Systems
 (Spark - Online Refereed Journal)

National ID Cards for India : Key Issues and Imperatives
 By S. Padmanaban
 

Following the concerns about national security expressed by the central government and the initiation of series of activities and projects for National ID Cards (NID) by various government agencies and departments (vide press reports in January 2003 on/after the Conference of Chief Secretaries and Directors-General of Police on Internal Security), the subject of NID has become urgent and important.   Certain techno-managerial issues and imperatives on this subject are presented here for consideration by public as well as government agencies engaged in NID projects.

NID Overview:

The concept of NID is not new.  Countries world over have in one form or another implemented schemes of ‘uniquely identifying and authenticating’ not only their citizens, but also ‘permanent and semi-permanent residents’  (foreign nationals visiting and staying in for a considerable period of time, say longer than a year, for work and other similar engagements).   Obviously NID comprises two sets of processes: the first dealing with First-Time-ISSUE of an identification object for ‘uniquely identifying the individual’; and the second dealing with Later-USAGE of the object for the purpose of ‘authentication’ (verifying and confirming identification) and/or updating identification criteria.

Invariably, the ISSUE processes (mainly manual, paper based, and partially computer-aided) include: registration, verification, and issuance of a plastic card (to ensure long term life), by a competent authority or its agencies.  The card usually bears some components of individual identification (a unique number, name, sex, date of birth, photograph (face), and signature/thumb impression and so on), and of the registering/verifying authority (seal, signature).   Another related process, similar to ISSUE, is of course Re-Issue, to take care of: loss/damage of card; ageing of the individual.

The USAGE processes (again manual and paper based, and partially computer-aided) include: visual/physical examination of the individual and card,  and verification of the individual characteristics (face, signature) with the contents of the card (signature, photo) on the spot or with reference to some other registers for ‘verifying and confirming that the person holding the card is the same as is represented on the card (and registers)’.

While ISSUE processes are handled across the country through authorized agencies (because they have to cover all the citizens), USAGE processes are expected to be handled/used not only by the ISSUE agencies, but also a larger number of government and non-government agencies (like immigration, defense, election, law and order, education, industry and so on) looking for a safe and reliable mechanism of identifying an individual.

While manual registration processes imply creation and maintenance of voluminous documents and registers, entailing a lot of clerical functions, prone to errors of omission and commission, manual verification processes might involve associative identifications and/or linkages (like birth certificate, work permit, passport and so on), and would take days/weeks depending on the extent of verification and the processes at/with associates.

The issuance of the plastic card at the end of first-time verification is NOT the END of NID, but just the BEGINNING.  For, the very purpose of NID is to facilitate a reliable and secure method of ‘Re-Identification and Authentication Later’ (REAL) of the individual by any agency concerned, any time and every time in future.   Obviously, REAL entails not only physical/visual examination (seeing the individual and comparing card-photo, making him sign and comparing that signature with the one borne on the card, and so on) but also cross-verifications as well, between agencies and the original issuing authority/agencies when doubts arise.  More the number of identification components used in the process, the better will be the reliability of identification.  Of course, it is almost impossible or extremely difficult to interpret and verify manually some components like thumb impressions.

Thus, manual processes have a number of deficiencies.  They become extremely complex, cumbersome, error-prone, and time-consuming if the country is large, has to cover millions of citizens and foreign nationals, has long porous borders with a large number of entry/exit points.   Realising the pitfalls in the manual processes, and thanks to the Information (read computers) and Communication Technologies (ICT), most of the developed countries have designed and adopted integrative advanced methods and techniques for NID.

Ideal NID Components/Structure:

Typically and ideally, an ICT-driven NID system features some/all of the following components:

  1. secure, reliable, 24x7, wide area networking of government and other authorized agencies engaged in the ISSUE and REAL processes;

  2. hardware and software, suitable and appropriate, for: flawless first-time identification capturing, verification, cross-verification, and many-times future re-identification/re-verification; issuance/withdrawal of plastic with appropriate level of security and intelligence embedded (hologram, unique-id-algorithm, biometric [relating to body, such as finger-print] id components imprint, and reading/writing)—called SMART cards; these cards are to facilitate usage of a set of ‘identification and authentication’ components and mechanisms, eliminating/minimizing human error, and thus improving the reliability of NID.  The larger the number of ‘identification and authentication components’, the better will be the reliability and security of NID.

