Cybersecurity Threats and Cybersecurity Best Practices
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
1. Aadhaar
India’s National Biometrics ID
Deepak Maheshwari
Director, Government Affairs, India & ASEAN, Symantec
ETAP Forum, Tel Aviv, 22 June 2016
1
2. Couple of Caveats
Views are personal and not necessarily
represent those of Symantec
Not speaking for or on behalf of the Unique
Identification Authority of India (UIDAI) or
any other government agency
ETAP Forum, Tel Aviv, 22 June 2016
2
3. Agenda
Socio-Economic & Political Snapshot
What is Aadhaar?
Towards A Billion JAMs
Key Issues Around Security & Privacy
ETAP Forum, Tel Aviv, 22 June 2016
3
4. Socio-Economic & Political Snapshot
Federal Sovereign Social Secular Democratic Republic
with Westminster model
Service Economy, Agricultural Society
Government subsidies & benefits
– Suffer from 3D syndrome (Delay, Denial & Duplicate)
– up to 85% leakage
Breakout nation: 7.6% GDP growth; Internet growth via Mobile
Robust decadal census but many lack non-repudiable
IDs (passport, driving license, voter ID, etc.)
ETAP Forum, Tel Aviv, 22 June 2016
4
5. What is Aadhaar?
Unique ID to every resident in India; means ‘Foundation’
– 12 digit random number allotted after de-duplication of registration data
collected during enrolment
Demographic info (Name, date of birth, address and names of parents)
Biometrics (all 10 fingers, both iris and face)
Email ID & Mobile number
– Enrolment is voluntary but becoming a de facto mandate
Neither citizenship proof nor gives any entitlements
Number is important, not the Card per se
Online Authentication sans any Authorization
– Biometrics / One Time Password
– Only response is ‘Yes’ or ‘No’
Parallel drive underway for mandatory enrolment of every
citizen in 16 digit National Population Register (NPR)
ETAP Forum, Tel Aviv, 22 June 2016
5
6. Towards A Billion JAMs
ETAP Forum, Tel Aviv, 22 June 2016
Dateline Milestone
Jan 2009 UIDAI set up via Executive Order
Jul 2009 Nandan Nilekani appointed as Chairman
Apr 2010 Brand the logo for Aadhaar launched
Sep 2010 First Aadhaar ID issued
2011-14 Payment Bridge; Cash transfer pilots; e-KYC;
Empanelment of Authentication & User Agencies
Sep 2013 None to suffer for not having Aadhaar (Supreme Court)
2014-16 JAM (Jan-Dhan for Financial Inclusion; Aadhaar & Mobile) for Cash Transfers;
Digital Locker
Jan 2016 Central Registry notified as Critical Infrastructure
Mar 2016 Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and
Services) Act
Apr 2016 Enrolments cross the billion mark in 5.5 years
6
7. Key Issues Around Security & Privacy
Security of the Centralized Identities Registry
Compromise during enrolment or authentication
Sharing information with other agencies or using beyond
the stated purpose
Law excludes collection of certain demographic information
race, religion, caste, tribe, ethnicity, language, records of
entitlement, income, political history
Law allows biometrics information via subordinate
legislation
False positives / negatives
– Poor quality of biometrics at the time of enrolment / authentication
– Vagaries of the algorithm / limitation of the standard
Fake credentials
ETAP Forum, Tel Aviv, 22 June 2016
7