How UIDAI goofed up pilot test results to press forward with UID scheme
March 18, 2011 03:59 PM | 
Moneylife Digital Team
Share this article:
34 Comments
| LOKESH SHARMA 2 months ago | | LOKESH | | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | The first version of the sea-of-false-positives review of UIDAI's proof of concept trial report was posted on a website called Planet Biometrics on 16 February 2011.
37 days later, a response was received from one Murali Chirala, who may or may not be associated with UIDAI.
Please see http://www.planetbiometrics.com/article-...
Murali Chirala's is a substantial response. I have today tried twice to post my initial answer on Planet Biometrics but there seems to be a problem with the website.
I have been recording events on the No2ID website, please see http://forum.no2id.net/viewtopic.php?f=5...
... and also here on moneylife.in. Just to keep things up to date, here it is, the first of many responses to Murali Chirala:
1 According to Murali Chirala, “Mr. David Moss makes two fundamental errors in ...” and “Mr. Moss confuses FPIR ... with FMR ...” and “Mr. Moss has misinterpreted FPIR and FNIR for FMR and FNMR ...” and there is “... a massive discrepancy in Mr. Moss’ calculations” and “Mr. Moss incorrectly assumes that ...”
2 He’s pretty stupid, this man Moss.
3 We can safely ignore him, he’s irrelevant.
4 Even so, the question remains, for an intelligent third party, are all the records on the Central ID Repository (CIDR) being built by UIDAI biometrically unique? Are they? Or aren’t they? Yes? Or no?
5 Let’s call this intelligent third party “Churali Mirala”, or “CM” for short. CM wants to understand exactly what Murali Chirala is saying, because this question of uniqueness is important. After all, if the Unique Identification Authority of India isn’t offering unique identification, what is it offering?
6 CM takes a good look at Murali Chirala’s second paragraph, where there is talk of “two different galleries”, each with 20,000 records.
7 A gallery here, CM assumes, is a mini CIDR, a set or database of biometric records.
8 What is in the records, CM asks? In UIDAI’s proof of concept trial, each record identified one Indian using 12 items, viz. ten fingerprints and two irisprints. Since that is what we are talking about, UIDAI’s proof of concept trial report, CM assumes that by a “record”, Murali Chirala means 12 fields/columns containing ten fingerprints and two irisprints.
9 Murali Chirala talks of “40,000 searches” on each gallery. Why 40,000? Murali Chirala has a rather elliptical way of writing. We have to “unpack” his words, so to speak. Where did 40,000 come from? CM makes a guess. He assumes that the ten fingerprints are treated as one search term/probe and the two irisprints are treated as a second probe. (CM has been doing some background reading and understands that when you do a matching exercise in the academic field of biometrics you “probe” the “gallery”, which is also sometimes called the “background”.) Good. So that makes two searches for each Indian in the gallery. 40,000 searches in all. CM would like Murali Chirala to confirm that this guess is correct. He doesn’t want to be thought to be as stupid as David Moss. But if the guess isn’t correct, then CM can’t understand what the elliptical Murali Chirala is talking about with his 40,000 searches.
10 And what are these searches, CM asks? There’s not much point searching a gallery against itself, CM thinks, because then the false negative identification rate would have to be zero. And it isn’t. Then CM remembers that the participants in the proof of concept trial had to make two visits to be registered. CM assumes that the gallery was built from the biometrics registered at the first visit and that it is the biometrics registered at the second visit which are being used as the probes. Again, CM would like Murali Chirala to confirm that this guess is correct. He still doesn’t want to be thought to be as stupid as David Moss. But if the guess isn’t correct, then CM still can’t understand what the elliptical Murali Chirala is talking about with his 40,000 searches.
11 Obviously Murali Chirala’s answers would be wasted on David Moss. No question. But Murali Chirala still nevertheless owes answers to any intelligent third party who is interested to know whether records on the CIDR are unique.
12 More questions for Murali Chirala. 60,000 participants attended the second registration session. And yet the gallery comprises only 20,000 Indians. Why, CM wants to know, why doesn’t the gallery have 60,000 people in it? How were the 20,000 chosen? What was wrong with the other 40,000?
