India Opening Up World's Largest Biometric Database For Commercial Applications, Despite Inadequate Privacy Protection
from the India-Stack-attack dept
Techdirt has been following India’s construction of the world’s largest biometric database, called Aadhaar, since July 2015. Concerns include the fact that what was billed as a voluntary system has been morphing into a compulsory one, and evidence that Aadhaar simply can’t cope with real-life biometrics. Undeterred, the Indian government wants to expand the system even further by opening it up for use by companies, as the Wall Street Journal reports:
The Indian government has gathered digital-identification records, including fingerprint impressions and eye scans, of nearly all of its 1.2 billion citizens. Now a government-backed initiative known as “India Stack” aims to standardize ways to exchange the data digitally to facilitate the transfer of signatures and official documents that citizens need to get jobs, make financial transactions or access government services.
By allowing developers to incorporate use of government identification records in their commercial websites and apps, the initiative envisions Indians — with mobile phones in hand — using iris and fingerprint scans to sign up for insurance, invest in mutual funds, receive health-care subsidies and verify their identity for school examinations.
In itself, there’s nothing wrong with this approach. Indeed, it has many benefits, notably making it easier for people to deal with India’s bureaucracy, and helping to fight corruption. But those advantages could be compromised if privacy is neglected. And here the Indian government is sending all the wrong signals:
Prime Minister Narendra Modi’s government has delayed a new bill that would bring India’s privacy laws more in line with those of major European nations. Meanwhile, the government has questioned a constitutional right to privacy in pleadings before the Indian Supreme Court.
Without adequate privacy protection, the system seems ripe for abuse, both by unscrupulous companies targeting hapless consumers, and by state organizations, which might use it as a powerful surveillance tool. If the Indian government wants to become a world leader in using biometric-based digital identity for its citizens, as the Wall Street Journal article suggests, it should make crafting effective privacy protection laws a priority.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: aadhaar, biometrics, india, privacy
Comments on “India Opening Up World's Largest Biometric Database For Commercial Applications, Despite Inadequate Privacy Protection”
So, How long until biometric data of Indian citizens is useless for anything? (Because it is freely available online to criminals as well).
More importantly, How long will it take from that point for the Indian government realizes this?
Anyone want to place a bet?
Re: Stopwatch ready
I’ll bet $5 on right after the President (or whatever they call the position in India) has his/her bank account emptied because their fingerprint is now online. Nothing EVER gets done until someone rich or powerful is targeted, then half the time, they double down on the stupidity.
“By allowing developers to incorporate use of government identification records in their commercial websites and apps, the initiative envisions Indians — with mobile phones in hand — using iris and fingerprint scans to sign up for insurance, invest in mutual funds, receive health-care subsidies and verify their identity for school examinations. “
Meanwhile, back at the ranch, crooks cheer this easily hacked gold mine while they busily defraud everyone they possibly can.
What was that saying about eggs in a basket?
While I do agree their utility approach could be useful and make things easier for the citizens there are privacy and security concerns. I’m very wary of people being able to use biometrics to sign up for things that cost money or even could make a mess of the citizens lives. And I’m not talking about how they do their encryption homework or how they will limit abuses from govt employees accessing and selling the data. The worry is more mundane: once your biometrics are copied, you can’t change them. I’m gonna echo what every single security expert says about the matter: biometrics should be the ID, not the key. And I’d go further by adding a 2nd step to validate the operation other than a password. Of course I’m also ignoring that many people won’t be able to understand, much less do security right (weak passwords anyone?).
Wouldn’t you rather have more relevant advertising?
Instituting privacy laws will not protect your privacy in the long run because laws can be changed. The only way a government can protect privacy is to stop collecting this data period.