National Government ID Project – Leapfrog or Catch-up? SIM card vs Smart Card?
[Guest article by Sanjay Swamy, CEO of mChek. Sanjay shares a strong perspective/insight on Indian govt’s National ID project and urges Nandan Nilekani to evaluate SIM card vs. Smart cards.]
Imagine India as a country where 100% of the population is uniquely identified, has connectivity for telecom services and also has access to structured financial services.
Imagine secure, personalized, anytime-anywhere healthcare services, government disbursements, loan disbursements and repayments! Imagine – the SIM card can become the government issued voter ID card – and one could even “vote” from the convenience of one’s mobile phone.
The appointment of Nandan Nilekani to head the National Government ID project finally indicates that the Government of India is serious about getting the project right. One finally has the confidence that this is one Government project that will be done right.
Having lived for several years in the US and experienced the seamless access to government and private services through the one common link – the Social Security Number (SSN) – and when I returned to India six years ago, I felt India needed to simply clone the US’s SSN system.
Mobiles in India are the Unique Identifiers
Six-years later, having experienced the telecom revolution in India, and I feel India would be missing a trick by simply cloning the SSN. While the move to a Government issued Smart-Card may be a big step forward, the trick for India would be to engage the Government and Telecom Operators in a public-private partnership that delivers a SIM card to 100% of the population. Technology-wise a SIM card is a Smart-Card – but it is network-enabled. Secure, two-way communications are only possible in a SIM card, not with a Smart-Card.
One largely unknown concept is application-specific security domains that can be created on SIM cards. This means that the information travelling in that domain, while using the telecom network, is encrypted and secured – and cannot be tampered with. Think of it as an end-to-end VPN between your SIM card and the “Application” Service provider. In mChek’s case, this is currently used for financial services. A similar application could easily be developed/adapted for Government services.
Naysayers to this approach will be quick to point out – what if one doesn’t have a mobile? Or what if there is no network connectivity? Well, in such cases, one simply needs to share a mobile to insert the SIM card, no different from a “smart-card reader”. A $20 mobile becomes a Smart-Card reader – rather than a $100 proprietary Smart-Card reader. In other words, we are no worse off – and probably still much better off handing everyone a SIM card rather than a Smart-Card.
The Government ID project can play a far more significant role by leveraging the Telecom reach – the project can also be executed much more efficiently and effectively, than any other country has done.
Nandan – you have our complete support – we all know you will do the right thing for India. I hope you will examine the SIM and how its advantages far outweigh the traditional smart-card approach in this landmark project.
Let’s leap-frog!
image credit
About the author - Ashish Sinha is a Startup Mentor/Product Strategy Coach, and the founder/chief editor of pluGGd.in.
He has launched/managed couple of products (consumer as well as enterprise) in US and India, and now consults with startups/small businesses on their product/media strategy. He can be reached at: ashish (at) pluGGd.in [+91 98452 06443]
What an idea Sirji … sorry Sanjayji
.
There are multiple issues here IMHO.
i) GovermentID (or SSN) number is chosen based on many conditions.
ii) Smart card readers we don’t need in billions (only at places where
we want to read).
iii) Cellphone is an option but GovermentID is a must.
iv) Why should a Indian listen to telecom service provider (terms and conditions).
v) Telecom providers have balance sheet to answer … goverment has people to answer.
I liked this “Telecom providers have balance sheet to answer … goverment has people to answer.”
None of your objections are against what I am proposing – I’m merely suggesting that we use the SIM as the platform – control will 100% be with the government for the government’s security domain.
If its a regulation, India will not be listening to the telcos.
“Secure, two-way communications are only possible in a SIM card, not with a Smart-Card.”
I am not sure I agree with this statement.
The proposed smart cards will be using SCOSTA standards developed by IIT Kanpur. Here is a comprehensive presentation on Prof Rajat Moona, who led this project.
http://www.cse.iitb.ac.in/~br/iitk-webpage/cut-edge-2005/slides/Smartcards.ppt
On the other hand, I don’t think transmitting all the sensitive data through the telecom operators is a good idea. If you go through the presentation, you will see how they have developed a secure protocol with real-life situation in mind.
OK – I add the term “over-the-air” or anytime/anywhere to my comment. The idea is to bring the government to the people – not take the people to the government!
The Smart Card has the major function of being a transaction card where all interactions for many departments are recorded. For the SIM option,the records at the backend server will require massive infrastructure and interconnectivity within them. The records have to be on the card for complete and stable utility. IMO ,SIM is not a good option here.
SIM card is also a smart-card and can do everything you mention – its purely a case of storage/memory.
Initial questions that come to mind are as follows:
1. What happens when the user wants to change the mobile number
2. Can we rely on the KYC policies of the telecom operators? We all know how SIM cards used to be issued without any id / address proofs.
3. Is the data communication through the mobile completely secure? would it definitely require the sim to be replaced? that may be very difficult operationally
4. Won’t we have to rely on too many service providers? the cards can be issued by one single entity.
5. Guess the smart card would have the photo id as well. How does one insure that in a Sim card?
If these have been thought out already or there are enough mitigants available, the SIM card can be a great option for this project.
Personal identification is not possible on a SIM as on a biometric smart card. A biometric smart card can hold finger prints of all ten fingers for identification. At best the SIM shall work on a password. At the end of the day the smart card readers shall have to work on a GPRS or CDMA sim to move data from the field to the servers.Telecom will get big big business from this. The only guys who shall not get a piece of cake are the mobile application developers. Their call is to innovate and win.
