India is a fascinating country. Since I first visited in 1995, it’s undergone immense changes, socially, economically and technologically. 1.3bn people spread over a vast area with diverse urban/rural population splits create massive infrastructure challenges. Rapid, but often uneven, economic growth strains resources, financial, technical and human. Over twenty official (and a hundred and fifty local) languages complicate almost everything in commerce. An entrenched bureaucracy can make getting things done at any level problematic. Yet India has also been one of the more innovative places to watch experiments with large-scale digital society – partly because they have little choice if they want to make rapid progress in the modern world.
Take the challenges of individual identity as an example. In most places in the world, including here in the US, signing up for a new service involves proving who you are – generally by supplying a set of verifiable credentials. The process can be anything from simple and fast to complicated and laborious, especially if a credit check or address verification is required. It can be just as cumbersome in India, using traditional processes, but it doesn’t have to be. It can be as simple as providing a biometric marker (generally a fingerprint or retinal scan). That’s because India has established an almost universal database of biometric data for its population – and made the database available as a service to businesses.
Called Aadhaar – the word means “foundation” in Hindi – the service generally uses low-cost fingerprint scanners to access personal profile data stored securely in the central database, allowing immediate verification of identity and recall of relevant registration data to “fill in the form” automatically for a multitude of services. Built originally to help distribute social welfare payments (which it does for almost 300m people, saving over $5bn a year on $40bn of payments) , the system was architected from the start for much wider potential use – anywhere that required a “registration” action and where a biometric scanner and network connection (in India often a wireless connection) could be installed.
With over 1.2bn registered identities, the system is really taking off, as businesses (and consumers) come to appreciate the convenience and simplicity of managing identity this way. In the vision of the system’s architects, however, this is just the beginning (there’s a reason it’s called “foundation”). They envision a national digital “stack” of services that can store any kind of data for anyone – personal, financial, medical – securely accessible from anywhere, with just the swipe of a finger or the scan of a retina. Add a second-factor verification (usually by smartphone) for sensitive uses. Even add behavioral checks for some activities.
Could it work elsewhere? Technically it almost certainly could. Consumers are increasingly comfortable with biometrics as access control mechanisms and although there are a few obvious challenges with injuries, a sufficiently robust set of profiles and markers could cover most scenarios. Keeping the central database secure and ensuring that only known and trusted entities can access it isn’t trivial but is probably doable. Maintaining individual profiles as up to date needs carefully thought out processes, as does ways to challenge profile data that individuals believe to be inaccurate or misleading. Any network based system must defend against denial of service threats to be trusted, available and useful. And, perhaps most challenging, individuals must trust the system operators not to misuse the data against individuals – a line that’s not yet clearly drawn or understood.
Convenience and cost arguments are clear, however. Aadhaar roughly halves the cost of the registration process for a business that uses the service, in many cases vastly expanding the population that can be served profitably. As a happy CLEAR service subscriber, I really appreciate the line skipping capabilities I get in exchange for registering some biometric data. And while I’m professionally paranoid about cyber security issues (after all it’s my day job) I worry less about the misuse of the data. I don’t see Aadhaar coming to the US anytime soon – at least not at India’s scale, but as a grand experiment in building a national digital infrastructure, it’s worth watching – and learning from.