EDITED AND REVISED PUBLICATION
http://www.financialexpress.com/article/fe-columnist/column-aadhaar-card-isnt-violating-your-privacy/139528/
This column is not really about the savings from making Aadhaar card usage mandatory, but about the privacy issues the Supreme Court will be looking at, and what many are agitating about.
By: Sunil Jain | New Delhi | September 23, 2015 10:17 AM
Aadhaar is a database of Biometrics, but it cannot be used to construct a profile of an individual-Indeed, if the government is serious about making a case for Aadhaar, it needs to really stress this aspect of the database, may be even invite hackers to have a crack at the database (PTI)
Invasion of privacy. That, in a nutshell, is the biggest objection to the government’s Aadhaar card scheme, and that is why, while allowing using of Aadhaar for PDS rations, the Supreme Court (SC) has said a larger bench will look at the issues arising out of the privacy concerns – it has to be mentioned here that, since the SC has also said that Aadhaar is not going to be mandatory for availing of even PDS benefits, chances are states that have not seeded their ration shop beneficiary data with Aadhaar so far are unlikely to do so now.
But this column is not really about the savings from making Aadhaar usage mandatory – the graphic has some details on this and those more interested can read ePDS, the Andhra way. This column is about the privacy issues the Supreme Court will be looking at, and what many are agitating about.
Before we even get to whether Aadhaar is an invasion of privacy, a few points need to be made. For one, Aadhaar is a database of biometrics, but it cannot be used to construct a profile of an individual – indeed, if the government is serious about making a case for Aadhaar, it needs to really stress this aspect of the database, maybe even invite hackers to have a crack at the database, with a huge reward for those who manage to crack it.
So, if a ration shop user wants to authenticate if a customer is indeed who she says she is, a fingerprint on a Point of Sale device will be SMS’d to the Aadhaar database, but the database itself does not know what the information is being sought for, or the details of the transaction. So, whether it is an LPG subsidy or a scholarship, Aadhaar’s database has no knowledge of why it is being asked to authenticate a biometric. In that sense, it can never be used to create a profile.
Also, it is important to keep in mind that each one of us using mobile phone apps is signing away our privacy to a large extent, given how the apps want access to our contacts and, in many cases, also keep data on where we’re at any particular point – say no to this access, and you can’t even load the app on your phone. Superimpose this location data on top of any half-decent map of a city, and it means most apps know where we are eating, sleeping or shopping, and for how long. So it does seem a bit farcical to complain about invasion of privacy, having legally signed away your rights to do this.
But even those who have not done so are in danger of having a lot of their data out in the public domain, and putting together a profile of sorts based on this is not very difficult. The Election Commission, for instance, has electoral rolls available for every constituency. While this has only a certain amount of information, smart users can use this as a climbing tool, using information from this database to glean information from others, and then still others.
One such firm of data jocks, Fourth Lion in Bangalore, has run election campaigns for several people using the power of data – beginning with that from the election commission – to construct a profile of voters, in order to canvass them with as personalized a message as possible. The Election Commission’s database is in PDF form, but digitizing that isn’t much of a challenge for good analytics professionals. Compiling voter IDs at the same address, for instance, allows candidates to send one letter to the head of the household reminding him, for instance, that he needed to vote along with other members of his family. Run the name against another database, and it is possible to customize the language of the letter – Hindi, Tamil etc – giving the impression the candidate knows his electorate very well, right down to the names of his wife and children. Run the database with, for instance, one from the local electric utilities’ load shedding in an area, and the candidate’s letter could even talk of the unfortunate 2-hour power outage the previous week! A general survey – using PIN numbers in the Election Commission’s database – similarly, would let you know if the candidate lived in an affluent neighbourhood, to help customize the message. Fourth Lion, of course, is not the only company that does such work, the Bharatiya Janata Party (BJP) has an army of data jocks gleaning information about the electorate that BJP candidates can use.
A chance visit to Fourth Lion’s office in Bangalore was instructive, and after a conversation was struck up about how publicly available information could be used to construct a profile of an individual, this was done for me at my request. All that Fourth Lion had to work with was my name and address in Delhi, and the results were given to me in less than a day.
There were some obvious mistakes in the profile, but the results were impressive, and frightening at the same time. So, it had my age (50, at that time) from the Election Commission website and my wife’s (since she’s shown as my daughter, this is something the EC needs to look at!) as well as similar details for our neighbours, the Bhallas and Chadhas. The cards, Fourth Lion told me, had an old format, suggesting I had been living at the address since pre-2010 (OMG! this is like Big Brother watching, and it gets worse). Since there was no one else in the family that was a major at that point, fortunately, there is no information on children at ceodelhi.gov.in.
My father’s name (in the EC list) helped construct some details about the fact that there’s a family history of journalism – yes, they got to the website one of my sisters hosts of my late father’s articles.
There wasn’t too much success with the status of my LPG connection and how many cylinders I used, though the transparency sites of the PSU oil companies has details of how many cylinders every consumer uses by name and address – but since the names and addresses are there for each agency, it is possible to find out more, but it could take some time.
What was truly frightening, of course, was how easily accessible the details of my property were. Go to mcdpropertytax.in and enter the address (available at the Election Commission website) and you can get the property ID number. Then go to this MCD link and enter the ID number and you have all the details of the property in terms of the size, the category of colony it is (this helps when you want to see what the rateable value is since the government classifies this by type of colony), the size of the plot, the built-up area, the year of construction and even my mobile number.
My Linkedin account had more personal details, and Fourth Lion also constructed a little profile of my wife’s business and office address. My Facebook page would have revealed even more, though fortunately I’m not into posting pictures of social events or details of what I ate and where.
Short point is there is a lot of information in the public domain that we’re not even aware of. And yet, when there’s something like Aadhaar which is structured in such a way that no profiles can be created, we go after it. Hopefully, when the Supreme Court is addressing the issue of privacy, the government will bring in lots of technical experts to testify, and show, just what kind of information the database can provide and what it cannot. Meanwhile, as a gesture of good faith, can all those opposed to Aadhaar’s invasion of privacy, at least remove all those apps that give out all manner of personal details to app-makers?
First Published on September 23, 2015 12:16 am
AS PUBLISHED ORIGINALLY
Opinion: Aadhaar card isn’t violating your privacy
While Aadhaar is not profiling you, there’s enough information in the public domain to be able to do so
By: Sunil Jain | New Delhi | September 22, 2015 12:27 PM
While Aadhar is not profiling you, there’s enough information in the public domain to be able to do so
Invasion of privacy. That, in a nutshell, is the biggest objection to the government’s Aadhaar scheme, and that is why, while allowing using of Aadhaar for PDS rations, the Supreme Court has said a larger bench will look at the issues arising out of the privacy concerns – it has to be mentioned here that, since the SC has also said that Aadhaar is not going to be mandatory for availing of even PDS benefits, chances are states that have not seeded their ration shop beneficiary data with Aadhaar so far are unlikely to do so now.
But this column is not really about the savings from making Aadhaar usage mandatory – the graphic has some details on this and those more interested can read ePDS, the Andhra way. This column is about the privacy issues the Supreme Court will be looking at, and what many are agitating about.
Before we even get to whether Aadhaar is an invasion of privacy, a few points need to be made. For one, Aadhaar is a database of biometrics, but it cannot be used to construct a profile of an individual – indeed, if the government is serious about making a case for Aadhaar, it needs to really stress this aspect of the database, maybe even invite hackers to have a crack at the database, with a huge reward for those who manage to crack it.
So, if a ration shop user wants to authenticate if a customer is indeed who she says she is, a fingerprint on a Point of Sale device will be sms’d to the Aadhaar database, but the database itself does not know what the information is being sought for, or the details of the transaction. So, whether it is an LPG subsidy or a scholarship, Aadhaar’s database has no knowledge of why it is being asked to authenticate a biometric. In that sense, it can never be used to create a profile.
Also, it is important to keep in mind that each one of us using mobile phone apps is signing away our privacy to a large extent, given how the apps want access to our contacts and, in many cases, also keep data on where we’re at any particular point – say no to this access, and you can’t even load the app on your phone. Superimpose this location data on top of any half-decent map of a city, and it means most apps know where we are eating, sleeping or shopping, and for how long. So it does seem a bit farcical to complain about invasion of privacy, having legally signed away your rights to do this.
