Lately my Twitter timeline has been providing me with some sort of amusement at what seems to be a counter-campaign by the UIDAI and its supporters to control the narrative or at least fight the perception battle to the relentless anti-Aadhaar campaign being run on the micro-blogging platform by online activists since last few years. It has perhaps became important for UIDAI to take initiative as the discourse on Twitter has largely been controlled by those opposed to it and a part of the mainstream media, since the media inevitably picks up the dominant narrative on Twitter. Also, with the Supreme Court judgment on Aadhaar coming out any time, it might have seemed imperative for the UIDAI to undo some damage to the reputation of the Authority on social media, which would undoubtedly be important if the Court makes the Aadhaar truly voluntary. Whatever be the motivation, the fact is there is a Twitter war over Aadhaar in progress and its an interesting one.
For those unawares, since some time now, a number of computer security researchers, lawyers, hackers, activists and ordinary citizens have been actively campaigning against Aadhaar on social media, especially on Twitter and UIDAI and its supporters have been countering them but the confrontation was taken to an entirely new level when the TRAI chairman, RS Sharma tweeted out his own Aadhaar number daring critics to "harm" him using it. What followed has already been covered in the mainstream media, his personal information including primary phone number, address, PAN card number, email address, even frequent flier number and more were published on the Internet by a number of users. Mr. Sharma's retort was that all information published was already in public domain and only required some research rather than hacking using his UID number.
I am inclined to think that Mr. Sharma was taking this as a classical hacking challenge (as he is highly educated himself) or trying to portray a picture, where hackers are caricatured as misanthropes wearing hoodies,face masks,sunglasses breaking into any high security system with a few keystrokes. Such hackers, do exist although they would take considerable time to hack a highly secure system but more importantly I have no reason to believe that they would publicize their success instead of stealthily exploiting the system to gain maximum benefit, monetary and otherwise. Even hacktivist collective like the Anonymous have made their attacks public only after causing extensive damage. Then, currently the most advanced hackers are usually backed by one nation-state or another and in many cases, after gaining access to vital infrastructure,they seem to just sit there waiting for the opportune moment to strike. If at all any of the supporters were expecting a full scale breach of the Aadhaar security system and a public disclosure then they are obviously delusional.
Then there are security researchers or white hat hackers who typically tend to probe for security vulnerabilities in systems and bring those to the notice of the concerned authorities. Some of these researchers have been active on Twitter highlighting flaws in Aadhaar ecosystem, one in particular going by the pseudonym Elliot Alderson (@fs0c131y) has claimed of having cracked the mAadhaar mobile app and was also around the centre of the whole RS Sharma episode. Elliot and a few security researchers claim to have found Mr. Sharma's mobile number using his AADHAAR number, it is with this number that a lot of his personal details were made public. Now for the sake of argument I am willing to accept Mr Sharma's contention that they found Mr. Sharma's phone number on government website and used it to collect personal information from different resources and pieced together to form his personality profile, as it only confirms the charge that personal data on the Internet can be collected comprehensively enough to identify individuals in offline world and cause harm through fraud, intimidation and harassment. After all rest of the people don't really have the privilege of Mr. Sharma who insists he wasn't harmed. Moreover, lot of our personal data also resides in different data silos with companies that may not be willing to give out non-anonymised data to others and certainly not to individuals. More importantly, they give (or so they say) control over our data, who we share our information with and also the option to delete the data.
 |
| Black hat | Credit: Lifewire |
But isn't Aadhaar an entirely opposite thing ? It is essentially a highly centralized biometric database of nearly the entire Indian population and unlike other systems it is indeed linked to a number of services that transact with it, even if the transaction is simplistic. I haven't come across any information on their having been a breach of the central database compromising biometric data but there have been enough reports on Aadhaar-seeded data having been used to create surveillance mechanism, one example coming from the top of my head being Andhra Pradesh government website creating a 360 degree surveillance mechanism of its citizens which was leaking data like a faucet. However, before proceeding further, I should confess that few years back I did believe Aadhaar (as long as voluntary) was a great initiative,even writing a post on it merits in this very blog (but now it is deleted). At the time when big data was exploding on technological arena and there were ideas floating around how it could be leveraged to solve social problems it did seem a tremendous idea,using biometric data to enable banking and streamlining PDS to floating populations and those in geographically remote regions seemed an exciting prospect.
But I was looking at it from a purely technological perspective blinded completely to the complexities, inherent flaws in the approach and sheer disregard for human dignity that accompanied this initiative. I suspect that a lot of technocrats aggressively pushing for Aadhaar continue to be blindsided to its ill effects. Of course, since I was merely a passive supporter with no personal interests whatsoever, my blinders were quick to be taken off when it's flaws were pointed out by activists but those looking for techno-utopia would be too high on themselves to reflect on whether it could actually lead to a dystopia. Of course, people who are busy doing things that they believe would change the world seldom stop to think if they should. The mindless seeding of the Aadhaar has turned it into an unbridled beast (remember Airtel bank scam), but that is just one aspect of it. The other problems include control, surveillance and exclusion that it enables but I will not discuss them here, there are loads of interesting articles on the web explaining them and this post is getting lengthier. One particular resource I would recommend you to check out is https://medium.com/karana
As a matter of fact, I think instead of throwing a Twitter "dare" RS Sharma and other UIDAI supporters making point by point rebuttal to these articles would have been far more mature way of countering the narrative which was the topic I was writing on but digressed! Interestingly, before I got around to publishing this piece, my Twitter timeline got interesting once again as a lot of Indian users began tweeting after discovering that UIDAI toll free number was suddenly on their phone's contact list. In response the UIDAI tweeted implying that some "vested interests" were behind the operation and the number was not legit. By evening Google India issued a statement taking blame for including the number in its Android Setup Wizard in 2014 and consequently it was synced with Google Contact apps. Clearly a Google now has to answer lot of questions rather than just issuing a statement, it remains to be seen. The UIDAI perhaps doesn't need to answer why it initially thought some "vested interest" were behind pushing the number to everyone's contact list. The plausible explanation would be that they are in an aggressive mode in the perception battle on social media and this was a nervous reaction, quite understandable.
P.S. I have tried to keep this post light and social media-centric, for some actual reading on Aadhaar please click on the inline links.
0 comments :
Post a Comment