Resultados 1 a 3 de 3
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,556

    [EN] India’s biometric database: dystopian nightmare

    An activist’s freedom of information request suggested that foreign firms were being given “full access” to the classified data — including fingerprints and iris scans.

    “Aadhaar today is the hallmark of a confluence of interests of the state and the private sector which take away control from individuals and erode their liberty to make choices,”

    “It is really about ugly ambition, and a deep disrespect for people.”

    David Gilbert
    Sep 7, 2017

    Seven years ago nearly 400 million people in India did not exist in the eyes of the government. They were “ghosts” who had no identity and no way of getting one, says Sahil Kini, one of the architects of India’s controversial Aadhaar database. In a country trying to modernize on the fly and take its place among the world’s superpowers, this massive yet unknown population presented a huge problem.

    So the Indian government set out on an ambitious course to build Aadhaar, the world’s largest biometric database, which would not only allow these people to participate more fully in society but also become a shining beacon of technological achievement for the rest of the world.

    “What’s forgotten is that before Aadhaar was built there were 400 million people in India that did not have any form of identity; they were ghosts in the system,” Kini told VICE News. “So if you had to give them any kind of subsidy, you couldn’t, because they didn’t exist on paper.”

    But as the database grew to include almost all of India’s 1.3 billion citizens, cracks began to appear, and in recent months those cracks have become chasms. Now more and more Indians say they worry that what the government actually created in Aadhaar is an all-seeing surveillance apparatus that has serious holes in its security and can be used to monitor all aspects of their lives.

    India’s Supreme Court seems to agree, and its landmark ruling in August could derail the country’s crowning technological achievement. The court’s declaration that all citizens have a fundamental right to privacy presents a serious problem for India’s government, which has pushed aggressively to make enrollment in Aadhaar mandatory for most everyday services — including filing tax returns, buying a phone, and obtaining a passport.

    “What is emerging is that [Aadhaar] is being used to create a panopticon, a centralized database that’s linked to every aspect of our lives — finances, travel, birth, deaths, marriage, education, employment, health, etc.,” Reetika Khera, an Indian economist and social scientist, told VICE News.

    Security concerns have plagued the system for years, but in recent weeks criticism has grown deafeningly loud. Earlier this month, as part of the Supreme Court case on privacy, an activist’s freedom of information request suggested that foreign firms were being given “full access” to the classified data — including fingerprints and iris scans.

    The Unique Identification Authority of India (UIDAI), the agency that administers the system, strongly denied these claims, as it has done routinely in the face of criticism.

    “UIDAI, once and for all, wants to reassure that Aadhaar data is fully safe and secure and UIDAI data center has robust uncompromised security 24x7x365,” a UIDAI spokesman told the Times of India Wednesday.

    When contacted by VICE News, the UIDAI said its CEO, Dr. Ajay Bhushan Pandey, was too busy to answer any further questions about the security issues, and they didn’t respond to emailed questions.

    The rise in public angst can be directly tied to Aadhaar’s expanded presence in the upper classes of Indian society. Far from its humble beginnings helping India’s vulnerable access badly needed government benefits, Aadhaar now touches nearly all aspect of society — applying for a passport, voting, opening a bank account, purchasing a car. The system now also registers your death.

    “The reason why Aadhaar is now becoming an issue in the national media — and internationally, too — is because the problems with it are now affecting urban, educated, middle- and upper-class Indians,” Khera said.

    “A turbocharged Social Security number”

    Launched in 2009, Aadhaar is a unique 12-digit number issued to each Indian citizen. Its creator, Nandan Nilekani, an Indian billionaire and former CEO of IT services giant Infosys, describes it as a “turbocharged version of the Social Security number.”

    The number is linked to a citizen’s most personal information: name, address, date of birth, gender, as well as biometric information like fingerprints and iris scans. When signing up for a new bank account, for example, citizens typically now scan their fingerprint in order to verify their identity rather than showing an ID card or passport.

    The government continues to claim that enrolling in the system is not mandatory, but increasingly, if you want do anything in India, you need to be registered with Aadhaar.