13 Also, Murali Chirala, please confirm CM’s assumption that the 20,000 probes chosen from the second registration session used to match against the gallery created from the first registration session were chosen because UIDAI thought they were the same 20,000 people, they’re not 20,000 probes chosen at random, say, from the 60,000 available.
14 We’re still in the second paragraph of Murali Chirala’s post. And there’s another question which requires his attention. He really is the most elliptical of writers.
15 There are two galleries. One of them is “seeded” and the other one isn’t. What is the difference? It seems from what Murali Chirala says that the seeded gallery is required to calculate the false negative identification rate, you can’t do that with an unseeded gallery. CM makes a guess. If Murali Chirala, say, is not matched and the operation returns a negative, the only way UIDAI can know that that is a false negative is if they know in advance that Murali Chirala is in the gallery. So seeding the gallery must involve checking it first, before matching operations begin, to see who’s in it. Perhaps Murali Chirala could confirm.
16 There is an equivalent problem with false positives. Suppose UIDAI probe the unseeded gallery with Murali Chirala’s biometrics and get three matches. Perhaps Murali Chirala is registered on the CIDR three times. They could be legitimate matches. How do UIDAI know that at least two of the positives are false? Only if they already know that all the records in the gallery are unique.
17 But hang on a minute. Isn’t that where we started? That’s exactly what we need to know. Is each record on the CIDR unique? The answer from Murali Chirala so far is that, yes, each record is unique if each record is unique. It seems that whatever Murali Chirala is talking about, the correct way to measure false positive and negative identification rates, it doesn’t help us to establish whether these blessed records are or are not unique.
18 We need answers to these questions raised by Murali Chirala’s second paragraph before we can move on to his third paragraph, which we look forward to doing, soon.
19 Your comments would be appreciated Murali Chirala. It took you 37 days, from 16 February to 25 March to respond last time. That’s fine as long as we’re only dealing with the halfwit David Moss. But an intelligent third party, perhaps an Indian taxpayer wondering if his or her tax money is being wasted, will look forward to an answer from you, Murali Chirala, much more quickly than that, please. | | » Reply » Link » Report abuse | | | | |  interested observer 10 months ago in reply to David Moss | | dear mr moss,
i was trying to decipher mr muralis explanation and as far as i understand what he finally says is that the number of false positives and false negatives on attempting to confirm the uniqueness of each id being issued can be kept within manageable limits by lowering the tolerances with which they are compared. As the sample size goes up, u look at each id less carefully so that u don't get too many false positive matches from the ids already in the database!!! I hope i am just misunderstanding him.Please tell me if i am missing something here.I can just imagine the chaos when 'mr.common man from the poor and marginalised parts of society' turns up with his uid card and the machine tells him he is not himself. And all these are problems inherent in the system, not to think of the deliberate misdeeds possible.. | | | » Reply » Link » Report abuse | |
| | | | David Moss 1 year ago in reply to David Moss | | 20 Let’s say that CM, the intelligent third party, while waiting for Murali Chirala’s response, reads ahead and finds this: “Mr. Moss incorrectly assumes that the decision threshold on the 1-to-1 comparison score is kept constant independently of the gallery size. In fact this threshold is adjusted in the real operational system to keep FPIR constant independently of the gallery size G. This fact alone removes the possibility of the sea of false positives”.
21 Is Murali Chirala right when he says that the possibility of a sea of false positives has been removed?
22 Probably.
23 After all, this sea of false positives argument is devised by David Moss, already acknowledged as the biometrics village idiot.
24 Or is it? CM checks and, lo, he finds this*, talking about the UK ID card scheme: “academic John Daugman, a former member of the Biometrics Assurance Group (BAG) which reviewed the scheme, says its reliance on fingerprints and facial photos to verify a person's identity will cause the system to collapse under the weight of mismatched identifications”. And this: “Daugman, an expert on iris recognition, says fingerprints and facial photos are not distinctive enough to be able to tell the UK's 45-million-strong adult population apart”. And this: “Daugman said that even if the error rate was as low as one in a million, the 10 to the power of 15 comparisons needed to verify the IDs of 45 million people would result in one billion false matches”. And this: “He told silicon.com: ‘The use of fingerprints will cause deduplication to drown in false matches’ ...”.
