How Does Aadhaar Compare With Other ID Systems In The World & How To Secure Its Leaky Database

Aadhaar was designed to cut out the middleman, eradicate corruption and ensure subsidized goods and services (on behalf of the state and central government) reached the final, intended recipients. Sounds like a great concept in theory, right?

Jayesh ShindeUpdated: Jul 19, 2017, 12:00 IST

To say that India is obsessed with Aadhaar of late would be an understatement.

The government, in May, announced that it will be compulsory to add the Aadhaar details to bank accounts by December 31 this year, failing which the banks will invalidate them. Those opening a bank account will also need to have an Aadhaar card. Additionally, transactions of Rs 50,000 and above will also need an Aadhaar card.

Aadhaar is arguably the world's largest biometric identification system, and from a benign system designed to do good, it's turning into somewhat of an Orwellian nightmare, where the state can easily infringe upon its citizen¡¯s right to privacy. Everything from your bank accounts, private micro-payment systems, airline and telecom companies, and more are demanding an Aadhaar card to ascertain your identity. With increased demands for Aadhaar authentication comes the risk of abuse. Like the recent alleged Reliance Jio data hack, when a recent report on a website claimed that sensitive details, including mobile and Aadhaar numbers, of millions of subscribers were leaked online. Is that fair and is it right?

How Does Aadhaar Compare With Other ID Systems In The World & How To Secure Its Leaky Database

REUTERS

Aadhaar was designed with an aim to cut out the middleman, eradicate corruption and to ensure that subsidised goods and services (on behalf of the state and central government) reach the deserving recipients. Sounds like a great concept, in theory, right? But then the cracks started to emerge. The Aadhaar database has some serious security holes in it, and it¡¯s been leaking data steadily for a long time. Just recently, the single largest data breach revealed private information of 13 crore Aadhaar Card Holders online.

The reality is simple. Whether you like it or not, Aadhaar is here to stay; and along with it the biometric data - fingerprints, iris scans - of over 100 crore Indians hangs in the balance. It cannot be simply wished away anymore. It¡¯s a technological and legal problem that needs to be solved to prevent further damage.

How do Aadhaar like systems work in other parts of the world

The biggest debate around Aadhaar right now is whether enrollment should be made mandatory, and become the central identity authentication tool used in the private sector, too.

Aadhaar is certainly one of its kind when it comes to the scale anywhere in the world, but other countries have tried issuing government identity proofs. While Indonesia started rolling out its eKTP national identification system since 2006, issuing an electronic card which contains fingerprints of citizens that must be reissued every five years, Malaysia has one of the oldest biometric identification systems in the world called MyKad, which was introduced in 2001.

How Does Aadhaar Compare With Other ID Systems In The World & How To Secure Its Leaky Database

AFP

While the Indonesian eKTP seems to be benign and not necessarily used as an identity authentication tool, the Malaysian MyKad system has penetrated into the chip-enabled card being as the single point of identification and authentication in places like ATM kiosks, at toll booths on highways, electronic cash for micropayments and digital certificate as a public identifier.

In fact, the Malaysian MyKad enrollment is apparently compulsory for citizens and the card must be carried on their person at all times - not doing so can incur heavy monetary fines and even imprisonment for up to three years, according to reports.

It¡¯s not difficult to imagine a similar scenario with Aadhaar in India sometime in the future, where carrying it on your person becomes a legal necessity and having it as a central authentication tool a way of life - severely sacrificing a citizen¡¯s sense of privacy. But what¡¯s even scarier is the thought that you are not in control of your identity - that there exists a centralized database of your fingerprints and iris scans that can be used by the government and third parties without your knowledge - as opposed to all of that residing offline in a chip enabled card that you have complete control over as to when or when not to use.

Is Aadhaar similar to Social Security Number in the USA? In one word - No

For good reason, the so-called first world (Western democracies) have been vehemently opposed to centralised biometric databases and identity registries, precisely with regards to prevent the abuse of its citizens¡¯ right to privacy.

The Social Security Number (SSN) is a tool to ascertain the income of any American individual and calculate the amount of social security credit they¡¯re entitled to - based on their individual financial health. The US issues SSNs only to its citizens and doesn¡¯t collect any biometric data of the individuals that are enrolled in the scheme. Aadhaar, on the other hand, is an identity authentical tool with biometric markers to ascertain an individual¡¯s identity. This is not the only place where the similarities between Aadhaar and SSNs end. There¡¯s more.

