Public Digital Backbone/Chapter 1. A Silent Revolution

1. A Silent Revolution

edit

Introduction:

"In whispered bytes, a silent revolution unfolds, reshaping our world's very mold." -a sci-fic poet

 

The digital era has ushered in a new paradigm where the flow of information, people, and money is intricately intertwined with technology. This chapter delves into the concept of the Public Digital Backbone, elucidating its significance in this interconnected world. Why to call it 'Public Digital Backbone'? Because Digital Public Infrastructure (DPI) differs from the simple provision of services via digital channels, as the crux of DPI is that it empowers others to utilize the infrastructure in their own applications. We hope the readers will have a clear understanding of what constitutes a Public Digital Backbone, its historical development, and its overarching goals in societal infrastructure.

*

In the annals of human progress, infrastructure has always played an indomitable role, connecting people, facilitating financial transactions, and disseminating information. While the 19th and 20th centuries heralded an era of physical infrastructure like railways and telecommunication, the 21st century has marked the onset of a digital renaissance: Digital Public Infrastructure (DPI).

At its essence, DPI is the digital foundation that allows for the construction and delivery of applications for public welfare. Envisioned as a multi-layered structure, it encompasses identity, payments, data management, and consent, further culminating in layers of health, education, agriculture, logistics, and many more. At its pinnacle, it supports a plethora of apps and solutions tailored for diverse needs.

Acting as the digital arteries of a nation, DPI mediates essential flows: 1. People: Digital ID systems, 2. Money: Real-time payment systems, 3. Information: Consent-based data sharing systems ensure users have control over their personal data, as seen in India's Account Aggregator built upon the Data Empowerment Protection Architecture (DEPA).

However, amidst its numerous merits, it's crucial that DPI remains guarded against pitfalls like monopolization, digital colonization, and authoritarian control. It is here that the techno-legal structure comes into play, blending technological tools and legal regulations to forge a robust infrastructure that aligns with democratic principles.

A key feature of DPI is its open architecture. This openness, integral to DPI’s DNA, comprises: Open Standards: Freely available protocols ensure DPI’s vast compatibility. Open Source Software: Providing transparency and allowing collective enhancement, ensuring DPI remains progressive. Open Data: Ensuring data availability for public benefit without compromising individual privacy. Open Governance: Ensuring DPI's transparent and accountable management.

While the value of openness is irrefutable, balancing it with privacy remains paramount. Innovations like data anonymization and privacy-preserving technologies ensure that while data remains accessible, individual privacy isn’t jeopardized.

How can the centralization of such vast amounts of data be prevented? The answer lies in a multifaceted approach. Decentralization distributes data across diverse locations. Encryption ensures data remains unintelligible to unauthorized entities.

DPI, with its transformative capabilities, is not just an evolution; it's a silent revolution. As India has demonstrated with Aadhaar, UPI, and Digi-Locker, this infrastructure has the potential to redefine public service delivery. By fostering innovation, ensuring inclusion, and empowering individuals, DPI isn’t just creating a digital commons; it’s democratizing the digital future.

The beauty of the DPI framework lies in its participatory nature. Its open-source character invites developers, policymakers, and even everyday citizens to contribute to its evolution. It's a collaborative ecosystem where public and private entities, civil societies, and individuals converge, each bringing unique perspectives and skills.

For businesses, DPI offers unprecedented opportunities. With a reliable and efficient infrastructure in place, entrepreneurs can innovate without reinventing the wheel. They can build upon existing DPI layers, focusing their energy on creating niche solutions tailored for specific community needs.

Comparing Western, Chinese, and Indian Approaches to Personal Identification: The Supremacy of Aadhaar

In an era marked by rapid technological advancements and a digital revolution, the approach to personal identification has emerged as a significant point of contention globally. The Western, Chinese, and Indian methods are representative of diverse philosophies on governance, data privacy, and the role of the state. Among these approaches, India's Aadhaar system stands out as a pioneering solution, tailor-made for the modern, digital age.

