As a tech professional, it's extra disturbing the way the government pushes these harebrained schemes by marketing them as 'Digital India', 'India Stack', etc. thus getting visiting dignitaries from other countries to lap it up. We really need to be careful that we don't whitewash autocratic bureaucracy by branding it digital innovation.
Note the spin from Aadhaar proponents in this NYT article--that it's the equivalent of building interstate highways, or that citizens are the biggest beneficiaries. They neglect to mention that the program is mandatory. If people were truly benefiting, they wouldn't need to force everyone to link so many of their life activities with this database--we'd do it voluntarily.
During the demonetization disaster of Nov 2016 (in which 86% of the cash value in circulation was deemed unusable overnight), once the problems became clear, the government went on a massive PR spree saying that despite the problems faced by ordinary people, the policy will spur 'digital payments'. 18 months later it's clear that this was a stupid claim--the cash in circulation has matched or exceeded the amount that was demonetized. I wrote about this at the time here but I'm still very upset about what went down and the whole 'ooh this will lead to digital innovation!11' deflection. https://hackernoon.com/i-boycott-paytm-5df93d189356
I'm from India too. While I don't support the Aadhaar program in it's present form, just so that we understand the arguments from the other side:
India has a lot of problems but most of them stem from two causes:
1. Corruption
2. Inequality
In positions of power, corruption is universal. I have yet to meet a person in Bangalore who has been able to purchase property without paying a bribe. Too many of our government 'servants' are sociopaths. It's a generally accepted fact (with no citation needed) that a non-insignificant portion of government spending on social programs and infrastructure is going un-tracked into private pockets.
Secondly, inequality. A lot of people get away with things in politics. Robert Vadra gets through security checks though he's not a diplomat, Modiji (allegedly) gets degrees without going to college and Jayalalitha from my own state had people falling not only at her feet but touching the tires of her car.
Aadhaar is the 'leveler' that shines light on the financial activities of all these people.
1. Aadhaar is linked to biometrics = aadhaar is linked to a real person
2. You can't live / work in India without Aadhaar = Government employees and people with influence are not exempt.
3. You can't handle money or avail social benefits from the government in India without linking Aadhaar to it = Illegal money can be tracked.
This could solve a lot of problems.
Of-course there are problems with this apart from the well publicized privacy issues. You can apparently purchase fake Aadhaar cards for a few hundred rupees. It's been reported that more than one person has bought an Aadhaar card for a pet and if it's that simple to beat the system then all the good intentions fall flat.
The right way to fix corruption is to make the state transparent - RTI was a right step in this direction. Opening up the citizen to the state feels like progress, but isn't really.
Where in the world do clerks spend all day answering FOI/RTI queries? I feel people greatly overestimate the typical volume of requests, having personally known at least three FOI officers in two jurisdictions.
When you're seeing elevated request volume, it's likely that there's something substantial worth requesting, which is exactly the point of this form of legislation.
Keeping my analogy, developers do not spend the whole day at meetings, but meeting to fix bugs are not generally worth it. Also, when there is a high volume of meetings, there is likely something wrong.
I know for a fact that in the Indian Railways, people spend weeks digging up information required to answer RTI queries.
Instead of going by feelings ask government employees (preferably someone with a high level view of things) about it.
I am not saying RTI is useless. However, without a computerized infrastructure for most, if not all, protocols and processes in the government, it is just a game of cat and mouse.
> I know for a fact that in the Indian Railways, people spend weeks digging up information required to answer RTI queries.
The usual solution to a problem like that is to publish the frequently requested types of information in bulk, before they need to be requested, since they are public records by definition. It costs a bit more than doing nothing, but not nearly as much as corruption does.
> When you're seeing elevated request volume, it's likely that there's something substantial worth requesting
Or you're seeing persons trying to frustrate the system with senseless requests. This happens with businesses all the time when they provide courtesy services (sprint's tty service for example was a regular tool for prank calls, USPS and their free boxes resulted in people being flooded with box orders)
I'm 100% for transparency, but it's not a magic bullet. There is a real and non trivial cost for such transparency and it's the price we have to pay for diligence. often, societies seem unwilling to pay and instead demand that an organization do everything they used to and more with no additional resources, and transparency, especially for organizatikns without the resources to have digitized things,means a lot of human input and work.
The "party with a difference" and the self procliamed "transparent" party has reduced funding for RTI by 1/4th and almost all RTIs are rejected due to flimsy reasons.
I'm not sure I quite understand how this is going to fight corruption. How are you going to track money that's being moved illegally? Presumably, nobody is going to be doing this under their Aadhaar card; it's all going to be in cash. Plus, how would you even access Aadhaar card information to audit this? Are you going to call up the government and ask for them to check Modi's card to make sure he hasn't been stealing money?
It is still all cash. Govt. removed 1000 INR note, only to introduce a 2000 INR note. This was done as a surprise move under foolish assumption that people hoarding black money, would lose all and we'll get a fresh start. Naturally people being smarter then government, found ways to transfer it all taking 5-10% in laundering charges.
1. One the day demonetization was announced at 8PM, all jewelers were open till till 12 and sold gold with post dated delivery.
2. Till next few days, most retailers were doing backdated bills for large ticket items.
3. In India lot of people didn't had bank a/c. To allow them to convert old currency, people were allowed to convert cash upto 4k INR, by just showing any ID. Bank managers used stash of IDs they had collected over years, to convert huge amount of cash to new notes.
Apart from this, local mafia used millions of poor to get the cash converted. These are common and publicly known methods.
It is nothing short of stiffling voice of dissent. This is what China did a few years back when they started considering social media account's "rating" in yiur "citizen rating"
They don't need to put people in bars these days, they need to make life hell for the dissenters so they either leave the nation or be quiet.
The big brother in 1984 did exactly this but thr govts these days are going a step ahead.
You won't believe how many brainwashed "bhakts" tell me how great Modiji is, but they can't justify their claim. It is because of these things that the givt gets away.
Plus the SC has refused to acknowledge govt's stance that adhar reduces corruption. A new judge transfer is coming soon, now that the verdict is going to be against the dictator!
How about actually catching bringing back people who have fled the country like Nirav Modi and Mallya or how about making sure a celebrity like Salman Khan goes to jail.
Lol when the media did their job for once after 2014, reporting on norav Modi
The govt intelligently stifled free speech by making good on the death of a film star. Tada! Nobody reports on Nirav Modi anymore
Also, the judge who found Salamn as guilty was transferred a day after he pronounced the statement and the other judge, presumably close to BJP gave Salman bail. 80other judgea are transferred
A computer cant be bribed. Move transactions online, cut out the middleman and corruption goes down. To do this, you need a strong national identity scheme. Aashaar is a good start but would need to be augmented with derived authentication mechanisms (preferably pki) to reduce reliance on the biometrics
I really don't think this is all that well thought out of a system. I have my doubts that the corruption that really plagues a nation occurs at a sort of point of sale like system that is being developed here.
You can still bribe a judge ... politician, government official just fine off the grid.
Enforcing law and order should take away corruption from the country, not a high risk scheme like this. I'm not really comfortable with linking anything because this govt literally gets away with murder. These things only enable them to pin point us easily when we resist. I voted for them despite my friends' advice. Seriously regret it now.
There are numerous countries in the world who have a very low rate of corruption without forcing the citizens to enroll in a scheme like this.
If you think digitizing would reduce corruption you cannot be more mistaken. Its only a matter of time before they figure out other ways. It will reduce only when the citizens respect/fear law and order.
This scheme has a lot of power more than we can comprehend and I don't want it under corrupt hands. As you said, from a person who is so insecure about his own educational qualification that he has lied with a fake degree and does not allow a fair probe into it.
I agree that this will solve a lot of problems, despite my reservations about the system.
A few years ago, I spent three months interviewing and photographing many of the nomadic and scheduled tribes of Gujarat, which made for a good example of disenfranchised people in India generally: lack of voter id or ration cards, which made it hard or impossible to receive assistance, work, medical care, and attention in general from the authorities.
Huge efforts by organizations such as VSSM and Janpath to help tribal people obtain their correct papers literally changed their lives. It gave them political influence as a large group of voters; it gave them access to applying for land to make permanent settlements.
One group of people that were very upset with these efforts must be apoplectic with rage over Aadhaar: greedy and corrupt representatives in panchayats. No longer would they be the sole conduit for money, food, work and representation.
Indians are very very good at thinking out of the box, and specialize in working against rules. Its our national past time to be honest.
In many cases, people will let you take the money and then will just pressure you for it. Aadhar does not solve that.
Cheaters (which is what corruption is) basically adapt to rules. Your assumption is that things will remain the same.
They will not.
Aadhar achieves nothing, because the core issue we have is enforcement of the law at both the center and the periphery.
This means autonomy of the police force, expansion of the judiciary.
You will not find one party advocating for this. Instead the parties know that Indians love the idea and concept of magic bullets, and they sell that as the product.
You forget - corruption or cheating is an evolving system. There is no set of static rules which govern the world. Cheaters as a result always adapt and find an edge.
Finally - The massively hurtful demonitzation exercise failed to uncover large amounts of hidden cash.
While everyone who worked with money knew this, the lay people still believe in magic bullets and tech optimism to solve what are inherently human issues.
Yes, I explained the similarities. Aadhaar is a core part of the 'India Stack', which is closely connected to the 'cashless' propaganda during the demonetization disaster.
Aadhaar was already flawed as a concept when it was introduced but over the last year there have been sudden mandates to link it to everything. Which makes it far more dangerous. We need to scale it back.
But the shoving it diwn everyone's throats is a clear form of transforming this democracy into autocracy
Adhar is connected to your phone and internet and accounts. So if I make an anti PM statement, suddenly my bank account is frozen, electricity connection is gone (connected to adhar), my frying pan is connected to adhar so if I cook Poha, PM's sycophants can turn it into upma.
No tech is bad by its own right, the implementation is good or bad
And as far as 2014 implementation goes, adhar is bad
Allow me to remind you that the current PM who is pushing so hard for Aadhar was against it when opposition because he was worried about the "security".
The current PM wants to use Adhar to turn India into 1984 Ocenia. No wonder he is shoving adhar down everyone's throats
Imagine your ISP is connected to adhar
As is your gmail/HN
Within a sec they'll identifywho is beind my username and then they'll make my life hell, like electricity cut in my apartment, my society suddenly gets a large bill etc
They will be lose incidences, for there are far more bhakts at any place than dissenters, bhakts will rejoice that ither societies are getting power cuts, 'they don't understand", the bhakts say
Is that what they teach trolls at the IT cell? Because that's the same thing bhakts and idiots have said me and never do they have a valid rebuttal for my points.
So let me be clear, my friend, unless you can prove that my points are wrong, you are the one who believes the "Powerful if true, Ram Bhagwan really travelled to Himalayas, forward it to 100people amd let Mudiji win"
And since you brought up the point of Whatsapp forwards, pray copy paste the forwards you get your information out of
Their point of Aadhaar being secure is only based on the data being encrypted with RSA public-key cryptography. They are totally obvilious to other threat vectors.
Their specifications state that the vendor should ensure end-to-end encryption. Say vendor X uses a kyc API which follows the UIDAI guidelines to the point, there's nothing preventing the vendor from storing the biometrics on the device before sending it to the kyc.
Not to mention that the biometric can be bypassed with OTP SMS & anyone is cybersecurity knowns SMS aren't fool-proof.
India is culmination of different civilizations and hence the diversity. No matter how corrupt the previous governments were, they weren't a direct threat to the democracy like the current government is under the pretext of religion.
> "If you are not able to prove your identity, you are disenfranchised," he said. "You have no existence."
This is so fucking disingenuous, and really demonstrates the heart of the problem. If you create a bunch of systems that rely on totalitarian cataloging of humans for their basics of every day life, then when some individuals aren't tracked it sure looks like those individuals' problem. But really the problem is the top-down insistence on having everybody cataloged in the first place.
How do you efficiently distribute benefits if you cannot ascertain if the individual is a Citizen, hasn't already taken his/her fair share or isn't scamming the exchequer?
You may disagree with the idea but in a country which has a very small tax base and caters to a huge population efficiently distributing benefits becomes the most important priority. Up until Aadhaar, the benefits meant for illiterate/lower income group were swindled by scamsters who used their identities to procure the benefits.
