<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C700italic%2C400%2C700">Countries applying biometrics Archives « Aam JanataSkip to content

Under the Aadhaar system, all Indian citizens are being allotted a unique twelve-digit identity number by the State upon obtaining biometric data including fingerprint and iris scans and upon submission and verification of certain demographic data including the name, date of birth and residential address.

The new identity is different from all previous identity documents issued by the State. While a driving license or a passport were identity ‘documents’ that once issued were in the possession and under the control of the citizen as “original documents”, the Aadhaar number and associated demographic and biometric data is a data entry in a digital database in the possession and under the control of the State and any other entities who might gain access to this database whether with legal authority or otherwise.

Further the nature of the information that the State uses to identify a person under the Aadhaar system is entirely different from that used under earlier systems of identification. Until now the State relied upon photo-identity cards to determine someone’s identity. Under the Aadhaar system, the markers for identity determination include fingerprints and iris scans. For the first time, biological data not visible to the human eye and inaccessible to and non-decipherable by a lay person or a non-expert, is being obtained from citizens and is being stored digitally in a central repository for all 1.3 billion Indians with the ostensible purpose of identifying them.

Yes, the citizen is issued an Aadhar card with a number on it, but that card and the photograph on it and the face of the person presenting that card are no longer sufficient for the State to accept that the person is who he or she says they are. The biometric data must match. If the biometric data match fails, then the State will refuse to accept the identity of that person.

Also, the Aadhaar based identity is ultimately a number in a digital database. That number can be deactivated or even deleted. The database is outside the possession and control of the citizen. If his Aadhaar number in the database ceases to exist, the citizen has no proof of his identity as a citizen. The citizen ceases to exist for the State.

The Aadhaar related debates have focused on the right to privacy and on the apprehension of surveillance by the State and on issues of the security of Aadhaar databases. But there are more deep-seated concerns about the Aadhaar biometric identification system that I discuss here and which are important to understand how great a threat the Aadhaar biometric identification system poses to the privacy, liberty and security of Indian citizens.

There are several scenarios in which this digital biometric identification database can fail, be modified, be stolen, be leaked, be misused or be manipulated by State or non-State interests to the detriment of citizens and their rights. I discuss how the centralized and digital nature of this database as well as its use of biometric markers of identity which by their very nature are not accessible to or verifiable by ordinary individuals, creates many such scenarios where citizens can lose control over their identity and their very person-hood and be left with no recourse in extremely harmful situations. The greatest threat posed by the Aadhaar system is that citizens will lose control over their identity, they will be unable to establish their identity under certain circumstances, and they will also be exposed to an exponentially higher risk of identity theft.

The digital Aadhaar biometric identification system it is argued not only violates the right to privacy, but it creates significant risks that threaten the very right to identity and person-hood of Indian citizens and thus the right to citizenship itself. The Aadhaar system fundamentally alters the social contract underlying the Constitution of India by enabling a potentially malevolent State to deny the very identity of “inconvenient” citizens. A cost-benefit analysis of the Aadhaar system, even accepting its stated advantages, cannot justify such immense risks to citizens.

This post was originally published here by Seema Sapra.

6

The ongoing denial of UIDAI and the government of Aadhaar vulnerabilities remains a concern. Many people don't understand how Aadhaar could be a problem. There are many and documented ways where the integrity of Aadhaar data is already rendered questionable, but here are some ways that anyone could pull off with some effort.

For the purposes of this post - you are a scammer. A criminal.

Step 0: Acquire a few photocopies of Aadhaar

This is the starting point. Your Aadhaar number is supposed to be known only to yourself, but the reckless linking of Aadhaar with everything has ensured that photocopies of Aadhaar are, in reality, being handed out to anyone from international couriers to schools. If you're inclined to be a criminal, there is probably no shortage of sources of Aadhaar numbers. No, it doesn't matter even if people have written the purpose and signed on them. You could probably randomly collect a few photocopies of Aadhaar from people by making it "mandatory" - like your driver or maid must give you a copy of their Aadhaar to get their salary, or for police verification, etc. Help old people in the neighbourhood to book railway tickets and ask for Aadhaar number - you don't need it, but gullible people don't question. Just invent an excuse - it doesn't have to be true - you are a scammer, after all. If one person refuses, ask another. Not many refuse. You'll soon hit pay dirt. Govt has taught people to hand around their Aadhaar for anything and everything. And just like that, the allegedly secret number is yours.

Now, depending on what kind of a criminal you wish to be....

You're a terrorist, or stalker or need to share fake news on WhatsApp.... you need a phone number.

Give that photocopy to any telecom operator and get a SIM card - this one is easy. Frankly, it will work with any ID. Not just Aadhaar. But Aadhaar is better, because then you attach it to the new phone number and sort of build that identity proper to be the foundation of other scam documents to be a full and proper ghost.

Say you have black money you need to park, etc. Things that need you to actually be a person.

Go to the UIDAI website. Download the form for updating Aadhaar details by post. Photocopy some ID, change the name and address to match that of your target Aadhaar you want to take over and attach to form. Fill the form, but in the place of the phone number, put the new number you got in the previous scam. Just in case someone is alert at UIDAI, save it on a couple of phones with that name and install true caller. Feel free to add a fake email also. So someone checking the number sees right name in true caller as well as telecom operator's records. Post the form. That Aadhaar card will now be updated to work with your OTP. Enjoy. You can get an Udyog Aadhaar and qualify for a business loan, you can validate it for passport, etc. There is no way for the person to easily realize that the phone number was switched, so it will be a while before they realize what has happened. Even if a duplicate Aadhaar card gets posted to them, it will have no changed information (phone isn't on the card - or even biometrics - they could have an empty document and not know it). By then, unless they do biometric PDS, you could use an OTP to switch the biometrics for you too and properly make it yours.

Rent a flat using that Aadhaar, register the lease, open bank account. Put some money there to evade taxes. Whatever. Oh, get another PAN if it is a lot of money. No one would believe Aadhaar can create a ghost. After all, govt has guaranteed it removes ghosts.

You are an illegal immigrant living in some slum. You'd like PDS, but you don't qualify.

Fikar not. Aadhaar makes it easy. Keep an eye out for someone who dies in your area. Say you know people in the rationing office and can get the name of the dead person removed from their card for them. Take the card, update the dead person's name with your Aadhaar. Aadhaar overwrites the person's data on the ration card - name, age, sex, everything. Voila. You are now on their card. I suppose you should now remove your name from it and apply for a separate card, "because you've moved out to your own place". Oh, don't forget to return the ration card of those nice people, with the dead person's name nicely removed and all. Oh, congratulations! You are also a citizen, if you weren't, before.

*****

There are endless ways, really, because the reckless imposition of Aadhaar has resulted in it being accepted for far more than what Aadhaar data is capable of actually verifying. Money transfers via Aadhaar? No problem. The government has gone to great lengths to enable it during demonetisation. Need more gas cylinders than your subsidy gives you to use in your restaurant? Sure, just scramble the address a bit, so computer doesn't recognize as identical.

This is a threat to individual safety as well as national safety. Both physical and financial.

And I haven't even mentioned leaked databases (there you go - thousands of aadhaar numbers and addresses) or privacy issues (govt says we don't have a right to privacy, apparently) or denial of basic necessities to poor and desperate people (we don't care about them anyway). I haven't even talked of countless mobile SIM service people who could simply duplicate your SIM - and the Aadhaar number to verify is attached to the phone number! I suppose soon scammers will be paying bribes to get jobs in mobile operator service centers.

Are you still a fan of Aadhaar?

 

Disclaimer: This post is for educational purposes and does not endorse anyone actually indulging in criminal activities. I have not done any of the above. I would like those still insisting that Aadhaar is safe to explain how they would prevent any of this.

 

3

While people question govts in a democracy, in India the govt questions anyone questioning unaccountable govt actions. And supporters think that while India was a democracy under UPA, under Modi it has become some kind of Hindu Empire and questioning the king means "off with their heads" sort of thing. For some reason, Ritesh Dwivedy confused private individuals, not elected to public positions nor employed by public funds, as those accountable to him for their personal views and actions. And then sulked and asked again when no one thought him important enough to consider seriously. Entertaining as it is, he clearly seems to be disoriented as to who his rights as a citizen entitle him to answers from, so trying to help him find his way in the muddle this alleged democracy is becoming.

Clarifying some problems he appears to be facing. All quotes from one or the other article linked above unless explicitly mentioned.

Aadhaar is a unique indigenous innovation that empowers every Indian by providing them with a secure and verifiable identity.

This statement is completely unsubstantiated and likely at the root of all the confusion. He has been informed a lot of glorious things about Aadhaar. They are not necessarily true. Verification is an important skill in today's times when the government routinely lies to people in order to get them to believe, like Ritesh Dwivedy, whatever they wish people to believe.

Aadhaar is going to be the backbone of India becoming a developed country, and is receiving global acclaim from entities like Bill Gates, The Economist, the World Bank, Raoul Pal, and others.

These guys? Why wouldn't foreign power cartels appreciate the tool that hands them power over India on a platter? Big data is big power and leaky big data is big control without accountability for opportunists. Who needs terrorists when you have hackers and crucial data of the entire country is in a form the government has little ability to secure? Is this government supposed to serve their interests or those of citizens? Of course the other two pillars of this servitude by this government are demonetisation and promotion of cashless transactions in a country they forgot to get fully on the internet first. That is how dumb this government is. If such a database were empowerment, why is it being forced on third world countries?

One whiff of WannaCry and RBI has all ATMs shut down. On the other hand, it is the country with all these people praising us (without US doing it themselves) created the ransomware originally. To get a better perspective, they have actually done an attack on a nuclear facility in Iran with Stuxnet. Our idea of security is "don't enter random numbers for Aadhaar or we will consider it hacking" - a freaking bank did a replay attack on the Aadhaar database while "testing" their setup and neither are replay attacks prevented after that, nor the known "violators" refused access to Aadhaar - we are fucking out of our league on competence. It is like praising a 5 year old for writing all his secrets in his "private" diary in its hiding place behind the park bench. Except the 5 year old is writing down the security codes for getting into their home. Oh wait Indian homes don't have security alarms and such. Oops sorry.

Think of it like this. If Aadhaar is this easy to misuse, it will be misused and it is being misused and so far people have just got away with it while those who exposed flaws got arrested.

How many more years do you want India to remain a ‘developing’ nation?

Forever. I hope India never stops developing. How many years do you want India to be a banana republic wannabe pleasing foreign powers at the cost of citizens?

Why are you silent on all the benefits we are seeing as a result of Aadhaar?

For the same reason I'd be silent if my 5 year old came home happily telling me about her new best friend. A grown man acting in a shady manner, whom she thinks is absolutely fantastic. There are problems that are visible to one with experience on the subject. Just because all my daughter knows about the nice man in the park is that he gives candy doesn't mean it is a good thing.

Waise, why are you silent on the countless problemswe are seeing as a result of Aadhaar?

Why are you misleading the Indian public about Aadhaar through fear-mongering and sensationalism?

Why are you misleading the Indian public about Aadhaar through false assurances and "bagon mein bahar hai"?

Why are you willing to give biometrics to foreign govts and corporations, but not to your own govt?

Because our government is proved to be incompetent with data security. There isn't a single other biometric database that can be queried for identity by any Tom, Dick and Harry - because it is an idiot idea to begin with, with too high error rates to be efficient at what it claims to do and too poor security to protect citizens from the risks such a database presents. Nor is anyone in this circus apparently interested or aware that citizens have rights in a democracy and you can't just say "Idea, let me make the whole country do whatever I wish AND foot the economic and security costs of my whims without question". BJP was right on Aadhaar when UPA was in power. Today BJP has sold the country out a hundred times more than UPA even planned (though no guarantees, it is the same creeps even now. Only the sarkari gullibles have changed) Incidentally, I haven't given my biometrics to foreign governments and corporations, and most Indians have not.  Also foreign governments and companies have limited use of my biometrics, unlike the Aadhaar, which is being forcibly attached to absolutely every important transaction a person can do from hospitalizations to bank accounts, property to crop insurance. Misuse or denial has the power to literally finish the ability of a person to access own funds, communicate, live in own home or even survive if medical needs. No foreign government has been stupid enough to enslave own or other citizens this badly. Yet.

Tell you what, you do some homework and hardwork and expose some of that data you are comparing Aadhaar to, then we will have some grounds for an actual comparison, yes? Good part is, those guys won't even arrest you, you'll actually earn bug bounties. So not even risky like fighting Aadhaar under a totalitarian state.

Why are you opposed to using technology to benefit the nation?

Next you will say any and all technology is benefit only. Like the govt spamming me daily is benefit to the country, etc. Technology isn't inherently good or bad. I am opposed to insecure technology being used to generate big data for power cartels at the cost of citizens. Benefiting the government and benefiting the nation are not necessarily the same thing. Just like dissent is a right and opposing the government is not anti-national. A government is a temporary entity that changes every five years. My nationality doesn't change every five years. Get your civics right and a lot of these government peddling issues will get sorted.

Why speak half-truths and ignore the lakhs of people who are getting benefits for the first time because of Aadhaar?

Next you will say babies are being conceived because of Aadhaar only. In a country this size, people are constantly becoming eligible for something or the other. It isn't because of Aadhaar. Aadhaar makes you eligible for zero benefits. It is simply the dog in the manger inserted by the government that PREVENTS otherwise eligible people from getting benefits because the government chooses to deprive them unless they surrender their privacy for it. Think about it. It is actually an imposed indignity. I will forcibly take your fingerprints if you want the pension you spent your entire career working towards. This is helplessness. Not benefit.

Cleaning up the PDS system - for example - requires cleaning up the PDS system. It doesn't take fingerprints to know whether someone is eligible for PDS. But authentication issues sure have deprived loads of people whom you are ignoring while pointing fingers in an increasingly crazed manner.

And this is me talking because you irritated enough people that they pesterd me to reply, but the information is from the government. Most people who got Aadhaar already had documents to provide proof of address and identity for it.

 

And so on. Not bothering to read or reply further. Because personal attacks are not arguments and this is plenty to entertain those who wanted to see you get a reply. Just because you make an assumption doesn't mean it is true. Nor are you relevant enough to the larger picture to take seriously.

Return with data, technical arguments, fact based information that isn't just "But why don't you ignore all the ghastly stuff and just meditate on all the pretty?" or consider this post the answer for anything you write on the subject till eternity.