Aadhaar,UIDAI,UPI,IndiaStack - News and Discussions

this is amazing... thanks for the tag @Agent_47

 

Whatsapp with UPI is coming soon.

 

India must embrace Data Democracy

In May of 2017, the cover of the Economist proclaimed that Data is “The world’s most valuable resource”. The proof of this proclamation can be seen by the domination of Tech Giants in virtually all major global markets. Moreover, they are quickly gaining ground & unseating incumbents in more traditional industries such as transportation, media, entertainment, advertising and payments. In the talk embedded below, I explain why this is a strategic challenge for India.

Fuelling the rapid growth of tech giants is the Data of users such as you and me. For Data controllers, Data is the ultimate truth about what your customers like, dislike, need, and pay for. With the power of AI, Data knows when, where, and how much their customers will pay, even before they do. This can be seen in all markets disrupted by Data giants, who have consistently outgrown competition and established their dominance. I present some examples in my slides embedded below.

Moreover, the virtuous cycle of data feeds itself. More Data helps create better products. Better products have more users, who in turn, create more Data. This property of Data creates winner-take-all scenarios.

Data controllers understand this new power equation, and have rushed to create platforms. Platforms accelerate the creation of new and engaging products. Other companies, even competitors, are invited to build products on the platform. Large platforms then become the fertile grounds upon which all user interactions take place, and the data of those interactions is captured by the underlying platform alone

Data is being locked into silos, so that the value extracted from the data does not have to be shared with anyone, not even with the users who helped create it. This sort of Data Domination, does not leave any oxygen for challengers to outgrow the giants. For such a powerful resource, that can change the face of $100B+ industries seemingly overnight, we seem to have very few regulations around it.

The problems around Data represent a triple-threat. We need to rethink Anti-Trust, Privacy & Data Colonization in the light of Data Domination. It is clear that the issues around data are not just a technology issue, but also a policy one.

The argument here is not protectionism, it is that under the current regulatory & market conditions, Data accumulates in the hands of a few, and hence, so does power. This holds true equally for foreign as well as domestic firms. The EU is notifying the General Data Protection Regulation, a set of data protection measures placing extensive restrictions and penalties on data controllers. Similar protection as well as anti-trust efforts are underway in US, Japan and even the UK. But these countries don’t share the same socio-economic context as India.

India also managed to jump ahead of the curve in developing digital infrastructure as public goods. We have a billion users on the JAM trinity. We have strong national-level platforms such as GSTN, BBPS and UPI. The government has also developed the India Stack, a set of Open APIs that enable paperless, presenceless and paperless transactions dramatically driving down the cost of transactions. Between Telecom-OTP, Aadhaar Authentication and UPI PIN, we have three unique methods of authentication, that can be mixed and matched to design the level of security and robustness required.

With such a strong digital spine and a growing mobile-first citizenry, India can make a significant departure and develop a unique model for data protection as well as empowerment. We need to proclaim that users have a right to access their own data and should be able to share it in a safe, consented manner with anyone they choose. This is an inversion of the usage and ownership of data.

Inverting the Data is only about giving the user freedom and choice. The freedom to share their data, and the choice of multiple providers. Data portability will empower users to choose what their data is used for. Being able to share a rich data history, increases trust in transactions. This choice of sharing is as relevant for a rural farmer as much for an urban millennial. The more reliable and accurate data you share, the better the interest rates on a loan, whether you’re buying a tractor or a sedan.

To empower users with Data, there are 3 steps India needs to undertake. First, we need to convince the government to open up big public data sets for users to consume. This includes data from national platforms such as GSTN, BBPS, etc. Second, regulators need to open up the data sets in their jurisdiction in a standard, machine-readable format. Third, we need a policy intervention to allow for the free flow of data with user consent in the private, unregulated spheres.

In today’s world, Data is power. History has shown us time and again, that we must not let power accumulate in the hands of the few. Instead we must empower all with their data. Your Data is your vote, and you should be able to choose whom you give it to. With 3 simple steps, India can lead the world in demonstrating a true Data Democracy.





@Sancho @bharathp @An Indian @nair @Hellfire @Abingdonboy @Rain Man @arbit @GSLV Mk III

 

Thank you @Agent_47. Today Data has become the new tools for control, earning (that's how the whole Big Data & Analytics thing has emerged). The people who control data can actually lead the society (yes the Society) towards what they want (I'm posting a link someone sent to me as a pointer). This is the NEW FORM of COLONIZATION. And the whole thing is about who controls the data. We have two choices today: Give control of our key (SPI) data in hands of corporations (such as FB and Google & others) or give it to the Govt. Me - I would rather have the Govt (with all its imperfections control my data as I'm relatively sure there are less chances of it being misused).

