card to every citizen of the country.

The MNIC project took on a new life after the terrorist attacks in Mumbai on November 26th 2008, coupled with the concerns surrounding illegal immigration and a new body, the Unique Identification Authority of India or UIDAI, headed by Nanden Nilekani, was established on January 27th 2009 to hasten the process of the implementation of the National ID card. The Interim budget presented Mr. Pranab Mukherjee on the 16th February 2009 allocated Rs. 100 Crore towards the establishment of the National Authority of Unique Identity under the National Planning Commission.

The first phase of the National ID car implementation by the UIDAI is expected to cover nine states and four union territories. National ID cards are to be issued to people living in the coastal villages of Gujarat, Maharashtra, Goa, Karnataka, Kerala, Tamil Nadu, Andhra Pradesh, Orissa and West Bengal. The Union Territories of Dadar and Nagar Haveli, Lakshadweep, Puducherry and Andaman & Nicobar Islands shall also be covered in this first phase expected to deliver the identity cards by early 2010. Numerous firms are interested in securing contracts for the implementation of the National ID card in India as such a massive IT project promises to deliver large profits to any companies involved in the implementation of the scheme. Firms, which are interested in the National ID card scheme, include TCS, Infosys, Wipro, HCL Technologies, along with smaller players like Spanco, Bartronics, Gemini Traze and NXP Semiconductors.

The final goal of the Nationl ID card project is to provide every citizen in the country with a national ID card and unique identifying number linked to a comprehensive database which is operated and controlled by the UIDAI by 2012. The UIDAI will be responsible for “creating and maintaining the core database and to lay down all necessary procedures for issuance and usage of UID including arrangements for collection, validation and authentication of information, proper security of data, rules for sharing and access to information, safeguards to ensure adequate protection of privacy and all aspects related to all of these issues.”

National ID cards and privacy.

There are many criticisms of the National Identity Card with respect to its impact on privacy including the fact that citizen’s personal data will now be concentrated in one location, rendering the information more vulnerable to abuse, exploitation, dissemination and disclosure then if it were decentralized. The specific risks associated with the concentration and centralization of personal information in the Multipurpose National Identification Card database include; "errors in the collection of information, recording of inaccurate data, corruption of data from anonymous sources, and unauthorized access to or disclosure of personal information."

Many people are also concerned by the lack of security measures in place to properly safeguard citizen’s private, sensitive information as India has no generally established data protection laws such as the USA’s federal privacy statute or the European directive on data protection, and such a lack of regulation could encourage the trading and selling of personal information due to the absence of strong penalization as a deterrent.

Due to the sensitive nature of the data which is to be collected about individuals, rigorous mechanisms and structures for auditing the effect of the MNIC database on citizen’s privacy need to be established. Unfortunately, currently there are no such mechanisms in place and if the National Identity Card authority is to implement new systems or store more data about every individual, there is no body or system which could assess the effects of such an action on the privacy of individuals and provide recommendations or prevent the implementation of privacy eroding add-ons. As a result of this lack of inbuilt oversight and independent, credible review, there can be no proper re-evaluation and regulation of the information the MNIC database collects on individuals.

On the legal front it can be argued that if National ID cards are made compulsory, individuals privacy rights will be greatly eroded as, “International law and India’s domestic law expressly set a standard in tort law and through constitutional law to protect an individual’s privacy from unlawful invasion, under the International Covenant on Civil and Political Rights (ICCPR), ratified by India, an individual’s right to privacy is protected from arbitrary or unlawful interference by the state, the Supreme Court also held the right to privacy to be implicit under article 21 of the Indian Constitution in Rajgopal v. State of Tamil Nadu and India has enacted a number of laws that provide some protection for privacy. For example the Hindu Marriage Act, the Copyright Act, Juvenile Justice (Care and Protection of Children) Act, 2000 and the Code of Criminal Procedure all place restrictions on the release of personal information”.

Thursday, November 26, 2009

National ID cards and Poverty elevation.

