should have chosen ............
complex government requested IT project gone wrong and the vendors profited handsomely, where have we seen that before?
prospective buyers, of outsourced services, beware!!
India’s Comptroller and Auditor General has published a performance audit of the nation’s Unique Identification Authority and found big IT problems – some attributable to Indian services giant HCL and to HP, but others due to poor decisions by the Authority. The Authority (UADAI) oversees “Aadhaar” – a twelve-digit ID issued …
You know how everyone's fingerprints are totally unique, right?
Yeah, actually not so much. That's a bit of 19th century science that worked well enough when you were comparing fingerprints from a few hundred or even thousands of records. But it's only very recently that we've started to record them by the tens of millions. And in that use scenario, it turns out there's a very high chance of misidentifying people.
We need to stop thinking of fingerprints as the gold standard of positive ID.
I don't know what the story is with iris scans, but I wouldn't be surprised if it's similar.
Multiple people might have the same fingerprints, and multiple people might have the same iris scan patterns, but how many have the same fingerprints, the same irises and the same face? If the system actually worked as intended, it seems designed to cope with that fact that us puny humans aren't as unique as we think. Its just that it doesn't work.
I'd bet there are thousands of scenarios where the data set collected for input is incomplete, damaged or corrupted before it even gets into the database. Someone badly scratched their hands the day before being scanned. Someone has two fingers, or one eye, missing. Someone failed to label all the records correctly upon collection. The air pollution was particularly bad one day and the subject's eyes were unusually bloodshot. Incomplete paperwork is a thing, significant levels of illiteracy, and we haven't even touched on deliberate fraud and corruption yet.
In a population the size of India's, there must be millions of records affected by issues like these. Making it very hard to validate the samples that are collected. And I'm sure I don't have to tell you what happens when you input vast terabytes of data without pre-validating it.
You might have the same (or rather similar enough that software can't tell the difference within the margin of error) on ONE finger, but even if your right index fingers match with someone else you won't also match on your other fingers.
Same for irises and faces. By taking all of those you account for that issue, as well as for those who may not have all 12 fingers and irises.
That's not to say securing this goldmine of information isn't potentially a huge problem, but I doubt there will be any issues with false matches given the ability to check so many independent biometrics per person.
You're just assuming all these biometrics are independent. Is there any actual study to back that up?
And it's not just software matching that can go wrong. Highly trained human experts can make the same mistakes. It's a dirty secret of fingerprint identification that there have been horrifyingly few systematic trials, and (as far as I know) absolutely none at this sort of scale.
That's a pretty safe assumption, given that police take prints of all 10 fingers. If they were all the same/similar they wouldn't need to do that. Even identical twins do not have identical fingerprints, though they are often somewhat similar so this is something that's obviously highly environmentally dependent - they are already fully formed when you are born.
The idea that fingerprints and irises would be correlated is laughable. Burden of proof on you for that one. I will admit I have no idea if our left and right irises are the same/similar so there may be some redundancy there.
At this point readers may be wondering who ran UAIDI’s technology, because not archiving data or checking stakeholder security suggests they did not do it brilliantly.The answer is HCL – the Indian services giant was awarded a contract to manage UAIDI tech in 2012 and still has a role today.
Sounds like HCL didn't use an ACID-compliant database
There are close to 1.4 billion Aadhaar cards in use. Every resident of India gets one - even non citizens. The quoted figure is just over quarter of a percent.
They underpin every major public benefit in India - direct benefits transfer (personal subsidies and income supplementation), the national health program and even CoWin, the Covid vaccination registration system. India has performed almost 1.9 billion vaccinations, a billion of them unique individuals, all registered using Aadhaar.
DBT alone has cut $30 billion of prior graft - several times the cost of UIDAI .
https://www.financialexpress.com/economy/dbt-savings-rs-2-23l-cr-counting/2378657/
https://dashboard.CoWin.gov.in
The CAG is only ever going to write unflattering reports. That’s their statutory role - they’re supposed to find problems and ask the hard questions, and to do it loudly and openly.
This is a system that’s actually working - the largest or second largest digital ID system on the planet by a long distance, 2x the size of anything Europe combined would run, over a subcontinental sized country with a fraction of Europe’s per capita income.
What’s the problem here exactly ?