There was no way to ascertain if the individual was really below poverty line and that s/he hadn't taken more than his/her fair share of the benefits using a stolen identity. We can always debate issues of privacy endlessly but arrive at no conclusion which can actually solve the core issues. The core issue being that for the poorest of the poor, privacy is secondary to survival.
For some added perspective, here is a famous quote by Ex-Prime Minister of India, Rajiv Gandhi in 1985 (on a visit to drought-affected Kalahandi district, Odisha): "Of every rupee spent by the government, only 15 paise reached the intended beneficiary". Have you ever heard a top executive head of any other country publicly accept and go on record that 85% of the intended amount never reached the poor and needy? That 85% of the amount was swindled away by corrupt means?
Even this article admits it rather reluctantly: "Officials estimate that taxpayers have saved at least $9.4 billion from Aadhaar by weeding out “ghosts” and other improper beneficiaries of government services."
Yes you are right in that Aadhaar is currently an authentication system and not a tracking system. But there are definitely instances where Aadhaar data has leaked (not the biometrics, but identity information like Name, Address and Phone numbers) which rightly calls into question privacy related issues.
The issue with biometric leaks is that it could come from anywhere, like this leak from the PDS system (ironically) in Gujarat[0]. Using biometrics for authentication is like forcing everyone to use the same password everywhere.
Aadhaar isn't the only biometric database in the country.
Damn that's scary to think that the government was so callous with biometric data. Like you mentioned in one of your other comments to someone else in the thread, it's wise to couple biometric scans with a passkey or even yubikey as Aadhaar number by itself is no longer a good first factor (especially with compromise of biometric data). I don't see how it's possible for the government to rollback collected biometric data so it makes more sense now to use multifactor authentication. Even though UIDAI's biometrics isn't directly compromised the fact that the local government was also collecting biometrics and that leaked makes it even worse. Now those same biometrics can be used to authenticate Aadhaar transactions. I see how this can be a major issue. This information was an eye opener for me.
I learnt a lot from our discussions today. Thank you!
Except:
- you "seem" to not know/care how many illegal immigrants are there in India.
- you "seem" not to know/care about dead people receiving benefits.
- you "seem" not to know/care about people being born, widowed, died all on paper with no real person ever having existed.
- you "seem" not to know/care about multiple PAN cards (for tax) being issued to a single person.
- you "seem" not to know/care about people receiving payments after cuts (commissions) to local enforcers.
- so on ...
What exactly stops you from getting an Aadhar card when its free and centres everywhere? How is this totalitarian, who is benefitting from all this? What alternative would solve all this?
For the record the current privacy situation with Aadhar is a fucking nightmare but like all things it will evolve (but obviously with pressure from the citizens).
Something related: it doesn't inspire confidence when the person who runs UIDAI (the government organization running the fingerprint program) says this:
To their credit, the leaks that have happened until now haven't happened directly from UIDAI database but by partners who had poorly designed API endpoints which exposed citizen identity data. At the very least, biometric data has never been leaked/hacked into till date. The "5 feet thick walls" reference might be to the vault that is actually housing the biometric dataset which they mention in the above official page as well: "The UID database will be guarded both physically and electronically by a few select individuals with high clearance. It will not be available even for many members of the UID staff and will be secured with the best encryption, and in a highly secure data vault. All access details will be properly logged."
As a security researcher in india, Aadhaar is riddled with Security holes that are glaring. There is clear way to report these issues and nothing gets fixed.
I've had a possible-RCE vulnerability reported to UIDAI since February-2017 and there has been no action. The CERT-IN (Indian equivalent of CERT-US) has been aware of the issue, but there is no fix in sight.
Now that is news to me. I know UIDAI has handled the recent data leak from one of its partners horribly (even lodging an FIR against a news reporter). However, does the vulnerability you mention provide access to biometric data? For me personally, that is more of a concern than the metadata (name, address etc).
Lets step back and pose a meta question - how does a state go about providing services to its citizen if the state cannot identify citizens as its own and as unique entities. Both being necessary conditions.
A well functioning state needs to be a strong (sorry libertarians) and benign (cf. Somalia and North Korea) to take care of its citizens. You can take birth, live and die in a weak state without the State ever knowing you existed, let alone provide you with services.
Things we take for granted in the so-called developed economies e.g. getting a birth certificate, accessing public education, voting rights, drivers license - rely on smaller units of government providing unique identity services which are then chained up the ladder. My local hospital provides a birth certificate which is attested to by the county recorder's office which then serves as proof to get a driving license, passport etc.
In a weak state like India, the local entities are thoroughly corrupt. A blue eyed/blond 6.5 foot viking can get a birth certificate in an indian province where most citizens are under 5.5 foot and caramel colored for less than a hundred dollars.
So I posit my meta question - how is a nation state supposed to provide unique identity authentication?
Aadhaar is a 12 digit random number assigned to everyone by the Unique Identification Authority of India. The project was led by one of the founders of Infosys who ran as a Member of Parliament for the opposition Congress party. Each political party takes potshots at it when they are not in power but it has support across the aisle. From my (albeit limited) understanding, Aadhaar is simply authentication - and not tracking.
The intelligentsia in India defines themselves by opposition to Aadhaar. There is a huge cacophony of bollywood stars, writers, intellectuals and of course civil libertarians opposing Aadhaar. What is lost is the colossal leakage (euphemism for corruption) in benefits, the lack of existence of hundreds of millions of citizens and the resulting parasitism of political machines to get them benefits of the old system.
Does anyone have anything else in mind that would work better? Or is this simply opposition for opposition sake?
> how does a state go about providing services to its citizen if the state cannot identify citizens as its own and as unique entities. Both being necessary conditions.
Are they, really? It's not like the government is buying people cars. They're handing out food to starving children. If people are hungry, give them food. Don't make them jump through hoops for it.
Perhaps my problem is that I see it as an American. Americans are citizens of their country whether they can prove it or not. Whether they can pass an ID scan or not. It's one of the reasons why voter ID proposals are so vocally opposed. I am a citizen, just as I am a human being. I do not need to prove it to exist. I didn't even have a Social Security number until I was an adult and wanted to start work. It wasn't until the tax authorities made SSN's mandatory to deduct dependents from your taxes that people started registering their babies at birth.
However, in some other nations, people don't think of themselves as citizens unless they have the blessing of their government in the form of a document or a registration number.
Americans look at the Soviet Union, and other failed states and worry about what happens when a particular group of people falls out of favor and can be disenfranchised with the click of a button.
> Americans are citizens of their country whether they can prove it or not. Whether they can pass an ID scan or not. It's one of the reasons why voter ID proposals are so vocally opposed. I am a citizen, just as I am a human being. I do not need to prove it to exist.
I hope you mean this in jest as this privilege does not apply to vast swathes of the population.
So then why don't they go and apply to be documented? I'm sure their foreign birth certificate is enough to prove their existence. Oh, that's right, it's illegal and would get declined. Hence the correct term: "illegal immigrants". The topic is complicated and touchy enough without it being muddled with incorrect terminology.
Exactly the reason why India wants documentation via Aadhaar. We have millions of undocumented/illegal immigrants too. From neighbouring Bangladesh (nothing against Bangladeshi's... always welcome through the legal route). They have been enjoying the benefits accorded to them from Indian taxpayer money. Why should Indian exchequer pay for welfare of these illegal immigrants? Before Aadhaar, it was really easy to forge a Voter ID card and start receiving benefits that were due to the poor and needy Indian citizens. You can't forge fingerprints.
this makes me cringe because Aadhaar does not certify citizenship. Someone who crosses over the border today into India can get a aadhaar without any documents by:
1. using the introducer system (The enrollment center operator would gladly do this for you)
2. signing a checkbox that says they've lived in India for 180 days.
You can do anything illegally but you also have to be ready for the consequences. Obtaining a PAN using forged documents has just a 10000 rupee penalty but obtaining Aadhaar card illegally will put you in prison for 3 years. Those who are obtaining Aadhaar illegally are setting themselves up for even greater trouble as their biometrics is forever stored with the GoI. Illegal immigrants will have to think twice before going down that route as once discovered will completely block their ability to legally enter India ever again (apart from a lengthy jail term and subsequent deportation).
Sorry - I didn't mean to single out your specific usage of the term. Just a bit of a touchy topic as well because I find such language-manipulation that appears trivial on the surface to be a tool used to control discussion. And as a legal migrant, I find the right to be in a host country a privilege; one that should be earned rather than demanded.
No, you really aren't a citizen unless you jump through hoops. The reason you don't see that is because you've existed as a citizen since birth on whatever citizen roll/database, with a citizenship link by virtue of your parents.
Maybe you get a free-pass as a baby/child/orphan. But as an adult, you don't get to just "appear" onto the electronic grid of citizen presence. If there were such a mechanism and it were easy and devoid of "loops" then illegal immigrants would have exploited it by now to become citizens.
You may think you're a citizen, but you are not unless you have the blessing of your government.
If people are hungry, give them food. Don't make them jump through hoops for it.
My understanding was that this was the previous system. Government run warehouses with quotas, and shops that handed it out. You had to present a ration cards, as there has to be some system to stop you collecting 10 times a day & running a shop. (This would otherwise be more profitable than many people's jobs.)
And it didn't work. I forget, but maybe 80% of the wheat went missing? (Officially "eaten by rats" but really sold by officials on the side.) And this food subsidy was quite a large part of the national budget. So that's the scale of the problem which this hoped to solve. If every citizen has a number and a bank account, and you just wire them the money, then you won't lose 80%.
The American debate about ID laws is just a much smaller issue. Surely some people cheat, but the current system basically works.
First of all, Aadhaar is not just being used for welfare schemes. It is a giant database getting linked to everything. I wouldn't be surprised if it will soon be mandatory for booking flights. Plus much of the database has leaked. You can find thousands of Aadhar cards online just by googling.
As far as preventing 'leakage'--the best approach would be to not subsidize products but to move to direct benefits transfer (like food stamps in the US.) The government has been doing this anyway, for things like the LGP cooking gas subsidy. But even that has been problematic in terms of implementation. When it comes to solving corruption, we can't let technocratic bureaucrats come up with solutions in air-conditioned offices and hand-wave away the deprivation and other problems their solutions cause on the ground.
The money goes into people's bank accounts which already have many know-your-customer ID requirements. If also requiring Aadhaar for bank accounts was the limit of its mandate there would be a lot less outrage. The creeping, maximalist scope is what causes the increasing discomfort among people about this program.
So the bank was able to fulfill KYC requirements for someone who qualifies for a below the poverty level scheme?
Lack of papers is what Aadhaar is supposed to cure.
You are passing the identity buck. These people are so poor they live their whole lives without a solid roof over their head.
They don't have a birth certificate, a driver's license, a passport. The mere mention of these documents is somewhat of a cruel joke in their economic context.
They would have to give up a significant part of the benefits to middlemen in the old system.
Yes, even the very poor in India have voter IDs and the schemes in question already require a ration card. You started off by asking about how to reduce corruption (and I answered that as long as there are subsidies there is going to be leakage) but you keep bringing it back to some airy theoretical concept about 'identity in the state' when Aadhaar is a practical force in the country right now. I haven't linked my Aadhaar to my phone yet and if the Supreme Court hadn't extended the deadline my phone would have stopped working by now. This thing is a real and present menace, not just a political science question.
> I answered that as long as there are subsidies there is going to be leakage
It used to be the case before but is no longer the case. Aadhaar, even by this very article's admission, states that "Officials estimate that taxpayers have saved at least $9.4 billion from Aadhaar by weeding out “ghosts” and other improper beneficiaries of government services."
$9.4 billion is a huge amount of money saved by the exchequer. That is almost 2% of the India's annual budget. In a country with a very small tax base, every rupee saved is an earning in itself.
That is untrue - aadhar introduces the problem of false rejections.
First - Most of the savings which the govt has attributed to aadhar they later walked back and admited it was due to gas price reductions and not because of aadhar.
Second - auth failures result in people not getting their ration- these are then counted as savings by the govt. if they were correctly accounted as a liability not only would the savings vaporize, additional costs would appear.
This is personal for you - I am not directly affected by Aaddaar. Perhaps you should step back and ponder the question I had posed. Aadhaar strikes a raw nerve among many. Similar to the debate over ACA in the US.
So before Aadhaar, what required govt photo ID or tax ID verification in India?
In the USA for example, you need photo ID & a SSN to open pretty much any financial account or to fly. Many businesses require ID to do business with them on an adhoc basis. I also know in many countries ID is required to open any telecom account.