  3. citizen-friendly, techno-savvy, incorruptible, committed and trained knowledge-workers to render services;

  4. centralized database;

  5. web-enabled interfaces to facilitate public participation and feedback.

NID for India:

What constitutes a suitable set of techniques/methods for one country may not apply to another, for various societal, economic, and demographic reasons.  For instance, for a country like India where a considerable number of citizens may not be literate, a ‘biometric’ identifying component such as fingerprint is highly desirable, but the ISSUE and USAGE processes involving such a component may call for equipping all agencies/locations concerned, with expensive and complex hardware/software.  This may not be economically viable to begin with.    What then is relevant to India?

Key Issues & Imperatives:

This brings us to the issues and imperatives immediately relevant to India NID.  Although there are several techno-managerial as also socio-economic-political aspects and issues (e.g.: hardware/software choice, network architecture, protection from obsolescence, vendor-bindings, levels of security, extent of operations, geographical scope, phasing of implementation, public-private collaboration, privacy, overall costs benefits analysis, political implications, and so on), this note discusses just two techno-managerial issues considered quite urgent and most relevant.  It covers these along with some imperatives together as they are closely inter-related.  The first is about ‘Unique Identification of Individual’.   The second issue—closely linked to the first--has to do with ‘Lack of Integration/Integrity of Identification Data’.

Going by the experiences of an Indian citizen of being the object of a gamut of identification schemes entailing (or being part of) different cards/documents like voter identification card, driving licence, passport, ration card, and now PAN, one would like to list ‘Unique Identification of Individual’ as the first and foremost issue in the context of NID.   Multifarious agencies, ministries, and departments have spent, and are still spending, considerable time and money in designing, introducing, implementing, and running these schemes in very many different ways and methods.  Yet, all of them have one common and basic need for ‘uniquely identifying the individual beyond doubt’, and then ‘associating that individual’ with some event (voting, leaving the country), some skill-acquisition (driving), income tax liability (PAN), and so on.   Note that except for PAN and ration card, all other instruments are individual-oriented.  But even PAN and ration card have individual as an important constituent, and therefore stand to gain from ‘unique identification’.

Ironically, none of these schemes have any cross-linking or cross-verification mechanisms across themselves, or a common pool of electronically verifiable database, to ensure/refine ‘uniqueness of the individual’.   ‘Photo’ is the only component that may be common across, but the manner in which this component is captured and embedded/imprinted leaves much to be desired.  In some cases, like the ration card, this may not even be compulsory.  This factor may be partly due to ‘lack of integration’ and varying degrees of computerisation.   Typical of government processes where ‘right hand not knowing what the left hand does’ phenomenon fully operates, this is quite normal.  However, these disparate and un-coordinated efforts and schemes have resulted in ‘islands of repetitive unreliable information of individuals’, created and being maintained unnecessarily, incurring avoidable expenditure of the taxpayers’ money.

To illustrate the point on ‘repetitive unreliable information on/about individual’, consider the manner in which name of an individual is accepted by any of these schemes.  There is no common standardized manner or format in which the name should be captured.  For instance, it is common knowledge that the method to write one’s name in southern states is different from that in northern states.  It is quite possible now for an individual to be ‘named (spelt or parsed) differently’, his/her date of birth and/or age represented differently, across these schemes/documents.  On date of birth for instance, note that voter identification card accepted ‘age’ rather than ‘date of birth’, while others may ‘accept, but not cross-verify’ date of birth.  To add complexity, we have local languages as well.

