Thursday, January 29, 2015

Digital India - Digital ID proof verification system

I was visiting Vizag last weekend and there were increased security checks everywhere(due to Republic Day and Obama visit). The police even checked hotel rooms at odd times. I got a doorbell at around midnight and was asked to show ID proofs. Although I was not very happy at first but I felt safer.

The idea came to my mind that Saturday night - the way we verify identity proofs(Passport, Voter ID, Aadhar, PAN, DL etc.) today are very crude. In a country like India where fake Ids are easier to arrange than finding a urinal in a public place, these checks are simply not enough. The ID attestation process(someone having stamping authority can stamp and attest a photocopy) is also a stupid way to confirming someone's identity.

We need much better ID verification process and the way to do is through digital tokenization. We need to create ID verification machines which can scan the ID(ID Type, number, name, address, photo, finger scan etc.) and call the Central Database systems Real-time to validate if these IDs are real. These machines should be easily available to everyone(government officials, businesses, hotels etc.) to validate the KYC requirements. As we are concerned about privacy the response should not disclose anything except a 'Valid/Not Valid with a confidence level %' response(e.g. Valid with 80% confidence level - confidence level is required as all Ids do not have all the data required to be 100% correct and sometimes Finger scan/photo scan may have some ambiguity).

If implemented properly this can make criminals life a little bit difficult and improve the efficiency of running business/government. Just imagine as a hotel receptionist you are very comfortable giving room keys to your customers and as a customer I don't need to visit someone to attest my ID). Of course there can be exploitation in this process as well - police may try to extract money from you threatening action with a fake ID verification machine where all checks will always fail but we can have process in place to address those issues - such as any ID verification process failure need to give a receipt with justification, time-stamp and checker details which can be used in future for legal needs.

What do you think? I am interested to hear your views.