Cyber Security is my Fundamental Right

Posted on July 8, 2018 by Vijayashankar Na

After the Supreme Court ruling in the Puttaswamy case, it is clear that the intentions of the Court is that Privacy is a Fundamental Right protected under the Indian Constitution. The Aadhaar judgement is still not announced and we are yet to find out whether use of Aadhaar as a citizen identity parameter linked to various services of the Government, Banking and financial data of individuals or property holdings to curb benami properties and blackmoney will be considered as acceptable or not.

The central debate of the acceptability of Aadhaar as an acceptable identity parameter will revolve around whether Privacy as a Right is paramount to what ever is the objective which Aadhaar linking is expected to achieve. Aadhaar is just one instance of an opposition to  perceived erosion of the status of “Right to Privacy” as a supreme right of an individual. Beyond Aahdaar opposition lies the fundamental aspect of whether a citizen of a democratic country has any right that is more supreme than the Privacy Right.

We need to realize that in many instances of Cyber incidents, privacy activists often defend the Privacy Right so aggressively that we often forget that there is life beyond Privacy. In pursuing the “Right to Privacy”, we also discuss Data Protection Requirements and legislation like GDPR which adopts a policy of high penalty limits as “Administrative Fines” (as different from the wrongful loss suffered by a citizen data subject).

We however need to appreciate that  Right to Privacy is a fundamental right but is subject to reasonable restrictions which include

a) interests of the sovereignty and integrity of India,
b) the security of the State,
c) friendly relations with foreign States,
d) public order,
e) decency or morality, or
f) in relation to contempt of court,
g) defamation or
h) incitement to an offence

Since “Privacy is a mental state of a data subject and differs from individual to individual it is impossible for a law to mandate based on the law subject’s mental state of “Feeling of being left alone”. Hence out of necessity, Privacy Protection is currently restricted to “Protection of Information Privacy” and the objective is to enable a data subject to have full control on determining how his personal data is collected and used.

In this context of “Information Privacy” being considered as “Privacy” and “Protection of Personal Information” as “Protection of Privacy”, we often consider “Data Protection” as same as “Privacy Protection”. When GDPR recognizes a role of a “Data Protection Officer” instead of a “Privacy Protection Officer”, it appears that GDPR considers that Privacy Protection and Data Protection is synonymous.

In India, until a new Data Protection Act comes into being, ITA2000/8 is the operative  “Information Privacy Protection Act”. It defines Personal information, Sensitive personal information, responsibilities of a Data Processor and an intermediary (who is also a limited data processor), consequences of non compliance in the form of civil and criminal liabilities, the means of grievance redressal etc. It also prescribes data retention norms, defines powers of interception or data demand by authorities in the national interest.

ITA 2000/8 may be considered weak in terms of its implementation mechanism but the law itself does provide a comprehensive framework for data protection which covers not only personal data protection as envisaged under Information Privacy Protection objective but also the higher levels of data protection that goes beyond Privacy Protection into the area of “Information Security” within an organization.

Information security within an organization is an attempt to protect the entire data environment which is under the control of an organization from unauthorized access, modification and deletion besides ensuring against denial of access.


We must recognize that “Data Protection” as envisaged under ITA 2000/8 which is the goal of an information security team in an organization encompasses several types of data beyond the personal and Sensitive personal data which is the subject matter of Privacy protection. For example, every organization possesses its own data which could be business data and some which may be constituting trade secrets or intellectual property.

There may also be “Transaction data” which is data such as log records which gets generated during any encounter with an outsider through the systems. Some of these transaction data which may include the IP address from which a person has interacted may be considered as “Personal Data”. But the transaction data itself indicates that IP address ‘X’ interacted with IP address ‘Y’ and the interaction lasted for ‘N’ minutes and resulted in exchange of ‘P’ bytes in and ‘Q’ bytes out etc.

These transaction information is neither the sole right of the data subject or that of the company but is a joint property of both.

ITA 2000/8 tries to protect all these types of data by imposing “Due Diligence” and “Reasonable Security Practice” obligations along with asserting Data Retention and Data Demand rights by designated authorities.

Hence “Data Protection obligations under ITA 2000/8” is more comprehensive than Privacy Protection Requirements.

Now looking at the data protection obligations from the view point of the industry, a Privacy Protection Officer is satisfied if “Personal” data under his control is secured by appropriate means to avoid unauthorized access etc. But a Data Protection Officer of a company should be interested in protecting not only the Personal data but other types of data also. Hence it is not appropriate to restrict the role of a designation such as “Data Protection Officer” to only as a protector of personal information as GDPR actually does.