25 And who, pray, is John Daugman?
26 Only the king of biometrics based on the iris, the inventor and patentholder of the iris-matching algorithm and a professor at the Cambridge Computer Lab, that’s who**. Search for “john daugman” “biometrics” and Google gets you 7,930 hits.
27 Professor Daugman is not going to be stupid. Not like David Moss. Clearly Murali Chirala disagrees with him. But then, if you search for “Murali Chirala” “biometrics”, Google gets you one hit.
28 It’s hardly a slam dunk argument, you can’t resolve biometrics problems by Google hits, but CM thinks he’s got to make up his own mind about the sea of false positives and not just take Murali Chirala’s word for it that there is not even possibly a drowning problem. Once again, he hopes that Murali Chirala will soon answer.
----------
* http://www.silicon.com/management/publi ... -39294213/
** http://www.cl.cam.ac.uk/~jgd1000/ | | » Reply » Link » Report abuse | |
| | | | David Moss 1 year ago in reply to David Moss | | | The link to the silicon.com article at para.24 above about Professor Daugman wasn't parsed properly by the moneylife.in editor. Let's try this alternative and this one instead. It's an important article and well worth reading. And it's only short. | | | » Reply » Link » Report abuse | |
| | | | David Moss 1 year ago in reply to David Moss | | 29 Considering paragraphs 20 to 28 above, CM, the intelligent Indian taxpayer investigating whether UIDAI is wasting public money, wonders why, if there is a sea of false positives, no explorer has discovered it and charted it.
30 One potential answer, considering paragraphs 1 to 19 above, is that no explorer has looked for it. If the sea of false positives is there, it would be revealed the minute anyone tried to prove that all records on the CIDR are biometrically unique. But they don’t try to prove that. Instead, if Murali Chirala is right, they try to calculate the false positive and negative identification rates. And that is a different job.
31 You’d think that CM would now test the truth of this hypothesis.
32 But no, you would be wrong.
33 CM’s eye has been caught by something else. Something else explosive. What looks like a fundamental error in Murali Chirala’s argument. An error that would bring down the whole house of cards. At least it would if UIDAI have made the same error. A hole at the heart of UIDAI’s case. A problem so glaring that it has even occurred to the troglodytic David Moss (in his own dim and benighted way, at least).
34 Every other reader of paragraph 20 above will also have spotted it. It’s a hand grenade with the pin removed. It’s a time-bomb, ticking down fast to zero.
35 Let’s take this slowly, just to check our logic as we go.
36 We’re going to look at matching, comparing someone’s biometrics against the template stored on the CIDR, we’re going to look at the “decision threshold” and the “comparison score” mentioned by Murali Chirala. About time too! That’s what biometrics is all about -- comparing/matching and verifying that Murali Chirala is Murali Chirala. How come it’s taken until paragraph 36 to get onto the subject? Never mind, here we are at last.
37 What we will find is that Murali Chirala is nearly right when he says “... this fact alone removes the possibility of the sea of false positives”. To be quite correct, Murali Chirala should have said “... this fact alone removes the possibility of FINDING the sea of false positives”.
38 We will find that UIDAI and NIST (see below) and others are using a peculiar concept of identity nothing like what normal people understand by the word and muddying the waters by confusing the two usages.
39 And, finally, we will discover that when it comes to biometrics NIST (see below) are arguably a busted flush and so is any organisation like UIDAI that follows NIST’s prescriptions.
40 Heady stuff. Hold on to your hat.
41 That’s what we will find and we’re going to start with NIST, a US organisation, the National Institute of Standards and Technology, and their May 2004 report ‘Matching Performance for the US-VISIT IDENT System Using Flat Fingerprints’, a report some of us have read at least a dozen times, please see http://dematerialisedid.com/PDFs/ir_7110...
