Indian IT at its finest
Badly designed, badly managed, insecure and data open for exploitation and bribery.
So a standard Indian IT delivery then.
The government authority in charge of India's billion-records-and-counting Aadhaar biometric identity database, the Unique Identity Authority of India (UIDAI), has suspended 5,000 officials from accessing the system. As we reported yesterday, a journalist for the country's Tribune newspaper wrote of her ability to access …
Managing a country where corruption is rampant is a very messy and frustrating job. Those officials who profited by selling access are holding their country back from proper progress in the name of personal gain - while their situation is likely far from being worthy of pity.
I wish the Indians the best of luck in clearing that up and creating a generation of officials who actually abide by the rules and understand that they are the guardians of their country's progress.
The bribes will simply move to those who can "tweak" the system to their advantage.
Cashless just means the currency is now electrons and not paper notes.
In a perfect system, movement of those electrons would always leave an auditable trail. In a corrupt place, electrons will mysteriously appear & disappear conveniently.
UIDAI cannot shrug off its responsibility here by saying, "provide us the evidence or we assume nothing serious happened"... Come on, its the data for 1billion people, which is made accessible in 500 INR. It contains information such as cellphone numbers, addresses and email ids of all the people. This itself is enough to escalate the issue.
UIDAI takes credit for labeling itself the largest biometric and identification system in the world. In the same vein, it also has to take hits for the wrong-doings.
One thing is for sure, people are discussing and watching, whats going to happen next.
So you're suggesting that they should just take a newspaper hack's word for it and launch off into investigating "stuff" with no evidence of what, if anything, was compromised? You clearly have a higher opinion of Indian newspapers' journalistic standards than I do of British ones.
The weak link will often be inside people who can be paid to gain access. With India's costs so low compared to other countries the cost to criminals to gain such access is more likely. when you have a huge database that will become tempting. It is one reason western countries that have data protection fines should "inflate" them by the multiple the company saved by moving their processing off shore. As for this case, the benefits of huge databases do not seem to be balanced by the risk of data breaches. Until they are safer personalised data should be silo'ed in tiny amounts as "big data" has not yet shown it needs instant wide access to "everything" but criminals & foreign competitive countries have shown they love it.
"With India's costs so low compared to other countries the cost to criminals to gain such access is more likely."
They also have fierce competition by people for such jobs. They have a problem whereby the system offers jobs only to those with paper qualifications - and the number of apparently qualified applicants far exceeds the number of jobs on offer.
In the past coppers never thought twice about looking up friends, colleagues, partners, kids partners etc on the PNC, yes they where told not to misuse their access, but things where different then and no one really took that type of misuse seriously. I for one am glad of the top down change in sentiment.
When you have a system with so much data with the need for so many humans to have random access to any of it there will always be opportunity for misuse, with the main thing that prevents misuse being trust in your staff.
the real problem, of course, will come when a new government comes into power and decides to use data in that DB to treat a subset of India differently to the rest.
We've seen it before and we'll see it again, sadly.
thing is have all our records been sent there in some sort of uk government outsourcing deal with on the surface safeguards and security but in reality to facilitate easy access for anyone in the world making a fast buck out of the database?
Personally I would not be suprised and was very nervous a few years back when I was divulging personal info to a dept in bangalore when going through a recruitment process for a us company.
Some things should be off limits for going out of the uk and I dont want to know any of their flippin details either.