“Data Protection Officer” as a designation looked at in the Indian context is therefore larger than the DPO as identified by GDPR.

If we go another level up in the Data Eco system, data of individual entities (individual and corporate) when aggregated becomes “National Data”. National Data set therefore is an aggregation of data of individuals and corporates working within the jurisdiction of India. For the same reason, when information security obligations of individual entities get aggregated, that becomes the “National Security”. Some times we call this as “Cyber Security”.

If we adopt this convention, Privacy Protection is at the lower end and addresses security of personal data in electronic form, Information security addresses security of all data in information form within the control of one legal entity and Cyber Security is the security of all data in electronic form under the jurisdiction of the country.

When we make data protection laws, we have a choice of making a Privacy Protection law and provide exemptions/derogations with respect to Information Security and National Information Security. Alternatively we can make a National Information Security law and create subordinate sectoral laws applicable to “Information within the control of a legal entity” and “Personal Information which is under the control of a legal entity”.

Laws such as GDPR adopt the first approach. It appears that ITA 2000/8 is closer to the second approach. If we donot properly prioritize our law making objective, there is a possibility of “Conflicts”.

For example, GDPR supports privacy according to which a recipient of an E Mail is not able to view the IP address of the sender which should be his right to information. A victim of defamation is unable to view the Who-Is data of the defaming website. Though work-around may be provided where by information is released upon legal demand, it is a hurdle placed on a genuine victim of a data related perceived crime in support of the privacy of an accused criminal. In many law enforcement situations, the golden hour of investigation is passed before the “Due Process” supported by a judicial order can be activated, permanently denying justice to the Cyber crime victims.

There is an urgent need to correct this skewed prioritization of “Privacy of a Crime Accused” ahead of the “Security of a Crime Victim” and the “Efficacy of the law enforcement system”. We need technical and policy initiatives that ensure that once a simple prima facie check is made on the identity of the person claiming a “perceived victim” status, the “Privacy Veil” has to be dropped and the “Right to Information” should take over as the over riding right. For example if a recipient of an e-mail demands the originating IP address of an e-mail he has received, it should be automatically provided since the identity of the recipient is inherent in the origination of the request itself. Similarly, if a Who-Is resolution request is invoked by a person with an irrefutable national identity such as a “Legally acceptable Digital Signature”, the Privacy veil on the who-is information should be dropped automatically.

I hope and demand that these and similar issues need to be addressed by the Indian Data Protection Act when it is released.

It is in this context that I would like to raise a slogan for the attention of the Government of India and the Supreme Court that  “Cyber Security is my Fundamental Right and should override other recognized fundamental rights such as Privacy Right as well as Right to Freedom of Speech.”

I look forward to the comments from the Data Security Community which includes Law Enforcement persons.

Naavi

 

Posted in Cyber Law | Tagged , , | 1 Comment

China may be developing its own unbreakable encryption system through Quantum Computing

Posted on July 5, 2018 by Vijayashankar Na

[P.S: This is in continuation of the previous articles “Is it the beginning of the Chinese domination of the globe?…Mr Modi to take note”. and China Working on achieving Quantum Supremacy. In the previous articles, we referred to some of the recent progresses made by China in the field of Quantum Computing and started our discussion on how this may impact the global political and military supremacy. We shall continue to discuss this concern in the current article with the disclaimer that I am only an ex-student of Quantum Physics at my post graduation level and I am presently working in the area of Cyber Law and Cyber Security and trying to flag my concerns. I welcome other experts to join the discussion and correct my perceptions as necessary…. Naavi]

The report “China’s quantum communication satellite achieves scientific goals” and “Chinese scientists break quantum computing world record” it has been indicated that China has successfully established the property of “Entanglement” between two “Entangled Quantum Units” physically separated at a distance of 1200 kms on earth and also an entanglement of 18 Qubits surpassing the previous record of 10.

Entanglement is a property of “Quantum Particles” where by two particles behave in tandem even when they are located in different locations in such a manner that if you change the spin status of one, the spin status of the other will automatically change.

