Header image alt text

Naavi.org

Building a Responsible Cyber Society…Since 1998

Supreme Court has now come to the end of hearing the PIL on the Aadhaar. Whatever be the actual petition it is clear that the opposition to Aadhaar stems mainly from the Black Money holders and Benami property holders who are threatened out of their existence with the identification of their misdeeds and Black wealth accumulated over time.

India having been corrupted systemically by the ruling Congress Party since the days of Mrs Indira Gandhi (as people of our generation know of), there is corruption in every aspect of our life. Our politicians, Bureaucrats, Police and even the Judiciary is exposed to the menace of corruption though different segments have absorbed it to different extent.

Businessmen also have accumulated black wealth but their accumulation is because of tax evasion. Otherwise the black money of businessmen is generated out of their hard work  or business. The Black wealth accumulated by the officials and politicians on the other hand is of a different nature. It has originated out of corruption and additionally continued with tax evasion.

Now all these persons who are threatened with the loss of their ill gotten wealth have come together to petition to the Supreme Court that mandatory linking of Aadhaar to Bank accounts and the proposed property registrations is opposed to “Privacy” and hence it should be scrapped.

Privacy is not a shield for Corruption

Without any doubt, “Privacy” is being used as an excuse to cover up illegal accumulation of Black wealth and the Supreme Court cannot be seen as supporting this cause.

All Privacy regulations provide an exception that “Privacy” is not a right that can be used by a citizen when the State has to consider” Public Interest” and “National Security”.

We are not sure if the lawyers who will be arguing for the Government will not collude with the opposition and put up a weak argument to enable the Judiciary to scrap Aadhaar linkage to basic services.

A Citizen has no right to claim immunity from being punished for the larger good of the society. The judiciary has its role in checking the misuse of any law including the Aadhaar law just as the SC/ST atrocities Act.

Hence the Supreme Court Bench has to place the national interest paramount and not be swayed by the arguments of the Aadhaar opponents. I have some faith that the current CJI will ensure it. It should be done before the “Dissenting” judges take over our system and politicize the judiciary.

Virtual ID eliminates most of the concerns against Aadhaar

In this context, the much awaited Virtual Aadhaar ID scheme of UIDAI has now become operational. Under this scheme all services which require Aadhaar number will now use the “Pseudonomized ID” which is the 16 digit Virtual ID which the Aadaar holder picks up on the Aadhaar website. The original aadhaar number remains confidential with the user.  The intermediary who uses the virtual ID will not have the demographic data mapped to the original Aadhaar ID and hence the kind of data breaches that happenned at the intermediary end in the past for which UIDAI is being blamed cannot happen in the future.

This Virtual ID is not a permanent ID and can be regenerated randomly every time the aadhaar holder wants to use it. He can use it as a single purpose ID and ensure that no two intermediaries have his data mapped to the same Aadhaar ID.

This system therefore addresses the concern on Aadhaar security at the intermediary end for all future transactions.

Of course some critics may still ask what about the past?. There could be solutions for the same which could be considered in future.

Critics will also ask what is the guarantee that the data may not be leaked from the UIDAI itself. There will of course be security at the UIDAI so that no single person will be able to leak Aadhaar information since multiple levles of authentication would be required.

If the critics still ask whether it is not possible for multiple persons to collude and commit a fraud, I would say if a day comes to that then we the Indians donot deserve the Aadhaar.

We know that when the previous Congress regime was in place,  the country was run in the name of PM by a coterie which was Pro Pakistan and Anti India. It can be speculated that several of the national secrets could have then been shared with the enemy during this time. Conspiracies could have been  hatched to put our Military to shame and create a bogey of Hindu terrorism. In future also, if those who want to destroy our country come to power, we are not sure if they will rule in the interest of the country.

The opposition political parties in India which are behind the Anti Aadhaar discussion in Supreme Court had once given Supari to eliminate Mr Modi much before he became PM. Now they are trying to use the Supreme Court as the weapon to kill the ambition of Mr Modi to eliminate corruption in India.

Hence the Aadhaar case has become a symbol of a fight between those who despise corruption and those who worship it.

If the opposition comes to power, there is the danger that they may themselves access Aadhaar data and hand it over to Cambridge Analytica so that they will never lose the election again.

Supreme Court has to show its character

I hope the final decision of the Supreme Court will prove that India still retains the ability to stand up to all divisive forces and show character that has made this country survive against the onslaught of foreign invasions time and again.

Naavi

Aadhaar has been the center of Privacy debate for quite some time in India and has even attracted international attention. Amidst the criticisms that Aadhaar system is not properly secured and therefore it may lead to loss of privacy of the citizens, Supreme Court took up a petition on whether Aadhaar infringes Indian Constitution and should be discontinued. Initially, the Aadhaar baiters scored a victory as Supreme Court under the previous CJI hurriedly constituted a 9 member bench and passed a judgement stating “Aadhaar is a Fundamental Right”. It appeared as if the judgement was a tool given to the smaller bench which was hearing the Aadhaar constitutionality issue to scrap Aadhaar.

However things have changed in the last few weeks. First the new CJI shuffled the bench and case allocation rules so that politician advocates who wanted to get the Aadhaar case heard by a bench of their choice were frustrated in their design.

The case is now being heard in a more neutral bench than what the politicians intended.

At the same time, UIDAI came up with its own master stroke introducing the “Virtual Aadhaar ID ID (VAID) proposition which has changed the scenario of security in such a manner that one of the key argument against Aadhaar that it leads to breach of privacy has been put to rest.

Naavi had been suggesting for a long time that the principle of “Regulated Anonymity” should be applied to secure Aadhaar and actually hoped that this would be a good commercial business proposition to be used by an enterprising private business entity. Now Aadhaar by introducing the system of VAID has come up with its own version of “Pseudonomization”   which would perhaps take the Privacy protection up by several notches.

The VAID system is expected to be in operation by March 2018 on trial basis and mandatorily by June 2018 unless some extension is given. Once the system comes into use, all KYC agencies will have to be prepared to use the VAID which may be a 12 digit randomly generated number which is mapped to the real Aadhar ID of an individual for all their KYC enquiries.

In other words, the KYC authority will not receive the real Aadhaar ID  for its KYC purpose but receive only a randomly generated, changeable VAID number. This may perhaps be forced  by UIDAI by mandating that the AUA/KUAs donot shall stop using the real Aadhaar ID for any KYC queries.

As for the users, they will have the option of generating a VAID against their real Aadhaar ID and ascribe it a date of expiry or designate a specific one time purpose. Such number would meet the requirement of SIM card verification or even Bank account verification.

How Virtual ID secures the system

The exact architecture that UIDAI may use for the purpose is not known and need not be made public. However, it may consider the following features.

(P.S: This diagram is only an illustrative representation of a suggested architecture. This is not what UIDAI may implement)

The first change could be that access to CIDR will be only through an internal system and access by AUA/KUA would be stopped at an intermediary server.

Public will access a Virtual ID generator (S-1) service as and when they want. They will provide the real Aadhaar ID to this server and obtain a Virtual ID. This ID will be randomly generated and will have an expiry tag and stored in another system. S-1 will then deposit the information to S-2 where a map of Real Aadhaar ID and Virtual Aadhaar ID is maintained and updated with a history of VAIDs associated with a given Real Aadhaar ID.

When a user requires a service, he will provide only his VAID to the AUA/KUA who will send their request to another exclusive server of UIDAI where the request will be processed (S-3). This server will push a request to S-2 which will re-identify the VAID and forward the KYC request to CIDR,(Central Identities Data Repository).  CIDR will push the required information back to S-3 for onward transmission to the AUA/KUA.

In this structure, S-2 which holds the map of the real Aadhaar ID with the Virtual Aadhaar ID will be accessed only by internal servers one accessible to Aadhaar users and the other accessible to the AUA/KUAs.

S-1 will only generate VAID and does not store any data after the process is over. CIDR is accessible only from S-2. S-2 will not hold any data other than the mapping of the real ID and Virtual ID. S-3 will allow passing through of  Virtual ID and the KYC information but will never access the real ID.

S-1 and S-3 will be only transaction servers and need not store any data except in transit. Firewalls will manage the access to different servers and ensure that Aadhaar demographic or Biometric data is not accessed by any outsiders except through queries passed through S-2.

