(by Sanjay Swamy, CEO, mChek)
Imagine India as a country where 100% of the population is uniquely identified, has connectivity for telecom services and also has access to structured financial services. Imagine secure, personalized, anytime-anywhere healthcare services, government disbursements, loan disbursements and repayments! Imagine – the SIM card can become the government issued voter ID card – and one could even “vote” from the convenience of one’s mobile phone.
Having lived for several years in the US and experienced the seamless access to government and private services through the one common link – the Social Security Number (SSN) – and when I returned to India six years ago, I felt India needed to simply clone the US’s SSN system.
Six-years later, having experienced the telecom revolution in India, and I feel India would be missing a trick by simply cloning the SSN. I still cringe whenever my bank or brokerage firm or telco in the US asks me “What’s your SSN?”
While the move to a Government issued Smart-Card may be a big step forward, the trick for India would be to engage the Government and Telecom Operators in a public-private partnership that delivers a SIM card to 100% of the population. Technology-wise a SIM card is a Smart-Card – but it is network-enabled. Secure, two-way anytime-anywhere communications are only possible in a SIM card, not with a Smart-Card.
One largely unknown concept is application-specific security domains that can be created on SIM cards. This means that the information traveling in that domain, while using the telecom network, is encrypted and secured – and cannot be tampered with. Think of it as an end-to-end VPN between your SIM card and the “Application” Service provider. In mChek’s case, this is currently used for financial services. A similar application could easily be developed/adapted for Government services.
Naysayers to this approach will be quick to point out – what if one doesn’t have a mobile? Or what if there is no network connectivity? Or what if I lose my phone? Well, in such cases, one simply needs to share a mobile to insert the SIM card, no different from a “smart-card reader”. A $20 mobile becomes a Smart-Card reader – rather than a $100 proprietary Smart-Card reader. In other words, we are no worse off – and probably still much better off handing everyone a SIM card rather than a Smart-Card.
The other common objection is “what happens if I lose my mobile phone”? Well – in that case you are no worse off than if you lose your ID card – in fact the fact that it is “network-enabled” simply means it is that much easier to prevent people from misusing the card because a pin or fingerprint or voice authentication can be used to augment the security.
A few FAQ’s I will answer in advance:
– No, we are not talking about the government relying on the telco for Know Your Customer (KYC)
– No, there is no risk of your data being visible to the Telco – just like the Telco cannot read your email on Blackberry or credit card data on an HTTPS session
– No, there is no risk of someone misusing the data because it will be protected and require authentication before being used
– No, there is no restriction on changing your mobile number or telco
– Yes, your fingerprint or photograph can also be stored on the SIM card
– No, we are not compromising security in any way
The Government ID project can play a far more significant role by leveraging the Telecom reach – the project can also be executed much more efficiently and effectively, than any other country has done.
The appointment of Nandan Nilekani to head the National Government ID project finally indicates that the Government of India is serious about getting the project right. One finally has the confidence that this is one Government project that will be done right.
Nandan – you have our complete support – we all know you will do the right thing for India. I hope you will examine the SIM and how its advantages far outweigh the traditional smart-card approach in this landmark project. We will only get this opportunity once – and we must explore the pros and cons of the SIM card vs. the dedicated, static smart-card.
Let’s leap-frog!
(c) Sanjay Swamy. The views expressed here are those of the author, and do not represent the views of MediaNama or its editorial staff.
If you have an opinion to share with our readers, please do send across your contribution at nikhil AT medianama DOT com. Please bear in mind that the selection of posts for publishing is a subjective decision, and we may request you for changes
This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.
30 Comments until now.
very interesting thought.
Totally and fully agree. Can this be shared with the new division started with mr nilekani?
Great idea Sanjay sir.
Excellent take and an interesting twist to the whole perspective of national identity.
The approach certainly should be investigated and presented to Mr. Nandan Nilekani and their team.
interesting but not practical from an implemetation standpoint.
#1 ID card number should be designed in a hub and spoke model . with the ID card # at the hub and various services accessing it as spoke. with your solution the hub will be owned by one of the service . now why should that be the case ? its a sensitive data , with a lot of telcos having a significant chunk owned by foreign entity it will be a strategic blunder to do that
#2 ID card is unique to every person . Phone connection is still shared in many cases (yes its a reality , in rural india ) .
#3 how much sense does it make to keep such vital information on a Live network ? your argument is that Tech is strong enough to protect us from ID Theft ? Tell that to obama who has to use a special device to encrypt the data sent from his Blackberry .
#4 Most cellphone devices lack the capability of communicating with other system/device . how will you use the sim based ID to track the other than telco usage of SIM . say i want to submit a loan applicationor my univ application . how will i do it on a basic nokia handset ? enter manually ? not secure SMS the ID to a short code ? not reliable . most rural user will lack know how of that. a swipe based card will remove all such problem.
I am as much of a mobile fanboy as the next person but I don't think Mobile SIM is the answer to NAtional ID problem .
And if you have a dispute with your telco. God help you. Because you will be stuck dealing with a customer care exec who has no powers to help you. Kind of like trying to get a loan reset with a private bank. You are forever on hold or the call keeps dropping.
In addition to what Prashant has mentioned above, we are still 3 years away from getting 700 million mobile connections. That will happen. But, the population is 1.2 billion and I hope the national ID project is for everyone – including children.
If mobile is your identity then we have to handover mobile phones or SIM cards to kids. It might be feasible in 3 years but not healthy and practical.
Add to that the running out of numbers and 11 digit mobile numbers. We need something more foolprof. And mobile is not that.
It would be interesting to see what Nilekani comes up with.
There will be many instances where one would just need a plain photo verification of the person. Its going to be time consuming and kind of clumsy for a validating officer to ask people to take their SIMs out of their phone and put that in his phone (take of the back flap off, remove the battery etc) to check the photograph stored on the SIM with the face of the person.
It is an interesting viewpoint on the NIDs, would love to see a more detailed take on this, more on the lines of pricing, memory and existing solutions.
Prashant – good feedback. I will clarify a few points you raise:
#1: Hub and spoke model – absolutely. That's how Telco circles are setup anyways.
#2: I am suggesting an individual phone connection for everyone so that we get the benefit of communication and ID automatically. Still doesn't mean I cannot use my mother's phone for voice calls if she allows me to do so. But the ID card will indeed be unique.
#3: You make my point about the security with the Obama example – the Government will have its own security domain that nobody can tamper with.
#4: There is going to be a learning curve for everything – national ID isn't just going to work by itself. We have done a LOT of research in the rural segments and BOP and the ability to learn and appreciate the benefits is a lot higher than us urban educated snobs would like to believe :)
Bottom line is this – National ID is a once-in-a-generation opportunity to get things right in India – and the pros and cons of the triple play (telecom, banking, ID) need to be weighed.
Perceptions, that it hasn't been done elsewhere, etc. and corner cases are definitely important to consider.
This is certainly a valid point – however the debate is between a dedicated Smart-Card and a SIM card.
For photograph verification purposes, a smart-card is not required. The key is to be able to know that the card is authentic so that you can trust the photo. One can print any card today that has my name and Dhoni's photo – doesn't mean i could pass off as MSD or vice-versa.
Government Smart Card ID is issued for secure trusted authentication of the end-user in an untrusted world, and for delivery of services on the basis of that authentication.
Sriram
Just to clarify, I am simply suggesting SIM card – over Smart Card – not the other way around.
The SIM card can still function exclusively as Government ID with a credit-card size holder that the SIM comes in by default. However, at some point you can insert it into a mobile and voila!
i dont consider the sim to be safe enough an option. you can lose the sim, it can be cloned and other technical issues.
pretty good idea but there is a greater need to converge the application of the NIC then anything else.
A dispute with your telco would be with respect to your telecom services. Not "identity services." With number portability coming in, soon you'll be able to keep your phone# & SIM, but switch your telco.
I don't see this as a problem.
Me and my friends had a similar conversation last week. But instead of national id, we had health records in mind.
Will the Telco be keeping your identity for free? Highly doubtful.
If not, then they will block all your paying relationships. Similar to what the banks do, when you miss a card payment by a day, they grab it from your bank account.
What are the legal guarantees that the Telco will be prosecuted for harassment for blockage of services. Lets say you were at an airport and the telco blocked the service. Who will you run to for resolution? No time to switch telcos is there?
There is an oligopoly in the Telecom industry today, which is going to strengthened because telcos are going to be permitted access to your financial profile. Not only access but also possibly powers to affect it.
Miss a phone payment. you become a defaulter, loose your id and also get denied a house loan. This is why subscribing to multiple-play from any operator is a bad idea (you dispute an overcharge on your landline and not pay. Telco blocks your TV, mobile phone and internet connection.)
Bad idea.
If anyone is keeping my id. Let it be the government. And that too a government department not a governemnt owned corporation.
No way is a mercenary private entity is going to have your well being in mind.
PS: If you think I am being alarmist. You bet I am.
How does this mean that your telco will be the owner of your identity? It's just that if the national ID (a smart card) can be combined with a SIM (another smart card) there are a bundle of opportunities that arise.
Your bank and telecom, both as part of their KYC will know your national ID.
You, through an authentication mechanism, can perform an m-commerce transaction through your national ID-enabled SIM, and the amount can be deducted directly from your bank account. If you don't want to avail this feature then don't link up your national ID and SIM.
My thoughts on this at http://nandz.blogspot.com/2009/07/sim-card-along-... Sanjay I think you will need to rephrase your thoughts so that it is evident that the telco will not "own anyone's identity". This will enable a lot of possibilities due to the fact that the SIM (network enabled) and your ID will live on the same hardware. However, it's up you to use the SIM in conjunction with your ID or not.
This is a very interesting thought. Take a look at my post and let me know if I'm on the wrong track — I don't know much about SIM/smart cards or how they work.
That is not what Sanjay is suggesting. Infact he is proposing the SIM as a replacement to a Smart Card.
On a different note, let me know what you think mobile commerce as I have discussed in this post : http://www.indianomics.com/2009/07/02/mobile-bank...
The Good, the bad and the ugly.
The Good – smart cards (of which the SIM is an example) identifying and authenticating individuals. Self powered with built in communications display and keyboard.
The Bad – Cannot be used outside phone. No picture or other data on card. Difficult to tell the difference between real code in security domain and trojan code in security domain. Secure domain access controlled by operator. No communication without airtime.
The Ugly – Voting with absolute identity is absolutely opposite to the idea of a secret ballot. Need an anonymous ID card (proves right to vote but not identity).
The Solution is complex and involves giving users right to buy SIM cards with a lifelong number. Free data access to ID services even if no phone credit. Web services rather than security domains i.e. SIM is secure login to an internal web server (see spec on Java Card 3) which manages identity services on behalf of user. Eventually migrate secure services outside the phone with NFC – SIM does not need to be removed.
Bottom line – Phone is not the solution, it is a condensed version of computer, smart card reader, smart card and communications. if you cannot solve the problem with these things you cannot do it with a phone. Ubiquity and small size does not an ID system make :)
One of the reasons behind assigning ID to every Indian national is to help fight terrorism. Using SIM Identity ensures ease of tracking. Within a matter of minutes government can track where a particular identity holder is. While you could always fake the ID (no matter its a traditional plastic or smart card), you cannot fake the SIM – as there cannot be two identical SIMs active on the network simultaneously.
Someone here mentioned that children cannot be entrusted with mobile phones. Quite a valid remark. However, we already have Dual SIM phones technology. Considering a family of "ham do hamare do", all we require is a pair of dual SIM phones.
Come to think about it: In a family of three, I have two laptops at home, which would have sounded a ludicrous idea way back in 1943 when someone infamously said "I think there is a world market for maybe five computers".
My two paises :)
Tapasvi
If someone surveyed, I believe following two will top the list of reasons why people who don't vote do so:
- Not finding that election card which I kept so carefully 5 years ago
- Inertia against getting out of house and stand in queue at polling booth
Voting through mobile could solve both the issues.
Not to mention, Election commission can save considerable amount of money thourgh this approach.
Also, polling booth capturing and proxy voting will reduce too.
I really don't believe in anonymous voting. In the world of anonymous voting, there is no way to tell the difference between one person casting vote twice
and two people each voting once.
A secret ballot is the cornerstone of democracy.
It is possible to separate the task of identification and voting. An electronic version of proving your identity to a polling officer, collecting a voting form and then voting is possible through an intermediate web site where you pick up a voting token and then vote at another (disassociated) polling web site.
Not only will this mean that you cannot vote twice but you can take a look at the final result and see if your vote (token id) was counted for the right candidate. We already have the cryptography in place to do this today.
Right. We have cryptography today and SIM identification on the network does go through 128 bit encryption. I liked the token concept though. Like a chain of responsibility where each link has knowledge only of the next link and nothing beyond that. That's also how Sicilian mafias operate too :) Caporegimes know only the underboss
and not "the Boss" :) thus keeping "absolute identity" a secret. Taking your example, there is an association between voter<->token and token<->candidate. token <-> candidate association is obviously stored in database for later retrieval as you mentioned. So, the key is to not store voter<->token association otherwise voter would again be voting with absolute identity. So, voter knows the token but "system" cannot trace the voter by the token.
This is the idea. SIM voting could be one implementation and there are other possibilities too. Underlying concept is essentially the same. Like I was saying other day to my lunch mate, algorithm to find right (optimal) size of disk block (so as to reduce fragmentation)
could be used to arrive at optimal number of chairs per table in a restaurant (having 6 chairs per table would leave some chairs unused on each table (internal fragmentation) and having 2 chairs per table would mean members of same group would have to eat apart (external fragmentation). Alas, I digress. Blame it on Friday night :)
As a bare minimum any ID card should contain visual information such as UID Number, Photo, Name, Address, etc about the person holding it. However, what visual information need to be printed is debatable and careful consideration is required. For example DOB, Blood Group, etc. Visual check is the first level of authentication of the card and its holder. Additionally the UID number can be printed as barcode which can be easily read by some PoS applications, payment at Cybercafe, Phone Bhooths, outlets where you need to give your name, address, etc.
As a bare minimum any ID card should contain visual information such as UID Number, Photo, Name, Address, etc about the person holding it. However, what visual information need to be printed is debatable and careful consideration is required. For example DOB, Blood Group, etc. Visual check is the first level of authentication of the card and its holder. Additionally the UID number can be printed as barcode which can be easily read by some PoS applications, payment at Cybercafe, Phone Bhooths, outlets where you need to give your name, address, etc.
Its a bad thought, to vote using SIM which has NID. As people will overtake the villages and can force people for favorable voting.
You cannot force any body to have mobile phone and atleast government cannot afford subsidy on Mobile phones.
Hi to all the contributors to the post,
I too have some doubts about NID on SIM:-
1.Do we have connectivity (telecom) in each part of the India?
2.The amount of overhead it will bring to present weak low bandwidth connectivity.
3.Mobile itself a complex device to operate; each vendor providing its own combination of keys and this will amount to more difficulties for the illiterate masses in India,
4.There are places in India where there is no electricity how will they recharge there mobiles?
5.A country like us which still lacks in providing its every citizens bare minimum necessities, will be very proud to handle them mobile set , isn’t that irony?
6.How can the biometric, pictorial data’s can be read or updated via mobile, does the existing mobile handsets have this capabilities or on the start of project government will be replacing the mobile phones with new capable mobiles,
countinued….
7.Voting over mobile phones , see the present questions raised about EVM machines which are just a calculator having one button for the voter and two buttons for the controller of the pooling booth an simplest machine, what will be the series of activities will the election commission need to take to make mobile devices secure for voting?
8.Seeing the present distribution of SIM cards in the India, will it be secure to distribute NID based SIM cards, I don’t think so.
9.Who will pay the bills of SIM cards for the poor masses who are still fighting for there one day meal?
10.What will happen to CDMA customers and vendors, what will be there role?
Thanks :)
Rakendu Sharma