Spawning identities in packets
Amidst the hullaballoo, the technology team that works at the back end of this gargantuan project, in Bangalore, celebrated the crossing of the 12-crore mark last week. Though the rate of processing Aadhaar numbers had admittedly witnessed a slowdown in recent months, the Unique Identification Authority of India (UIDAI) claims it is now able to process around 10 lakh numbers a day. With this, the coverage of the project stands at 10 per cent of the Indian population, and UIDAI officials claim the number surpasses any other biometric database in the world, exceeding the captures by the ‘U.S. Visit' database that records photographs and fingerprint data of every tourist visiting the country.
On the occasion, reporters were taken to the UIDAI's technology centre where they were briefed on the technology that runs the project at the back end and the advances it has made, and the officials attempted to “bust some myths” regarding the exercise.
This came close on the heels of criticism and concerns raised regarding the “security/safety” of the exercise, raised repeatedly by the Union Home Ministry, that involves private parties at practically every step.
UIDAI officials repeatedly emphasised on data security and privacy, insulation of the storage infrastructure (at the Central Identities Data Repository, or CIDR) from outside networks such as the Internet and the role of an open infrastructure in addressing cost concerns.
Earlier this week, the UIDAI also released its internally conducted survey report on biometrics, based on a sample of 8.4 crore enrolments. Titled ‘Role of biometric technology in Aadhaar enrolment', the survey findings are intended to counter criticism from various tech quarters on the efficacy and accuracy of biometric data to authenticate and verify identities, particularly when the database is as expansive. Global studies have found that totally eliminating duplication is impossible, and the False Negative Identification Rate, however small, will be a finite number.
The UIDAI report surmises that “all fears of unreliability can be put to rest”, as it pegs the False Negative Identification Rate at 0.035 per cent. Thus, the chances that data stored in the CIDR is “not unique” is “remote”, says Pramod Varma, chief architect, UIDAI. “At an accuracy rate of 99.965 per cent, this is a small chance. Our studies have also found that only 0.5 per cent of enrolments are duplicates, so this brings the total numbers in the database to a few thousands,” Mr. Varma said. The process of de-duplication is fairly elaborate and ensures “uniqueness”, he explains.
Initial proof-of-concepts by the UIDAI found that using multiple biometrics increased the accuracy levels by “more than an order of magnitude” better than when using a single one. Technologists claim that it is this “multi-modal” approach, coupled with what is called a “multi-ABIS” approach to check for duplication, that makes Aadhaar a “truly unique” system. So, the biometric data packets here use the “fusion approach”, that is, the matching scores of 10 fingerprints and iris are fused using the Automatic Biometric Information System (ABIS).
The enrolment data packets (after operators enter demographic and biometric data into the system) are encrypted using an asymmetric public/private key encryption scheme (2,048 bit encryption) for security. This is then transmitted to the CIDR, where it is processed after decryption; while the demographic data packet goes through a random manual checking process (to weed out errors such as wrong sex, or identifiable mismatches), the biometric data goes through a multi-ABIS system for de-duplication.
The ‘multi-ABIS' de-duplication process at the back end involves simultaneously sending the biometric data packet (minus the demographic data) through three different algorithms — sub-contracted to biometric service providers L1, Accenture and Morpho — to check for duplicates. This process, known as de-duplication, involves checking a fresh enrolment with every other enrolment made till date, and is obviously computation-intensive. This “key innovation”, the UIDAI claims, increases the throughput and accuracy of the system by a factor of three, while encouraging competition between the ABIS providers.
In its initial phase, Aadhaar's client software ran into trouble with the Kerala Government (which has a Free Software or GNU/Linux-only policy for its public software) because it ran only in a Microsoft Windows environment. Since then, it appears the UIDAI has actively opted to go the Open Source way, adopting an Open architecture based on Open standards — from providing APIs (Application Programming Interface) at different levels, right from capture devices to de-duplication and even authentication.
This is significant because it has averted vendor lock-ins at every stage, and has allowed huge cost savings. Officials claim that this vendor neutrality, owing to the Open architecture, has allowed for the use of low-cost commodity hardware available from multiple vendors (instead of proprietary hardware).
For instance, the global cost of biometric de-duplication was pegged at Rs. 20 per ID when Aadhaar proof-of-concepts were made two years ago. Today, the cost per de-duplication is set at Rs. 2.75, and is only falling, top officials claim.
This makes the Aadhaar project unique, for worldwide biometric systems have been tied to a single vendor, explains Srikanth Nadhamuni, technology head, UIDAI. “We have actively adopted several Open standards that make the system neutral and interoperable. Though I cannot put a number to it, this has certainly encouraged competition and driven down the cost of devices and enrolment kits.”