How not to screw up your National ID (Aadhar)

swatkats

Skilled
At an ISOC Asia Pacific meeting on privacy last week, a representative of a government asked about how we can have National ID systems that protect privacy. From what I gathered from conversations that followed, several governments are looking to set up National IDs in the Asia Pacific region.

While having National ID system is by itself problematic, here’s a quick list I made, for how not to screw up your National ID, IF you want to have one despite its risks, along with an explanation for each point:

1. Make it optional: A mandatory National ID is a recipe for surveillance and runs the risk of citizens data being compromised in one way or another. Even an optional National ID stands the chance of becoming “voluntary but mandatory” – as the joke about Aadhaar goes – where making it mandatory for services that cover almost the entire population, such as getting mobile services, means that it becomes mandatory for the entire population. Remember that data will get collected, stored, shared and compromised. By making it mandatory, you rob people of the choice of not getting a National ID, and thus rob them of the option of protecting themselves against potential hacks, leaks and malafide intent and persecution from future or current dictators.

National ID’s, and associated data, do get hacked and leaked. Estonia, the poster child of digital governance, has had to suspend its digital ID cards. Spain is facing similar issues. 143 million social security numbers compromised in the US. At least 130 million Aadhaar numbers published online by the government in India.

2. Make it one of the many ID’s for authentication: Federated means of identification ensures that people can identify themselves where needed without necessarily compromising the only ID they have. A credit card theft doesn’t affect a debit card usage. A theft of a drivers license as an identity doesn’t affect collection of bank subsidy. However, the more linkages you create for a single ID, and the more places people use it, the risk of identity theft increases. By limiting usage – for example, for bank accounts, mobile phones, college exams, mutual funds, stock market trading, to a single ID, you run the risk of making that National ID a single point of failure for an individual. Databases will get compromised. Thus, you also run the risk of making it a single point of failure for your entire citizenry/population.

3. Give control to users, to change and revoke an ID: every instance of usage should be shared with the user who is supposedly using the ID, just like with messages and cash withdrawal. This helps because in case the ID is compromised, users can then contact the ID authority or the data controller, and ask them to revoke or freeze usage. The most important aspect of this is that the ID number must not be a permanent, non-changeable number. The Indian passport, for example, once stolen, is re-issued with a different number. There is also the issue of bounded rationality: that people don’t necessarily fully understand the implications of what they’re signing up for. Thus, if they feel, say a few years later, that having a National ID puts them at risk of their data getting misused or compromised, they must have the right to revoke it. Consent should not be forever.

4. Enforce the usage of derived authentication/pseudomisation: The usage of derived identification numbers, or of artificial and/or temporary identification numbers means that the core National ID does not typically get exposed. This means that each derived ID has a limited use case and/or a limited shelf life, and thus this mitigates the potential harm from a single ID leaking or being exposed. A National ID by itself should never be a means of identification. For example, see what Austria has done.

5. Give citizens legal right to recourse: A legal recourse is a deterrent against misuse. While it may sound inexplicable that someone cannot sue an entity that has stolen their data, or sue a data controller (which holds data) against improper storage/security or conduct when it comes to processing or storage of this data, that has what has happened in case of India’s National ID project, Aadhaar. There is no legal deterrent against, say, publishing data online, which has been done by 210 government websites, and just four of which have led to the publishing of data for 130 million. A option of a legal recourse against something that compromises your personal data acts as a deterrent against such acts. All it takes is for one case to make everyone change the way they operate.

6. Purpose limitation for national ID usage: A National ID that is digitally linked to, and can authenticate a large number of services is likely to be seen as a key reason, and a significant convenience, for having a national ID. However, it’s important to not link the National ID for things where it is not absolutely necessary, where you don’t have an option for something to function without a linkage of that ID. The more the use cases for the National IDs, the more the risks of social hacks that can compromise even the most digitally literate citizens. This leaves the illiterate and the digitally illiterate, or neophytes, even more vulnerable: they do not know the risks of the consent that is given. This is where a consent is insufficient. Most importantly, the National ID should not be linked to sensitive personal data, such as DNA banks, Health records etc. The National ID becomes especially problematic when it is linked to external, non governamental databases such as mobile numbers, and used to share personal data with a mobile operator, given that governments, ID authorities do not necessarily have the wherewithal or capacity to monitor the security practices of third parties.

