How UIDAI goofed up pilot test results to press forward with UID scheme
Moneylife Digital Team 18 March 2011

According to test results of UIDAI’s biometrics-based Aadhaar project, there could be up to 15,000 false positives for every Indian resident. Moreover, this figure is just for identification and not for verification

The Indian government and its de-facto tagging institution, the Unique Identification Authority of India (UIDAI), have not only ignored privacy concerns but also ignored sample test results of its pilot project. Both the government and UIDAI have been in such a hurry that they have neglected the basic principle of pilot testing and size of sample. For over 1.2 billion UID numbers, they have used data from just 20,000 people, in pairs, as the sample and have on the basis of the results gone ahead with the UID number through the 'Aadhaar' project.

UIDAI conducted a proof of the concept trial of the Aadhaar project between March and June 2010. In the results, it said, "The matching analysis was done on two sets of 20,000 biometrics, for a total of 40,000. However, the number of comparisons was several orders of magnitude more than 40,000, since each set of fingerprints would be matched against every other set of fingerprints in the data set".

On the false positive identification rate (FPIR), the authority said, "We will look at the point where the FPIR (i.e. the possibility that a person is mistaken to be a different person) is 0.0025%". This means, for every 1 lakh comparisons, there would be two and a half false positives. On a large scale, it means for a population of over 120 crore, there would be 18 lakh crore false positives, or, for every single Indian resident there would be 15,000 false positives!  (Click to see the calculations)

David Moss, who spent eight years campaigning against the UK's National ID (NID) card scheme, has questioned the logic of the UIDAI and the government to depending on biometrics to produce the UID number. In a report titled, "India's ID card scheme-drowning in a sea of false positives", Mr Moss said, "those (the FPIR) conclusions do not follow from the evidence reported. Nothing in UIDAI's surprisingly low quality report suggests that it would be feasible to prove that each electronic identity on the Central ID Repository (CIDR) is unique. Not with a billion plus people on the database. Far from it, India can be confident, from the figures quoted in UIDAI's proof of concept trial report, that de-duplication could never be achieved."

Speaking about the UK's NID scheme, Mr Moss said, "There were many problems with the UK scheme. Not just biometrics. But biometrics is the easiest problem to understand and to discuss objectively and on which to reach an agreed decision, as it's quantifiable, there are no difficult value judgements to make and it's just technology. But it's not a very good technology, for, whenever there is a large-scale field trial, mass consumer biometrics prove to be too unreliable for the ID card schemes that depend on them, as opposed to the mere computer modelling exercises favoured by the US National Institute of Standards and Technology (NIST)."

In addition, there are issues like the reliability of biometric identification for a large population like in India. For the record, no one has ever issued IDs to such a huge population anywhere in the world. And whoever has tried to issue biometrics-based Ids, even for a small size, had to abandon or discard the idea altogether. Like the UK government abolished its NID scheme citing higher costs, impracticality and ungovernable breaches of privacy as reasons for cancelling the NID project.

The UK government spent around £250 million on developing the national ID programme over eight years. However, its abolition means that the government will avoid spending another £800 million over a decade. The NID was launched in July 2002 and as of February 2010, its total costs rose to an estimated £4.5 billion.

For the biometrics-based ID cards, there was one study done at Seoul in Korea. The study was done for ID cards issued for driver licences. It was designed in such a way that by swiping fingers, the drivers were able to access services like paying parking charges and redeeming a ticket. However, after one year, it was found that 5% to 13% users could not use the system. The tests were conducted with four different manufacturers, with drivers being white collar workers and housewives in acceptable quality criteria. In the end the study recommended frequent re-enrolment of users.

According to JT D'Souza, who analysed the pilot study conducted by the UIDAI, given the well-known lacunae in our infrastructure and massive demographics, biometrics as an ID will be a guaranteed failure and result in denial of service. He said, "The sum of false acceptance rate and false rejection rate (EER) reveals only part of the problem, which is rejection or acceptance within a short duration of enrolment. The bigger problem is ageing, including health and environment factors, which causes sufficient change to make biometrics completely unusable and requires very frequent re-enrolment."

The International Biometric Group (IBG) testing also shows that performance can vary drastically within technologies-some fingerprint solutions, for example, had next to no errors during testing, while others rejected nearly 1/3rd of enrolled users. "Most interestingly, the testing shows that over time, many biometric systems are prone to incorrectly rejecting a substantial percentage of users. Verifying a user immediately after enrolment is not highly challenging to biometric systems. However, after six weeks, testing shows that some systems' error rates increase ten-fold," according to the research, consulting and integration firm, which works closely with the biometric industry. The report is titled "Real-World Performance Testing".

