India is home to almost one-fifth of the world's population. Its scale and diversity rival those of continents, not countries. India has "official" 22 languages but unofficially 19,500 languages have been recognized as having 10,000 speakers or more.a There is incredible diversity, but also incredible disparity. About 45 million people still live in extreme poverty,b and less than 4% of its 1.3 billion people paid any income tax at all.c
At the same time, digital inclusion in India has taken off in a significant way in the last few years. It has 1.2 billion mobile connections and over 500 million Internet users.d India is now the world's second-largest market for smartphones, with an estimated 400 million smartphones in India having access to one of the cheapest mobile data plans in the world. India is incredibly youngabout 50% of its population is below the age of 25, with approximately 65% of the population below the age of 35.e India expects to have 100 million people entering the workforce over the next 10 years. In short, the country is young, ambitious, and connected.
Social welfare is delivered through a complex network of over 950 schemes and funds by the Union government alone. The Union government spent close to $45 billion on subsidies last year. The states would cumulatively spend another $10 billion. A migrant worker population of over 453 million people,f moves from their homes either seasonally or permanently, adding to the complexity of welfare service delivery.
In 1985, the Prime Minister of India said that out of every rupee spent by the central government, only 15 paise (15%) reaches the beneficiary. This is because, distribution of welfare has typically taken place in kind, through a multi-layered supply chain. Realistically, it is estimated that leakages in welfare programs spanned from 10% to 60%, depending on the program.
Moreover, price subsidies tend to be regressive because they are untargeted. As the economic survey of 2015 defined it, "a rich household benefits more from the subsidy than a poor household."g The report found the bottom 50 of the country consumed less than 25% of the subsidized LPG (cooking gas). Similarly, 41% of the kerosene supplied through the public distribution system was lost to "leakages," and only 46% of the remainder went to poor households.
It is important to remember that some of these problems and numbers are as recent as 2015. Clearly, the state needed to move away from the price subsidy model to a more targeted and efficient service delivery model. Starting in 2009, India began to create digital infrastructure to move from people and paper-intensive inefficient service delivery, to an efficient, direct, digital service delivery.
This was not just the need of the State, the Indian markets felt the same way. Despite its large size, and consistently high growth rates, the Indian markets have not turned out to be stellar for many players. The high cost of customer acquisition, KYC (Know-Your-Customer) process, various claims verification, and overall cost of business meant market players could not provide affordable and accessible products or services. A large population was not in the formal economy. This is the context thatbeginning in 2009over the next 10 years led to the creation of the India Stack.
Leapfrogs. There have been various technologies that have played the role of infrastructure. While the technologies themselves are commendable, their real "disruptive" power has been what applications they enable. For example, the Internet may have been born of a specific need, but its success is because of its design. It was a mass-scale, open, and interoperable protocol. The use cases for the Internet were not restricted by the imagination of its founders.
The India Stack is a name given to a family of APIs, open standards, and infrastructure components that allow a user in India to demand services digitally. As of 2019, the services the India Stack offers are proving identity, completing KYC, making digital payments, signing documents digitally and sharing of data. While the list of APIs is growing, the APIs listed in Table 1 are now mature, well understood, and enable efficient delivery of services in India.
Why India Stack? Just like the modern Web, the India Stack did not come out of one place, but through multiple efforts by multiple teams. Each API or standard may have an owner and their own licensing nuances. It is a set of loosely coupled technologies and protocols, and there is no master directive. Each technology tries to do one thing and do it well. The innovation comes from the combinatorial use of these technologies by entrepreneurs and governments alike.
What they do have in common is that each lowers the cost of doing transactions. The reason for cost savings is multifoldit eliminates paper, but also eliminates the need for physical presence during a transaction. Digital payments eliminate cash and the cost of cash handling. It can also simplify compliance, such as in the case of KYC compliance for financial or telecom institutions. It could reduce "leakages" through the verification of identity and elimination of duplicates.
The breadth of India Stack and its potential use cases are too wide to cover in depth here. We will focus on two of the components that are currently doing greater than 800 million transactions per month: Identity and payments.
