BACKGROUND
:
Over the past few months, Aadhar ID has been under
attack for the following reasons :
·
Some 200 government web sites hosted personal details of Aadhar holders
·
Airtel goofed up in linking Aadhar ID to beneficiaries of Direct
Benefit Scheme
·
Last week , a TRIBUNE journalist revealed that someone has been
selling Passwords to UIDAI database for Rs 500 and , over the past 6 months , data
of millions of Aadhar holders could have leaked out
·
Some over-zealous government officers have started issuing “ orders
“ which require a person to provide his Aadhar ID , in order to ,
# Appear in an exam
# Get school admission for his child
# Get admitted to
a hospital
# Get himself cremated when dead !
·
Supreme Court is asking the government : “ With such proliferation of Aadhar ID , in
the databases of all and sundry , how do you propose to protect the private /
personal data of Aadhar holders ? “
GOVERNMENT RESPONSE :
Last week , UIDAI came up with the introduction of ( from March
2018 ) a 16 digit Random Number called VIRTUAL ID , behind which
the ORIGINAL REAL ID
can hide !
HOW
WILL THIS WORK ?
An existing Aadhar ID holder ( - of which , by now , there
are over 1,000 MILLION
) can log into UIDAI
web site , fill up a form ( - including his bio-metric ? ) , enter his CURRENT
REAL Aadhar Number ( 12
digit ) and press, “ SUBMIT “
Voila !
UIDAI web server will instantly generate a 16 digit “ Random Number “ called VIRTUAL ID - which now you can provide
to any agency in lieu of the REAL ID ! ( - of course , you will need to write it down
in your diary and carry it with you wherever you go , since you are unlikely to
remember it easily ! )
Now , no agency can get to know your REAL ID , nor be able to “
access “ your private / personal data which is linked only to your REAL ID and
not to your VIRTUAL ID
!
And , you can return to UIDAI website again and again and generate
/ obtain a different VIRTUAL ID , by revoking the earlier generated VIRTUAL ID (
- arrangement to silence those privacy maniacs ? )
Hey , this seems neat ! So why are some critiques still not happy ?
Could it be for following practical difficulties ?
·
Already millions of those 1000 Million Aadhar
holders have given out their ORIGINAL / REAL ID to various Agencies in whose
sever databases , these real IDs will remain
·
These means , dozens of banks ( holding some 550 million bank accounts
) and 4 Mobile Service
Providers ( serving close to 850 million users ), have such REAL IDs in their databases ( -
apart from hundreds of other agencies that you do not even remember having
given your Aadhar Number , digitally online or on a piece of paper ! )
·
How many of these persons
will take the trouble to find an internet-connected computer, log into UIDAI web site , generate
a VIRTUAL ID , note
it down in diary and then systematically visit the web site of his Bank / MSP and
enter their VIRTUAL ID to link it with their REAL ID ?
HERE
ARE UIDAI ARGUMENTS IN SUPPORT OF VIRTUAL ID :
·
People don’t have to give their Aadhar Number and can authenticate
using the Virtual Id
·
Aadhar will not come on the front end device unless the customer
gives it by choice
·
Even during activities such as filing for tax returns online, giving
the Virtual Id number in lieu of Aadhar will make the transaction go through
·
Virtual ID limits the
information available to authentication agencies
·
Citizens will also have the
choice for the reverse – which is not to generate their Virtual ID and continue
using their Aadhar Number each time
·
Networks of Service Providers
will not be able to save the information in any form
·
In case the Service Providers
resort to unscrupulous means of retrieving the Aadhar Number, they will be
conducting a criminal offence and will be punished by law
Now , not being a mathematician or a
software geek , I have following stupid questions , which , I hope the experts
( including those of UIDAI
) may want to answer :
·
Are VIRTUAL ID numbers generated using some Random Number Generator ( such as PRNG = Pseudo Random Number Generator / TRNG = True Random Number
Generator ) ?
·
Do both types of Generators
depend upon some software
algorithm ? ( - a somewhat deterministic logic )
·
Considering the Aadhar Virtual ID requirement ( viz : generation of
data encryption keys ) , is it more likely that UIDAI is using TRNG ?
·
If , given a starting number
( original / real Aadhar Number ) , TRNG generates a “ linked “ RANDOM NUMBER , is it possible to REVERSE this process ?
·
Using BIG DATA / DATA ANALYTICS / Artificial Intelligence / MACHINE LEARNING etc , can one figure out the ORIGINAL / REAL Aadhar Number , from
its counter-part Virtual Number ?
Over a period of few months
, it is likely that the servers of those Agencies , may have billions of sets of linked “ Real Numbers / Virtual Numbers
“
Could such a large enough database ( if some hacker can lay his
hand on it ) , be enough for a software geek to design a Neural Network ( backward
propagation / forward
propagation ) , to reverse the process ?
I am tempted to believe that such a scenario
is entirely possible !
Those who have any doubt might want to look up ( on BBC web site ) , last week’s episode of CLICK , where a software geek gave a demo
of a computer , embedded with an improvised ALEXA ( with speech capability )
A person from the audience was invited on
the stage / given a stack of playing cards / asked to pick one at RANDOM ( without showing it to
either the anchor or the audience ) and requested to just THINK about that card ( -
not think aloud ! )
That person did NOT wear any headset , nor was he, in any way connected to ALEXA by wires or wirelessly –
which was some 15 feet away from him !
Then he asked ALEXA to tell everybody , what card he
was “ thinking about “
ALEXA accurately determined and announced
a playing card held by that person !
How long before an Indian Software Geek comes up with ANJANA (- the “ Unknown “ sister of ALEXA ? ) , which will “ read “ the
databases of Service Providers , and figure out the REAL Aadhar Number , given the VIRTUAL Number ?
Or , let ANJANA reside on the mobile of each Aadhar holder and just “ read “ his mind which has
both the Numbers stored side
by side, in the neurons of his brain ?
Privacy :
RIP !
13 Jan 2018
www.hemenparekh.in
/ blogs
Virtual id generated by an algorithm and algorithm is not eternal. Probably millions of people cannot hack. Only one hack these million #UIDAI know only one will hack and not foolproof. But to please some authorities #UIDAI defends it is best
ReplyDelete