Citizen Services

Aadhaar's deduplication is one of the most complex identity challenges ever solved at scale. Problem: When enrolling a new person, the system must verify that they don't already have an Aadhaar number. With 1.4B existing records, this means comparing new biometrics against the entire database. Solution: 1) Multi-modal biometrics: 10 fingerprints + 2 iris scans + face photo = 13 biometric samples per person. This provides redundancy (damaged fingers) and accuracy. 2) Segmented search: Not every new enrollment is compared against all 1.4B records. Demographic pre-filtering: If new enrollee is male, age 25, from Maharashtra, compare primarily against that demographic segment. Reduces search space by 90%+. 3) Tiered matching: Stage 1 — fast 1:N search using fingerprint minutiae (geometric features) against indexed biometric database. Returns top-K candidate matches. Stage 2 — detailed comparison of all 13 biometric modalities against candidates. Stage 3 — human adjudicator reviews borderline cases. 4) Technology: ABIS (Automated Biometric Identification System) provided by L1 Identity Solutions (now IDEMIA) and Morpho. Massively parallel architecture — biometric matching runs on GPU-accelerated servers. 5) Accuracy: False Positive Identification Rate (FPIR) < 0.0001%. False Negative Identification Rate (FNIR) < 0.01%. For 1.4B people, even 0.01% FNIR = 140,000 potential misses — this is why multi-modal matching and human review exist. 6) Ongoing deduplication: Even post-enrollment, analytics continuously run to detect duplicate Aadhaars (e.g., two Aadhaars with similar biometrics but different demographics).

India Stack is a set of open, interoperable digital public infrastructure layers that enable population-scale digital services. Layers: 1) Identity Layer — Aadhaar: 1.4B unique IDs with biometric authentication. API-accessible. Enables eKYC (verify identity in seconds, not days). Foundation for everything else. 2) Payments Layer — UPI: Open payment protocol. Bank-to-bank instant payments. 10B+ transactions/month. Open to any fintech (PhonePe, GPay, Paytm). 3) Data Layer — Account Aggregator / DEPA: Consent-based data sharing. Citizen controls who can access their financial/health data. Enables credit based on cash flow data (not just CIBIL score). 4) Document Layer — DigiLocker: Government issues documents digitally. Citizens access anywhere. Eliminates need for physical documents. 6B+ documents. Why it's a global model: a) Open APIs — private sector can build on top (UPI enabled PhonePe/GPay explosion). b) Population-scale — proven at 1.4B people. c) Interoperable — no single vendor lock-in. d) Inclusive — works for rural, low-literacy, low-income populations. e) Cost-effective — Aadhaar enrollment cost: ~$1 per person. Countries adopting: Morocco, Philippines, Sri Lanka, Ethiopia are using MOSIP (open-source version of Aadhaar). Brazil and Thailand studying UPI for real-time payments. Technical lesson: DPI succeeds when it provides rails (infrastructure) not apps (applications). Government builds the platform, private sector builds the services.

Designing for India's diverse population requires inclusive design thinking. Architecture: 1) Multi-channel access: Web portal (desktop/mobile), Mobile app (UMANG — 1,800+ services), USSD (*99# for feature phones — no internet needed), IVR (phone call-based service), CSC (Common Service Centre — assisted human service at village level). Same backend, multiple frontends. 2) Language support: 22 official Indian languages. UI must support: right-to-left (Urdu), complex scripts (Tamil, Bengali), transliteration. Content management system with translation workflow. Machine translation (AI4Bharat models) for dynamic content. 3) Accessibility: Screen reader support (visually impaired), high-contrast mode, large text option, voice navigation. WCAG 2.1 AA compliance mandatory. 4) Progressive complexity: Simple services (certificate download) — 2-step flow. Complex services (building permit) — wizard with step-by-step guidance, save draft, resume later. 5) Authentication levels: Low-risk services — mobile OTP. Medium-risk — Aadhaar OTP. High-risk — biometric authentication. 6) Offline capability: Forms can be filled offline and submitted when connected. SMS-based status updates (no app needed). QR-based document verification without internet. 7) Performance: CDN for static content. Service worker for offline caching. Lazy loading for images. Target: First meaningful paint < 3s on 3G connection. 8) Error handling: Friendly error messages in user's language. Auto-save to prevent data loss. Retry logic for intermittent connectivity.

Before DBT, government subsidies passed through multiple intermediaries (block office → district office → bank → citizen). Studies showed 30-40% leakage (money diverted by middlemen). DBT solution: 1) JAM Trinity: Jan Dhan (bank account for every citizen) + Aadhaar (unique identity) + Mobile (notification and consent). Every beneficiary has: verified identity (Aadhaar), bank account (Jan Dhan), and mobile number. 2) Direct Payment: Government → PFMS → NPCI → Bank → Citizen account. No intermediary touches the money. Aadhaar Payment Bridge (APB): money is sent to Aadhaar number, NPCI routes to the linked bank account. 3) Deduplication: Before DBT, ghost beneficiaries (fake names on lists) received subsidies. Now: every beneficiary verified against Aadhaar. Biometric deduplication ensures one person = one Aadhaar = one benefit. Result: 9.6 Cr fake/duplicate beneficiaries removed. 4) Real-time tracking: Dashboard shows: money disbursed, credited to account, failed transactions. State and district-level monitoring. Citizens can check status via UMANG app. 5) Savings: Government claims ₹2.73 lakh crore saved by eliminating ghost beneficiaries and intermediaries. LPG subsidy (PAHAL): before DBT, subsidized cylinders diverted to commercial use. After DBT, subsidy goes directly to citizen's account. 1.7 Cr fake LPG connections removed. Technical challenges: Aadhaar-bank seeding errors (wrong account linked), inactive accounts, biometric authentication failures (manual laborers with worn fingerprints). Solution: multiple fallback — if Aadhaar payment fails, try account number, then generate payorder.

Citizen platforms handle the most sensitive data — identity, financials, health, and location of entire populations. Key challenges: 1) Data Minimization: Collect only what's necessary. Aadhaar eKYC returns only name, DOB, address, photo — not religion, caste, income. Virtual ID (VID) allows authentication without revealing actual Aadhaar number. Principle: No system should store Aadhaar number unless legally required. 2) Consent Management: Every data access requires citizen consent. DEPA (Data Empowerment and Protection Architecture): citizen explicitly approves what data, to whom, for how long. Technical implementation: consent artifact (signed JSON) with purpose, data requested, expiry. 3) Encryption: All biometric data encrypted at rest (AES-256) and in transit (TLS 1.3). Biometric data NEVER leaves UIDAI servers — only match/no-match result returned. Database-level encryption prevents theft even if storage is compromised. 4) Access Control: Strict role-based access. Government officer sees only data relevant to their role and jurisdiction. Audit trail for every data access. Unusual access patterns flagged (officer accessing 1000 records in a day). 5) Privacy by Design: Authentication logs don't reveal purpose (UIDAI doesn't know WHY you're authenticating). Federated architecture — no single database has complete citizen profile. Cross-department data sharing requires purpose limitation. 6) Regulatory Framework: Aadhaar Act 2016 governs Aadhaar usage. DPDP Act 2023 (Digital Personal Data Protection) adds consent and data protection requirements. Penalty for data breach: up to ₹250 Cr.