The various components of the India Stack are at different levels of maturity. Table 2 illustrates some of the metrics for a selected subset of the systems.
In 2009, the Government of India undertook a program to give each resident of India an identity card. It was estimated that approximately 400 million people in India did not have an individual identity document.h The importance of identity for development is well understood. In India, this program was called Aadhaar, which translates to "foundation" in many India languages.
Where India differed from other similar programs of the time, the stated intent was to issue a secure, digital identity and not simply an ID card. The Aadhaar program scheme was presented as designed to be minimally intrusive, with the focus of the program on empowering every resident in two important ways. The first was to manage their identity; the second was to use their identity to prove who they are. The following sections, as well as Figure 1, help to explain the design.
Managing identity. The scale of the Aadhaar project and the diversity of India meant every assumption about a user's context, ability, or access to infrastructure would be challenged in the field. The design of the Aadhaar system preempted some of these challenges through simple design principles.
The first principle was to keep the data collected minimal. The Aadhaar system only collected four mandatory demographic variables: Name, address, gender, and date of birth, along with two voluntary attributes, namely, mobile number and email address. The voluntary attributes helped users manage their identity themselves online.
The choices around data collection, access controls, and system architecture should enforce hard limits to what is possible to minimize risk by design. In case of Aadhaar, biometric data cannot leave the Central Identity Data Repository of the Aadhaar in any circumstance. The feature is simply not present in the system, minimizing the likelihood of leaks whether accidental or intentional. These were part of Aadhaar's privacy by design principle.
The Aadhaar project was meant to provide an inclusive identity. No one should be left wanting an Aadhaar for lack of documentation or ability to register biometrics. Even if a resident could not furnish an existing identity document or an address proof to verify their details, a letter of introduction from their local representative would do. Similarly, there were exception processes for those with ailments or conditions that prevented them from successfully enrolling their biometrics. Inclusion in authentication was achieved through the availability of multiple factors of authentication including fingerprints, face, iris, and OTP.
The Aadhaar project implemented an ecosystem approach for solving problems of scale. For example, using standardized software, private enrollment operators were enlisted to go out and enroll citizens. They were paid by the Aadhaar project on a per successful enrollment basis. The enrollment data was end-to-end encrypted and deduplicated at the CIDR only. This lead to a rapid onboarding of users, reaching one billion enrollments in 5.5 years after launch.i
Projects such as Aadhaar, and components of the India Stack, are considered national assets that might outlive the existing vendor base. Propriety solutions offer short-term relief but may have a larger total cost of ownership. Using standardization and an open architecture, the Aadhaar project was able to develop a vibrant and open vendor base for critical components of the hardware and software running Aadhaar. The project is deployed on commodity computing resources to prevent costly maintenance bills. Further, scaling to hundreds of millions of transactions per month and billions of records has not been a problem. This has led to massive cost savings, with each enrollment ultimately costing less than $1 per successful enrollment and authentications to approximately one cent per authentication.j
Using identity. Aadhaar is a digital identity, and its value is derived from the fact that to confirm the user who furnished the ID is indeed the true owner of that identity Aadhaar provides multiple channels for authentication. This allows governments and businesses to trust the person they are transacting with is truly who they claim to be.
Aadhaar serves as foundational identity and does not collect information on purpose of authentication. It has been envisioned that many domain-specific federated identities will be derived from Aadhaar. For example, India's tax IDthe Permanent Account Number (PAN)uses Aadhaar to deduplicate its registers. Since these two databases remain separate, the CIDR has no information on the tax IDs of its users. This principle is also reflected in the institutional design of the programthe Unique Identity Authority of India (UIDAI)which is a separate agency that does not fall under an existing function-specific ministry.
Aadhaar was aware of the growing privacy risks if identity and transaction data is collected in one central place. Hence, Aadhaar envisioned a federated model during use of Aadhaar.