Western Approach: The Western perspective, particularly as exemplified by the United States and European Union, leans heavily on individual privacy and rights. While the US has been market-centric, allowing innovation to flourish with minimal regulations, Europe has become the torchbearer for data privacy. The European Union's General Data Protection Regulation (GDPR) encapsulates this ethos, placing the onus of data protection on service providers, and emphasizing the right of individuals to control their personal data.

Chinese Approach: In stark contrast, China's approach is one of state control and censorship. Under the guise of "cyber-sovereignty", China heavily regulates and monitors internet usage within its borders. The famous "Great Firewall" restricts access to foreign websites, and the government relies heavily on private enterprises, like Alibaba and WeChat, to collect and share user data. While this method ensures significant control over the digital ecosystem and deters potential external influences, it also curtails freedom and privacy.

India's Aadhaar: The Indian approach is a harmonious blend of technological advancement and individual empowerment. Aadhaar, the world's largest biometric ID project, was established to provide a trustworthy identity to every resident of India. Instead of being a tool of surveillance or a mere regulatory compliance, Aadhaar functions as a "foundational ID", enabling citizens to access a plethora of services, from banking to social welfare, with a single identity.

There are several reasons why Aadhaar emerges as a superior solution:

1. Public Good: Aadhaar was constructed as public infrastructure, ensuring that the primary motive was societal benefit and not profit. Unlike private Western platforms that collect data for advertising revenue, Aadhaar collects minimal data – name, date of birth, address, and gender.

2. Transparency and Privacy: While there is transparency in transactions with Aadhaar, there's also inbuilt privacy. The system does not store the purpose or nature of a transaction, ensuring user confidentiality.

3. Empowerment through Data: Aadhaar is a testament to the belief that individuals should be empowered by their data. The associated systems, like the Unified Payments Interface (UPI) and e-KYC, are manifestations of this principle, streamlining processes and increasing accessibility.

4. Interoperability: The Aadhaar system's integration into various services, like banking and telecommunications, ensures seamless and efficient interactions. This interoperability encourages competition and enhances consumer choice.

5. Affordability and Scalability: The Aadhaar system was established at a minimal cost of approximately $1 per resident, a model of efficiency and scalability.

6. A Model for Others: Aadhaar's success has made it a model for other nations, with countries like Afghanistan, Bangladesh, and Rwanda exploring similar systems.

While the West grapples with the balancing act of innovation and privacy, and China leans heavily on state control, India's Aadhaar stands out as an innovative solution, optimized for the modern digital age. Its focus on individual empowerment, transparency, and public good makes it not just a robust identification system but also a beacon for digital infrastructure development globally.[1]

There is an important coveat in all the above discussion. In modernism the world has progressively turned into datafication. The process started sometime around 1900 and going on unabbeted with ever accelerated speed.

There has arisen a question as to what is primary? humanity or technology? This is not confined to only datafication but to the other technologies like nuclear, genetic upto AI. Solution to that is of course not going backward but interpret modernism in favor of the humanity.

Datafication and Aadhaar: The Pursuit of a Better Personal Identification System

In today's rapidly digitizing world, datafication[2] is inevitable. As individuals and institutions grow increasingly reliant on digital platforms, personal identification becomes paramount, ensuring that online interactions are both authentic and secure. The Aadhaar system, introduced by the Indian government, represents a significant step forward in this realm, aiming to provide a universal identification for every Indian citizen. While Aadhaar has showcased numerous advantages, there is an inherent necessity to continually evolve and seek better solutions to address emerging challenges.

Aadhaar: A Pioneer in Modern Identification

Aadhaar, at its core, is a 12-digit unique identification number linked to an individual's biometric and demographic data. Launched as the world's largest biometric ID system, it has bridged gaps in accessibility and inclusivity for millions. By linking numerous services under one umbrella, Aadhaar has simplified administrative processes, reduced paperwork, and increased transparency in transactions.

Furthermore, Aadhaar has empowered those on the margins. The rural population, for instance, has been able to access government welfare schemes more efficiently, eliminating the middlemen and reducing corruption. For many, Aadhaar is not merely an ID but a ticket to numerous services and opportunities.