Again in layman terms, if one Qubit in Bangalore is showing a status Zero and its entangled partner is in Mumbai and showing a status One, if we change the Bangalore Qubit status to One, the Mumbai Qubit status automatically changes to Zero even though they are not connected by wire or otherwise. It appears as if the “Entangled Particles” are connected through “Ether threads” (a term introduced by me for explanation) out of the ability of any known physical systems to perceive.

This means data in one place gets automatically replicated in another place (though it could be as anti particles) or it could be what scientific fiction calls as “Teleportation”.

It is envisaged that this property can be used in “Global Hack Proof Internet” and it appears to have been demonstrated in a video call established  between Beijing and Vienna through a multi station communication line based on quantum computing.

The principle is that if any attempt is made to change one end of the entangled pair, it will induce an automatic change in the other end and any unauthorized attempt will make it to collapse.

If these concepts materialize for practical use, China will be in possession of the most secure communication lines which establishes its supremacy militarily. At the same time the high speed of processing that quantum computers would enable would enable China to be able to break any ordinary encryption used in any commercial transactions or Banking or even Bitcoins.

Thus the Quantum supremacy will enable China to build its own secure systems and at the same time make every other system in the world completely vulnerable to attacks from them. Combine this scientific advance with the military vision of China, it will be a victor in any future Cyber war or even a conventional war where electronic controls play a major role. For example, China will be able to decrypt all nuclear commands of other countries and stop their attacks on China while it can launch its own attack without any opposition. Hence whether it is a cyber war or a conventional war, Quantum Computing supremacy would make China invincible.

It is in this context that India, US and Japan need to develop a deterrent mechanism by collaborating on the Quantum computing research.

Will Mr Modi take note?

Naavi

This is the third part of the series of three articles.

Links to all three parts:

1. Is it the beginning of the Chinese domination of the Globe?.. Mr Modi to take note

2. China Working on achieving Quantum Supremacy

3. China may be developing its own unbreakable encryption system through Quantum Computing

 

Posted in Cyber Law | Tagged , | Leave a comment

China Working on achieving Quantum Supremacy

Posted on July 5, 2018 by Vijayashankar Na

[P.S: This is in continuation of the previous article “Is it the beginning of the Chinese domination of the globe?…Mr Modi to take note”In the previous article, we referred to some of the recent progresses made by China in the field of Quantum Computing and started our discussion on how this may impact the global political and military supremacy. We shall continue to discuss this concern in the current article with the disclaimer that I am only an ex-student of Quantum Physics at my post graduation level and I am presently working in the area of Cyber Law and Cyber Security and trying to flag my concerns. I welcome other experts to join the discussion and correct my perceptions as necessary…. Naavi]

In the era of Artificial intelligence, Big data, IoT and realtime computing to solve security and other functional issues speed in the essence of success. Quantum Computing therefore is considered as a tool to beat the best of the super computers in the market to achieve levels of fast processing that can only be imagined in scientific fictions as of today. When we first saw computers, they were of the size of big rooms. Now they sit in miniature form on our palms. The difference this made to the globe is for everyone to see and appreciate. Similarly, Quantum Computers of today may be laboratory models with huge coolers filling up a whole building while the chip itself may still fit into our palms. But in the coming years it is not unthinkable that palmsize computers may interact with the room size lab models of Quantum computing and enable the benefits of quantum computing to reach the levels of personal computers as we see today. Hence the current developments need to be keenly followed so that we in India donot miss the bus…. at least in the next trip.

In Classical computing, computer Chips which process memory and instructions are built on “Transistors” which are at any point of time either “On” or “Off”. From this on-off state of the miniature transistors we interpret data using the binary language. Each bit represents one transistor which can be either representing a binary value of Zero or One.

We put eight transistors in a set and call it as a “Byte” and assign meanings to the status of each of these transistors in combination as letters, characters or numbers and use them to build data. Similarly, for routing electronic current for processing, we create gates that allow or stop the flow of current by designating a transistor into “Allow” or “Disallow” status. The number of such transistors required for representing data or a process execution determines the “Speed of Computing”. Higher the speed better will be the use of computers for real time applications.

(Check out this article for some more explanation)

With the development of Artificial Intelligence, any increase in the computing speed is considered an increased ability to conquer new grounds in information processing leading to economic and military progress.

In the “Quantum Computing”, the “Bits” of Classical computing which are transistors which can either be in a state of 0 or 1 at any point of time are replaced with Qubits. The Qubit is a sub atomic particle (Electron or nucleus of an atom) which can be in different “Spin States”. It may be spinning in one direction which could be designated as a Zero state and it could spin in opposite direction which can be called the One State. The same particle can be considered as not being in a “Certain” state at a point of time but at an “Uncertain State” where we can only measure the probability of it being in Zero state or One state.