How Biometric Security Can be fortified

Presently, the Aadhaar has a record of 10 finger prints and iris scan for biometric identity purpose. To this multiple face parameters may get added with the new addition of the Face recognition feature. Face recognition in intended to be used as an alternative biometric in cases where finger print recognition fail so that false rejections can be reduced.

Additionally, we can consider that one or more Face parameters would be an add on to the many biometric identification parameters (10 finger prints+Iris scan). Totally therefore there may be around 11 plus biometric parameters which can be used for authentication.

Considering the possibility that as of now some biometric data might have been compromised, or biometric devices may be manipulated for a store and replay attack, UIDAI may consider a “Double/Multiple biometric authentication” on an “Adaptive Authentication Principle”.

Under this system, biometric of one finger is first obtained. When this is successful, the server may randomly chose another biometric feature to be provided with or without mobile OTP as well. With such a system there would be simultaneously three parameters that are verified for authentication and the second authentication would be a random variable and provide a defense against most of the normal attacks.

Assuming that UIDAI has other security features already installed for preventing the store and replay attack, the addition of a random additional biometric parameter based authentication will fortify the current system and make an enormous improvement in the system.

Since it is possible to get the biometric device ID and its location as a transaction input, the adaptive authentication can be configured with the known behavioural pattern of the user as is done in credit card transactions.

One issue that needs to be tackled in the suggested system is the latency of the transaction and connectivity. But this is a challenge that can be handled and should be handled in the interest of security.

(P.S: I presume that the current team of UIDAI consists of more accomplished information security experts than the author and hence what is discussed above may be steps which are already in place. They are however discussed here to inform  public  that security of aadhaar is feasible.)

Naavi

 

It appears as if the Anti Aadhaar lobby in India has just been outsmarted by the UIDAI with its proposition of the “Virtual Aadhaar ID” as a response to the many complaints about the leakage of Aadhaar information.

The Supreme Court is waiting to complete its hearing which potentially could hold that the linking of Aadhaar to Bank and Mobile accounts was in violation of the Constitutional Right to Privacy of an individual. In the process, the entire Aadhaar scheme’s future hangs in balance.

The ground had been well prepared for scrapping the Aadhaar with the hurriedly issued 9 member judgement in the Puttaswamy case declaring Privacy as a fundamental right giving a very strong weapon with which any action of the Modi Government related to Aadhaar could be struck down.

Since the Supreme Court cleverly avoided defining what is Privacy even while holding that it is a Fundamental right, it left the doors wide open to intervene on any thing that Aadhaar was supposed to be linked with. The recent sting operation of Tribune alleging that the entire Aadhaar data base access could be purchased for Rs 500/- in 10 minutes had primed up the argument for striking down the Aadhaar linkage. Aadhaar linkage appeared to be a lost cause after this Tribune revelation.

But suddenly the “Virtual ID” option floated by UIDAI has frustrated the anti Aadhaar lobby and given a strong argument for UIDAI that it is responding to the security vulnerabilities and taking mitigation steps.

The plight of the Anti Aadhaar lobby is  like the plight of a batsman in a Cricket game who has happily jumped forward to a flighted delivery hoping to hit a six,  only to find that he has  missed the ball and is now praying that the Wicket Keeper does not stump him out.

We hope that the Wicket Keeper completes his expected duty and the Umpire does not call a no-ball.

There is no doubt that the Aadhaar authorities have been in the past behaving with an air of arrogance that reminded me of the “Indira Gandhi of Emergency Days” . But the intention of the Government to use Aadhaar as a unique identifier to root out benami asset holding and black money cannot be faulted. All those who wanted to  protect their black money were using the “Privacy” argument to oppose Aadhaar. The UIDAI was playing into their hands so far by its own negligence, ignorance and arrogance.

Hence there is a need to address the security concerns and meet them adequately rather than blaming the system itself and fight for its scrapping.

The Virtual ID concept is some thing which should be appreciated as a step in the right direction. It is true that it has come late and should have been in place from the day Aadhaar was intended to be used for KYC purposes widely. We have repeatedly advocated what we have called  “Regulated Anonymity” and the Virtual Aadhaar ID is close in its concept to part this concept which is the principle of “De-Identification” or “Pseudonomization”.

