It would not do for people to find out all of a sudden that their bank accounts have been cleaned out, or that your BHIM and Aadhaar data are available for sale on the Internet.
Some people are raising questions about Aadhaar and about Electronic Voting Machines (EVMs). It is hard to dismiss them out of hand even if you make allowances for their vested interests. The reason is that, fundamentally, computer and network security in India is in its infancy. As the country is dragged kicking and screaming into a future with electronic money and electronic identity and electronic everything else, it is pertinent to worry about how things can go wrong.
The objectives behind Aadhaar and the EVM are laudable: it makes sense both to have an unalterable identity mechanism and a way of quickly and accurately tabulating election results. Indeed there is a case for even greater introduction of digital mechanisms into daily activities: for instance, we need land records and medical records to be reliable and portable. So the thrust behind Digital India and India Stack is doubtless, sensible. The devil is in the implementation details.
It would be instructive to look at what has happened elsewhere with the introduction of a unique identifier and electronic voting machines, though their situations may not be entirely comparable. They are different countries with different problems, yes, but certainly one can learn from the experiences of other people.
Electronic Voting Machines have been banned in several American states (and in Germany they have been ruled unconstitutional) because it is evident that there are multiple ways of tampering with them, thus denying a citizen the constitutional right to the vote.
As for identity, the social security number (SSN) was introduced in the US quite some time ago as a way of providing a national worker’s pension. But the SSN soon became used for all sorts of other things, and in effect, it is a de facto unique national id now. Other government agencies such as the income tax authorities as well as businesses began to track data using the SSN as the unique id, and even though it was illegal to do so in the first place, but you have a fait accompli now.
The net result today is that it is possible to construct the entire profile of any US resident these days by just using their SSN: you can track their credit card use, their medical history, their ATM use, and so on. There was a film The Net that shows the nightmare scenario if someone were to delete your SSN from the system: you become a non-person. For all practical purposes, you cease to exist.
Separately, with the arrival of the smartphone, not only the US government but also Google, Facebook, Apple and Amazon know everything about you: where you have been at any time, who you fraternise with, what your interests are, what topics you search for on the net, what you say to whom on social media or phone calls. Everything.
If you were a bit of a pessimist, you might say that the age of the Panopticon has arrived: that the scary future European philosopher Jeremy Bentham imagined, where Big Brother is really watching you and knows what you think.
For privacy advocates, this is a nightmare: imagine if a government were to be malign, and wanted to round up people based on thought crimes – in fact you can do this today. Witness how every time some terrorist is caught, they say he had been watching propaganda videos on YouTube or learning how to assemble bombs from common household chemicals. You leave your digital footprints everywhere, and it is almost impossible to hide from the eye in the sky.
But what is worse is that it is not only governments, but hackers too who know or can know anything about you.
One popular trick these days is ransomware: your computer is locked up by a remote hacker, who refuses to let you access it unless you pay good money. One way of dealing with this is to keep regular backups of all your data on computers or disks that are never attached to the Internet. But that is hard to do because your computers need the regular software updates pushed by the manufacturers.
Beyond that, there is identity theft. By piecing together data about your activities, and especially based on the SSN, it is possible for thieves to create new identities that mimic you: the data is yours, but someone has control of it. Large numbers of people fall prey to this every year in the US, and billions of dollars are stolen. A crook who clones your identity can with little trouble create a new credit card with your SSN, and charge thousands of dollars to it. You, alas, will get the bill. This is so widespread that there is identify theft insurance available now.
Imagine how identify theft might play out in India. Unscrupulous bank employees have already been caught in scams where they clone credit cards, and arrange for the PIN numbers to be sent to addresses they or their friends control: the banks end up absorbing this kind of loss (unless they can bully the consumer into paying for the fraud). But imagine how this would be a nightmare if clever hackers are let loose on millions of unsuspecting and unprepared, often illiterate and gullible users in India. And all their financial information is centred around their Aadhaar numbers.
When BHIM-Aaadhar is made a major mechanism for financial transactions, it should be assumed that there will be continuous and wilful security breach attempts made by hackers. It would not do for people to find out suddenly that their bank accounts have been cleaned out, or that your BHIM and Aadhaar data are available for sale on the Internet.
That brings us to the crux of the matter. It is true that Aadhaar is a high-tech mechanism using fingerprints and iris scans to precisely identify individuals. It may even be that this is superior to other UID mechanism available elsewhere.
