Tuesday, 16 January 2018

Aadhaar has become dangerous for many!

Aadhaar is going to clean up the system and has become dangerous for many: RS Sharma, TRAI


"Somebody just gets hold of the typical e-Aadhaar facility which in any case is openly available and then claims to have got access to one billion Aadhaars. All these things seem to be done to discredit the system."

BY ET NOW | JAN 16, 2018, 12.26 PM ISThttps://economictimes.indiatimes.com/markets/expert- view/aadhaar-is-going-to-clean-up-the-system-and-has-become-dangerous-for-many-rs-sharma-trai/articleshow/62520078.cms

In an interview with ET Now, RS Sharma , Chairman, TRAI, says sharing Aadhaar password and username with somebody who can do transactions is not a data breach, it is a breach of trust.

You have gone out of your way to say that there has never been any data breach when comes to Aadhaar. Do you stick with that statement especially after recent controversy? 
Absolutely.

How are you so confident about it? We have seen a journalist pay Rs 500 to get access to data? 
No, as I said in my article yesterday, what happens is suppose you have a user name and a password and you give it to somebody. Is that a data breach, is that a weakness of the system? A data breach occurs if the system is weak. Now if I share my password and username with somebody and who can do transactions, then it is not a data breach. It is essentially a breach of trust and that is what I have said.

Aadhaar has two components - one of which is biometric information of the resident. Now that biometric information and there are 12 biometric informations of each resident, 10 fingerprints and both iris. So multiply 12 with 1.2, it becomes about 15 billion biometrics. Not even a single biometric has been leaked in the last seven years that the Aadhaar has been in existence. That is one part. 

Secondly the current example. There have been earlier examples also where some state governments published the list of beneficiaries with their Aadhaar numbers and somebody aggregated them and said 1.3 million Aadhaar numbers have been leaked. But that is not a leak.

What do you think is going on? I know that Mr Nandan Nilekani who is the architect of the UIDAI, has told ET Now in no uncertain terms that this is a campaign against Aadhaar. Do you belong in that camp, that particular view? 

Well I certainly feel that's the way it is being built up and the way it is being played out. It can be an innocuous stuff because say somebody claims to have access to 1.2 billion Aadhaar numbers and as I explained to you that some fellow just sold his credentials and then the other guy had the access to that. This is actually nothing new. In 2012, we created a facility to print and download your e-Aadhaar a digitally signed password protected Aadhaar number and every day 6,00,000 of these e-Aadhaar are being downloaded on an average. In a month, it is 2 crore and in five years or 60 months, it is 120 crore. So 120 crore e-Aadhaar or digitally signed Aadhaars have been downloaded. Even I have downloaded my...

And you can do it multiple times... 
Yes you can do it as many times as you want and you can share it, you can actually send it suppose somebody requires the copy of your Aadhaar letter, you just share this digitally signed copy.

But isn't that a problem? Do you use Aadhaar as identification or for authentication? Should not there be a difference? 
No, no, the point is that a) one is an Aadhaar letter. See I will give you my Aadhaar letter and see what you can do with that. There is nothing secret in Aadhaar number. It is a 12-digit random number and basically it is associated with your person. So suppose there are Naintaras, let us say Naintara one and Naintara two, to distinguish them basically one will have one number and another will have another number. 

And if you have access to my Aadhaar letter, you pretty much cannot do anything against me, what can you do? Conjure up an example where you can cause me any harm, none because in any case I give Aadhaar letter copy to a number of places and everybody as access to that. So what is so secret about that?

What is secret is the biometrics which are embedded with the Aadhaar number... 

Biometrics have two purposes in Aadhaar ecosystem; one is essentially when you enrol for Aadhaar you give your biometrics, they are used to ensure that you are not able to get two Aadhaar numbers, that is one part. So ensuring uniqueness is one of the purposes of biometrics. The purpose later of the biometrics is to authenticate every time. These are the two purposes. The biometrics at the backend are always kept encrypted with the highest encryption standards.

Let me just come back to where you believe that this is an orchestrated campaign against Aadhaar. Why do you think there is a campaign against Aadhaar? Is it to coincide with the constitutional bench hearing the Aadhaar matter or is it because Aadhaar is also being used to flush out black money, to flush out benami properties? 
I really do not want to get into that debate. My sense is that there is an orchestrated campaign and one of the reasons which I can think of is as follows; till Aadhaar was being used by poor people, hoi polloi to just get their rations and get other kind of entitlement, open bank accounts, get telephone SIMs, it was okay. 

Now that Aadhaar is going to clean many systems, for example, you cannot have benami bank accounts now because every bank account has got to be linked to an Aadhaar number. 

Similarly, you cannot, for example, purchase the properties in many states; for every registration deed which takes place there, the people authenticate with their Aadhaar biometrics and that actually has ensured that there are no benami properties or benami registrations taking place otherwise my property can be sold by you a multiple number of times.

It is going to clean up many systems. That is probably one of the reasons why people realise that this is now becoming too difficult or too dangerous for them because they...

Do you think there are big funds and a lot of money which is orchestrating this campaign that you believe exist? 
I should not give statements for which I have no proof. I am not really in possession of any proof of those type of assertions and therefore I will not go that extent. 

But the only sense which I get is that there is certainly an orchestrated campaign because you know some trivial things like somebody publishing the Aadhaar numbers in compliance with the RTI Act, Section 4 of RTI Act mandates that the state governments must publish the list of their beneficiaries in association with Aadhaar number. 

Suppose there are 10 Rams in a village and you publish the list of 10 Rams and who knows which Ram is who and therefore Aadhaar number is published. I don't see anything wrong in that. That is what was being done and suddenly somebody says that a huge Aadhaar breach has taken place. 

Similarly, somebody just gets hold of the typical e-Aadhaar facility which in any case is openly available and then claims that I have got access to one billion Aadhaars. All these things seem to be done to discredit the system.

I do hope you will be candid with this answer. There is a question on that and if you were still at the UIDAI, would you have handled this entire controversy? The alleged data breach, for example. Would lodging the FIR have been your choice? 
No, I will not answer that hypothetical question...

Do not answer that hypothetically but what did you make of the decision of the UIDAI to have lodged an FIR? 
I will not go into...

No comments:

Post a Comment