Kiran Jonnalagadda
00:00
hello and welcome to a special
00:00
discussion on the wire today on the
00:02
security vulnerabilities and the privacy
00:04
concerns in the wider other ecosystem
00:07
while a centralized database that
00:09
contains the personal details of over a
00:10
billion Indians is largely solid as UID
00:13
is linked to every part of our society
00:15
in every way we interact with the Indian
00:18
government an ecosystem has mushroomed
00:20
around it an ecosystem that contains a
00:22
number of stakeholders a number of
00:24
institutions that to put it mildly is a
00:26
bit of a leaky faucet and you know today
00:29
in response to some of these concerns
00:31
the UID I has also rolled out two new
00:33
security measures and we will get it on
00:35
to discussing those but our guest for
00:37
today is Kieran Journal addict whose
00:39
background provides a sort of gives them
00:42
a unique perspective on other as a
00:43
technological system correct me if I’m
00:45
wrong Kieran but in 2006-2007 you worked
00:48
with a team and a company that helped
00:50
computerize the Karnataka PDS system
00:53
which used biometrics yes and your
00:56
attempts were sort of used as a case
00:58
study by the initial ydi team which
01:01
built other and today of course Kieran
01:04
also runs his own company it’s called
01:05
has geek which you know coordinates and
01:08
organises events for the tech community
01:09
and of course he’s been an integral part
01:12
of the internet Freedom Foundation which
01:14
is an online movement that helps fight
01:17
for digital civil liberties current so
01:19
over the last year we’ve seen you know a
01:23
number of very controversial incidents
01:25
you know early last year over 200
01:29
government websites leaked you know by
01:31
one estimate you know over 100 million
01:33
other numbers and the personal details
01:35
over 100 million people and then towards
01:37
the end of the year we had a controversy
01:40
with Airtel payments banks which opened
01:42
up 30 like bank accounts and routed out
01:45
of 990 crores worth of LPG subsidy
01:48
payments you know some of this without
01:50
the consent of the users and of course a
01:53
couple of weeks ago the Tribune ran a
01:54
very explosive story talking about how
01:57
some parts of the other database we’re
02:00
being sold correct unauthorized access
02:04
to the databases it’s all for as little
02:07
as a 500 rupees so okay I mean the
02:09
headline question basically is that
02:13
we have a systemic problem here on our
02:15
hands
02:16
that you know that we there’s no really
02:20
one solution to it or is it a series of
02:22
isolated incidents you know is the you I
02:24
di and the government tries to portray
02:26
it that can be clamped down with better
02:27
execution and implementation um I don’t
02:30
think excuse me is going to fix this I
02:31
think the very design of other is
02:33
problematic so let’s start with where it
02:34
began the very notion of identity is
02:38
essentially a means for an individual to
02:41
prove who they are and that’s a
02:43
fundamental idea that I need to prove my
02:45
identity to someone and so I have a
02:48
document which is given by an authority
02:50
and both of us believe in the authority
02:52
therefore we accept the document and say
02:54
it’s listed but this is the fundamental
02:55
use that I need to prove my identity
02:58
other inverts a model and says the Steep
03:01
needs to ensure your identity and to
03:04
understand this you need to look at
03:05
where it comes from it it comes from the
03:08
operations of the welfare state the food
03:11
in civil supplies departments across the
03:13
country of belonging to state
03:14
governments which provides subsidized
03:17
rations to citizens and have to deal
03:20
with the fact that we are no longer in
03:22
the socialist economy that they were
03:24
conceived it we are now in a market
03:25
economy you can take the same produce
03:27
sell it on the market and get a much
03:29
better rate and so the state running its
03:32
own operational mechanism or the supply
03:34
chain from the production into the
03:36
consumption in competition with the
03:38
market obviously is going to leak all
03:40
the way through the system from the
03:42
beginning to the end of the system the
03:44
supply chain is leaky the consumers are
03:46
very happy to review the system because
03:49
they say this is alternative market
03:50
which is sort of self-correcting all
03:53
right so what you got here is a
03:55
state-level
03:56
bureaucrat looking at this leaky system
03:58
and thinking that the solution is to
04:01
plug the leaks you know and assuming
04:04
that if you can build a water rate
04:05
system and build a moat around your
04:07
entire operation to ensure nobody goes
04:09
in or comes out without authorization
04:11
then you can stop this from breaking
04:13
down some of us is going to look at it
04:15
and say you got this wrong you know you
04:17
need if you think that your problem is
04:18
you can’t compete with the market then
04:20
don’t compete to the market let the
04:21
market on the strong so that’s that’s
04:23
one way to think about it and that’s