But there are several problems: one is that current processes need to be re-engineered, another is that there needs to be a clear idea of ownership of data, and a third is that the data must be stored in a manner that it is unalterable.
The first problem is the hardest. Many of the processes we use in India unnecessarily reveal too much information, and they can be leaky – just the thing that the friendly neighbourhood hackers are looking for. Every process using Aadhaar for authentication needs to be re-engineered end to end to ensure that only information that is absolutely necessary (“need to know”) is revealed, and that too in a secure manner.
Secondly, it is not clear who owns the information; maybe the Aadhaar Act has clear rules about this. But the working assumption is that all the data belongs to the government (and that it is not merely the custodian of private data). On the contrary, it must be absolutely clear that the data belongs to the individual, and that he/she must be in control of how much of it is revealed. For instance, if one wants to reveal his/her medical or financial history to some corporation, it should be based on informed consent.
The third problem may have a general solution: blockchain. Although there are concerns about the physical security of devices using blockchain, by integrating that technology into the (orthogonal) technology of identity management, it may be possible to create solutions so that important data is guaranteed to be inviolate.
As for Electronic Voting Machines, speaking strictly from a technology perspective, they are not as safe as we may believe. It would be necessary to have full control of the chips and firmware on them to be confident that EVMs are not being messed with. Researchers in 2010 showed how they could be fixed up with radio-aware chips, which could be manipulated with a mobile phone to activate, say, a Trojan Horse programme that deletes itself after use and transfers say 40 per cent of all votes polled to a specific candidate.
Today, EVMs follow a sort of ‘security by obscurity’, and the voter-verified paper audit trail (VVPAT) terminals with printouts are only a partial solution. But they can be made far more secure. In fact, if sufficient safeguards are inserted, including multi-factor authentication, internet voting could be introduced, so that non-residents and expatriates can also exercise their franchise. The belly-aching by certain parties is just an excuse, but the dangers of EVMs may be real.
Recent Posts
- In the Large States category (overall), Chhattisgarh ranks 1st, followed by Odisha and Telangana, whereas, towards the bottom are Maharashtra at 16th, Assam at 17th and Gujarat at 18th. Gujarat is one State that has seen startling performance ranking 5th in the PAI 2021 Index outperforming traditionally good performing States like Andhra Pradesh and Karnataka, but ranks last in terms of Delta
- In the Small States category (overall), Nagaland tops, followed by Mizoram and Tripura. Towards the tail end of the overall Delta ranking is Uttarakhand (9th), Arunachal Pradesh (10th) and Meghalaya (11th). Nagaland despite being a poor performer in the PAI 2021 Index has come out to be the top performer in Delta, similarly, Mizoram’s performance in Delta is also reflected in it’s ranking in the PAI 2021 Index
- In terms of Equity, in the Large States category, Chhattisgarh has the best Delta rate on Equity indicators, this is also reflected in the performance of Chhattisgarh in the Equity Pillar where it ranks 4th. Following Chhattisgarh is Odisha ranking 2nd in Delta-Equity ranking, but ranks 17th in the Equity Pillar of PAI 2021. Telangana ranks 3rd in Delta-Equity ranking even though it is not a top performer in this Pillar in the overall PAI 2021 Index. Jharkhand (16th), Uttar Pradesh (17th) and Assam (18th) rank at the bottom with Uttar Pradesh’s performance in line with the PAI 2021 Index
- Odisha and Nagaland have shown the best year-on-year improvement under 12 Key Development indicators.
- In the 60:40 division States, the top three performers are Kerala, Goa and Tamil Nadu and, the bottom three performers are Uttar Pradesh, Jharkhand and Bihar.
- In the 90:10 division States, the top three performers were Himachal Pradesh, Sikkim and Mizoram; and, the bottom three performers are Manipur, Assam and Meghalaya.
- Among the 60:40 division States, Orissa, Chhattisgarh and Madhya Pradesh are the top three performers and Tamil Nadu, Telangana and Delhi appear as the bottom three performers.
- Among the 90:10 division States, the top three performers are Manipur, Arunachal Pradesh and Nagaland; and, the bottom three performers are Jammu and Kashmir, Uttarakhand and Himachal Pradesh
- Among the 60:40 division States, Goa, West Bengal and Delhi appear as the top three performers and Andhra Pradesh, Telangana and Bihar appear as the bottom three performers.