Is the fact that aadhaar is attached to biometrics and the fear of future genocide the root of the controversy?
We have a PAN-system which was used for all financial transactions, including things like company registrations, tax filings, bank accounts, loans etc.
Now, you must link your Aadhaar with your:
- PAN, before you can file a tax or register a company
- Bank Account, or else it could be shut down (this was pushed down the parliament via a amendment to the prevention of money laundering act)
Most countries have varying KYC-norms. However, Aadhaar is a very-weak KYC-source. It doesn't require proof of citizenship (foreigners can get aadhaar) or residence (you are required to stay for 180 days in India, but UIDAI doesn't verify this). It doesn't verify proof of residence either (it was meant as a identity document for everyone - even those without homes). Add this to the fact that UIDAI has fired half of the agencies on grounds of fraud who were responsible for Enrollment.
There are a lot more issues with Aadhaar: there is a no proper security procedure, no audit reports have been published ever, and despite the numerous breaches, UIDAI refuses to take a proper stance.
> I haven't linked my Aadhaar to my phone yet and if the Supreme Court hadn't extended the deadline my phone would have stopped working by now. This thing is a real and present menace, not just a political science question.
I guess you are attacking this issue keeping privacy in mind. However, from the Government's point of view, the need for linking mobile phones is to have a secured way of authenticating your Aadhaar related transactions. The Government doesn't want to end up in a liability if a situation arises where the OTP was sent to a person who later claims that the number did not belong to him in the first place. The Government is actually trying to protect itself from future litigations.
This is the same reason many services, including banks and credit card companies recommend 2-Factor Authentication. Since Aadhaar is primarily an authentication mechanism and not a tracking mechanism, authentication can only be performed either by scanning your fingerprints or via a trusted device through an OTP (in this case, your verified and trusted mobile number). Since a fingerprint scanner is not ubiquitous but a mobile is, the Government is for now relying on mobile OTP for conducting most authentications.
While your argument is sound (2-way linking with Aadhaar saves the government from litigation), it is not the argument that the GoI has made for SIM linking.
(tl;dr: DoT quotes a Supreme Court ruling which questioned the government on KYC-norms for telecom industry, which the DoT conveniently reworded to mean "Aadhaar"-only)
You can also view it in the context that the previous AG wasn't working in government interest. In fact, there was a hue and cry about removal of the previous AG by Dr. Subramanian Swamy in the 2G scam case: https://m.economictimes.com/news/politics-and-nation/subrama...
The "terrorists" argument always seems like a big red herring in these discussions. But it's an interesting point that if the government decides you are a "terrorist", which maybe they can do without you ever being convicted of anything, you can be shut out of much of society by being deprived of I.D.
On the other hand, somebody the government doesn't suspect can simply sign up for I.D. like anybody else and carry out an attack at their convenience.
>It now turns out that almost all the Aadhaar numbers issued till date – 99.97 per cent – have been issued to people who already had at least two existing identification documents.
Yes but that is vastly different from the benefits Aadhaar provides. With a ration or voter ID card, it was impossible to qualitatively figure out if the person was truly below poverty line or not. It was due to Aadhaar that 1 crore+ LPG users gave up their subsidy. This was not due to a sudden change of heart for the fellow poor Indian citizen. It was instead the realisation that Aadhaar was linked to all bank accounts and it would become evident to the government how many of those are really poor. That's precisely the reason so many voluntarily gave up subsidy that they were illegally claiming.
A ration card was being issued to every Tom, Dick and Harry before Aadhaar. The purpose of a ration card was only for those below poverty line and during war times. Plenty misused it for commercial purposes. It's so much better to procure subsidized rice at 2 rupees per kg and sell it in the open market for 50 rupees per kg. Government had no way to track this corruption.
You might look at it as just a replacement for voter ID and ration card, but the real difference is felt by that poor man who is finally getting what was due to him.
On benefits because of LPG subsidy: the benefits are vastly inflated in the government press figures. The real numbers are around 200-300cr if you remove the existing initiatives and inactive connections[0]. If you factor in the cost, this is not worth it.
>the real difference is felt by that poor man who is finally getting what was due to him.
The poor man was screwed by the middleman earlier (aadhaar does not solve quantity fraud - your fingerprint matching does not guarantee that the shopkeeper gives you exactly 5kg of your quota of ration) and continues to be screwed by the middleman. At the same time, the DBT scheme has seen intense opposition from people on the ground.
>According to a press note issued by the campaign, Rai did not deny the results of the survey that said 97% of people are unhappy with the new system.
Rai here is Jharkhand’s food minister Saryu Rai
Daily Wage laborers have been most impacted by DBT[1] in their ability to get benefits timely because of exclusion issues with aadhaar, but the government keeps marking these figures off as "savings".
If the market price of wheat is Rs. 30, and the old system was that the ration shop used to sell it at Re. 1 + the ration coupon, then the value of the coupon was Rs. 29.
If the new system was that you put Rs. 29 into everyone's bank account, then well maybe the ATM is a longer walk than the shop etc. But if the new system is to give people only Re. 1 then no wonder there's a riot!
Am I reading your [1] correctly? The problem is a 30-fold reduction in subsidy, not a new delivery infrastructure?
You're reading it wrong. You get 29 INR in your bank account, and add another 1 INR to pay 30 to the subsidy to the shop.
But while earlier it was just a walk to the shop and getting your ration card stamped, now you must:
1. Go to your bank (which may not even have a branch in your village)
2. Hope that the network is up
3. Confirm that the money has reached your account. If not, go home and retry (1) on another day
4. Withdraw the money and then go buy your ration at the subsidy shop
Edit: This the relevant quote from the article:
>Earlier, people would take their ration cards [...] and be able to purchase rice at Re 1/kg, with each member of a priority household allotted five kg. Now, [...] – money is first transferred into each household’s Aadhaar-linked bank account. They have to then withdraw this as cash, take it to the local ration dealer and buy rice at Rs 32/kg – of which Re 1/kg comes from the ration card holder [and the rest comes from the subsidy that you withdraw as cash].
Sounds like a massive business opportunity for banking. Your village may not have an ATM but I bet it has cellphone signal. Wasn't every Kenyan SMS-ing money around a decade ago?
We're trying this with "Payment Banks". The DBT scheme itself tries to solve it by directly debiting money from your account and crediting it to the shopkeeper's account on a monthly basis automatically, but the real implementation is still cash withdrawls as of now.
The Kenyan-SMS has also led to a monopoly of mpesa in the market, which the RBI is trying to avoid by bringing some decent regulations in the space of digital banking.
What leak exactly? What do anyone achieve by getting your number? Does this outweigh it benefits?
Now you want India to stop subsiding poor? Do you even know the level difference between US and India. And history of political/economic systems?
And who should be making solutions, Internet warriors like you ? Comparing US, then bend over and gives his DNA to get a tourist visa. Hay, I gave it voluntary !
For instance, I believe in Denmark your ID number is simply not a secret at all, no more than your name. While in the US, your SSN & address basically seems to let any crook empty your bank account.
Since paper-aadhaar is still very much accepted as a proof, just having the number is enough (in many cases) to take over someone's identity and get a new SIM issued, which you can then use for emptying the bank account.
There are also phishing scams happening with Aadhaar since it uses OTP as the authentication factor. We have OTPs as 2FA for bank transactions, and it works because the first factor is still secret (credit card number or your banking credentials). However, if your first factor is your Aadhaar number, the security goes down tremendously, since every organization under the sun is now asking your Aadhaar.
I'm tempted to wardrive Aadhaar OTPs sent over unencrypted SMS.
> Since paper-aadhaar is still very much accepted as a proof, just having the number is enough (in many cases) to take over someone's identity and get a new SIM issued, which you can then use for emptying the bank account.
Weird. Maybe it's different from state to state or probably area to area. Atleast where I reside (Telangana), getting a new SIM requires fingerprint authentication followed by SMS OTP to an existing mobile number. If you do not have an existing number linked to Aadhaar, only then a fingerprint scan would suffice. I have also opened a bank account here following the same procedure. I had to get one number ported and that required multiple authentication too.
The known attacks I have come across in India include the hacker somehow coming across your sim card number and using that to get a new sim card issued in your name. A lot of people have had their bank accounts drained this way (source: social media posts)
There was another thread in an yesterday on this where someone mentioned they could just rent a cell tower in Malaysia at $10 an hour and broadcast your number as roaming there to get your messages. Also mentioned were mobile number porting attacks though I don't know how viable that would be in India.
There are so many apps with the permission to read your messages on Android. I wonder how many of these upload your messages to the cloud. An attacker could simply get the OTP from there. By creating a malicious app or attacking the database of another app uploading your messages. Also possibly your sim card number which I have seen apps broadcasting in the open, unencrypted.
Another scenario - let's say you have a prepaid connection. You go abroad on a vacation without this number or get sick or whatever, and forget to recharge your phone. The provider can stop your services and give your sim to a new user. The new user now gets all your OTPs.
There are probably more attacks. Messages to your phone are just not a safe choice for 2-factor authentication, but sadly that is the base on which aadhar is built upon. Even today one can open a bank account with just an aadhar number and an OTP. Wait till people start taking loans in others' names.
I dont know how people are ok with Aadhar. Recently the aadhar data of widows in Delhi was leaked. You can find their address and various details.
I've been to the local than to register a cyber crime. Their words: "You are lucky you lost only a few tens of thousands of RS. People are losing lakhs and the Cyber cell cant help them."
>>A well functioning state needs to be a strong (sorry libertarians) and benign (cf. Somalia and North Korea) to take care of its citizens.
I don't think a state being strong contradicts libertarian principles. It's the state being expansive that is anti-liberty.
A strong state that limits itself to core functions (e.g. prosecuting those who resort to aggressive violence, in order to replace the law of the jungle with the law of the market) can potentially result in the most 'libertarian' possible society.
>>In a weak state like India, the local entities are thoroughly corrupt. A blue eyed/blond 6.5 foot viking can get a birth certificate in an indian province where most citizens are under 5.5 foot and caramel colored for less than a hundred dollars.
I don't think the identification system or biometric data linked to it is the main problem. The question is why it's made mandatory to use for nongovernmental services if the purpose is just to prevent people from defrauding the government?
Clearly it goes far beyond corruption of government programs.
> how does a state go about providing services to its citizen if the state cannot identify citizens as its own and as unique entities.
That's why it is risky to insist that the State should "provide benefits". The more benefits from the State, the more one needs to consult the State for daily life.
This stuff isn't surprising, it's a natural extension of entitlements, it happens every time. If the government provides healthcare, it won't be long before your life choices become the government's business.
> A well functioning state needs to be a strong (sorry libertarians)... to take care of its citizens.
Libertarians are for a strong state capable of upholding the Law. What libertarians are against is a BIG state that goes beyond its role into the private sphere of its citizens (that's why we have constitutions and such systems to clearly define boundaries).
>how does a state go about providing services to its citizen if the state cannot identify citizens as its own and as unique entities.
A man comes to you and ask you for money. He says that he is hungry. In this case, you have two options.
1. You can give him the money. But you risk being scammed, because you cannot actually check that the man is actually hungry. If you give them money, there is no way to make sure that they did not buy liquor instead of food. This is what Aadhar is supposed to solve.
2. You can offer to buy him food (not a parcel or takeaway). In this case, there is no risk of being scammed.
I think governments should try to do 2, instead of strapping on things like Aadhar in the name of doing 1, as it has a lot of chance of misuse and is vastly less reliable than 2..
As a solid implementation, instead of providing rations for rice and fuel, to prepare food, what if governments can open hotels, where one can have a solid, healthy meal for real cheap, For any one and every one who bothers to show up?
The indian government has traditionally subsidized rations and fuel over the decades. This system was gamed massively by middlemen and black marketeers. Linking Aadhar to this system has certainly plugged many holes. The issue of misuse of data by the government is still a concern. People in power are corrupt more often than not, so it's a matter when and not if aadhar will be misused by the authorities.
>As a solid implementation, instead of providing rations for rice and fuel, to prepare food, what if governments can open hotels, where one can have a solid, healthy meal for real cheap, For any one and every one who bothers to show up?
This is also being tried, eg amma canteen -https://en.wikipedia.org/wiki/Amma_Unavagam by Jayalalitha aka amma in the state of tamil nadu.named after the politician convicted by the ocurt for corruption and who never served a sentence.
also, Indira canteen -https://en.wikipedia.org/wiki/Indira_Canteens by rahul gandhi in Karnataka. named after India's first woman prime minister(grand mother of rahul gandhi and daughter of nehru who was India's first prime minister).
hero worship and dynasty politics in food subsidy programs funded by the tax payer. The food is good though or so I hear.
Technology can certainly ease our pain, or will it make it worse?
That is a great summary, while i am a big privacy advocate myself, having observed India's ills from so close Aadhar's benefits outweights its costs.
I just hope that we have better security systems, lot of third party auditing and limits to the areas where Aadhar would be needed.
Unfortunately in a country like India to reduce corruption, improve PDS we need a better system and a well designed, maintained Aadhar system is one of the solutions. India being a democracy so many voices against it are raised unlike China, many points are valid though. However what gets me is the large scale fear mongering especially from people who have no idea about third world problems and priorities. These are the people who would give answers like 'why would X not find a job if he is so poor' ?
This article gives a good overview of the promises and issues of the Aadhar system. I might be wrong but it doesn't add anything new which hasn't been covered in other Aadhar related articles submitted earlier.
The system has done some good. Mostly in the public schemes area where it was originally intended to stop corruption.
But, there are some serious issues with the system.
First is the internet infrastructure. As mentioned in the article, a lady had to register for it thrice because the system wouldn't load the data. That doesn't surprise me a bit because the internet infrastructure is so poor that even 512kbps is defined as "broadband".
There is a funny interview of a supposed Income Tax guy:
He equates "cloud computing" to actual clouds. And posits that if people's data in put in cloud and rains then the person is screwed out of his benefits. As stupid as it sounds, over reliance on Aadhar means people might not get their benefits if the Aadhar system is down. And given the poor internet infrastructure, that is a real concern.
Second is the creeping coverage. The system is slowly outgrowing is intended usage from public schemes to invading into private lives. Now telephones and banks need the data. It was promised that the data will never be used for forensics. But given the data stash, it is not stopping lower courts from trying to access it.
> There is a funny interview of a supposed Income Tax guy:
That's just a wrong example. He was not an officer in the government at the time of the interview. He worked for the tax department long before cloud computing was even popular.
I disagree with the assessment. It seems like any form in which the government tries to identify you is being compared to the scary Orwellian dystopia. There is no cost benefit analysis. Sure it could be misused, however it can also be used in a super beneficial way. India is a country where some Indians have never obatained birth certificates, there was no equivalent SSN system, often resources are poorly distributed because there are scams where a person claims to be somebody else or there is no clear identification system, all of this significantly affect the GDP and the rate at which people’s std of life is improved. I think if it gets misused , then the solution to that is regulation and better management, not no collection.
* Requiring identification to get welfare benefits. The article mentions fraud is a big issue.
* Use of biometrics. It sounds creepy at first, but without a robust system of record keeping to base the ID card on, this is a good way to ensure each one is unique.
Orwellian:
* Requiring a government ID to enter a middle school art contest.
* Requiring a government ID to buy a prepaid SIM card.
> Requiring a government ID to enter a middle school art contest.
Possibly a security measure? Schools are increasingly becoming targets for anti social elements of late. I wouldn't be surprised if the public, on its own volition, pressurizes the government to have stringent security checks in schools.
> Requiring a government ID to buy a prepaid SIM card.
You can't authenticate without Aadhaar OTP. And don't expect the government to send OTP to an unverified mobile number. That would put huge liability on the government if tomorrow you claim that the number never belonged to you. Biometric scanners are not ubiquitous, so the need for linking SIM cards for authentication.
What I read in the article sounded like the ID was required to submit an entry to the contest, not to be present in the area. I would need more information to comment on alternate reasons.
> You can't authenticate without Aadhaar OTP. And don't expect the government to send OTP to an unverified mobile number.
Authenticate what? Last time I needed a prepaid SIM card (in the US), I bought it on eBay and provided no information other than a mailing address (not mine).
By authenticate I mean Aadhaar transaction authentication. Say you are filing your tax returns. There are currently three ways to authenticate that the tax return was indeed filed by you:
1. You take a print out of the acknowledgement, sign it and send it to a centralised tax processing unit.
2. You purchase a digital signature and sign it using the same (requires you to be slightly tech savvy). Not to mention the cost of acquiring the digital signature and the fact that you need to keep renewing it every few years.
3. Just authenticate using your Aadhaar number. An OTP will be sent to your mobile number and you just need to enter the same on screen. Once verified, you have digitally signed and submitted your tax return.
I find option 3 really appealing. This is just one practical example of where one can use Aadhaar and OTP for authentication.
I've filed my tax returns with just my PAN card and without using a DSC. This might be different for a registered organization where CAs must handle DSCs I think, but you could file your Individual taxes without printing/using a DSC/Aadhaar by just creating a new account linked to your PAN.
The fact that they used OTP (and tout it as a security feature) is so disheartening.
I am not the SIM card in my phone. Switching legal consent to a mere 6 digit OTP is a terrible idea. Even more so because SMS is unencrypted and terrible way of sending secrets. There is no recourse in the law for someone stealing your phone and signing away your entire property once e-Sign comes in force everywhere.
I'm just tempted to take a large strength antennae and build a Aadhaar-OTP Wardriving tool.
I should have been more clear. I'm talking about after filing of returns. You have to verify it. It's either sending the signed acknowledgement to CPC or everify it digitally. Have you sent the signed acknowledgement to CPC? It's mandatory to send acknowledgement to CPC if you haven't digitally signed it using DSC or Aadhaar. Please check with your CA as the rules are same for personal and corporate income tax.
> There is no recourse in the law for someone stealing your phone and signing away your entire property once e-Sign comes in force everywhere.
I agree with you on this. Currently however, this is how it is with everything online. Take any 2-FA service. It's either SMS based or through Google authenticator/yubikey etc. To expect non tech savvy people to use yubikey or Google authenticator is going to be a hardsell.
> I'm just tempted to take a large strength antennae and build a Aadhaar-OTP Wardriving tool.
Hahaha! Provided you know the Aadhaar number for the associated OTP as well ;)
I agree that the alternative is not great either. But when you design a system for a billion people, you need to take into account how easily people can be phished in India for OTPs.
Wardriving Plan:
1. Google for '"Mera Aadhaar, Meri Pehchaan" filetype:pdf'
> The fact that they used OTP (and tout it as a security feature) is so disheartening
I do not anywhere mention it as a security feature. I actually mention that I find it appealing as I don't want to go through the hassle of obtaining a DSC just to verify my returns. Everifying through Aadhaar is simpler. To expect someone to hack it is quite remote as it would require knowledge of multiple things: my Aadhaar number, access to my network, knowing the date and time of when I decide to file my returns, having to utilise the OTP before i use it or it expires. It's possible for a really concerted attacker but then I start to question his sanity. It's much easier to just break into my home and get me to sign at gunpoint. ;)
This is highly unusual now. For instance most countries in Europe will now need to see your passport to enable a SIM card. So India isn't an outlier. The stated reason, I believe, is terrorism. Whether this is Orwellian I leave for you to decide.
Yes, that's highly Orwellian and terrorism is an absurd justification. Anybody capable of pulling off a terrorist plot requiring a phone is likely to be able to find a way to get one without such a regulation making a problem for them.
What it does enable is surveilling a person's location and some of their communication without having to do something requiring resources and the possibility of alerting the person that they're a target.
For the record, it's not unusual to be able to buy and use a prepaid SIM card anonymously in the US. There have been a couple proposals to ban it, but they came nowhere near passing.
Sorry, by "highly unusual" I meant more an outlier among countries (in which I've bought sim cards).
I guess I now assume it's all so tracked as not to matter much one way or the other -- it's not like the NSA can't connect your ebay account to your name. Asking for ID just saves them a few CPU cycles, reducing everyone's carbon footprint :)
I think they'd have to work a bit harder than that.
Even assuming they have continuous access to ebay, telco and mvno systems, they probably don't have continuous access to the computers of the individual reseller who's selling preloaded SIM cards. This is almost certainly one guy working out of his house.
No doubt, the NSA could hack that guy, but they'd have to do so deliberately. The connection necessary for mass surveillance is broken at this point.
I have a recycled SIM which I legally own, which is linked to the prior owner's Aadhaar.
It will remain linked even if I link my SIM with my Aadhaar. (The Aadhaar->SIM mapping which the government uses is maintained by UIDAI and is not given out, the SIM->Aadhaar mapping which is mandated by DoT is maintained by KYC-regulations of my telecom provider at the telco level)
Yes, these have existed for quite some time. However, you could get one with varying different ID proofs earlier - Driving License, Ration Card, PAN (Tax) Card, Voter ID etc.
Now, we're all being forced to link _everything_ to a single 12-digit Aadhaar.
As per lawyers, the justification for Aadhaar-linkage is very slim[0], but the government is pushing telcos to link so it is happening.
The events:
1. Supreme Court asks DoT in a regular about the status of KYC for telcos and asks for all SIMs to be compliant within a year
2. DoT (department of telco) rewords the above a "direction" (it was not binding till then) of the SC and makes Aadhaar-KYC mandatory (when the original order did not mention Aadhaar in any way, just KYC)
As for the original KYC-law, I'm not entirely sure, but it has existed for decades now.
It's more the original KYC law I was asking about. I find the attempt to deprive people of anonymous communication problematic and I'm curious as to the arguments that have been used successfully to do it so I can better argue against them.
Exactly. This has happened to a friend. They were able to find my friend's name from Truecaller. Soon they started getting fake calls to get her account number or aadhar number. If my friend's aadhar data had been leaked (as has for thousands other), they were done for. Once your aadhar number gets leaked it gets leaked forever. There is no provision for the government to issue a new one and which is a fundamental flaw in the system.
That's not how it works. Your aadhar account is linked to one number. Why do you need to link all your numbers to your aadhar?
Besides the link is not two way. Case in point - a friend forgot to recharge their phone. The phone went out of service. Another person got the phone and started getting my friend's aadhar otps. Even though they got the phone using their own aadhar number. The "link your phone to aadhar when you need a new connection" has got nothing to do with "link your aadhar number to your phone in order to get authentication OTPs".
When tackling fraud, you must look at 1)exclusions and 2)cost.
In the case of aadhaar, we've seen the project baloon in cost and vision over the span of two different governments. There have been savings number reported by the government that have since been redacted by the World Bank (but the government keeps claiming them). At some point, you must take stock and consider if the amount you are spending to tackle fraud in the system - is it worth it?
Also, Aadhaar is not a fraud-proof system. The most common type of subsidy-fraud (for food benefits) is quantity fraud where the shopkeeper would sign away 5kg, but only give you 4kg (and sell the other 1kg at a higher rate on the market). There is nothing in the aadhaar system that prevents it (and other kinds of fraud)
Second: Exclusions. Jharkhand, with the highest rate of authentication failures has had multiple deaths. Due to how the system works now (you receive benefits in your bank account instead of directly getting subsidized rations), it requires double the effort (which converts to one-fewer working/earning day because of the extra bank trip).
It is guaranteed to get worse if the Supreme Court doesn't step in. For eg - Aadhaar enabled payments are on their way, and there is a push from the government to get Aadhaar authenticated ATMs out (fingerprint based). Think of what happens when your Aadhaar is disabled? We've already had people die on hospital entrances because they couldn't find the patient's Aadhaar[0], now we're moving closer to a guaranteed civil death.
The state of Telangana, for eg is turning into a over-policed state with:
- The state police maintaining a copy of the Aadhaar Data[1]
- And using it to geo-tag each resident[2]
- And track petty crimes using aadhaar[3]
Our only hope at this point is that the Supreme Court gives a favorable verdict.
Why are you blaming Aadhar instead of hospital. What kind of hospital turncoat aways critical patients. Btw the hospital in my area were not accepting card payments before demonization. They wanted only cash.
What is your solution ? It kind of seems like Aadhar should be better managed... rather than reinvent another identity system, sure I am optimistic that Aadhar will improve (Its a very new system compared to SSN or other identity systems)
Regarding ballooning costs, so many successful programs have had costs that exceeded the plan, so far with Aadhar there has been no evidence that the ballooning costs have been debilitating and on the contrary Aadhar seems to be helping.
I'm just a security researcher, and unfortunately I don't have any concrete suggestions. I'm hoping that the Supreme Court takes a favorable approach to this madness and limits the damage (by asking the government to stick to its 2015 order which limited mandatory usage of aadhaar to 3 schemes only, for eg).