04:24
partly what’s come out to the merit
04:25
transfer line of thought but how to run
04:28
this the other side being the PDS system
04:30
but other was conceived for the PDS
04:33
system for running this supply chain and
04:35
the fundamental problem it attempts to
04:38
chase is to say can you ensure the
04:41
identity of every person in your system
04:44
both within your supply chain and on the
04:46
consumer level and ensure that nobody
04:49
shows up twice Travis okay so in this
04:52
system you’re designing a surveillance
04:55
mechanism and saying that you as the
04:59
state want to ensure oversight over your
05:03
own operations and the citizenry where
05:05
they interact with you
05:06
it starts with this idea that it’s the
05:10
top-level bureaucrat who’s a good person
05:13
and trying to fix the system and
05:14
everybody believe them is suspect
05:17
now this is the imagination under which
05:19
other was created it was never about the
05:20
individual proving that identity it was
05:23
more about the state being able to see
05:25
the individual and so when you started
05:28
the design that looks at it like this it
05:31
changes when the designer of the system
05:33
is the one at the bottom trying to talk
05:36
to the state you know and part of what
05:38
we’re seeing now is for many years it
05:41
was sold as something that the
05:44
technocrats came and built to solve the
05:46
problem in society and since you think
05:48
technocrats are good people you should
05:50
trust it now that it’s become a
05:53
widespread thing and all of us as
05:55
individuals are subject to the
05:57
mechanisms of this operation of being
05:59
surveilled because of the weight is
06:01
designed suddenly we locate isn’t saying
06:03
oh shit what happened here you know what
06:05
is this monster we’ve got on our lives
06:07
and the technocrats have sold story from
06:11
the very beginning saying it’s all about
06:12
plugging the leaks and that’s all they
06:14
will keep saying that it’s all about
06:15
plugging the leaks but it’s not you just
06:17
built the surveillance state mechanism
06:18
that you thought was for other people
06:20
and now it’s on you as well correct
06:22
right so but now what this sort of
06:25
situation that we’ve come to is that
06:26
fine it was designed for a certain thing
06:28
but now it’s being used everywhere yes
06:31
and it’s no longer than the hands of the
06:33
agency you IDI or even the central
06:35
government process so state governments
06:38
are in
06:38
and are there any other you know garment
06:41
associated party that carries out yes a
06:44
central government yeah program so we’ve
06:47
been seeing privacy concerns arising out
06:50
of that yes so for last year you know in
06:53
Parliament the government noted 200
06:55
websites if you know they they thought
06:58
that they would keep it in a secure
07:00
place it was easily available you could
07:01
Google search you idea yes about XM
07:03
Island and yes who who’s at fault here
07:08
when 200 government websites published
07:10
the personal details including the other
07:12
numbers well you really obviously new
07:14
idea and the reason I blamed them is
07:16
that they do not educate their ecosystem
07:17
on how to use this ID you ready a made
07:20
design mistakes because they assumed
07:23
people would not be smart and use
07:25
appropriate technology now this is a
07:26
mistake I made when I was doing the
07:27
stuff that you think of yourself as a
07:30
smart person who is designing a
07:32
technologically sophisticated system
07:33
that you know has obvious flaws that you
07:35
can’t get around because of your design
07:37
limitations but you assume other people
07:39
are not smart enough to break it and
07:40
this assumption that other people are
07:42
not smart enough never really holds up
07:44
because of this value in it it will be
07:46
broken and so what you’ve got here is
07:49
that arrogance that’s now showing in the
07:51
way that’s broken part of the arrogance
07:53
is manifested in the fact that you IDM
07:55
made design mistakes in the design of
07:58
the other number itself this is a
08:00
mistake that has been made elsewhere the
08:03
US banking system has made this mistake
08:04
they continue to have this problem the
08:06
credit card system has made this mistake
08:07
the Social Security network system is
08:09
made this mistake which is that
08:10
fundamentally the other number is a
08:12
private number it is not a secret number
08:14
and in information different zeros could
08:17
you just show so rate of the distinction
08:19
between in information technology if you
08:23
need to identify yourself to some kind
08:25
of electronic system how do you prove to
08:29
it that you are what you claim to be now
08:32
when you use a document the physical
08:35
document is your ID proof as long as the
08:38
other party does not suspect you to be
08:39
forgery you know when you sign a check
08:42
sometimes they say please sign it in
08:44
front of me so I can see that you’re not
08:45
you know carefully copying from
08:47
somewhere else so that is their check
08:48
but when you talk to a purely electronic
08:51
system
08:52
