The TOI article by @rohanduaTOI needs it's own thread. What made it possible to change people's #Aadhaar number linked with ration cards again and again and again? The answer to that simple question will establish how @UIDAI is part of the problem. Let us begin. 👇
First Question:
1. If any database needs to be seeded with #Aadhaar number, does it require the holder's consent? Here is Sri A B Pandey @ceo_uidai saying explicitly "Consent is not required".

Link: rediff.com/money/intervie…
2. So what are the tools that @UIDAI built to facilitate the "Consent is not required" model in every seeded database. We now introduce DBT Seeding Viewer (aka) DSDV. This model is called Inorganic seeding. Notice "w/o beneficiary consent"

Link: pdsportal.nic.in/Files/Aadhar%2…
3. Who used these programmatic tools?

Surprise! DSDV is accessed and allowed by State officials from an explicitly authorized White List IP Address by none other than UIDAI.

Link: ia800805.us.archive.org/3/items/aadhaa…
4. So how is it possible that the UIDAI officials deny that "they are not the problem", when they built the tools using the "No consent" philosophy, gave it to the state officials to precisely do exactly what #Aadhaar was supposed to avoid?

Ans: Reporters have no clue.
5. The tech. awareness of the main stream reporters is why, they can get away with these statements. Now let us do some game theory.

Your SIM card vendor just switched the #Aadhaar number attached to your SIM card. Voila! Your SIM can be lost and then be cloned!
6. What if you cannot trace the 69 Aadhaar holders who siphoned off the ration, because they did not exist? Forgot about that biometric mix-up story, have you? I will bet 50% of these 69 holders can never be traced as they are *ghosts*.

newindianexpress.com/thesundaystand…
7. So why do people like @stonedsufi insist that, it is not a problem with #Aadhaar?

Two reasons:
1. They simply don't know about these programs (DSDV, RASF)
2. Aadhaar has become too big for people to even comprehend what is going on.

8. This non-consensual linking w/o a notification using a known public number is deadly mistake. Seeding issues are so common that "editable" is the only way out.

Link: thehansindia.com/posts/index/An…
9. And if "editable" is a feature because of this, then scams are only inevitable. The heart of the problem is this?

How do you distinguish a mistake (Wrong seeding) vs. genuine ghosts? You can't, unless the people complain. Haven't changed at all.
10. Even in Gujarat PDS Scam, people complained. But the press missed out the story of "Tera Software" fully. Remember they sold biometrics on USB Sticks of MLAs, MPs and Bank Chairmans.

I guess this is the beginning of end.

#

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with V. Anand | வெ. ஆனந்த்

V. Anand | வெ. ஆனந்த் Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @iam_anandv

Sep 15, 2018
FIR Series #2: The first report in 2017, which blew open the ECMP hack.
1. Authorized operator login/passcodes hacked.
2. Their biometrics were cloned.
3. ECMP was compromised.
4. All (1),(2),(3) was sold as a package for 5000 rupees.

indiatoday.in/mail-today/sto…
The most interesting part are the quotes from @UIDAI official that "It has jeopardized the project. So they knew". And the deactivation of 81L identities for various reasons, mean, the deduplication engine was defeated as early as 2017. @HuffPost report was on ECMP Only.
So this is why the @UIDAI's denials don't wash. What @HuffPost did was to just confirm the extent of the ECMP hack. Other details were confirmed by the UP STF on their own. FIR of UP STF is here.
Link: archive.org/details/UPAadh…

How successful is the hack?
Read 4 tweets
Sep 14, 2018
OK. @HuffPostIndia has done more code analysis done by an Israeli Security researcher, that verifies the extent of hack. The code level changes are close to 26, whereas the ones I found was about 20 and the list matches.

huffingtonpost.in/2018/09/14/uid…
Here is a public challenge to the @UIDAI and it's @ceo_uidai. Do you really want me to put out the source code of the patch and your original ECMP client, in the public domain, so that every JAVA developer in this country can verify if the hack is real by themselves?
I mean, researchers work thanklessly to get issues fixed, and follow all ethical disclosure norms so that most of the sensitive things are not put out and only the bare minimum essentials are given to the media. But this constant "vested interests" and "baseless" thing won't do.
Read 4 tweets
Sep 11, 2018
As we eagerly await the SC judgement on #Aadhaar, a short thread about the "Crisis management cell" in @UIDAI and how it operates.

1. It knows that the systems that are required to make Aadhaar work have failed and are continuously failing.
2. Everyday the data stares at it.
3. It can't however even attempt to fix these failings because of the implications. For instance, why is the enrollment software still not fixed? Because fixing means pausing enrollments and that is catastrophic admission of defeat.
4. Same with biometric quality captures.
5. Same with missing documents, Same with Biometric mixups, Same with seeding screw-ups aka UP PDS Scam, Gujarat PDS Biometric scam.
6. The starvation deaths, the Airtel Payment bank scam, the Parallel Database scam and so on. The list is endless.
Read 9 tweets
Sep 10, 2018
There is a video interview of a dealer doing rounds @rohanduaTOI. I think you have seen it. But let me explain the modus operandi. May be it will help others to understand it.

Our first Q:
1. How does Aadhaar authentication in PDS work?
A PDS DB is a (Ration Card, Aadhaar number, Ration Eligibility). So when you give your ration card and ask for your rations, the PDS System, sends (Aadhaar, Fingerprint) to @UIDAI. If it says Yes, you get ration. @UIDAI has no control on the PDS DB. It is with PDS department.
2. So what is the scam?

As per the article and Video, food inspectors hired people, who would change the mapping (Ration Card, Aadhaar number) in the PDS DB and route rations via biometric authentication of the "new Aadhaar number". Then they will change it back to old #.
Read 7 tweets
Sep 7, 2018
Time to do a @ZetaIndia thread, because it is a text book case of not getting caught out in the public domain. Let us begin.

1. First the @RBI notifications. It is true that they had put a Master KYC document that mandated Aadhaar.
Link: rbi.org.in/ScriptS/BS_Vie…
2. There is a glorious S-15 regarding Identity information mandating Aadhaar biometric OTP, but however a subsequent Gazette notification kept it at abeyance.

Link: egazette.nic.in/WriteReadData/…

(Our context is still existing accounts)
3. So RBI put out a circular and kept that in abeyance because SC said so. Now we come back to PPIs. Now @Logic says, they are governed by different set of regulations, but are still governed by PMLA. Since PMLA is kept on abeyance, we need to look at PPI regulations.
Read 15 tweets
Aug 27, 2018
So @HuffPostIndia thinks that the SC could halt the rollout of Aadhaar, but that is only half accurate. I will explain why.

Link: huffingtonpost.in/entry/india-aa…
1. Any court in India, has no real power. The real power lies with the executive/state. A court order only works if the executive pushes it with the power of the state. Sure there is contempt proceedings. But that also depends on the court and the executive.
2. Courts only issue contempt, if they know that it will make the executive respond. But what if they know, it will be ignored? They keep quiet. That is pretty much what happened on #Aadhaar.

3. So why do executive/state can ignore the court?
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(