
‘Big Brother’ in India Requires Fingerprint Scans for Food, Phones and Finances - vthallam
https://www.nytimes.com/2018/04/07/technology/india-id-aadhaar.html
======
firasd
As a tech professional, it's extra disturbing the way the government pushes
these harebrained schemes by marketing them as 'Digital India', 'India Stack',
etc. thus getting visiting dignitaries from other countries to lap it up. We
really need to be careful that we don't whitewash autocratic bureaucracy by
branding it digital innovation.

Note the spin from Aadhaar proponents in this NYT article--that it's the
equivalent of building interstate highways, or that citizens are the biggest
beneficiaries. They neglect to mention that the program is mandatory. If
people were truly benefiting, they wouldn't need to force everyone to link so
many of their life activities with this database--we'd do it voluntarily.

During the demonetization disaster of Nov 2016 (in which 86% of the cash value
in circulation was deemed unusable overnight), once the problems became clear,
the government went on a massive PR spree saying that despite the problems
faced by ordinary people, the policy will spur 'digital payments'. 18 months
later it's clear that this was a stupid claim--the cash in circulation has
matched or exceeded the amount that was demonetized. I wrote about this at the
time here but I'm still very upset about what went down and the whole 'ooh
this will lead to digital innovation!11' deflection.
[https://hackernoon.com/i-boycott-
paytm-5df93d189356](https://hackernoon.com/i-boycott-paytm-5df93d189356)

~~~
Alterlife
I'm from India too. While I don't support the Aadhaar program in it's present
form, just so that we understand the arguments from the other side:

India has a lot of problems but most of them stem from two causes:

1\. Corruption 2\. Inequality

In positions of power, corruption is universal. I have yet to meet a person in
Bangalore who has been able to purchase property without paying a bribe. Too
many of our government 'servants' are sociopaths. It's a generally accepted
fact (with no citation needed) that a non-insignificant portion of government
spending on social programs and infrastructure is going un-tracked into
private pockets.

Secondly, inequality. A lot of people get away with things in politics. Robert
Vadra gets through security checks though he's not a diplomat, Modiji
(allegedly) gets degrees without going to college and Jayalalitha from my own
state had people falling not only at her feet but touching the tires of her
car.

Aadhaar is the 'leveler' that shines light on the financial activities of all
these people.

1\. Aadhaar is linked to biometrics = aadhaar is linked to a real person

2\. You can't live / work in India without Aadhaar = Government employees and
people with influence are not exempt.

3\. You can't handle money or avail social benefits from the government in
India without linking Aadhaar to it = Illegal money can be tracked.

This could solve a lot of problems.

Of-course there are problems with this apart from the well publicized privacy
issues. You can apparently purchase fake Aadhaar cards for a few hundred
rupees. It's been reported that more than one person has bought an Aadhaar
card for a pet and if it's that simple to beat the system then all the good
intentions fall flat.

~~~
captn3m0
The right way to fix corruption is to make the state transparent - RTI was a
right step in this direction. Opening up the citizen to the state feels like
progress, but isn't really.

~~~
fooker
That is like saying that the right way to fix bugs is by conducting meetings
to grill the programmer.

Sure, it can work but it does not scale. If clerks spend all day manually
answering RTI queries who will do the work?

~~~
microcolonel
Where in the world do clerks spend all day answering FOI/RTI queries? I feel
people greatly overestimate the typical volume of requests, having personally
known at least three FOI officers in two jurisdictions.

When you're seeing elevated request volume, it's likely that there's something
substantial worth requesting, which is exactly the point of this form of
legislation.

~~~
fooker
Keeping my analogy, developers do not spend the whole day at meetings, but
meeting to fix bugs are not generally worth it. Also, when there is a high
volume of meetings, there is likely something wrong.

I know for a fact that in the Indian Railways, people spend weeks digging up
information required to answer RTI queries.

Instead of going by feelings ask government employees (preferably someone with
a high level view of things) about it.

I am not saying RTI is useless. However, without a computerized infrastructure
for most, if not all, protocols and processes in the government, it is just a
game of cat and mouse.