7. No biometric authentication: I can’t emphasise this enough. Biometric information is a permanent identifier, and can be easily compromised. Fingerprints can be copied from high resolution photographs, or from that glass that you just held. So can the iris. Social hacks can lead to copying of fingerprints, say, if someone puts a fake authentication machine before you, before they place a real one. Sure, credit cards can be copied too, but cards can be replaced. Your fingerprints cannot. If you have a permanent ID (say, Aadhaar) and a permanent password (your fingerprint), one getting compromised means someone only needs the other factor, and you’re compromised forever. Note that mobile One Time Password isn’t secure either, and has been used in hacks in the past, and mobile networks operate on a maximum of 44 bit encryption.

Outside of security, also note that digital, biometric authentication suffers from other issues: for example, lack of Internet connectivity for authentication, fingerprints getting worn out – an issue for manual labourers and the aged. Such situations could end up depriving those who really need it, for their benefits.

8. Data protection law comes BEFORE national ID: One of the key mistakes that India made with its National ID (Aadhaar), was that a data protection law isn’t there yet, but the National ID has been around for almost seven years. An Act governing the National ID wasn’t even passed until almost five years of the ID being around. Thus, no privacy principles have been established, and no norms regarding data collection, storage, transfer, linkages, sharing and disposal are in place. There are no penalties in place for violations of these norms either. It’s a free-for-all. Do not do this.

9. Don’t hurry, don’t push for 100% penetration: Undue haste and the creation of deadlines for enrolment for a national ID can create panic for citizens, and such situations lend themselves to exploitation and faud, especially in scenarios where people are being denied their entitlements, or run the risk of key accounts – like their bank account – getting frozen for lack of having a mandatorily linked ID. Don’t subvert democracy for increasing speed of enrolment. Instead, if you must have a National ID, roll it out without undue haste, at peoples convenience, with improved checks and balances. Above all, don’t be daft enough to outsource enrolment to third party agencies, paying them on a per enrolment basis, which then creates a perverse incentive of maximising enrolments. Speed causes more harm than good here.

10. A budget for citizen awareness, education and grievance redressal: Something as significant as a national ID project can lend itself to a lot of misinformation and misinterpretation. There are also likely to be several issues related to enrolment and registration, as well as authentication.

This is, of course, is besides the point that there are excellent reasons for not having a national ID:

1. Linking multiple databases to a single ID is harmful for citizens, and puts them at risk. it is more likely to form the basis of a mass surveillance system, and has a risk that a fascist regime can use it for ethnic cleansing or segregation.

2. It doesn’t address terrorism or volume based pilferage of benefits, which are likely to continue despite a national ID. I can in fact be used to deny people benefits.

3. It also creates a new power center, from the perspective of a single body which has the power to delist an individual from the database, thereby delinking them from essential services (if those are linked to a national ID).

4. It’s also worth nothing that data is a toxic asset, and the harms of losing data when it leaks or gets hacked is far greater than the benefit of collecting and storing that data.


Source: https://www.medianama.com/2017/11/223-how-not-to-screw-up-your-national-id-india-aadhaar/ (published under CC-BY. You are free to crosspost it, as long as you attribute the author and the publication, and link back to it. )
 
I believe UADAI is working on proposal to generate a temporary adhaar number (will work just like virtual credit card). But this is just at proposal state. Nothing concrete yet.
 
I believe UADAI is working on proposal to generate a temporary adhaar number (will work just like virtual credit card). But this is just at proposal state. Nothing concrete yet.
Don't hold your breath. It was pulled out of Nilkeni's southern end when there was news about data leak in aadhaar database.
 