Despite all the issues, the UIDAI and the Indian government are pressing hard to implement the UID number scheme across the country. While maintaining that the UID number is not compulsory, both of them are making efforts to make it mandatory using backdoor methods. Nobody is even ready to pause and think about the possible consequences of the failure to identify some poor person from a remote place. It may be a technical glitch for the authorities, but could be a question of life and death for the 'aam admi', who would be denied food and other benefits due to the failure.

"By the time the stillborn (NID) scheme was finally cancelled, the UK's Home Office had lost all credibility, it was totally demoralised and it is now excluded from discussions of the new, and still unspecified, Digital Delivery Identity Assurance project. Having given their unsolicited testimonials to the biometrics industry and its unreliable products, UIDAI will be left to clean up the expensive mess left in India as best they can when 'Aadhaar' is cancelled, while the biometrics industry road-show moves on to the next country and repeats the trick," Mr Moss concluded.

You may want to read:

7 years ago
This could happen because of most of the apna csc, VLEs were not working properly. In village and rural areas, people with digital seva ID have misused the system by generating the fake ID's. The E-Governance should take an action against them so that, generation of fake Id's will be stopped.
7 years ago

UIDAI conducted a proof of the concept trial of the SSUP project between March and June 2010. In the results, it said, "The matching analysis was done on two sets of 20,000 biometrics, for a total of 40,000. However, the number of comparisons was several orders of magnitude more than 40,000, since each set of fingerprints would be matched against every other set of fingerprints in the data set".
Ram Das
1 decade ago
This article seemed to rehash claims made by Mr. Moss in 2010. Sadly, calculations done by Mr. Moss were simply wrong. The errors were pointed out by Murali when the original article came out. Money life, please consult any reputable mathematician and you will find that Mr. Moss's math is humbung. Reference: Go to the bottom to read where Mr. Moss has goofed up in his calculations.

It is time to stop shouting "earth is in the center because I saw sun rise to the east".

Get your maths right first.
1 decade ago
David Moss
1 decade ago
The first version of the sea-of-false-positives review of UIDAI's proof of concept trial report was posted on a website called Planet Biometrics on 16 February 2011.

37 days later, a response was received from one Murali Chirala, who may or may not be associated with UIDAI.

Please see

Murali Chirala's is a substantial response. I have today tried twice to post my initial answer on Planet Biometrics but there seems to be a problem with the website.

I have been recording events on the No2ID website, please see

... and also here on Just to keep things up to date, here it is, the first of many responses to Murali Chirala:

1 According to Murali Chirala, “Mr. David Moss makes two fundamental errors in ...” and “Mr. Moss confuses FPIR ... with FMR ...” and “Mr. Moss has misinterpreted FPIR and FNIR for FMR and FNMR ...” and there is “... a massive discrepancy in Mr. Moss’ calculations” and “Mr. Moss incorrectly assumes that ...”

2 He’s pretty stupid, this man Moss.

3 We can safely ignore him, he’s irrelevant.

4 Even so, the question remains, for an intelligent third party, are all the records on the Central ID Repository (CIDR) being built by UIDAI biometrically unique? Are they? Or aren’t they? Yes? Or no?

5 Let’s call this intelligent third party “Churali Mirala”, or “CM” for short. CM wants to understand exactly what Murali Chirala is saying, because this question of uniqueness is important. After all, if the Unique Identification Authority of India isn’t offering unique identification, what is it offering?

6 CM takes a good look at Murali Chirala’s second paragraph, where there is talk of “two different galleries”, each with 20,000 records.

7 A gallery here, CM assumes, is a mini CIDR, a set or database of biometric records.

8 What is in the records, CM asks? In UIDAI’s proof of concept trial, each record identified one Indian using 12 items, viz. ten fingerprints and two irisprints. Since that is what we are talking about, UIDAI’s proof of concept trial report, CM assumes that by a “record”, Murali Chirala means 12 fields/columns containing ten fingerprints and two irisprints.

9 Murali Chirala talks of “40,000 searches” on each gallery. Why 40,000? Murali Chirala has a rather elliptical way of writing. We have to “unpack” his words, so to speak. Where did 40,000 come from? CM makes a guess. He assumes that the ten fingerprints are treated as one search term/probe and the two irisprints are treated as a second probe. (CM has been doing some background reading and understands that when you do a matching exercise in the academic field of biometrics you “probe” the “gallery”, which is also sometimes called the “background”.) Good. So that makes two searches for each Indian in the gallery. 40,000 searches in all. CM would like Murali Chirala to confirm that this guess is correct. He doesn’t want to be thought to be as stupid as David Moss. But if the guess isn’t correct, then CM can’t understand what the elliptical Murali Chirala is talking about with his 40,000 searches.