42 Murali Chirala has great confidence in NIST. He says: “... while the [UIDAI proof of concept trial] does not provide sufficient number of identification searches to estimate [FPIR] and FNIR in a gallery of size of 1.2B directly, and extrapolating too far out has its own dangers in terms of statistical significance, methodology is available to extrapolate the [UIDAI proof of concept trial] results using trends established earlier in other large well established biometric performance evaluations performed by NIST and other agencies”.
43 Lots of other people share that confidence, including UIDAI, who were advised by NIST in the early days, please see UIDAI’s paper ‘Biometrics Design Standards For UID Applications’ at http://uidai.gov.in/UID_PDF/Committees/B...
44 That confidence is misplaced. | | | » Reply » Link » Report abuse | |
| | | Ram Das 1 year ago | Are you referring to response at http://www.planetbiometrics.com/article-... ?
How did you conclude that the response is from UIDAI? | | » Reply » Link » Report abuse | | | | | | David Moss 1 year ago in reply to Ram Das | | Good question.
The first version of my sea-of-false-positives argument was posted on the Planet Biometrics website, a sort of biometrics fanzine, please see http://www.planetbiometrics.com/article-...
That was on 16 February, about six weeks ago.
I was told a week later, 23 February, to expect a response from UIDAI.
A month later, on 25 March, I was told that the response I was expecting had now been posted on Planet Biometrics.
I agree that there is nothing to associate Murali Chirala with UIDAI anywhere on the web.
All I am going on is what I was told, by someone who ought to know. | | | » Reply » Link » Report abuse | |
| | | David Moss 1 year ago | A response has now been received from UIDAI, posted on the PlanetBiometrics.com website.
There is homework to be done, getting to grips with this substantial response of UIDAI's.
More, next week ... | | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | Vivek Gupta 5 hours agoThis is what i call discussion without facts or rather distortion of facts. In any matching algorithm there are multiple inputs applied and not just one. Thus likelihood of falsepositive rate can be significantly eliminated by taking a segmented algorithm approach. I have personally worked on many such algorithms for credit bureaus so understand them well. This false positive rate has no relevance without understanding the full algorithm.
Moneylife is only publishing negative comments and distorting facts. Why? Are you afraid that corruption can be stopped using UIDAI and some people are propping you?
“In any matching algorithm there are multiple inputs applied and not just one”, says VivekGupta, very confidently, based on his experience of credit rating bureaux.
UIDAI is not a credit rating bureau, and they say “biometrics features are selected to be the primary mechanism for ensuring uniqueness” and their mission is “to design biometrics system that enables India to achieve uniqueness in the national registry” and “while certain demographical information is also provided, UIDAI provides no assurance of its accuracy ... demographic information shall not be used for filtering during the de-duplication process”.
There we have a nice example of the problem of induction. VivekGupta assumed that all organisations apply multiple inputs in their matching algorithms, his hypothesis was tested, and UIDAI prove it to be wrong. UIDAI are relying on biometrics only.
There is nothing wrong with moneylife.in publishing VivekGupta’s comments. He’s wrong. But that is not a reason to suppress his comments or to assume that some corrupt person is paying him to distort the facts. Rather, moneylife.in should be praised for hosting an open debate.
Which takes us back to JOABNarayan’s comment three days ago, “I wonder whats the reaction of UID authorities to David Moss' point?” -- UIDAI are strangely silent, aren’t they?
==========
Test area only
Italic
Bold
Link
Test area only
========== | | » Reply » Link » Report abuse | | | | | Vivek Gupta 1 year ago | This is what i call discussion without facts or rather distortion of facts. In any matching algorithm there are multiple inputs applied and not just one. Thus likelihood of falsepositive rate can be significantly eliminated by taking a segmented algorithm approach. I have personally worked on many such algorithms for credit bureaus so understand them well. This false positive rate has no relevance without understanding the full algorithm.
Moneylife is only publishing negative comments and distorting facts. Why? Are you afraid that corruption can be stopped using UIDAI and some people are propping you? | | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | Dear DSOHIndian
"Filthy brain"? "Sick propaganda"?
Why are you so upset?
Best wishes
dm | | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | Dear Mr Lerner
Thank you for your comment.
This business of keeping investigations quiet cropped up in a New York Times article last month, 'Hiding Details of Dubious Deal, U.S. Invokes National Security', http://www.nytimes.com/2011/02/20/us/pol...
The article includes George Tenet. Again.
And it includes this:
"For eight years, government officials turned to Dennis Montgomery, a California computer programmer, for eye-popping technology that he said could catch terrorists. Now, federal officials want nothing to do with him and are going to extraordinary lengths to ensure that his dealings with Washington stay secret ...
"In interviews, several employees claimed that Mr. Montgomery had manipulated tests in demonstrations with military officials to make it appear that his video recognition software had worked, according to government memorandums ..."
It's extraordinary how government agencies get sucked in.
13 years ago, the police in the London Borough of Newham, helped a company called Visionics to promote the notion that their biometrics software had helped to drive crime off the streets of Newham.
Then in June 2002, as reported by New Scientist magazine, "the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest", http://dematerialisedid.com/Evidence/Bio....
Let's hope the same thing isn't happening to UIDAI.
And it's extraordinary how resilient these companies and their directors are.
The Chairman and CEO of Visionics back then was Dr. Joseph J. Atick. Visionics was swallowed by Identix which, together with many other companies, became L-1 Identity Solutions, http://dematerialisedid.com/BCSL/Genealo....
The Executive Vice President and Chief Strategic Officer of L-1 Identity Solutions is, of course, Dr. Joseph J. Atick.
The embarrassment of luring the police into a deception and the embarrassment of the failure of Visionics and identix in the 2004 UK Passport Service biometrics enrolment trial (as reported by Atos Origin, http://dematerialisedid.com/Evidence/Bio...) just seem to bounce off him.
I sometimes wonder if there is some pathological compulsion to believe that mass consumer biometrics work even when the evidence is there in front of everyone's eyes that they don't.
Let's hope that UIDAI, the Indian government and India itself are less gullible. | | » Reply » Link » Report abuse | | | | | Ignorant Indian 1 year ago | Hi David,
The whole basis of your article is one number 0.0025%. This is the FPIR rate used by the report prepares to measure FNIR accuracy.
The report **NEVER SAID THAT THAT WILL BE USED FOR DE-DUPLICATION ***. I am highlighting this because that way it could stick to your filthy brain. They could have simply listed to indicate that biometrics are capable of achieving near zero FNIR. what if the actual FPIR is different from that?
I have heard about environmentalists that manipulate global warming numbers to push their agenda. But what you are doing is even worse. What if UIDAI had accepted a different FPIR rate in their logic? You just assumed the indicated number, because that is convenient for your propaganda.
I would have appreciated if you have really made some constructive suggestions, rather than using UIDAI project for your sick propaganda.
And the about dematerialized id, can you explain how that will work in India, say for a PDS system? | | » Reply » Link » Report abuse | | | | | | shyam sunder 1 year ago in reply to Ignorant Indian | | Hey this guy ignorant Indian clearly has an agenda. He is either the biggest beneficiary of UID contracts or is part of the UID himself.
I don't know why the UIDAI cannot come out openly and engage with this website and the articles on UID. As far as I know, they are the only ones attempting to show the otherside of the UID story as well as global experience.
The very fact that many informed voices are participating in the debate here, requires a truly confident and nationalistic UID to write openly and engage with people. This stealth bombing through dubious aliases only raises doubts about their intentions and integrity.
shyam sunda | | | » Reply » Link » Report abuse | |
| | | | Ignorant Indian 1 year ago in reply to Shyam Sunder | | Hey Shyam Sundar, i think you are right on your guess about me. I have UIDAI enrollment contracts for all states in binami names and i am making a profit of 500 rupees for every binami enrollment. Also the company i own has exclusive rights for all other contracts of UIDAI.