[SS]Holding finger-prints on the SIM isn’t the issue – verifying them is the issue. BTW, this is the same issue with Smartcards – you do need a reader to do the same.
1. What happens when the user wants to change the mobile number
[SS] Get a new SIM – no issues. Data can always be transferred. This option will be required anyways to cover for the possibility of a lost phone.
2. Can we rely on the KYC policies of the telecom operators? We all know how SIM cards used to be issued without any id / address proofs.
[SS] KYC of operators will not be relied on. Government will do its own KYC. Over time operators will rely on governemnt KYC
3. Is the data communication through the mobile completely secure? would it definitely require the sim to be replaced? that may be very difficult operationally
[SS] 100% – its no different than a dedicated smart-card.
4. Won’t we have to rely on too many service providers? the cards can be issued by one single entity.
[SS] The idea i have is for government to legislate and facilitate the issuance of SIM cards with Government ID built-in.
5. Guess the smart card would have the photo id as well. How does one insure that in a Sim card?
[SS]: Not just having the photo – we also have a way to display the same
Replies below…
Cell networks aren’t very reliable right now.
Imagine if its the peak time like new year or diwali or some other festival. we can’t rely on these networks at these times to carry critical important data.
And coming back to the point mentioned by one commenter. the smart card is a government issued card. why should every person in india fall into the clutches of the telecom companies for the nationalID? Will the data be safe from them? And will telecom providers provide this extra bandwidth for smartcard related communication for free?
And what if I have more than one SIM card? What if someone steals my mobile phone? Identity theft?(you have to agree that there is more reason to steal a phone than a smart card for thieves) What if I run out of talk time/validity and the cellphone operator disconnects my connection? What if the SIM gets blocked(forgot PIN/PUK/PUK2 code)? What if I want to use it but my phone runs out of charge in the middle of the road? What about mobile viruses?
There are tons of other queries I can think of right now, but these are the foremost ones on my mind.
[SS] All valid questions – none of what you are saying is any different in the event India goes with a dedicated smart-card. We are not talking about compromising security because guess what, the SIM card is the same Smart-Card you will get – only it won’t work in a phone and won’t give you any of the benefits of connectivity.
I think all comments are missing the point. SIM card will be govt’s property, work over a public spectrum laid on a private network infrastructure and will be readily accepted by people.
All other issues related to SIM are as much valid for Smart card too.
I think the core issue is that of coordinating the project with various power hungry departments, avoiding the blame game and keeping financial/credit personal information away from this ID. Would love to hear thoughts on this
>> won’t give you any of the benefits of connectivity.
Nor the pitfalls of it.
I think you are saying that since the biometric chip is similar in electronics to the SIM, why not just turn the communication features on? If we were to do this,in addition to government requirements we have to implement the SIM to 3GPP standards for the SIM. We now have to protect the Ki (the secret key in the SIM) as well as citizen biometric identifiers.
Sometimes, you have to purpose design.
Let a ID card be an good ID card.
What will happen if u lost ur Mobile with SIM Card…?
I don’t think author understands the power of GovermentID (SSN). OR
I don’t understand the power of SIM
IMHO…There are different set of rules and procedure to get a Government ID and a SIM.
GovermentID is like a password you don’t have to tell someone if you don’t want to even if it is government authorized person.
SIM number is something you have to tell everyone.
Government ID is used only on occasions and when necessary .
SIM is always ON (why bother to track billions… track only at check posts).
Government ID can be kept in locker.
SIM you have to carry everywhere (% of loosing is high).
Government ID is only ONE.
SIM i can have 10’s if i want to.
Government ID is like a passport.
SIM is a simple communication enabler.
Goverment ID is a must.
SIM is a convenience.
Should i ramble more?
Good Luck convincing Nandan and others.
Sim card can be clone easily, but getting clone of smart card is tough nut.
[...] is the original post: National Government ID – Leapfrog or Catch-up == SIM card or Smart … Share and [...]
Interesting ideas. But going with SIM cards have very important privacy ramifications which must be balanced out carefully, with privacy getting a higher priority.
orignally posted this comment at Medianama . cross posting it here.
interesting but not practical from an implemetation standpoint.
#1 ID card number should be designed in a hub and spoke model . with the ID card # at the hub and various services accessing it as spoke. with your solution the hub will be owned by one of the service . now why should that be the case ? its a sensitive data , with a lot of telcos having a significant chunk owned by foreign entity it will be a strategic blunder to do that
#2 ID card is unique to every person . Phone connection is still shared in many cases (yes its a reality , in rural india ) .
#3 how much sense does it make to keep such vital information on a Live network ? your argument is that Tech is strong enough to protect us from ID Theft ? Tell that to obama who has to use a special device to encrypt the data sent from his Blackberry .
#4 Most cellphone devices lack the capability of communicating with other system/device . how will you use the sim based ID to track the other than telco usage of SIM . say i want to submit a loan applicationor my univ application . how will i do it on a basic nokia handset ? enter manually ? not secure SMS the ID to a short code ? not reliable . most rural user will lack know how of that. a swipe based card will remove all such problem.
I am as much of a mobile fanboy as the next person but I don’t think Mobile SIM is the answer to NAtional ID problem .
Do you expect all the citizens of our country to learn to operate a mobile phone ? Do you expect everyone to remember their passwods etc ? The literacy rates in our country are so low that if the citizens have to do some act in participation then you can write that project off from day 1. The need for training shall become in itself a bigger task. Even with the smart card this project is very tough to implement and that has made the Hon PM depute the best man in our industry for it.