All's not well with Aadhaar - Indian Express
Does it really not matter at all that the personal details of a billion people, including their name, address, gender, date of birth, parents’ names, possibly bank account number, mobile number, email address and photo have been exposed by anonymous sellers? Is the only thing valuable in the UID (unique identification) database the biometric data? If the demographic data is so easy to reach, how do we know the biometric data is safe?
The explosive report in The Tribune on January 4, which revealed the gaping holes in the security of the database, has provoked the predictable response from the Unique Identification Authority of India (UIDAI) — denial. The reporter explains the few simple and swift steps she had to take, and the Rs 500 she had to pay, to access a billion identities on the UID database. The UIDAI says this is “misreporting”, and what happened is not a breach — that the database is safe and secure. And that they will take legal action against those involved in the case — an implicit admission amidst much denial.
The leaks, breaches and misuses have become too frequent for the denial to be convincing.
The leaks have not been either sparse or rare. Among the ones that hit the headlines, with large numbers affected by the breach: In November 2017, 210 government websites and those of educational institutions displayed personal information along with UID numbers. The UIDAI admitted this had happened, but said “that was not us”, the database is safe. Then they began to threaten those who exposed the leaks with criminal action. In December 2017, it was discovered that Airtel had opened bank accounts in a payments bank that they had launched; and it had seemingly done that by fudging consent, procured while verifying sim cards. When people began complaining that they were not receiving their subsidies, the latter were traced to an Airtel account that customers did not even know had been opened for them. Now, this.
Some things have become clear over time. One, that the UID project is not just about the UIDAI. The UIDAI is certainly an important part of the project, but the project seeks to achieve ubiquity and universality and, in doing that, it involves private businesses. The Aadhaar Act 2016 does not permit private companies to mandate the use of the UID. So, the government uses its licencing powers to mandate that mobile companies and banks coerce mobile users into submission. Ever since the first MoUs between the UIDAI and various state governments, according to which the state governments were to act as registrars for the UID, the agreement was that the enrolment would include information that the UIDAI wanted for its database (KYR, or Know Your Resident) and anything additional that the government may collect (KYR+). Together, they were to become a means of getting a 360-degree view of people and communities. These now are the State Resident Data Hubs. They also come in various shapes and sizes. In Haryana, for instance, it is the Jan Kalyan and Suraksha Survey that captures every detail of every household, and of each individual in every household. See this to get an idea of how much the government wants to know you.
Ubiquity is achieved through mandating, either lawfully or otherwise, the inclusion of the UID number in every database. Hundreds of notifications, circulars, letters of instruction and many more such instruments compel people to get on the UID database, and to leave their “digital footprint” everywhere. Coercion was expected to help achieve universality — that is, everyone would be in the database. The “architecture” or “ecology” of the UID project involves leaving these digital footprints, by the use of state power and force if needed (and it has indeed been needed — people haven’t been happy to enrol, they have largely had to be pushed to the enrolment stations and also to the many, many other databases such as schools, hospitals, voter ID, ration, LPG, etc).
The UIDAI goes on about how biometrics are safe and out of reach. The truth is, biometrics are collapsing all round. The figures for biometric failure have been staggering. In Rajasthan, in the PDS, exclusion because of fingerprint failure has been close to 36 per cent — which means not even one person from 36 per cent households are able to authenticate using their fingerprints. Jharkhand has witnessed deaths because the poorest have had difficulty linking their UID number with their ration card. Documents in the UIDAI archive from between 2009 and 2012 show that biometrics was still in an experimental phase. That biometrics are not working as hoped is made evident in the Watal Committee report on digital transactions, in December 2016. At pp. 123-124, the committee says that biometric authentication requires the availability of internet and high-quality machines capable of capturing biometric details, making it contingent on these working. So, the committee asks that for digital transactions, the “OTP sent on registered mobile number of Aadhaar holder” be allowed, thereby downgrading biometrics.
Digital payments are in the business interest; not PDS. So, while fingerprints cause huge problems to the poor, the business interest shifts to other means because biometrics are not dependable.
The mantra has, in fact, been JAM — Jan Dhan, Aadhaar, mobile — three numbers that make up identity. It was in 2010 that Nandan Nilekani said to a reporter: “The slogan of “bijli, sadak, paani” is passé; ‘virtual things’ like UID number, bank account and mobile phone are the in-thing.” That is the imagination that is driving the project today. It is these three numbers that are being exposed in the breaches. Then, to say that all is well is clearly not quite the truth.
