The Indian National ID Card Project

The Technology & Economic Forum is a venue to discuss issues pertaining to Technological and Economic developments in India. We request members to kindly stay within the mandate of this forum and keep their exchanges of views, on a civilised level, however vehemently any disagreement may be felt. All feedback regarding forum usage may be sent to the moderators using the Feedback Form or by clicking the Report Post Icon in any objectionable post for proper action. Please note that the views expressed by the Members and Moderators on these discussion boards are that of the individuals only and do not reflect the official policy or view of the Bharat-Rakshak.com Website. Copyright Violation is strictly prohibited and may result in revocation of your posting rights - please read the FAQ for full details. Users must also abide by the Forum Guidelines at all times.
vera_k
BRF Oldie
Posts: 3986
Joined: 20 Nov 2006 13:45

Re: The Indian National ID Card Project

Post by vera_k »

^^^

The technical stuff is easy. Not something you can put under your desk, but not terribly difficult either. All the hardware and software in the central systems should not cost more than $10M over 3 years. I think its the rollout required for the points of presence and the work in enrolling people that will suck up most of the money. Not a loss at all, because the rollout will generate a lot of jobs.
Last edited by vera_k on 06 Oct 2010 11:54, edited 1 time in total.
Neshant
BRF Oldie
Posts: 4852
Joined: 01 Jan 1970 05:30

Re: The Indian National ID Card Project

Post by Neshant »

Its relatively easy to duplicate a thumbprint. Just create a thin rubber mold of the person's thumb print and stick it to the tip of your finger.

See the trailer of the movie Gattaca at about 1:13 into the video:
http://www.youtube.com/watch?v=o7OYCmynrRU

Its also easy to find someone who looks something like a person in a photograph and have him wear that rubber mold.

So I suggest that transactions be based only on iris scans. A portable iris scanner has to be developed not just a thumb print reader. Better yet, develop both... and the guy has to show up in person (and look like the photograph on his ID card) plus his thumb print and iris scan has to match.

Now before you know it, some guy will be developing contact lenses with the same iris pattern as the intended victim. So I also suggest the govt have all transactions insured by private insurance companies. Say 20 paisa on every 100 rupees ? Also limit the transaction amount to say 50,000 rupees per day.
Sudip
BRFite
Posts: 378
Joined: 28 Oct 2008 05:42
Location: Paikhana

Re: The Indian National ID Card Project

Post by Sudip »

Neshant wrote:Its relatively easy to duplicate a thumbprint. Just create a thin rubber mold of the person's thumb print and stick it to the tip of your finger.

See the trailer of the movie Gattaca at about 1:13 into the video:
http://www.youtube.com/watch?v=o7OYCmynrRU

Its also easy to find someone who looks something like a person in a photograph and have him wear that rubber mold.

So I suggest that transactions be based only on iris scans. A portable iris scanner has to be developed not just a thumb print reader. Better yet, develop both... and the guy has to show up in person (and look like the photograph on his ID card) plus his thumb print and iris scan has to match.

Now before you know it, some guy will be developing contact lenses with the same iris pattern as the intended victim. So I also suggest the govt have all transactions insured by private insurance companies. Say 20 paisa on every 100 rupees ? Also limit the transaction amount to say 50,000 rupees per day.
In the movie minority report, tom cruise undergoes an iris surgery to fool iris scanning robots.

Few decades ago when finger printing was proving to be imperfect with its deficinecies, someone found that iris technology with optical technology was much better until someone will find a crack for that. These days some countries have started keeping DNA/genomic of criminals and are also debating if it should be done for the entire population (UK). Some people talked about injecting a tiny RFID tag into every person (these technology already exist and have not been implemented only for ethical reasons).

I think the point is that every few years new technologies will come and still new cracks to overcome those technologies will evolve.

The important aspect of UID is to form the methodology and platform to collect an entire population's record and then incrementally improve/maintain it once the first stage (ie collecting the massive information from door to door or voluntarily) is completed. I would be happiest if just this much is done.

An example is banks. I can say say what if i hack into the servers of citibank, i steal all the money. but the technology used by citibank to protect itself will be useful against 99.9999% of TODAY's attacks. It should also be realised the kind of bank security technologies that existed in 80s and 70s would have been easier to break into by the technology of 2010. So everything keeps evolving with time to fend off attacks.

So i think the debate about the security and risks of UID isnt worth it. Would someone believe me if I said I could hack into SBI database? That is also government organisation.

The point is to build and complete the database and data collection for today's population. Once that is done, then modifications, amendments can be made forever.
Also, I feel that as the with growing prosperity, the population rate will decline, people will become wealthier and educated and hence have more need and concern for the UID which will automatically pave the way for greater inclusion and upkeep of the UID.
Neshant
BRF Oldie
Posts: 4852
Joined: 01 Jan 1970 05:30

Re: The Indian National ID Card Project

Post by Neshant »

they better think this biometric stuff through

Simple Lack of Hygiene Fools Most Biometric Scanners
http://gizmodo.com/5654302/simple-lack- ... c-scanners

Turns out the body's natural aging process is enough to fool these fallible systems, as are the grime, grease, moisture and dirt that naturally accumulate on a person's finger throughout the day.
Vipul
BRF Oldie
Posts: 3727
Joined: 15 Jan 2005 03:30

Re: The Indian National ID Card Project

Post by Vipul »

UID: Wipro, Spanco among lowest bidders for data collection.

With 221 Vendors, manintaing Standards and QC is going to be a challenge.Some of the Vendor companies have no track record of executing such complex work and are engaged in staffing (body shopping) business in the US!!!!. These companies have no ethics and do business pushing fake resumes.
The mistakes of and sloppy Vendor work had led to the failure of the Voter Card scheme.The same can very well happen in this case.Nandan Nilekeni better utilize his time supervising this rather then singing peans of Indian Politicians!!!
geeth
BRFite
Posts: 1196
Joined: 22 Aug 1999 11:31
Location: India

Re: The Indian National ID Card Project

Post by geeth »

Guys,

This card is gonna be the Mother of all cards...in future you will asked to quote this number in anything and everything you want to do...and all will be well networked - in the sense that to find out what the person holding card No. 12345678910 did, they have to just type the number and it will show your bank transaction (in all the banks with multiple accounts), credit card payments, loan amount, non-payment of dues etc etc. It is a question of time before the Guvermand know how much money you had handled, where all you had gone, with whom all you were talking...
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote:
tarun wrote: Tanaji & Tarun -- I personally feel that the proposed budget is less compared to the goal set. But thats my personal opinion. There are many firsts in this project. To provide a query response SLA of 5 secs for almost a million transactions at peak from a backend database of 1 billion, you wud really need a system which is the first in this world. Nobody has yet attempted to achieve even half.
But again, this is my personal opinion.
We shortchange our goals too often, how big can our politicians/bureaucrats think, 10 million broadband connections by 2010 was a goal in 2004 and that is exactly what we got along with a pat on the back by the bureaucrats for themselves.

5 seconds is not very ambitious for a simple yes or no query for validation of a UUID with biometric information. A million transactions at peak thats all ? Less than 10000 modern 32nm 64 bit processor cores would suffice for it. The budget for hardware should be no more than 15 crore Indian Rupees for that and all associated online de-duplication processing ( which any doesn't have to happen in online request-response loops but as cheaper batch processing ). Add space, power and cooling cost of about 6 crores per year for that and at 21 crores such a system can be run.

Cost of verification for Digital Signatures deriving trust from ROOT CA run by cca.gov.in is less than 150 Rupees for Indian Certifying authorities. Lets just say that the cost of doing this kind of a verification on a larger scale is actually less since this can be done for whole families in one go, we could be looking at Rs. 50 or less per person here which can be possibly collected from the users themselves if there is even nominal benefit of having a UUID.

Assumptions being no corruption/bureaucratic incompetence anywhere we could be looking at a revenue generating project here not one which needs to have a 5000-10000 crore budget per year.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

vera_k wrote:^^^
All the hardware and software in the central systems should not cost more than $10M over 3 years..
+1 Duh! similar ballpark estimate. Why exactly do you think rollout would cost additional money though.
-Tarun
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

geeth wrote:Guys,

This card is gonna be the Mother of all cards...in future you will asked to quote this number in anything and everything you want to do...and all will be well networked - in the sense that to find out what the person holding card No. 12345678910 did, they have to just type the number and it will show your bank transaction (in all the banks with multiple accounts), credit card payments, loan amount, non-payment of dues etc etc. It is a question of time before the Guvermand know how much money you had handled, where all you had gone, with whom all you were talking...
PAN already serves that purpose for all things financial.
-Tarun
geeth
BRFite
Posts: 1196
Joined: 22 Aug 1999 11:31
Location: India

Re: The Indian National ID Card Project

Post by geeth »

PAN already serves that purpose for all things financial.
It doesn't..There are duplicates and its genuineness cannot be verified from the database
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

geeth wrote:
PAN already serves that purpose for all things financial.
It doesn't..There are duplicates and its genuineness cannot be verified from the database
Why not ?
-Tarun
geeth
BRFite
Posts: 1196
Joined: 22 Aug 1999 11:31
Location: India

Re: The Indian National ID Card Project

Post by geeth »

Why not ?
Pls explain in your own time (I am off for few days) how it can be done..

