1 May 2017

The Dark Side Of Digital Revolution: Can India Stand Up To The Challenge?


Rajeev Srinivasan

It would not do for people to find out all of a sudden that their bank accounts have been cleaned out, or that your BHIM and Aadhaar data are available for sale on the Internet.

Some people are raising questions about Aadhaar and about Electronic Voting Machines (EVMs). It is hard to dismiss them out of hand even if you make allowances for their vested interests. The reason is that, fundamentally, computer and network security in India is in its infancy. As the country is dragged kicking and screaming into a future with electronic money and electronic identity and electronic everything else, it is pertinent to worry about how things can go wrong.

The objectives behind Aadhaar and the EVM are laudable: it makes sense both to have an unalterable identity mechanism and a way of quickly and accurately tabulating election results. Indeed there is a case for even greater introduction of digital mechanisms into daily activities: for instance, we need land records and medical records to be reliable and portable. So the thrust behind Digital India and India Stack is doubtless, sensible. The devil is in the implementation details.

It would be instructive to look at what has happened elsewhere with the introduction of a unique identifier and electronic voting machines, though I fully agree that their situations may not be entirely comparable. They are different countries with different problems, yes, but certainly one can learn from the experiences of other people.

When I last checked, Electronic Voting Machines have been banned in several American states (and in Germany they have been ruled unconstitutional) because it is evident that there are multiple ways of tampering with them, thus denying a citizen the constitutional right to the vote.

As for identity, the social security number (SSN) was introduced in the US quite some time ago as a way of providing a national worker’s pension. But the SSN soon became used for all sorts of other things, and in effect, it is a de facto unique national id now. Other government agencies such as the income tax authorities as well as businesses began to track data using the SSN as the unique id, and even though it was illegal to do so in the first place, but you have a fait accompli now.

The net result today is that it is possible to construct the entire profile of any US resident these days by just using their SSN: you can track their credit card use, their medical history, their ATM use, and so on. There was a film The Net that shows the nightmare scenario if someone were to delete your SSN from the system: you become a non-person. For all practical purposes, you cease to exist.

Separately, with the arrival of the smartphone, not only the US government but also Google, Facebook, Apple and Amazon know everything about you: where you have been at any time, who you fraternise with, what your interests are, what topics you search for on the net, what you say to whom on social media or phone calls. Everything.

If you were a bit of a pessimist, you might say that the age of the Panopticon has arrived: that the scary future European philosopher Jeremy Bentham imagined, where Big Brother is really watching you and knows what you think. For privacy advocates, this is a nightmare: imagine if a government were to be malign, and wanted to round up people based on thought crimes – in fact you can do this today. Witness how every time some terrorist is caught, they say he had been watching propaganda videos on YouTube or learning how to assemble bombs from common household chemicals. You leave your digital footprints everywhere, and it is almost impossible to hide from the eye in the sky.

But what is worse is that it is not only governments, but hackers too who know or can know anything about you. One popular trick these days is ransomware: your computer is locked up by a remote hacker, who refuses to let you access it unless you pay good money. One way of dealing with this is to keep regular backups of all your data on computers or disks that are never attached to the Internet. But that is hard to do because your computers need the regular software updates pushed by the manufacturers.

Beyond that, there is identity theft. By piecing together data about your activities, and especially based on the SSN, it is possible for thieves to create new identities that mimic you: the data is yours, but someone has control of it. Large numbers of people fall prey to this every year in the US, and billions of dollars are stolen. A crook who clones your identity can with little trouble create a new credit card with your SSN, and charge thousands of dollars to it. You, alas, will get the bill. This is so widespread that there is identify theft insurance available now.

Imagine how identify theft might play out in India. Unscrupulous bank employees have already been caught in scams where they clone credit cards, and arrange for the PIN numbers to be sent to addresses they or their friends control: the banks end up absorbing this kind of loss (unless they can bully the consumer into paying for the fraud). But imagine how this would be a nightmare if clever hackers are let loose on millions of unsuspecting and unprepared, often illiterate and gullible users in India. And all their financial information is centred around their Aadhaar numbers.

When BHIM-Aaadhar is made a major mechanism for financial transactions (disclaimer: I think it’s a good idea, but I am worried about the security of the mobile devices themselves, and would suggest that a mandatory NPCI-supplied application must be installed on all cellphones in India to detect and prevent data leak from the BHIM application) it should be assumed that there will be continuous and wilful security breach attempts made by hackers. It would not do for people to find out suddenly that their bank accounts have been cleaned out, or that your BHIM and Aadhaar data are available for sale on the Internet.

That brings us to the crux of the matter. It is true that Aadhaar is a high-tech mechanism using fingerprints and iris scans to precisely identify individuals. It may even be that this is superior to other UID mechanism available elsewhere. But there are several problems: one is that current processes need to be re-engineered, another is that there needs to be a clear idea of ownership of data, and a third is that the data must be stored in a manner that it is unalterable.

The first problem is the hardest. Many of the processes we use in India unnecessarily reveal too much information, and they can be leaky – just the thing that the friendly neighbourhood hackers are looking for. Every process using Aadhaar for authentication needs to be re-engineered end to end to ensure that only information that is absolutely necessary (“need to know”) is revealed, and that too in a secure manner.

Secondly, it is not clear to me who owns the information; maybe the Aadhaar Act has clear rules about this. I suspect the working assumption is that all the data belongs to the government (and that it is not merely the custodian of private data). On the contrary, it must be absolutely clear that the data belongs to the individual, and that he/she must be in control of how much of it is revealed. For instance, if I want to reveal my medical or financial history to some corporation, it should be based on my informed consent.

The third problem may have a general solution: blockchain. Although there are concerns about the physical security of devices using blockchain, by integrating that technology into the (orthogonal) technology of identity management, it may be possible to create solutions so that important data is guaranteed to be inviolate.

As for Electronic Voting Machines, let me be very clear that I do not at all agree with people like Arvind Kejriwal who blame EVMs for their defeats. But speaking strictly from a technology perspective, they are not as safe as we may believe. It would be necessary to have full control of the chips and firmware on them to be confident that EVMs are not being messed with. Researchers in 2010 showed how they could be fixed up with radio-aware chips, which could be manipulated with a mobile phone to activate, say, a Trojan Horse programme that deletes itself after use and transfers say 40 per cent of all votes polled to a specific candidate.

Today, EVMs follow a sort of ‘security by obscurity’, and the voter-verified paper audit trail (VVPAT) terminals with printouts are only a partial solution. But they can be made far more secure. In fact, if sufficient safeguards are inserted, including multi-factor authentication, internet voting could be introduced, so that non-residents and expatriates can also exercise their franchise. The belly-aching by certain parties is just an excuse, but the dangers of EVMs are real.

No comments: