What everybody can and SHOULD learn by READING about Aadhaar
Aadhaar is India’s digital identity system. By reading the right stuff about Aadhaar everybody, no matter where he or she lives, may learn a lot about crucial stuff like Free/Open Source software, Open Government and Open Data.
In my opinion, the “right stuff about Aadhaar” surely includes these two (rightfully long) pieces:
- Aadhaar - A Self Certified ID”, by Anand Venkatanarayanan, May 2018
- “A rant on Aadhaar” by Kiran Jonnalagadda, December 2016
I like those articles so much because I believe that almost all their content is not related or limited to, in any way, Aadhaar being from and about India. More specifically, I believe that most of the problems they expose are exactly the same as they are in Italy and Western countries in general. In practices, THESE are the twelve things I believe everybody should learn from those two pieces about Aadhaar:
- Privileges are very hard to eliminate digitally. DO design also for the most disadvantaged citizens
- Protection must always go both ways
- Ignorance is always bad. Cure it with education, not with technology
- Integrity and reputation of Public Administrations and employees matter more than algorithms and procedures
- Removing ALL human responsibility to fight corruption can backfire badly (yes, I’m thinking to you “blockchains everywhere” guys)
- Think a thousand times before inviting third parties between citizens and administrations
- Sooner or later,someone WILL “steal” or misuse data. So be very careful before asking for them
- The REAL reason why many public administrations do not want to Open Source their software
- Half-digitized procedures are BAD
- Biometrics as PASSWORDS, instead of user IDs, is BAD
- Aadhaar features to avoid, if possible
- Aadhaar features to imitate, or at least know about
The rest of this post shows short, edited quotes of the parts of the two articles from which each point comes from. Only the first quote in the first point comes from the “Self Certified ID” article, but do read all of it too!
1. Privileges are very hard to eliminate digitally. DO design also for the most disadvantaged citizens::
- Aadhaar is world’s largest self-certified ID and is only as trustworthy as the individual’s social status and trust-worthiness
- If history has taught us anything, it is that the victims of a flawed scheme are almost always the poor, the marginalised and the vulnerable.
2. Protection must always go both ways: To protect from abuse, UIDAI has [been formally put] beyond the rule of law. Why would you trust your property (including your money) to a system explicitly designed with the belief that you are the one likely to commit fraud? Where in Aadhaar’s design is any mechanism to prevent the state from making a claim on you, without your authorisation?
3. Ignorance is always bad. Cure it with education, not with technology: an “Aadhaar card” is at best a receipt acknowledging a user’s enrolment. It is easily faked—far more easily than a plastic-backed PAN card or driving license—and should not be trusted as an identity card without corresponding digital verification (based on biometrics or demographic data), and yet the Aadhaar card is widely accepted as identity proof thanks to the government’s own push. Would you share a photocopy of your credit card and pray it’s not misused?
4. Integrity and reputation of Public Administrations and employees matter more than algorithms and procedures: in the British Raj-era civil services, a collector was a white man, legally superior to the natives. Post independence, everyone had equal rights, so the civil servant’s position of authority was somewhat diminished. They couldn’t simply expect compliance anymore. This meant [public officers] had to quickly learn to be the ultimate bad-ass if they hoped to survive a rural stint. [Besides,] anywhere a petty official had discretionary authority, there was corruption, and superiors who knew of this corruption weren’t sufficiently empowered to check it.
5. Systems designed to eliminate corruption by removing ALL “wiggle room” for personal decision by civil servants can backfire badly: for a ration card project, [the author] invented a paper and transparency-based crypto system using Visual Cryptography. [It worked until they realized that it tied down] a ration card to a single shop. What if a family relocated? What if a family didn’t like a shopkeeper and wanted to pick up their rations elsewhere? To change shops, a family had to get a new card, with all the associated costs and hassles.
6. Think a thousand times before inviting third parties between citizens and administrations: You are only as safe as the state’s enthusiasm for ensuring your safety. As Aadhaar is not limited to being used by state actors, this imbalance of power extends to any private entity that you choose to use Aadhaar with (or are forced to).
7. Sooner or later,someone WILL “steal” or misuse data. So be very careful before asking for them: Aadhaar is a single, giant database of everyone in the country, a supremely alluring target for abuse. (No need to stretch your imagination: the Holocaust also used citizen databases.)
8. The real reason why many public administrations do not want to open source their sofware is not lost revenues, or “security through obscurity”. It is that sharing the code would expose flaws in their non-software competence, chains of command and management processes. For a detailed textbook example of this, read about the “Land Management System” in the second article.
9. Half-digitized procedures are BAD: in Karnataka, agricultural land records are maintained by the state. A farmer who wants to obtain a copy of their land title, to take to the bank to obtain a crop loan, has to get it from the local village accountant, whose seal and signature makes the paper an official record… You can see that this doesn’t scale. (ME: and “this” also happens in many procedures in Italy today)
10. Using biometrics as PASSWORDS, instead of user IDs, is BAD:
- Some people, especially tobacco workers, have fingers too worn out to take prints
- What can you do if your biometrics are compromised? You may be composed of flesh and blood, but… a fingerprint scanner turns fingers into bits—bits that can be copied and replayed any number of times, for the rest of your life, and there’s absolutely nothing you can do to stop it. Will Aadhaar or biology give you new fingerprints?
- (ME: compare this with what I wrote in 2007)
11. Aadhaar features to avoid, if possible, in any large government digitalization process: it’s entirely top-down; it is inherently designed to protect the benevolent state from bad actors such as minor officials and you; and it is “consistently hyped up as the panacea that will solve [all] identity problems - even when it fails to”.
12. Aadhaar features or history that any large government digitalization process should imitate, or take into account anyway:
- it is a general purpose system, not linked to any particular department or use case.
- it is funded by the savings from eliminating fraud across departments. It didn’t require an additional budget and was therefore easy for the government to approve.
- To avoid the [traps] of a government contract, it was built by volunteers, with contractors coming in only after the foundation had been laid.
- To avoid vendor lock-in:
- Each manufacturer of fingerprint scanners uses a different algorithm. Consequently, small differences can’t be compared across manufacturers. If you pick one supplier, you’re committing to them for the lifetime of your database.
- they put together a consortium of vendors agreeing to a common standard, using the sheer size of the database as leverage to get vendors to open up
- biometric matching software from multiple vendors is run on the entire database for every new enrolment, with vendors paid for performance
- Most of that software is licensed rather than custom-built, [but the author is] thankful it’s not custom-built software, “having seen the horrors of that in other government projects”.
- vendors will agree, and savings will happen, only “if 100% of enrolments are via Aadhaar”. This explains the drive to make Aadhaar mandatory: “no surveillance conspiracies here, just plain economics”.