I have come across people having multiple cards and using it too...they give different / fictitious addresses and that is it. How will you trace..? and who will know which is genuine/fake and how will they trace ?
rohitvyas
BRFite -Trainee
Posts: 1
Joined: 07 Oct 2010 19:05
Location: indore
Contact:

Re: The Indian National ID Card Project

Post by rohitvyas »

UIDAI is not going to give id cards to any one they will issue only a unique identification number for now
vera_k
BRF Oldie
Posts: 3986
Joined: 20 Nov 2006 13:45

Re: The Indian National ID Card Project

Post by vera_k »

nukavarapu wrote:
vera_k wrote:^^^
All the hardware and software in the central systems should not cost more than $10M over 3 years.
Did you consider the cost for secured and reliable communications which has to span the length and breadth of India? Processing is just one part, communications is other, security is the 3rd and Storage the 4th.
No, that should be be part of the spend on the local UID offices they will have to maintain. But they don't have to reinvent the wheel here, and if they do, it would be better to wait until the infrastructure is in place. Using the cell phone network would definitely be cheaper than using VSAT terminals, specially given current technology trends.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote:
Interesting and amazing how you reached to that figures. You mean to say its easy to run 1 million finger-print digital record against 1 billion existing records is easy?
Yes
nukavarapu wrote: When I say a peak of 1 million transactions, what I meant was that during peak times, 1 million queries might be received. Each query from those 1 million has to be answered. Sounds very simple right?
Yes, to me it does. There are transaction processing vendors whose products do 30K concurrent transactions ( not per second, with latency in India being < 100 ms to even remotest towns ) we are talking about 100K transactions per second per server.
nukavarapu wrote: How you will take every single of those 1 million queries and run it against a record of 1 billion records in the database to verify? In order the verification to be reliable it can't stop at the first match. It has to run through all 1 billion to make sure there is no duplicate in the database itself. De-duplication should ensure that, but the system to be 100% reliable, the query should be matched against all the records in the database to confirm a match or a no-match. Here we are talking about 1 record being matched against 1 billion records. So what happens to the remaining 99,99,999 queries in the line? If you have an answer that will be great.
Answer to the above question doesn't come free, to give you a few hints, number crunching on modern processors is super fast, basically what you are doing above is matching up numbers. To store 10 billion numbers it takes a little more than 1 Gbyte of memory, commodity class ( read cheap) 4P systems with 48 cores and 256GB of memory can really do a lot more number crunching than needed here. Memory mapped I/O is way faster than disk access. Its not that systems storing billion plus identities are being built for the first time anywhere in the world, most large email providers, social networking sites have similar order of size for storing identities. And identity and authorization is extremely small part of these systems.
nukavarapu wrote: By the way the 1 million transaction are not to create a new entry in the database, I was referring to them as the ones which need to be authenticated everytime the facilitator wishes to confirm the identity of any person.
Ofcourse I didn't contradict that anywhere.
tarun wrote: The budget for hardware should be no more than 15 crore Indian Rupees for that and all associated online de-duplication processing ( which any doesn't have to happen in online request-response loops but as cheaper batch processing ). Add space, power and cooling cost of about 6 crores per year for that and at 21 crores such a system can be run.
nukavarapu wrote: How exactly is batch processing relevant in this scenario? Care to enlighten me?
I have no idea what you have factored in that 15 Crore rupees. Just servers? Who will take care of the networking, storage & security costs? Last I remember that a 10 TB storage device, including the RAID controllers and 20 TB worth of disk stacks (RAID 1: 10 + 10) configuration costed close to 1 Million USD.
Its the basic system on offer. Put redundancy in it you have 2 Million which is approx. equal to 10 Crores just for 2 Storage devices. Let me know if you know any vendor out of NETAPP, EMC or Hitachi whom I consider the only reliable ones, can offer it any cheaper. I have no idea how you reached the figure of power and cooling costs of 6 Crores per year.
Did you factor the licensing costs for the proprietary software or hardware? Any idea of associated workstations required for developers, integrators or operators? Did you factor the costs for Network and Security devices? Did you factor the cost of professional services to deploy these systems and the cost for managed services to manage and maintain them? Did you factor the cost for reliable and redundant power via UPS or/and Generator backup? How much power requirements we are looking at and how many generators we need? Do you know what is the cost of a single reliable generator? I sure a single generator can't take the load and you would need atleast 10-20. A single enterprise scale generator which I think we might need for such a datacenter costs close to 10 lakhs. So 10 generators itself will take the cost to a Crore.

After buying all the stuff, did you factor the cost of product and other kinds of support? Did you factor the cost required for environment related to testing and development?
I was not even thinking or even factor the cost for the root certificate because I think its negligible.
After all this, you need to multiply the cost by a factor of 2 or 3 to create 1 or 2 Disaster Recovery centers.
Massive infusion of clue is required here for starters :-
http://blog.backblaze.com/2009/09/01/pe ... d-storage/

Your costs are way off. Please define how a vendor's brand provides you with 'reliability' it provides for Cover Your Ass mode operation for sure but no it doesn't provide any 'reliability' unfortunately.