these kinds of chicks are much harder to
08:54
do because the computer by definition
08:57
has a very limited vision about what
08:58
you’re doing you type in something
08:59
that’s all it says it doesn’t know where
09:01
you got that from so one of the
09:03
approaches used in information
09:05
technology and this has been over the
09:07
last 50 odd years is to use the
09:10
mechanism of a secret where you say that
09:12
there is a secret that only these two
09:14
parties know and so when the secret is
09:17
exchanged both parties feel assured that
09:18
they’ve got the right person a password
09:22
is an example of a secret a one of the
09:25
things necessary about a secret is that
09:26
the secret is not a secret then it’s no
09:28
good and so you must be able to throw
09:30
away the secret and get a new one and
09:32
this is what you do the password if you
09:33
if you feel the password is compromised
09:35
you change your password the mistake
09:37
that you IDM made is they confused the
09:40
other number with being a secret and
09:43
design the assumption that if a service
09:45
provider has somebody’s other number it
09:47
must mean they’ve given them the service
09:48
because there’s no other way to obtain
09:50
the other number correct at the same
09:52
time you’re supposed to give the other
09:53
number everywhere yes you know so how do
09:56
you give away your number everywhere and
09:58
assume it will be a secret
10:00
they should’ve seen this coming way
10:03
before they made the mistake of thinking
10:05
that people cannot be trusted with
10:07
keeping secrets because they will not
10:09
know how to value a secret effectively
10:11
usernames and passwords are not a new
10:14
problem when you idea started doing this
10:17
in 2009 they were known for like 40 odd
10:20
years yeah so it’s not like it was a
10:23
radical new idea they just decided that
10:25
the entire history of the computer
10:27
industry was not good enough for them
10:28
and then they were smart enough to
10:30
design something better and obviously
10:31
they were not nobody is that smart
10:32
sure but surely some when state
10:35
government websites display this kind of
10:37
information surely there’s some Fault on
10:38
there yes as well well their fault is
10:40
that they did not follow the
10:41
instructions what we do not know is with
10:43
they’re given the instructions in the
10:44
first place correct we do know that the
10:46
other Act specifies that the display of
10:48
your ID numbers is invalid but the other
10:50
ad came much later the leaks were
10:52
already happening correct so what were
10:54
these various parties told about other
10:55
numbers before they Willy the other part
10:58
being that under the RTI they obviously
11:01
the the various government departments
11:02
are required to show that it went to the
11:04
right by
11:04
visually and not on the encourage
11:05
beneficiary now how do you make a public
11:08
display of a beneficiary’s identity in a
11:10
way that does not compromise their
11:12
identity one of the ways to do that is
11:15
can you display only part of the other
11:16
number and say that if you know your
11:19
other number and you see it in this
11:21
public display and you feel that it’s
11:22
incorrect you can go over as a complaint
11:24
saying that hey that’s not me you know
11:26
and you it’s around me because you don’t
11:28
have my number
11:28
that’s true but that requires a mask
11:30
number and they didn’t have a mask in
11:31
standard correct but so today hidden for
11:34
instance so I think they’ve recognized
11:36
that okay I mean for quite some time I
11:39
mean over the last week the idea is
11:40
primary defenses been that oh other
11:41
number even if it’s public it’s okay
11:44
there’s no the other act as you pointed
11:45
out explicitly prohibits that so today
11:47
they come out with you know the concept
11:50
of a virtual ID where it’s one layer
11:53
removed
11:53
yes you know you don’t have to hand over
11:55
your other number to the LPG dealer or
11:58
you know to what they call local au is
12:00
we don’t know who this who they go to
12:02
designate exact but the idea is that you
12:04
can’t there’s no way from the virtual ID
12:05
to detect what you derive what your
12:07
other number is so does that provide a
12:09
sense of security as it falls far too
12:12
short of the problem two aspects to the
12:14
problem you know one is you idea the
12:15
lost control of their ecosystem while
12:18
they design this ecosystem of CIDR plus
12:21
a si plus a UA on or que si plus kua if
12:26
you use a paper or other card anywhere
12:28
none of those systems are in play
12:29
correct any place that accepts a paper
12:31
other card and I think we will find out
12:33
about this in new said you know will
12:35
come out in public or the next few days
12:37
as you discover the extent to which the
12:39
paper other card ecosystem works and
12:41
works in places where it should not be
12:43
used nothing is going to change over
12:46
there your paper other card remains a
12:47
valid identity proof you can cut you
12:49
some vertically in any place it accepts
12:50
a paper other card until the ecosystem
12:52
