fractured earth

Home » Posts tagged 'Privacy'

Tag Archives: Privacy

What happens to privacy when companies have your Aadhaar number?

Out today, the second part of my story on companies, aadhaar and privacy.

As the previous story in this series reported, some companies are using Aadhaar to share customer and business partner information. This could aid the rise of data-broking companies like Acziom in the United States that hold ever more detailed profiles of people.

With the number of private databases rising, the task of protecting the information of Indians is acquiring fresh urgency. This is because the downsides go beyond unnervingly accurate advertising.

Companies can use this data to customise pricing for you. As Propublica reported about Amazon and Uber, this may not always be in your best interest.

They can also be used to deny products, services or information to you. Google, as the Guardian reported in 2015, showed “an ad for a career coaching service advertising “$200k+” executive positions 1,852 times to men and 318 times to women”. In the process, they could deepen existing inequalities.

Or they can just peer into your personal life – as the taxi app Uber showed with its subsequently deleted “Rides of Glory” blogpost on what rides made between 10 pm and 4 am revealed about people’s sex lives.

Given such stakes, and the proliferation of the uses of Aadhaar, it is important to take a closer look at India’s privacy regime. Even as the use of customer data intensifies among Indian companies, what are the protections that exist?

How private companies are using Aadhaar to try to deliver better services (but there’s a catch)

Aadhaar, as India’s Unique Identity Project is called, aims to give a 12-digit unique identity number to all residents by collecting their fingerprint and iris scans. As of September, its database, maintained by the Unique Identity Authority of India, held the names, addresses and biometric information of more than 105 crore people.

The project was created by the United Progressive Alliance government in 2009 to reduce leakages in the country’s welfare programmes.

But, quietly, a range of private sector companies have started using it. This includes verification firms like Authbridge, banks like HDFC, telecommunications companies like Reliance Jio, among others.

So far, most discussions on Aadhaar have focused on its utility for welfare delivery and the risk of government surveillance. But as private sector companies incorporate Aadhaar into their systems, fresh questions and concerns are emerging about what this means.

why we need to talk about the companies building authentication apps off the aadhaar database

Monika Chowdhry, who heads the marketing division of Swabhimaan Distribution Services, the company that created TrustID, defended the app, saying it offers the valuable service of verifying people’s identities. “In our day to day life, we do a lot of transactions with people – like maids or plumbers. Till now, you would have to trust them on what they said about themselves and what others said about the quality of their work.” The company is solving that problem, she said. “We are saying ask the person for their Aadhaar number and name and we will immediately tell you if they are telling the truth or not,” Chowdhry said.

Chowdhry said that over time, the Aadhaar number of individuals will be used to create a private verified database of TrustIDs. “Our plan is to create a rating mechanism,” she said. Referring to the option for maid, plumbers and other service providers on the app, she added: “People like you and me, we have Linkedin and Naukri. What do these people have?”

How does the company use Aadhaar for verification and is there a reason to be concerned?

By limiting Aadhaar, Supreme Court may have given government a way to expand its reach

By now the contours of the events are known. On Tuesday morning, the Supreme Court referred to a Constitution Bench the question of whether Indians have a fundamental right to privacy. The same afternoon, when the judges reconvened, they restricted the use of the government’s biometrics-based identity project Aadhaar to only the public distribution system for food grains, kerosene and LPG.
These orders are unmistakably significant. But what do they mean for the public and the ambitious Aadhaar programme? Why is the Aadhaar project, which seeks to do no more than assign a unique number to all Indians, getting snared in questions of privacy?

I write again on Aadhaar after a long hiatus. See the tag cloud for other links on the project as well. see this link, especially.

should aadhaar be junked?

The last 60 days have not been good to India’s much-feted Aadhaar project.

On the 30th of January, the UPA pressed the pause button on direct benefits transfer for cooking gas. On 26 February, the Mumbai High Court directed Aadhaar to share its biometrics database with the CBI. A year earlier, a seven year old had been raped in Goa. And the investigating agency, struggling to make headway, had asked the Unique Identification Authority of India (UIDAI) for biometrics it had collected in Goa. UIDAI refused to share information saying such a move would violate privacy of its number-holders and that its biometric database and deduplication systems were not designed for forensic inquiries. In response, the CBI went to the Mumbai High Court which directed UIDAI to share its database.

The third blow fell on 24 March when investigative journalism portal Cobrapost aired videos that allegedly showed UIDAI’s enrolment agencies agreeing to enrol people from neighbouring countries in return for a bribe. Between them, these three events underlined long-standing questions about the Aadhaar project.

Between them, these three developments highlighted large worries about the ambitious Aadhaar project. Read more here.

india’s developing biometrics mess

today’s ET carries a story that i had written a while ago. essentially, a rising number of government agencies and private companies are moving around collecting fingerprints and iris scans. you always had the UIDAI and NPR. now, you also have different states’ PDS departments, NREGS, banks and their banking correspondent companies, post offices, pension departments, other departments handling scholarships, etc. the story takes a look at the reasons why myriad departments are collecting their own biometrics. and flags concerns about the safety and security of this data.

You might also want to see this column I had written earlier about privacy in an age of biometrics.

biometrics, banks and this seemingly ignored question of data security

In the beginning, only the National Population Register – and, a little later, Nandan Nilekani’s Unique Identification Authority of India – were supposed to capture and store biometrics. However, over the past few months, India has come to a point where myriad central ministeries, state departments and others are camping in the country’s villages and towns, capturing fingerprints and scanning irises, and storing them in their servers. One of the first-movers in this direction, and probably one of the largest collectors of biometrics, is the banking system which thinks biometrics will help it ensure welfare payments go only to the targeted beneficiaries.

This profusion of databases, however, raises an important question — about whether the biometrics being collected are being securely stored or not. To get answers to that question, ET did an email interview with B Sambamurthy , the director and CEO of the RBI’s Institute for Development and Research in Banking Technology (IDRBT).
IDRBT, i should add, is one of the central institutions in the country working on establishment of common standards for the entire banking system. Read on. Here.