All people criticising Aadhar for being insecure frankly don't have a real solution in place. Being an Indian citizen I know and have experienced benefit owing to Aadhar. I get subsidies from the government, one uniform identity that I can use to get important things.
Coming to the security part, which centralised biometric DB doesn't have risks. Social Security Number in the US is pretty similar. No one gets security right the first time and nothing is secure forever.
Mozilla being such a nice organisation with so many good initiatives. Why don't it come forward and dedicate some of its resources in helping out the Indian Government? Wouldn't that be better than just criticising without knowing any ground reality of how things operate in India?
The illogic in these arguments is astounding. Maybe I can simplify it for you with a few analogies.
>All people criticising Aadhar for being insecure frankly don't have a real solution in place.
Criticising something doesn't necessitate me to providing a solution. It's like saying all movie critics should be good actors.
>Being an Indian citizen I know and have experienced benefit owing to Aadhar. I get subsidies from the government, one uniform identity that I can use to get important things.
Sure aadhar might have some benefits for you. But the critique is raising many points which make it incredibly dangerous and harmful in the long run. It's like using steroids to gain muscle faster, which is very harmful in the long term.
>Coming to the security part, which centralised biometric DB doesn't have risks.
Yes and those systems do get criticised so it can be improved. Also, aadhar claims to be open source, open API, run by volunteers, none of which it is. It sells your data to private services. Were you going to address that point at all?
>Mozilla being such a nice organisation with so many good initiatives. Why don't it come forward and dedicate some of its resources in helping out the Indian Government?
Indian government has a lot of resources too. It's not exactly poor. It could do a good job if it wanted to. That's not what this criticism is about.
>Wouldn't that be better than just criticising without knowing any ground reality of how things operate in India?
How do you know the author doesn't know the ground reality of things in India?
Look, criticism of a system or policy serves to ignite debate on how best we can make improvements and move forward. Rather than being snarky and getting all defensive and making silly illogical arguments, how about you contribute to the discussion by addressing the points raised in the article?
Forgive me if I'm mistaken but it does sound like you are writing from a position of extreme privilege.
Poor Indians trying to get benefits but having those benefits taken is a life threatening crisis for those impoverished individuals and families. It is entirely forgivable for those families to ignore the "long term consequences" when the short term consequence is losing the meager benefits they have to corruption. Your argument is like arguing that chemotherapy will ruin your body when the patient is dying of cancer.
If their system can stamp out widespread corruption in exchange for some loss of privacy, the cure is not worse than the disease. The technically minded in wealthy countries should consider helping by proposing a better solution, rather than criticizing measures borne from true desperation.
Doesn't matter what position I'm speaking from. Can you argue against my points? Of course, poor and desperate people will take whatever benefits are given them despite how damaging they will be in the long term. Your chemo analogy doesn't hold water here because chemo actually is better in the long term - you don't have to keep doing it once your cancer is cured. This is more akin to acquiring cancer on purpose to cure a cold.
If your theory of privacy doesn't account for how poor desperate people will happily trade privacy for survival and provide a better option, privacy will simply lose, over and over again. If the best you can do is "this is wrong, giving up privacy is like cancer", privacy is just doomed. Privacy is already losing everywhere. You'll have to come up with a technical solution that actually meets people's felt needs.
I don't think we're arguing about the same thing. I never said (and neither did the article) that we shouldn't use systems like these. What I am criticising is the Indian govt. selling off the data and not taking privacy into account.
BTW, this is not just an idealistic point we're arguing for. This is long-term pragmatism. Majority of the people will always go for short-term gains, this is well known.
You do understand that it doesn't only rely on fingerprints, right? There is retinal verification in addition to phone OTP. I had another phone number when I got Aadhar, I changed the city, lost my phone number and now there is no way, I can without physically getting somewhere and submitting the application to update my phone number.
API for commercial services isn't a bad thing per se. A lot of time, it would save time in documentation. Btw, if you have such a privacy concern, Are you not using Facebook, Whatsapp and all other services for free that sell you data, you behaviour to commercial companies.
It's really easy to believe the FUD going on and coming up some original ideas on how to tackle the problem. I hope you are in the second group that would help make our Country a better place to live in.
How do you suggest in a country of fucking Billion people you would get people to use something? 40% people don't understand shit, doesn't care about privacy, they want food on their table, they want to get the money they rightfully earn. These people are less fortunate than many of us. With Aadhar and Household gas linked, they get the subsidy rightly in their bank account without paying every fucking agent that would loot them at any possible point.
I agree, making it mandatory for "Income Tax" is bit controversial. But even you also know how many people in India, rightfully pay taxes. The percentage is pretty damn low.
And frankly using Facebook and Twitter is not really a choice. It's a result of being Socially coerced into being on one of the platforms to not feel left out. And anyone who talks about privacy and openness would never be on either of these two if he really knows what he talks about.
Just a question to you. I can understand the problems faced by bribery and it being eradicated but how according to your argument can the person who is illiterate understand about privacy or for that matter things he/she is not expert in?
To elaborate it is not the responsibility of the illiterates or the people who are not knowledgeable to worry about the privacy. Instead it is the responsibility of the people implementing the system to make sure that all security and privacy is implemented and also the laws to be introduced to protect the common man.
This is the very reason the government has think tanks and expert advisors. It seems all these people have failed. When the system fails completely then again it is these same poor common man who will face the brunt presently seen or unseen.