stops accepting it until that we to use
12:55
it different in term until the ID card
12:58
gets demonetized you know it remains
13:01
valid and if it remains valid anything
13:04
you do the other side doesn’t really
13:05
matter it’s not very the problem is the
13:07
second part is that the design of the
13:08
virtual ID system
13:09
now if the header a since they don’t
13:11
look at what others have done is always
13:12
problem what they’ve done is very
13:15
similar to what’s called
13:17
a directional ID that is used in the
13:20
open ID ecosystem so open ID once again
13:23
uses this idea of you know unique
13:25
identifiers the open airy ecosystem
13:28
going more than a decade back ran into
13:30
the same problem that if you use a
13:32
universal token across databases
13:35
databases will be merged profiles will
13:38
be built so one of the mechanisms used
13:41
to deal with this problem and Google was
13:43
one of the most public implementations
13:45
and orthey ecosystem is built on this is
13:47
to use separate IDs for every service
13:50
provider so the identity provider uses a
13:53
virtual ID to the service provider which
13:54
is what they store it’s a problem that
13:57
has been tackled and solved it is not
13:59
good enough and they identified the
14:00
problem there then it is still a private
14:02
piece of information it is not a secret
14:04
yeah you need a secret in addition to
14:06
the private piece of information in
14:08
Earth there is a user ID and the ethics
14:11
is token correct this spec misses access
14:14
token yeah so it’s just going to open up
14:17
a new category of problems that you
14:18
forgot about because now you’re passing
14:20
on a virtual ID everywhere in your
14:21
ecosystem instead of the original or
14:23
that number right so now we’ve sort of
14:26
discussed one one actor in this larger
14:28
ecosystem that is state governments who
14:30
ydi it doesn’t really have much control
14:33
over it you know they don’t have of
14:34
course they could try to rein them in
14:35
after the fact but there’s really no
14:37
institutional capacity within the
14:39
organization to sort of oversee the way
14:42
they handle other in general so but
14:45
secondly so last towards the end of last
14:47
year the Airtel payment bank controversy
14:51
erupted where we saw that 30 lakh back
14:54
airtel payment bank accounts were
14:56
created some of which was certainly
14:58
created without user consent no idea has
15:01
penalized Airtel for this and 190 crores
15:04
worth of LPG subsidy payments were
15:06
routed to these bank accounts and here
15:09
also again whose fault is it Hugh areas
15:13
new ideas further confusion so on the
15:18
one hand you have the difference between
15:19
private and secret information on the
15:21
other hand there are three distinct
15:23
concepts that are being confused there
15:25
is identification
15:26
there’s authentication and there is
15:28
authorization let’s say give you an ID
15:30
card
15:31
this ID card may be real and you can
15:33
look at it look at your hologram feel
15:34
convinced that it’s real maybe it’s a
15:36
passport maybe it’s a plan it doesn’t
15:38
matter so what you got here is proof
15:41
that this is a valid ID card it is not
15:44
proof that it is my ID card okay that
15:46
requires something more now typically on
15:48
a photo ID card you just look at the
15:49
photograph and say does it match and you
15:52
have really no hope beyond that but when
15:54
you go from this step of saying valid
15:58
identification to valid authentication
16:00
there is something between this card and
16:02
me that you should be able to verify and
16:03
in the other ecosystem this biometrics
16:05
so you put your finger on the
16:07
fingerprint scanner the fingerprint
16:09
scanner confirms that it’s a stored
16:10
biometric for this person and so on as
16:13
it turns out biometrics are not good
16:14
enough in practice it’s failing
16:15
extensively but that’s it I feel failure
16:17
that’s not a design failure that’s a
16:19
technical failure and so you back it up
16:21
with OTPs what an OTP preusse is I
16:24
happen to have the phone of the person
16:26
this card belongs to no proof that is
16:28
mine but at least there is stolen phone
16:31
will be reported so you have some level
16:33
of hope that it’s not fake or it’s not
16:36
invalid authentication that is still not
16:40
the same as me giving you permission to
16:42
do something just because I prove to you
16:44
who I am is not me signing some blank
16:47
paper saying now do what you want in my
16:48
name and that’s authorization what
16:51
that’s consent you know so it’s it’s me
16:54
authorizing it to do something in my
16:55
name it’s not just consent its consent
16:58
is when you ask me and I say yes or no
16:59
but that’s there’s a difference from me
17:01
saying yes oh no to me saying I want you
17:04
to do something in my name
17:05
yeah in this case there’s also a request
17:07
so authorization you know mixes of both
17:09
of these aspects so what happened with
17:11
Airtel a till is that there was no
17:12
authorization there was only
17:13
authentication and this is the mistake
17:15
that eky C which is the API that you