Where SSN is a dumb number that¡¯s attached to an individual¡¯s profile in a company or US government agency¡¯s database, Aadhaar is a tool for authenticating a person¡¯s identity. Think of it like a digital key or a username and password of sorts which authenticates you into a digital system, wherever you¡¯re trying to prove that you are in fact you - in the eyes of the authority.

How Does Aadhaar Compare With Other ID Systems In The World & How To Secure Its Leaky Database

AFP

Increasingly, with Aadhaar, the authority can mean not just government agencies but also private entities -- for instance, Microsoft recently launched a version of Skype for India with Aadhaar authentication embedded within. Earlier, last year, and even now, Reliance Jio subscriptions required Aadhaar authentication of customers -- that¡¯s right, Reliance was pulling in Aadhaar data to confirm whether the fingerprints of a person waiting in line for the Jio SIM card matched with his or her Aadhaar card or not. The US¡¯ SSN was strictly meant for use by government agencies, but its abuse by the private sector has been identified as a crucial link for the rising number of identity thefts in America.

Ultimately, there are federal and state-level laws in the US that restrict the use of SSN across different government databases as a marker to identify a person¡¯s identity. Aadhaar, on the other hand, has been spearheaded by the government as a token across databases to identify someone within the country, to the extent where they leave a trail of transactions - in the bank, while booking an airline ticket, train ticket, buying a SIM card, and more.

Lastly, where the US firmly decided against encapsulating its citizens¡¯ biometric profile to the Social Security Number cards back in 2007, Aadhaar¡¯s use and proliferation is only going to increase in the days and months to come, as the government is pushing hard for its adoption across different central and private database systems.

How to secure Aadhaar like databases to prevent data breaches?

We all know that Aadhaar is leaky. In the face of this reality, there are only two alternatives that we have - either to destroy Aadhaar or plug its security holes in a way that they don¡¯t get exploited in the future (the latter is no easy feat). Maybe biometric databases are inherently doomed from a security perspective, who knows?

Mr Altaf Halde, who's the Managing Director at Kaspersky Lab - South Asia, a leading security company, has some important thoughts on the matter. "With the widespread adoption of biometrics, we have seen its amazing security slip. The technology¡¯s popularity is actually a major contributing factor to this slide, for two reasons. First, security specification standards for consumer goods are lower than they are in mission-critical implementations. Second, a broad field of easily obtainable gadgets gives criminals a huge test bed of consumer devices to experiment with and find more and more vulnerabilities for their own benefit, of course. The rapid development of 3D printing has also contributed to biometrics¡¯ vulnerability."

"Fortunately, biometric data is not stored as is," explains Mr Halde, "A server receives only hashed scanning results, making outright theft a less-attractive option. Nonetheless, criminals can still use methods such as man-in-the-middle attack, inserting themselves into the data transfer channel between an ATM and a processing centre to steal users' money, for instance."

As far as securing digital systems and databases online is concerned, it¡¯s important to take into consideration the potential of human error as the weakest link in the chain. Technology, of course, is a core part of any solution for dealing with malware, according to Mr Halde. But he believes it would be unwise to ignore the human dimension of security. He adds further, ¡°In the real world, we know that burglar alarms, window locks and security chains on the front door can be effective ways to secure a property. But they won¡¯t prevent an unsuspecting victim from jeopardising their security by opening the door to a stranger. Similarly, a corporate security strategy will be less effective if it doesn¡¯t address the human element. We need to find imaginative ways of ¡®patching¡¯ human resources as well as securing digital resources."

Finally, it's one identity versus multiple identities versus privacy versus...

When you think about Aadhaar, think about this: All of us have multiple identities online. Our identity on Facebook is different from that on Twitter; similarly what we share on Tinder is starkly different from what we share on LinkedIn, which is slightly different from the kind of conversations we have on Quora. And if anyone came to know of our secret profiles on X-rated websites. And what we are offline, away from our online persona, is something different altogether.

Now imagine if all of our multiple identities across these multiple websites were fused into one by a giant corporation, behind our back, in violation of the individual terms and conditions we signed up for when we willfully created an account on each one of them. Wouldn't that be scary? Wouldn't it be a violation of our trust? Imagine what a business-driven, profit-oriented corporation would do with that kind of intimate data -- data that which we thought was private, our own.