~~~
microcolonel
> _I know for a fact that in the Indian Railways, people spend weeks digging
> up information required to answer RTI queries._

The usual solution to a problem like that is to publish the frequently
requested types of information in bulk, before they need to be requested,
since they are public records by definition. It costs a bit more than doing
nothing, but not nearly as much as corruption does.

------
haltingproblem
Lets step back and pose a meta question - how does a state go about providing
services to its citizen if the state cannot identify citizens as its own and
as unique entities. Both being necessary conditions.

A well functioning state needs to be a strong (sorry libertarians) and benign
(cf. Somalia and North Korea) to take care of its citizens. You can take
birth, live and die in a weak state without the State ever knowing you
existed, let alone provide you with services.

Things we take for granted in the so-called developed economies e.g. getting a
birth certificate, accessing public education, voting rights, drivers license
- rely on smaller units of government providing unique identity services which
are then chained up the ladder. My local hospital provides a birth certificate
which is attested to by the county recorder's office which then serves as
proof to get a driving license, passport etc.

In a weak state like India, the local entities are thoroughly corrupt. A blue
eyed/blond 6.5 foot viking can get a birth certificate in an indian province
where most citizens are under 5.5 foot and caramel colored for less than a
hundred dollars.

So I posit my meta question - how is a nation state supposed to provide unique
identity authentication?

Aadhaar is a 12 digit random number assigned to everyone by the Unique
Identification Authority of India. The project was led by one of the founders
of Infosys who ran as a Member of Parliament for the opposition Congress
party. Each political party takes potshots at it when they are not in power
but it has support across the aisle. From my (albeit limited) understanding,
Aadhaar is simply authentication - and not tracking.

The intelligentsia in India defines themselves by opposition to Aadhaar. There
is a huge cacophony of bollywood stars, writers, intellectuals and of course
civil libertarians opposing Aadhaar. What is lost is the colossal leakage
(euphemism for corruption) in benefits, the lack of existence of hundreds of
millions of citizens and the resulting parasitism of political machines to get
them benefits of the old system.

Does anyone have anything else in mind that would work better? Or is this
simply opposition for opposition sake?

(edits for clarity)

~~~
reaperducer
> how does a state go about providing services to its citizen if the state
> cannot identify citizens as its own and as unique entities. Both being
> necessary conditions.

Are they, really? It's not like the government is buying people cars. They're
handing out food to starving children. If people are hungry, give them food.
Don't make them jump through hoops for it.

Perhaps my problem is that I see it as an American. Americans are citizens of
their country whether they can prove it or not. Whether they can pass an ID
scan or not. It's one of the reasons why voter ID proposals are so vocally
opposed. I am a citizen, just as I am a human being. I do not need to prove it
to exist. I didn't even have a Social Security number until I was an adult and
wanted to start work. It wasn't until the tax authorities made SSN's mandatory
to deduct dependents from your taxes that people started registering their
babies at birth.

However, in some other nations, people don't think of themselves as citizens
unless they have the blessing of their government in the form of a document or
a registration number.

Americans look at the Soviet Union, and other failed states and worry about
what happens when a particular group of people falls out of favor and can be
disenfranchised with the click of a button.

~~~
rohit2412
>> Americans are citizens of their country whether they can prove it or not.

Tell that to the undocumented immigrants. You forget that you have a birth
certificate to prove you are a citizen.

~~~
zo1
So then why don't they go and apply to be documented? I'm sure their foreign
birth certificate is enough to prove their existence. Oh, that's right, it's
illegal and would get declined. Hence the correct term: "illegal immigrants".
The topic is complicated and touchy enough without it being muddled with
incorrect terminology.