17:18
idea provides is an authentication API
17:20
it is not an authorization API there is
17:23
no evidence anywhere that I gave you
17:26
permission to open a bank account now
17:28
you can say you showed it to me on the
17:29
screen and I accept it
17:30
but where is this the paper trail for
17:33
that on paper if I put my signature on
17:35
some paper and hopefully it does not a
17:37
blank sheet of paper but it had
17:38
something printed on it that is valid in
17:40
a court of law
17:41
yeah that I signed it therefore is mine
17:43
it
17:44
my problem if I did not feel like
17:46
signing it correct the equation
17:48
mechanism does not provide any kind of
17:50
paper trail to prove that this happen
17:52
now in the case of something like Airtel
17:54
where it is so massive and so many lakhs
17:57
of people reported it you cannot draw
18:00
any other conclusion whether it must
18:01
have been fraud but what if it was just
18:03
one contract between two parties who are
18:05
now having a fight over it and saying
18:06
that hey I did not do this UID a as it
18:10
happens has designed something else
18:12
called a sign in which your signature is
18:14
attached to a document and that is proof
18:15
that you accepted the document it is not
18:18
yet informed consent but at least it is
18:19
consent but it will be not use easy and
18:24
in fact nobody in the other eco system
18:26
uses a sign today which is a failure
18:28
that the tech people inside you id8
18:30
decided that they knew what the solution
18:32
was they were going to build a solution
18:33
the policy people did not bother to use
18:35
a solution and so there’s nobody but you
18:38
I needed to blame again but what role
18:39
would you know a banking organizations
18:42
such as NPC I yes should have played so
18:45
when you NPC a has an entirely different
18:47
problem on their hands you know so the
18:49
national payments Corporation of India
18:50
so NPC a runs the other mapper which is
18:54
how another number is connected to a
18:56
bank account as it turns out they don’t
18:58
connect tab a cocoon they only come into
18:59
the bank and the bank then knows which
19:01
account to transfer the money into and
19:03
the way NPC operates there other mapper
19:05
is on a good faith basis any member bank
19:07
can claim to hold an account for a user
19:09
and NPC says sure if you think you know
19:13
this person’s are that number belongs to
19:14
you we’ll send all the money to you they
19:17
don’t verify they depend on the bank
19:19
acting in good faith now a payment
19:21
system acting in good faith is a
19:23
terrible design you know you’d never do
19:25
payment systems in good faith you always
19:26
assume there’s a paper trail proving
19:28
evidence that you’re sending money to
19:29
the right place so they made that design
19:32
mistake over there that they did not
19:34
have any mechanism by which to obtain
19:36
the users content so they just did away
19:38
with it and said no concern required
19:39
trust the bank and it will not fund the
19:42
trust adjuster and so you idea has no
19:45
way of prodding or enforcing or making
19:48
sure NPC does its job or vice versa as
19:51
well they have the authority they have
19:53
authority to yes by the Lord they most
19:55
certainly do what they don’t have
19:58
apparently is the moral authority to
19:59
make the ecosystem follow their orders
20:01
and part of it has to do with the way
20:03
you are a response that you a DA acts
20:06
like a rogue entity that bullies
20:08
everyone does not listen to feedback has
20:11
no option available whatsoever for a
20:13
researcher to inform them there is a
20:16
problem from my understanding of people
20:18
human how to work with them it is still
20:20
a one-way communication even when your
20:22
idea depends on somebody to promote
20:23
other for them and that’s just no way to
20:27
run an organization it’s no surprise
20:28
that everything’s falling apart for them
20:30
so coming coming to our third
20:32
development of course which was the
20:34
Tribune story which we’ve gone into a
20:36
little bit but one aspect of it I want
20:38
to address is the role of enrollment
20:41
operators yes so now the UID I in its
20:45
mission to sign up as many Indians as
20:48
possible turned to private operators yes
20:50
and there’s a business model for them
20:53
they paid them 40 50 rupees per per
20:55
environment for enrollment yeah
20:57
and now it seems this I guess I mean
21:01
looking at the number of operators that
21:02
have been blacklisted the number of
21:05
anecdotal reports that have come out of
21:06
fraud bribery and corruption hmm at that
21:10
level was it a mistake I am I think the
21:15
mistake was in not knowing what they
21:18
were getting into
21:19
well obviously anytime you hire someone
21:21
off the street and say here is the most
21:24
minimum verification I can do on you
21:25
there is no organization affiliation and
21:27
you are in control don’t give them too
21:29
much power yeah and they’re made a
21:31
series of mistakes over the years some
21:34
of which they are fixed but fixed after
21:35
damage was caused to start with
21:37
enrollment agencies used to sell data
