We Have Made India The Tech Capital Of Biometrics: Nandan Nilekani

We Have Made India The Tech Capital Of Biometrics: Nandan Nilekani

by Rohin Dharmakumar, Seema Singh, N.S. Ramnath | Oct 8, 2013

Nandan Nilekani on the Aadhaar project’s scope, its vulnerabilities and its future

Q. How long does the UIDAI hold transaction data and what steps has it taken to ensure that the privacy of users’ data—demographic & transactional—will be safeguarded from any third party?
We are in the process of finalising the policy for that. UIDAI only gets the location, time and the device from which the authentication request came from. It is a federated database with in-built optimal ignorance among various players. At the design level itself, we don’t have transactional data, except that we had an authentication request. When we do authentication, if we get a claim that it is a ‘false accept’, we, in turn, have to investigate and that’ll decide how long we retain the data. We have to strike a balance between privacy issues and liability issues, looking at practices of banks and switching companies. But let me tell you that we take great care to safeguard the data. We encrypt at source; we anonymise data when we send it for verification; the database itself is encrypted; we have layers and layers of security. In fact, as far as biometrics is concerned, once we have extracted the minutiae, we put it offline.  Q. Is there a timeline for this policy? Will it come before this government goes?

We are still formulating the policy.

Q. If Aadhar’s biometric data are compromised or stolen, what are the UIDAI’s breach of disclosure and liability policies? 
We will formulate appropriate policies on liability. UIDAI has been at the forefront of disclosure on its design philosophy. We have a data sharing/security/architecture policy. What do we collect?  Apart from, of course, the biometrics for de-duplication and authentication, we only collect name, address, date of birth, sex and telephone number and email (the latter two are optional and help with communications). This data is similar to what is there in the voter ID system, the telephone book etc, much of which is often public on the internet. Aadhaar is a pure ID system, and data like medical and financial records are in their respective system and UIDAI does not have access to it.
Q. In most areas, the UIDAI works with multiple vendors, often three. Yet, why is NPCI the only partner for the Aadhar payment bridge? 
We are in discussions with all the payment providers. Visa has already launched a product in Delhi using Aadhar; it’s called Saral Money. Mastercard and Amex are in discussions, each of them will have their own Aadhaar payment bridge; which agency wants to use which bridge is up to the agencies.
Q. How will you ensure that there will be a level playing field between various third parties who use Aadhar authentication, subsequent to your exit?
We’re putting policies and frameworks in place; we have a law under consideration that will limit the data that can be collected by the UIDAI. We want to ensure core system values are adhered to. The sustainability and legacy of UIDAI is important to all of us, so we are doing the best we can. Besides, we have a design principle, embedded in the architecture, which says we don’t want vendor lock-in. In the context of what the system can do or will do, we have pretty much delivered what we had said we’ll do—enrolment engine is in auto pilot; we’ve built multiple authentication capabilities; delivered eKYC; and we are rolling out data update procedures. UIDAI’s focus will shift from innovating and developing new services inside to running a very efficient utility and innovative solutions built from the outside on top of Aadhaar.
Q. If there is a change to the technology or architecture of Aadhar, how will it be communicated to the public? 
Lant Pritchett of Harvard [Kennedy School] talks about thin (to bosses) and thick (answerable to people) accountability. Our idea has been to create a dense ecosystem of users, banks and mobile companies and to get them to pay for it, in order to create thick accountability. Whoever is in charge tomorrow should be immediately accountable if something doesn’t work properly or changes to design or policy are made without consulting stakeholders. The moment we commit ourselves to a certain level of service, say 99.9 percent uptime and so on, we are holding ourselves accountable to that performance. Creating rules is fine, but creating an organisation that responds to the outside pressure is the best safety net.
Q. Is there a core R&D and tech team that will ensure continuous development and upgradation of Aadhar, especially in light of Indiawide field rollouts and scale?
Most of the services of the organisation are up and running; they need to be scaled up a bit. We are not launching anything new. It’s relatively less of a risk now; we are making sure the managed service provider we have hired is on board. We are also creating an external advisory board which will review its decisions…again to create “thick accountability”.
Q. Aadhar was expected to create a significant number of jobs and investment opportunities in India.
While we had no such mandate, we did create many jobs through our approach. We chose to do this as an ecosystem approach rather than create a huge organisation and bureaucracy. We created a lean organisation (less than 300 people are working with us) and came up with ecosystem architecture. We have trained 50,000-75,000 enrolling agents and operators; the postal department has been a big partner. At any point, there are 25,000 live operators in the system. The project has moved the biometrics centre of gravity to India, all top players, Morpho/L1/NEC etc, are here. The device manufacturing is coming up. Innovation ecosystem is also seeded and you’ll see many applications coming out. With its new iPhone, Apple has now brought biometrics to the consumer, but long before them we made India the tech capital for biometrics.
Q. Given the criticality of Aadhar, do you or the government of India have a formal succession plan in place? 
Our new chief executive has come in a few months ago. A senior IAS officer, Vijay Madan, is an extremely competent person. His predecessor was Ram Sewak Sharma, who really laid the foundation of UIDAI. In fairness, they really run the organization and I do the media interviews! My goal would be that Vijay remains in this position beyond me, as mission director and director general of UIDAI. It will be the government which will decide my successor.
Q. Should there be a clearer demarcation between people who design Aadhar vs those who influence its usage? You were, after all, on many committees? How will you ensure your successor does not misuse the power of the Aadhar platform in any way? 
All these committees are now wound up after having completed their assignment and delivered unanimous reports. The government is acting on the architecture that has been laid out to use Aadhaar for payments, do subsidy reforms and streamline benefits. These committees were essential as you cannot do such a transformational national reform without architectural integrity and ensuring that all the moving parts are meshed into each other. Aadhaar enabled change requires huge interoperability—LPG, kerosene, food, fertiliser, financial systems… all these need to be aligned.
Q. Is biometric authentication a must for all Aadhar transactions? If not, what percentage of them do you reckon require it?
Let us separate biometric and non-biometric uses of Aadhar. When you do authentication, a certain class of applications will require biometric authentication. For example, say all PDS [public distribution system] withdrawals will require biometrics so that the foodgrain goes to the lady of the house. But if you do e-commerce sitting at home, then you just need OTP [one time pin]. It’s always a risk-reward situation. In LPG, there’s no biometric authentication, but what is used to credit money is using Aadhaar as the financial address.
We are agnostic to the final composition of usage. But we are fairly confident, the more we learn the more accurate this system will become and more people will use it. If people don’t want to use biometric authentication, that’s fine. We have several value propositions.