The Concerns and the Need for Improvement

However, as with any large-scale system, Aadhaar has its criticisms. Privacy concerns top the list. Given the vast amount of personal data stored, the potential for misuse or breaches cannot be overlooked. Critics argue that centralizing such a vast array of information makes it an attractive target for hackers and unauthorized entities.

Additionally, while biometrics offer a certain level of precision, they aren't infallible. Mistakes in capturing data, system errors, or even natural changes in an individual’s biometrics can lead to discrepancies, leaving some citizens potentially disenfranchised.

Moreover, Aadhaar's pervasiveness in daily life has led to debates about its mandatory nature. Concerns arise when it starts becoming the sole key to essential services, potentially leaving out those who, for various reasons, are not enrolled or face technical issues.

The Road Ahead: Envisioning a Better System

To make Aadhaar, or any future identification system, more robust and universally accepted, several measures can be considered:

Strengthening Data Security: Investing in cutting-edge encryption methods and regularly updating security protocols can help ensure data safety. Regular third-party audits can identify vulnerabilities before they're exploited.

Decentralization: Instead of a single, massive database, a distributed ledger system, like blockchain, could be employed. This would provide a secure, transparent, and tamper-proof record of transactions.

Enhanced Privacy Controls: Giving individuals greater control over their data, including who can access it and for what purpose, can alleviate privacy concerns.

Inclusivity and Flexibility: While the goal should be universal coverage, systems should be flexible enough to accommodate those who might face challenges in enrollment or usage.

Continuous Feedback and Evolution: No system is perfect at inception. Regular feedback from users, experts, and stakeholders, followed by iterative improvements, can ensure that the identification system remains relevant and effective.

Datafication is a double-edged sword

While it offers unparalleled convenience and efficiency, it also brings forth challenges in privacy, security, and inclusivity. Aadhaar, as a pioneering effort, has illuminated both the potential and pitfalls of such a system. As society continues to evolve and technology advances, the quest for the perfect personal identification system will continue. The lessons learned from Aadhaar can guide future endeavors in creating a system that is not only robust and secure but also respects the rights and dignity of every individual.

While the problems of vulnerable communities are not to be denied and should be fought back and demanded solutions and problems of digital divide, connectivity, Internet blackouts are real problems, we should not throw the baby out with the bath water. Otherwise we will be the loosers as society as a whole in the race to modernisation.

In this context Moody's objections to Aadhaar and Indian government's reaction to that are worth mentioning.[3]

Digital Advancements in India: Bridging Gaps and Building Trust

India has made significant strides in the realm of digital public infrastructure. This foundational infrastructure has brought transformative changes in the lives of its citizens. For instance, the 'Aadhaar' system ensures that millions in India can directly benefit from banking, pensions, and grant-related services. The Unified Payments Interface (UPI) has revolutionized the digital payment sector in India, making money transfers more convenient and secure for its citizens. Decades ago, Rajiv Gandhi famously remarked that only fifteen paise of every rupee meant for welfare schemes reach the intended beneficiaries. With the revolution in digital technology, it's now possible to mitigate such financial discrepancies. The Digilocker provides individuals the convenience of securely storing and verifying their essential documents. Through the Account Aggregator (AA) technology, individuals can now securely share their personal data to avail various services.

Analyzing the Utilization of Digital Infrastructure in India

To truly grasp the immense scale of digital public infrastructure in India, consider the following statistics:

Aadhaar: Number of biometric authentication transactions - 1.3 billion, Unsuccessful biometric authentications – Over 100 million, Biometric authentication errors – Over 100 million

UPI (Unified Payments Interface): Daily transactions - More than 20 billion, Monthly transactions - Over 30 trillion (more than 1000 billion), Annual transactions - Exceeding 12 trillion (12,000 billion)

DigiLocker: Total number of documents stored – Over 500 million, Number of verified documents – More than 100 million

Accounts Aggregator (AA): Data sharing requests made – Over 100 million. This data highlights the deep penetration and reliance on digital mechanisms in everyday life across India.

