Hi Friends,

Even as I launch this today ( my 80th Birthday ), I realize that there is yet so much to say and do. There is just no time to look back, no time to wonder,"Will anyone read these pages?"

With regards,
Hemen Parekh
27 June 2013

Now as I approach my 90th birthday ( 27 June 2023 ) , I invite you to visit my Digital Avatar ( www.hemenparekh.ai ) – and continue chatting with me , even when I am no more here physically

Friday, 12 January 2018

Aadhar Virtual ID Compromised ?




BACKGROUND :


Over the past few months, Aadhar ID has been under attack for the following reasons :


·         Some 200 government web sites hosted personal details of Aadhar holders


·         Airtel goofed up in linking Aadhar ID to beneficiaries of Direct Benefit Scheme


·         Last week , a TRIBUNE journalist revealed that someone has been selling Passwords to UIDAI database for Rs 500 and , over the past 6 months , data of millions of Aadhar holders could have leaked out


·         Some over-zealous government officers have started issuing “ orders “ which require a person to provide his Aadhar ID , in order to ,

#    Appear in an exam

#    Get school admission for his child

#    Get admitted to a hospital

#    Get himself cremated when dead !



·         Supreme Court is asking the government :  “ With such proliferation of Aadhar ID , in the databases of all and sundry , how do you propose to protect the private / personal data of Aadhar holders ? “



GOVERNMENT  RESPONSE  :


Last week , UIDAI came up with the introduction of ( from March 2018 ) a 16 digit Random Number called VIRTUAL ID , behind which the ORIGINAL REAL ID can hide !



HOW WILL THIS  WORK  ?


An existing  Aadhar ID holder ( - of which , by now , there are over 1,000 MILLION ) can log into UIDAI web site , fill up a form ( - including his bio-metric ? ) , enter his CURRENT REAL Aadhar Number ( 12 digit ) and press, “ SUBMIT “


Voila !


UIDAI web server will instantly generate a 16 digit “ Random Number “ called VIRTUAL ID  - which now you can provide to any agency in lieu of the REAL ID !  ( - of course , you will need to write it down in your diary and carry it with you wherever you go , since you are unlikely to remember it easily ! )


Now , no agency can get to know your REAL ID , nor be able to “ access “ your private / personal data which is linked only to your REAL ID and not to your VIRTUAL ID !


And , you can return to UIDAI website again and again and generate / obtain a different VIRTUAL ID , by revoking the earlier generated VIRTUAL ID ( - arrangement to silence those privacy maniacs ? )


Hey  , this seems neat !  So why are some critiques still not happy ?


Could it be for following practical difficulties ?


·         Already millions of those 1000 Million Aadhar holders have given out their ORIGINAL / REAL ID to various Agencies in whose sever databases , these real IDs will remain


·         These means , dozens of banks ( holding some 550 million bank accounts ) and 4 Mobile Service Providers ( serving close to 850 million users ), have such REAL IDs in their databases ( - apart from hundreds of other agencies that you do not even remember having given your Aadhar Number , digitally online or on a piece of paper ! )


·         How many of these persons will take the trouble to find an internet-connected computer, log into UIDAI web site , generate a VIRTUAL ID , note it down in diary and then systematically visit the web site of his Bank / MSP and enter their VIRTUAL ID to link it with their REAL ID  ?


HERE ARE UIDAI ARGUMENTS IN SUPPORT OF VIRTUAL ID :


·         People don’t have to give their Aadhar Number and can authenticate using the Virtual Id


·         Aadhar will not come on the front end device unless the customer gives it by choice


·         Even during activities such as filing for tax returns online, giving the Virtual Id number in lieu of Aadhar will make the transaction go through


·         Virtual ID limits the information available to authentication agencies


·         Citizens will also have the choice for the reverse – which is not to generate their Virtual ID and continue using their Aadhar Number each time


·         Networks of Service Providers will not be able to save the information in any form


·         In case the Service Providers resort to unscrupulous means of retrieving the Aadhar Number, they will be conducting a criminal offence and will be punished by law


Now , not being a mathematician or a software geek , I have following stupid questions , which , I hope the experts ( including those of UIDAI ) may want to answer :


·         Are VIRTUAL ID numbers generated using some Random Number Generator ( such as PRNG =  Pseudo Random Number Generator / TRNG = True Random Number Generator ) ?


·         Do both types of Generators depend upon some software algorithm ? ( - a somewhat deterministic logic )


·         Considering the Aadhar Virtual ID requirement ( viz : generation of data encryption keys ) , is it more likely that UIDAI is using TRNG ?



·         If , given a starting number ( original / real Aadhar Number ) , TRNG generates a “ linked “ RANDOM NUMBER , is it possible to REVERSE this process ?


·         Using BIG DATA  /  DATA ANALYTICS  /  Artificial Intelligence /  MACHINE LEARNING etc , can one figure out the ORIGINAL / REAL Aadhar Number , from its counter-part Virtual Number ?



Over a period of  few months , it is likely that the servers of those Agencies , may have billions of  sets of linked “ Real Numbers / Virtual Numbers “

   
Could such a large enough database ( if some hacker can lay his hand on it ) , be enough for a software geek to design a Neural Network ( backward propagation / forward propagation ) , to reverse the process ?


I am tempted to believe that such a scenario is entirely possible !