10 And what are these searches, CM asks? There’s not much point searching a gallery against itself, CM thinks, because then the false negative identification rate would have to be zero. And it isn’t. Then CM remembers that the participants in the proof of concept trial had to make two visits to be registered. CM assumes that the gallery was built from the biometrics registered at the first visit and that it is the biometrics registered at the second visit which are being used as the probes. Again, CM would like Murali Chirala to confirm that this guess is correct. He still doesn’t want to be thought to be as stupid as David Moss. But if the guess isn’t correct, then CM still can’t understand what the elliptical Murali Chirala is talking about with his 40,000 searches.

11 Obviously Murali Chirala’s answers would be wasted on David Moss. No question. But Murali Chirala still nevertheless owes answers to any intelligent third party who is interested to know whether records on the CIDR are unique.

12 More questions for Murali Chirala. 60,000 participants attended the second registration session. And yet the gallery comprises only 20,000 Indians. Why, CM wants to know, why doesn’t the gallery have 60,000 people in it? How were the 20,000 chosen? What was wrong with the other 40,000?

13 Also, Murali Chirala, please confirm CM’s assumption that the 20,000 probes chosen from the second registration session used to match against the gallery created from the first registration session were chosen because UIDAI thought they were the same 20,000 people, they’re not 20,000 probes chosen at random, say, from the 60,000 available.

14 We’re still in the second paragraph of Murali Chirala’s post. And there’s another question which requires his attention. He really is the most elliptical of writers.

15 There are two galleries. One of them is “seeded” and the other one isn’t. What is the difference? It seems from what Murali Chirala says that the seeded gallery is required to calculate the false negative identification rate, you can’t do that with an unseeded gallery. CM makes a guess. If Murali Chirala, say, is not matched and the operation returns a negative, the only way UIDAI can know that that is a false negative is if they know in advance that Murali Chirala is in the gallery. So seeding the gallery must involve checking it first, before matching operations begin, to see who’s in it. Perhaps Murali Chirala could confirm.

16 There is an equivalent problem with false positives. Suppose UIDAI probe the unseeded gallery with Murali Chirala’s biometrics and get three matches. Perhaps Murali Chirala is registered on the CIDR three times. They could be legitimate matches. How do UIDAI know that at least two of the positives are false? Only if they already know that all the records in the gallery are unique.

17 But hang on a minute. Isn’t that where we started? That’s exactly what we need to know. Is each record on the CIDR unique? The answer from Murali Chirala so far is that, yes, each record is unique if each record is unique. It seems that whatever Murali Chirala is talking about, the correct way to measure false positive and negative identification rates, it doesn’t help us to establish whether these blessed records are or are not unique.

18 We need answers to these questions raised by Murali Chirala’s second paragraph before we can move on to his third paragraph, which we look forward to doing, soon.

19 Your comments would be appreciated Murali Chirala. It took you 37 days, from 16 February to 25 March to respond last time. That’s fine as long as we’re only dealing with the halfwit David Moss. But an intelligent third party, perhaps an Indian taxpayer wondering if his or her tax money is being wasted, will look forward to an answer from you, Murali Chirala, much more quickly than that, please.
interested observer
Replied to David Moss comment 1 decade ago
dear mr moss,

i was trying to decipher mr muralis explanation and as far as i understand what he finally says is that the number of false positives and false negatives on attempting to confirm the uniqueness of each id being issued can be kept within manageable limits by lowering the tolerances with which they are compared. As the sample size goes up, u look at each id less carefully so that u don't get too many false positive matches from the ids already in the database!!! I hope i am just misunderstanding him.Please tell me if i am missing something here.I can just imagine the chaos when 'mr.common man from the poor and marginalised parts of society' turns up with his uid card and the machine tells him he is not himself. And all these are problems inherent in the system, not to think of the deliberate misdeeds possible..
David Moss
Replied to David Moss comment 1 decade ago
20 Let’s say that CM, the intelligent third party, while waiting for Murali Chirala’s response, reads ahead and finds this: “Mr. Moss incorrectly assumes that the decision threshold on the 1-to-1 comparison score is kept constant independently of the gallery size. In fact this threshold is adjusted in the real operational system to keep FPIR constant independently of the gallery size G. This fact alone removes the possibility of the sea of false positives”.

21 Is Murali Chirala right when he says that the possibility of a sea of false positives has been removed?

22 Probably.

23 After all, this sea of false positives argument is devised by David Moss, already acknowledged as the biometrics village idiot.

