[deafcalculus]

The biometric scanners probably have big security holes too. In fact, it won't surprise me if the JTAG is left enabled and anyone can read/write the firmware!

Aadhaar needs something like TrustRank or a Web Of Trust where identity and citizenship isn't binary but a continuous number (probability) based on who and how many vouch for your identity. A lot of citizens, especially in rural areas, aren't documented very well. It's best to acknowledge that uncertainty in the system and deal with it.

The public discussion around Aadhaar is very confused. There's hardly anything wrong with a universal ID for every citizen. There are already several in India (Driving License, Passport, Voter's ID, PAN card, etc.). The real privacy issue is around (a) the govt. collecting biometric data, and (b) how much the govt. / third-party service provider learns about you when you authenticate your identity using Aadhaar. The UIDAI doesn't even want to discuss the issue in the open ("trust us, your data is secure. No proof of hacking whatsoever."), and the use of non-open-source software and closed biometric hardware is troubling. If biometric scanners are using proper encryption, who holds the keys? (My guess, the manufacturers have it, and lots of people who shouldn't have it do have it). What's needed is consensus building, maybe through a public consultation, about what the majority of people are willing to disclose to the govt. Biometric isn't an absolute necessity for Aadhaar to achieve it's stated goals. That said, recent polls show that the percentage of Indians who trust their govt. is way higher than in the west, so the govt. can probably get what it wants while playing nice.

There's also very little discussion about how secure the biometrics are. There's no info about what services are considered sensitive and need more than a fingerprint. Fingerprints maybe fine for 5 years, but I have a hard time believing they'll be constant enough for secure identity verification over 80 years. What happens when biometric fails and a significant chunk of the populace can't sign, don't remember their date-of-birth or any password, or even their full name? Again, something like a web of trust would've been helpful.