Those who have any doubt might want to look up ( on BBC web site ) , last  week’s episode of CLICK , where a software geek gave a demo of a computer , embedded with an improvised  ALEXA ( with speech capability )


A person from the audience was invited on the stage / given a stack of playing cards / asked to pick one at RANDOM ( without showing it to either the anchor or the audience ) and requested to just THINK about that card ( - not think aloud ! )


That person did NOT wear any headset , nor was he,  in any way connected to ALEXA by wires or wirelessly – which was some 15 feet away from him  !


Then he asked ALEXA to tell everybody , what card he was “ thinking about “



ALEXA accurately determined and announced a playing card held by that person !


How long before an Indian Software Geek comes up with ANJANA (- the “ Unknown “  sister of ALEXA ? ) , which will “ read “ the databases of Service Providers , and figure out the REAL Aadhar Number , given the VIRTUAL Number ?


Or , let ANJANA reside on the mobile of each Aadhar holder and just “ read “ his mind which has both the Numbers stored side by side, in the neurons of his brain ?


Privacy  :  RIP  !




13  Jan  2018



  


Thursday, 11 January 2018

Site Progress Report

          (Launched on 27 June 2013)
Progress Report as on 03 Nov , 2018
Section
Number of Articles
Total Blog Page Views
Home
4
115,136
Blogs
1,726
202,817
Poems  (English)
125
21,438
Poems  (Gujarati)
271
29,993
Poems  (Hindi)
271
39842
Education
8
1,736
Notes  (to Colleagues)
1,355
31,994
Emails  (to  Colleagues)
2
6,717
Sweet  Memories                  (letters from friends/family)
600 letters ( 86 records )
3,402
L&T  Story
43
6,904
Letters to L&T Employees
177
27,642
Marketing  Communications
164
21,907
Dialogues with Authors
5
4,715
Reports
167
1,085,480
Janmakshar
2
2,116
Family  Tree
1
3,617
Total
4,921( exl photos/videos/emails  )
1,605,456


Tuesday, 9 January 2018

CyberCrimes / DigitalIndia / e-Governance



Economic Times ( 09 Jan ) carries following news report :




Cops Must Curb Cybercrime : PM



PM Shri Modi , in his valedictory address at the Director General of Police ( DGP ) and Inspector General of Police ( IGP ) conference organized by the Intelligence Bureau ( IB ) , said :


“ Cyber security issues should be dealt with immediately and should receive highest  priority



Just as openness is getting increased acceptance worldwide, there is need for greater openness among states too, on security issues.. Security cannot be achieved selectively, or alone. But breaking of silos and information sharing among states can help make everyone more secure "






I suppose , Shri Modi left it to the DGPs and IGPs to figure out , how to break silos and share crime-related information



But a deep-grained attitude of “ hold it close to the chest “ any info , will not go away by such exhortation alone !



I urge Shri Modi to resort to technology , in order to AUTOMATE the process of INFORMATION-SHARING , as outlined in my following earlier email :





Thursday, 3 April 2014


Can e-Governance help eliminate corruption  ?


Most certainly



Look at the following , partial list of Central and State Agencies set up to fight fraud , money-laundering , corruption , tax-evasion , economic crimes etc :



·            Public Accounts Committee           (  PAC  )


·           Central Vigilance Commission        (  CVC  )


·           Central Information Commission     (  CIC  )


·           Research and Analysis Wing           (  RAW  )


·           Serious Fraud Investigation Office   (  SFIO  )


·           Information Bureau                        (  IB   )


·           Economic Offence Wing                   (  EOW  )


·           Central Bureau of Investigation        (  CBI  )


·           Department of Revenue Intelligence (  DIR  )


·           Comptroller and Auditor General       (  CAG  )


·           Anti Corruption Bureaus ( States ).... (  ACB  )


·           Enforcement Directorate                    (  ED   )


·           Lok  Ayukts    (  States   )


·           Lok Pal           ( Central  )




Despite such an army of Agencies , how do corrupt manage to get away  ?



Or , in case caught , manage to delay delivery of punishment for years  ?



No doubt , there must be several reasons , including , inter - agency rivalry to get credit - something difficult to eliminate altogether



But , I believe , the most important reason is :




Lack of a COMMON  / COMPUTERIZED database of all offences / cases / persons being investigated


And , which is readily " Accessible " to all of these Agencies , all over the country ( 24 * 365 )




Already , every Agency compiles huge dossiers on " Suspects " in its own " Departmental Database "
which is never shared with other Agencies ,
leading to ,



·            Huge amount of duplication of efforts /
             information



·            Fractured / scattered profiles of " Suspects "



·            Enormous waste of time / resources




What will help  ?



·           Dismantling of individual departmental
            databases



·           Merging of all Agency-wise databases into a
            SINGLE / UNIQUE database



·           All Agencies to enter their findings / data / info
            into this COMMON database with nothing
            preserved on local computers

          


·           All data-entry FORMS to be ONLINE . No paper
            forms at all



·           All local computers connected to ultra-secure
            Network ( Encrypted )



·           " Access Rights " to individuals , based on
             Biometric Identification


     Can we look forward to a NDA Minister taking a lead in this matter by adopting following innovation ?

AdoptInnovative Ways 

https://myblogepage.blogspot.com/2017/10/adopt-innovative-ways.html

 

10  Jan  2018

www.hemenparekh.in / blogs