24 Or is it? CM checks and, lo, he finds this*, talking about the UK ID card scheme: “academic John Daugman, a former member of the Biometrics Assurance Group (BAG) which reviewed the scheme, says its reliance on fingerprints and facial photos to verify a person's identity will cause the system to collapse under the weight of mismatched identifications”. And this: “Daugman, an expert on iris recognition, says fingerprints and facial photos are not distinctive enough to be able to tell the UK's 45-million-strong adult population apart”. And this: “Daugman said that even if the error rate was as low as one in a million, the 10 to the power of 15 comparisons needed to verify the IDs of 45 million people would result in one billion false matches”. And this: “He told ‘The use of fingerprints will cause deduplication to drown in false matches’ ...”.

25 And who, pray, is John Daugman?

26 Only the king of biometrics based on the iris, the inventor and patentholder of the iris-matching algorithm and a professor at the Cambridge Computer Lab, that’s who**. Search for “john daugman” “biometrics” and Google gets you 7,930 hits.

27 Professor Daugman is not going to be stupid. Not like David Moss. Clearly Murali Chirala disagrees with him. But then, if you search for “Murali Chirala” “biometrics”, Google gets you one hit.

28 It’s hardly a slam dunk argument, you can’t resolve biometrics problems by Google hits, but CM thinks he’s got to make up his own mind about the sea of false positives and not just take Murali Chirala’s word for it that there is not even possibly a drowning problem. Once again, he hopes that Murali Chirala will soon answer.

* ... -39294213/

David Moss
Replied to David Moss comment 1 decade ago
The link to the article at para.24 above about Professor Daugman wasn't parsed properly by the editor. Let's try this alternative and this one instead. It's an important article and well worth reading. And it's only short.
David Moss
Replied to David Moss comment 1 decade ago
29 Considering paragraphs 20 to 28 above, CM, the intelligent Indian taxpayer investigating whether UIDAI is wasting public money, wonders why, if there is a sea of false positives, no explorer has discovered it and charted it.

30 One potential answer, considering paragraphs 1 to 19 above, is that no explorer has looked for it. If the sea of false positives is there, it would be revealed the minute anyone tried to prove that all records on the CIDR are biometrically unique. But they don’t try to prove that. Instead, if Murali Chirala is right, they try to calculate the false positive and negative identification rates. And that is a different job.

31 You’d think that CM would now test the truth of this hypothesis.

32 But no, you would be wrong.

33 CM’s eye has been caught by something else. Something else explosive. What looks like a fundamental error in Murali Chirala’s argument. An error that would bring down the whole house of cards. At least it would if UIDAI have made the same error. A hole at the heart of UIDAI’s case. A problem so glaring that it has even occurred to the troglodytic David Moss (in his own dim and benighted way, at least).

34 Every other reader of paragraph 20 above will also have spotted it. It’s a hand grenade with the pin removed. It’s a time-bomb, ticking down fast to zero.

35 Let’s take this slowly, just to check our logic as we go.

36 We’re going to look at matching, comparing someone’s biometrics against the template stored on the CIDR, we’re going to look at the “decision threshold” and the “comparison score” mentioned by Murali Chirala. About time too! That’s what biometrics is all about -- comparing/matching and verifying that Murali Chirala is Murali Chirala. How come it’s taken until paragraph 36 to get onto the subject? Never mind, here we are at last.

37 What we will find is that Murali Chirala is nearly right when he says “... this fact alone removes the possibility of the sea of false positives”. To be quite correct, Murali Chirala should have said “... this fact alone removes the possibility of FINDING the sea of false positives”.

38 We will find that UIDAI and NIST (see below) and others are using a peculiar concept of identity nothing like what normal people understand by the word and muddying the waters by confusing the two usages.

39 And, finally, we will discover that when it comes to biometrics NIST (see below) are arguably a busted flush and so is any organisation like UIDAI that follows NIST’s prescriptions.

40 Heady stuff. Hold on to your hat.

41 That’s what we will find and we’re going to start with NIST, a US organisation, the National Institute of Standards and Technology, and their May 2004 report ‘Matching Performance for the US-VISIT IDENT System Using Flat Fingerprints’, a report some of us have read at least a dozen times, please see

42 Murali Chirala has great confidence in NIST. He says: “... while the [UIDAI proof of concept trial] does not provide sufficient number of identification searches to estimate [FPIR] and FNIR in a gallery of size of 1.2B directly, and extrapolating too far out has its own dangers in terms of statistical significance, methodology is available to extrapolate the [UIDAI proof of concept trial] results using trends established earlier in other large well established biometric performance evaluations performed by NIST and other agencies”.

