The largest biometric programme in history – collecting iris and fingerprint patterns of 1.2 billion people in three years – aims to improve the quality of life for some of India’s most disadvantaged and marginalised citizens by “giving the poor an identity.”
Indian citizens now in the public eye
“If you can’t prove your identity, in the eyes of the government, you don’t exist.” — John Daugman
In 2011, the Indian government launched a massive programme to collect the iris patterns and fingerprints of all of its 1.2 billion citizens within three years. The numbers associated with the project are staggering. To date, more than 540 million people have enrolled in the optional programme, with one million more joining every day across 36,000 stations operated by 83 agencies. Each new iris pattern must be checked against every other pattern in the database to detect and prevent duplication: this equates to almost 500 trillion iris comparisons each day. Apart from its scale, what makes UIDAI (Unique Identification Authority of India) different is its purpose. It is not a security exercise or a means to control national borders, but a social development programme whose stated aim is “to give the poor an identity.”
The algorithms that make iris recognition possible have been developed in Cambridge University’s Computer Laboratory by Professor John Daugman. “If you can’t prove your identity, in the eyes of the government, you don’t exist,” he said. The algorithms, which were patented in 1994 and have been licensed to several companies around the world over the past two decades, are still the basis of all significant iris recognition deployments.
The question of whether anyone has the right to be anonymous has been debated for hundreds of years, but it is just as relevant today as it was in the 18th century. The thought of large-scale data collection by governments is a cause for concern: digital identity schemes in the UK and elsewhere have been scrapped due to questions around data protection and the right to anonymity.
But in India, anonymity is a huge problem. Just 4% of Indians have a passport, and fewer than half have a bank account – in fact, many of India’s citizens have never had any form of government identification. Without any way to prove their identity, millions of Indians living in poverty cannot access government benefits such as pensions, or subsidies for food and housing. At the same time, there is a huge problem with fraud in the benefits system – it is estimated that roughly half of all government funding spent on welfare programmes does not reach the intended recipient.
Each person who enrols with UIDAI is issued a unique 12-digit number, known as Aadhaar. Currently, Aadhaar is a means of confirming an individual’s identity, but it will eventually be used to access a range of government and non-government services, such as passports, banking and mobile phones. Once an individual has their Aadhaar, they can open a bank account without going to a bank, giving the government a secure place to deposit allowances and subsidies. Individuals can then withdraw money from their Aadhaar-associated account at a national network of ‘micro-ATMs’, which are often neighbourhood shops in villages and towns that do not have banking facilities. In addition to the social benefits which the project will provide, Aadhaar is seen as an important test of the effectiveness of iris recognition in large-scale identity projects.
Irises have an incredible degree of random variation in their texture. The uniqueness of each pattern makes iris recognition 100,000 times more powerful than face recognition as a biometric. “Even our left and right irises are completely different from each other in detail, as are those of identical twins,” said Daugman. “You have a random, chaotic collection of features, which is why it’s almost universally regarded today as the most distinguishing biometric, as independent government tests have confirmed.”
In cryptographic protocols, the length and randomness (entropy) of the encryption key determines its strength. The same theory is at the core of biometrics. Iris recognition and other types of biometrics work by finding some unique feature of a person’s behaviour, anatomy or physical appearance that is sufficiently complex and has enough randomness to provide a unique signature. Although faces, DNA and fingerprints are all strong methods for asserting an individual’s identity, their ‘encryption keys’ are not nearly as random as those of an iris. For example, DNA cannot distinguish between identical twins, and faces do not have nearly the same degree of uniqueness as iris patterns. The overwhelming mathematical challenge of Aadhaar and other large-scale iris recognition programmes is that every new entrant to the database must be checked against each existing entrant to prevent acquisition of duplicate or multiple identities. This requires both enormous resistance to false matches and enormous speed of matching.
“When searching a database whose size corresponds to the population of India, you can’t afford for the likelihood of a false match to be similar to that of face recognition or fingerprints: you’d be drowning in false matches,” said Daugman. “While it may be more difficult to acquire an iris image due to the small size of the target, the real strength of iris recognition is that you simply don’t get false matches, even when searching national-scale databases.”
The technology has to be able to isolate and recognise an iris, while extracting the texture and structure that make it different from any other iris. The Cambridge algorithms convert an iris pattern into a code made up of a series of ones and zeroes, which takes just a few milliseconds. The algorithms then measure the amount of dissimilarity between the new iris code and every other iris code by taking the strings of ones and zeroes and counting all the bits that disagree. An average CPU core can do around one million comparisons per second, so even when dealing with the trillions of comparisons that take place every day in India, only a moderately-sized server farm is required to search and compare against the entire database.
When computing iris codes, typically less than 70% of the iris is visible, as it is partially covered by the eyelid, or obscured by eyelashes, heavy makeup or reflections on the cornea. However, the amount of variation is such that, even so, the likelihood of two people generating iris codes that ‘collide’ with each other is vanishingly small. It is roughly equivalent to tossing a fair coin 250 times in a row and getting (say) three-quarters heads and one-quarter tails, which is extremely improbable.
As people continue to enrol in cities, towns and villages across India, the Aadhaar scheme is being watched with great interest by governments and organisations from all over the world. While privacy concerns have been voiced, the benefits to those who cannot currently prove who they are could be enormous. The President of the World Bank, Jim Yong Kim, has described the programme as one of the best examples of integration of technology for social welfare use, and one which could play a major part in achieving the goal of poverty eradication by 2030.
“It’s very satisfying to see something that one has developed be deployed on such a huge scale,” said Daugman. “It’s also mathematically interesting to me that one can make randomness the key to the solution, rather than the problem.”
Image credit: Father of the Eye, by Desirae via Flickr
Cambridge Enterprise exists to help University of Cambridge inventors, innovators and entrepreneurs make their ideas and concepts more commercially successful for the benefit of society, the UK economy, the inventors and the University.