On balooning costs - Yes, the scope has vastly increased:
1. it was supposed to be a YES/NO boolean API, which has since become a complete eKYC API giving third parties access to your data
2. State resident data hubs that maintain a copy of your biometrics and data to enable state level surveillance
3. Pushing of mandatory linkages has cost us thousands of crores already.
(and more that I'm missing - this is early morning IST now and I'm getting sleepy). A lot of this should not have been allowed in a scheme that was passed in the parliament as a "Money Bill". The helping part is non-proportional to the expenditure which we've seen - this is under purview in the SC hearing as well.
I am sure that I can find flaws in some of the best identity systems in the world - but I am not sure if just finding faults make a good discussion hence I am not going to do that (in addition to not want being labeled a cynic).
Also when you say the costs are not proportional to the benefits... I don’t know if it needs to be proportional, also is there a well researchered study that talks negatively about the overall value provided - I find that hard to believe ?
Usually legislature is free to spend money on programs as long as it is not against the law or constitution and judiciary can’t interfere on such matters. I don’t know what is in the scope of S.C w.r.t Aadhar - I can see some kind of violation of civil liberties within its scope... but I can’t see how cost benefit analysis is within SC’s scope. So I may not comment on it until it plays out.
India spends a lot of money on roads which should have last year's but fails every monsoon. Aadhar expenditure might be a small blip compared to those.
Govt were anyway required for most things in India. This is just another card. The main issue would be accepting it without finger verification.
There is a cost benefit analysis, and many people have shown that the govt figures are incorrect, and that Aadhar has not had an impact.
I am fully sincere about it.
Straight up Aadhar has hurt our constitution. IT was initially run without ANY legal protections or aegis.
Later it was retroactively Okayed via a money bill.
It has rarely been used for its intended purpose, but instead it has terminal feature creep and support from the state to enter every sphere of life.
The state govts are now making their own mirrored data bases of Aadhar data, which last I checked is not covered by the Aadhar law.
The aadhar agency is the only agency which can take cognizance of Aadhar offenses - making the agency its own judge and jury.
Aadhar was never meant for scam protection or prevention - take a look at the claims of the Aadhar agency.
They use clever tactics to appear to be enablers, but when put on the spot they reduce their job to "we just authenticate biometric requests" - moving the onus and responsibility for any leaks or misuse to other agencies.
I understand the need for identification - ID documents long predate these systems and include basic biometric data: photograph, eye and hair color, and sometimes even a finger imprint. In the digital era, ID cards can be made unforgeable and the biometric data can be encrypted and made available only to pre-authorized entities (I.e airport biometric gates)
What I don't understand is why they aim to replace the ID card, a smart, cheap hardware token that can be interfaced with very simple hardware, with a monstruos system where the fingerprint itself is the authentication device.
Now you need complex, finicky machines to read fingerprints and irises/faces whenever you want to do authentication and also require internet connectivity all the time; it's no longer possible to do the low tech, offline validation "ID is present, appears not forged on visual inspection and photograph matches holder". This was usually suficient in 95% of the usecases. You also lose on end to end security: if fingerprint data is duplicated, a rogue acces point can fake authentication, despite the fact that neither the govt nor the person wants that. And once the fingerprint is compromised, it stays that way forever, maybe even putting the original owner on various blacklists.
So instead of going for the low hanging fruit and build a solid electronic ID system where optional biometrics can add some value and also be protected, they overextended to a snake oil system that is actually worse in every way. A cautionary tale for government security purchases and probably the very corruption it purports to address.
Given the title and article is sensationalized, does anyone else see that the greater reliance organizations and govnts put on mass-production of homogeneous survellience technology, the easier it will be to abuse, and the harder it will be to be detected. A double-edge sword it is.
It is worse in India because we have a large amount of surveillance abuse (even before the internet) and very little litigation/laws to make up for it.
Someting tells me I have it in good faith the population of Indians will improve things drastically and will come out on top when all is said and done. Any way, I'm shocked Indian do not use their own version of f*book. India, you guys have got to get on that!
> Technology has given governments around the world new tools to monitor their citizens.
This is the fundamental thing that really gets to me. Governments do not need to monitor their citizens! In fact that very concept is anathema to a free society.
I really wish people would get this and stop trotting out the usual "oh but terrorists!" type arguments. Pervasive monitoring destroys your way of life faster than any terrorist (or other justification du jour) could.
Indians and Chinese come over to the US in large numbers. Any surprise when tech workers here support/implement these totalitarian products in the USA?
#1 Aadhaar has been foisted on us under false pretenses.
#2 It is useless.
#3 It is destroying the lives of the poor.
#4 It is coercive.
#5 It is technically unreliable.
#6 It is insecure.
#7 It puts sensitive data into unreliable hands.
#8 It is creating the infrastructure for 24×7 surveillance.
#9 It is allowing privileged insiders to profit from personal data.
#10 It frees the government from accountability.
Not really. There are actual deaths on the ground with desperately hungry people being denied benefits due to the bio-metric authentication systems flaking out. So much so that the CEO of the agency managing this system himself has an authentication failure rate of around 19%. Thankfully he doesn't need the ration to survive.
Leaving this issue aside for a moment, dealing with massive corruption in the govt requires an opposite approach - monitoring the government. Publicly available data which allows any citizen to lookup the details of the programs running in their locality, apps which allow public audits of quality of service of roads etc.
Most people commenting here don't get the situation in India. We elected a radical leader with a dictatorial behavior and this is why:
1. The old govt was descended from a long line of political dynasty known for inaction and corruption.
2. Election fraud! Mine and my family members names were already voted for by members of the incumbent party when we reached the voting booth in 2014. And the election officer sipping tea at that party's booth said he couldn't do anything. As my mom explained, this wasn't the first time this happened to her. My father as an election officer was sent off to a remote place so he couldn't do anything. It was shocking to me!
3. There's real infrastructure development. The roads don't have potholes anymore, they are noticeably cleaner and I was almost ticketed for throwing trash on the road last time I visited.
4. We know the risk of what's happening but this is the best choice we've got. The other political leaders are/were directly involved in scams.
5. The govt is pro-middle class tax paying people. We work hard and pay taxes and we deserve our own guy in charge for a change. The previous govts' direct welfare schemes have failed for 70+ years. We should try trickle down economy for a while. Our maids, drivers, etc have noticeably grown richer with general wage rise in cities. If the super rich also profit from it then its good for them too.
171 comments
[ 3.4 ms ] story [ 211 ms ] threadNote the spin from Aadhaar proponents in this NYT article--that it's the equivalent of building interstate highways, or that citizens are the biggest beneficiaries. They neglect to mention that the program is mandatory. If people were truly benefiting, they wouldn't need to force everyone to link so many of their life activities with this database--we'd do it voluntarily.
During the demonetization disaster of Nov 2016 (in which 86% of the cash value in circulation was deemed unusable overnight), once the problems became clear, the government went on a massive PR spree saying that despite the problems faced by ordinary people, the policy will spur 'digital payments'. 18 months later it's clear that this was a stupid claim--the cash in circulation has matched or exceeded the amount that was demonetized. I wrote about this at the time here but I'm still very upset about what went down and the whole 'ooh this will lead to digital innovation!11' deflection. https://hackernoon.com/i-boycott-paytm-5df93d189356
India has a lot of problems but most of them stem from two causes:
1. Corruption 2. Inequality
In positions of power, corruption is universal. I have yet to meet a person in Bangalore who has been able to purchase property without paying a bribe. Too many of our government 'servants' are sociopaths. It's a generally accepted fact (with no citation needed) that a non-insignificant portion of government spending on social programs and infrastructure is going un-tracked into private pockets.
Secondly, inequality. A lot of people get away with things in politics. Robert Vadra gets through security checks though he's not a diplomat, Modiji (allegedly) gets degrees without going to college and Jayalalitha from my own state had people falling not only at her feet but touching the tires of her car.
Aadhaar is the 'leveler' that shines light on the financial activities of all these people.
1. Aadhaar is linked to biometrics = aadhaar is linked to a real person
2. You can't live / work in India without Aadhaar = Government employees and people with influence are not exempt.
3. You can't handle money or avail social benefits from the government in India without linking Aadhaar to it = Illegal money can be tracked.
This could solve a lot of problems.
Of-course there are problems with this apart from the well publicized privacy issues. You can apparently purchase fake Aadhaar cards for a few hundred rupees. It's been reported that more than one person has bought an Aadhaar card for a pet and if it's that simple to beat the system then all the good intentions fall flat.
Sure, it can work but it does not scale. If clerks spend all day manually answering RTI queries who will do the work?
When you're seeing elevated request volume, it's likely that there's something substantial worth requesting, which is exactly the point of this form of legislation.
I know for a fact that in the Indian Railways, people spend weeks digging up information required to answer RTI queries.
Instead of going by feelings ask government employees (preferably someone with a high level view of things) about it.
I am not saying RTI is useless. However, without a computerized infrastructure for most, if not all, protocols and processes in the government, it is just a game of cat and mouse.
The usual solution to a problem like that is to publish the frequently requested types of information in bulk, before they need to be requested, since they are public records by definition. It costs a bit more than doing nothing, but not nearly as much as corruption does.
Or you're seeing persons trying to frustrate the system with senseless requests. This happens with businesses all the time when they provide courtesy services (sprint's tty service for example was a regular tool for prank calls, USPS and their free boxes resulted in people being flooded with box orders)
I'm 100% for transparency, but it's not a magic bullet. There is a real and non trivial cost for such transparency and it's the price we have to pay for diligence. often, societies seem unwilling to pay and instead demand that an organization do everything they used to and more with no additional resources, and transparency, especially for organizatikns without the resources to have digitized things,means a lot of human input and work.
https://www.nytimes.com/2016/11/09/business/india-bans-large...
2. Till next few days, most retailers were doing backdated bills for large ticket items.
3. In India lot of people didn't had bank a/c. To allow them to convert old currency, people were allowed to convert cash upto 4k INR, by just showing any ID. Bank managers used stash of IDs they had collected over years, to convert huge amount of cash to new notes.
Apart from this, local mafia used millions of poor to get the cash converted. These are common and publicly known methods.
They don't need to put people in bars these days, they need to make life hell for the dissenters so they either leave the nation or be quiet.
The big brother in 1984 did exactly this but thr govts these days are going a step ahead.
You won't believe how many brainwashed "bhakts" tell me how great Modiji is, but they can't justify their claim. It is because of these things that the givt gets away.
Plus the SC has refused to acknowledge govt's stance that adhar reduces corruption. A new judge transfer is coming soon, now that the verdict is going to be against the dictator!
How about actually catching bringing back people who have fled the country like Nirav Modi and Mallya or how about making sure a celebrity like Salman Khan goes to jail.
The govt intelligently stifled free speech by making good on the death of a film star. Tada! Nobody reports on Nirav Modi anymore
Also, the judge who found Salamn as guilty was transferred a day after he pronounced the statement and the other judge, presumably close to BJP gave Salman bail. 80other judgea are transferred
But does the media report on it? No
This seems like a system that will just hit those with lesser means. I'm not sure I see that as equality or something that would stop corruption.
The people responsible for it can, though.
The issue with bribery is always a differential of power = rent seeking behavior.
This makes aadhar the enabler of corruption, not the remover of it, since now the State is so deeply intertwined in your life that it is inextricable.
Aadhar will long term make things more corrupt. The current levels of corruption will look childish - it returns us to pre 1980 levels of corruption
You can still bribe a judge ... politician, government official just fine off the grid.
There are numerous countries in the world who have a very low rate of corruption without forcing the citizens to enroll in a scheme like this.
If you think digitizing would reduce corruption you cannot be more mistaken. Its only a matter of time before they figure out other ways. It will reduce only when the citizens respect/fear law and order.
This scheme has a lot of power more than we can comprehend and I don't want it under corrupt hands. As you said, from a person who is so insecure about his own educational qualification that he has lied with a fake degree and does not allow a fair probe into it.
Just curious, can you name them and provide sources.
Compare with the data in this article: https://scroll.in/article/851282/are-countries-with-a-poor-d...
The graphs show the data excellently.
A few years ago, I spent three months interviewing and photographing many of the nomadic and scheduled tribes of Gujarat, which made for a good example of disenfranchised people in India generally: lack of voter id or ration cards, which made it hard or impossible to receive assistance, work, medical care, and attention in general from the authorities.