    “Aadhaar today is the hallmark of a confluence of interests of the state and the private sector which take away control from individuals and erode their liberty to make choices,” Apar Gupta, founder of the Internet Freedom Foundation, told VICE News. “It is building a massive surveillance apparatus in India that cuts against the grain of its democratic moorings.”

    The latest new development has been the government’s willingness to grant private companies greater access to the system. Microsoft, for example, already taps into the database to confirm the identity of people using a version of Skype designed specifically for the Indian market. And Airbnb confirmed to VICE News that it is looking into Aadhaar as a potential option for verifying hosts. For now the company said it is testing the system with “a limited universe of hosts.” Uber also has been linked to the system, though when reached for comment, the company declined to provide any insights one way or the other.

    Critics say this new phase of the system will allow the government an even greater ability to spy on its citizens and let private companies profit off valuable personal information. The government denies it has any access to the information held by these private companies, but the deals signed between the two parties have not been made public.

    The database will be hacked

    The Indian government has been slow to alleviate the concerns of activists and security experts who claim the system is vulnerable to cyberattacks. It has not allowed an independent audit of the security systems to be conducted, citing national security concerns. For one security expert, this lack of transparency is a major concern.

    “We are told that the database is securely encrypted, but in the absence of a public security audit, nobody knows for sure,” an Indian security expert who works for a major U.S. technology company told VICE News. He asked to remain anonymous because he was not authorized to by his employer to speak on the record.

    “That’s not helpful because the Indian government does not have a good track record with cybersecurity, as evidenced by the numerous daily breaches and leaks,” he said. “Indian government servers are consistently hacked.”

    The government insists Aadhaar’s data center is “robust and uncompromised,” but by putting an entire country’s information in one place, they’ve made one massive target for hackers. Even if the security at the data center is as robust as the government claims, that may not be enough, given how many services are now accessing the data.

    “When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data,” renowned cryptographer Bruce Schneier recently warned.

    Even if the government did submit to an independent audit of how the data is collected, transmitted and stored, it would still run into one undeniable roadblock: It has no one to do it.

    “The problem is that India simply has no laws or regulations governing how personal data is collected, data such as the metadata collected by mobile operators, financial data collected by banks, medical records collected by hospitals,” Kini said.

    Because India does not have a privacy law, there’s no legal framework in place to create an independent authority who could legitimately conduct such an audit.

    (continua)

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,556
    No legal basis for Aadhaar

    Efforts to enact a Personal Data Protection Bill have been in the works since 2006, and as far back as 2010 Aadhaar’s founder said he’d support a law that protects the data collected through the Aadhaar system. But nothing has materialized.

    Further, a 2012 Supreme Court ruling determined that the government was implementing Aadhaar without any legislative backing. Unconcerned, the UIDAI continued to enroll citizens anyway, doing so with scarce legal precedent and no legislative backing. (Only in 2016 did Aadhaar finally receive legislative backing from India’s Parliament, by which time nearly 1 billion people had already been enrolled.)

    Under Prime Minister Narendra Modi, the government has grown even more aggressive when it comes to pushing Aadhaar forward, making it mandatory on 22 massive government schemes in the first 60 days of 2017.

    The government has said it’s willing to advance Aadhaar beside a privacy law, but given that it recently argued before the Supreme Court against the fundamental right to privacy, many critics doubt its true intentions.

    And the issue isn’t going away. Privacy breaches are already happening on a daily basis. Leaks have become commonplace as the number of services demanding Aadhaar, and the number of new enrollees, grows. The public’s concern turned to outrage in March when a government-authorized Aadhaar enrollment center published the personal details of former Indian cricket captain MS Dhoni — one of the most famous people in the country.

    UIDAI’s leadership appears unconcerned with the breaches, insisting a leak like Dhoni’s wasn’t a major problem because it’s just a number. “Aadhaar is not a secret number like your password or PIN that can materially affect your life tomorrow if it is leaked without your knowledge,” Dr. Pandey said in July while revealing that 4,700 Aadhaar operators had been fined for enrollment violations — such as attempting to charge for enrollment or failing to adequately protect the data — in the past seven months.

