Protests have broken out across the country over the Citizenship (Amendment) Act and the National Register of Citizens (NRC). While there is a more recent history to why the NRC was updated over the last four years in Assam, there is a complicated past of war and migration has fuelled the BJP’s call for it all over the country.
But to know the story of the National Population Register, how Aadhaar infrastructure underpins it, and how it relates to the National Register of Indian Citizens, we need to first start with Kargil.
The Pakistan Army’s intrusion into Indian territory took the government by surprise. Of particular concern was infiltration by Pakistanis who came dressed up in civilian clothes. A ‘Kargil review’ committee was appointed by the-then Vajpayee government to suggest possible solutions, one of which was to issue national ID cards to people who live in border areas and then scale that up to the whole country.
Eventually, there were proposals for a ‘Multi Purpose National Identity Cards’ (MNIC) project and a ‘National Population Register’ (NPR), both instituted under provisions of the Citizenship Act of 1955.
The MNIC proposal was presented to all the chief ministers in a conference on internal security on 17th November 2001 and was accepted.
A 2002 parliamentary question about the identity cards in Lok Sabha had the following answer from the then Minister of State for Home Affairs Shri Ch. Vidyasagar Rao:
“The issue of MNICs would involve creation of an identification system for more than one billion citizens, streamlining the existing machinery for the registration of birth and deaths at the grass root level and choices of institutional as well as technological options for the creation of an integrated data base of personal identities capable of being continuously updated. The Government would finalise its decision only after an in-depth examination of all relevant issues and after making necessary preparations, including the legal backing to the scheme.”
This was the birth of Aadhaar if you ask the current BJP, which stakes claim to it as their own project proposed under Vajpayee after the Kargil war.
Indeed, the Multi Purpose National Identity Card was not much different from Aadhaar. It was supposed to be a smart card which would store the fingerprints of individuals and other data in the card. The card was based on the ‘Smart Card Operating System for Transport Application’ (SCOSTA) standard developed by National Informatics Center for blocking illegal driver licences using a chip-card based on equivalent ISO standards.
While the technical standards where being formulated the Office of the Registrar General of India (RGI), under home ministry started working out the modalities to build this database. In 2003, much before Aadhaar was announced, the RGI decided to use fingerprints of individuals as part of the data collection required for MNIC and the National Register of Indian Citizens (NRIC).
Importantly, a RGI newsletter from 2003 does not distinguish between the MNIC and NRIC, referring to them as vital cogs of the same system.
The newsletter also notes the framing of ‘The Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules, 2003’. These rules call for the creation of a ‘population register’ that would feed into the national ID card system (MNIC) and the National Register of Indian Citizens.
Another RGI newsletter from that time the following also points out:
“The Government has decided to conduct a pilot for the MNIC Project in selected areas of 13 districts in thirteen states/union territories in the country. The pilot aims at providing the following benefits:
a) A credible individual identification system
b) Speedy and efficient transactions between the individual and the service provider (government and non-government)
c) User friendly interface between the citizen and the government
d) Improvement in services to the people in ‘Below Poverty Line’ (BPL) or ‘Above Poverty Line’ (APL) categories
e) Deterrent for future illegal immigration. ” [Emphasis added by The Wire]
While these pilot studies and exercises where being carried out, India was hit by another terrorist attack in Mumbai on November 26, 2008. The terrorists came to India posing as fishermen in a fishing trawler and attacked key places in Mumbai. The Mumbai attacks were a new kind of warfare for India, which opened up coastal waters as threat vector. The incident questioned India’s failures in surveillance & intelligence and the failure of coast guard in stopping illegal entry of people via fishing trawlers.
To respond to these challenges, the UPA government started creating new intelligence databases like NATGRID, started registration and licensing of fishing vessels and created a database for it called ReALCraft. We also increased the number of coastal police stations and the police were tasked to know everyone living in surroundings.
More importantly, that’s when MNIC cards started to be distributed to fishermen.
India eventually issued a gazette notification to start the ‘National Population Register’ (NPR) on March 15, 2010. The idea was to create a database of all ‘usual residents’ and use that to eventually feed into a National Register of Indian Citizens (NIRC).
Aadhaar versus NPR
While the MNIC project was ongoing, its progress was sluggish and after a decade, it became clear that it wasn’t progressing well. This is when, under the Planning Commission and Nandan Nilekani, the Unique Identification Authority of India (UIDAI) was formed and the operating procedures were completely changed. Under UIDAI, ‘smart cards’ became bad and central databases to de-duplicate people became the preferred choice of poison. UIDAI formulated rules for the capture of biometrics and iris scans, which went onto become national standards.
By the time UIDAI standards were formulated, the NPR was already being carried out by the Registrar General of India. The infrastructure for NPR at this stage was old and different from Aadhaar, as it was using smart cards. Electronics Corporation of India Limited, which manufactures our voting machines manufactured machine readers to read smart cards for coastal police stations. But NPR was not yet collecting iris scans and was not de-duplicating data — this data was later collected and added again.
The NPR database was always the root database though and was built to eventually identify citizens. The problem was that it didn’t have the algorithms to compare and find duplicate fingerprints. The cost of storing fingerprints in multiple databases — UIDAI *and* NPR — along with the security of it was also high.
De-duplication exercises would have been possible only if all the data was in a large single database.
So, the RGI signed an agreement with UIDAI to share biometric data for de-duplication and issuing Aadhaar. In 2016, it was reported that RGI had shared biometrics captured by it of nearly 300 million people with the Aadhaar agency.
MNIC cards were stopped, but the RGI continued to update National Population Register with Census 2011.
The problem started when the differences between NPR and UIDAI became apparent — both were ostensibly designed to build a database that would help the government provide welfare services. But they always had different origins. Nilekani for instance brought in the private sector to implement the UIDAI project at breakneck speed, which created enrolment fraud. The home ministry, naturally, had concerns about private operators handing out Aadhaar numbers without any checks. The UIDAI didn’t care too much about this because Aadhaar was legally allowed to be given to any resident, foreign or Indian.
The MNIC along with NPR, on the other hand, was effectively designed to eventually check citizenship status.
The problems being created from Aadhaar led to a confrontation between the Home Ministry and UIDAI — to the point where Chidambaram as Home Minister wanted greater control for NPR as verification is done for the project.
Committees were created to co-ordinate between NPR & UID. The escalations only stopped after the cabinet committee on UID under Manmohan Singh intervened in January 2012, deciding coastal areas will be covered by NPR and UIDAI will continue to carry out inner states.
Things continued like this until the Supreme Court ordered UIDAI can’t share back the biometrics it collected to anyone. This made things complicated for Registrar General, who asserted the Citizenship Act 1955 gives them the right to collect biometrics (point 8 in MoM). The home ministry ministry sought legal opinion from the attorney general. The RGI updated the National Population Register again in 2015 by going door to door and also collected Aadhaar number of individuals (point 8 in MoM).
It has since then still needed the biometrics to finish the NPR, and recent reports indicate that this deadlock will be broken.
The issue of sharing data between entities was always complicated. In the case of Aadhaar, private registrars under UIDAI had access to data while state governments did not.
Under the National Population Register, it was the state government and state census offices carrying out the exercises had access to data. Like the Centre, states also had their own welfare projects and required data on residents of the state. But the data UIDAI was collecting wasn’t enough for states, they needed data specific to their schemes.
In states that had not carried out proper NPR enrolment (inner states), the governments used UIDAI to create ‘State Resident Data Hubs’ to create their own mini Aadhaar and the concept of Know Your Resident Plus (KYR+) was born. This meant states could collect more data like Voter ids on top of basic demographic data (KYC) that UIDAI collected. Often states collected sensitive information like religion and caste details to understand the socio-economic upliftment of various social groups.
Eventually, states started collecting much more data using their own surveys like Telangana and Andhra Pradesh.
Telangana which first started these special state surveys, did an intensive household survey of the entire state in a single day. A holiday was declared right after formation of Telangana on August 19, 2014, and people were asked to be home with all their identity documents. They were asked to go back to their permanent residences, special buses were arranged and there was a lot of frenzy that was whipped up. If they weren’t in this survey, they may not be eligible for jobs or government benefits. Unlike the Census, which is carried out to know where the population lives, this exercise was done to know where the population is from. Telangana used this data to build a 360 degree profile databases of everyone in the state. During the Supreme Court hearing on Aadhaar, the judges were informed these databases where shut down. Surprisingly the 2018-19 economic survey (Chapter 4, box-5) praises Telangana for creating this secret database which no one from the state heard about. The economic survey recommends Aadhaar be used to link all databases.
The KYR plus data was being shared among various government departments without any consent. A lot of this data was leaking from government portals and UIDAI would ignore them by stating that no data has been leaking from the central database, the Central Identities Data Repository (CIDR). This issue extended to the NPR project as well.
The NPR now is going to be carried out using a mobile application like Andhra Pradesh and will be linked to Aadhaar as per latest statements and is going to be part of the Census 2021.
In the end, one can easily say the National Population Register is different from the National Register of Citizens. What then is the relationship between both? In response to a question in the Lok Sabha on April 21,2015, the-then Minister of State for Home Affairs, Shri Haribhai Parathibhai Chaudhary, clearly spelled it out:
“The National Population Register (NPR) is a Register of Usual Residents. It would contain citizens as well as non-citizens. The objective of creating a NPR is to net all usual residents of the country at a given point of time. This would serve as the mother database for creating the National Register of Indian Citizens (NRIC) by verifying the citizenship status of each and every resident.”
The government already has so much information about us – it just so happens they are in different databases. The mother database for National Register of Indian Citizens is the National Population Register, which in turn uses data from the Aadhaar database. The Supreme Court judgment on Aadhaar only restricts UIDAI from sharing biometrics and does not put any restrictions on sharing of demographic data. In fact, under the national security clauses a lot of this can be allowed.
The government’s use of data to identify people and randomly create registries has created a multitude of problems. It is time they be put in check with the upcoming data protection bill.
Srinivas Kodali is an independent researcher working on data, internet and governance.