~~~
shripadk
Exactly the reason why India wants documentation via Aadhaar. We have millions
of undocumented/illegal immigrants too. From neighbouring Bangladesh (nothing
against Bangladeshi's... always welcome through the legal route). They have
been enjoying the benefits accorded to them from Indian taxpayer money. Why
should Indian exchequer pay for welfare of these illegal immigrants? Before
Aadhaar, it was really easy to forge a Voter ID card and start receiving
benefits that were due to the poor and needy Indian citizens. You can't forge
fingerprints.

~~~
captn3m0
this makes me cringe because Aadhaar does not certify citizenship. Someone who
crosses over the border today into India can get a aadhaar without any
documents by:

1\. using the introducer system (The enrollment center operator would gladly
do this for you)

2\. signing a checkbox that says they've lived in India for 180 days.

~~~
shripadk
You can do anything illegally but you also have to be ready for the
consequences. Obtaining a PAN using forged documents has just a 10000 rupee
penalty but obtaining Aadhaar card illegally will put you in prison for 3
years. Those who are obtaining Aadhaar illegally are setting themselves up for
even greater trouble as their biometrics is forever stored with the GoI.
Illegal immigrants will have to think twice before going down that route as
once discovered will completely block their ability to legally enter India
ever again (apart from a lengthy jail term and subsequent deportation).

1\. [http://www.thehindu.com/news/cities/bangalore/illegal-
bangla...](http://www.thehindu.com/news/cities/bangalore/illegal-bangladeshi-
immigrants-held-with-aadhaar-cards/article21859950.ece)

2\. [http://www.tribuneindia.com/mobi/news/jammu-
kashmir/communit...](http://www.tribuneindia.com/mobi/news/jammu-
kashmir/community/state-takes-steps-to-prevent-illegal-immigrants-from-
getting-aadhaar/209709.html)

3\. [https://m.indiatimes.com/news/india/here-is-why-you-
should-n...](https://m.indiatimes.com/news/india/here-is-why-you-should-not-
try-to-make-an-aadhaar-using-a-fake-id-274432.html)

------
thisisit
This article gives a good overview of the promises and issues of the Aadhar
system. I might be wrong but it doesn't add anything new which hasn't been
covered in other Aadhar related articles submitted earlier.

The system has done some good. Mostly in the public schemes area where it was
originally intended to stop corruption.

But, there are some serious issues with the system.

First is the internet infrastructure. As mentioned in the article, a lady had
to register for it thrice because the system wouldn't load the data. That
doesn't surprise me a bit because the internet infrastructure is so poor that
even 512kbps is defined as "broadband".

There is a funny interview of a supposed Income Tax guy:

[https://youtu.be/AnxrJiS5uKU?t=135](https://youtu.be/AnxrJiS5uKU?t=135)

He equates "cloud computing" to actual clouds. _And posits that if people 's
data in put in cloud and rains then the person is screwed out of his
benefits_. As stupid as it sounds, over reliance on Aadhar means people might
not get their benefits if the Aadhar system is down. And given the poor
internet infrastructure, that is a real concern.

Second is the creeping coverage. The system is slowly outgrowing is intended
usage from public schemes to invading into private lives. Now telephones and
banks need the data. It was promised that the data will never be used for
forensics. But given the data stash, it is not stopping lower courts from
trying to access it.

~~~
nsenifty
> _There is a funny interview of a supposed Income Tax guy:_

That's just a wrong example. He was not an officer in the government at the
time of the interview. He worked for the tax department long before cloud
computing was even popular.

------
jitix
Most people commenting here don't get the situation in India. We elected a
radical leader with a dictatorial behavior and this is why:

1\. The old govt was descended from a long line of political dynasty known for
inaction and corruption.

2\. Election fraud! Mine and my family members names were already voted for by
members of the incumbent party when we reached the voting booth in 2014. And
the election officer sipping tea at that party's booth said he couldn't do
anything. As my mom explained, this wasn't the first time this happened to
her. My father as an election officer was sent off to a remote place so he
couldn't do anything. It was shocking to me!

3\. There's real infrastructure development. The roads don't have potholes
anymore, they are noticeably cleaner and I was almost ticketed for throwing
trash on the road last time I visited.

4\. We know the risk of what's happening but this is the best choice we've
got. The other political leaders are/were directly involved in scams.

5\. The govt is pro-middle class tax paying people. We work hard and pay taxes
and we deserve our own guy in charge for a change. The previous govts' direct
welfare schemes have failed for 70+ years. We should try trickle down economy
for a while. Our maids, drivers, etc have noticeably grown richer with general
wage rise in cities. If the super rich also profit from it then its good for
them too.

