Your fingerprint is not your own! Meaning of privacy in India!
Photo: https://commons.wikimedia.org/wiki/File:Francis_Galton,_Finger_prints,_1892_Wellcome_L0032701.jpg
A website I often use made an offer recently – a free SIM
that I could use for free for a couple of months. My wife was interested and we
decided to try it. Everyone has heard of the well-known promotional offer by a
cell phone company.
I filled in a form online, which said to keep the Aadhar
card ready and wait for the delivery rider. He turned up in a day and asked if
we had received an SMS message. We had and my wife brought her cell phone to
read out that SMS. Meanwhile, the man pulled out a fingerprint reader. What was
that for? He said that she should have her fingerprint recorded and that their
system would get it verified. We said we did not wish to give the finger print
as we were not confident that it would be safely handled. Instead we offered
other ID and address proof and were willing to give a Xerox copy. The man said
that would not be acceptable and we spoke to his supervisor about it over
phone. The supervisor said that “this” was a government scheme and the alternative
was not acceptable.
In that case, we said, we did not want the SIM!
The Aadhar card was devised by well-meaning people who
had thought of various safeguards to avoid misuse. However, this is a country
in which privacy means little. A person sharing a train ride could strike up a
conversation with you and within minutes, ask you where you work and at what
salary!
No wonder, anyone could walk in and have you give them
your fingerprint to be used by some app on their cellphone! How does the
customer know that the fingerprint will not be stored and used on a different
occasion to “prove” his/her presence at some strange place? Does the law
provide any safeguards? After all, the delivery man need not even be a staff
member of the cell phone company, but be an agent hired on daily wages. You may
not even learn his name or ask for his ID.
This poses major risks in a country in which over 25% of
adults are illiterate.
We need researchers to find ways and means of making identification possible without any risk of abuse of the technology.
2 comments:
I posted a query on www.Researchgate.net about safeguards that could prevent abuse. Wolfgang Reichl answered. I will describe his solution in my own words:
All that a cell phone company needs to know is if a given Aadhaar ID number, name and address exists as per the database. The customer's bio-metrics are irrelevant in this case.
This means that whoever administers the Aadhaar ID verification system should make multiple types of ID verification possible. They should make the verification available only to registered parties and should ideally charge them a fee like, say, Rs 10,000 per year for up to 10,000 verifications per year. The use of bio-metric verification should be allowed only where this is strictly required, as in law and order applications.
Another case of possible violation of privacy. How do you convince members of a professional society that the list of its members (which is sold for a price) contains only genuine members? One society has asked members to give either their PAN number of Aadhaar card number while updating their address record. They say this improves transparency. It is not clear how. Do we expose members PAN numbers and Aadhaar card numbers to the world? Is it necessary?
Post a Comment