Annals of crime
Unique, single, lifelong identities (such as Aadhaar) have incentives built into them to prevent you from giving wrong information about yourself. For some, this is not intuitive. A man from Delhi found that out the hard way earlier this year when he enrolled for Aadhaar using a false name. He is now stuck with that. This is also the flaw in Rajya Sabha MP Rajeev Chandrasekhar’s often repeated argument that Aadhaar is an unverified database. It’s in the interest of users to give the correct information. The design and the process ensure that.
However, this doesn’t hold good if someone manages to hack into the enrolment process and generate fake IDs. The question, then, is not whether your information is safe in the system. The question becomes whether the information in the system is genuine. The big news last week was about police arresting a gang which had apparently cloned Aadhaar client applications which could be used to enrol people illegally. You can read about how they pulled off the scam, and how the police nabbed them here and here.
We don’t have details on how widespread the damage was (or is). The Unique Identification Authority of India’s (UIDAI’s) response to some of these events has been far from reassuring. (Not long ago, UIDAI went after the Centre for Internet and Society after it published a report on the leak/disclosure of Aadhaar numbers by government agencies.) In cyber security, you might not have control over incidents, but you have control over how you respond to them. It’s the response that builds trust.
In this case, UIDAI issued a statement saying, “the attempt to generate fake Aadhaar cards was foiled by the robust UIDAI system and the arrested gang could not succeed in its nefarious and illegal designs.”
Department of tax evasion
When Raghuram Rajan was in India last week to promote his new book, a collection of speeches he gave during his three year tenure as Reserve Bank governor, much of media attention went to his views on demonetisation. But buried in the news and interviews were his views on how Aadhaar can be used by the government to bring down tax evasion, and by individuals to get better services.
What about privacy? Rajan didn’t seem to think Aadhaar had to necessarily violate the right to privacy, and said as much in almost every interview he gave to newspapers and television channels. Here’s a sample from Business Standard:
I think it is important for the RBI and the government to satisfy the Supreme Court that privacy issues are being respected by the whole Aadhaar process. I think the Supreme Court has a valid concern that it should not be open for everybody and on any basis whatsoever. It shouldn’t be possible for people to fishing for private data, even for government officials to have free access to that private data. So, those kinds of privacy inputs have to be built in and the onus is on the government for those kind of regulatory institutions to prove to the Supreme Court that that has been done.
News from the other side of the world
Among the interesting—and worrisome—news items about the Equifax data breach that put the personal information of 143 million customers at risk, was this: The company was lobbying hard with the US government to kill a rule that enforced accountability from firms handling data. Equifax spent half a million dollars in the first half of 2017 on lobbying (and more than a million dollars in each of the last two years).
Another worrisome news. Three Equifax managers sold nearly $1.8 million worth of shares in the company after the breach was discovered but before it was disclosed to the public.
Now, there is a view that private enterprises are better at keeping our data safe—because the perform-or-die nature of competitive markets will ensure that they do their best. But, lobbying with the government and agency problem inherent in businesses call such assumptions to question.
Bharat rough book
If you haven’t checked out Sahil Kini’s column in Mint yet, you might want to. Turning his gaze away from ‘celebrity’ startups and the top end of the customers they compete for, Kini looks at the exciting opportunities that one might find in Bharat—the huge market that lies below the top layer of the income pyramid. Reading the pieces, one gets a sense of how different that market is, and the lessons one can learn from the country’s small towns.
Department of innovation
Google’s new Unified Payment Interface, or UPI-based payments app Tez came with a surprising feature, Audio QR, that uses ultra-sound (therefore inaudible to humans) to transfer money. It’s a sign of innovations (even though the idea itself is not new) that can happen over a technology like UPI, but also underlines how far UPI has come since its launch last year.
In case you missed it
- The Aadhaar enrolment process was designed for scaling up fast, which helped it cover a billion people faster than any other digital platform. Now, its focus seems to be turning towards stability and fraud prevention. There have been complaints that enrolment agencies ask for money, make it difficult for the people with disabilities, or simply not available in many places. The government now wants to limit the role of private agencies and make more trustworthy players like banks and post offices to take on that responsibility.
- No other payments bank enjoys the kind of advantage that India Post Payments Bank has—a network of post offices around the country. It plans to be in every district by March 2018, and offer digital payments services in 1.5 lakh post offices by December 2018.
- Guns or butter? Privacy or security? There is always a risk that a government—any government—will go for overkill citing the trade-off, which is why it’s good to have checks and balances (like the privacy judgement the Supreme Court gave recently). The government wants to make Aadhaar mandatory for flying—but will wait for a smaller bench to decide if Aadhaar violates fundamental right to privacy.
- One of the promises of Aadhaar is that it can save government some money by plugging leakages. Some of these numbers have been intensely contested. But the lemons problem, arising from asymmetrical information, would suggest that more numbers will join that list: for example, the Jharkhand government made a statement recently that it has saved Rs 200 crore by linking Aadhaar to pension schemes.
- Aadhaar and the goods and services tax (GST) can be seen as two big forces attempting to formalise India’s largely informal economy. There is one more link between the two. UIDAI CEO Ajay Bhushan Pandey has been appointed as the interim chairman of the Goods and Services Tax Network.
We are planning a couple interesting sessions with thought leaders for our Slack Community members. You can join us by clicking here: https://bit.ly/joinprivacy
Write to us
Send your suggestions, tips and links to ideas [at] foundingfuel [dot] com