~~~
goombastic
This reads like propaganda.

------
thetruthseeker1
I disagree with the assessment. It seems like any form in which the government
tries to identify you is being compared to the scary Orwellian dystopia. There
is no cost benefit analysis. Sure it could be misused, however it can also be
used in a super beneficial way. India is a country where some Indians have
never obatained birth certificates, there was no equivalent SSN system, often
resources are poorly distributed because there are scams where a person claims
to be somebody else or there is no clear identification system, all of this
significantly affect the GDP and the rate at which people’s std of life is
improved. I think if it gets misused , then the solution to that is regulation
and better management, not no collection.

~~~
Zak
I think it's a mixed bag.

Not Orwellian:

* Requiring identification to get welfare benefits. The article mentions fraud is a big issue.

* Use of biometrics. It sounds creepy at first, but without a robust system of record keeping to base the ID card on, this is a good way to ensure each one is unique.

Orwellian:

* Requiring a government ID to enter a middle school art contest.

* Requiring a government ID to buy a prepaid SIM card.

~~~
captn3m0
>The article mentions fraud is a big issue.

When tackling fraud, you must look at 1)exclusions and 2)cost.

In the case of aadhaar, we've seen the project baloon in cost and vision over
the span of two different governments. There have been savings number reported
by the government that have since been redacted by the World Bank (but the
government keeps claiming them). At some point, you must take stock and
consider if the amount you are spending to tackle fraud in the system - is it
worth it?

Also, Aadhaar is not a fraud-proof system. The most common type of subsidy-
fraud (for food benefits) is quantity fraud where the shopkeeper would sign
away 5kg, but only give you 4kg (and sell the other 1kg at a higher rate on
the market). There is nothing in the aadhaar system that prevents it (and
other kinds of fraud)

Second: Exclusions. Jharkhand, with the highest rate of authentication
failures has had multiple deaths. Due to how the system works now (you receive
benefits in your bank account instead of directly getting subsidized rations),
it requires double the effort (which converts to one-fewer working/earning day
because of the extra bank trip).

[https://thewire.in/rights/jharkhand-nagri-ration-pds-
direct-...](https://thewire.in/rights/jharkhand-nagri-ration-pds-direct-
benefit-transfer) is a harrowing read, if someone's interested.

>* Requiring a government ID to enter a middle school art contest.

We've gone beyond this. Nursery schools in india for toddlers now demand
aadhaar numbers of both parents and the kid.

~~~
thetruthseeker1
What is your solution ? It kind of seems like Aadhar should be better
managed... rather than reinvent another identity system, sure I am optimistic
that Aadhar will improve (Its a very new system compared to SSN or other
identity systems)

Regarding ballooning costs, so many successful programs have had costs that
exceeded the plan, so far with Aadhar there has been no evidence that the
ballooning costs have been debilitating and on the contrary Aadhar seems to be
helping.

~~~
captn3m0
I'm just a security researcher, and unfortunately I don't have any concrete
suggestions. I'm hoping that the Supreme Court takes a favorable approach to
this madness and limits the damage (by asking the government to stick to its
2015 order which limited mandatory usage of aadhaar to 3 schemes only, for
eg).

On balooning costs - Yes, the scope has vastly increased:

1\. it was supposed to be a YES/NO boolean API, which has since become a
complete eKYC API giving third parties access to your data

2\. State resident data hubs that maintain a copy of your biometrics and data
to enable state level surveillance

3\. Pushing of mandatory linkages has cost us thousands of crores already.