21:39
back in the 2009-2010 initial pilot
21:42
phase when the first few enrollment
21:44
operators were also high trust operators
21:46
in that they were the ones proving that
21:47
the system worked and there have been
21:50
multiple reports of the fact that those
21:52
enrollment operators where in fact
21:54
selling the data that they were using
21:55
federal meant everything from paper
21:56
forms to whatever else selling it to
21:58
home selling it to on the black market
22:00
so they would sell the paper forms that
22:02
used to be used they don’t use paper
22:04
forms anymore as a result of this they
22:06
used to sell copies of the local
22:07
database as a result of which a device
22:09
has been encrypted since then so the
22:11
idea has
22:11
continuously made mistakes in the
22:13
quality of their software and in their
22:15
trust in their partners realize that
22:17
they could not trust a partner’s and
22:18
tighten the controls and this has been a
22:21
non-stop process and it’s always
22:22
happened after data theft correct the
22:25
other thing that they have done is also
22:27
enrollment operators are affiliated to a
22:29
registrar which is the agency that’s in
22:31
responsible
22:31
there are many agreements with registers
22:33
to give away copies of the data this has
22:35
been a very well-documented process it’s
22:37
called they built what was called the
22:39
state resident data hubs where every
22:40
state could have an official register
22:42
who would then build a database of
22:43
citizens in their states it has led to
22:45
disputes between states in the example
22:48
for instance of Andhra Pradesh in
22:49
Telangana
22:49
where when the state split there was a
22:51
dispute about who also database and it’s
22:53
an ongoing dispute and there’s even
22:56
accusation of spying happening between
22:58
these two states obviously we don’t know
23:00
how that’s happening until we see some
23:02
evidence at some point will compress our
23:04
data in a bit but so with what the
23:07
Tribune story essentially showed was
23:08
that some enrollment operators and we
23:10
still don’t know who who who’s the real
23:12
person behind it that’s the
23:14
investigation is to go where essentially
23:15
some enrollment operators who were
23:17
looking to make money decided to sell
23:18
access to a tool that they only had
23:20
access to yeah and decided to you know
23:23
sell out administrative credentials I
23:26
think it was it was a tool for grievance
23:28
or justice right yes yeah and so I mean
23:31
is this what could they have done I mean
23:34
so and now I know so now the et had a
23:36
report earlier this week stating that
23:38
all 5,000 people who had access to that
23:40
facility
23:41
now that permission has been revoked and
23:43
yes if they want to use the grievance or
23:46
facility they need biometric
23:48
authentication yeah
23:50
but the U idea is defense here so in
23:52
fact in that report there’s an anonymous
23:54
UID a official who sort of a sudden
23:56
suddenly states that you know short
23:58
security is better now but it’s going to
24:00
be an inconvenience who are missing
24:04
there so and this is this is a this is a
24:05
this is a defense that they mount again
24:07
and again that already you know we we
24:10
know there are huge implementation
24:12
problems with other end yes are being
24:14
inconvenience
24:15
yes so
24:16
should they be in convenience mode in
24:19
order to ensure a higher level of
24:20
security I think we need to define
24:22
inconvenience you know so if you look if
24:24
you go back to the design of other it
24:25
was meant to be a top-level bureaucrat
24:28
monitoring everybody below them you know
24:31
all the way down to the bottom of the
24:32
food chain and so if you think of what’s
24:34
happening over here they trusted people
24:38
at a lower level to have access to a
24:41
grievance redressal portal and they
24:43
discover the trust was misplaced and so
24:45
now they’ll revoke the trust and this is
24:47
a blow for them because now there’s
24:49
nobody below them they can trust me
24:51
and so it’s an inconvenience to
24:52
street-level bureaucrat who essentially
24:55
built a system that said I don’t trust
24:57
anyone discovered you can’t run anything
24:59
like this without trusting anyone
25:00
trusted some people but trusted some
25:04
people in a system that was designed for
25:05
mistress discovered well you can’t trust
25:07
them anyway you know you know and now is
25:09
inconvenient the operator who’s had to
25:13
do this well has to put in the
25:14
thumbprint but come on are you saying
25:17
that login and password is an
25:19
inconvenience for people and therefore
25:20
you should not have a login and password
25:22
to get on the website and something that
25:24
is this critical sure yes you need to
25:26
put in things I mean you should have had
25:28
a two-factor authentication they didn’t
25:29
have one biometrics are not two-factor
25:31
they’re not even one factor they’re not
25:32
their private information they’re not
25:33
secrets plus the fact that you can’t do
25:36
biometric authentication on the website
25:38
