As we eagerly await the SC judgement on #Aadhaar, a short thread about the "Crisis management cell" in @UIDAI and how it operates.
1. It knows that the systems that are required to make Aadhaar work have failed and are continuously failing. 2. Everyday the data stares at it.
3. It can't however even attempt to fix these failings because of the implications. For instance, why is the enrollment software still not fixed? Because fixing means pausing enrollments and that is catastrophic admission of defeat. 4. Same with biometric quality captures.
5. Same with missing documents, Same with Biometric mixups, Same with seeding screw-ups aka UP PDS Scam, Gujarat PDS Biometric scam. 6. The starvation deaths, the Airtel Payment bank scam, the Parallel Database scam and so on. The list is endless.
7. Instead, it operates on "keeping a lid" on things. Somehow, anyhow, the cell wants to put #Aadhaar over the finish line, where SC says, it is constitutional so that it can then focus on the failing/failed systems. 8. Till then the following instruments are used.
8.1 Deny everything. 8.2 Media Plants w/o bylines. 8.3 Friendly editorials by Friendly publications. 8.4 FIRs 8.5 Downright propaganda via @WorldBankIndia on Savings and other stuff. 8.6 New Half baked ideas aka Face Recognition, Virtual IDs.
8.7 Deflections such as Data Protection Act 8.8 When all else fails, there is always the charming @NandanNilekani.
9. Events, however have far exceeded the capability of the crisis management cell's capability to contain the outbreak and they know it.
10. Being a nationalist and a hawk on Nat. Sec. , I can't help but be concerned, how the incompetent crisis cell, has deliberately ignored, National Security issues because of the failing/failed systems. I have seen Jihadis and ISI spies get Aadhaar with fake names in 5 seconds
11. And I have brought this up to the notice of the agencies involved. Even then these systems are not fixed because of the perverse way in which UIDAI denies everything. The crisis management cell's DNA has pervaded UIDAI so thoroughly, that I have no trust in it.
So what does it mean? Quite a bit. So many systems that are necessary for Aadhaar to function have fallen apart and broken down that if SC upholds Aadhaar, demonetization would be like a Picnic.
Re-Aadhaarization of the entire nation *again* is the only way to save it.
#
• • •
Missing some Tweet in this thread? You can try to
force a refresh
FIR Series #2: The first report in 2017, which blew open the ECMP hack. 1. Authorized operator login/passcodes hacked. 2. Their biometrics were cloned. 3. ECMP was compromised. 4. All (1),(2),(3) was sold as a package for 5000 rupees.
The most interesting part are the quotes from @UIDAI official that "It has jeopardized the project. So they knew". And the deactivation of 81L identities for various reasons, mean, the deduplication engine was defeated as early as 2017. @HuffPost report was on ECMP Only.
So this is why the @UIDAI's denials don't wash. What @HuffPost did was to just confirm the extent of the ECMP hack. Other details were confirmed by the UP STF on their own. FIR of UP STF is here.
Link: archive.org/details/UPAadh…
OK. @HuffPostIndia has done more code analysis done by an Israeli Security researcher, that verifies the extent of hack. The code level changes are close to 26, whereas the ones I found was about 20 and the list matches.
Here is a public challenge to the @UIDAI and it's @ceo_uidai. Do you really want me to put out the source code of the patch and your original ECMP client, in the public domain, so that every JAVA developer in this country can verify if the hack is real by themselves?
I mean, researchers work thanklessly to get issues fixed, and follow all ethical disclosure norms so that most of the sensitive things are not put out and only the bare minimum essentials are given to the media. But this constant "vested interests" and "baseless" thing won't do.
There is a video interview of a dealer doing rounds @rohanduaTOI. I think you have seen it. But let me explain the modus operandi. May be it will help others to understand it.
Our first Q: 1. How does Aadhaar authentication in PDS work?
A PDS DB is a (Ration Card, Aadhaar number, Ration Eligibility). So when you give your ration card and ask for your rations, the PDS System, sends (Aadhaar, Fingerprint) to @UIDAI. If it says Yes, you get ration. @UIDAI has no control on the PDS DB. It is with PDS department.
2. So what is the scam?
As per the article and Video, food inspectors hired people, who would change the mapping (Ration Card, Aadhaar number) in the PDS DB and route rations via biometric authentication of the "new Aadhaar number". Then they will change it back to old #.
Time to do a @ZetaIndia thread, because it is a text book case of not getting caught out in the public domain. Let us begin.
1. First the @RBI notifications. It is true that they had put a Master KYC document that mandated Aadhaar.
Link: rbi.org.in/ScriptS/BS_Vie…
2. There is a glorious S-15 regarding Identity information mandating Aadhaar biometric OTP, but however a subsequent Gazette notification kept it at abeyance.
3. So RBI put out a circular and kept that in abeyance because SC said so. Now we come back to PPIs. Now @Logic says, they are governed by different set of regulations, but are still governed by PMLA. Since PMLA is kept on abeyance, we need to look at PPI regulations.
1. Any court in India, has no real power. The real power lies with the executive/state. A court order only works if the executive pushes it with the power of the state. Sure there is contempt proceedings. But that also depends on the court and the executive.
2. Courts only issue contempt, if they know that it will make the executive respond. But what if they know, it will be ignored? They keep quiet. That is pretty much what happened on #Aadhaar.
3. So why do executive/state can ignore the court?
The TOI article by @rohanduaTOI needs it's own thread. What made it possible to change people's #Aadhaar number linked with ration cards again and again and again? The answer to that simple question will establish how @UIDAI is part of the problem. Let us begin. 👇
First Question: 1. If any database needs to be seeded with #Aadhaar number, does it require the holder's consent? Here is Sri A B Pandey @ceo_uidai saying explicitly "Consent is not required".
2. So what are the tools that @UIDAI built to facilitate the "Consent is not required" model in every seeded database. We now introduce DBT Seeding Viewer (aka) DSDV. This model is called Inorganic seeding. Notice "w/o beneficiary consent"