I hope that makes you to feel better about your self.
Ok, just to bring you to reality, I am not any type of beneficiary. I am not even related to identity business. I am just a average Indian, who is normally ignorant about other things, but i had always thought why India did not have a infrastructure like a basic identity scheme. This scheme I thought is a good one that will make life easier for certain sections of rural people.
What I can not tolerate is some privacy maniacs getting all stupid people from the world filled with hatred on biometrics and who are basically against a state run identity scheme pushing articles that I clearly see did not base on right numbers or analysis.
All I have been trying past 2 days was forcing the author of this article to give factual numbers and asking them not make stupid assumptions before writing a book on consequences of it.
When the facts are presented right and if they correlate to reality on their impact and if there is a way the author can explain how the 'false positives' are going to derail the scheme, then I am going to believe it.
Until that time, it is a load of bull shit, coated with impressive math. | | | » Reply » Link » Report abuse | |
| | | | Ignor Indians 1 year ago in reply to Ignorant Indian | | It is obvious from your name that you are ignorant and st***d as well. Do you know the basic promise the UID is being pushed so hard? As the UIDAI says the UID number is meant for those poor people who do not have any kind of identification and hence remain outside of the beneficial schemes run by the government.
My simple question to you and all those who want to push through one more ID, is "If at all the UID number is meant to creat an ID for those who do not have one, then why the poor fellow is supposed to bring along photo ID and residence proof for enroling?"
Any answers or you are ignorant about this as well? Wake up dear, before this thing of giving useless ID numbers will turn out to be bigger fraud than the 2G, CWG scams. | | | » Reply » Link » Report abuse | |
| | | | Ignorant Indian 1 year ago in reply to Ignor Indians | | What I read is Id proof and Residency proof are taken if the person can present. Even with out them, they are supposed to enroll. How do you think home less in Delhi are enrolling?
You are the one that needs to wake up and see positive things. | | | » Reply » Link » Report abuse | |
| | | | Proud Indian 1 year ago in reply to Ignorant Indian | | This exactly is the problem with Ignorant people. They "read" about anything somewhere and bombards with their 'wisdom'. Come down to the ground level, Ignorant. Only if you would read Moneylife article about enrolment. Anyway read it here...http://www.moneylife.in/article/uid-enrolment-troubles-for-helpless-residents/14732.html
It says, "In addition, one must carry an identity or address proof, whether it is a public distribution system (PDS) or ration card, or a PAN card, to be able to get a form to apply for the UIDN."
Got it? You need photo ID and residential proofs just to get an enrolment form for the UID number. Wish you would have visited such centre in India and then commented. | | | » Reply » Link » Report abuse | |
| | | Mark Lerner 1 year ago | David,
Your analysis is correct. In 2003 IBG provided AAMVA (American Association of Motor Vehicle Administrators) with a report that addressed the issue of "scalability". IBG's report was very insightful; biometrics do not work when there is a large subject pool.
There is one factor that you did not specifically address at length. Yes, biometric vendors do hype their products and the capability of their products. When biometrics is used we are asked to trust the technology, the vendor and the end user/government.
I spent two plus years as a confidant of some of the most senior people in the biometrics industry. One of the people included Denis Berube who was the Chairman of the Board of Viisage Technology.
In 2005 I provided the U.S. government what attorneys called a "massive" amount of evidence of wrongdoing. The evidence I provided was provided to me by senior people at Viisage and other companies. Viisage morphed into L-1 when Mr. LaPenta and two of his associates purchased the company and changed the name to L-1. (while the government investigation was taking place).
I had a conversation with Mr. LaPenta about the evidence I provided the government. Mr. LaPenta did not care about the evidence of rigged testing. bogus testing, exaggeration of results, information about contracts and other matters being provided select wealthy investors versus all investors or other wrongdoing that was taking place.
The evidence that I provided the U.S. government resulted in nearly a two year investigation. The results were never made public; not surprising since the investigation was never made public. Congress was not aware an investigation even took place.