Despite having credit cards for more than 40 years, their penetration in India has been very low. In 2015, there were only approximately 20 million credit cards in the country and two million digital payment acceptance points for India's 1,300 million people,k indicating many features of card-based payment systems (for example, high cost of payments and cumbersome user experiences) were not effective at reaching most of the Indian market. The National Payments Corporation of India (NPCI) realized that for digital payments to be successful in India, it needed a low-cost payments system that worked for high volumes of low-value transactions.
The outcome of NPCI's deliberations was the Unified Payments Interface (UPI). The Unified Payments Interface is a protocol that simplifies the sending and receiving of value from any stored-value account to any other stored-value account. That is, the UPI specifications allowed sending money from bank accounts to bank accounts, but also from bank accounts to mobile wallets and loyalty accounts, among others.
UPI provides a set of interoperable APIs that innovators use to build payment apps or make payments as a feature into their current workflows. Normally, this would have required bilateral agreements with all banks, but since almost all the banks in India use the UPI specifications for transferring money between bank accounts and from bank accounts to mobile wallets and loyalty accounts, building a Venmo-like product in India is much easier. This is the reason India has seen an explosion of payment apps recently, including global players such as Samsung, Google, and Whatsapp.
How UPI did this was by first defining the Payments Markup Language. It standardized the instruction for push (sending) and pull (requesting) of money. All transactions are available on API endpoints, so that payments become a feature, not just an app. By standardizing and defining the Payment Markup Language, UPI could introduce features such as recurring payments that were previously only available although credit cards and tedious bank mandates.
Further, as part of its open architecture, UPI uses a pluggable authentication model, so that it is not dependent on any particular identity or mode of authenticating. This was important from the point of view of inclusion. In India, enabling digital payments cannot assume the presence of a smartphone. We were able to create two important apps on top of UPI to serve even those without smartphones. The first was the USSD based *99#, that enabled all transactions that a UPI app could do, but on a feature phone. The second was Aadhaar Merchant Pay. Using Aadhaar authentication, NPCI could transfer money from a user's bank account to that of a merchant without the need of a smartphone by the user. The consent to transfer is instead collected via biometrics at an agent's terminal who may have a smartphone or specialized point-of-sale machine.
UPI unbundled the "address" of payments. Instead of requiring users to remember an arbitrary combination of account numbers and routing numbers, UPI standardized the payment address. In UPI, every payment address is of the form "[email protected]" This address is then resolved internally by NPCI to the correct account. Every account may have multiple payment addresses linked to it, so that the user may give [email protected] to his colleagues and [email protected] to his friends and both route money to the same underlying account from ICICI.
Figure 2 also alludes to the four-party model that is so important to UPI's success. In UPI, the payment-address-issuing entity is not necessarily the same as the one providing the underlying bank account. This means a user can use any app to send or receive money directly from their bank account. They are no longer restricted to just the app provided by their banking service provider. This has increased competitiveness to acquire users, and as a result the responsiveness and performance of bank apps has improved dramatically since the launch of UPI.
With over 800 million transactions worth more than US$1.9 billion being transacted monthly after approximately two years,l the Unified Payments Interface (UPI) is the fastest-growing open-loop digital payments platform in the world.
Criticism and Evolution
As Aadhaar gained coverage, traction, and the trust of service providers as a unique and robust proof of identity, it began to be requested (and sometimes mandated) as a foundational document across a variety of public and private services, in particular, for government subsidies, banking, and telecommunications.
As a result, there was pushback from media, civil society, and academics around issues of privacy and security of individual data, and the possibility of exclusion from access to services due to lack of an Aadhaar or due to authentication errors. Meaningful engagement on all criticisms is not possible in this article, the issues are wide ranging and need detailed, nuanced discussions on design trade-offs.
What we would like to highlight is some of the outcomes from the critique of Aadhaar. The UIDAI was able to see the increasingly vocal demand for better privacy controls, resulting in design changes to the program as it evolved. Aadhaar has rolled out a number of features to further enhance the security, privacy, and inclusion of the Aadhaar system.