- Among the 90:10 division States, Mizoram, Himachal Pradesh and Tripura were the top three performers and Jammu & Kashmir, Nagaland and Arunachal Pradesh were the bottom three performers
- West Bengal, Bihar and Tamil Nadu were the top three States amongst the 60:40 division States; while Haryana, Punjab and Rajasthan appeared as the bottom three performers
- In the case of 90:10 division States, Mizoram, Assam and Tripura were the top three performers and Nagaland, Jammu & Kashmir and Uttarakhand featured as the bottom three
- Among the 60:40 division States, the top three performers are Kerala, Andhra Pradesh and Orissa and the bottom three performers are Madhya Pradesh, Jharkhand and Goa
- In the 90:10 division States, the top three performers are Mizoram, Sikkim and Nagaland and the bottom three performers are Manipur and Assam
In a diverse country like India, where each State is socially, culturally, economically, and politically distinct, measuring Governance becomes increasingly tricky. The Public Affairs Index (PAI 2021) is a scientifically rigorous, data-based framework that measures the quality of governance at the Sub-national level and ranks the States and Union Territories (UTs) of India on a Composite Index (CI).
States are classified into two categories – Large and Small – using population as the criteria.
In PAI 2021, PAC defined three significant pillars that embody Governance – Growth, Equity, and Sustainability. Each of the three Pillars is circumscribed by five governance praxis Themes.
The themes include – Voice and Accountability, Government Effectiveness, Rule of Law, Regulatory Quality and Control of Corruption.
At the bottom of the pyramid, 43 component indicators are mapped to 14 Sustainable Development Goals (SDGs) that are relevant to the States and UTs.
This forms the foundation of the conceptual framework of PAI 2021. The choice of the 43 indicators that go into the calculation of the CI were dictated by the objective of uncovering the complexity and multidimensional character of development governance
The Equity Principle
The Equity Pillar of the PAI 2021 Index analyses the inclusiveness impact at the Sub-national level in the country; inclusiveness in terms of the welfare of a society that depends primarily on establishing that all people feel that they have a say in the governance and are not excluded from the mainstream policy framework.
This requires all individuals and communities, but particularly the most vulnerable, to have an opportunity to improve or maintain their wellbeing. This chapter of PAI 2021 reflects the performance of States and UTs during the pandemic and questions the governance infrastructure in the country, analysing the effectiveness of schemes and the general livelihood of the people in terms of Equity.
Growth and its Discontents
Growth in its multidimensional form encompasses the essence of access to and the availability and optimal utilisation of resources. By resources, PAI 2021 refer to human resources, infrastructure and the budgetary allocations. Capacity building of an economy cannot take place if all the key players of growth do not drive development. The multiplier effects of better health care, improved educational outcomes, increased capital accumulation and lower unemployment levels contribute magnificently in the growth and development of the States.
The Pursuit Of Sustainability
The Sustainability Pillar analyses the access to and usage of resources that has an impact on environment, economy and humankind. The Pillar subsumes two themes and uses seven indicators to measure the effectiveness of government efforts with regards to Sustainability.
The Curious Case Of The Delta
The Delta Analysis presents the results on the State performance on year-on-year improvement. The rankings are measured as the Delta value over the last five to 10 years of data available for 12 Key Development Indicators (KDI). In PAI 2021, 12 indicators across the three Pillars of Equity (five indicators), Growth (five indicators) and Sustainability (two indicators). These KDIs are the outcome indicators crucial to assess Human Development. The Performance in the Delta Analysis is then compared to the Overall PAI 2021 Index.
Key Findings:-
In the Scheme of Things
The Scheme Analysis adds an additional dimension to ranking of the States on their governance. It attempts to complement the Governance Model by trying to understand the developmental activities undertaken by State Governments in the form of schemes. It also tries to understand whether better performance of States in schemes reflect in better governance.
The Centrally Sponsored schemes that were analysed are National Health Mission (NHM), Umbrella Integrated Child Development Services scheme (ICDS), Mahatma Gandh National Rural Employment Guarantee Scheme (MGNREGS), Samagra Shiksha Abhiyan (SmSA) and MidDay Meal Scheme (MDMS).
National Health Mission (NHM)
INTEGRATED CHILD DEVELOPMENT SERVICES (ICDS)
MID- DAY MEAL SCHEME (MDMS)
SAMAGRA SHIKSHA ABHIYAN (SMSA)
MAHATMA GANDHI NATIONAL RURAL EMPLOYMENT GUARANTEE SCHEME (MGNREGS)