because there’s no protocol for a web
25:39
browser to take biometric authentication
25:41
you need to build a native app now are
25:43
they going to replace the Greenville NC
25:44
internal website with an app and do this
25:47
is something they built overnight after
25:49
a Tribune leaked not a chance now you
25:51
know so they’re most likely not even
25:52
implementing that biometric
25:53
authentication they’re just doing these
25:55
same things to keep the public happy all
25:57
right – through anonymous resource yes
26:00
what’s that’s how it’s been going
26:02
so again you know some of the people at
26:04
you idea people who are working there
26:05
and people who have worked there yes in
26:07
the past do you think their competency
26:09
should be called into question some of
26:11
them not all of them part of what
26:14
happens you know whether you have
26:15
competed in Torun competent people is
26:17
the organization structure that you put
26:18
them in and if you put them in a
26:20
structure where they do not have
26:21
authority to do things then they’re
26:23
going to quit in frustration or they
26:25
just going to resign to the
26:27
inconvenience and not do the best work
26:29
that they can
26:30
and everything I’ve seen suggests that
26:32
they had some compute and people no
26:34
doubt about that
26:35
but they also put them in a structure
26:36
they just would not allow them to do the
26:38
right thing
26:39
and it’s no surprise what came out at
26:41
the end of it right so but you are are
26:44
you are you proponent if so online that
26:47
I’m there’s a sizable section of people
26:49
online who say that the only solution
26:51
now is to destroy the other no I
26:53
disagree with them and there are
26:56
pragmatic reasons to disagree and the
26:58
ref reservatol reasons to disagree but
27:00
what should be done now well so let’s
27:02
let’s look at this right one of things
27:05
that happens with infrastructure is that
27:07
you can’t simply destroy infrastructure
27:09
especially one that is so widespread and
27:12
widely controlled it’s like saying that
27:14
you don’t like the highway system so
27:16
you’re going to destroy it that’s great
27:18
but how are you going to do that how are
27:20
you going to go to every single part of
27:21
your highway system and destroy it and
27:23
say what you are going to bomb the roads
27:25
take it all so if you try to dismantle
27:28
infrastructure and we’ve seen this
27:30
happen in other societies you know you
27:33
look at Russia the communist structured
27:35
fell apart they were no longer the
27:38
Communist Empire that they had
27:39
originally started off as being but that
27:41
what you do with the institutions you
27:44
have built under that commune structure
27:45
they don’t disappear what they do
27:48
instead is become controlled by a new
27:50
class who now the oligarchs and that’s
27:52
exactly what’s going to happen here that
27:54
you say destroy other and you even if
27:56
you manage to pass a court order to say
27:58
turn this thing off what’s going to
28:00
happen is that every piece of this vast
28:02
empire that you areas built is now going
28:04
to go underground controlled by someone
28:06
else and it’s just going to make it much
28:08
worse so that option is just off the
28:10
table now what you’ve got instead is
28:13
that if you’re going to dismantle it how
28:15
do you dismantle it in a way that does
28:16
not cause damage you know and one of the
28:19
ways to approach this is to say that
28:20
every other idea that you had was
28:23
something you controlled that it’s a
28:25
driving licence or a pan card or a
28:26
passport it was your property and you
28:28
could use this anywhere until an
28:30
authority decides we revoke it under
28:31
whatever sections have a replica burn
28:33
under the law and those have been
28:34
contested there’s a long history of
28:36
contesting the validity of ID and the
28:37
ownership of ID and so on so the legal
28:40
systems are well established the
28:42
Institute
28:42
understanding is well-established those
28:44
are already acceptable everywhere keep
28:45
using them do not destroy them try for
28:49
instance in their order demanding eky
28:52
see or at least not try but devotee
28:54
when do what he made an ordinary
28:55
demanding eky see four mobile operators
28:57
mr. arashiyama made a public statement
29:00
saying that we have pulled mobile
29:01
operators please throw away your
29:03
existing ID proof after you do EQI see
29:05
now this is terrible mobile companies
29:08
first several classes of customers all
29:11
of their postpaid customers and
29:13
high-risk prepaid customers have done
29:14
physical address verification by
29:16
themselves so that the address they have
29:19
in their database is a billing address
29:20
it’s where this in the bill it’s where
29:22
they go to collect money in case the
29:23
bill is not paid so they know for a fact
29:25
that the address is valid the address on
29:28
an other card is unverified you just
29:30
uploaded some document somebody sitting
29:32
behind a computer decide to accept your
29:33
document nobody came to your door to
29:34
visit you if you replace a verified