For governmental functions and for criminal investigations Aadhaar is not available

Aadhaar plays a pivotal role in India Stack by providing a foundational identity layer. This identity verification mechanism, however, only confirms or denies a user's identity. It doesn't store or centralize transactional details, ensuring that data related to specific activities or behaviors isn't consolidated at the national level.The central government cannot use the Aadhaar central database for regular governmental activities arbitrarily. Aadhaar's primary purpose is to serve as an identification system, and its use is governed by the Aadhaar Act of 2016, which sets specific limits on the usage and sharing of data stored within the system. Here are the primary constraints and considerations:

1. Purpose Limitation: The Aadhaar Act restricts the use of Aadhaar data to specific purposes. The central and state governments can use Aadhaar for the distribution of any benefit or service that incurs expenditure from the Consolidated Fund of India. However, it cannot be used for activities outside of these specified purposes.

2. Data Privacy and Consent: Aadhaar data can't be shared without the explicit consent of the individual. The UIDAI (Unique Identification Authority of India) does not have knowledge about the purpose of authentication, ensuring transactional privacy.

3. Restrictions on Storage and Use: Entities using Aadhaar for authentication are not allowed to store the biometrics of individuals. They can only store the Aadhaar number, which further limits the possibility of misuse.

4. Limited Data Access: The Aadhaar database primarily contains demographic and biometric data. The central government does not have access to personal details beyond what's stored in the Aadhaar system.

5. No Surveillance Mechanism: The Supreme Court of India, in its landmark judgment on Aadhaar, emphasized that the Aadhaar architecture doesn't provide a mechanism for surveillance. The system's design ensures minimal data collection, and it doesn’t record the purpose of any authentication request.

It's essential to note that while Aadhaar can be a potent tool for ensuring that government benefits reach the intended recipients, its use is constrained by legal and technical safeguards to protect individual privacy and data. The government, or any entity for that matter, cannot access or use the centralized Aadhaar data beyond the purposes and manners defined by the Aadhaar Act and the guidelines issued by UIDAI.

For example, there's no blanket permission for the police or any investigative agency to access Aadhaar data for criminal investigations. In September 2018, the Supreme Court of India struck down Section 33(2) which allowed disclosure of Aadhaar information in the interest of national security without any judicial oversight. The court also emphasized the importance of individual privacy and reiterated that the Aadhaar database shouldn't turn into a tool for surveillance.

Prevention of Data Centralization is made inherent in the technology design

India Stack's design inherently guards against the centralization of data at the national level. While Aadhaar provides a unified identity verification mechanism, it doesn't store transaction-specific details. When a user performs Aadhaar-based authentication, the system verifies the identity but does not record the context or purpose of the authentication. This intentional design choice ensures that while authentication is centralized, transaction data remains decentralized, preventing the formation of a single, comprehensive profile of an individual.

Interoperability of India Stack and the magic of Protocols

Interoperability refers to the ability of different information systems, devices, or applications to connect and exchange data efficiently. In the context of India Stack, interoperability ensures seamless interaction among various digital services, such as Aadhaar authentication, eKYC, UPI, and Digilocker, among others. By providing standardized APIs, India Stack ensures that diverse software applications can easily communicate and exchange data, fostering innovation and expanding digital services' reach.

Protocols, in the digital realm, are standardized sets of rules that determine how data is transmitted and received over the network. India Stack's strength lies in its adoption of open and standardized protocols, ensuring that all digital services, regardless of their origin or nature, can integrate with the system. These protocols, besides enhancing the system's overall interoperability, also set the ground rules for security, data privacy, and user consent.

How Unified Payments Interface (UPI) works?

To illustrate what we have discussed so far let us consider one of the layer of the India Stack, that is UPI. Let us see how UPI works in practice.