Leaving the Physics behind the concept for another forum to worry about, for the Computer technologists, let me state that this possibility of a Qubit being in either a 0 or 1 at the same time is called “Super positioning” and in terms of data representation means that each Qubit can be used not for just representing either a zero or One as in the classical computing but both Zero and One at the same time. This increases the power of computing of a set of Qubits by a factor 2 to the power of n where n is the number of Qubits in the data representation set.

The fastest super computer in the world using classical computing is said to be Chinese super computer called Sunway TaihuLight with a rating of 93 petaflops per second (93 quadrillion floating point operations per second) and consists  (petaflop=million billion). The system has a memory build consisting of 40960 nodes with each node consisting of 32GB memory. The number of transistors used in this computer is  perhaps 10485.76 trillion (if my calculation is correct).

In the Quantum computing scenario, this speed is expected to be achieved by a system with about 50 Qubits. (See this article for a lucid explanation of computing speed in Quantum world) . Presently, it is reported that IBM and Intel are working on a 50 Qubit experimental computer and Google is trying to work on a project with 72 Qubit model.

The reports indicate that China has made substantial progress in practical terms in not only achieving supremacy in the classical computing scenario but also working on practical models of Quantum Computers particularly in the area of achieving higher levels of accuracy with the “Entangled Qubits”. We shall discuss the impact of “Entanglement” in the next article and now focus on the speed of computing achieved with building a Qubit based processor.

 

It is reported that Baidu, Alibaba and Tencent holdings are cometing in quantum computing research to gain a hold in the commercial development of the mother of all super computers based on Quantum computing principles.

We can presume that most of these researches are secretly driven and there is every possibility that US may have also progressed substantially in the field. But it is definitely a fact that China appears to be progressing fast and there is no reason to downplay the possibility that they may achieve a breakthrough ahead of others.

While as a part of the scientific community, I appreciate the work of the Chinese scientists, considering the political leadership of China, the developments need to be flagged in India as a concern. We therefore need to counter these measures with our own research activities both independently and also in collaboration with friendly countries such as US and Japan who may share similar concerns about the progress China is making. At this point of time, I donot trust EU countries since Islamic invasion of Europe and UK is in an advanced stage and within the next generation EU can be completely engulfed by Islam. Hence advanced scientific research knowledge is likely to be more misused in the EU countries than in India, US and Japan though even here we need to be on guard.

I hope IISC and similar scientific research organizations undertake suitable projects so that we can also make some progress towards achievement of computing supremacy through Quantum Computing.

This is the second part of the series of three articles. The first part is here.

Naavi

Links to all three parts:

1. Is it the beginning of the Chinese domination of the Globe?.. Mr Modi to take note

2. China Working on achieving Quantum Supremacy

3. China may be developing its own unbreakable encryption system through Quantum Computing

Posted in Cyber Law | Tagged | Leave a comment

Is it the beginning of the Chinese domination of the Globe?.. Mr Modi to take note

Posted on July 5, 2018 by Vijayashankar Na

It is known that China has made substantial progress in the field of Industry which is threatening other countries including India and US. Unfortunately, unlike Japan, scientific progress in China is discomforting to the rest of the world since China is not friendly with most of the countries in the world and wants to have a military domination over other countries. It is also too friendly with rogue nations like North Korea and Pakistan and makes other countries nervous. It is for this reason that both US and India is worried on the trade front about the Chinese domination.

Now reports are emanating on the Internet that  China has made some outstanding progress in the field of Quantum Computing. On the face of it, this is a matter on which the Chinese scientists are to be congratulated. But seen in the context of the Chinese desire to dominate the world on the political front, the development appears to be ominous.

Quantum Computing is set to re-define the global economy and who ever takes leadership in this sphere, is likely to rule the world in future. Hence the recent developments reported here needs to be taken note of by both the scientific community in India such as IISC, as well as the intelligence agencies in PMO and political pundits like Dr Subramanya Swamy.

The first report that comes to my concerned notice is the article “Chinese Scientists Set New Quantum Computing Record”.

The second report that comes to my notice is the article “China’s Quantum communication satellite achieves scientific goals”

Let’s briefly state in layman’s terms what these developments seem to indicate.