43 Lots of other people share that confidence, including UIDAI, who were advised by NIST in the early days, please see UIDAI’s paper ‘Biometrics Design Standards For UID Applications’ at

44 That confidence is misplaced.
Ram Das
1 decade ago
Are you referring to response at ?
How did you conclude that the response is from UIDAI?
David Moss
Replied to Ram Das comment 1 decade ago
Good question.
The first version of my sea-of-false-positives argument was posted on the Planet Biometrics website, a sort of biometrics fanzine, please see
That was on 16 February, about six weeks ago.
I was told a week later, 23 February, to expect a response from UIDAI.
A month later, on 25 March, I was told that the response I was expecting had now been posted on Planet Biometrics.
I agree that there is nothing to associate Murali Chirala with UIDAI anywhere on the web.
All I am going on is what I was told, by someone who ought to know.
David Moss
1 decade ago
A response has now been received from UIDAI, posted on the website.

There is homework to be done, getting to grips with this substantial response of UIDAI's.

More, next week ...
David Moss
1 decade ago
Vivek Gupta 5 hours agoThis is what i call discussion without facts or rather distortion of facts. In any matching algorithm there are multiple inputs applied and not just one. Thus likelihood of falsepositive rate can be significantly eliminated by taking a segmented algorithm approach. I have personally worked on many such algorithms for credit bureaus so understand them well. This false positive rate has no relevance without understanding the full algorithm.

Moneylife is only publishing negative comments and distorting facts. Why? Are you afraid that corruption can be stopped using UIDAI and some people are propping you?

“In any matching algorithm there are multiple inputs applied and not just one”, says VivekGupta, very confidently, based on his experience of credit rating bureaux.
UIDAI is not a credit rating bureau, and they say “biometrics features are selected to be the primary mechanism for ensuring uniqueness” and their mission is “to design biometrics system that enables India to achieve uniqueness in the national registry” and “while certain demographical information is also provided, UIDAI provides no assurance of its accuracy ... demographic information shall not be used for filtering during the de-duplication process”.
There we have a nice example of the problem of induction. VivekGupta assumed that all organisations apply multiple inputs in their matching algorithms, his hypothesis was tested, and UIDAI prove it to be wrong. UIDAI are relying on biometrics only.
There is nothing wrong with publishing VivekGupta’s comments. He’s wrong. But that is not a reason to suppress his comments or to assume that some corrupt person is paying him to distort the facts. Rather, should be praised for hosting an open debate.
Which takes us back to JOABNarayan’s comment three days ago, “I wonder whats the reaction of UID authorities to David Moss' point?” -- UIDAI are strangely silent, aren’t they?

Test area only
Test area only
Vivek Gupta
1 decade ago
This is what i call discussion without facts or rather distortion of facts. In any matching algorithm there are multiple inputs applied and not just one. Thus likelihood of falsepositive rate can be significantly eliminated by taking a segmented algorithm approach. I have personally worked on many such algorithms for credit bureaus so understand them well. This false positive rate has no relevance without understanding the full algorithm.

Moneylife is only publishing negative comments and distorting facts. Why? Are you afraid that corruption can be stopped using UIDAI and some people are propping you?
David Moss
1 decade ago
Dear DSOHIndian

"Filthy brain"? "Sick propaganda"?
Why are you so upset?

Best wishes
David Moss
1 decade ago
Dear Mr Lerner

Thank you for your comment.

This business of keeping investigations quiet cropped up in a New York Times article last month, 'Hiding Details of Dubious Deal, U.S. Invokes National Security',

The article includes George Tenet. Again.

And it includes this:

"For eight years, government officials turned to Dennis Montgomery, a California computer programmer, for eye-popping technology that he said could catch terrorists. Now, federal officials want nothing to do with him and are going to extraordinary lengths to ensure that his dealings with Washington stay secret ...
"In interviews, several employees claimed that Mr. Montgomery had manipulated tests in demonstrations with military officials to make it appear that his video recognition software had worked, according to government memorandums ..."

It's extraordinary how government agencies get sucked in.
13 years ago, the police in the London Borough of Newham, helped a company called Visionics to promote the notion that their biometrics software had helped to drive crime off the streets of Newham.
Then in June 2002, as reported by New Scientist magazine, "the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest",
Let's hope the same thing isn't happening to UIDAI.