--SNIP-- comments made without comprehension.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote:
It seems you don't have even the slightest idea of the inefficiency involved in PAN card and other databases controlled by GOI. I would recommend research a bit. Especially that news about an old lady in Gujarat who was caught with 100 PAN cards.
So let them fix that first instead of building more broken systems. Lending an IT honcho's name to a project doesn't suddenly make far better than other GOI driven projects.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

vera_k wrote: No, that should be be part of the spend on the local UID offices they will have to maintain. But they don't have to reinvent the wheel here, and if they do, it would be better to wait until the infrastructure is in place. Using the cell phone network would definitely be cheaper than using VSAT terminals, specially given current technology trends.
Duh! does government has a lack of offices in every part of the country already. Regarding connectivity public Internet access is growing cheaper by the day. The same PGP that government of India with its massive resources can't crack for Blackberry's can be used to encrypt information on these links for security.
Neshant
BRF Oldie
Posts: 4852
Joined: 01 Jan 1970 05:30

Re: The Indian National ID Card Project

Post by Neshant »

The more I look at this national ID card project, the more I see the need for it and its potential.

It is an excellent idea and all the moaning will not derail the project.

The technological challenges do not appear out of reach to me. In fact is quite easily solved with distributed computing. The main issue will be security/privacy and organization.

Eventually it will be compulsory for all Indians to have this card. Access to financial services, health care, govt services, employment, taxation, travel, identification and eventually digital money, banking will require this card.
vera_k
BRF Oldie
Posts: 3986
Joined: 20 Nov 2006 13:45

Re: The Indian National ID Card Project

Post by vera_k »

tarun wrote:Duh! does government has a lack of offices in every part of the country already. Regarding connectivity public Internet access is growing cheaper by the day. The same PGP that government of India with its massive resources can't crack for Blackberry's can be used to encrypt information on these links for security.
Even if they share space with other government offices, they will need staff trained on UID procedures and equipment. I imagine that salaries for these people will come out of UID budget. Because of the privacy and security concerns in this operation, I'd be surprised if this function is outsourced to the private sector. Point taken on the security protocols, but like I said earlier the technical implemenation is not what will suck up the money.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote: I see such blogs coming 1 a million every other day. Whats the point?
The point is 1 million USD in Silicon Valley == a storage company bootstrapped who eats their own dog food to run a backup service for consumer PCs with diskspace in use running into 100s of petabytes. In your world 1 million USD == one storage system which provides a mere 20TB of storage. Ofcourse thats the difference in cost you get when you put bureaucrats (govt/corporate) instead of engineers to solve a problem.

[rest of non-value-add stuff]
You are merely resorting to ad hominem
nukavarapu wrote: ...
People who know the least bark the most.
Amen brother.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

vera_k wrote: Even if they share space with other government offices, they will need staff trained on UID procedures and equipment. I imagine that salaries for these people will come out of UID budget. Because of the privacy and security concerns in this operation, I'd be surprised if this function is outsourced to the private sector.
Unfortunately that is exactly how the government would do it. Better would be to borrow existing manpower which does verification for cell phones, landlines, bank accounts and other KYC compliant services and integrate them into UID project. One more identity issued by government means one more queue for the common man.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote:
tarun wrote: Duh! does government has a lack of offices in every part of the country already. Regarding connectivity public Internet access is growing cheaper by the day. The same PGP that government of India with its massive resources can't crack for Blackberry's can be used to encrypt information on these links for security.
:rotfl: So comes one more hilarious comment from the funniest guy around. Internet cost is going down by the minute, but what about the quality of internet access in rural areas or if there is any internet access available in rural areas to begin with. Have you ever actually tried using blacberry in areas like Chambal, Sahranpur, Srikakulam, Pallakkad etc.? Again pipe dreams and lot of crap. For beginners, out the total 23 circles, only 7-8 support GPRS. 3G has not yet launched. I can see the HALF-KNOWLEDGE speaking !!!
I'll ignore the ad hominem attacks but for the sake of completeness I'll try and answer your posts for the benefit of lurkers.

I never said use tethered blackberry(s) for Internet access over GPRS. PGP encryption can be used with any kind of device which even GOI itself can't crack with its massive resources as the blackberry fiasco shows.

