What’s your take on India’s Unique Identification (UID) project?
Whitley: India’s scale (in this as in everything) is so completely different to the UK that I often find it difficult to comprehend. For example, I understand that 200 million people have already enrolled for UID. That is over three times the total population of the UK. However, these scale factors do have important consequences. For example, with enrolment, you need to delegate the process to lots of enrolment stations and you need to ensure that the quality (and security) of this process is maintained throughout the country and for all the millions of people who are going to be enrolled. Similarly, if you are going to do online authentication (i.e. sending Aadhaar number, name/biometric to the UID Central Identity Data Repository) then you will need to have lots of secure terminals (often in geographically remote locations with poor connectivity) and these will need to operate within a reasonable response time.
ID projects are working well in some countries. Then why not in India?
Context is so important that you can’t just take a system that might work in one country and expect it to work in another. Here, issues of scale, levels of documentation — as I understand it, there are huge levels of poor/no documentation for many people — custom and practice: in Germany, you are expected to notify the local council within a few days of moving to a new town. As a result, the new town has a pretty good official record of who lives in their town that can become a source of “proof of address”. I suspect the British would never agree to be “managed” in such a way.
You have been critical of the biometrics part of the project. Why?
Not “critical” per se, rather we have raised concerns and claims that biometrics are not as perfect as some politicians and biometric vendors would like you to believe. We just want to make sure that any decisions taken about biometrics are based on an understanding of all the viewpoints, not just a subset of them. By definition, biometrics are never error-free. They all operate within particular performance levels and there is evidence (including from UID) about the problems of enrolment and verification of various forms of biometrics, for e.g. manual workers whose fingerprints might become worn over time.
The government says UID isn’t compulsory and it’s primarily meant to plug pilferage in welfare schemes. Isn’t there a worry that it will be used for surveillance?
This question of compulsion is often tricky. It wasn’t compulsory to enrol for an ID card in the UK but if you (voluntarily) chose to renew your passport, you would be enrolled. The only way it was not compulsory was if you excluded yourself from travel by turning down a passport. In terms of pilferage in PDS, again this is a situation where the detailed evidence needs to be presented. Is most of the pilferage because of identity-related fraud — where a formal use of UID might address it — or does most of the pilferage happen at an earlier stage, i.e. before the food gets to the distribution point, whereby UID would have no effect? I’m not an expert on PDS, so can’t provide the evidence on this. To some extent, the same ID number may be found in various systems tracking the individual, so this might be an issue...