11066 - How to fix Aadhaar: Destroy the database, issue a smartcard and make linking to services optional - First Post

By Aditya Madanapalle /  17 Apr 2017 , 10:21

So far, various people and agencies associated with Aadhaar have repeatedly proclaimed that the Aadhaar database is adequately secured. The list includes the Unique Identity Authority of India (UIDAI), UIDAI CEO Ajay Bhushan Panday, the Minister of State for Electronics and IT PP Chaudhary and IT Minister Ravi Shankar Prasad, who did it twice. The statements were in response to reports of various breaches and leaks in the wider Aadhaar ecosystem, but not in the Aadhaar database itself.

Arun Jaitley responded to concerns of data breaches in the Rajya Sabha, by saying “If firewalls can be broken, and hacking can be done, it will be done whether Aadhaar is there or not. Don’t say it is due to Aadhaar.”

Jaitley is missing the point, however. It is difficult to hack a database that does not exist.

The very existence of an Aadhaar biometric database makes it a high value target. Harsh laws can apply to Indian citizens, but it is difficult to bring to task state-sponsored foreign hackers.

Any database of the intimate details of the bodies of people is something that unnecessarily exposes the people to risk. The Aadhaar database can be repurposed for other uses, just because the database is there. Swarna Subba Rao, Surveyor General of India, while launching the Nakshe mapping service said, “We wanted to make passport mandatory for this service, but then not all people have passports, so we have made Aadhaar mandatory for people.”

This is despite the fact that the Aadhaar Act clearly states that “The Aadhaar number or the authentication thereof shall not, by itself, confer any right of, or be proof of, citizenship or domicile in respect of an Aadhaar number holder.”

A more insidious use for the service took place when the UIDAI itself asked the SC to not use Aadhaar for criminal investigations. The Goa Police, however, were handed over the biometric details of citizens, even though Aadhaar was not meant for that purpose.

The problem is that no biometric authentication system in the world is a hundred percent accurate. When finding a match with the Aadhaar database, the UIDAI itself claims a false positive rate of 0.057 percent. In the population the size of India, this marginal failure rate, as well as the false positive rate, can disproportionately affect lakhs of people if Aadhaar is not used for what it was built for, and the reason that the people of India have trusted the government with their biometric information.

Rajesh Bansal, senior advisor at Bankable Frontier Associates and former assistant director general at UIDAI has indicated that the fingerprints are themselves not stored on the server used for Aadhaar authentication, instead the database only stores the templates of the fingerprints needed for verification.

“We have various levels of firewalls and end to end encryption mechanisms to ensure that only authorised entities have access to the Aadhaar database. Also, fingerprints are never stored on the servers, only the templates are stored. Till now, there hasn’t been a single case of any compromise on our data” Bansal has said.

A biometric database is a civil rights issue, which is why developed countries such as the United States, the United Kingdom, Canada, France and Australia have resisted the creation of biometric databases for national identity schemes. In fact, a biometric database that was being maintained for five years was destroyed in the United Kingdom over concerns of privacy, and to “to scale back the power of the state and restore civil liberties.” Most of the goals of the UIDAI can be achieved without the need for a biometric database.

A biometric database gives the government too much unnecessary power over its citizens and the government is unnecessarily involved in the daily lives of the people. The PAN card, filing Income Tax returns, having a driving license, registering a vehicle, owning a SIM card and booking railway tickets are all in some way or other being linked to the Aadhaar database. The government can authenticate and verify identity without the need for having a biometric database. The Electronic Frontier Foundation recommends protests against any government that chooses to implement a national biometric database.

Experts in cybersecurity believe that the Aadhaar ecosystem needs to be secured better. The UIDAI and the authorities are repeatedly dodging the question of the security of the Aadhaar ecosystem by pointing out the flawless record of the Aadhaar database. The question of security is being addressed with more or less the same response, but the question of Privacy is also getting increasingly urgent. The situation is made worse by the lack of any dedicated laws on data security and privacy in India.

One of the problems with Aadhaar is that it is not an actual smartcard. A hacked smartcard can be replaced with a new one, but biometrics cannot be replaced. Once they are hacked, people cannot regrow their fingers or replace their eyeballs. Even though Aadhaar is being mandatory for a number of reasons, it is not practically of any real use.

It cannot be used as a proof of identity or citizenship, according to the Aadhaar act. However, it is still used for banking services and for getting a passport. This begs the question: Why not use it as an identity proof?

There is no reason why a smart Aadhaar card cannot be used as a proof of identity or citizenship. If Aadhaar is linked to the PAN card, the bank accounts, the driving license, the passport and other documents, there is no reason why Aadhaar cannot be used instead of all these plastic cards.

The Aadhaar system exists in the air right now, without any physical presence or control in the hand of the users. Some may be fooled into thinking that as long as one is in possession of one’s own fingers, it cannot be hacked. This is, however, not necessarily true. Hacking fingerprints is surprisingly easy and low tech, and can even be achieved with just a candlestick.

In fact, if the merchant is unscrupulous, handing over your biometric information to pay for groceries is as much as a security risk as handing over the merchant your banking password. If a smartcard is used to authenticate transactions, there is that much less of a security risk, as in case of theft or loss, the smartcard can simply be replaced with a new one.

Would you tell a shopkeeper your debit card's PIN? No. Then why share your fingerprint? A fingerprint is like an unchangeable PIN. #Aadhaar

The Aadhaar card stands to benefit the citizens of the nation in a much better way if it is actually implemented as a smart card. This thought is such a natural progression over the very idea of a nationalised identity system, that the government has actually asked its users to not fall for Aadhaar “Smart Card” scams, where the Aadhaar details were being printing on plastic cards.

The Aadhaar system, if implemented correctly, can actually make life easier for the citizens. One of the important aspects about this is giving the choice to the user, instead of making it increasingly difficult for users to choose not to get an Aadhaar card.

Giving a deadline for integration with third party services, puts unnecessary pressure on the citizens to get an Aadhaar card. Caregivers of the mentally ill, senior citizens and the differently abled are disproportionately affected by harsh deadlines. Aadhaar was initially introduced as an optional program, but it has been increasingly integrated into the daily lives of people.

Just as the UIDAI dodges questions on the security of the Aadhaar ecosystem by pointing out that the Aadhaar database is adequately secured, the UIDAI blames third parties for any issues that pop up with linked services. For example, if users have a problem with the Aadhaar number being linked to the Pan card, the blame for setting a harsh deadline goes to the Income Tax department, and not UIDAI.

Another major concern was the linking of Aadhaar for the distribution of benefits. Here, Aadhaar has shown its usefulness. Implementation of Aadhaar has saved the government Rs 36,144 crore over a period of just two years. In one smooth operation, over one million farmers in Karnataka received benefits, through direct dispersal.

However, the Supreme Court has ruled that those without an Aadhaar card should not be deprived of benefits. The government subsidies and benefits continued to be distributed even for those without an Aadhaar card, but there is a caveat. The actual implementation on the ground is a Hobson’s choice — you can either have an Aadhaar card or be in the process of getting one. In the same ruling, the SC said that the government cannot be stopped from using Aadhaar for authentication purposes, such as in the filing of income tax returns.

If there is no biometric database, the Government can take a number of approaches for a national identity program, without making it a civil rights concern. Giving the citizens granular control on what services they use Aadhaar for gives them the convenience of a digital identity, and at the same time takes away unnecessary power from the hands of the government.