While it may have our best interests at heart, we expect our government to be at least slightly more sympathetic to our cause with our Aadhaar data than what a private corporation would ever be. Because there is absolutely zero margin for error, when the stakes are so stratospherically high.

Jayesh Shinde

Trespassing through the world of tech. <strong>Like A Boss!</strong>

23/11/2024 10:53:29
seductrice.net
universo-virtual.com
buytrendz.net
thisforall.net
benchpressgains.com
qthzb.com
mindhunter9.com
dwjqp1.com
secure-signup.net
ahaayy.com
tressesindia.com
puresybian.com
krpano-chs.com
cre8workshop.com
hdkino.org
peixun021.com
qz786.com
utahperformingartscenter.org
worldqrmconference.com
shangyuwh.com
eejssdfsdfdfjsd.com
playminecraftfreeonline.com
trekvietnamtour.com
your-business-articles.com
essaywritingservice10.com
hindusamaaj.com
joggingvideo.com
wandercoups.com
wormblaster.net
tongchengchuyange0004.com
internetknowing.com
breachurch.com
peachesnginburlesque.com
dataarchitectoo.com
clientfunnelformula.com
30pps.com
cherylroll.com
ks2252.com
prowp.net
webmanicura.com
sofietsshotel.com
facetorch.com
nylawyerreview.com
apapromotions.com
shareparelli.com
goeaglepointe.com
thegreenmanpubphuket.com
karotorossian.com
publicsensor.com
taiwandefence.com
epcsur.com
mfhoudan.com
southstills.com
tvtv98.com
thewellington-hotel.com
bccaipiao.com
colectoresindustrialesgs.com
shenanddcg.com
capriartfilmfestival.com
replicabreitlingsale.com
thaiamarinnewtoncorner.com
gkmcww.com
mbnkbj.com
andrewbrennandesign.com
cod54.com
luobinzhang.com
faithfirst.net
zjyc28.com
tongchengjinyeyouyue0004.com
nhuan6.com
kftz5k.com
oldgardensflowers.com
lightupthefloor.com
bahamamamas-stjohns.com
ly2818.com
905onthebay.com
fonemenu.com
notanothermovie.com
ukrainehighclassescort.com
meincmagazine.com
av-5858.com
yallerdawg.com
donkeythemovie.com
corporatehospitalitygroup.com
boboyy88.com
miteinander-lernen.com
dannayconsulting.com
officialtomsshoesoutletstore.com
forsale-amoxil-amoxicillin.net
generictadalafil-canada.net
guitarlessonseastlondon.com
lesliesrestaurants.com
mattyno9.com
nri-homeloans.com
rtgvisas-qatar.com
salbutamolventolinonline.net
sportsinjuries.info
wedsna.com
rgkntk.com
bkkmarketplace.com
zxqcwx.com
breakupprogram.com
boxcardc.com
unblockyoutubeindonesia.com
fabulousbookmark.com
beat-the.com
guatemala-sailfishing-vacations-charters.com
magie-marketing.com
kingstonliteracy.com
guitaraffinity.com
eurelookinggoodapparel.com
howtolosecheekfat.net
marioncma.org
oliviadavismusic.com
shantelcampbellrealestate.com
shopleborn13.com
topindiafree.com
v-visitors.net
djjky.com
053hh.com
originbluei.com
baucishotel.com
33kkn.com
intrinsiqresearch.com
mariaescort-kiev.com
mymaguk.com
sponsored4u.com
crimsonclass.com
bataillenavale.com
searchtile.com
ze-stribrnych-struh.com
zenithalhype.com
modalpkv.com
bouisset-lafforgue.com
useupload.com
37r.net
autoankauf-muenster.com
bantinbongda.net
bilgius.com
brabustermagazine.com
indigrow.org
miicrosofts.net
mysmiletravel.com
selinasims.com
spellcubesapp.com
usa-faction.com
hypoallergenicdogsnames.com
dailyupdatez.com
foodphotographyreviews.com
cricutcom-setup.com
chprowebdesign.com
katyrealty-kanepa.com
tasramar.com
bilgipinari.org
four-am.com
indiarepublicday.com
inquick-enbooks.com
iracmpi.com
kakaschoenen.com
lsm99flash.com
nana1255.com
ngen-niagara.com
technwzs.com
