We recently came across an article titled “UID/Aadhar: A Threat To Indian Democracy,”written by Taha Mehmood, a self-described media practitioner and researcher, which was featured in several influential blogs.

The article is so poorly researched, so full of factual errors and hyperbole that it ill serves the interest of informed public dialogue on such a serious topic. We would like to point out a few of the glaring mistakes and flaws in logic that an avowed technology researcher like Mehmood should have known better than to pass off as a serious work of scholarship to an unsuspecting audience:

On Technology: He makes a long and confusing case against biometric technology, relying on old or completely out-of-context technical sources. He is either unaware of the technology that the UIDAI has adopted, or chooses to deliberately ignore a host of recent reportage on it.

There is a world of difference between biometric projects using fingerprints only (which is not friendly to manual labour with worn-out fingerprints) vs. the multi-modal biometrics used by Aadhaar (iris + fingerprints). The latter has already been tested by the UIDAI on the ground in what’s now the world’s largest biometric database (see Aadhaar Biometrics and recent UIDAI reports on biometrics), Usable biometrics of 99.86% people from 10 crore enrolments, and matching accuracy of over 99.96% in de-duplication, is a hundred-fold improvement over the fingerprints-only technology upon which Mehmood tries to build his case against Aadhaar. Strangely, Mehmood completely ignores Iris scans, which is the key to Aadhaar de-duplication efforts. Further, field trials of Aadhaar authentication, using fingerprints, have shown that over 98% of transactions could be completed in less than three attempts. We can either scoff at this number, or say "We want closer to 100%, so improve the processes and technologies" before Aadhaar authentication comes into widespread use.  

On Security: Mehmood would like the reader to believe that all kinds of private agencies (even persons impersonating UIDAI!) will be going from house to house collecting people’s biometric data and that they can use that data any which way they can. This is utterly irresponsible! 

The reality is that the process of authenticating enrolment agencies and their equipment, and encrypting the data they transmit, has been designed with elaborate security precautions in mind. These are described in fair amount of detail in Data Security by the UIDAI. Had Mehmood taken the time to give the UIDAI’s enrolment process (described at www.uidai.gov.in) even a cursory look, he would have learnt that the scenarios he describes are indeed a figment of his own imagination. He seems to overlook the fact that over 16 crore people have already been enroled and issued Aadhaar numbers, and that there have been no major incidents of data leakage or stealth that he imagines. Public awareness campaigns and organized information dissemination on the location of enrolment camps are being carried out as a part of this project, to minimize the opportunities for fraud. Public is clearly informed that UID enrolment is carried out in camps, not in door to door campaigns.

On UID and the minorities: On a more serious note, Mehmood piggy-backs on statements by people like Aruna Roy that UID will make it easier to target minorities. Like Roy, he does not offer any concrete evidence to support the thesis, but instead outdoes Roy by adding a caste dimension to Aadhaar: He claims that UID will strengthen caste hierarchy and help the Banias! This amounts to irresponsible fear-mongering. The UIDAI DOES NOT collect any information on caste and religion.

We reject the notion that a database in the hands of the central government, designed to improve social services, with numerous privacy safeguards built in, is somehow more dangerous than large amounts of personally sensitive data that are already available to local governments and private agencies: e.g. voters lists, mobile phone records, MGNREGS muster rolls, etc. As Mehmood himself points out, such records have been used to help in communal riots, and they will continue to be accessible, with or without UID. It’s hard to comprehend how data not accessible to anyone but the enrollee, and which can only legally respond with a Yes or No to identity verifiers, will make it easier to target minorities. 

Those who are familiar with the genesis of communal riots and have worked closely with the victims know only too well that people who would attack their own neighbours do not need their biometrics before perpetrating their heinous acts. On the contrary, a reliable and secure biometric database through which a person can prove one’s identity beyond any question could one day be useful in discouraging false arrests that the minorities and economically weaker sections are especially vulnerable to in India. 

Nevertheless, we strongly support the need for a national data privacy law that can discourage government and private agencies from misusing sensitive personal information. 

Shoddy facts and faulty logic: Mehmood makes numerous factual errors and makes some astounding leaps in logic:

Factual errors: a. He claims that the proposed NIAI bill has no provision for punishing individuals (as opposed to corporates) who misuse biometrics. Far from it, anyone illegally handling or even possessing biometric data is punishable for up to three years and thousands of rupees in fines; b. He erroneously refers to the UID database as “CIDF” and claims that it is not in existence now. The database is called CIDR (Central Identities Data Repository) and it has been very much in existence since 2010! c. He spends considerable time discussing Cogent (and its connections with the US defence establishment), which he claims is an official software vendor of the UIDAI. He further alleges that the UIDAI plans to purchase Cogent’s proprietary software over non-proprietary software. Facts in these matters are exactly the opposite: The UIDAI uses NIST supplied open source and Cogent is NOT a software vendor of the UIDAI; d. He mixes up the head of UIDAI’s technology, Srikanth Nadhamuni, with a professor at MIT!

Leaps in logic: a. He applauds the strict provisions in the NIAI bill to punish tampering with data, but then goes on to assert that these (strict provisions against tampering) actually prove that data can indeed be tampered with! b. He makes references to the UIDAI’s target of 600 million enrollments by 2014 and jumps to the strange conclusion that the “other 400 million” will be left out of Aadhaar! Apart from getting even the total population number wrong, had he been reading the news, he would have known that the other 600 million are to be enrolled by the Home Ministry’s NPR project; c. He makes the astonishing statement that since the UIDAI is likely to reward good-performing companies, it will increase the chances of data sabotage by the losing companies! (In effect saying: Don’t reward companies that perform?)

We can go on, but the above examples should suffice to make one wonder how Mehmood expects readers to take his apocalyptic pronouncements on UID seriously when he can’t even get his facts and logic right!