I have spent the last four years plus years leading the fight in the United States against the Real ID Act 2005 (biometric enrollment for all U.S. citizens). The organization I founded, the Constitutional Alliance works with those on the "left" and "right" against mandatory biometrics enrollment. http://www.constitutionalalliance.org
You have identified the "statistical" issues with biometrics. There is also the "greed" factor. I humbly suggest you read an article I wrote
http://www.constitutionalalliance.org/in...
Governments have a large financial stake in biometrics. Those in government "want to believe the technology will work as advertised". When I asked those in the biometrics industry why they did not speak up prior to providing me with evidence they said "they believed the technology would work one day."
Those in government thought the technology would work because that is what vendors told them. That does not let those in government off the hook. Many of these people left government after being directly involved in vendors (Viisage/L-1) receiving large contracts and then going on the payroll of Viisage/L-1 after they left government service.
Biometrics do not provide identification. It is the breeder documents that provide identification. In fact, biometrics can validate a fraud. Here in the U.S. many people have submitted fraudulent breeder documents and all the biometrics did is validate the fraud taking place.
I would also humbly suggest that you look at the progress being made reverse engineering biometric templates. This eventuality will cause harm that will not be able to be undone. Unlike social security numbers or even a person's name; a person's biometrics are not easily changed if they can be changed at all. ( a person could change their facial biometric with plastic surgery but a person cannot change all their biometrics)
Consider that once databases and identification documents are compromised all people will be told by governments that the identification process will need to be moved from the ID document to the individual. That technology already does exist in the form of a RFID tattoo (SOMARK Innovations http://www.somarkinnovations.com/about/
Biometrics is about control and greed, not security. You can email directly at stoprealid@aol.com
There are those in government whose goal is to create a 24/7 digital footprint of every citizen utilizing biometrics and RFID technology.
You cannot reconcile the creation of a surveillance society and a free society.
I have testified many times before state legislative committees and am working with members of Congress to end the forced enrollment of U.S. citizens into a single global system of identification and financial control.
Finally, consider the words of Robert Mocny, Department of Homeland Security “information sharing is appropriate around the world,” and DHS plans to create a “Global Security Envelope of internationally shared biometric data that would permanently link individuals with biometric ID, personal information held by governments and corporations.”
Mark Lerner
| | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | Justice Out Of A Box (JOAB) -- a response to SANarayan
I have read a little about PDS, a very little, enough to convince me that it is a huge subject about which I am ignorant and in connection with which any contribution I try to make is most likely to be useless.
I note this comment in a recent Times of India article, 'Corruption in PDS can't be stopped' [1]:
“... [retired SC judge DP Wadhwa] feels that use of information technology is the only way to reduce corruption in the system, as human intervention was useless. He is also exploring other mechanisms to devise the best possible system for PDS.”
I know nothing about PDS but quite a lot about identity management schemes. And I would advise the judge -- probably unnecessarily, I expect he knows -- that adding an IT system doesn’t automatically bring justice, you can’t buy justice out of a box, add IT and you may just get automated corruption, much simpler for the perpetrators, although they may not thank the judge for that.
It seems that SANarayan, like the judge, believes that you can buy justice out of a box. Henceforth, I shall call him JOABNarayan.
Aadhaar is a very big system and, as such, there are many metrics needed to measure its health. “... if UID can deliver unique numbers with a defect rate of .0025% ...”, says JOABNarayan.
Oh no, you don’t. 0.0025% is the false positive identification rate (FPIR). That’s just one measure. We need to add the false negative identification rate. And the false accept rate and false reject rate. These are all mentioned in UIDAI’s proof of concept trial report [2]. We need to add the failure to enrol rate, which is not mentioned in UIDAI’s report.
Then, as noted in the moneylife article above, we need to consider how the reliability of biometrics degrades over time, which in turn requires repeated re-enrolment on the CIDR. We need to consider security. How good are the vetting procedures for enrolment agents? What is to stop someone from setting himself up as an enrolment agent, or a registrar, and creating a lot of phantom people who are entitled to real subsidy money?
