33 Matching Annotations
  1. Jun 2018
    1. alternate means for identification

      Often the problem is not just identification. It is also other information linked to a particular identity. What if an incorrect bank account has been liked to an Aadhaar number? This clause should state "... accept any alternate means for identification and any other alternate information linked to the identification ..." or something else to this effect. There should be a remedy for all incorrect Aadhaar linkages.

    2. services provided to effectuate provisions of Part III or Part IV of theConstitution;

      Is this broad enough to cover use cases where people have been denied services due to lack of Aadhaar - such admission to (higher) educational institutions, obtaining birth, death and marriage certificates, passports, filing income tax returns, etc?

  2. Feb 2018
    1. (Have you ever tried to delete highly personal and sometimes libellous information that show up when you Google your own name?)

      Actually before deleting from Google one needs to delete from the web they exist. Biggest culprit has been government institutions. They tried to sue researchers after disclosure.

    2. hypocritical when they now suggest that everything was working just fine until Aadhaar came on the scene.

      Again. Where? Who said? When?

      No references.

    3. the movement against Aadhaar is led by a small group of Left-leaning activists, who are well known for advocating more and more government in people’s lives

      Trying to brand citizen with out any proof.

  3. Jan 2018
    1. So, this is the real news: not even a single biometric data, repeat not even a single biometric data, has been leaked in the last seven years since the first Aadhaar was issued. If that is not adequate security, what is?


      The referred article Rs 500, 10 minutes, and you have access to billion Aadhaar details doesn't say biometric data were leaked. So this whole paragraph is pointless .

      Let me give you an example:

      Let's say you (son) lost Rs.100 note.

      Father: Did you lose Rs.100 note? Son: I didn't lose any Rs.500 note. Everything is safe.

    2. Aadhaar is like a detergent which is going to clean whatever it is applied on. When Aadhaar was being used by the poor for getting their entitlements, it was deemed okay. Now that it is cleaning other systems to check things like benami properties and tax evasions, it is becoming too dangerous for many people.

      Quoting your own tweet

      My piece on alleged Aadhaar data breach. Comments, only factual and not emotional, are welcome.

      This point is just emotional and not factual.

    3. next episode of this drama

      Again just emotional and not factual

    4. First, the Aadhaar number is not a secret number.

      Aadhaar act puts Aadhaar Number and core biometric data at the same level.

      Section 29(4) says: “No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.”

    5. The entire list of electors in India is available online with all these details.

      Misleading -

      Electoral list doesn't have Unique ID, DoB, Email or Phone numbers.

    6. So, if one person shares his credentials with another for a consideration, can this be called a data breach that exposes the weakness of the system? This is not a breach of system, but a breach of trust.

      Again. Its not an issue of sharing credentials. Its about the ability of admin creating other admin account without any kind of verification. This is the biggest threat. Read (Aadhaar’s Dirty Secret Is Out, Anyone Can Be Added as a Data Admin)[https://www.thequint.com/news/india/exclusive-aadhaar-dirty-secret-out-add-anyone-as-data-admin]

    7. one of the persons who had access to the search facility sold his credentials to somebody.

      He did not sell his credentials. He created a new user called "Anamika_6677". Its access level was "Enrolment Agency Administrator"

      The new ID also has the ability to create accounts.

      Refer the original article which reported this issue -<br> Rs 500, 10 minutes, and you have access to billion Aadhaar details

    8. If all these breach claims were true, no part of Aadhaar data would have been left secure. The fact is that there has been no data breach till date.


      The article title is "Rs 500, 10 minutes, and you have access to billion Aadhaar details". It clearly says the "newly" admin account has access to billion records. It doesn't say it was downloaded and shared.

      It talks about the ability to access which is true.

    9. I had written in this publication that there had been no data leak

      I had written a blog post then as a reply. You can read it here.

    10. Guessing is also difficult as every 12-digit number is not an Aadhaar number.

      If one is performing a targeted phishing attack on one of the previously leaked Aadhaar number then one doesn't need to guess. One already has.

  4. Jun 2017
    1. Aadhaar

      Not even a single quote from critic.

    2. India Stack

      Also what exactly is India Stack? Brand? marketing term? Government project?

    3. “I could place those who have opposed Aadhaar in three buckets,” says Jain. “1) Those who don't understand, they have constant fear that the government projects are not well thought through. They change their minds once we explain. 2) Those who oppose on the grounds of privacy, they are afraid that it could get too powerful. You have to respect that view, and make the system more secure. 3) Those who have their own agenda. There's nothing you can do about it. You can't reason with them. You just have to live with them.”

      I think very narrow pov in my opinion. The same 3 buckets can be applied to supporters too.

    4. The big question is whether we should pull the plug on the entire system because one can never be 100% sure that it wouldn’t happen; or should we think of ways to fix these issues while using it because it promises to make the lives of a large number of people significantly better.

      What is the solution?

    5. Samsung launched a tablet with Iris scanner, which is more accurate,
    6. A tag on the vehicle, sensors at toll plazas, a charging system (prepaid/postpaid) built on the principles of interoperability and other enabling infrastructure should solve the issue.

      Is this related to Aadhaar?

      This is standard RFID?

    7. When it comes to giving away cash—as in the national rural employment guarantee scheme (NREGS)—the problem is even more complicated because cash is more fungible and has more uses than rice or sugar. The Aadhaar Payment Bridge solves this problem. It’s now possible to credit the payments directly to a beneficiary’s bank.

      Will the work get done? How will it reduce corruption?

    8. In Krishna district in Andhra Pradesh, which has seen reforms based on Aadhaar, people have more choice. The ration subsidies are tied to their Aadhaar number, and they can get their rice, sugar and other rationed items from any PDS outlet they want. If they see one outlet giving them a poor deal, they vote with their feet, putting pressure on the entire system to get better.

      Will that really work?

      • How far is the next nearest PDS system?
      • What about the political pressure to buy locally?
    9. There was a missing piece—public digital infrastructure. This is where the volunteers, who are keen on building software products in India, are making a difference.

      Again need definition for volunteer

    10. But they are owned and controlled by Google and Apple. India Stack, on the other hand, is open. They are public goods.
      • Again open definition required.
    11. In the broader market such competition typically leads to lower prices and better quality, and so it was with UIDAI. Prices came down.

      Where is the competition? There is only one iD provider UIDAI.

    12. the customer can be held to ransom because there is only one vendor.

      Isn't still only one vendor called UIDAI? Government but still only one vendor. Imagine if he had only one carrier AirIndia?

    13. open-API

      Again needs definition of Open API.

    14. Even if we believe that it can solve problems, can something credible and free be built by a bunch of volunteers?

      Also need to define volunteers[1]?

      [1] - Does it mean no salary? Or no way profited by it (Directly or Indirectly)?

    15. y providing an open, public

      Need definition for Open and Public here.

    16. physical authentication
      • Isn't fingerprint/retina scan physical auth?
    17. The use cases extend to more prosperous Indians too—for example, easing road toll collection to decongest traffic and reduce waiting time at the toll booth.  


      How does Aadhaar decongest traffic?

    18. Most of them have been created by Google, Facebook or Microsoft. The closest any of these come to Aadhaar is Android which reached a billion in five years, eight months.

      Bad comparison

      • None of them are Govt
      • None of them are compulsory to get gas or subsidy or pay tax.