(and more that I'm missing - this is early morning IST now and I'm getting
sleepy). A lot of this should not have been allowed in a scheme that was
passed in the parliament as a "Money Bill". The helping part is non-
proportional to the expenditure which we've seen - this is under purview in
the SC hearing as well.

~~~
thetruthseeker1
I am sure that I can find flaws in some of the best identity systems in the
world - but I am not sure if just finding faults make a good discussion hence
I am not going to do that (in addition to not want being labeled a cynic).

Also when you say the costs are not proportional to the benefits... I don’t
know if it needs to be proportional, also is there a well researchered study
that talks negatively about the overall value provided - I find that hard to
believe ?

Usually legislature is free to spend money on programs as long as it is not
against the law or constitution and judiciary can’t interfere on such matters.
I don’t know what is in the scope of S.C w.r.t Aadhar - I can see some kind of
violation of civil liberties within its scope... but I can’t see how cost
benefit analysis is within SC’s scope. So I may not comment on it until it
plays out.

------
navinsylvester
Why Aadhaar[1] is evil:

    
    
      #1 Aadhaar has been foisted on us under false pretenses.
    
      #2 It is useless.
    
      #3 It is destroying the lives of the poor.
    
      #4 It is coercive.
    
      #5 It is technically unreliable.
    
      #6 It is insecure.
    
      #7 It puts sensitive data into unreliable hands.
    
      #8 It is creating the infrastructure for 24×7 surveillance.
    
      #9 It is allowing privileged insiders to profit from personal data.
    
      #10 It frees the government from accountability.
    

Read more about the above points: [https://sabrangindia.in/article/say-no-
aadhar-%E2%80%93-sign...](https://sabrangindia.in/article/say-no-
aadhar-%E2%80%93-sign-petition)

Register your protest against aadhaar here:
[https://www.speakforme.in/mp/?lang=en](https://www.speakforme.in/mp/?lang=en)

~~~
newyankee
I do not know about other points and there may be rings of truth to all the
issues

but #2 and #3 are definitely false.

~~~
goombastic
Not really. There are actual deaths on the ground with desperately hungry
people being denied benefits due to the bio-metric authentication systems
flaking out. So much so that the CEO of the agency managing this system
himself has an authentication failure rate of around 19%. Thankfully he
doesn't need the ration to survive.

------
cornholio
I understand the need for identification - ID documents long predate these
systems and include basic biometric data: photograph, eye and hair color, and
sometimes even a finger imprint. In the digital era, ID cards can be made
unforgeable and the biometric data can be encrypted and made available only to
pre-authorized entities (I.e airport biometric gates)

What I don't understand is why they aim to replace the ID card, a smart, cheap
hardware token that can be interfaced with very simple hardware, with a
monstruos system where the fingerprint itself is the authentication device.

Now you need complex, finicky machines to read fingerprints and irises/faces
whenever you want to do authentication and also require internet connectivity
all the time; it's no longer possible to do the low tech, offline validation
"ID is present, appears not forged on visual inspection and photograph matches
holder". This was usually suficient in 95% of the usecases. You also lose on
end to end security: if fingerprint data is duplicated, a rogue acces point
can fake authentication, despite the fact that neither the govt nor the person
wants that. And once the fingerprint is compromised, it stays that way
forever, maybe even putting the original owner on various blacklists.

So instead of going for the low hanging fruit and build a solid electronic ID
system where optional biometrics can add some value and also be protected,
they overextended to a snake oil system that is actually worse in every way. A
cautionary tale for government security purchases and probably the very
corruption it purports to address.

------
kelnos
> _Technology has given governments around the world new tools to monitor
> their citizens._

This is the fundamental thing that really gets to me. Governments do not need
to monitor their citizens! In fact that very concept is anathema to a free
society.

I really wish people would get this and stop trotting out the usual "oh but
terrorists!" type arguments. Pervasive monitoring destroys your way of life
faster than any terrorist (or other justification du jour) could.

------
bigphishy
Given the title and article is sensationalized, does anyone else see that the
greater reliance organizations and govnts put on mass-production of
homogeneous survellience technology, the easier it will be to abuse, and the
harder it will be to be detected. A double-edge sword it is.