Quantum Computing differs from Classical Computing because of two specific properties of  atomic and sub atomic properties that have come to light under the domain of “Quantum Physics”. One is called “Super positioning” and the other is called “Entanglement”. These concepts make Quantum computing vastly powerful in terms of “Speed of Processing” as well as “Security to make or break the encryption systems”.

A leadership in Quantum computing is therefore a firm foot in leading the globe economically, politically and in military terms. Neither India nor US nor Japan will be able to stand upto China if it establishes firm leadership in Quantum Computing.

I therefore request Mr Narendra Modi to take the lead in calling for a summit with US and Japan only on the aspect of Quantum Computing and its implications on Global leadership and chart out a plan of action to ensure that China does not become a greater problem that what it already is for India today.

I will elaborate more on these developments within my limited understanding as a person who studied Quantum Physics when it was in its infancy and later turned to the field of Cyber Law and Cyber Security. I call upon other experts in Quantum Physics and Quantum Computing to put their heads together and deliberate on the concerns expressed in this series of articles.

PS: This is the first of the series of 3 articles which will be published here and I request readers to read all the three and give their comments.

Naavi

This is the first part of the series of three articles. 

Links to all three parts:

1. Is it the beginning of the Chinese domination of the Globe?.. Mr Modi to take note

2. China Working on achieving Quantum Supremacy

3. China may be developing its own unbreakable encryption system through Quantum Computing

Posted in Cyber Law | Tagged , , , , , , | 1 Comment

Interpreting “Personal Data” and “Business Contact Data” under GDPR

Posted on July 2, 2018 by Vijayashankar Na

Imagine you have constructed a house and let Mr X live there and use the address for his activities for which you have authorized him to.

Does the house belong to you or Mr X?

When Mr X’s authorization to use the house ends, can he keep the house to himself? Can he ask you to demolish the house?, Can he take away the things in the house… both what he himself had bought while he was in service and what you had given him for use? or what you and him together created?

This is precisely the status of a Business E Mail Address that an employer gives to its employee and he uses it for his employment related communication which is called the “Business Contacat Address”.

Now GDPR has a set of prescriptions that apply to Personal Information that is identifiable with a living person. It is interesting therefore to discuss if the “Business Contact Data” is “Personal Information” and is subject to GDPR compliance.

GDPR uses certain terms a bit carelessly creating confusion on the interpretation of some terms. The “PII or Personally Identified Information” is one such term which needs to be distinguished with “PI or Personal Information” but GDPR gives room to interpret the two words as not much different though they should be considered different.

There is no doubt that Business Contact data is “Personally Identifiable” and hence some interpret it as “Personal Information” to be subjected to the regulations.

But if we look at the basic objective of GDPR as defined in Article 1, it is clear that the regulation is meant to protect the personal information of a EU data subject since it is considered important for Privacy Right protection.

But under Article 4(1), “Personal data” is defined as  “any information relating to an identified or identifiable natural person”.

If we look at the basic objective of GDPR along with the example of the rented premises given above, it is clear that GDPR should not interpret the Business Contact Data as “Personal Information” since it is a virtual property that belongs to the employer and not the employee. Being a property of a company, created and used for the use of the Company’s business, it does make sense in considering that Business Contact data such as the E-Mail of an employee as Personal Data.

I hope this would be acceptable to a majority of the companies though some consultants may have  hesitation in accepting this interpretation.

Perhaps over time, this concept will get some clarity in the minds of the users and it would be accepted that Business Contact Data used by B2B business entities remain outside the GDPR.

Naavi

Posted in Cyber Law | Tagged , , | Leave a comment

Virtual Aadhaar ID: More breathing time for laggards

Posted on July 1, 2018 by Vijayashankar Na

UIDAI announced the Virtual Aadhaar ID system in January and made it available from 1st March 2018 giving time upto 30th June 2018 for AUAs/KUAs to tweak their systems. Then it extended the time upto the end of June. (Refer: Is Private Sector ignoring Virtual Aadhaar ID ?)

Now we understand that UIDAI has provided further breathing time to the User agencies who have so far made no attempt to introduce the new system. According to the UIDAI plans, the current system of KYC where the eKYC provider collects the Real Aadhaar ID (RID), and makes a query through an API whereby all the demographic data attached to the ID is pulled down into a form at the eKUA’s end will be restricted to only those agencies which will be called “Global AUAs”. Others would be allowed “Limited KYC”.