Yes, I am aware. But this hack didn't existed when Aadhar was provisioned, and many institutions in the world use Iris recognition. Does this mean everyone in the world will stop using Iris recognition or push a patch to fix the vulnerability?
>API for commercial services isn't a bad thing per se. A lot of time, it would save time in documentation. Btw, if you have such a privacy concern, Are you not using Facebook, Whatsapp and all other services for free that sell you data, you behaviour to commercial companies.
So you mean to say that its cool to leak my whole family tree data along with AADHAR and PHONE NUMBER to the public? So a novice can know about my sister via Dark net and can use that piece of information?
>Implying I am using Facebook.
>Implying Zuck is forcing you to hand out your fingerprints and shit for better services.
>Implying you can't get SIM without having a Facebook ID.
>I hope you are in the second group that would help make our Country a better place to live in.
Tell me one way AADHAR is making this country a better place and I will counter that challenge without implementing AADHAR.
1) There is no real reliable proof of a leak yet.
2) Remember all your fancy iPhones, Macbooks and Pixel etc. having fingerprint sensors. You 100% sure none of these would/could be leaked. Why the hypocritical attack on just one thing?
Out of various things, just one thing: My maid got her account opened for free due to Jan Dhan scheme. The only document required was Aadhar which she had due to a massive drive to enrol people in Aadhar. Now, She got a gas connection without much fuss and all the govt. subsidy gets directly deposited to her bank account. I too give her monthly due via NEFT. All her money goes directly to the deserving place without ever bribing anyone. If it's not making this country a better place for these people, I don't now what is?
>> They didn't rely on fingerprints, as they are easy to fake, without a high degree of technical sophistication
Aadhar provides multiple levels of security, Number > Fingerprint > Iris >= OTP / Two-Factor. Finally fingerprints are not as easy to fake, even if they are faked depending on deployment a system can randomly ask for higher level of authentication such as iris or OTP. By having these multiple authentication methods its easier to tune the system for fraud detection vs ease-of-use. I can understand why the government is not publicizing all the anti-fraud measures since its always a game of cat & mouse.
>> There would not be an API for commercial services
This makes no sense, in USA the SSN is typically shared with thousands of services, landlords, apps. In fact the API has potential to open up secure commerce and break the MasterCard/Visa duopoly.
What if a guy was in a crime scene with my fingerprints all over it? Because he got that data from AADHAR data base and used it to carry out that crime,meanwhile I was on the vicinity having a good time in a restaurant with no CCTV camera?
> Fingerprints are harder to fake than what's being used currently - signatures and xerox
Yes, but once compromised they cannot be changed. Also, could you state clearly whether fingerprints would be used for authentication or identification?
> Fine. Don't authenticate with Aadhaar when you go to get a commercial service. Why force you choice on me?
Right back at you. I may have a choice when using a commercial service but why is the government forcing me to have an Aadhaar if I never intend to use it?
> And the info they get is name/dob/gender. Which they would anyway have - Aadhaar or no Aadhaar - since you are their customer.
Yes but they cannot build a profile of me using things like income bracket (pan linking), travel information (rail and air travel linking), social and family ties (various other ways). If you think this isn't even plausible in India, either you have skin in the game or are being (/ intentionally trying to be) incredibly naive.
> Right back at you. I may have a choice when using a commercial service but why is the government forcing me to have an Aadhaar if I never intend to use it?
Mostly only if you want subsidies. If you are talking about the PAN linkage, you are already required to have PAN. Is that forcing you as well? That way you can even refuse to follow any regulation, arguing that goverment is forcing you. We don't live in an anarchy. If you don't like Aadhaar go vote for some party which will revoke it come next election. If can't do it, maybe think about changing countries.
> Yes but they cannot build a profile of me using things like income bracket (pan linking), travel information (rail and air travel linking), social and family ties (various other ways). If you think this isn't even plausible in India, either you have skin in the game or are being (/ intentionally trying to be) incredibly naive.
This kinds of profiles can be built using system like Palantair, Aadhaar or no Aaadhaar. Using just Name/DOB/Address can be decent enough identifier. And we already have PAN mandated for high value transactions. Opposing Aadhaar on these grounds, seems extremely silly to me.
Again, I am not connected with Aadhaar at all. Not want clicks like some people on this thread. Just a concerned citizen who wants to see technology help the poor/needy.
EDIT
> Yes, but once compromised they cannot be changed. Also, could you state clearly whether fingerprints would be used for authentication or identification?
Identity Authentication, because you identify yourself using the Aadhaar number, then prove it by authenticating.
Yes they can't be changed. But since there's an audit trails + you need an insider@service-provider to pass the stolen BM to server, those who try would be easily caught. With signatures/xerox there's no audit trails or instant notification. That's much more insecure if you look at it dispassionately.
Many people are not understanding Aadhaar is being used for stuff like bank accounts, food grain etc where this is acceptable.
Alternative like signatures, smart-cards, passwords etc wouldn't work in a country like India.
Benefits Hostage? Are You kidding me? We earlier used to get those benefits as well. But it was all paper based, prone to be caught in the web of middlemen.
It's an incentive from govt to get people to register for Aadhar to get better/faster service without us common citizens to get exploited by the middleman. I don't see anything wrong in that.
Coming to the security part, which centralised biometric DB doesn't have risks. Social Security Number in the US is pretty similar. No one gets security right the first time and nothing is secure forever.
Mozilla being such a nice organisation with so many good initiatives. Why don't it come forward and dedicate some of its resources in helping out the Indian Government? Wouldn't that be better than just criticising without knowing any ground reality of how things operate in India?