The BSNL/MTNL may not have 100% uptime but last I heard they can still provide un-limited Internet over a DSL line to the places you mentioned above.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

Marten wrote:There is very little possibility of duplicate numbers being issued on the basis of biometric data. It is close to impossible to reproduce a duplicate ten-fingerprint + FR + Palm combination and not have the verification modules identify it as a dupe. Dedupe will start with verification against all existing entries. Regardless of how slow the db response rates are, the validation and verification teams will be working off-site and running huge batch jobs to do these tasks. Folks who assume they are knowledgeable in terms of technology still need to learn about biometric procedures. There is simply no way of faking that combination.
http://www.slideshare.net/anivar/biomet ... s-exploits
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote:
tarun wrote: So let them fix that first instead of building more broken systems. Lending an IT honcho's name to a project doesn't suddenly make far better than other GOI driven projects.
Thats what exactly they are trying to do. The way to fix PAN card database is to introduce some kind of unique identity, which will be more or less the same process. People have opinions about everything. They don't have a single initiative under their belt, that they tried to get associated with and implement it for the better of society, but when someone tries to do, they are the very same people who will make ignorant comments about how things can be done so easily and simplistically without having any idea of ground reality.
Very typical of people who assume there is one right way of doing things which needs to be forced on everyone with money stolen from un-suspecting tax-payers. The way to fix existing system is not technology but enforcement. Find out and remove the rotten apples from the system who were responsible at whatever level for issuance of duplicate PAN cards instead of creating yet another possibly crackable system.
[/sarcasm]
vera_k
BRF Oldie
Posts: 3986
Joined: 20 Nov 2006 13:45

Re: The Indian National ID Card Project

Post by vera_k »

tarun wrote:Unfortunately that is exactly how the government would do it. Better would be to borrow existing manpower which does verification for cell phones, landlines, bank accounts and other KYC compliant services and integrate them into UID project. One more identity issued by government means one more queue for the common man.
I'd imagine that such outsourcing is undesirable in the enrollment phase due to the risk of identity theft in case crooks get hold of the fingerprints, iris scans and name+address data.
Neshant
BRF Oldie
Posts: 4852
Joined: 01 Jan 1970 05:30

Re: The Indian National ID Card Project

Post by Neshant »

^^^ that will happen one way or another. its a guarantee.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote:
So providing backup for consumer PC and providing storage arrays is same? Backup is completely different and storage array is completely different, research your facts. The system that provides 20 TB comes with support and commitment that as long a the user follows the recommended procedures of installation, no data will be lost. Do you see the mentioned company giving the same kind of commitment? If they give, can they prove it? If they want to prove it, prove it with what? Research a bit and you will get your answer. If you want to know, its easy ask me and I can do that free of cost i.e. the architecture of Storage Arrays and their significance and the basic difference with SAN and NAS.
The central point is:- It is possible to build storage arrays ( as in != rocket science ) vastly cheaper if you stop drinking vendor kool-aid. The system can be designed for whatever characteristics are more useful. Those guys don't need to prove anything to you they have paying customers and whole lot of other startups requesting them to start an enterprise storage business.

See another example http://www.linux.com/archive/feature/146861
Ofcourse someone who believes in DDM like mainstream media belonging to the west more than the dime a dozen blogs isn't going to learn.

Yes I would like to hear the difference between your 1 million USD storage box purchased from a vendor and building stuff on your own.

Is 1m USD equipment capable of delivering more random Input Output Operations Per Second from practically same number of spindles( read disks ).

Does a storage array used in SAN/NAS have more Mean Time between Failure when organized in similar setup to RAID-10+spare disks as opposed to having the same setup configured in Linux on your own.

Do BBUs, Multi-pathing on fiber running on storage networking ( as opposed to say ISCSI on 10Gbit Ethernet with NIC bonding that can easily deliver 40Gbps at several orders lower cost ), storage volume replication, exporting of LUNs in hardware make the million USD storage arrays better than removing all these Single points of failure on your own?
All I hear is regurgitated marketing talk from storage vendors paraded as universal truth as if written in a holy book.

The conversation with you really has a surreal quality :-

Me: Dude, here look here's how to build with schematics with part numbers and costs, an 8K USD device that has twice the amount of storage of a million USD device.

You: Duh! such blogs are dime a dozen

Me: Look again its a blog belonging to a storage vendor who stores data for large number of consumers backing up their PCs with utmost reliability, they used practically less than a million USD to build a business storing petabytes of data.

You: Yeah but can they prove they are really more reliable than my million USD storage 'array', you didn't research what is the difference between consumer grade stuff and 'enterprise' stuff

Me: Duh! what 'enterprise features' they can all be had in similar costs another here see another blog link
.....
Rinse and repeat.
So having spent a million USD on a 20TB storage obsolete by the time it got shipped to your datacenter/NOC you can spend the rest of your life arguing about how it is better. Go on suit yourself.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote: Try visiting Ongole in AP. I had been to a village in Ongole, where the whole village has a single well and only 2 or 3 families have electricity. Do you think BSNL has a digital exchange in that place that can support broadband? BTW the whole village had just one telephone in Post Office, which is like 10-20 km away. I am sure we would be having thousands if not lakhs of such villages. Lets get a bit realistic here, shall we?

I was not at all referring to tethered blackberry. When I say reliable is the quality of network. You don't want tail drops while sending the fingerprints and/or iris scan, right?