~~~
captn3m0
It is worse in India because we have a large amount of surveillance abuse
(even before the internet) and very little litigation/laws to make up for it.

And now we have
[https://en.wikipedia.org/wiki/DRDO_NETRA](https://en.wikipedia.org/wiki/DRDO_NETRA)
(India's version of PRISM)

~~~
bigphishy
Someting tells me I have it in good faith the population of Indians will
improve things drastically and will come out on top when all is said and done.
Any way, I'm shocked Indian do not use their own version of f*book. India, you
guys have got to get on that!

------
known
"In democracy it's your vote in elections that counts; In feudalism it's your
count that votes" \--Jallberg

[http://m.timesofindia.com/india/China-mocks-Indias-
democrati...](http://m.timesofindia.com/india/China-mocks-Indias-democratic-
system/articleshow/46543509.cms)

------
known
Indian govt priorities are screwed due to the hegemony of
[https://en.wikipedia.org/wiki/Dominant_minority](https://en.wikipedia.org/wiki/Dominant_minority)

------
enugu
Leaving this issue aside for a moment, dealing with massive corruption in the
govt requires an opposite approach - monitoring the government. Publicly
available data which allows any citizen to lookup the details of the programs
running in their locality, apps which allow public audits of quality of
service of roads etc.

------
known
Govt should confiscate Nilekani properties to retrieve $1 Billion.
[https://www.quora.com/Which-caste-is-looting-in-India-
since-...](https://www.quora.com/Which-caste-is-looting-in-India-since-its-
independence/answer/Adarsh-DeCarde)

------
middleclick
Something related: it doesn't inspire confidence when the person who runs
UIDAI (the government organization running the fingerprint program) says this:

[https://www.ndtv.com/india-news/aadhaar-data-safe-
behind-5-i...](https://www.ndtv.com/india-news/aadhaar-data-safe-
behind-5-inch-thick-15-feet-high-walls-centre-to-supreme-court-1826931)

> Aadhaar Data Safe Behind 5 Feet Thick Walls: Centre to Supreme Court

This just shows how poor the understanding of digital security is...

~~~
shripadk
That's a biased article and is taking things out of context. A better
understanding would be found at the UIDAI page itself:
[https://uidai.gov.in/component/fsf/?view=faq&catid=27](https://uidai.gov.in/component/fsf/?view=faq&catid=27)

To their credit, the leaks that have happened until now haven't happened
directly from UIDAI database but by partners who had poorly designed API
endpoints which exposed citizen identity data. At the very least, biometric
data has never been leaked/hacked into till date. The "5 feet thick walls"
reference might be to the vault that is actually housing the biometric dataset
which they mention in the above official page as well: "The UID database will
be guarded both physically and electronically by a few select individuals with
high clearance. It will not be available even for many members of the UID
staff and will be secured with the best encryption, and in a highly secure
data vault. All access details will be properly logged."

~~~
captn3m0
As a security researcher in india, Aadhaar is riddled with Security holes that
are glaring. There is clear way to report these issues and nothing gets fixed.

I've had a possible-RCE vulnerability reported to UIDAI since February-2017
and there has been no action. The CERT-IN (Indian equivalent of CERT-US) has
been aware of the issue, but there is no fix in sight.

The easiest to do exploits (fingerprint cloning) are already happening:
[https://www.medianama.com/2018/03/223-cloned-thumb-prints-
us...](https://www.medianama.com/2018/03/223-cloned-thumb-prints-used-to-
spoof-biometrics-and-allow-proxies-to-answer-online-rajasthan-police-exam/)

