The TOI article by @rohanduaTOI needs it's own thread. What made it possible to change people's #Aadhaar number linked with ration cards again and again and again? The answer to that simple question will establish how @UIDAI is part of the problem. Let us begin. 👇
First Question: 1. If any database needs to be seeded with #Aadhaar number, does it require the holder's consent? Here is Sri A B Pandey @ceo_uidai saying explicitly "Consent is not required".
2. So what are the tools that @UIDAI built to facilitate the "Consent is not required" model in every seeded database. We now introduce DBT Seeding Viewer (aka) DSDV. This model is called Inorganic seeding. Notice "w/o beneficiary consent"
4. So how is it possible that the UIDAI officials deny that "they are not the problem", when they built the tools using the "No consent" philosophy, gave it to the state officials to precisely do exactly what #Aadhaar was supposed to avoid?
Ans: Reporters have no clue.
5. The tech. awareness of the main stream reporters is why, they can get away with these statements. Now let us do some game theory.
Your SIM card vendor just switched the #Aadhaar number attached to your SIM card. Voila! Your SIM can be lost and then be cloned!
6. What if you cannot trace the 69 Aadhaar holders who siphoned off the ration, because they did not exist? Forgot about that biometric mix-up story, have you? I will bet 50% of these 69 holders can never be traced as they are *ghosts*.
8. This non-consensual linking w/o a notification using a known public number is deadly mistake. Seeding issues are so common that "editable" is the only way out.
9. And if "editable" is a feature because of this, then scams are only inevitable. The heart of the problem is this?
How do you distinguish a mistake (Wrong seeding) vs. genuine ghosts? You can't, unless the people complain. Haven't changed at all.
10. Even in Gujarat PDS Scam, people complained. But the press missed out the story of "Tera Software" fully. Remember they sold biometrics on USB Sticks of MLAs, MPs and Bank Chairmans.
I guess this is the beginning of end.
#
• • •
Missing some Tweet in this thread? You can try to
force a refresh
FIR Series #2: The first report in 2017, which blew open the ECMP hack. 1. Authorized operator login/passcodes hacked. 2. Their biometrics were cloned. 3. ECMP was compromised. 4. All (1),(2),(3) was sold as a package for 5000 rupees.
The most interesting part are the quotes from @UIDAI official that "It has jeopardized the project. So they knew". And the deactivation of 81L identities for various reasons, mean, the deduplication engine was defeated as early as 2017. @HuffPost report was on ECMP Only.
So this is why the @UIDAI's denials don't wash. What @HuffPost did was to just confirm the extent of the ECMP hack. Other details were confirmed by the UP STF on their own. FIR of UP STF is here.
Link: archive.org/details/UPAadh…
OK. @HuffPostIndia has done more code analysis done by an Israeli Security researcher, that verifies the extent of hack. The code level changes are close to 26, whereas the ones I found was about 20 and the list matches.
Here is a public challenge to the @UIDAI and it's @ceo_uidai. Do you really want me to put out the source code of the patch and your original ECMP client, in the public domain, so that every JAVA developer in this country can verify if the hack is real by themselves?
I mean, researchers work thanklessly to get issues fixed, and follow all ethical disclosure norms so that most of the sensitive things are not put out and only the bare minimum essentials are given to the media. But this constant "vested interests" and "baseless" thing won't do.
As we eagerly await the SC judgement on #Aadhaar, a short thread about the "Crisis management cell" in @UIDAI and how it operates.
1. It knows that the systems that are required to make Aadhaar work have failed and are continuously failing. 2. Everyday the data stares at it.
3. It can't however even attempt to fix these failings because of the implications. For instance, why is the enrollment software still not fixed? Because fixing means pausing enrollments and that is catastrophic admission of defeat. 4. Same with biometric quality captures.
5. Same with missing documents, Same with Biometric mixups, Same with seeding screw-ups aka UP PDS Scam, Gujarat PDS Biometric scam. 6. The starvation deaths, the Airtel Payment bank scam, the Parallel Database scam and so on. The list is endless.
There is a video interview of a dealer doing rounds @rohanduaTOI. I think you have seen it. But let me explain the modus operandi. May be it will help others to understand it.
Our first Q: 1. How does Aadhaar authentication in PDS work?
A PDS DB is a (Ration Card, Aadhaar number, Ration Eligibility). So when you give your ration card and ask for your rations, the PDS System, sends (Aadhaar, Fingerprint) to @UIDAI. If it says Yes, you get ration. @UIDAI has no control on the PDS DB. It is with PDS department.
2. So what is the scam?
As per the article and Video, food inspectors hired people, who would change the mapping (Ration Card, Aadhaar number) in the PDS DB and route rations via biometric authentication of the "new Aadhaar number". Then they will change it back to old #.
Time to do a @ZetaIndia thread, because it is a text book case of not getting caught out in the public domain. Let us begin.
1. First the @RBI notifications. It is true that they had put a Master KYC document that mandated Aadhaar.
Link: rbi.org.in/ScriptS/BS_Vie…
2. There is a glorious S-15 regarding Identity information mandating Aadhaar biometric OTP, but however a subsequent Gazette notification kept it at abeyance.
3. So RBI put out a circular and kept that in abeyance because SC said so. Now we come back to PPIs. Now @Logic says, they are governed by different set of regulations, but are still governed by PMLA. Since PMLA is kept on abeyance, we need to look at PPI regulations.
1. Any court in India, has no real power. The real power lies with the executive/state. A court order only works if the executive pushes it with the power of the state. Sure there is contempt proceedings. But that also depends on the court and the executive.
2. Courts only issue contempt, if they know that it will make the executive respond. But what if they know, it will be ignored? They keep quiet. That is pretty much what happened on #Aadhaar.
3. So why do executive/state can ignore the court?