Let's be honest here. Given our journey from off-line to on-line, privacy has been and will continue to disappear. WE WILL BE NAKED as more and more sophisticated analytic methods tools are created.

Finally, here's a link that someone send that I found really, really scary and insightful:
The great British Brexit robbery: how our democracy was hijacked
https://www.theguardian.com/technol...eat-british-brexit-robbery-hijacked-democracy

 

How CIA Spies Access India’s Biometric Aadhaar Database
How CIA agents can access Aadhaar database via UIDAI certified company Cross Match.
By
Shelley Kasli August 25, 2017


Today WikiLeaks published secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among many others the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world — with the expectation for sharing of the biometric takes collected on the systems. But this ‘voluntary sharing’ obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.

ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen.



The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.

Cross Match certified by UIDAI
Cross Match was one of the first suppliers of biometric devices certified by UIDAI for Aadhaar program. The company received the Certificate of Approval from the Indian Government in 2011. Cross Match received the Certificate of Approval for its Guardian fingerprint capture device and the I SCAN dual iris capture device on October 7, 2011. Both systems utilize Cross Match’s patented Auto Capture feature, which quickly captures high-quality images with minimal operator involvement.


The biometric devices (enrolment) from Cross Match have been granted the Certificate of Approval by UIDAI and STQC Directorate, Department of Information Technology, New Delhi
The Certificate of Approval, was issued after completion of all tests required to demonstrate compliance with the quality requirements of UIDAI. The certification body consists of the Standardization, Testing and Quality Certification (STQC) Directorate for the Government of India’s Department of Information Technology (DIT) and the UIDAI. The tests performed by the STQC included the following criteria: Physical & Dimensional, Image Quality, Environmental (Durability/Climatic), Safety, EMI/EMC, Security, Functional, Performance, Interoperability, Ease of Use & Ergonomics.


Follow
WikiLeaks

✔@wikileaks
Has the CIA already stolen India's #Aadhaar database? http://gginews.in/cia-spies-access-aadhaar-database/ … #modi

1:09 PM - Aug 25, 2017

How CIA Spies Access Aadhaar Database | GGI News
Today WikiLeaks published secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among...

gginews.in

• 
  8888 Replies
  
• 
  1,1851,185 Retweets
  
• 
  830830 likes

Twitter Ads info and privacy





Follow
Great Game India @GreatGameIndia
How CIA agents can access #Aadhaar database via @UIDAIcertified company #CrossMatch #CIAadhaar #RightToPrivacyhttp://gginews.in/cia-spies-access-aadhaar-database/ …

4:35 AM - Aug 25, 2017

How CIA Spies Access Aadhaar Database | GGI News
Today WikiLeaks published secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among...

gginews.in

• 
  55 Replies
  
• 
  116116 Retweets
  
• 
  7777 likes

Twitter Ads info and privacy



Majority of the UIDAI certified enrollment agencies use Cross Match devices across India. Cross Match was also the first company to receive the Provisional Certificate for use in the UID program in September, 2010. Video featuring the Cross Match Guardian and I SCAN devices has been taken down from the official UIDAI website.

Francisco Partners
In 2012, Francisco Partners acquired Cross Match Technologies Inc. The company has more than 5,000 customers worldwide and over 250,000 products deployed in over 80 countries. Cross Match’s customers include the U.S. Department of Defense, Department of Homeland Security, U.S. State Department and various state and local governments; as well as numerous foreign governments and law enforcement agencies. It also provides biometric solutions to customers in transportation, critical infrastructure, financial services, education, and healthcare sectors.


Subscribe to our quarterly geopolitical magazine GreatGameIndia. Click image to subscribe.
One of Francisco Partners portfolio company is an Israeli cyber weapons dealer called NSO Group. The company’s Pegasus iOS malware was linked to attacks on iPhones of a prominent UAE activist and a Mexican journalist.

Researchers from the University of Toronto’s Citizen Lab and mobile security firm Lookout raised questions about the ethics of NSO Group, a government spyware provider founded by an alum of Israel’s vaunted intelligence agencies. Francisco Partners bought its stake in the company for $120 million in 2014. Citizen Lab uncovered NSO’s Pegasus malware targeting iPhones of a Mexican journalist and a UAE activist. The same day, FORBES reported that Francisco Partners added Circles to its roster of investments, another Israeli-founded surveillance firm, which sold contentious gear to hack a part of global telecoms networks, known as SS7. That cost the private equity firm $130 million, a source close to the deal told FORBES.