Biometric capture devices are registered with the Aadhaar ecosystem and all biometrics captured are signed and encrypted at the capture device to prevent replay attacks. Residents can lock and unlock (for short periods of time) their biometrics using the multiple channels such as the Aadhaar mobile application or the Web portal.
Aadhaar introduced temporary virtual IDs that allowed users to mask their Aadhaar numbers during an authentication request. The means the Aadhaar number does not need to be shared with an authenticating agency. In the digitally signed response, Aadhaar returns agency-specific UID tokens, which are unique and cannot be correlated across agencies. In addition, residents can lock their Aadhaar number and authenticate using only the virtual ID.
Aadhaar has introduced the concept of offline KYC verification, which allows residents to directly share their digitally signed KYC information with a verification agency XML/QR code formats. This allows residents to share non-tamperable credentials without direct involvement of the Aadhaar system. Local validation of the photograph through face matching and mobile number are possible. Sensitive data such mobile number is stored using a one-way hash; the data is revealed only if residents share the data with the verification agency.
Problems with authentication using fingerprints by manual laborers or senior citizens were addressed through the introduction of multiple biometric modalities such as face and iris matching. In addition, multiple modalities can be combined through fusion to further reduce rejections in the field. Finally, exception processes are put in place to ensure 100% of residents can authenticate using the Aadhaar system. Aadhaar's open architecture meant such a solution could be rolled out quickly in response to public demand.
The criticism and civil society movement also bought into the public discourse India's lack of a Data Privacy Law, which is necessary whether or not there is an Aadhaar. While trying the Aadhaar case, the judges were forced to ask if the constitution guarantees a fundamental right to privacy. A nine-judge bench found the answer was affirmative.m
A second Supreme Court judgment declared Aadhaar did not intrinsically violate an individual's fundamental right to privacy, but its mandated use ought to be restricted only to government-provided subsidies and benefits, tax collection, and other proportional use cases where permitted by law.n
While it may seem contentious and politically charged, such conversations are a feature, not a bug, of democracy. The executive, judiciary, and UIDAI were responsive to the public's needs and evolved the system based on what the people wanted. Our experience underscores the importance of stakeholder conversations during the design and implementation of the program.
India's experience with creating digital infrastructure platforms as public goods offers multiple lessons learned in technology, system, and regulatory architecture. It demonstrates how multiple such systems can be leveraged in concertsuch as the India Stackfor development objectives. Governments and businesses alike are building for diverse use cases on top of the stack. By lowering the transaction costs of serving the poor, we are achieving better inclusion.
Such digital infrastructure is not a unique requirement in India. It is estimated that approximately 161 countries currently have or are building their own digital ID systems. Many countries have local interbank payment systems and are now looking to upgrade them for a mobile-first world. As various countries build their own systems, the Indian experience with Aadhar serves as a real-world example to learn from. Even if the systems may look different, we believe the principles adopted in their development would serve well globally.
a. Census of India, 2011; http://bit.ly/2Sysodk
b. World Poverty Clock Statistics on India https://worldpoverty.io/
c. Two crore Indians file returns but pay zero income tax. Economic Times, Oct. 23, 2018; http://bit.ly/2wWziiU
d. IAMAI I-CUBE 2019 Report, http://bit.ly/2MQELCF
f. Census 2011 Data; http://bit.ly/2Y9nrdj
h. Massive biometric project gives millions of Indians an ID. WIRED; www.wired.com/2011/08/ff_indiaid/
i. Aadhaar Dashboard, UIDAI; https://uidai.gov.in/aadhaar_dashboard/
j. Based on cost of Aadhaar project from A Cost-Benefit Analysis of Aadhaar. National Institute of Public Finance and Policy, Nov. 2012; http://planningcommission.nic.in/reports/genrep/rep_uid_cba_paper.pdf
k. Bankwise CARD Statistics, RBI; https://rbi.org.in/Scripts/ATMView.aspx
l. UPI Product Statistics; https://www.npci.org.in/product-statistics/upi-product-statistics
©2019 ACM 0001-0782/19/11
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from permission[email protected] or fax (212) 869-0481.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2019 ACM, Inc.