And it's extraordinary how resilient these companies and their directors are.
The Chairman and CEO of Visionics back then was Dr. Joseph J. Atick. Visionics was swallowed by Identix which, together with many other companies, became L-1 Identity Solutions,
The Executive Vice President and Chief Strategic Officer of L-1 Identity Solutions is, of course, Dr. Joseph J. Atick.
The embarrassment of luring the police into a deception and the embarrassment of the failure of Visionics and identix in the 2004 UK Passport Service biometrics enrolment trial (as reported by Atos Origin, just seem to bounce off him.
I sometimes wonder if there is some pathological compulsion to believe that mass consumer biometrics work even when the evidence is there in front of everyone's eyes that they don't.

Let's hope that UIDAI, the Indian government and India itself are less gullible.
Ignorant Indian
1 decade ago
Hi David,

The whole basis of your article is one number 0.0025%. This is the FPIR rate used by the report prepares to measure FNIR accuracy.

The report **NEVER SAID THAT THAT WILL BE USED FOR DE-DUPLICATION ***. I am highlighting this because that way it could stick to your filthy brain. They could have simply listed to indicate that biometrics are capable of achieving near zero FNIR. what if the actual FPIR is different from that?

I have heard about environmentalists that manipulate global warming numbers to push their agenda. But what you are doing is even worse. What if UIDAI had accepted a different FPIR rate in their logic? You just assumed the indicated number, because that is convenient for your propaganda.

I would have appreciated if you have really made some constructive suggestions, rather than using UIDAI project for your sick propaganda.

And the about dematerialized id, can you explain how that will work in India, say for a PDS system?
shyam sunder
Replied to Ignorant Indian comment 1 decade ago
Hey this guy ignorant Indian clearly has an agenda. He is either the biggest beneficiary of UID contracts or is part of the UID himself.

I don't know why the UIDAI cannot come out openly and engage with this website and the articles on UID. As far as I know, they are the only ones attempting to show the otherside of the UID story as well as global experience.
The very fact that many informed voices are participating in the debate here, requires a truly confident and nationalistic UID to write openly and engage with people. This stealth bombing through dubious aliases only raises doubts about their intentions and integrity.

shyam sundar
Ignorant Indian
Replied to shyam sunder comment 1 decade ago
Hey Shyam Sundar, i think you are right on your guess about me. I have UIDAI enrollment contracts for all states in binami names and i am making a profit of 500 rupees for every binami enrollment. Also the company i own has exclusive rights for all other contracts of UIDAI.

I hope that makes you to feel better about your self.

Ok, just to bring you to reality, I am not any type of beneficiary. I am not even related to identity business. I am just a average Indian, who is normally ignorant about other things, but i had always thought why India did not have a infrastructure like a basic identity scheme. This scheme I thought is a good one that will make life easier for certain sections of rural people.

What I can not tolerate is some privacy maniacs getting all stupid people from the world filled with hatred on biometrics and who are basically against a state run identity scheme pushing articles that I clearly see did not base on right numbers or analysis.

All I have been trying past 2 days was forcing the author of this article to give factual numbers and asking them not make stupid assumptions before writing a book on consequences of it.

When the facts are presented right and if they correlate to reality on their impact and if there is a way the author can explain how the 'false positives' are going to derail the scheme, then I am going to believe it.

Until that time, it is a load of bull shit, coated with impressive math.
Ignor Indians
Replied to Ignorant Indian comment 1 decade ago
It is obvious from your name that you are ignorant and st***d as well. Do you know the basic promise the UID is being pushed so hard? As the UIDAI says the UID number is meant for those poor people who do not have any kind of identification and hence remain outside of the beneficial schemes run by the government.
My simple question to you and all those who want to push through one more ID, is "If at all the UID number is meant to creat an ID for those who do not have one, then why the poor fellow is supposed to bring along photo ID and residence proof for enroling?"
Any answers or you are ignorant about this as well? Wake up dear, before this thing of giving useless ID numbers will turn out to be bigger fraud than the 2G, CWG scams.
Ignorant Indian
Replied to Ignor Indians comment 1 decade ago
What I read is Id proof and Residency proof are taken if the person can present. Even with out them, they are supposed to enroll. How do you think home less in Delhi are enrolling?

You are the one that needs to wake up and see positive things.
Proud Indian
Replied to Ignorant Indian comment 1 decade ago
This exactly is the problem with Ignorant people. They "read" about anything somewhere and bombards with their 'wisdom'. Come down to the ground level, Ignorant. Only if you would read Moneylife article about enrolment. Anyway read it here...
It says, "In addition, one must carry an identity or address proof, whether it is a public distribution system (PDS) or ration card, or a PAN card, to be able to get a form to apply for the UIDN."
Got it? You need photo ID and residential proofs just to get an enrolment form for the UID number. Wish you would have visited such centre in India and then commented.
Mark Lerner
1 decade ago

Your analysis is correct. In 2003 IBG provided AAMVA (American Association of Motor Vehicle Administrators) with a report that addressed the issue of "scalability". IBG's report was very insightful; biometrics do not work when there is a large subject pool.

