Author: Arvind Padmanabhan
An opinion
Image source: Kumar, M., 2013, ‘Digital Privacy, Internet Surveillance, and The PRISM – Enemies of the Internet’, The Hacker News; Security in a Serious Way.
The world we have built around us is due to human ingenuity as well as engineering skills. Tools play an important role in this. It’s not an exaggeration to say that most engineers think about the tools at their disposal before starting to give form to their ideas. To sculpt something, you need first good chisel and hammer. To build a bridge, you need precision measuring instruments. To dig a tunnel, you need a boring machine. In today’s digital economy, you need connected servers, software platforms and algorithms.
Tools improve both efficiency and effectiveness. The problem with the use of tools is the intent. A knife can be used to cut fruit or to kill your neighbour. A cook and an arsonist use fire in very different ways. Now imagine what will happen when a powerful tool is created with bad intent but the public is told that it is for their good. Aadhaar seems to be in this category.
When Aadhaar first came out, it was meant to enable welfare payments and rationing of essential goods to the poor and needy. It made sense because when public money is spent on such things the government wants to be sure that it gets to the right people. So giving these people an identity via Aadhaar was certainly a positive move. For those who paid taxes, there was comfort that Aadhaar would ensure their contributions were spent suitably and could be tracked.
Once people had accepted Aadhaar, those in charge of it started to realize how much power they could wield with all the information they had collected. It was not merely names and addresses but also biometric data: fingerprints and iris patterns. It doesn’t take a leap of imagination to suppose that this might be extended to DNA or anything else that new technology offers in terms of biometric identification. Identification for doling out government payments is one thing but biometric identification has a more sinister purpose: it’s the main incriminating evidence that legal and policing systems use. So what will happen if the Aadhaar database gets into wrong hands?
With the power of information of a billion individuals, it didn’t taken long for Aadhaar proponents to convince multiple government departments to adopt the system. The common mindset in India is of the bandwagon type: it takes only a few to adopt something and everyone else will follow.
The argument is that since Aadhaar provides unique identity to India’s citizens, why restrict it to just some services? Your bank accounts can get linked to Aadhaar. Your telecom service providers can use it for authenticating you. The Income Tax department can use it (though the purpose is unclear). IRCTC online booking for train tickets can use Aadhaar. All the everyday payments you make via your UPI-enabled apps or e-wallets are tied to and can be traced via services built on top of Aadhaar. The problem for citizens is that it’s no longer optional. Citizens will be locked out of these useful services if they don’t have Aadhaar, whether they like it or not. In some cases, when biometrics fail, essential services will be denied to citizens.
To use an analogy, a security firm tells you that you will be safe only if you install a CCTV camera to monitor your front door. You install it but soon you are told they will continue support only if you install cameras inside your house in every room. They tell you that the system doesn’t work with just one camera!
Here’s the irony of democracy. Citizens elect representatives to protect them and govern the country. The government now starts thinking that citizens are in general bad and cannot be trusted. So just because some people are potential terrorists, everyone should be monitored. Individual privacy must be sacrificed for the greater good of the nation. Governments on their part have failed to convince citizens that they’re responsible and effective. We are not aware of any e-governance initiatives have been successful and none have instilled public confidence. It’s for this reason that we are against Aadhaar because a powerful tool in the hands of an incompetent authority is dangerous.
What if a citizen decides not to get on to the Aadhaar platform? I’m afraid this choice is no longer available. Take for example the annual ritual of filing one’s tax returns. This year it’s mandatory to include your Aadhaar. It’s strange that a law-abiding citizen who pays her taxes regularly is told that even if you pay your taxes you will be fined without an Aadhaar identity. It does suggest that there are problems with the current PAN card system, which the government is unable to solve. The best way to avoid problems is to offer a glittering new system in place of a broken older system. But no system is going to improve things if it’s run by incompetent authorities.
Let’s assume for the sake of argument that the government has a noble purpose and discharges its responsibilities admirably. Given the state of crimes in cyber space these days, it’s only a matter of time that the Aadhaar database is hacked and the information is put out in the open for the highest bidder. We have every reason to believe that technical people who manage Aadhaar are not as knowledgeable or creative as hackers. In fact, ethical hackers may be a good bunch for Aadhaar. They will point out design flaws, backdoors and security holes that make Aadhaar vulnerable. The Aadhaar team will then be forced to fix these problems and make the system more secure. Ethical hackers have an important role to play in service of India’s citizens. The ugly truth is that there are probably many more hackers whose intent is not so honourable.
In conclusion, to all members of the engineering community, I would like to say that the tools we create can possibly be used wrongly when they fall into the hands of wrong people. The classic case is of the atomic bombs that fell on Hiroshima and Nagasaki. Lise Meitner discovered the principle of nuclear fission in 1938 but she refused to be part of the Manhattan Project, saying famously, “I will have nothing to do with a bomb!” As engineers, whatever we do, let’s not lose our moral compass.
Author: Arvind Padmanabhan
Arvind Padmanabhan graduated from the National University of Singapore with a master’s degree in electrical engineering. With more than fifteen years of experience, he has worked extensively on various wireless technologies including DECT, WCDMA, HSPA, WiMAX and LTE. He is passionate about tech blogging, training and supporting early stage Indian start-ups. He is a founder member of two non-profit community platforms: IEDF and Devopedia. In 2013, he published a book on the history of digital technology: http://theinfinitebit.wordpress.com.
The IEDF Blog 
Aadhar is being asked by every body just to know identity with out any guide line for usage with out authentication. I don’t understand if it’s safe. The security responsibility of users are yet to be defined with responsibility.
LikeLike