The project is putting people, and the nation, at risk. Those in court challenging the project have been demanding that the project be scrapped — not just the UIDAI, but the project. The breaches explain why what they are asking makes sense. more
The explosive report in The Tribune on January 4, which revealed the gaping holes in the security of the database, has provoked the predictable response from the Unique Identification Authority of India (UIDAI) — denial. The reporter explains the few simple and swift steps she had to take, and the Rs 500 she had to pay, to access a billion identities on the UID database. The UIDAI says this is “misreporting”, and what happened is not a breach — that the database is safe and secure. And that they will take legal action against those involved in the case — an implicit admission amidst much denial.
The leaks, breaches and misuses have become too frequent for the denial to be convincing.
The leaks have not been either sparse or rare. Among the ones that hit the headlines, with large numbers affected by the breach: In November 2017, 210 government websites and those of educational institutions displayed personal information along with UID numbers. The UIDAI admitted this had happened, but said “that was not us”, the database is safe. Then they began to threaten those who exposed the leaks with criminal action. In December 2017, it was discovered that Airtel had opened bank accounts in a payments bank that they had launched; and it had seemingly done that by fudging consent, procured while verifying sim cards. When people began complaining that they were not receiving their subsidies, the latter were traced to an Airtel account that customers did not even know had been opened for them. Now, this.
Some things have become clear over time. One, that the UID project is not just about the UIDAI. The UIDAI is certainly an important part of the project, but the project seeks to achieve ubiquity and universality and, in doing that, it involves private businesses. The Aadhaar Act 2016 does not permit private companies to mandate the use of the UID. So, the government uses its licencing powers to mandate that mobile companies and banks coerce mobile users into submission. Ever since the first MoUs between the UIDAI and various state governments, according to which the state governments were to act as registrars for the UID, the agreement was that the enrolment would include information that the UIDAI wanted for its database (KYR, or Know Your Resident) and anything additional that the government may collect (KYR+). Together, they were to become a means of getting a 360-degree view of people and communities. These now are the State Resident Data Hubs. They also come in various shapes and sizes. In Haryana, for instance, it is the Jan Kalyan and Suraksha Survey that captures every detail of every household, and of each individual in every household. See this to get an idea of how much the government wants to know you.
Ubiquity is achieved through mandating, either lawfully or otherwise, the inclusion of the UID number in every database. Hundreds of notifications, circulars, letters of instruction and many more such instruments compel people to get on the UID database, and to leave their “digital footprint” everywhere. Coercion was expected to help achieve universality — that is, everyone would be in the database. The “architecture” or “ecology” of the UID project involves leaving these digital footprints, by the use of state power and force if needed (and it has indeed been needed — people haven’t been happy to enrol, they have largely had to be pushed to the enrolment stations and also to the many, many other databases such as schools, hospitals, voter ID, ration, LPG, etc).
The UIDAI goes on about how biometrics are safe and out of reach. The truth is, biometrics are collapsing all round. The figures for biometric failure have been staggering. In Rajasthan, in the PDS, exclusion because of fingerprint failure has been close to 36 per cent — which means not even one person from 36 per cent households are able to authenticate using their fingerprints. Jharkhand has witnessed deaths because the poorest have had difficulty linking their UID number with their ration card. Documents in the UIDAI archive from between 2009 and 2012 show that biometrics was still in an experimental phase. That biometrics are not working as hoped is made evident in the Watal Committee report on digital transactions, in December 2016. At pp. 123-124, the committee says that biometric authentication requires the availability of internet and high-quality machines capable of capturing biometric details, making it contingent on these working. So, the committee asks that for digital transactions, the “OTP sent on registered mobile number of Aadhaar holder” be allowed, thereby downgrading biometrics.
Digital payments are in the business interest; not PDS. So, while fingerprints cause huge problems to the poor, the business interest shifts to other means because biometrics are not dependable.
The mantra has, in fact, been JAM — Jan Dhan, Aadhaar, mobile — three numbers that make up identity. It was in 2010 that Nandan Nilekani said to a reporter: “The slogan of “bijli, sadak, paani” is passé; ‘virtual things’ like UID number, bank account and mobile phone are the in-thing.” That is the imagination that is driving the project today. It is these three numbers that are being exposed in the breaches. Then, to say that all is well is clearly not quite the truth.