‘Lack of Integration’ could/would lead to ‘Lack of Integrity’.  This means and implies that ‘data on the identification components’ may not only be duplicated and present all over with all attendant errors, but also would not facilitate cross-verification or cross-linkages.  For instance, ‘name + sex + date-of-birth’ is a composite data set that could be cross verified and cross-linked with the records that originated the ‘birth certificate’.   This of course implies that data sets on both are available in electronic format, and processes for quick exchange and comparison are in place.   To facilitate this, all existing systems, schemes of ‘individual identification’ (example given earlier) should be carefully but quickly reviewed, and processes for ‘cleansing the data’ should be initiated.

Quick and critical review of these processes with a view to combining these into one NID is urgent.   Such reviews come under ‘process re-engineering’ in the context of eGovernance (which in itself is a bigger scenario and our governments are very much into it), which is anyway beyond the scope for this note.   Suffice it to say that a secure and reliable NID incorporating comprehensive  ‘unique identification and verification components’ will and should simplify work and processes of these schemes, and also lead to ‘cleaner and reliable data on our citizens’ in a unified manner.

A Model for Unique Identification Code:

The key questions therefore to be considered in the context of India NID are: ‘how does one uniquely identify an individual?’  and ‘how does one refine/improve uniqueness by cross-verification and cross-linkages?’

Theoretically, and in the context of ICT-driven NID system, unique identification and verification (confirmation) of an individual can be accomplished by using some/all of the following three components:

  1. personal memory (a password known to the individual only, for example);

  2. personal object (a plastic card, badge, key);

  3. personal characteristic (signature, photo, fingerprint, voice, iris, unique code using demographic/biographic data set pertaining [and only] to the individual, like name, sex, date of birth etc).

While systems combining all the three would be highly safe and secure, for an NID system involving millions of people, the first component may be impractical.  Therefore, a suitable mix of components [b] and [c] should be considered.   The more the components a system uses, the more reliable and safer it becomes, but it also becomes more expensive and complex.   For instance, between a unique code (a string of numbers and alphabets) and fingerprint (biometric) components, the former could be verified faster than the latter by computers, and manual verification also is easier with the former.  In general, human visual examination and computer verifiable mechanisms are combined and complemented. Certainly, a careful trade-off must be made.

For generating and maintaining ‘unique code’, a secure and reliable algorithm should be developed, tested, and then incorporated.  These algorithms aim at generating a unique code, combining various unique demographic and biographic data elements pertaining to the individual, ensuring that the probability of the same code coming up for another individual is almost zero.   Combining as many of non-duplicatable data elements as possible can further refine this uniqueness.

A suggestive model would incorporate/use a combination of:

  1. name (parsed and expressed in a standardized format across the country);

  2. sex;

  3. names (similar to [a] of father and mother, with allowance for single parentage cases);

  4. date and time of birth (standardized format);

  5. location of birth (standardized up to hospital or premises id, which in turn is normally built in a hierarchy of state, city/town, village, street, door number).

It is possible and desirable that only partial code be made visible to human eye or human use for the USAGE processes.  Most of USAGE processes should be handled by ICT with/through SMART card.   Ease of use and quickness of USAGE process should be the guiding principles in finalizing the algorithm and the supportive hardware/software.

Considering time and cost components, a suitable combination of technologies, systems, methods, and processes should be chosen and put in place.  Considerations on ‘standards’, ‘security’, ‘confidentiality’, and above all ‘privacy’ should be given due weightage.

SMART cards:

With the help of ICT available today, and using a combination of ideas and components mentioned above, it should be possible to incorporate ‘unique identification’, ‘cross-verification’, ‘cross-linking’ into the India NID system. Technologies are available to enter, embed, use, and revise the contents of an NID in a safe and secure manner with the use of SMART cards.   Process re-engineering and system integration efforts should go hand in hand with ‘cleansing of data’, so that India NID becomes not only SMART in design and operation, but also leads to ‘elimination/minimization of wasteful and avoidable expenditure by disparate systems, agencies, and schemes’.

Author:
S. Padmanaban
Professor-Systems,
SDM Institute for Management Development, Mysore.
paddys43@yahoo.co.in
 
Back