When it comes to security light weight protocols like SSH is enough and works with http based suit quiet easily. That should be enough and though IANS it has the least b/w consumption compared to all security protocols out there.
So instead of the first 3 towns you needed for your example now you have a 4th town, we need to move farther and farther until we can find populations un-touched by communication revolution, reliability shall improve when there are angry customers shouting at BSNL staff.

Though it appears to me that leased circuits can be ordered at Ongole Telephone exchange.
http://www.ap.bsnl.co.in/pkm/pkmcscsubviewyes.asp

This is like what 2% of the population in the country where broadband is 10 km away, VSATs can be used there. The rollout costs don't become 10x maybe 2x here. I didn't talk about rollout costs anywhere Vera_K mentioned a few valid points about those. Glad you think http over ssh works and you don't need to setup MPLS VPN links as have been setup with most CSCs ( Common Service Centers )
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote: If you think the existing system has to be fixed, why don't you share your views about how can GOI go about fixing the system. Lets say if you are given the task to improve PAN service. What you will do? I would really like to hear that and thats no sarcasm.
Most problems in systems arise because of high latency and high turnaround time to get simple things done, creating in-efficiencies. If it is too hard to obtain a PAN/UID/Voter ID/Passport that is most likely it would be skipped. For e.g. lot of folks who have PAN cards/Passports do not have Voter ID cards ( the original massive failure a precursor to UID )

1. Make it super easy change addresses associated with an existing PAN cards, Driving Licenses, Voter ID cards, Digital Signatures, Passports. This is really the most important step. Otherwise the system below would generate too many false positives. The concern is identity not address.

2. Base PAN card application approval on actual physical verification instead of possibly fake address/identity proofs or an Identity that already has an actual physical verification process done and is verifiable online over Internet as belonging to the person who applied for a PAN e.g. Driver's License, Voter ID card, Class II Digital Certificate.

3. Audit agencies that do physical verification for PAN/(any other ID), determine where most of the fraud is coming from and fix it by putting in fear of GOI into those who are lax. Enable these agencies with online access to data they are verifying instead of the currently disjointed non-traceable reports.

3a. Make the physical verification systematic, painless, timebound and finite cost operation.

4. Provide easier API based verification to users of PAN data , i.e. anyone who needs to verify PAN numbers for TDS deposits and to meet KYC requirements.
4a. Generally make it impossible to submit fake identity to fraudulently obtain a new bank account and or credit of any sort while making it super easy to obtain a valid identity and access to modern financial/telecom systems.
4b. Right now its the opposite, 'Jugaad' has it easier to just sidestep the system to get anything useful done.

5. Users of PAN data should provide address back while verifying PAN, this data can then be used to de-duplicate based on algorithms which can determine equality/proximity of addresses. Run skip-tracing algorithms http://en.wikipedia.org/wiki/Skiptrace (also used by financial institutions ) to deduplicate, locate delinquents and punish a few of them. Punish those who obtained duplicate/fraudulent PANs and actually using more than one, once the system becomes efficient at search, locate and arrest it becomes harder and harder to bribe verification agencies to obtain a PAN fraudulently.

6. Addresses wherever collected can be validated against Property registration databases to ensure their existence and validity, at the least mark possibly invalid addresses associated with PAN cards for further investigation.

7. Reduce and simplify taxation for the common man, the common man wants to remain out of the system because it places onerous liabilities of filing returns (which by the way is no longer Saral for most folks who are not salaried ), the economic incentives of staying out of the system are very high, it needs to be reversed.

Unfortunately doing the above is not currently the aim of UID, it is yet another system with extremely curtailed functionality and massive costs associated with it.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

Let me recap my position on the UID project:-
1. It could be useful but so would be fixing existing systems at a much lower cost.
2. If it has to be done, focus on lowering the cost without compromising on usefulness of the systems, it is possible by involving engineers into the system design which hasn't happened yet despite noises about involving Open Source Community.
3. Building a massive monolithic system un-connected to anything else with limited aims from the scratch is going to be a massive waste of time for everyone who'll need to interact with the system. The concerns about abuse of the system or its security haven't been addressed appropriately yet, there seems to be a broad agreement that no system is future proof and not prone to being cracked.
4. The capabilities being attributed to UID system are not being promised by the version 1 of the system, there is no roadmap for it either.
5. Not convinced about the costs vs benefits of the system. Cost estimates for various portions of the project, various designs, schematics haven't been made publicly available and open to scrutiny so their security can be verified. Security through obscurity has long been dead that seems to be current practice.
geeth
BRFite
Posts: 1196
Joined: 22 Aug 1999 11:31
Location: India

Re: The Indian National ID Card Project

Post by geeth »

>>>The way to fix existing system is not technology but enforcement. Find out and remove the rotten apples from the system who were responsible at whatever level for issuance of duplicate PAN cards instead of creating yet another possibly crackable system.

That is something physically impossible to do..Moreover, there is no overwhelming need for the common man to obtain a PAN Card.