Huge efforts by organizations such as VSSM and Janpath to help tribal people obtain their correct papers literally changed their lives. It gave them political influence as a large group of voters; it gave them access to applying for land to make permanent settlements.
One group of people that were very upset with these efforts must be apoplectic with rage over Aadhaar: greedy and corrupt representatives in panchayats. No longer would they be the sole conduit for money, food, work and representation.
My €0.02
Indians are very very good at thinking out of the box, and specialize in working against rules. Its our national past time to be honest.
In many cases, people will let you take the money and then will just pressure you for it. Aadhar does not solve that.
Cheaters (which is what corruption is) basically adapt to rules. Your assumption is that things will remain the same.
They will not.
Aadhar achieves nothing, because the core issue we have is enforcement of the law at both the center and the periphery.
This means autonomy of the police force, expansion of the judiciary.
You will not find one party advocating for this. Instead the parties know that Indians love the idea and concept of magic bullets, and they sell that as the product.
You forget - corruption or cheating is an evolving system. There is no set of static rules which govern the world. Cheaters as a result always adapt and find an edge.
Finally - The massively hurtful demonitzation exercise failed to uncover large amounts of hidden cash.
While everyone who worked with money knew this, the lay people still believe in magic bullets and tech optimism to solve what are inherently human issues.
-----
https://www.indiatoday.in/india/story/aadhaar-card-mandatory...
Aadhar predates this government and it had 80% enrollment before their entry to power. So no need to make it political.
Aadhaar was already flawed as a concept when it was introduced but over the last year there have been sudden mandates to link it to everything. Which makes it far more dangerous. We need to scale it back.
So you are no different in making propaganda.
Aadhar is here to stay no matter how much fearmongerers whine. It's benefits outweighs risk. A good data protection law is what lacking.
But the shoving it diwn everyone's throats is a clear form of transforming this democracy into autocracy
Adhar is connected to your phone and internet and accounts. So if I make an anti PM statement, suddenly my bank account is frozen, electricity connection is gone (connected to adhar), my frying pan is connected to adhar so if I cook Poha, PM's sycophants can turn it into upma.
No tech is bad by its own right, the implementation is good or bad
And as far as 2014 implementation goes, adhar is bad
Allow me to remind you that the current PM who is pushing so hard for Aadhar was against it when opposition because he was worried about the "security".
Imagine your ISP is connected to adhar As is your gmail/HN
Within a sec they'll identifywho is beind my username and then they'll make my life hell, like electricity cut in my apartment, my society suddenly gets a large bill etc
They will be lose incidences, for there are far more bhakts at any place than dissenters, bhakts will rejoice that ither societies are getting power cuts, 'they don't understand", the bhakts say
So let me be clear, my friend, unless you can prove that my points are wrong, you are the one who believes the "Powerful if true, Ram Bhagwan really travelled to Himalayas, forward it to 100people amd let Mudiji win"
And since you brought up the point of Whatsapp forwards, pray copy paste the forwards you get your information out of
Educate yourself.
https://en.wikipedia.org/wiki/Aadhaar
Their specifications state that the vendor should ensure end-to-end encryption. Say vendor X uses a kyc API which follows the UIDAI guidelines to the point, there's nothing preventing the vendor from storing the biometrics on the device before sending it to the kyc.
Not to mention that the biometric can be bypassed with OTP SMS & anyone is cybersecurity knowns SMS aren't fool-proof.
India is culmination of different civilizations and hence the diversity. No matter how corrupt the previous governments were, they weren't a direct threat to the democracy like the current government is under the pretext of religion.
This is so fucking disingenuous, and really demonstrates the heart of the problem. If you create a bunch of systems that rely on totalitarian cataloging of humans for their basics of every day life, then when some individuals aren't tracked it sure looks like those individuals' problem. But really the problem is the top-down insistence on having everybody cataloged in the first place.
You may disagree with the idea but in a country which has a very small tax base and caters to a huge population efficiently distributing benefits becomes the most important priority. Up until Aadhaar, the benefits meant for illiterate/lower income group were swindled by scamsters who used their identities to procure the benefits.
There was no way to ascertain if the individual was really below poverty line and that s/he hadn't taken more than his/her fair share of the benefits using a stolen identity. We can always debate issues of privacy endlessly but arrive at no conclusion which can actually solve the core issues. The core issue being that for the poorest of the poor, privacy is secondary to survival.
For some added perspective, here is a famous quote by Ex-Prime Minister of India, Rajiv Gandhi in 1985 (on a visit to drought-affected Kalahandi district, Odisha): "Of every rupee spent by the government, only 15 paise reached the intended beneficiary". Have you ever heard a top executive head of any other country publicly accept and go on record that 85% of the intended amount never reached the poor and needy? That 85% of the amount was swindled away by corrupt means?
Even this article admits it rather reluctantly: "Officials estimate that taxpayers have saved at least $9.4 billion from Aadhaar by weeding out “ghosts” and other improper beneficiaries of government services."
Privacy is probably not on their radar.
However, Aadhaar is an authentication system not a tracking system. So privacy is not even relevant here but please correct me if I am mistaken.
Aadhaar isn't the only biometric database in the country.
[0]: https://www.medianama.com/2018/02/223-gujarat-bleeds-biometr...
I learnt a lot from our discussions today. Thank you!
What exactly stops you from getting an Aadhar card when its free and centres everywhere? How is this totalitarian, who is benefitting from all this? What alternative would solve all this?
For the record the current privacy situation with Aadhar is a fucking nightmare but like all things it will evolve (but obviously with pressure from the citizens).
https://www.ndtv.com/india-news/aadhaar-data-safe-behind-5-i...
> Aadhaar Data Safe Behind 5 Feet Thick Walls: Centre to Supreme Court
This just shows how poor the understanding of digital security is...
To their credit, the leaks that have happened until now haven't happened directly from UIDAI database but by partners who had poorly designed API endpoints which exposed citizen identity data. At the very least, biometric data has never been leaked/hacked into till date. The "5 feet thick walls" reference might be to the vault that is actually housing the biometric dataset which they mention in the above official page as well: "The UID database will be guarded both physically and electronically by a few select individuals with high clearance. It will not be available even for many members of the UID staff and will be secured with the best encryption, and in a highly secure data vault. All access details will be properly logged."
I've had a possible-RCE vulnerability reported to UIDAI since February-2017 and there has been no action. The CERT-IN (Indian equivalent of CERT-US) has been aware of the issue, but there is no fix in sight.
The easiest to do exploits (fingerprint cloning) are already happening: https://www.medianama.com/2018/03/223-cloned-thumb-prints-us...
A well functioning state needs to be a strong (sorry libertarians) and benign (cf. Somalia and North Korea) to take care of its citizens. You can take birth, live and die in a weak state without the State ever knowing you existed, let alone provide you with services.
Things we take for granted in the so-called developed economies e.g. getting a birth certificate, accessing public education, voting rights, drivers license - rely on smaller units of government providing unique identity services which are then chained up the ladder. My local hospital provides a birth certificate which is attested to by the county recorder's office which then serves as proof to get a driving license, passport etc.
In a weak state like India, the local entities are thoroughly corrupt. A blue eyed/blond 6.5 foot viking can get a birth certificate in an indian province where most citizens are under 5.5 foot and caramel colored for less than a hundred dollars.
So I posit my meta question - how is a nation state supposed to provide unique identity authentication?
Aadhaar is a 12 digit random number assigned to everyone by the Unique Identification Authority of India. The project was led by one of the founders of Infosys who ran as a Member of Parliament for the opposition Congress party. Each political party takes potshots at it when they are not in power but it has support across the aisle. From my (albeit limited) understanding, Aadhaar is simply authentication - and not tracking.
The intelligentsia in India defines themselves by opposition to Aadhaar. There is a huge cacophony of bollywood stars, writers, intellectuals and of course civil libertarians opposing Aadhaar. What is lost is the colossal leakage (euphemism for corruption) in benefits, the lack of existence of hundreds of millions of citizens and the resulting parasitism of political machines to get them benefits of the old system.
Does anyone have anything else in mind that would work better? Or is this simply opposition for opposition sake?
(edits for clarity)
Are they, really? It's not like the government is buying people cars. They're handing out food to starving children. If people are hungry, give them food. Don't make them jump through hoops for it.
Perhaps my problem is that I see it as an American. Americans are citizens of their country whether they can prove it or not. Whether they can pass an ID scan or not. It's one of the reasons why voter ID proposals are so vocally opposed. I am a citizen, just as I am a human being. I do not need to prove it to exist. I didn't even have a Social Security number until I was an adult and wanted to start work. It wasn't until the tax authorities made SSN's mandatory to deduct dependents from your taxes that people started registering their babies at birth.
However, in some other nations, people don't think of themselves as citizens unless they have the blessing of their government in the form of a document or a registration number.
Americans look at the Soviet Union, and other failed states and worry about what happens when a particular group of people falls out of favor and can be disenfranchised with the click of a button.
I hope you mean this in jest as this privilege does not apply to vast swathes of the population.
Tell that to the undocumented immigrants. You forget that you have a birth certificate to prove you are a citizen.
1. using the introducer system (The enrollment center operator would gladly do this for you)
2. signing a checkbox that says they've lived in India for 180 days.
1. http://www.thehindu.com/news/cities/bangalore/illegal-bangla...
2. http://www.tribuneindia.com/mobi/news/jammu-kashmir/communit...
3. https://m.indiatimes.com/news/india/here-is-why-you-should-n...
My point being, the other guy is arguing that USA doesn't require identity documents, which is laughable. You need SSN just to earn money in USA.
Maybe you get a free-pass as a baby/child/orphan. But as an adult, you don't get to just "appear" onto the electronic grid of citizen presence. If there were such a mechanism and it were easy and devoid of "loops" then illegal immigrants would have exploited it by now to become citizens.
You may think you're a citizen, but you are not unless you have the blessing of your government.
My understanding was that this was the previous system. Government run warehouses with quotas, and shops that handed it out. You had to present a ration cards, as there has to be some system to stop you collecting 10 times a day & running a shop. (This would otherwise be more profitable than many people's jobs.)
And it didn't work. I forget, but maybe 80% of the wheat went missing? (Officially "eaten by rats" but really sold by officials on the side.) And this food subsidy was quite a large part of the national budget. So that's the scale of the problem which this hoped to solve. If every citizen has a number and a bank account, and you just wire them the money, then you won't lose 80%.
The American debate about ID laws is just a much smaller issue. Surely some people cheat, but the current system basically works.
As far as preventing 'leakage'--the best approach would be to not subsidize products but to move to direct benefits transfer (like food stamps in the US.) The government has been doing this anyway, for things like the LGP cooking gas subsidy. But even that has been problematic in terms of implementation. When it comes to solving corruption, we can't let technocratic bureaucrats come up with solutions in air-conditioned offices and hand-wave away the deprivation and other problems their solutions cause on the ground.
A modern state that cannot establish identity is not very useful.
(Wow, I am being downvoted).
Lack of papers is what Aadhaar is supposed to cure.
You are passing the identity buck. These people are so poor they live their whole lives without a solid roof over their head.
They don't have a birth certificate, a driver's license, a passport. The mere mention of these documents is somewhat of a cruel joke in their economic context.
They would have to give up a significant part of the benefits to middlemen in the old system.
(edited).
It used to be the case before but is no longer the case. Aadhaar, even by this very article's admission, states that "Officials estimate that taxpayers have saved at least $9.4 billion from Aadhaar by weeding out “ghosts” and other improper beneficiaries of government services."
$9.4 billion is a huge amount of money saved by the exchequer. That is almost 2% of the India's annual budget. In a country with a very small tax base, every rupee saved is an earning in itself.
First - Most of the savings which the govt has attributed to aadhar they later walked back and admited it was due to gas price reductions and not because of aadhar.
Second - auth failures result in people not getting their ration- these are then counted as savings by the govt. if they were correctly accounted as a liability not only would the savings vaporize, additional costs would appear.
This is personal for you - I am not directly affected by Aaddaar. Perhaps you should step back and ponder the question I had posed. Aadhaar strikes a raw nerve among many. Similar to the debate over ACA in the US.
I am simply trying to understand why.
In the USA for example, you need photo ID & a SSN to open pretty much any financial account or to fly. Many businesses require ID to do business with them on an adhoc basis. I also know in many countries ID is required to open any telecom account.