Under the proposed system, UIDAI will stop allowing direct access to its core CIDR server system which houses the data of the citizens collected for issue of Aadhaar. Instead there will be a gateway server which faces the down stream service providers which is linked in the back end with the core CIDR server. Public will be able to obtain a “Virtual Aadhaar ID” which is a 16 digit temporary random number mapped to the Aadhaar number of the user, through the website. This 16 digit number may be used as an ID to be provided to service providers like Banks and Mobile companies. When these users want to check the Aadhaar identity against either the OTP or biometric of the Aadhaar holder, the query will be processed by the secondary server which in turn will query the Core CIDR server and process the request.

The exact architecture that UIDAI may use is not known. It is however clear that the Core CIDR server has to be kept insulated from the public including the agencies such as AUA/KUA with a strong Firewall that separates the Core CIDR system from any communication from outside. The mapping of the Virtual ID issued and the true ID has to be maintained some where and that becomes a critical component of the process. How this is secured determines the security of the system as a whole.

If UIDAI again makes mistakes in managing the security of this “Mapping Server”, then the problem will continue.

The architecture should therefore include a “Virtual ID issuing server”, “Virtual ID-True ID mapping Server” in addition to the current “Core CIDR Server”. In the Regulated Anonymity system that we had discussed in the past, a system was discussed for such requirements and hopefully some of those principles would be used and improved upon in the UIDAI new system. (The Regulated Anonymity system is discussed here). The concept was discussed in 2013 and could be considered as raw and amenable to many improvements.

If UIDAI does not secure access to the “Mapping Server”, the data will be only be marginally more secure as it introduces one additional step for the hackers to break.

If UIDAI sheds it’s “I Know Everything” attitude and is humble in listening to the experts in the field, it may perhaps be able to secure the system at least in future. Whether it is too late?… is difficult to answer.

The Y2K Moment again

Keeping the arguments of how the security of the Virtual ID would be implemented, we can now address the industry issue that the proposed system has introduced. UIDAI has announced that the UIDAI will start accepting VID from March 1, 2018. From June 1, 2018 it will be compulsory for all agencies that undertake authentication to accept Virtual ID from their users.

This means that all the agencies who are using Aadhaar now, (Should be thousands of companies) will all have to tweak their codes to accommodate a 16 number system in the place of a 12 number system for its services. For some time, they need to maintain both systems working and later remove the earlier 12 digit number acceptance.

Additionally it may be necessary for them to covert all existing storage of True Aadhaar Id with a Pseudo Aadhaar Id or atleast remove the True Aadhaar Id from their system.

This will be like implementing the “Right to Forget” which is a tough task since most of these companies will not know where all they have stored the Aadhaar numbers in their systems. It could be on web servers, on cloud storage systems, on e-mail servers etc and all of these have to be erased. (If such a requirement is made).

It is possible that the Supreme Court may impose the above condition for allowing the use of Virtual ID in future and not scrap the system. But it is not known when they will give their view on it. The user companies have to therefore keep their fingers crossed and wait if the 16 number field has to be used in future or they should keep both options in place for some time.

The software developers therefore have their hands full only to implement the changes as the Supreme Court may decide. In this respect we will be re-living the days of Y2K implementation when globally codes were changed to accommodate a four digit field for the year component of a date instead of the 2 fields which were provided.

Good for many… but costs for the companies….Perhaps it is the price to be paid for the development amidst a hostile political environment.

Waiting to see what the Supreme Court will do now….

Naavi

Related Articles:

Aadhaar Authentication: How To Use Virtual ID (VID)

Virtual ID is Aadhaar 2.0, It Can be Changed Any Number of Times: UIDAI Chairman

Aadhaar Virtual ID “Unworkable”, Will Oppose Tooth-And-Nail: Petitioners

There’s no consensus over Aadhaar number or 16-digit virtual ID

Old Articles of naavi

Reasonable Security Practices For UID Project..in India..A Draft for Debate

The Unique ID Project.. What should be Unique?

The National ID Card Challenge for Nandan Nilekani.. Part I

The National ID Card Challenge for Nandan Nilekani.. Part II