The agencies who are presently AUAs and are not upgraded to Global AUAs would be called “Local AUAs” and would not be permitted to make queries based on RIDs. Instead, they need to implement a new API where a 16 digit input namely the “Virtual Aadhaar ID” (VID) would be taken from the Aadhaar user with or without biometric for KYC purpose. Before providing such a number, the user should have gone to the UIDAI website and generated this 16 digit VID by providing the RID and responding to the OTP.

The Local AUA would get the response from the UIDAI by referring to the CIDR on the back end and return a “Token number” for the authentication which would be stored by the Local AUA as a reference for the verification.

Implementation of this required that UIDAI had to reclassify the registered AUAs and AUAs to implement the new API. The front end of all agencies which used Aadhaar had to be modified to take the input of the 16 digit VID instead of the 12 digit RID. (Refer It is Y2K moment again in India, with Virtual Aadhaar ID).

However despite some prodding, no such change was visible in the industry. No warnings came forth from UIDAI and UIDAI did not even post noticeable warnings on its website.

Now according to the TOI report which  surfaced late yesterday night, a statement has been made by somebody in UIDAI which is not yet appearing in the press releases on UIDAI website even today morning, the deadline for implementation of VID has been extended upto August 31st 2018. The report mentions a “Release” and we can presume that UIDAI will post it on their website by tomorrow.

According to the report,

  1. Banks will be designated as Global AUAs but the telecom authorities and others including e-sign companies would be designated as Local AUAs.
  2. Time is provided upto August 31 for implementation. However from 1st July 2018, a charge of Rs 0.20 will be made on each authentication as a disincentive. This will be a provisional charge which may be waived if the migration is completed before August 1.
  3. If the VID system is not implemented by August 31, UIDAI will be free to terminate the AUA license or impose higher financial disincentives.

Let’s hope that for whatever it is worth, VID system would be in place after August 1, 2018. It will at least avoid further leakage of Aadhaar numbers along with the associated data from the user end as it has happened in the past.

UIDAI has also stated that there would be further improvements in the form of new authentication methods. The “Face Recognition” is also expected to be introduced by August 1, 2018 and could add more security to the system where Global AUAs undertake authentication based on RIDs.

The OTP insecurity will still remain but we need to think of alternatives to OTPs to overcome this problem.

Need for Awareness Creation

The CEO of UIDAI Mr Ajay Bhushan Pandey is quoted as stating that a number of AUAs have tested the new API in their usage environment though no migration has happened. However this could just be a gracious statement meant to boost the morale of the AUAs since it appeared that the industry just did not care and had no intention to adopt to the change. Most of them are perhaps waiting for Supreme Court to scrap the Aadhaar system and hence donot want to make changes at this stage.

I recently had an encounter with a Bank and the officials had no clue of either the biometric lock system or the proposed VID system. If the Bank had sent a circular, perhaps they would have known. This vindicates our observation that even Banks have so far taken no steps to keep their employees aware of the changes that are occurring in the Aadhaar system.

There is a serious concern in some sections of the experts that the VID system will not be used by the users since it is too cumbersome for the less educated users.

The need for education of the masses on the use of Aadhaar is therefore indicated more than ever before since we need to not only tell people why Aadhaar authentication is used but also how to generate VIDs and keep changing the VIDs from time to time.

mAadhaar needs to be upgraded

I suppose mAadhaar application should itself provide an option to generate VID, which it has not done so far. Alternatively mAadhaar download itself should be enabled on VID basis atleast as an option. UIDAI has to show the way for others by implementing the 16 digit input option of VID on mAadhaar immediately along with a provision to change it. The resulting VID can be shared by the users with the Local AUAs as and when necessary without going to the web.

Technical Glitches to be corrected

In one of my recent encounters, I found that UIDAI website could not complete biometric unlocking on chrome browser on my Android phone and I had to download the Mozilla mobile browser to complete it on the mobile at the Bank where the KYC was being done. The Bank’s system which was rejecting the finger prints did not provide a proper error statement indicating that the error was because of the biometric lock and it was only after repeated failures that I was able to figure out the cause and unlock it through the Mozilla browser.

These technical glitches need to be set right by UIDAI as otherwise there will be complaints on denial of basic rights of citizens due to denial of service at the Aadhaar end.

Looking forward to further developments and official information from UIDAI on the extension of time and other issues mentioned above

Naavi

Posted in Cyber Law | Tagged , , , | 2 Comments