Is the fact that aadhaar is attached to biometrics and the fear of future genocide the root of the controversy?
Now, you must link your Aadhaar with your:
- PAN, before you can file a tax or register a company
- Bank Account, or else it could be shut down (this was pushed down the parliament via a amendment to the prevention of money laundering act)
Most countries have varying KYC-norms. However, Aadhaar is a very-weak KYC-source. It doesn't require proof of citizenship (foreigners can get aadhaar) or residence (you are required to stay for 180 days in India, but UIDAI doesn't verify this). It doesn't verify proof of residence either (it was meant as a identity document for everyone - even those without homes). Add this to the fact that UIDAI has fired half of the agencies on grounds of fraud who were responsible for Enrollment.
There are a lot more issues with Aadhaar: there is a no proper security procedure, no audit reports have been published ever, and despite the numerous breaches, UIDAI refuses to take a proper stance.
I guess you are attacking this issue keeping privacy in mind. However, from the Government's point of view, the need for linking mobile phones is to have a secured way of authenticating your Aadhaar related transactions. The Government doesn't want to end up in a liability if a situation arises where the OTP was sent to a person who later claims that the number did not belong to him in the first place. The Government is actually trying to protect itself from future litigations.
This is the same reason many services, including banks and credit card companies recommend 2-Factor Authentication. Since Aadhaar is primarily an authentication mechanism and not a tracking mechanism, authentication can only be performed either by scanning your fingerprints or via a trusted device through an OTP (in this case, your verified and trusted mobile number). Since a fingerprint scanner is not ubiquitous but a mobile is, the Government is for now relying on mobile OTP for conducting most authentications.
The AG has argued in court that mobile linking is to prevent terrorists from getting Aadhaar. This is on top of the weird order that DoT issued: https://www.huffingtonpost.in/chitranshul-sinha/no-the-supre...
(tl;dr: DoT quotes a Supreme Court ruling which questioned the government on KYC-norms for telecom industry, which the DoT conveniently reworded to mean "Aadhaar"-only)
On the other hand, somebody the government doesn't suspect can simply sign up for I.D. like anybody else and carry out an attack at their convenience.
>It now turns out that almost all the Aadhaar numbers issued till date – 99.97 per cent – have been issued to people who already had at least two existing identification documents.
Even the poorest in India have had ration cards.
[0]: https://thewire.in/law/most-aadhar-cards-issued-to-those-who...
A ration card was being issued to every Tom, Dick and Harry before Aadhaar. The purpose of a ration card was only for those below poverty line and during war times. Plenty misused it for commercial purposes. It's so much better to procure subsidized rice at 2 rupees per kg and sell it in the open market for 50 rupees per kg. Government had no way to track this corruption.
You might look at it as just a replacement for voter ID and ration card, but the real difference is felt by that poor man who is finally getting what was due to him.
>the real difference is felt by that poor man who is finally getting what was due to him.
The poor man was screwed by the middleman earlier (aadhaar does not solve quantity fraud - your fingerprint matching does not guarantee that the shopkeeper gives you exactly 5kg of your quota of ration) and continues to be screwed by the middleman. At the same time, the DBT scheme has seen intense opposition from people on the ground.
>According to a press note issued by the campaign, Rai did not deny the results of the survey that said 97% of people are unhappy with the new system.
Rai here is Jharkhand’s food minister Saryu Rai
Daily Wage laborers have been most impacted by DBT[1] in their ability to get benefits timely because of exclusion issues with aadhaar, but the government keeps marking these figures off as "savings".
[0]: https://medium.com/karana/lpg-savings-due-to-aadhaar-is-only...
[1]: https://thewire.in/rights/jharkhand-nagri-ration-pds-direct-...
If the market price of wheat is Rs. 30, and the old system was that the ration shop used to sell it at Re. 1 + the ration coupon, then the value of the coupon was Rs. 29.
If the new system was that you put Rs. 29 into everyone's bank account, then well maybe the ATM is a longer walk than the shop etc. But if the new system is to give people only Re. 1 then no wonder there's a riot!
Am I reading your [1] correctly? The problem is a 30-fold reduction in subsidy, not a new delivery infrastructure?
But while earlier it was just a walk to the shop and getting your ration card stamped, now you must:
1. Go to your bank (which may not even have a branch in your village)
2. Hope that the network is up
3. Confirm that the money has reached your account. If not, go home and retry (1) on another day
4. Withdraw the money and then go buy your ration at the subsidy shop
Edit: This the relevant quote from the article:
>Earlier, people would take their ration cards [...] and be able to purchase rice at Re 1/kg, with each member of a priority household allotted five kg. Now, [...] – money is first transferred into each household’s Aadhaar-linked bank account. They have to then withdraw this as cash, take it to the local ration dealer and buy rice at Rs 32/kg – of which Re 1/kg comes from the ration card holder [and the rest comes from the subsidy that you withdraw as cash].
Sounds like a massive business opportunity for banking. Your village may not have an ATM but I bet it has cellphone signal. Wasn't every Kenyan SMS-ing money around a decade ago?
The Kenyan-SMS has also led to a monopoly of mpesa in the market, which the RBI is trying to avoid by bringing some decent regulations in the space of digital banking.
Now you want India to stop subsiding poor? Do you even know the level difference between US and India. And history of political/economic systems?
And who should be making solutions, Internet warriors like you ? Comparing US, then bend over and gives his DNA to get a tourist visa. Hay, I gave it voluntary !
Honest question: how much does this matter?
For instance, I believe in Denmark your ID number is simply not a secret at all, no more than your name. While in the US, your SSN & address basically seems to let any crook empty your bank account.
Since paper-aadhaar is still very much accepted as a proof, just having the number is enough (in many cases) to take over someone's identity and get a new SIM issued, which you can then use for emptying the bank account.
There are also phishing scams happening with Aadhaar since it uses OTP as the authentication factor. We have OTPs as 2FA for bank transactions, and it works because the first factor is still secret (credit card number or your banking credentials). However, if your first factor is your Aadhaar number, the security goes down tremendously, since every organization under the sun is now asking your Aadhaar.
I'm tempted to wardrive Aadhaar OTPs sent over unencrypted SMS.
Can you forge one with MS Word or is it somehow more secure than that?
Weird. Maybe it's different from state to state or probably area to area. Atleast where I reside (Telangana), getting a new SIM requires fingerprint authentication followed by SMS OTP to an existing mobile number. If you do not have an existing number linked to Aadhaar, only then a fingerprint scan would suffice. I have also opened a bank account here following the same procedure. I had to get one number ported and that required multiple authentication too.
What do you mean by unencrypted SMS. How do you sms is unencrypted?
Add to this that the legal encryption limit for GSM is India is just 40 bits and you can easily wardrive SMSs
The known attacks I have come across in India include the hacker somehow coming across your sim card number and using that to get a new sim card issued in your name. A lot of people have had their bank accounts drained this way (source: social media posts)
There was another thread in an yesterday on this where someone mentioned they could just rent a cell tower in Malaysia at $10 an hour and broadcast your number as roaming there to get your messages. Also mentioned were mobile number porting attacks though I don't know how viable that would be in India.
There are so many apps with the permission to read your messages on Android. I wonder how many of these upload your messages to the cloud. An attacker could simply get the OTP from there. By creating a malicious app or attacking the database of another app uploading your messages. Also possibly your sim card number which I have seen apps broadcasting in the open, unencrypted.
Another scenario - let's say you have a prepaid connection. You go abroad on a vacation without this number or get sick or whatever, and forget to recharge your phone. The provider can stop your services and give your sim to a new user. The new user now gets all your OTPs.
There are probably more attacks. Messages to your phone are just not a safe choice for 2-factor authentication, but sadly that is the base on which aadhar is built upon. Even today one can open a bank account with just an aadhar number and an OTP. Wait till people start taking loans in others' names.
I dont know how people are ok with Aadhar. Recently the aadhar data of widows in Delhi was leaked. You can find their address and various details.
I've been to the local than to register a cyber crime. Their words: "You are lucky you lost only a few tens of thousands of RS. People are losing lakhs and the Cyber cell cant help them."
I don't think a state being strong contradicts libertarian principles. It's the state being expansive that is anti-liberty.
A strong state that limits itself to core functions (e.g. prosecuting those who resort to aggressive violence, in order to replace the law of the jungle with the law of the market) can potentially result in the most 'libertarian' possible society.
>>In a weak state like India, the local entities are thoroughly corrupt. A blue eyed/blond 6.5 foot viking can get a birth certificate in an indian province where most citizens are under 5.5 foot and caramel colored for less than a hundred dollars.
I don't think the identification system or biometric data linked to it is the main problem. The question is why it's made mandatory to use for nongovernmental services if the purpose is just to prevent people from defrauding the government?
Clearly it goes far beyond corruption of government programs.
That's why it is risky to insist that the State should "provide benefits". The more benefits from the State, the more one needs to consult the State for daily life.
This stuff isn't surprising, it's a natural extension of entitlements, it happens every time. If the government provides healthcare, it won't be long before your life choices become the government's business.
Libertarians are for a strong state capable of upholding the Law. What libertarians are against is a BIG state that goes beyond its role into the private sphere of its citizens (that's why we have constitutions and such systems to clearly define boundaries).
A man comes to you and ask you for money. He says that he is hungry. In this case, you have two options.
1. You can give him the money. But you risk being scammed, because you cannot actually check that the man is actually hungry. If you give them money, there is no way to make sure that they did not buy liquor instead of food. This is what Aadhar is supposed to solve.
2. You can offer to buy him food (not a parcel or takeaway). In this case, there is no risk of being scammed.
I think governments should try to do 2, instead of strapping on things like Aadhar in the name of doing 1, as it has a lot of chance of misuse and is vastly less reliable than 2..
As a solid implementation, instead of providing rations for rice and fuel, to prepare food, what if governments can open hotels, where one can have a solid, healthy meal for real cheap, For any one and every one who bothers to show up?
>As a solid implementation, instead of providing rations for rice and fuel, to prepare food, what if governments can open hotels, where one can have a solid, healthy meal for real cheap, For any one and every one who bothers to show up?
This is also being tried, eg amma canteen -https://en.wikipedia.org/wiki/Amma_Unavagam by Jayalalitha aka amma in the state of tamil nadu.named after the politician convicted by the ocurt for corruption and who never served a sentence. also, Indira canteen -https://en.wikipedia.org/wiki/Indira_Canteens by rahul gandhi in Karnataka. named after India's first woman prime minister(grand mother of rahul gandhi and daughter of nehru who was India's first prime minister).
hero worship and dynasty politics in food subsidy programs funded by the tax payer. The food is good though or so I hear.
Technology can certainly ease our pain, or will it make it worse?
I just hope that we have better security systems, lot of third party auditing and limits to the areas where Aadhar would be needed.
Unfortunately in a country like India to reduce corruption, improve PDS we need a better system and a well designed, maintained Aadhar system is one of the solutions. India being a democracy so many voices against it are raised unlike China, many points are valid though. However what gets me is the large scale fear mongering especially from people who have no idea about third world problems and priorities. These are the people who would give answers like 'why would X not find a job if he is so poor' ?
Well the BEST way would be to put every human being in a cell, and then have a location for it.
That way food, water, shelter, healthcare can all be given immediately.
----
The state should provide humans the ability to live their life. Aadhar however gives the state too much power, and for little actual value.
The only real way to work a state is to make those local units work.
This is the ACTUAL hard work of a nation state - but most of our best and brightest want to leave the country and go abroad.
This means anyone ethical and hardworking leaves. You can imagine what that gap implies.
The system has done some good. Mostly in the public schemes area where it was originally intended to stop corruption.
But, there are some serious issues with the system.
First is the internet infrastructure. As mentioned in the article, a lady had to register for it thrice because the system wouldn't load the data. That doesn't surprise me a bit because the internet infrastructure is so poor that even 512kbps is defined as "broadband".
There is a funny interview of a supposed Income Tax guy:
https://youtu.be/AnxrJiS5uKU?t=135
He equates "cloud computing" to actual clouds. And posits that if people's data in put in cloud and rains then the person is screwed out of his benefits. As stupid as it sounds, over reliance on Aadhar means people might not get their benefits if the Aadhar system is down. And given the poor internet infrastructure, that is a real concern.
Second is the creeping coverage. The system is slowly outgrowing is intended usage from public schemes to invading into private lives. Now telephones and banks need the data. It was promised that the data will never be used for forensics. But given the data stash, it is not stopping lower courts from trying to access it.