I don't see the utility of linking voting to Aadhaar. For starters, how exactly is it going to help?

There is no dearth of fake aadhaar numbers in the system and many genuine citizens still don't have them due to its dependency on bio-metrics which cannot be collected from people who lack those. Such people will lose their right to vote So, If its s just going to be used a voting barrier, its not going to be of much help.

On the other hand, if its going to be used to validate the votes after the voting process, then it means that some identifying/verification data has to be stored along with registered votes which is dangerous if not implemented properly as such data can be accessible to the ruling govt to exploit.
 
Aadhaar: Govt Tries to Push Commercial Use of the UID through Amendment Despite Ban by SC
The central government's doublespeak on Aadhaar, the 12-digit unique biometrics-linked identification number, continues. Despite the five-judge constitutional bench of Supreme Court barring use of Aadhaar for commercial purpose, the government is amending several laws like the Aadhaar Act, Indian Telegraph Act and Prevention of Money Laundering Act (PMLA) to bring back the validity of mandating or using Aadhaar for various purposes. On Wednesday, Ravi Shankar Prasad, minister of law and justice, introduced Aadhaar and Other Laws (Amendment) Act 2018, in the Lok Sabha.​


$$$$$$$$$
 
There are unlicensed aadhaar service providers all over the place in every city and town now with access to their enrollment clients. UIDAI is like covering their ears and eyes going LA LA LA... There is no aadhaar abuse.
 
Aadhaar Data Breach Largest in the World, says WEF’s Global Risk Report and Avast

The World Economic Forum (WEF)'s Global Risks Report 2019, says, "The largest (data breach) was in India, where the government ID database, Aadhaar, reportedly suffered multiple breaches that potentially compromised the records of all 1.1 billion registered citizens.

It was reported in January 2018 that criminals were selling access to the database at a rate of Rs.500 for 10 minutes, while in March a leak at a state-owned utility company allowed anyone to download names and ID numbers."

gRKGofzcQapwG8LHtyN07P2w9dHUBBkyDjOoTL2aYmkIE7p68nhEkJZJTqEg0lJtaXPwZCDjVZ5SjHCy66eOJ4Qe-j6MU2rxVIoDwaGsqgM0nrCQ0dcWURoeNpOHO8GVzrZo_tjM


 
Same page in that link was this:

https://www.moneylife.in/article/aa...s-finds-french-security-researcher/56383.html

Indane gas leaking aadhaar info of its customers. As usual,

Indian Oil has denied reports of any data leak from Indane website. In a tweet, it says, "Indian Oil in its software captures only the Aadhaar number, which is required for LPG subsidy transfer. No other Aadhaar related details are captured by Indian Oil. Therefore, leakage of Aadhaar data is not possible through us."
 
If there's ever a doubt that this govt has several quid pro quo dealings this would be it.

I for the life of me can't understand why people cannot see that this govt is totally anti people and anti privacy. It smacks of an egoistic and self serving attitude.

From telecom to aviation to oil and gas.. they accused Congress of being cahoots with corporates well wtf would this be then?
 

This govt is so anti people and people fail to see it even when the govt is biting them. The faster BJP goes out of govt, the better it is for India. The way this is, its like corporate entities buying the govt in USA and passing regulations etc to suit their needs and suppress openness and accountability to citizens. All this hack methods the BJP is doing to pass Aadhaar and other bills makes you wonder how people still respect them. If aadhaar was so good, why go about pushing it on the people in such a forced manner and by using such tactics? Makes you wonder how many other bills they have passed without the general people knowing anything about it.
 
The issue with Aadhar is the overall ecosystem.

It is illogical to defend Aadhar by saying that the UIDAI database has not been breached or for Indane to say that it did not ask for customer addresses when it asked for Aadhar.

It is like a credit card company saying that credit card fraud is not possible because its database is in some secure location that has never been breached

BTW, no government is going to let go of Aadhar now that it is in place
 
Last edited:
Back
Top