Sunday, November 19, 2017

Retro fitting privacy into aadhaar

Aadhaar project has invited wrath of the privacy advocates and civil society for being lax on security and privacy of individuals. The supreme court is expected to give a verdict tomorrow on whether privacy is a fundamental right or not. Once the supreme court asserts that privacy is a fundamental right although it has not found mention in the constitution(by oversight), the case against the aadhaar validity will continue to be heard by the three judge bench.
Many well intentioned people have suggested mitigation measures such as destroying the aadhaar database and arming people with biometrics laden smart cards. Many privacy fearing people have blocked their biometric authentication by locking it.
Very few people have seen it as a technology problem that can be addressed using technological measures. One such Idea that I have suggested in online forums is to make it harder for companies to correlate databases and building profiles of individuals based on the aadhaar number.
Addendum: Recent press reports suggest that UIDAI is looking at providing dummy numbers to companies to seed in their databases which will ensure uniqueness yet preserving privacy as these dummy numbers cannot be used to find the real aadhaar number.
I have found interesting avenues for research on differential privacy and how correlation of databases can be avoided.

No comments:

Post a Comment