As we all know from our day to day experience, UPI facilitates inter-bank transactions by instantly transferring funds between two bank accounts on a mobile platform. Here is how it goes on:

First of all, UPI allows multiple bank accounts to be linked to a single mobile application, making it possible to have seamless fund routing and merchant transactions. These transactions are processed in real time, meaning the transfer happens instantly. It operates round the clock, 24/7, every day of the year. In doing every transaction, UPI uses a Virtual Payment Address (VPA) as a unique identifier, eliminating the need to enter bank account numbers or IFSC codes for transactions. If they desire users can scan QR codes for faster and error-free transactions. Transactions are secured with a two-factor authentication but only require one click for most transactions. One more thing, and not in the least unimportant, UPI supports person-to-person (P2P) and person-to-merchant (P2M) transactions.

Almost all major banks in India support UPI, allowing their customers to use any UPI-enabled app for transactions. There is no need for Wallets. Unlike mobile wallets where you need to load money, UPI transactions are direct bank-to-bank.

UPI has been instrumental in driving digital payments in India, promoting the vision of a cashless economy. Many applications like BHIM, Google Pay, PhonePe, Paytm, and more have integrated UPI for seamless transactions.

India's Success and Challenges in Digital Public Infrastructure

The statistics clearly indicate that India has achieved remarkable success in the domain of digital public infrastructure. This infrastructure has made the lives of its citizens more convenient and secure. There are high hopes that India will continue to achieve greater milestones in this field in the future. This accomplishment is not just noteworthy within India, but also sets a global benchmark. Specifically, countries in the 'Global South' are keenly observing and may be inspired by these developments. The credit for this success goes to multiple factors, including:

Visionary leadership and foresight of the government

Active participation of the citizens

Innovations in the technology sector

Legal reforms

Implementation of security measures

However, every silver lining has a cloud. While the statistics presented are impressive, a discerning reader might notice the following concerning numbers:

Aadhaar: Unsuccessful biometric authentications – Over 100 million

Aadhaar: Biometric authentication errors – Over 100 million

The fingerprints of manual laborers often fade over time. This results in their inability to authenticate through Aadhaar, leading them to be deprived of ration and other amenities. The issue of Internet shutdowns we have already discussed above.

These challenges highlight the importance of addressing the barriers that a segment of the population faces in accessing the benefits of digital public infrastructure.

Evolving Dynamics in the Digital Economy

In the past, the emphasis was on the traditional economy. However, with the advent of the information age, the significance of knowledge-based economics has been on the rise. This shift brought forward a novel concept: Public goods, contrasting the previously dominant idea of Private goods.

Private Goods: Items that, once purchased and consumed by an individual, cannot be used by others. Examples include cars, clothes, mobile phones.

Public Goods: Items available for everyone and can be used by anyone without restriction. Examples include roads, parks, and street lighting.

The crux of the matter is that, in the digital era, the utilization of public goods and the businesses based on them, especially IT companies, have become the frontrunners, leaving traditional companies in the dust. During the dot-com era before the year 2000 and the subsequent rise of social media, these IT corporations made their public goods (services) available for free to users (i.e., customers). This was widely accepted and appreciated by the masses. The primary revenue for these companies during that time was predominantly from advertisements. But even more crucial was the accumulation of vast amounts of user data by these IT corporations. Now, this data repository has become the main asset and source of power for these companies, simultaneously becoming a primary reason for the disempowerment of the masses. It's often said that a few decades ago, oil had unparalleled significance in the economy and politics was driven by oil. Today, that place has been taken by data repositories. Consequently, the issues of privacy and data protection have become of paramount importance in today's world.[4]

 
Calm is deceptive
  1. Data to the People: India's Inclusive Internet', By Nandan Nilekani https://www.foreignaffairs.com/articles/asia/2018-08-13/data-people
  2. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, Bruce Schneier https://a.co/d/1Ea4i2X
  3. https://www.biometricupdate.com/202309/indian-govt-fires-back-at-moodys-sweeping-assertions-about-aadhaar-biometrics Indian govt fires back at Moody’s ‘sweeping assertions’ about Aadhaar biometrics Sep 26, 2023, 11:23 am EDT | Ayang Macdonald
  4. [1] The concept of “Data is the new oil of the modern world” Clive Humby, a British mathematician and entrepreneur who coined the phrase in 2006.