Wednesday, February 9, 2011

1116 - Letter from Privacy India to Members of the Finance committee


Respected Members of the Finance Committee
In this note we would like to explore three connections between finance and security. We would like to demonstrate the cost implications of operating a centrally designed identity management system as proposed by the UID.  In doing so, we would like to show how the monitoring, storing, and securing of transactional data in a centralized data base does not work to meet the projects objectives of authentication, and thus is an additional cost. Furthermore, we would like to show how the blanket monitoring of the transaction database is not an effective method of detecting fraud, and it is an expensive component of the project.
1-  Operating a centralized identity management system that requires the use of a remote data base for every transaction is always more expensive than a decentralized identity management system that could optionally use a local database.                                                                                                                                              
        Centralized database costs                                
  • Both public and private keys must be centrally stored
  • All transactions require connectivity for the sending and receiving of authentication of data, and have an associated connectivity cost
  • Securing all data at a  central database has  augmented costs

           Decentralized database costs
  • Only the public key must be centrally stored
  • Some transactions require connectivity for the sending and receiving of authentication data
  • Securing small amounts of  data at each  local database  has incremental costs
  •  
2- The cost of building an identity management system that includes recording, monitoring, and securing each transaction  is more than the cost of building only an identity authentication system.  The goal of the project is to identify a person. Recording each transaction will add unnecessary cost.
(( Cost of Identity Authentication System + Cost of Monitoring Transaction + Cost of Securing Transaction Data in a Centralised Database)) > ( Is Greater Than ) Cost of Identity Authentication system
3 - Increasing security or fighting fraud can be done in two ways - having a targeted approach or through blanket monitoring. The UID scheme, through the monitoring of the transaction database featuring trillions of transaction by 1.2 billion people is a blanket approach, and will provide lower return on investment than a targeted approach.
Sincerely,
Elonnai Hickok 
Policy & Advocacy Associate
Centre for Internet and Society
elonnai@cis-india.org 
#194, 2nd 'C' Cross, Domlur 2nd Stage
Bangalore - 560 071
Karnataka, 
India