How Dependable and Accurate is the UID Authentication Scheme?

Biometric identification has become a core part of national security in many nations around the world, and is expected to be the standard for the foreseeable future. The trust placed by governments in biometric schemes stems from the notion that every human being has unique physical characteristics, such as fingerprints or iris signature. The idea is to capture these unique physical features and encode them in a format that can be processed by computers. The UID project’s main goal is to identify every Indian’s biometrics with a unique number assigned to each citizen by the UIDAI — the UID number.

When a Citizen registers with one of many registrars partnering with the UIDAI, the Citizen’s biometrics, signature, and other information is collected and a temporary number is assigned, along with receipt acknowledging submission of the information to the UIDAI. The entire process is detailed in the UIDAI web page. At the time of registration, a temporary UID number is provided to the Citizen, with a permanent number later mailed in to the applicant once appropriate verification and uniqueness of biometric data has been determined. How do we know that best effort has been made to ensure that data in the UID database is correct and not falsified? This question is especially important, given that preventing fraud is one of the stated goals of the UID project. It is important to note that an enormous number of Indians simply do not have any form of identification that can be presented to Registrars. This is clearly a loophole that can be exploited by those who want to cheat the system by registering the same person multiple times with different Registrars. This raises the importance of the issue of detecting and eliminating fraudulent use of the system.

The Registration Process: When a Registrar inputs a UID user data to UID’s Central ID Repository (CIDR) servers, the user’s biometrics are compared with existing biometrics in the UID database to ensure that the biometric data does not already exist — a process that has been referred to as de-duplication. This is handled by the Fraud Detection Application (FDA) that takes care of the following types of fraudulent usage: misrepresentation of information, multiple registrations by same person, registration for non-existent residents, or impersonation, as specified on the UIDAI web page. All of these problems boil down to identifying more than one applicant in the UID database with matching fingerprints and matching iris image biometrics, at a minimum. That is, both these biometrics need to match with a high degree of accuracy in order for an entry to be flagged as a match with an existing entry in the UID database. Note that the iris prints are from both eyes, and in every human, these prints are completely different for the two eyes. Note that the registrars operate independently scanning this biometric information, and then enter the data into the CIDR from a remote terminal, and this is why temporary numbers are assigned at the point of registration.

In an analysis of UID registration process, it is noted that the UIDAI’s official statistics show that they registered (at the time of the analysis) 25900000 individuals of which 20050 were determined to be duplicate registrations. These duplicate registrations were determined by a “multi-modal de-duplication scheme”. The scheme is “multi-modal” because it takes into account multiple bio-metric modes: fingerprints and iris scan. However, a look at the open complaints page in the UIDAI web page, show only a handful of complaints, and none of them major in terms of denied identity, as would have to be the case for one of the 20050. A testament to the fact that the de-duplication scheme of the UIDAI is doing the job it is intended to do. Specifically, these UIDAI registrations were flagged as duplicate registrations and rejected because the FDA determined a match in multiple biometric modes, to a high degree of certainty. In this case, the newly input user data matched another entry in the UID database with a high degree of certainty, both fingerprints and iris-scan. Once the UIDAI has processed an entry through the FDA, and it is determined as a unique print as per a online multi-modal search and/or offline search, then the process of de-duplication is essentially complete and a permanent UID number is assigned to the resident. Note that the UID is 12 digits and this can identify about 1000 times as many Indians as currently exist today. It should be noted that the UIDAI has meticulously noted the process for processing UID deliveries to applicants.

As mentioned earlier, biometrics are unique, and secondly, both fingerprint and iris signatures do not change with age and are constant throughout a person’s life. This is the reason why biometrics can be taken for very small children for a UID number, because the UID technology can adjust for the physical size of the fingers by normalising the image before comparison. In the case of the eyeballs, it is a fact of human physiology that the eyeballs of an individual remain the same size throughout their lives.

The only way for a person to fool the UID system into accepting more than one entry in the UID database is by presenting multiple biometrics that do not match in all modes, one for each fraudulent UID number. Biometric attributes cannot be faked any more than a person can change their own DNA, as a person’s DNA determines the ridges in their iris and the prints on their extremities. Biometric matches can be used as evidence in court in most countries with such forensic technologies at their disposal. Fingerprint matching is done by examining the spatial separation of various unique characteristics of the ridges, loops and whirls on every human’s fingers. Similarly the 360 degree 3D maps of the irises in both eyes, which are both unique. The probability of the biometrics of all fingerprints and both irises matching for two humans due to the limitations of the biometric system is small enough that it may be assumed to be zero.

To see why this is the case, assume that matching print on any finger is independent of matching print on any other finger, i.e., they are independent events in the probabilistic sense. Now, the probability of a finger print match giving a false positive could be some number say p, which is a percentage of times on the average a finger match is matched positive, when it should not have been. Similarly, let ii be the probability of false positive match in one eye. Now, the cumulative error rate for the de-duplication system employed by the UIDAI, is the product of the error rate for fingerprint comparing prints from one hand (denoted by error rate p per finger) , and the error rate per iris (denoted by ii), i.e., p^5*ii^2, where ^ is the exponent symbol. The error rate, also known as the Error Crossover Rate (ECR) for iris scan is 1 in 131,000 and 1 in 500 for finger printing. False acceptance rates are very low for iris scans and both false positives and false negatives are difficult to produce, both for fingerprint and iris recognition. Now, substituting 1/500 and 1/130000 for p and ii we can see the probability for an error in the multi-modal duplication, where the fingerprint and iris biometrics are compared to create a score between 1 and 100 as to the closeness of the match. Note that the cumulative error rate is (0.002^5)*(7*10^-7^2) equals approximately 10^-30 (or 1 in 10^30). The entire population of the world right now is around 6*10^9. The implication of this low cumulative error rate in the de-duplication process, is that all 20050 applicants flagged as duplicates or fakes were, in fact, all fraudulent UID applications. In a way, it proves the effectiveness of the UID system as a robust authentication mechanism.

Also, in the analysis of the error rate in the CIS paper, the random variable Y can be considered a constant, specifically zero, given the really low false positive and false negative rates for biometric schemes. This, in turn, implies that the UIDAI uses a very stringent de-duplication algorithm and thus guarantees that every biometric in the UID database is uniquely mapped to a 12-digit UID number. Also, the random variable X is redundant, since we do not expect the biometrics of any two entries match. Further, let us recall that in the registration process, the Fraud Detection Application detects and rejects applications where there is a match in the biometrics. I believe these and other safeguards employed by the UIDAI guarantees unique biometrics in the UID database.

What happens if a Citizen is locked out of the UID database? The Citizen must first contact the UIDAI on the website and explain they have been locked out. And when that is done, they can be assigned a new UID number and disable the old UID number, so that it no longer exists in the UID database. None of this means that the UIDAI or the system is infallible. Citizens groups and NGOs such as CIS should question the precautions taken for physical safety of the UID servers, both from criminals and from even the employees of UIDAI themselves. It is a continuous process, requiring constant vigilance on the independent functioning of the UIDAI, without interference from government or bureaucrats or politicians. Such independence is essential and of utmost importance in retaining the trust of the Citizen in the UID system.

Related posts:

1. An Evaluation of the Parliamentary Report on the UID