On Saturday 08 May 2010 07:27:48 Raj Mathur wrote: > On Friday 07 May 2010, jtd wrote: > > One of the minor reasons for asking WHY is that biometrics, > > except for a tightly controlled set of usage scenarios, is > > unuseable. > > > > The UIDAI fails to comprehend that a biometric based UID is > > broken in concept. > > Thanks for the detailed note, JTD. Would you be willing to do a > one- or two-page paper on this with references that can be > presented to UIDAI, whether in a meeting or independently?
I will do one, in a weeks time, inspite of the fact that there are too many holes in the entire scehme (technology, collection, issuing, revoking, authentication etc.), most of them endemic to our governance system and consequently unpluggable. One should note that most of the studies are self serving stuff by patent holders / licensees and manufacturers of equipments. There are only a few studies available on the net, which provide info on the vulnerabilities. There are no studies about using biometrics as UID on a large scale. I presume that it is obvious to any one save the self serving that such studies are a waste of time. As pointed out earlier inability to revoke a biometric set immediately disqualifies it from being used as a UID. Revocation of keys / certs without exposing the entire system is a basic requirement of an authentication system right? What does the UIDAI intend to do with a compromised biometric holder? shoot him in the head? And what studies / intelligence does one require to understand this fact. The whole thing seems utterly crazy to me. A rubbish scheme full of holes, plastered over with tech with even bigger holes. The more they try to cover it up the worse it gets. Next they will come up with retinal scans. > > As for policy, I personally am not a great proponent of the NUID; > however, given the current scenario, it seems inevitable so I'm > concentrating more on trying to make technology, privacy and abuse > concerns visible and facilitate mitigation before implementation. -- Rgds JTD _______________________________________________ network mailing list [email protected] http://lists.fosscom.in/listinfo.cgi/network-fosscom.in
