India's billion-user biometric odyssey

Powered by SC Magazine
 

From ground-zero to ground-breaking, India is relying on a mammoth biometrics project to crush rampant fraud and deliver welfare to the nation's poorest.

A bold new biometric identity system is being deployed across India in a bid to combat rampant welfare fraud.

The mammoth system will collect the iris and fingerprint records on a voluntary basis of every one of India's 1.2 billion men, women and children. Each will be issued with a 12-digit identity number.

The project would be a bold deployment for Australia, but for the second-most populous country in the world and one of its most diverse -- in terms of culture, class and language -- it is ground-breaking. 

Making matters more complex, some 70 percent of Indians live across 640,000 villages and up to 30 percent of the population do not have a bank account.

Identity verification is currently a huge patchwork of systems of which many are simply paper documents issued by regional authorities and not accepted in other parts of the country.

As a result, residents carry up to four forms of redundant identity and duplication of records is rife. This also makes it easy for fake records to be created by corrupt officials seeking to steal welfare payments.

Srikanth Nadhamuni

Estimates have suggested up to 40 percent of food rations alone are wasted through a combination of corruption and inefficiency. Most fraud affected food, fertiliser and fuel subsidies.

The biometric Aadhaar system, together with a revamped welfare system loosely based on Brazil's Bolsa Familia program, is expected to help ensure the $40 billion in subsidies the Federal Government issues in direct annual welfare payments -- up to 2.2 percent of the country's gross domestic product -- do not line the pockets of corrupt officials.

It is also aimed at making the process of distributing wealth more efficient, eliminating overheads for both the government and those in remote areas who currently spend up to 28 percent of their welfare simply collecting the cash.

The system could even support a cashless society, according to Anjan Lahiri, chief executive of MindTree IT which has secured the Aadhaar maintenance contract. In his future, citizens would pay for a bag of rice with a fingerprint scan.

Aadhaar has been a boon for startups too, which have built applications to leverage the identity platform. 

Using a "zoo of open source animals", as project advisor Srikanth Nadhamuni described, Aadhaar has been rolling out across the nation enrolling some 500 million residents since its launch in 2009. The project is slated for completion in 2019.

Nadhamuni, who will talk at the upcoming AISA National Conference in Sydney next week, said India was "leap-frogging" the point of citizen identity common in many western countries by moving from its current disparate systems to the Aadhaar biometric-based online and federated national platform.

"It is going at a rate of one million enrolments every day," Nadhamuni said at the RSA Conference earlier this year. "We are adding a Finland every week."

"This has been a very complex project but that's not why it is unique - it is because of the human dimension to it.

"We have a real opportunity to get a large number of people in poverty [into] economic progress and prosperity."

AISA special coverage

Private sector organisations from banks to airports along with government agencies will also be able to query the Aadhaar database to verify identities. The requests will receive only a pass or fail response to maintain privacy, Nadhamuni said.

Identity layers such as bank PINS and account numbers could be layered on top of Aadhaar authentication should organisations wish.

The project has obvious benefits but also fierce critics who were concerned with both the Government's ability to secure the hugely valuable data, the apparent intrusion by the Federal Government into state affairs, and for the privacy implications for citizens.

On Sunday, retired Indian High Court judge K.S. Puttaswamy successfully petitioned the Supreme Court in that country to restrain moves by state governments to make Aadhaar mandatory for public services.

The Hindu reported Puttaswamy argued the project was deeply flawed because the project's underpinning National Identification Authority of India Bill 2010 was rejected by a parliamentary standing committee, adding that there were no checks to prevent undocumented migrant workers from adding themselves to the system.

The Federal Government is now preparing to argue its case to the Supreme Court, claming that Aadhar should be required to access public services.

Letters have been sent to Government from both officials and activists in protest of various elements of the project.

Other privacy pundits have claimed the Government has yet to prove the citizen data would not be sold to private companies or handed to foreign nations.

Then there were the manifold security concerns with biometrics. Various fingerprint scanners have been bypassed by existing, albeit complex techniques that lift prints from surfaces and replicate them within a substance.

A line of iris scanners was last year fooled by creating synthetic iris images that could be applied to contact lenses. This exploited the fact that the scanner read an iris code and not the eye itself.

In addressing some security concerns, Nadhamuni said each of the 100,000 human operators sent to collect registrations -- who were employed by a vendor in turn employed by State Governments serving as registrars -- would include their own biometric data when citizen's fingerprints and irises were collected.

This was required as a means to introduce traceability in the event biometric data was fraudulently collected and submitted to the central Aadhaar system.

Each biometric "packet" is PKI encrypted at the point of collection and decrypted "only when needed". Any one of the three vendors employed to process the data can see only an identification number and not personally identifiable data, according to Nadhamuni.

Third party vendors can only access separate network zones and have restricted account access.

The trio of vendors were employed to introduce competition throughout the life of the project. This was achieved by paying per biometric record processed and sending the lion's share of records to the then best performing vendor.

Duplicate records were sent across all three for validation -- with an astonishing three trillion biometric records scanned each day -- creating what Nadhamuni said was a system twice as effective as market offerings.

Java was the programming language of choice for the Linux-based system. It also used Spring aspect-oriented programming, HADOOP, and ran on commodity blade servers to enable it to  "scale gracefully".

Copyright © SC Magazine, Australia


India's billion-user biometric odyssey
Credit: Kannanshanmugam, shanmugamstudio, Kollam
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1518

Vote