Weighing the Pros and Cons of the National Id card scheme will allow us to assess the costs and benefits of the National ID card project, enabling us to conclude whether the project should be implemented or not and what manner of fail safes and inbuilt corrective mechanisms are required.
Friday, November 27, 2009
Should India Implement the National ID card scheme?
History and Current status of the national ID card implementation process.
A National Identity Card scheme for India, referred to as the Multi-Purpose National Identity Card or MNIC, was first initiated in 2002 by the NDA government under Prime Minister A.B Vajpyee and was then continued by the current UPA government led by Prime Minister Manmohan Singh. The UPA government initiated a pilot project of the MNIC scheme in 2008 in 13 districts of 12 states and one Union Territory wherein more than 1.2 million identity cards were issued to people above 18 years of age and in order to facilitate the national ID card project, Section 14A was inserted in the Citizenship Act, 1955 to issue a national identity card to every citizen of the country.
The MNIC project took on a new life after the terrorist attacks in Mumbai on November 26th 2008, coupled with the concerns surrounding illegal immigration and a new body, the Unique Identification Authority of India or UIDAI, headed by Nanden Nilekani, was established on January 27th 2009 to hasten the process of the implementation of the National ID card. The Interim budget presented Mr. Pranab Mukherjee on the 16th February 2009 allocated Rs. 100 Crore towards the establishment of the National Authority of Unique Identity under the National Planning Commission.
The first phase of the National ID car implementation by the UIDAI is expected to cover nine states and four union territories. National ID cards are to be issued to people living in the coastal villages of Gujarat, Maharashtra, Goa, Karnataka, Kerala, Tamil Nadu, Andhra Pradesh, Orissa and West Bengal. The Union Territories of Dadar and Nagar Haveli, Lakshadweep, Puducherry and Andaman & Nicobar Islands shall also be covered in this first phase expected to deliver the identity cards by early 2010. Numerous firms are interested in securing contracts for the implementation of the National ID card in India as such a massive IT project promises to deliver large profits to any companies involved in the implementation of the scheme. Firms, which are interested in the National ID card scheme, include TCS, Infosys, Wipro, HCL Technologies, along with smaller players like Spanco, Bartronics, Gemini Traze and NXP Semiconductors.
The final goal of the Nationl ID card project is to provide every citizen in the country with a national ID card and unique identifying number linked to a comprehensive database which is operated and controlled by the UIDAI by 2012. The UIDAI will be responsible for “creating and maintaining the core database and to lay down all necessary procedures for issuance and usage of UID including arrangements for collection, validation and authentication of information, proper security of data, rules for sharing and access to information, safeguards to ensure adequate protection of privacy and all aspects related to all of these issues.”
National ID cards and privacy.
There are many criticisms of the National Identity Card with respect to its impact on privacy including the fact that citizen’s personal data will now be concentrated in one location, rendering the information more vulnerable to abuse, exploitation, dissemination and disclosure then if it were decentralized. The specific risks associated with the concentration and centralization of personal information in the Multipurpose National Identification Card database include; "errors in the collection of information, recording of inaccurate data, corruption of data from anonymous sources, and unauthorized access to or disclosure of personal information."
Many people are also concerned by the lack of security measures in place to properly safeguard citizen’s private, sensitive information as India has no generally established data protection laws such as the USA’s federal privacy statute or the European directive on data protection, and such a lack of regulation could encourage the trading and selling of personal information due to the absence of strong penalization as a deterrent.
Due to the sensitive nature of the data which is to be collected about individuals, rigorous mechanisms and structures for auditing the effect of the MNIC database on citizen’s privacy need to be established. Unfortunately, currently there are no such mechanisms in place and if the National Identity Card authority is to implement new systems or store more data about every individual, there is no body or system which could assess the effects of such an action on the privacy of individuals and provide recommendations or prevent the implementation of privacy eroding add-ons. As a result of this lack of inbuilt oversight and independent, credible review, there can be no proper re-evaluation and regulation of the information the MNIC database collects on individuals.
On the legal front it can be argued that if National ID cards are made compulsory, individuals privacy rights will be greatly eroded as, “International law and India’s domestic law expressly set a standard in tort law and through constitutional law to protect an individual’s privacy from unlawful invasion, under the International Covenant on Civil and Political Rights (ICCPR), ratified by India, an individual’s right to privacy is protected from arbitrary or unlawful interference by the state, the Supreme Court also held the right to privacy to be implicit under article 21 of the Indian Constitution in Rajgopal v. State of Tamil Nadu and India has enacted a number of laws that provide some protection for privacy. For example the Hindu Marriage Act, the Copyright Act, Juvenile Justice (Care and Protection of Children) Act, 2000 and the Code of Criminal Procedure all place restrictions on the release of personal information”.
Thursday, November 26, 2009
National ID cards and Poverty elevation.
Poverty reduction is one of the main issues the Indian Government is dealing with. Unfortunately, current anti-poverty schemes are treated with great skepticism due to the large sums of money that never reach their intended recipients. Currently, the Indian Government spends 10% of its budget on subsidies but economists estimate more than half this money fails to reach its intended targets. Fraud is one of the main reasons for this loss of subsidy money and the National Identity Card could address this issue by enabling more reliable identity checks by utilizing the holder’s biometric data stored on the card.
Monday, October 26, 2009
National identity card - Smart card technology
Thursday, October 15, 2009
Worrying signs of Wear
Remember the national ID cards the UK spent billions on, then forgot to distribute readers for? Well, there’s another bump on that particular road, namely that the security around your private information is about on the level of “cookie jar.” A hacker with a phone and laptop, hired by a UK newspaper, cloned the card within a few minutes, then wrote new content onto it: “I am a terrorist — shoot on sight.” Imagine if that showed up on the checkpoint scanner while you were going through customs. Guess it’s lucky they don’t have the scanners yet!
This is only the latest misstep in the unpopular and poorly-managed national ID program over there. It’s really simple, guys. No critical information should be able to be skimmed from the ID. If you must put it digitally on the card, there’s enough space in a 128KB memory chip to fit a picture, all relevant information, and have it all encoded with 128-bit encryption only decodable by proprietary hardware with line of sight.
And, of course, those fragile chips are so vulnerable to damage. Who could blame someone if the memory component was rendered unreadable… accidentally, of course?
Source: http://www.crunchgear.com/2009/08/06/uks-unhackable-national-id-card-hacked-in-12-minutes/