virtualonlinecasino1345.com
wallpapertop.net
casino-natali.com
iprofit-internet.com
denochemexicana.com
eventhalfkg.com
medcon-taiwan.com
life-himawari.com
myriamshomes.com
nightmarevue.com
healthandfitnesslives.com
androidnews-jp.com
allstarsru.com
bestofthebuckeyestate.com
bestofthefirststate.com
bestwireless7.com
britsmile.com
declarationintermittent.com
findhereall.com
jingyou888.com
lsm99deal.com
lsm99galaxy.com
moozatech.com
nuagh.com
patliyo.com
philomenamagikz.net
rckouba.net
saturnunipessoallda.com
tallahasseefrolics.com
thematurehardcore.net
totalenvironment-inthatquietearth.com
velislavakaymakanova.com
vermontenergetic.com
kakakpintar.com
jerusalemdispatch.com
begorgeouslady.com
1800birks4u.com
2wheelstogo.com
6strip4you.com
bigdata-world.net
emailandco.net
gacapal.com
jharpost.com
krishnaastro.com
lsm99credit.com
mascalzonicampani.com
sitemapxml.org
thecityslums.net
topagh.com
flairnetwebdesign.com
rajasthancarservices.com
bangkaeair.com
beneventocoupon.com
noternet.org
oqtive.com
smilebrightrx.com
decollage-etiquette.com
1millionbestdownloads.com
7658.info
bidbass.com
devlopworldtech.com
digitalmarketingrajkot.com
fluginfo.net
naqlafshk.com
passion-decouverte.com
playsirius.com
spacceleratorintl.com
stikyballs.com
top10way.com
yokidsyogurt.com
zszyhl.com
16firthcrescent.com
abogadolaboralistamd.com
apk2wap.com
aromacremeria.com
banparacard.com
bosmanraws.com
businessproviderblog.com
caltonosa.com
calvaryrevivalchurch.org
chastenedsoulwithabrokenheart.com
cheminotsgardcevennes.com
cooksspot.com
cqxzpt.com
deesywig.com
deltacartoonmaps.com
despixelsetdeshommes.com
duocoracaobrasileiro.com
fareshopbd.com
goodpainspills.com
hemendekor.com
kobisitecdn.com
makaigoods.com
mgs1454.com
piccadillyresidences.com
radiolaondafresca.com
rubendorf.com
searchengineimprov.com
sellmyhrvahome.com
shugahouseessentials.com
sonihullquad.com
subtractkilos.com
valeriekelmansky.com
vipasdigitalmarketing.com
voolivrerj.com
worldhealthstory.com
zeelonggroup.com
1015southrockhill.com
10x10b.com
111-online-casinos.com
191cb.com
3665arpentunitd.com
aitesonics.com
bag-shokunin.com
brightotech.com
communication-digitale-services.com
covoakland.org
dariaprimapack.com
freefortniteaccountss.com
gatebizglobal.com
global1entertainmentnews.com
greatytene.com
hiroshiwakita.com
iktodaypk.com
jahatsakong.com
meadowbrookgolfgroup.com
newsbharati.net
platinumstudiosdesign.com
slotxogamesplay.com
strikestaruk.com
techguroh.com
trucosdefortnite.com
ufabetrune.com
weddedtowhitmore.com
12940brycecanyonunitb.com
1311dietrichoaks.com
2monarchtraceunit303.com
601legendhill.com
850elaine.com
adieusolasomade.com
andora-ke.com
bestslotxogames.com
cannagomcallen.com
endlesslyhot.com
iestpjva.com
ouqprint.com
pwmaplefest.com
qtylmr.com
rb88betting.com
buscadogues.com
1007macfm.com
born-wild.com
growthinvests.com
promocode-casino.com
proyectogalgoargentina.com
wbthompson-art.com
whitemountainwheels.com
7thavehvl.com
developmethis.com
funkydogbowties.com
travelodgegrandjunction.com
gao-town.com
globalmarketsuite.com
blogshippo.com
hdbka.com
proboards67.com
outletonline-michaelkors.com
kalkis-research.com
thuthuatit.net
buckcash.com
hollistercanada.com
docterror.com
asadart.com
vmayke.org
erwincomputers.com
dirimart.org
okkii.com
loteriasdecehegin.com
mountanalog.com
healingtaobritain.com
ttxmonitor.com
nwordpress.com
11bolabonanza.com