Wednesday, January 10, 2018

My problems with Aadhar and how to fix them

When I first heard of Aadhar, I was excited. It sounded like a good technical solution to the problem of many people without identification in this country. Back in 2009 when it started enumerating individuals, it felt like a great thing. It was supposed to be the following.
  1. Many people in this country are not able to get an identification and it provided a mechanism for them to get an identification. If you did not have any address proof or such thing, you could still get an Aadhar.
  2. It was supposed to be a system which will make sure an individual could not get two Aadhar number and thus would uniquely verify the identity of an individual.
  3. Biometrics was only supposed to be used for de-duplication.
Fast forward to 2017-18, we learned few things about Aadhar.
  1. There was very few instance where people could get an Aadhar number without any supporting proof. So the promise that people without any other identity could get Aadhar was either not needed or could not materialize.
  2. Because of very heavy reliance on fingerprints, many people who have a valid Aadhar number can't be authenticated anymore. These individuals fall into all categories, manual labors, top executives of companies, retired individuals. Once biometrics stops working, there is no recourse for these people.
I was all right with Aadhar, but very soon the worst of my fears came true. The system that was supposed to provide identity to individuals who did not have it because a system to track individuals. I have friends and family who work in government and private institutions who were supposed to handle Aadhar and knowing them I knew very soon it will turn into a large-scale data harvesting system.
Aadhar was supposed to be nothing more than an identity service. The problem with Aadhar are many but in my eyes, the biggest problems are as below.
  1. Because of its hard linkage to Biometrics, it is not like a password that can be changed. If there is a compromise, the only thing one can do is to die.
  2. Every entity that needs to use Aadhar has to have your Aadhar number. It is like that cousin that keeps on asking your Play Store or App Store password whenever (s)he wants to download that next big game. Just think of an OAuth system where the OAuth client needs to have access to your password to authenticate you.
  3. The system itself was extremely poorly designed and the partners on which it depended really were not making any money so they decided to monetize in multiple different ways by asking bribes during enumeration and selling whichever data they could get hold of. 
  4. Anybody who gets access to Aadhar database has just too much information about an individual, his name, email address, physical address, mobile number, his PAN number, all his bank accounts, his vehicles, his driving license. This is almost like putting all your assets in a room and putting a signage on top that says "Come and steal it".
As things stand today, I seriously believe that some political grouping should just run on the promise of abolishing aadhar, but I think that is wishful thinking on my part so I am trying to just think of a way that would reduce the risk.
  1. The complete software of Aadhar needs to be open sourced. (I think that is also true for EVM firmware). 
  2. Aadhar needs to be taken back to what it was envisaged to be. The "Targeted Delivery of Financial and other Subsidies, benefits and services Act" needs to be repealed and a new Law created for "Resident Identity Privacy Control Act". 
  3. The need to share the Aadhar number needs to be done away with. Whichever entity needs to authenticate my identity can send me a signed URL to UIDAI portal that I will click on and enter my aadhar credentials. This should return a signed response that the service provider can hold on to as a proof of authorization. Nobody needs to know my aadhar number.
  4. Complete Aadhar data needs to encrypted both in flight and at rest.
  5. It should be made completely voluntary. Anybody who is willing to prove his identity the good old fashioned way should be allowed to do so.
Not that anybody cares, but I thought I would just get this off my chest.