But even those who have not done so are in danger of having a lot of their data out in the public domain, and putting together a profile of sorts based on this is not very difficult. The Election Commission, for instance, has electoral rolls available for every constituency. While this has only a certain amount of information, smart users can use this as a climbing tool, using information from this database to glean information from others, and then still others.
One such firm of data jocks, Fourth Lion in Bangalore, has run election campaigns for several people using the power of data – beginning with that from the election commission – to construct a profile of voters, in order to canvass them with as personalized a message as possible. The Election Commission’s database is in PDF form, but digitizing that isn’t much of a challenge for good analytics professionals. Compiling voter IDs at the same address, for instance, allows candidates to send one letter to the head of the household reminding him, for instance, that he needed to vote along with other members of his family. Run the name against another database, and it is possible to customize the language of the letter – Hindi, Tamil etc – giving the impression the candidate knows his electorate very well, right down to the names of his wife and children. Run the database with, for instance, one from the local electric utilities’ load shedding in an area, and the candidate’s letter could even talk of the unfortunate 2-hour power outage the previous week! A general survey – using PIN numbers in the Election Commission’s database – similarly, would let you know if the candidate lived in an affluent neighbourhood, to help customize the message. Fourth Lion, of course, is not the only company that does such work, the BJP has an army of data jocks gleaning information about the electorate that BJP candidates can use.
A chance visit to Fourth Lion’s office in Bangalore was instructive, and after a conversation was struck up about how publicly available information could be used to construct a profile of an individual, this was done for me at my request. All that Fourth Lion had to work with was my name and address in Delhi, and the results were given to me in less than a day.
There were some obvious mistakes in the profile, but the results were impressive, and frightening at the same time. So, it had my age (50, at that time) from the Election Commission website and my wife’s (since she’s shown as my daughter, this is something the EC needs to look at!) as well as similar details for our neighbours, the Bhallas and Chadhas. The cards, Fourth Lion told me, had an old format, suggesting I had been living at the address since pre-2010 (OMG! this is like Big Brother watching, and it gets worse). Since there was no one else in the family that was a major at that point, fortunately, there is no information on children athttp://ceodelhi.gov.in/WriteReadData/AssemblyConstituency/AC43/A0430051.pdf.
My father’s name (in the EC list) helped construct some details about the fact that there’s a family history of journalism – yes, they got to the website one of my sisters hosts of my late father’s articles.
There wasn’t too much success with the status of my LPG connection and how many cylinders I used, though the transparency sites of the PSU oil companies has details of how many cylinders every consumer uses by name and address – but since the names and addresses are there for each agency, it is possible to find out more, but it could take some time.
What was truly frightening, of course, was how easily accessible the details of my property were. Go to http://www.mcdpropertytax.in/ptsdmc/mnsearchpropid.phpand enter the address (available at the Election Commission website) and you can get the property ID number. Then go tohttp://www.mcdpropertytax.in/ptsdmc/int_srchPrpty.php?type=C and enter the ID number and you have all the details of the property in terms of the size, the category of colony it is (this helps when you want to see what the rateable value is since the government classifies this by type of colony), the size of the plot, the built-up area, the year of construction and even my mobile number.
My Linkedin account had more personal details, and Fourth Lion also constructed a little profile of my wife’s business and office address. My Facebook page would have revealed even more, though fortunately I’m not into posting pictures of social events or details of what I ate and where.
Short point is there is a lot of information in the public domain that we’re not even aware of. And yet, when there’s something like Aadhaar which is structured in such a way that no profiles can be created, we go after it. Hopefully, when the Supreme Court is addressing the issue of privacy, the government will bring in lots of technical experts to testify, and show, just what kind of information the database can provide and what it cannot. Meanwhile, as a gesture of good faith, can all those opposed to Aadhaar’s invasion of privacy, at least remove all those apps that give out all manner of personal details to app-makers?
First Published on September 22, 2015 12:09 pm
_______________________________________________ core-group mailing list core-group@lists.nouid.in http://lists.nouid.in/listinfo.cgi/core-group-nouid.in To ensure your mail reaches the recipients without delay please: - Post only in the To: or Cc: field to a maximum of 3 addresses - Do not copy to the BCC field Group Moderators