That's just a wrong example. He was not an officer in the government at the time of the interview. He worked for the tax department long before cloud computing was even popular.
If someone is interested in issues with aadhaar,the rethink aadhaar website has a nice FAQ[0]
[0]: https://rethinkaadhaar.in/faqs/
Most of the Aadhar numbers are disputed and many cases they made straight up fraudulent or ambiguous claims.
Not Orwellian:
* Requiring identification to get welfare benefits. The article mentions fraud is a big issue.
* Use of biometrics. It sounds creepy at first, but without a robust system of record keeping to base the ID card on, this is a good way to ensure each one is unique.
Orwellian:
* Requiring a government ID to enter a middle school art contest.
* Requiring a government ID to buy a prepaid SIM card.
they could make an orwellian system on top of it where they destroy government IDs to unperson you, but in and of itself, those aren't very orwellian.
Possibly a security measure? Schools are increasingly becoming targets for anti social elements of late. I wouldn't be surprised if the public, on its own volition, pressurizes the government to have stringent security checks in schools.
> Requiring a government ID to buy a prepaid SIM card.
You can't authenticate without Aadhaar OTP. And don't expect the government to send OTP to an unverified mobile number. That would put huge liability on the government if tomorrow you claim that the number never belonged to you. Biometric scanners are not ubiquitous, so the need for linking SIM cards for authentication.
What I read in the article sounded like the ID was required to submit an entry to the contest, not to be present in the area. I would need more information to comment on alternate reasons.
> You can't authenticate without Aadhaar OTP. And don't expect the government to send OTP to an unverified mobile number.
Authenticate what? Last time I needed a prepaid SIM card (in the US), I bought it on eBay and provided no information other than a mailing address (not mine).
1. You take a print out of the acknowledgement, sign it and send it to a centralised tax processing unit.
2. You purchase a digital signature and sign it using the same (requires you to be slightly tech savvy). Not to mention the cost of acquiring the digital signature and the fact that you need to keep renewing it every few years.
3. Just authenticate using your Aadhaar number. An OTP will be sent to your mobile number and you just need to enter the same on screen. Once verified, you have digitally signed and submitted your tax return.
I find option 3 really appealing. This is just one practical example of where one can use Aadhaar and OTP for authentication.
The fact that they used OTP (and tout it as a security feature) is so disheartening.
I am not the SIM card in my phone. Switching legal consent to a mere 6 digit OTP is a terrible idea. Even more so because SMS is unencrypted and terrible way of sending secrets. There is no recourse in the law for someone stealing your phone and signing away your entire property once e-Sign comes in force everywhere.
I'm just tempted to take a large strength antennae and build a Aadhaar-OTP Wardriving tool.
EDIT: Procedure to verify your submitted tax return: https://www.hrblock.in/guides/itrv-download-guide/
Apparently, there are other EVC methods as well (ATM/mutual fund)
I agree with you on this. Currently however, this is how it is with everything online. Take any 2-FA service. It's either SMS based or through Google authenticator/yubikey etc. To expect non tech savvy people to use yubikey or Google authenticator is going to be a hardsell.
> I'm just tempted to take a large strength antennae and build a Aadhaar-OTP Wardriving tool.
Hahaha! Provided you know the Aadhaar number for the associated OTP as well ;)
Wardriving Plan:
1. Google for '"Mera Aadhaar, Meri Pehchaan" filetype:pdf'
2. Find someone working at UIDAI on that list
I do not anywhere mention it as a security feature. I actually mention that I find it appealing as I don't want to go through the hassle of obtaining a DSC just to verify my returns. Everifying through Aadhaar is simpler. To expect someone to hack it is quite remote as it would require knowledge of multiple things: my Aadhaar number, access to my network, knowing the date and time of when I decide to file my returns, having to utilise the OTP before i use it or it expires. It's possible for a really concerted attacker but then I start to question his sanity. It's much easier to just break into my home and get me to sign at gunpoint. ;)
This is highly unusual now. For instance most countries in Europe will now need to see your passport to enable a SIM card. So India isn't an outlier. The stated reason, I believe, is terrorism. Whether this is Orwellian I leave for you to decide.
What it does enable is surveilling a person's location and some of their communication without having to do something requiring resources and the possibility of alerting the person that they're a target.
For the record, it's not unusual to be able to buy and use a prepaid SIM card anonymously in the US. There have been a couple proposals to ban it, but they came nowhere near passing.
I guess I now assume it's all so tracked as not to matter much one way or the other -- it's not like the NSA can't connect your ebay account to your name. Asking for ID just saves them a few CPU cycles, reducing everyone's carbon footprint :)
Even assuming they have continuous access to ebay, telco and mvno systems, they probably don't have continuous access to the computers of the individual reseller who's selling preloaded SIM cards. This is almost certainly one guy working out of his house.
No doubt, the NSA could hack that guy, but they'd have to do so deliberately. The connection necessary for mass surveillance is broken at this point.
It will remain linked even if I link my SIM with my Aadhaar. (The Aadhaar->SIM mapping which the government uses is maintained by UIDAI and is not given out, the SIM->Aadhaar mapping which is mandated by DoT is maintained by KYC-regulations of my telecom provider at the telco level)
Now, we're all being forced to link _everything_ to a single 12-digit Aadhaar.
The events:
1. Supreme Court asks DoT in a regular about the status of KYC for telcos and asks for all SIMs to be compliant within a year
2. DoT (department of telco) rewords the above a "direction" (it was not binding till then) of the SC and makes Aadhaar-KYC mandatory (when the original order did not mention Aadhaar in any way, just KYC)
As for the original KYC-law, I'm not entirely sure, but it has existed for decades now.
[0]: https://www.huffingtonpost.in/chitranshul-sinha/no-the-supre...
Besides the link is not two way. Case in point - a friend forgot to recharge their phone. The phone went out of service. Another person got the phone and started getting my friend's aadhar otps. Even though they got the phone using their own aadhar number. The "link your phone to aadhar when you need a new connection" has got nothing to do with "link your aadhar number to your phone in order to get authentication OTPs".
They are two entirely different processes.
When tackling fraud, you must look at 1)exclusions and 2)cost.
In the case of aadhaar, we've seen the project baloon in cost and vision over the span of two different governments. There have been savings number reported by the government that have since been redacted by the World Bank (but the government keeps claiming them). At some point, you must take stock and consider if the amount you are spending to tackle fraud in the system - is it worth it?
Also, Aadhaar is not a fraud-proof system. The most common type of subsidy-fraud (for food benefits) is quantity fraud where the shopkeeper would sign away 5kg, but only give you 4kg (and sell the other 1kg at a higher rate on the market). There is nothing in the aadhaar system that prevents it (and other kinds of fraud)
Second: Exclusions. Jharkhand, with the highest rate of authentication failures has had multiple deaths. Due to how the system works now (you receive benefits in your bank account instead of directly getting subsidized rations), it requires double the effort (which converts to one-fewer working/earning day because of the extra bank trip).
https://thewire.in/rights/jharkhand-nagri-ration-pds-direct-... is a harrowing read, if someone's interested.
>* Requiring a government ID to enter a middle school art contest.
We've gone beyond this. Nursery schools in india for toddlers now demand aadhaar numbers of both parents and the kid.
The state of Telangana, for eg is turning into a over-policed state with:
- The state police maintaining a copy of the Aadhaar Data[1]
- And using it to geo-tag each resident[2]
- And track petty crimes using aadhaar[3]
Our only hope at this point is that the Supreme Court gives a favorable verdict.
[0]: https://timesofindia.indiatimes.com/city/chandigarh/hospital...
[1]: http://srdh.telangana.gov.in/tgsrdh/DataSeeding.html
[2]: https://twitter.com/digitaldutta/status/958251786803994624
[3]: https://timesofindia.indiatimes.com/city/hyderabad/aadhaar-l...
Regarding ballooning costs, so many successful programs have had costs that exceeded the plan, so far with Aadhar there has been no evidence that the ballooning costs have been debilitating and on the contrary Aadhar seems to be helping.
On balooning costs - Yes, the scope has vastly increased:
1. it was supposed to be a YES/NO boolean API, which has since become a complete eKYC API giving third parties access to your data
2. State resident data hubs that maintain a copy of your biometrics and data to enable state level surveillance
3. Pushing of mandatory linkages has cost us thousands of crores already.
(and more that I'm missing - this is early morning IST now and I'm getting sleepy). A lot of this should not have been allowed in a scheme that was passed in the parliament as a "Money Bill". The helping part is non-proportional to the expenditure which we've seen - this is under purview in the SC hearing as well.
Also when you say the costs are not proportional to the benefits... I don’t know if it needs to be proportional, also is there a well researchered study that talks negatively about the overall value provided - I find that hard to believe ?
Usually legislature is free to spend money on programs as long as it is not against the law or constitution and judiciary can’t interfere on such matters. I don’t know what is in the scope of S.C w.r.t Aadhar - I can see some kind of violation of civil liberties within its scope... but I can’t see how cost benefit analysis is within SC’s scope. So I may not comment on it until it plays out.
Govt were anyway required for most things in India. This is just another card. The main issue would be accepting it without finger verification.
I am fully sincere about it.
Straight up Aadhar has hurt our constitution. IT was initially run without ANY legal protections or aegis.
Later it was retroactively Okayed via a money bill.
It has rarely been used for its intended purpose, but instead it has terminal feature creep and support from the state to enter every sphere of life.
The state govts are now making their own mirrored data bases of Aadhar data, which last I checked is not covered by the Aadhar law.
The aadhar agency is the only agency which can take cognizance of Aadhar offenses - making the agency its own judge and jury.
Aadhar was never meant for scam protection or prevention - take a look at the claims of the Aadhar agency.
They use clever tactics to appear to be enablers, but when put on the spot they reduce their job to "we just authenticate biometric requests" - moving the onus and responsibility for any leaks or misuse to other agencies.
What I don't understand is why they aim to replace the ID card, a smart, cheap hardware token that can be interfaced with very simple hardware, with a monstruos system where the fingerprint itself is the authentication device.
Now you need complex, finicky machines to read fingerprints and irises/faces whenever you want to do authentication and also require internet connectivity all the time; it's no longer possible to do the low tech, offline validation "ID is present, appears not forged on visual inspection and photograph matches holder". This was usually suficient in 95% of the usecases. You also lose on end to end security: if fingerprint data is duplicated, a rogue acces point can fake authentication, despite the fact that neither the govt nor the person wants that. And once the fingerprint is compromised, it stays that way forever, maybe even putting the original owner on various blacklists.
So instead of going for the low hanging fruit and build a solid electronic ID system where optional biometrics can add some value and also be protected, they overextended to a snake oil system that is actually worse in every way. A cautionary tale for government security purchases and probably the very corruption it purports to address.
And now we have https://en.wikipedia.org/wiki/DRDO_NETRA (India's version of PRISM)
This is the fundamental thing that really gets to me. Governments do not need to monitor their citizens! In fact that very concept is anathema to a free society.
I really wish people would get this and stop trotting out the usual "oh but terrorists!" type arguments. Pervasive monitoring destroys your way of life faster than any terrorist (or other justification du jour) could.
Register your protest against aadhaar here: https://www.speakforme.in/mp/?lang=en
but #2 and #3 are definitely false.
Its come up in the SC case and in the news.
1. The old govt was descended from a long line of political dynasty known for inaction and corruption.
2. Election fraud! Mine and my family members names were already voted for by members of the incumbent party when we reached the voting booth in 2014. And the election officer sipping tea at that party's booth said he couldn't do anything. As my mom explained, this wasn't the first time this happened to her. My father as an election officer was sent off to a remote place so he couldn't do anything. It was shocking to me!
3. There's real infrastructure development. The roads don't have potholes anymore, they are noticeably cleaner and I was almost ticketed for throwing trash on the road last time I visited.
4. We know the risk of what's happening but this is the best choice we've got. The other political leaders are/were directly involved in scams.
5. The govt is pro-middle class tax paying people. We work hard and pay taxes and we deserve our own guy in charge for a change. The previous govts' direct welfare schemes have failed for 70+ years. We should try trickle down economy for a while. Our maids, drivers, etc have noticeably grown richer with general wage rise in cities. If the super rich also profit from it then its good for them too.
http://m.timesofindia.com/india/China-mocks-Indias-democrati...