~~~
shripadk
Now that is news to me. I know UIDAI has handled the recent data leak from one
of its partners horribly (even lodging an FIR against a news reporter).
However, does the vulnerability you mention provide access to biometric data?
For me personally, that is more of a concern than the metadata (name, address
etc).

~~~
captn3m0
It is on a UIDAI-hosted system that has access to the CIDR, so it is possible.

------
mindslight
> _" If you are not able to prove your identity, you are disenfranchised," he
> said. "You have no existence."_

This is so fucking disingenuous, and really demonstrates the heart of the
problem. If you create a bunch of systems that rely on totalitarian cataloging
of humans for their basics of every day life, then when some individuals
aren't tracked it sure looks like those individuals' problem. But really the
problem is the top-down insistence on having everybody cataloged in the first
place.

~~~
shripadk
How do you efficiently distribute benefits if you cannot ascertain if the
individual is a Citizen, hasn't already taken his/her fair share or isn't
scamming the exchequer?

You may disagree with the idea but in a country which has a very small tax
base and caters to a huge population efficiently distributing benefits becomes
the most important priority. Up until Aadhaar, the benefits meant for
illiterate/lower income group were swindled by scamsters who used their
identities to procure the benefits.

There was no way to ascertain if the individual was really below poverty line
and that s/he hadn't taken more than his/her fair share of the benefits using
a stolen identity. We can always debate issues of privacy endlessly but arrive
at no conclusion which can actually solve the core issues. The core issue
being that for the poorest of the poor, privacy is secondary to survival.

For some added perspective, here is a famous quote by Ex-Prime Minister of
India, Rajiv Gandhi in 1985 (on a visit to drought-affected Kalahandi
district, Odisha): "Of every rupee spent by the government, only 15 paise
reached the intended beneficiary". Have you ever heard a top executive head of
any other country publicly accept and go on record that 85% of the intended
amount never reached the poor and needy? That 85% of the amount was swindled
away by corrupt means?

Even this article admits it rather reluctantly: "Officials estimate that
taxpayers have saved at least $9.4 billion from Aadhaar by weeding out
“ghosts” and other improper beneficiaries of government services."

~~~
haltingproblem
> The core issue being that for the poorest of the poor, privacy is secondary
> to survival.

Privacy is probably not on their radar.

However, Aadhaar is an authentication system not a tracking system. So privacy
is not even relevant here but please correct me if I am mistaken.

~~~
shripadk
Yes you are right in that Aadhaar is currently an authentication system and
not a tracking system. But there are definitely instances where Aadhaar data
has leaked (not the biometrics, but identity information like Name, Address
and Phone numbers) which rightly calls into question privacy related issues.

~~~
captn3m0
The issue with biometric leaks is that it could come from anywhere, like this
leak from the PDS system (ironically) in Gujarat[0]. Using biometrics for
authentication is like forcing everyone to use the same password everywhere.

Aadhaar isn't the only biometric database in the country.

[0]: [https://www.medianama.com/2018/02/223-gujarat-bleeds-
biometr...](https://www.medianama.com/2018/02/223-gujarat-bleeds-biometrics-
uidai-says-aadhaar-biometrics-secure/)

~~~
shripadk
Damn that's scary to think that the government was so callous with biometric
data. Like you mentioned in one of your other comments to someone else in the
thread, it's wise to couple biometric scans with a passkey or even yubikey as
Aadhaar number by itself is no longer a good first factor (especially with
compromise of biometric data). I don't see how it's possible for the
government to rollback collected biometric data so it makes more sense now to
use multifactor authentication. Even though UIDAI's biometrics isn't directly
compromised the fact that the local government was also collecting biometrics
and that leaked makes it even worse. Now those same biometrics can be used to
authenticate Aadhaar transactions. I see how this can be a major issue. This
information was an eye opener for me.

I learnt a lot from our discussions today. Thank you!

~~~
hesarenu
I have seen some company use bio metric for login. Visa applications require
them as well. Any other mechanisms might still get broken.