There is one factor that you did not specifically address at length. Yes, biometric vendors do hype their products and the capability of their products. When biometrics is used we are asked to trust the technology, the vendor and the end user/government.

I spent two plus years as a confidant of some of the most senior people in the biometrics industry. One of the people included Denis Berube who was the Chairman of the Board of Viisage Technology.

In 2005 I provided the U.S. government what attorneys called a "massive" amount of evidence of wrongdoing. The evidence I provided was provided to me by senior people at Viisage and other companies. Viisage morphed into L-1 when Mr. LaPenta and two of his associates purchased the company and changed the name to L-1. (while the government investigation was taking place).

I had a conversation with Mr. LaPenta about the evidence I provided the government. Mr. LaPenta did not care about the evidence of rigged testing. bogus testing, exaggeration of results, information about contracts and other matters being provided select wealthy investors versus all investors or other wrongdoing that was taking place.

The evidence that I provided the U.S. government resulted in nearly a two year investigation. The results were never made public; not surprising since the investigation was never made public. Congress was not aware an investigation even took place.

I have spent the last four years plus years leading the fight in the United States against the Real ID Act 2005 (biometric enrollment for all U.S. citizens). The organization I founded, the Constitutional Alliance works with those on the "left" and "right" against mandatory biometrics enrollment.

You have identified the "statistical" issues with biometrics. There is also the "greed" factor. I humbly suggest you read an article I wrote

Governments have a large financial stake in biometrics. Those in government "want to believe the technology will work as advertised". When I asked those in the biometrics industry why they did not speak up prior to providing me with evidence they said "they believed the technology would work one day."

Those in government thought the technology would work because that is what vendors told them. That does not let those in government off the hook. Many of these people left government after being directly involved in vendors (Viisage/L-1) receiving large contracts and then going on the payroll of Viisage/L-1 after they left government service.

Biometrics do not provide identification. It is the breeder documents that provide identification. In fact, biometrics can validate a fraud. Here in the U.S. many people have submitted fraudulent breeder documents and all the biometrics did is validate the fraud taking place.

I would also humbly suggest that you look at the progress being made reverse engineering biometric templates. This eventuality will cause harm that will not be able to be undone. Unlike social security numbers or even a person's name; a person's biometrics are not easily changed if they can be changed at all. ( a person could change their facial biometric with plastic surgery but a person cannot change all their biometrics)

Consider that once databases and identification documents are compromised all people will be told by governments that the identification process will need to be moved from the ID document to the individual. That technology already does exist in the form of a RFID tattoo (SOMARK Innovations

Biometrics is about control and greed, not security. You can email directly at [email protected]

There are those in government whose goal is to create a 24/7 digital footprint of every citizen utilizing biometrics and RFID technology.

You cannot reconcile the creation of a surveillance society and a free society.

I have testified many times before state legislative committees and am working with members of Congress to end the forced enrollment of U.S. citizens into a single global system of identification and financial control.

Finally, consider the words of Robert Mocny, Department of Homeland Security “information sharing is appropriate around the world,” and DHS plans to create a “Global Security Envelope of internationally shared biometric data that would permanently link individuals with biometric ID, personal information held by governments and corporations.”

Mark Lerner
David Moss
1 decade ago
Justice Out Of A Box (JOAB) -- a response to SANarayan