    Pandey’s argument doesn’t hold water, critics say. Just look at the U.S., where criminals have used Social Security numbers to commit fraud for decades. But critics say Pandey’s argument is especially dubious when it comes to India’s most vulnerable population, those Aadhaar was originally created to help.

    For India’s illiterate, who account for nearly a fifth of the population, systems like Aadhaar become less a development tool and more a potential source of frustration and abuse. “In such a society, to impose an infrastructure that requires technical, digital, and legal literacy is an unfair demand and also an invitation to fraud on the most vulnerable people,” Khera said.

    Usha Ramanathan, an expert on law and poverty, said the relentless push to universalize Aadhaar despite its many technical and ethical problems came down to two things: “It is really about ugly ambition, and a deep disrespect for people.”

    https://news.vice.com/story/indias-b...pian-nightmare

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,556

    India’s “robust” biometric database let 8 millions get fake IDs

    David Gilbert
    Sep 11, 2017

    Criminals managed to circumvent the “robust” security of India’s biometric database to issue over 8 million fake identity cards — which Indian citizens use for everything from opening bank accounts to getting married.

    Police in the northern Indian state of Uttar Pradesh Sunday arrested 10 men as part of a crackdown on a sophisticated fraud scam which involved cloning fingerprints and cracking the security features of the Aadhaar enrollment system — which was described in August as “robust and uncompromised” by the authority charged with protecting it.

    Indian police said they could not rule out the existence of a wider network of similar gangs operating in other regions of the country, and said they were still actively searching for the kingpin behind the operation.

    The Unique Identification Authority of India (UIDAI), the agency charged with operating Aadhaar, uses a network of private enrollment centers around the country to register citizens on the system and issue identity cards.

    The gang were able to fool the system into thinking they were operating as authorized enrollment centers by using fake fingerprints and a specially designed piece of software which bypassed the security systems UIDAI had in place.

    “UIDAI has a security protocol authorizing third party vendors to access the main server for making Aadhaar cards,” Amitabh Yash from Uttar Pradesh’s special task force told reporters Sunday. “But the arrested men were doing so by bypassing the 3-layer security protocol involving biometric finger impression, retina scan and GPS system.”

    UIDAI said it had initially flagged the suspicious activity to the police, and insisted the details stored in the central database were never compromised. According to a Times of India report on the arrests, the UIDAI recently cancelled 8 million Aadhaar cards — giving some indication of the scale of the problem.

    The gang members used their own fingerprints and retina scans for the fake Aadhaar cards, and police said they recovered a range of devices used as part of the scheme, including fingerprint scanners, iris scanners, chemically prepared artificial fingerprints, rubber stamps, GPS devices, and printing material.

    Just shocked at UP Aadhaar breach.
    How long did UIDAI know fingerprint cloning on? Did they disclose facts to SC? https://t.co/OzSJHz0slV

    — Anumeha (@anumayhem) September 11, 2017

    Aadhaar is the world’s biggest biometric database with almost 1.2 billion registered users, which sees each citizen issued with a unique 12-digit number linked to their fingerprints, iris scans and other personal details like name, address, date of birth, and gender. The system was initially designed to make the benefits system more streamlined, but in recent years the Indian government has sought to greatly expand its use.

    This has led to strong criticism from activists who see the system today as a giant surveillance apparatus that could be used to monitor all aspects of their lives. As the number of people enrolled in Aadhaar nears 100 percent of the population, the government recently announced it is considering opening official registration centers and revoking the licenses of the private operators.

    Usha Ramanathan, an expert on law and poverty in India, said the dependence on private registrars for enrollment has been a major concern for a long time. “The rampant outsourcing of enrollment has produced this mess – just as was anticipated,” Usha told VICE News. “But ruthless databasing of people could not accommodate such concerns. Now that the government says they are close to 100 percent enrollment, they are thinking about making it more secure. Really?”

    https://news.vice.com/story/indias-r...s-get-fake-ids

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •