Lots of people have said it before...
Biometrics should ONLY be used instead of a username... NOT as a
Hope the Indian government is smart enough to realise this...
India's issued three “Guidance Notes” outlining its government's policies for procuring software and entering into alliances and running RFPs. The new Model RFP Templates and Guidance Notes for Implementing Services (PDF), RFP Templates and Guidance Notes for Consulting Services (PDF) and Model and Model RFP Templates and …
And I'm sure you realize the obvious counter.
Many in India are POOR and likely have POOR education.
Meaning in a world of "Are, Know, Have", many in India neither KNOW nor HAVE anything of value. How do you handle an identity system when the ONLY thing of value you possibly possess is something you ARE?
But guess what education helps to do? Condition the mind to be able to do what you describe. Even in the old days, the hands-on education of skilled trades and so on conditioned the mind to be able to think out of the box for the sake of their position (adapting to changing conditions). If OTOH everyone did things by rote...
Early 2012, and Aadhaar is threatened with termination. UIDAI saves the project by publishing two papers on the reliability of the mass consumer biometrics technology used by Aadhaar:
The claimed biometric failure to enrol rate was 0.14%. The claimed false positive identification rate was 0.057%. The claimed false negative identification rate was 0.035%.
Such figures were and still are several orders of magnitude better than anyone had or has ever achieved for mass consumer biometrics.
How did UIDAI claim that Aadhaar would achieve them with a population of 1.2 billion people? Answer, by ditching biometrics based on face recognition, adopting flat print fingerprints and irisprints combined to form a single multi-modal biometric and by using three competing matching algorithms. Any other approach, UIDAI said, was doomed to "catastrophic failure".
Five years later, have UIDAI achieved those impressive performance figures? An independent audit is required.
If they have, will the suppliers of the biometrics systems in use warrant their performance? If not, why not?
If they have, then the UK Home Office must explain why it continues to embrace "catastrophic failure". (The Home Office continue to fund face recognition, they no longer fund irisprints and they do not use competing matching algorithms.) And the UK Home Office must follow India by publishing its own performance statistics.
If UIDAI have failed to deliver, five years later, then Aadhaar will once again be in danger. So will every other government-backed mass consumer biometrics project in the world.
It will fail, sooner or later. People (including myself) thought faking iris was going to be hard, would require consent, etc. Turns out... nope! I'm sure you saw the articles yesterday or the day before about CCC cracking Samsung 8's iris recog.
Biometrics is an arms race. I find it funny that people worry about quantum safe asymmetric crypto, which is much much further away than a biometrics fail, but maybe that's just my opinion.
Speaking as an Indian, I am worried sick about these things, especially if they ever start force-linking it to bank accounts. There **WILL** be massive theft of lots of money from lots of people.
I only hope they hit the really rich people, and not us poor bastards.