I have read a little about PDS, a very little, enough to convince me that it is a huge subject about which I am ignorant and in connection with which any contribution I try to make is most likely to be useless.
I note this comment in a recent Times of India article, 'Corruption in PDS can't be stopped' [1]:
“... [retired SC judge DP Wadhwa] feels that use of information technology is the only way to reduce corruption in the system, as human intervention was useless. He is also exploring other mechanisms to devise the best possible system for PDS.”
I know nothing about PDS but quite a lot about identity management schemes. And I would advise the judge -- probably unnecessarily, I expect he knows -- that adding an IT system doesn’t automatically bring justice, you can’t buy justice out of a box, add IT and you may just get automated corruption, much simpler for the perpetrators, although they may not thank the judge for that.
It seems that SANarayan, like the judge, believes that you can buy justice out of a box. Henceforth, I shall call him JOABNarayan.
Aadhaar is a very big system and, as such, there are many metrics needed to measure its health. “... if UID can deliver unique numbers with a defect rate of .0025% ...”, says JOABNarayan.
Oh no, you don’t. 0.0025% is the false positive identification rate (FPIR). That’s just one measure. We need to add the false negative identification rate. And the false accept rate and false reject rate. These are all mentioned in UIDAI’s proof of concept trial report [2]. We need to add the failure to enrol rate, which is not mentioned in UIDAI’s report.
Then, as noted in the moneylife article above, we need to consider how the reliability of biometrics degrades over time, which in turn requires repeated re-enrolment on the CIDR. We need to consider security. How good are the vetting procedures for enrolment agents? What is to stop someone from setting himself up as an enrolment agent, or a registrar, and creating a lot of phantom people who are entitled to real subsidy money?
I have downloaded a copy of the enrolment agent software from UIDAI’s website myself. Anyone can. How good is the password-protection system on this software? Too good for me. But India’s universities are probably teeming with super-bright students who could crack it in minutes. And incidentally, why don’t UIDAI use biometrics to authorise logging on? Don’t they believe their own publicity? Or Morpho’s?
What about the security of telecommunications between outlying agents and the CIDR at the centre? Can UIDAI prevent “man-in-the-middle” attacks?
How efficient will Aadhaar be? It may be different in India, but here in the UK, I am sorry to say, our civil servants are often incompetent [3]. Even if all the IT components of Aadhaar work, that is no guarantee that the UID scheme will work or do any good. Just because you change the system doesn’t mean that the people change.
How much will Aadhaar cost? Is it worth it? Will it make PDS work? Nothing else seems to have made PDS work, judging by my very superficial reading? Why should Aadhaar work where everything else has failed? Are people deceiving themselves, duping themselves, for the best of reasons, but nevertheless foolishly, that Aadhaar is somehow magic?
JOABNarayan is happy to accept the FPIR of 0.0025%. He shouldn’t be. At that rate, UIDAI cannot guarantee unique identification, it is a unique identification authority with no unique identification to manage, it will have no authority. Are you sure that you are happy to abandon unique identification, JOABNarayan? Do you realise what it means? There could be any number of duplicates on the CIDR. What use is it then?
Moving on to the false reject rate (FRR), what are you going to do about all the people who are told by Aadhaar that they are not themselves? Let them starve? You can reduce the FRR. But only at the expense of increasing the false accept rate (FAR). At which point, everyone could use their biometrics to prove that they are anyone [4].
And that brings me to my impoliteness. It is very rude of me to call IgnorantIndian “DSOHIndian” and to call SANarayan “JOABNarayan”. My apologies. Who am I to assign a new identity to them?
And who is UIDAI to assign a new identity to them?
Take a look at FRR and FAR. They are variable. When one is low, the other is high, and vice versa. It is up to UIDAI and its agents to set the tolerance limits. Set the FRR low, and David Moss is David Moss. Set it high, and David Moss isn’t David Moss. The identity UIDAI assign to you or me or whoever is discretionary. That is not what we normally mean by identity. Have you thought about that? What does it mean to you? Do you want UIDAI (or anyone else) to have discretionary powers over who you are? What is this peculiar new form of identity that they are dealing in?
Everything about Aadhaar has got failure written all over it. It is big and complicated, it assumes that administrators will change their nature by magic and it depends on a flaky technology with a lamentable track record.
I may know nothing about PDS but I can tell you today that Aadhaar will deliver none of the benefits everyone hopes for. A few suppliers will get richer. A lot of taxpayers will have nothing to show for their money.
What, asks JOABNarayan, is the alternative? Good question.
One alternative, out of many, is what I call “dematerialised ID” [5]. I proposed it to the UK government in 2003. They ignored it. Maybe they were right. You take a look. It depends on mobile phones, a technology which manifestly works and is here already, and on digital certificates, ditto, it works and it’s here and has been since the 1970s. And it doesn’t rely on being able to buy justice out of a box.

1. http://articles.timesofindia.indiatimes....
3. please see p.15 and following, among others
4. Please see Airport face scanners 'cannot tell the difference between Osama bin Laden and Winona Ryder',
1 decade ago
Lets look at the issue another way. UID is not an end in itself. Its meant to be used for a(some) purpose(s). In management there is a proposition that if you can be 80% right about a particular solution , then go ahead and do it; because there are no perfect solutions and perfect answers. Now if UID can deliver unique numbers with a defect rate of .0025%, does it really matter that UID holders are given ,say PDS rations at low rate, even if doubly given to those with repeat numbers as against current diversion of 40% of PDS supplies to the open market? Do the sceptics/perfectionists have any alternate solutions to prevent leakages of subsidies which are self regulating?
Free Helpline
Legal Credit