Sept. 19, 2017, 1:05 p.m.
The question of fake IDs; catching tax evasion; Equifax and the safety of our data in private hands; exciting opportunities in Bharat; Google Tez; and more
Unique, single, lifelong identities (such as Aadhaar) have incentives built into them to prevent you from giving wrong information about yourself. For some, this is not intuitive. A man from Delhi found that out the hard way earlier this year when he enrolled for Aadhaar using a false name. He is now stuck with that. This is also the flaw in Rajya Sabha MP Rajeev Chandrasekhar’s often repeated argument that Aadhaar is an unverified database. It’s in the interest of users to give the correct information. The design and the process ensure that.
However, this doesn’t hold good if someone manages to hack into the enrolment process and generate fake IDs. The question, then, is not whether your information is safe in the system. The question becomes whether the information in the system is genuine. The big news last week was about police arresting a gang which had apparently cloned Aadhaar client applications which could be used to enrol people illegally. You can read about how they pulled off the scam, and how the police nabbed them here and here.
We don’t have details on how widespread the damage was (or is). The Unique Identification Authority of India’s (UIDAI’s) response to some of these events has been far from reassuring. (Not long ago, UIDAI went after the Centre for Internet and Society after it published a report on the leak/disclosure of Aadhaar numbers by government agencies.) In cyber security, you might not have control over incidents, but you have control over how you respond to them. It’s the response that builds trust.
In this case, UIDAI issued a statement saying, “the attempt to generate fake Aadhaar cards was foiled by the robust UIDAI system and the arrested gang could not succeed in its nefarious and illegal designs.”
When Raghuram Rajan was in India last week to promote his new book, a collection of speeches he gave during his three year tenure as Reserve Bank governor, much of media attention went to his views on demonetisation. But buried in the news and interviews were his views on how Aadhaar can be used by the government to bring down tax evasion, and by individuals to get better services.
What about privacy? Rajan didn’t seem to think Aadhaar had to necessarily violate the right to privacy, and said as much in almost every interview he gave to newspapers and television channels. Here’s a sample from Business Standard:
I think it is important for the RBI and the government to satisfy the Supreme Court that privacy issues are being respected by the whole Aadhaar process. I think the Supreme Court has a valid concern that it should not be open for everybody and on any basis whatsoever. It shouldn’t be possible for people to fishing for private data, even for government officials to have free access to that private data. So, those kinds of privacy inputs have to be built in and the onus is on the government for those kind of regulatory institutions to prove to the Supreme Court that that has been done.
Among the interesting—and worrisome—news items about the Equifax data breach that put the personal information of 143 million customers at risk, was this: The company was lobbying hard with the US government to kill a rule that enforced accountability from firms handling data. Equifax spent half a million dollars in the first half of 2017 on lobbying (and more than a million dollars in each of the last two years).
Another worrisome news. Three Equifax managers sold nearly $1.8 million worth of shares in the company after the breach was discovered but before it was disclosed to the public.
Now, there is a view that private enterprises are better at keeping our data safe—because the perform-or-die nature of competitive markets will ensure that they do their best. But, lobbying with the government and agency problem inherent in businesses call such assumptions to question.
If you haven’t checked out Sahil Kini’s column in Mint yet, you might want to. Turning his gaze away from ‘celebrity’ startups and the top end of the customers they compete for, Kini looks at the exciting opportunities that one might find in Bharat—the huge market that lies below the top layer of the income pyramid. Reading the pieces, one gets a sense of how different that market is, and the lessons one can learn from the country’s small towns.
Google’s new Unified Payment Interface, or UPI-based payments app Tez came with a surprising feature, Audio QR, that uses ultra-sound (therefore inaudible to humans) to transfer money. It’s a sign of innovations (even though the idea itself is not new) that can happen over a technology like UPI, but also underlines how far UPI has come since its launch last year.
We are planning a couple interesting sessions with thought leaders for our Slack Community members. You can join us by clicking here: https://bit.ly/joinprivacy
Send your suggestions, tips and links to ideas [at] foundingfuel [dot] com