The problem with the existing system is that nothing can be 'verified' for sure..In a PAN card, if you are verifying the address, I can produce a perfectly verifiable address, get the card. I can also apply for a duplicate card with another address, which is also verifiable by any authority (or bribe those authority to complete the verification process). It is not reliable at all.

From what I could understand, in the UID system, a persons biometrics is recorded, and a number is attached to that record and handed over to the person. This may be stored in different set of clusters..e.g., numbers starting with similar digits in first few places in one cluster, next in another cluster etc..(this way the checking time can be reduced). If a person who's biometrics is already recorded, tries to get a duplicate card, then the system can verify it from its record of biometric data stored. (at the time of issue of the number first time, it may have to go through the complete data stored).

Once the number is issued, different authorities like banking, IT, passport, air travel, PDS, land registration and a host of other services (in fact any one with a facility to verify the bio metric data) can demand the UID number to identify the person.

After linking any activity, law enforcing / IT /Revenue authorities may be able to check the activities of a particular person by just typing his UID and get the data.

For eg., if a person has multiple accounts in different banks at different location. The RBI/IT dept may be able to link all these accounts of the person and get a view of his total financial transactions. In fact this is already being done by the IT dept in the case of TDS - all the TDS deductions in a particular PAN number is centrally available at the IT dept's Delhi office - and they send queries to the individuals from Delhi to all over the country. The system cannot succeed fully, because those with many PAN numbers can escape this loop. This will not be possible with a UID number because it cannot be duplicated.

Same with other services / cards.
JMT
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote:
So the OS is never gonna see it as a raw storage space, but it will see it only as a mapped folder. I have yet to see in any of your solution that has come via cheap way to provide direct access to storage blocks.
It is possible to export raw LUNs
http://sourceforge.net/projects/aoetools/


[SNIP] all arguments eulogizing access to raw LUNs as if it was Amrit obtained after the Sagar Manthan.
nukavarapu wrote: Talking in terms of File I/O. All the cheap systems you specified, they just do I/O. None of them does caching and predictive data regeneration. The enterprise class sytems comes with its own caching engine which stores the most frequently accessed files in its cache engine. Apart from that, when the same pattern of strings are noticed, the predictive engine regenerates the data even without accessing the file. That kind of caching far surpasses any amount of I/O that the present disk operators support.
So the server CPU cycles are completely dedicated to application and need not be wasted at all on file I/O. The File I/O is taken care by the local iSCSI or FCOE or FC controller without putting any burden on server CPU.
RAM's cheap and enabling in-memory writeback cache improves write performance for any machine with or without SAN nothing holy about caching in a SAN box's RAM ( its exactly the same memory used in your server ) and regarding any modern OS takes care of all the good stuff like predictive readahead automatically. Regarding esoteric capabilities mentioned they are seldom useful in real world data access scenarios, at best you are looking at a lot of cache misses.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote: I resign from all arguments that I had with you and I have officially given up on you. I can't beat stupidity !!!
About time.

A quick google search would have clarified a lot of questions of what Open Source today is capable of doing, I am not your vendor to spoon feed you data here.

You have made multiple obsolete observations based on drivel fed to you, each time I gave you some pointers negating them.

If you don't know how to combine together a few tools usefully in Linux+Ethernet environment then go compare the pricing of a readymade solution like http://www.coraid.com/ with your 'reliable' vendors.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

nukavarapu wrote:Biggest joke
I'll leave it at that.
tarun
BRFite
Posts: 109
Joined: 27 May 2009 17:45

Re: The Indian National ID Card Project

Post by tarun »

http://www.whitehouse.gov/the-press-off ... ansactions
The Unique Identification Project: L-1 Identity Solutions, headquartered in Stamford, Connecticut, and another U.S.-headquartered company, lead two of the three vendor consortia, which have been prequalified by the Unique Identity Authority of India for the first phase of an effort to register Indian residents with a 12-digit unique number using biometric identifiers. Unprecedented in scale, seeking to register 1.2 billion Indian residents, the Unique Identification program aims to enhance delivery of government services in India.
abhishek_sharma
BRF Oldie
Posts: 9664
Joined: 19 Nov 2009 03:27

Re: The Indian National ID Card Project

Post by abhishek_sharma »

India's Elephantine Effort

Marina Krakovsky

Communications of the ACM

http://cacm.acm.org/magazines/2011/1/10 ... t/fulltext
The full implementation, though, is fraught with problems, most of which stem from the project's sheer size, given India's population of 1.2 billion. "Biometric systems have never operated on such a massive scale," says Arun Ross, an associate professor of computer science at West Virginia University.

One of the biggest challenges is deduplication. When a new user tries to enroll, the system must check for duplicates by comparing the new user's data against all the other records in the UID database. Hundreds of millions of records make this a computationally demanding process, made all the more so by the size of each record, which includes up to 12 higher-resolution images.

The demands continue each time there's an authentication request. "The matching is extremely computationally intensive," says Prabhakar. At peak times, the system must process tens of millions of requests per hour while responding in real time, requiring massive data centers the likes of Google's.

Achieving acceptable levels of accuracy at this scale is another major difficulty. Unlike passwords, biometrics never produce an exact match, so matching always entails the chance of false accepts and false rejects, but as the number of enrollments rises, so do the error rates, since it becomes more likely that two different individuals will share similar biometrics. Using a combination of biometrics—instead of a single thumbprint, for example—greatly improves accuracy and deters impostors. (In the words of Marios Savvides, assistant research professor in the department of electrical and computer engineering at Carnegie Mellon University, "It's hard to spoof fingerprints, face, and iris all at the same time.") But using multiple biometrics requires extra equipment, demands information fusion, and adds to the data processing load.

Other steps to improve accuracy also bring their own challenges. "The key issue," says Nalini Ratha, a researcher at the IBM Watson Research Center, "is have I captured enough variation so I don't reject you, and at the same time I don't match against everybody else?" Capturing the optimal amount of variation requires consistent conditions across devices in different settings—no easy feat in a country whose environment varies from deserts to tropics and from urban slums to far-flung rural areas. "It's almost like having many different countries in a single country, biometrically speaking," says Ross.

The challenge isn't just to reduce errors—under some conditions, a biometric reader may not work at all. "If it's too hot, people sweat and you end up with sweaty fingers," says Prabhakar, "and if it's too dry, the finger is too dry to make good contact with the optical surface of the scanner." Normalizing across varied lighting conditions is essential, since all of the biometric data is optical.

...

Security Challenges
As if these problems weren't enough, the UID system poses formidable security challenges beyond the threat of spoofing. "People get carried away by one type of attack—a fake finger, a fake mask, or something," says IBM's Ratha, "but there are probably 10 other attacks to a biometric system that can compromise the system."

For starters, when data is stored in a centralized database, it becomes an attractive target for hackers. Another vulnerability is the project's reliance on a network of public and private "registrars"—such as banks, telecoms, and government agencies—to collect biometric data and issue UIDs. Though registrars might ease enrollment, they're not necessarily worthy of the government's trust. Banks, for example, have been helping wealthy depositors evade taxes by opening fictitious accounts, so entrusting the banks with biometric devices doesn't make sense, says Sunil Abraham, executive director of the Centre for Internet and Society in Bangalore. "If I'm a bank manager, I can hack into the biometric device and introduce a variation in the fingerprint because the device is in my bank and the biometric is, once it's in the computer, just an image sent up the pipe," he says. Though careful monitoring could catch such hacks, Abraham says that's not realistic once you've got as many records as Aadhaar will have.

Registrars may also make UIDs, which are officially voluntary, a de facto requirement for services, especially in the current absence of a law governing how the data can be used. Such "function creep" troubles privacy advocates like Malavika Jayaram, a partner in the Bangalore-based law firm Jayaram & Jayaram, who says, "If every utility and every service I want is denied to me without a UID card, how is it voluntary?" The loss of civil liberties is too high a price to pay for a system that she believes leaves gaping opportunities for continued corruption. "The guy handing out the bags of rice could ask for a bribe even to operate the machine that scans the fingerprints, or he could say that the machine isn't working," says Jayaram. "And there's every chance the machine isn't working. Or he could say, 'I don't know who you are and I don't care; just pay me 500 rupees and I'll give you a bag of rice.' All the ways that humans can subvert the system are not helped by this scheme."

Abraham suggests a more effective way to root out fraud through biometrics would be to target the much smaller number of residents who own most of the country's wealth, much of it illgotten. "The leakage is not happening at the bottom of the pyramid," he says. "It's bureaucrats and vendors and politicians throughout the chain that are corrupt."

...
RamaY
BRF Oldie
Posts: 17249
Joined: 10 Aug 2006 21:11
Location: http://bharata-bhuti.blogspot.com/

Re: The Indian National ID Card Project

Post by RamaY »

Somewhere I read that Athar ID will be used as the "Provident Fund" account number as well.

If they convert this into a SSN type thing, they should go for a treaty with USA. This will help million+ IT workers who worked in the USA at some point. At $3-4K per year, they can save upto $18-25K in their 6 years of H1B work.
RamaY
BRF Oldie
Posts: 17249
Joined: 10 Aug 2006 21:11
Location: http://bharata-bhuti.blogspot.com/

Re: The Indian National ID Card Project

Post by RamaY »

^ Martenullah

Are you sure about the treaty? Can you pls give me some reference?

I have many R2I friends and I think this will help them.
amdavadi
BRFite
Posts: 1489
Joined: 16 Oct 2002 11:31

Re: The Indian National ID Card Project

Post by amdavadi »

Ramay,

Yes there is SSN treaty between unkil & GOI......
Post Reply