*UID, NPR and all that Jazz*

Jaimon Joseph
Some three months ago, my wife, her sister and their parents drove seven
odd kilometers from where we live, to register for a Universal Identity or
UID number. They've all got one now. Strangely, my wife got it about a
month after the rest of the family did, even though they'd all enrolled

I was working that day, so about a month later, I hopped across to an
apartment complex just ten minutes from our place, where I'd heard there
was a UID camp in progress. I stood in line for maybe half an hour, then
got myself photographed, fingerprinted and my iris scanned.

Curiously, the young lady who took all those records, couldn't even type
properly. She'd pound the keyboard with one finger - I remember wondering
if she was determined to destroy it. As if in revenge, the computer refused
to accept my full address. She banged it in at least thrice and the
computer would mysteriously change it to something else.

Another chap came across and if I remember right, he deliberately didn't
fill in the PIN CODE. That's when the software accepted my address. But
even then, in a short hand sort of way - I'm not sure if it's intelligible
enough for Mr Nilenkani's team to actually post me a letter with my UID

I checked with my parents who'd registered themselves just two days before
at the same camp. They told me the attendants made it a point to record
their email addresses and even filled in details of their existing bank
accounts. Just two days later, in my case, they didn't ask for either. But
they automatically ticked a box which said I'd like to open a new bank
account. Without even asking me - though the UIDAI guidelines, quoted in
various articles on the web, apparently say they must.

A month after that, I discovered there was a UID camp happening right
within my apartment. For such a supposedly hi-tech, project, couldn't the
registration process have been just a wee bit more sorted out? How hard
would it have been to tell the residents of an area when and where these
camps would be held?

Messers Chidambaram, Nilenkani and Ahluwalia have just decided all of us
will have to do all of this all over again - this time for the National
Population Register (NPR). This is a compulsory scheme, part of the Indian
government census apparently.

And so this Sunday, my mom and brother walked to a NPR camp at a government
school very close to home, to enroll for NPR. It was painless. But
essentially they redid all the scans they'd done earlier.

The rest of the family will probably follow suit, once we know when and
where the next NPR camp is being held. But my father's been working in the
northeast for sometime now. If he can't attend the next camp in Delhi -
will he be enrolled at a camp in the NE? And what complications might that

But let's put aside a single family's minor discomfort and confusion. What
exactly are all those brainy folks in the government aiming at? First they
scan everyone twice, using two separate teams, with separate sums of money
- tax payers money.

Then they spend some more cash comparing the scans from both teams. If
there's any mismatch, the National Population Register's biometric scans
are used and the Universal Identity biometric scan discarded. But that
doesn't mean the UID team will give back any of the money they spent, if
they get any of the scans wrong. Not fair? Well - life's not fair.

But what do I get after all this spending? I get a silicon chip embedded in
a smart card, with a UID number embossed on it. What's the card good for?
It proves I'm Indian. But don't my Passport, voter I card, PAN card,
driver's license, ration card all do the same thing? Why spend all that
money on something they've already proved?

What's the UID number good for? In itself - nothing. Turns out it wasn't
even compulsory to sign up for it. But Nilenkani and team are slowly
dreaming up schemes where everything in India - from hospital bills to
school certificates, from bank accounts to your monthly ration, will all be
generated only if you have a UIDAI number. So might as well get it.

Only problem is, nobody's told me what they'll do with all the computer
data they get, when I log in with my UID number. Let me explain. We're all
sick of marketing calls and pesky SMSs right? Why do we get them?

Because marketing guys went out and collected our phone numbers. Where did
they get them from? Who knows - from our emails, Twitter messages, from
door to door surveys, from cell phone shops, from service providers like
Airtel and Vodaphone?

It doesn't matter - they probably paid money to get our cell numbers. Why?
Because they could individually send ads to each of us. And once they
started, the government, despite its best intentions hasn't been able to
shut them up.

Now imagine a word where I "log" in with my UID number for anything I need.
For medicines at a chemist, for a doctors appointment, to open a bank
account. In an age of smartphones, I'll have smart apps that use my UID
number to order Pizza from the neighbourhood store or book train tickets.
Every time I use my number, there's a computer trace of where I was, what I
was doing. Seems harmless.

But the devil's in the detail. There's no law yet, that prevents smart
marketing guys from reading those computer traces. And for tailoring ads
for me based on what they think I'm most interested in.

Here's an obviously farcial example. Let's call it science fiction right
now. Something I dreamed up. But something that I'm still a wee bit worried

Let's say I have a bout of erectile dysfunction a few years from now.
Nothing unusual - male menopause does strange things to people. But it's
not something I'd want everyone to know.

So I visit a sex specialist who has a clinic on the other end of town.
Where no one knows me. Before giving me an appointment he asks for my UID
number and feeds it into his computer - because he isn't allowed to
entertain any patients who don't have UID.

The computer rings up the UID server, the central database - to check if I
really am who I say I am. The server says yes and has no further part in
this story.

Doctors being what they are - my specialist insists I come back for more
tests. So over a period of two months, I rack up say four visits. So that's
about four calls by the doctor's computer to the UID server.

That's where the private companies come in. To verify my identity, the
computer sent data over the internet. That data can be tracked, either on
the web, or on the doctors PC. Once they know I visit a sex specialist
often, how long do you think it'll be before I start getting ads for
Viagra? Or worse - how long before massage parlours start calling me up
with "Best, international models!"

I think both the UID and NPR teams claim the data exchange between
computers is going to be encrypted. But technology being what it is, how
long before hackers break that encryption? But anyway, that's still science

Science reality says one can't trust computers to be 100 per cent accurate
when reading biometric data. The technology is simply not mature enough.
You'd have experienced that every time you log in to office - notice how
the fingerprint reader refuses to recognize you and makes you try again and

Apparently, the device used to scan your eye's IRIS - can take different
readings in different levels of light. Some international airports have had
that problem, they're very brightly lit and the readings their IRIS
scanners take often play havoc at the immigration counters.

A study carried out by the UID team on 40,000 people in rural Karnataka,
Andhra Pradesh and Bihar discovered an error margin of 0.0025 to 0.25 per
cent in recognizing people by their biometric identity. Obviously, a very
small number.

But place that error margin on a population of 1.2 billion people and
you'll get millions of people who are wrongly identified. Who the computer
refuses to recognize as a bonafide, registered citizen. Imagine being told
by a computer, that you don't exist.