Poverty reduction is one of the main issues the Indian Government is dealing with. Unfortunately, current anti-poverty schemes are treated with great skepticism due to the large sums of money that never reach their intended recipients. Currently, the Indian Government spends 10% of its budget on subsidies but economists estimate more than half this money fails to reach its intended targets. Fraud is one of the main reasons for this loss of subsidy money and the National Identity Card could address this issue by enabling more reliable identity checks by utilizing the holder’s biometric data stored on the card.

Poverty reduction programs in the form of food and fuel subsidies for individuals below the poverty line also fail due to the incompatibility of Below Poverty Level cards in different states across the nation, since BPL cards only apply to the specific state in which they were issued. Thus, migrant workers who travel to other states in search of work cannot use their old BPL cards. Unlike India’s numerous existing forms of identification, the National ID Card will be recognized around the country ensuring subsidy money reaches the individuals who require it the most.

Currently, the leakage of money intended for the poor is estimated to be around 60% and projections for the national ID card estimate this figure will drop to 10% after large-scale implementation due to the reduction in fraud and enhanced ability to better target subsidies towards individuals who require them by identifying and providing better services to people below the poverty line. This represents enormous savings for the government and the increased effectiveness of poverty reduction programs, as a result of which, unlike most poverty reduction proposals, the national ID card scheme has received near unanimous approval. The national ID card project is also set to become the foundation of the Citizens Smart Card Project, which will enable citizens to avail subsidies on food, energy and education depending on their entitlements, according to the 11th report of the Second Administrative Reforms Commission.

The National ID card could also have wider ranging impacts on poverty elevation in India as it could enable the “financial inclusion” of the two thirds of Indians who do not have bank accounts, providing them with the necessary identification to create a bank account.

Monday, October 26, 2009

National identity card - Smart card technology

India's national ID card is essentially a smart card, a pocket-sized card with embedded integrated circuits which can process data. It can receive an input which is processed, by way of the ICC applications, and delivers it as an output. The National ID card will have 16KB of memory and is designed to uphold the specifications laid out in ISO/IEC 7816, an international standard for smart cards created by the international organization for standardization (ISO) and the International Electrotechnical Commission (IEC). The cards are designed to support a minimum of 300,000 EEPROM write cycles and will retain data for at least 10 years (Source: Government Tender notice for card manufacturers)

The government press release describes the card as:

"The identity card being given to each individual citizen, has a micro processor chip with a memory of 16 KB which is a secure card. Besides having several physical feature into the design of the card, it is the cyber security using ‘asymmetric key cryptography’ and ‘symmetric key cryptography’ that has made the card secure against the risk of tempering and cloning. The National Informatics Centre has made a major contribution towards developing the processes for database management and smart card technology."


Linking the National Identity Number with other government databases



Thursday, October 15, 2009

Worrying signs of Wear

UK’s “unhackable” national ID card hacked in 12 minutes
by Devin Coldewey on August 6, 2009

hacked
Remember the national ID cards the UK spent billions on, then forgot to distribute readers for? Well, there’s another bump on that particular road, namely that the security around your private information is about on the level of “cookie jar.” A hacker with a phone and laptop, hired by a UK newspaper, cloned the card within a few minutes, then wrote new content onto it:
“I am a terrorist — shoot on sight.” Imagine if that showed up on the checkpoint scanner while you were going through customs. Guess it’s lucky they don’t have the scanners yet!

This is only the latest misstep in the unpopular and poorly-managed national ID program over there. It’s really simple, guys. No critical information should be able to be skimmed from the ID. If you must put it digitally on the card, there’s enough space in a 128KB memory chip to fit a picture, all relevant information, and have it all encoded with 128-bit encryption only decodable by proprietary hardware with line of sight.

And, of course, those fragile chips are so vulnerable to damage. Who could blame someone if the memory component was rendered unreadable… accidentally, of course?


Source: http://www.crunchgear.com/2009/08/06/uks-unhackable-national-id-card-hacked-in-12-minutes/