Spying governments, activists & journalists
Francisco Partners also ran Turkey’s spy operations by selling its deep packet inspection product for surveillance. Deep packet inspection enables surveillance at the outset. Its very purpose is to open up “packets” of data flying across networks and inspect them to check if they should pass. DPI has made headlines for controversial use cases. China, for instance, likes to use DPI in its infamous censorship and surveillance systems. Sunnyvale, California-based Blue Coat Systems, in which Francisco Partners was a significant investor, saw its DPI technology censoring the internet in Syria in 2011, just as the civil war was erupting. Human rights activists looked on agog, but Blue Coat later said resellers were to blame and that it had not given permission for the technology to be shipped to the country. One reseller was later slapped with a maximum fine of $2.8 million by the Bureau of Industry and Security (BIS). (Francisco Partners also has stakes in Barracuda Networks and Dell Software, which both ship DPI products).

Aadhaar’s biometric pioneer
The foundation of the Aadhaar program is based on biometric and demographic data that is unique to each citizen. This data can only be collected by leveraging biometric devices and compatible software – the second and third stages of the Aadhaar value chain.



Cross Match’s Indian partner for the UID program is Smart Identity Devices Pvt. Ltd. (Smart ID). Smart Identity Devices, or Smart ID, has been the biometric pioneer and leader for the Aadhaar program. Smart ID provides biometric technology, smart card, and information and communication technology products and services for numerous sectors, such as financial services, logistics, government, and IT security. Launching commercial operations in 2008, Smart ID is based in Noida, India and is led by Sanjeev Mathur. The company’s devices are being used by enrollment agencies across India for the Aadhaar program.

ACCORDING TO A RECENT STUDY BY RESEARCH AND MARKETS, INDIA’S BIOMETRICS MARKET IS FORECAST TO HIT ABOUT $2 BILLION BY 2018.



Smart ID’s products and services range from biometric products, to mobile application solutions, to services such as Aadhaar enrollment, training, project management, IT hosting, and business correspondent management. As of 2014, Smart ID was able to carry out enrollment activities across India in states such as, Jharkhand, Tamil Nadu, Orissa, Uttar Pradesh, West Bangal, and Madhya Pradesh. Smart ID has already enrolled more than 1.2 million citizens into the Aadhaar program through its enrollment agencies.


Cross Match Aadhar Uid Kit
In July 2011, the UIDAI recognized Smart ID as being one of the three best enrollment agencies in Aadhaar for enrolling more than 25 million citizens in a very short time frame. Cross Match’s own presentation prepared for UID study claims more than 620 million enrollments. These CIA bugged Cross Match Aadhar Uid Kit is also available on the open market. Even you can buy it for Rs 63,999 a pair.

The price of a Smart ID Patrol ID fingerprint scanner was approximately $2300 in 2014. And these devices were installed across the country. It would be interesting to know how much did the Indian government pay this CIA front company for the exercise. Lets say UIDAI installed 10,000 such bugged CIA devices across the country for enrollment (which is a very conservative estimate), the staggering cost would be 1473554800



How CIA agents can access Aadhaar database in real-time
A number of the CIA’s electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media. For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlaying system is automatically infected and ransacked.

Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out. The questionnaire is used by the agency’s OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically “exfiltrating” information from computer systems) for specific operations. The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

Among the list of possible targets of the collection are ‘Asset’, ‘Liason Asset’, ‘System Administrator’, ‘Foreign Information Operations’, ‘Foreign Intelligence Agencies’ and ‘Foreign Government Entities’. Notably absent is any reference to extremists or transnational criminals. The ‘Case Officer’ is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types. The ‘menu’ also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained. This information is used by the CIA’s ‘JQJIMPROVISE’ software to configure a set of CIA malware suited to the specific needs of an operation.


Here is the official training manual that contains the detailed steps for carrying out the installation and configuration of Cross Match for the Aadhaar Enrolment Client. This manual also describes the process of importing master data after downloading it from the UIDAI Admin Portal.


