India Opening Up World's Largest Biometric Database For Commercial Applications, Despite Inadequate Privacy Protection

from the India-Stack-attack dept

Techdirt has been following India's construction of the world's largest biometric database, called Aadhaar, since July 2015. Concerns include the fact that what was billed as a voluntary system has been morphing into a compulsory one, and evidence that Aadhaar simply can't cope with real-life biometrics. Undeterred, the Indian government wants to expand the system even further by opening it up for use by companies, as the Wall Street Journal reports:

The Indian government has gathered digital-identification records, including fingerprint impressions and eye scans, of nearly all of its 1.2 billion citizens. Now a government-backed initiative known as "India Stack" aims to standardize ways to exchange the data digitally to facilitate the transfer of signatures and official documents that citizens need to get jobs, make financial transactions or access government services.

By allowing developers to incorporate use of government identification records in their commercial websites and apps, the initiative envisions Indians -- with mobile phones in hand -- using iris and fingerprint scans to sign up for insurance, invest in mutual funds, receive health-care subsidies and verify their identity for school examinations.

In itself, there's nothing wrong with this approach. Indeed, it has many benefits, notably making it easier for people to deal with India's bureaucracy, and helping to fight corruption. But those advantages could be compromised if privacy is neglected. And here the Indian government is sending all the wrong signals:

Prime Minister Narendra Modi's government has delayed a new bill that would bring India's privacy laws more in line with those of major European nations. Meanwhile, the government has questioned a constitutional right to privacy in pleadings before the Indian Supreme Court.

Without adequate privacy protection, the system seems ripe for abuse, both by unscrupulous companies targeting hapless consumers, and by state organizations, which might use it as a powerful surveillance tool. If the Indian government wants to become a world leader in using biometric-based digital identity for its citizens, as the Wall Street Journal article suggests, it should make crafting effective privacy protection laws a priority.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: aadhaar, biometrics, india, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Yes, I know I'm commenting anonymously, 3 Mar 2017 @ 3:56am

    Stopwatch ready

    So, How long until biometric data of Indian citizens is useless for anything? (Because it is freely available online to criminals as well).
    More importantly, How long will it take from that point for the Indian government realizes this?

    Anyone want to place a bet?
    /sarcasm

    link to this | view in chronology ]

    • icon
      JoeCool (profile), 3 Mar 2017 @ 7:35am

      Re: Stopwatch ready

      I'll bet $5 on right after the President (or whatever they call the position in India) has his/her bank account emptied because their fingerprint is now online. Nothing EVER gets done until someone rich or powerful is targeted, then half the time, they double down on the stupidity.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Mar 2017 @ 4:38am

    "By allowing developers to incorporate use of government identification records in their commercial websites and apps, the initiative envisions Indians -- with mobile phones in hand -- using iris and fingerprint scans to sign up for insurance, invest in mutual funds, receive health-care subsidies and verify their identity for school examinations. "


    Meanwhile, back at the ranch, crooks cheer this easily hacked gold mine while they busily defraud everyone they possibly can.

    What was that saying about eggs in a basket?

    link to this | view in chronology ]

  • icon
    Ninja (profile), 3 Mar 2017 @ 5:44am

    While I do agree their utility approach could be useful and make things easier for the citizens there are privacy and security concerns. I'm very wary of people being able to use biometrics to sign up for things that cost money or even could make a mess of the citizens lives. And I'm not talking about how they do their encryption homework or how they will limit abuses from govt employees accessing and selling the data. The worry is more mundane: once your biometrics are copied, you can't change them. I'm gonna echo what every single security expert says about the matter: biometrics should be the ID, not the key. And I'd go further by adding a 2nd step to validate the operation other than a password. Of course I'm also ignoring that many people won't be able to understand, much less do security right (weak passwords anyone?).

    link to this | view in chronology ]

  • identicon
    I Love Capitalism, 3 Mar 2017 @ 6:59am

    Targeted advertising

    Wouldn't you rather have more relevant advertising?

    link to this | view in chronology ]

  • identicon
    Shilling, 3 Mar 2017 @ 10:24am

    Laws??

    Instituting privacy laws will not protect your privacy in the long run because laws can be changed. The only way a government can protect privacy is to stop collecting this data period.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.