The project is putting people, and the nation, at risk. Those in court challenging the project have been demanding that the project be scrapped — not just the UIDAI, but the project. The breaches explain why what they are asking makes sense. more
Viewed by 3124
View all 61 comments Below 61 comments
People have valid concerns that linking of Aadhar Card with bank accounts etc. will land them in trouble. Especially Senior Citizens. We do not deserve to be dismissed as "cheaters and Looters" as one comment has used most unfairly. Our grievances and fears must be addressed and the system made sufficiently secure before inflicting it on the populace as mandatory. It should be used only for the originally intended purpose and not used to keep tabs on the voting public or as a tool to subjugate them. L.Kalavathi Retd. Bank Official Chennai, Tamilnadu, India 1st Feb 2018 more
Feb 01
There is nothing wrong in getting further protection for Aadhaar as People still believe it is for good. more
Jan 11
This is congress party paid fake news media which is spearheading lies and propaganda against Aadhar. Because of aadhar the congress party stooges have lost a major source of monthly income. Hence this propaganda by Lutyens media. We have seen that UADAI have already filed FIR against the media and you will get to know the outcome any time. So your case has no basis. more
Jan 09
Mr Srinath the issue is security of data from Aadhar. You are trying to compare this with credit card frauds where data data security is not perfect. The one who exposed this issue is anti-BJP newspaper. The minute UAIDI filed FIR, the whole paid media controlled by congress comes to the defence of Tribune. Even the press council controlled by congress goons have started opposing because they know the Tribune will be exposed. The Aadhar system was conceived, designed and set by the IT specialist team of Mr Nandan Nilekani who are perfect in their job. Hence the reason for me saying this is propaganda by congress controlled fake media. more
Jan 10
Please learn what is privacy and how it is related to network applications and how the importance of information is private.
It is very easy to say it is propaganda. I am neither a congress supporter or BJP supporter.
I am against the way UIDAI is managing our privacy.
Just making laws doesn't stop anyone from stealing your private information.
Please search on the net and see for yourself and look for credit card frauds etc. Probably you will wake up. more
It is very easy to say it is propaganda. I am neither a congress supporter or BJP supporter.
I am against the way UIDAI is managing our privacy.
Just making laws doesn't stop anyone from stealing your private information.
Please search on the net and see for yourself and look for credit card frauds etc. Probably you will wake up. more
Jan 10
Anti national, anti-public issues found in Demonetization period ; Deny and Defy in following Bank through transactions by Traders etc.,; ARE THE GROUND PROOFS FOR THE INTENTION OF sidetracking the implementation of Aadhar Card since it identifies, locates and catches every misuse, misappropriation, Evasion and Loot of public and government Funds and Finances besides arrests the BUSINESS HOUSES, CONTRACTING CORPORATES, THAT ARE AT POLITICAL BACKING SUPPORT SET AS NPAs in Banks diversifying through many means the lakhs of Crores . more
Jan 10
I feel that those who want to hide themselves behind multiple identities that they have created for themselves over the years are having the biggest problem with Aadhar, because now they cannot have multiple identities for multiple PAN cards to avoid taxes or creating properties in fictitious names. With their biometrics which cannot be duplicated, multiple identities can now be wiped out. Mostly we see that the poor people are not complaining. It is only the Elite who are having problem with Aadhar. Poor people have been benefited to a great extent through Direct Benefit Transfer to their Bank Accounts, LPG schemes etc. True that any new system will have its own teething issues which will be sorted out over a period of time. If officials are corrupt and are ready to share data for a few rupees, then it is that official who needs to be punished. No system in the world can be perfect if the people appointed to protect it themselves try to sabotage it. Can we as citizens feel safe if police is corrupt. Does that mean the entire police system is bad and should be scrapped. Till today we have been sharing all our data with all banks, uitility cos., telephone cos. and same is anyways available with everyone. It is only the biometrics which is additionally available with UIDAI. I would say that we should look at the positives rather than the negatives and if we can, help the system to improve as we move ahead. more
Jan 09
They day you have your money swindled because of Aadhar you will learn. There is nothing else to say. more
Jan 10
A Happy New Year resolution indeed but for common people who are over-run by the purchased votes of the gullible poor and also the laziness of using the franchisee to select a good leader, we can do nothing much than to grin and bear. AAP started its first innings at the hustings quite well but its internal squabbles made it a butt of joke. Add to it the fictitious cases filed against almost 22 MLA's & MP's putting them behind bar as a sign of belligerence by center which holds the key to both judiciary and CBI to do ghost buster act...there wasn't much the inexperienced AAP could do. Social media was used to browbeat, mislead and brainwash even educated people and now we are in a situation where people are being polarized on religious grounds....in other states caste is being used for polarization. While the Government of Delhi and Center continued their slug-fest...common people indeed had to put hankies to their nose...not for the stench that these two created but for the inactivity of both in taking steps to alleviate the suffering of people from smog, pollution and what not that the old year gave as passing gift to Delhi-ites. more
Jan 09