Official UIDAI training manual describing the process of importing master data after downloading it from the UIDAI Admin Portal


It is remarkable that Aadhaar and Al-Qaeda mean the same thing, which is “foundation” – Manu Joseph pointed out this tweetable fact in his piece on Live Mint. What we might add is that it is also remarkable that both Aadhaar and Al Qaeda are illegitimate sons of the same mother!

http://gginews.in/cia-spies-access-aadhaar-database/

 

https://twitter.com/wikileaks/statu...io/iframe/twitter.min.html#900985901534371840



@Levina @Abingdonboy @nair@MilSpec @Gessler @Robinhood Pandey @randomradio @vstol jockey @Hellfire @NS52 @BlackOpsIndia @Rain Man @Grevion @Nilgiri @GSLV Mk III @SrNair @dadeechi @Ankit Kumar 001 @kaku1 @Golden_Rule @IndiranChandiran @Lion of Rajputana @thesolar65 @Sathya @Butter Chicken @AbRaj @Agent_47 @bharathp @Aqwoyk @GuardianRED @PeegooFeng41 @Indx TechStyle @Ved Mishra @ni8mare @A_poster @Kalmuahlaunda @zebra7 @Marqueur @PARIKRAMA

 

Wikileaks says 'CIA can access Aadhaar database', government denies claim
WikiLeaks on Friday published documents that claims the United State's Central Intelligence Agency (CIA) is using specific tools to secretly collect Aadhaar data. These claims have been dismissed by the government.

By Zee Media Bureau | Last Updated: Saturday, August 26, 2017 - 07:57
1
Comment


New Delhi: WikiLeaks on Friday published documents that claims the United State's Central Intelligence Agency (CIA) is using specific tools to secretly collect Aadhaar data. These claims have been dismissed by the government.

Wikileaks documents claims CIA used ExpressLane – a cyber tool devised by Cross Match Technologies. “ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.

Cross Match Technologies, a US company specialising in biometric software, was one of the first suppliers of biometric devices certified by UIDAI for Aadhaar program.





Wikileaks tweeted:


Follow
WikiLeaks

✔@wikileaks
Have CIA spies already stolen #India's national ID card database? #aadhaar #biometrichttp://archive.is/R2Hdu#selection-1123.0-1123.55 …#modi

12:57 AM - Aug 25, 2017

How CIA Spies Access India's Biometric Aadhaar Database | GGI News
archived 25 Aug 2017 07:52:23 UTC

archive.is

• 
  123123 Replies
  
• 
  1,7051,705 Retweets
  
• 
  1,2301,230 likes

Twitter Ads info and privacy




The Wikileaks further claims “CIA agents can access Aadhaar database in real-time.”

Another article tweeted by Wikileaks states, “UIDAI, as far as is known, did not do a background check on these companies or their business, professional and personal associations.”

19h
WikiLeaks

✔@wikileaks
Have CIA spies already stolen #India's national ID card database? #aadhaar #biometrichttp://archive.is/R2Hdu#selection-1123.0-1123.55 … #modi


Follow
WikiLeaks

✔@wikileaks
See also "#Aadhaar in the hand of spies" https://series.fountainink.in/aadhaar-in-the-hand-of-spies/ …

11:25 AM - Aug 25, 2017

Aadhaar in the hand of spies
BY GOVIND KRISHNAN VAadhaar, the 12-digit number linked to the fingerprints and iris patterns of most Indians, the key to unlocking government for the citizen, is a security nightmare in a world whe

series.fountainink.in

• 
  2424 Replies
  
• 
  296296 Retweets
  
• 
  245245 likes

Twitter Ads info and privacy




Cross Match had hit the headlines in 2011 “when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.”

 

I tell you guys, BJP is once again selling this nation to US like they did under that Atal bihari Chaarpayi.

 

This is very dangerous, our privacy is at stake.... all our bank details, our financials, health related issues and even our location is compromised. Since our mobile numbers are linked to Adhar and the same can be searched through networks and with smart fones giving out our locations we are always at risk.......

 

we are going under a regime which is worst than Nazi regime with Modi. This man has completely lost his brain under the spell of Lutyen's mafia headed by Jai-Italyji. This man is brain dead and must be removed from his position

 

Myself, I think the whole Aadhar and other such schemes were hatched with the simple aim of getting data of Indians.

 

What is the pshycology of Jaitley?? I don't understand the motivations of these kind of people. Any idea.

 

I disagree here. BJP is not selling us. But we have not much of a choice. Congress has weakened us in our defences. Now we are put in a position where we have to compromise.

 

@vstol jockey BJP did nuke tests. I trust them. The "selling out the nation" was mearly feigning weakness to not get retaliatory actions.
But Aadhar card, etc rleated issues was done during congress, I think the data was already stolen/sold to the western spy agencies. So the damage was already done. Now there's no point wailing over the damag done since the worse was already done, so i think BJP is just using the logic, "well the damage has already been done, now what can we do, no point crying over what happened, so let's atleast make some good out of the data collected". I think I mentioned this logic earlier.