29:37
address with an unverified address you
29:39
are reducing the quality of your
29:40
compliance I’m not increasing it yeah
29:43
and this is true anywhere other issues
29:46
that adding other is fine if you are
29:49
only adding it using only other and
29:52
remove what you had before is reducing
29:54
the quality of your system so if you
29:56
want to dismantle other start with this
29:57
and see nothing that you currently have
29:59
should be invalid for those who find
30:02
other convenient sure go ahead keep
30:04
using it sure yeah but do not force it
30:07
on people who don’t want it who don’t
30:08
trust it and do not take away anything
30:09
else it works even if we wanted to shut
30:12
down the central database now which is
30:13
not possible
30:14
yeah there is what we call state
30:17
resident data hubs yes I strongly feel
30:20
and there’s lot number of people express
30:22
this concern this is this is the next
30:23
sort of controversy yes in the making
30:27
could you see reviews we’ve never heard
30:28
of their certainty it’s before yeah
30:30
describe it okay so this is something
30:31
that came out of the battle between the
30:34
National Public Register and other UI da
30:37
and NPR whether to bigger entity
30:39
projects that were conceived by
30:42
different branches of the government the
30:43
Home Ministry was to the Planning
30:44
Commission and they built up in parallel
30:48
the built up with ideas about which one
30:51
was supposed to do which part you idea
30:52
was supposed to only issue numbers NPR
30:54
was supposed to do the enrollments
30:55
and eventually it got to the point where
30:57
they merged because they became
30:59
competing projects now but as a result
31:02
of their history running in parallel
31:03
there have been agreements between the
31:05
two parties in various states which have
31:08
resulted in what’s now called state
31:09
resident data hubs where every state
31:11
would be enrolling agency under the NPR
31:13
and would then enroll into the UI da but
31:16
also keep a copy of the data themselves
31:17
right now these things are not covered
31:22
under the other act act do they contain
31:23
biometrics yes several states contain
31:26
biometrics Tamil Nadu has even a law
31:28
that mentions biometrics a government
31:29
offer is not a law there’s a government
31:31
order that mentions access to biometrics
31:33
from I saw deeds cannot occur that’s as
31:35
far as I know and the police for sure
31:36
does Cuza raj does rajasthan does and
31:39
there are about 11 or 13 of these states
31:42
which have SRD inches not all of them
31:44
have biometrics some do they’re
31:47
collected at the time of enrollment into
31:48
other so they have them there is nothing
31:53
in the other Act that governs in a
31:55
certain th the term is not mentioned
31:56
even once it’s not in the regulations
31:58
some states have their own other acts
32:01
but those will not override a central
32:03
other act and some states have nothing
32:05
at all so they just operating on the
32:06
basis of government orders so this is an
32:08
entirely unregulated area of the other
32:10
ecosystem that will blow up if it’s not
32:13
examined and controlled and but the you
32:15
idea has no say in what what conduct
32:18
officials get to access it I don’t know
32:19
how many states have come up with
32:20
legislation that do govern their owners
32:22
I’m aware of only one I think Rajasthan
32:24
but they may be APB is most likely to
32:27
have one I’m not aware of it but have
32:28
not been reading the law so I think I
32:29
should find someone who is follow up on
32:31
the law regarding these things right so
32:33
in your assessment you IDI needs to rein
32:35
in its ecosystem yes so today they
32:38
announced we already discussed virtual
32:39
IDs yes the next security buffer as core
32:44
is unique ID tokens the idea is that is
32:48
part of much Larry’s correctly it says
32:50
it’s a second piece of the same
32:52
immigrant right yeah and I mean so for
32:55
some operators you know so now that
32:57
Trust as you put it has now sort of
32:59
taken back this is a better way to
33:02
reintroduce trust on that’s a good step
33:06
this is a current organization for the
33:08
fact that they are
33:08
you did this you know despite everything
33:10
that’s falling apart LM sort of
33:11
renegotiates the terms and conditions
33:13
between you I di is ecosystem yeah
33:15
you’re hopeful I’m hopeful but it just
33:17
learn enough it’s like one step out of
33:19
100 okay it’s it’s a long way to go to
33:22
make this system trustworthy this is
33:24
what they should have done on day one
33:25
and they’re doing it now after
33:27
everything is falling apart
33:29
it’s going to get much worse before they
33:31
do the next step which is I mean they
33:32
need to eliminate paper cards they need
33:34
to stop having other numbers at all and
33:36
ensure that everything is virtualized
33:37
there is no other number that anybody
33:39
can access anywhere thankfully this this
33:43
brings us to the end of our discussion
33:44
thank you thank you yeah and please do
33:47
keep an eye out for the wire for our
33:48
future news and analysis