From: Elonnai Hickok
Date: Sat, 09 Apr 2011 10:30:21 +0530
Subject: Finance Committee meeting this Sunday
Dear Sir,
This Sunday the Finance Committee is meeting with members of the UIDAI to question and debate the UID project. At the Center for Internet and Society we have been following the project closely, and have created a series of letters that point out weaknesses of the project and ways to strengthen the project. Below are descriptions of each letter with links to the page. Also attached to this email is a document with the names, numbers, and emails of the Finance Committee. We encourage you to email the members of the Finance Committee and ask them your questions about the UID project.
Finance and Security - This note explores the three connections between finance and security and demonstrates the cost implications of operating a centrally designed identity management system as proposed by the UID. In doing so, it shows how the monitoring, storing, and securing of transactional data in a centralized database fall short of meeting the project's objectives of authentication, and thus is an additional cost. Further, it is argued that the blanket monitoring of the transaction database is not an effective method of detecting fraud, and is an expensive component of the project.
Biometrics - This note points out the weaknesses inherent in biometrics and the pitfalls in using them. It recommends procedural safeguards that should be adopted by the UID in order to make the use of biometrics more secure and inclusive.
UID Budget - This note presents the aspects of the UID project, which have not been considered or incorporated into the UID’s budget. The costs include re-enrollment, loss in human time, and the cost of the audit function.
Operational Design - The objective of the UID project is to provide identity infrastructure that is not susceptible to fraud or error. This note highlights parts of the operational design of the project, which are flawed. CIS pleads that each point be taken into consideration and that the design be suitably revised.
UID and Transactions - Since official documentation from the UIDAI is very limited, we assume that data pertaining to transactions would comprise of the Aadhaar number, identifier of the authenticating device, date-time stamp, and approval/rejection/error code. Recording and maintaining of data pertaining to transactions is very important because it increases transparency and accountability through an audit trail. However, storage of such sensitive data creates many privacy risks, because more often than not metadata gives you as much intelligence as raw data.
Thank you
Elonnai
Policy and Advocacy Associate
Centre for Internet and Society
elonnai@cis-indis.org
#194, 2nd ‘C’ Cross,
Domlur 2nd Stage
Bangalore – 560 071 Karnataka, India
Date: Sat, 09 Apr 2011 10:30:21 +0530
Subject: Finance Committee meeting this Sunday
Dear Sir,
This Sunday the Finance Committee is meeting with members of the UIDAI to question and debate the UID project. At the Center for Internet and Society we have been following the project closely, and have created a series of letters that point out weaknesses of the project and ways to strengthen the project. Below are descriptions of each letter with links to the page. Also attached to this email is a document with the names, numbers, and emails of the Finance Committee. We encourage you to email the members of the Finance Committee and ask them your questions about the UID project.
Finance and Security - This note explores the three connections between finance and security and demonstrates the cost implications of operating a centrally designed identity management system as proposed by the UID. In doing so, it shows how the monitoring, storing, and securing of transactional data in a centralized database fall short of meeting the project's objectives of authentication, and thus is an additional cost. Further, it is argued that the blanket monitoring of the transaction database is not an effective method of detecting fraud, and is an expensive component of the project.
Biometrics - This note points out the weaknesses inherent in biometrics and the pitfalls in using them. It recommends procedural safeguards that should be adopted by the UID in order to make the use of biometrics more secure and inclusive.
UID Budget - This note presents the aspects of the UID project, which have not been considered or incorporated into the UID’s budget. The costs include re-enrollment, loss in human time, and the cost of the audit function.
Operational Design - The objective of the UID project is to provide identity infrastructure that is not susceptible to fraud or error. This note highlights parts of the operational design of the project, which are flawed. CIS pleads that each point be taken into consideration and that the design be suitably revised.
UID and Transactions - Since official documentation from the UIDAI is very limited, we assume that data pertaining to transactions would comprise of the Aadhaar number, identifier of the authenticating device, date-time stamp, and approval/rejection/error code. Recording and maintaining of data pertaining to transactions is very important because it increases transparency and accountability through an audit trail. However, storage of such sensitive data creates many privacy risks, because more often than not metadata gives you as much intelligence as raw data.
Thank you
Elonnai
Policy and Advocacy Associate
Centre for Internet and Society
elonnai@cis-indis.org
#194, 2nd ‘C’ Cross,
Domlur 2nd Stage
Bangalore – 560 071 Karnataka, India