I have downloaded a copy of the enrolment agent software from UIDAI’s website myself. Anyone can. How good is the password-protection system on this software? Too good for me. But India’s universities are probably teeming with super-bright students who could crack it in minutes. And incidentally, why don’t UIDAI use biometrics to authorise logging on? Don’t they believe their own publicity? Or Morpho’s?
What about the security of telecommunications between outlying agents and the CIDR at the centre? Can UIDAI prevent “man-in-the-middle” attacks?
How efficient will Aadhaar be? It may be different in India, but here in the UK, I am sorry to say, our civil servants are often incompetent [3]. Even if all the IT components of Aadhaar work, that is no guarantee that the UID scheme will work or do any good. Just because you change the system doesn’t mean that the people change.
How much will Aadhaar cost? Is it worth it? Will it make PDS work? Nothing else seems to have made PDS work, judging by my very superficial reading? Why should Aadhaar work where everything else has failed? Are people deceiving themselves, duping themselves, for the best of reasons, but nevertheless foolishly, that Aadhaar is somehow magic?
JOABNarayan is happy to accept the FPIR of 0.0025%. He shouldn’t be. At that rate, UIDAI cannot guarantee unique identification, it is a unique identification authority with no unique identification to manage, it will have no authority. Are you sure that you are happy to abandon unique identification, JOABNarayan? Do you realise what it means? There could be any number of duplicates on the CIDR. What use is it then?
Moving on to the false reject rate (FRR), what are you going to do about all the people who are told by Aadhaar that they are not themselves? Let them starve? You can reduce the FRR. But only at the expense of increasing the false accept rate (FAR). At which point, everyone could use their biometrics to prove that they are anyone [4].
And that brings me to my impoliteness. It is very rude of me to call IgnorantIndian “DSOHIndian” and to call SANarayan “JOABNarayan”. My apologies. Who am I to assign a new identity to them?
And who is UIDAI to assign a new identity to them?
Take a look at FRR and FAR. They are variable. When one is low, the other is high, and vice versa. It is up to UIDAI and its agents to set the tolerance limits. Set the FRR low, and David Moss is David Moss. Set it high, and David Moss isn’t David Moss. The identity UIDAI assign to you or me or whoever is discretionary. That is not what we normally mean by identity. Have you thought about that? What does it mean to you? Do you want UIDAI (or anyone else) to have discretionary powers over who you are? What is this peculiar new form of identity that they are dealing in?
Everything about Aadhaar has got failure written all over it. It is big and complicated, it assumes that administrators will change their nature by magic and it depends on a flaky technology with a lamentable track record.
I may know nothing about PDS but I can tell you today that Aadhaar will deliver none of the benefits everyone hopes for. A few suppliers will get richer. A lot of taxpayers will have nothing to show for their money.
What, asks JOABNarayan, is the alternative? Good question.
One alternative, out of many, is what I call “dematerialised ID” [5]. I proposed it to the UK government in 2003. They ignored it. Maybe they were right. You take a look. It depends on mobile phones, a technology which manifestly works and is here already, and on digital certificates, ditto, it works and it’s here and has been since the 1970s. And it doesn’t rely on being able to buy justice out of a box.
----------
1. http://articles.timesofindia.indiatimes....
2. http://uidai.gov.in/images/FrontPageUpda...
3. http://dematerialisedid.com/pdfs/Written... please see p.15 and following, among others
4. Please see Airport face scanners 'cannot tell the difference between Osama bin Laden and Winona Ryder', http://www.telegraph.co.uk/news/uknews/l...
5. http://dematerialisedid.com/ | | » Reply » Link » Report abuse | | | | | SANarayan 1 year ago | | Lets look at the issue another way. UID is not an end in itself. Its meant to be used for a(some) purpose(s). In management there is a proposition that if you can be 80% right about a particular solution , then go ahead and do it; because there are no perfect solutions and perfect answers. Now if UID can deliver unique numbers with a defect rate of .0025%, does it really matter that UID holders are given ,say PDS rations at low rate, even if doubly given to those with repeat numbers as against current diversion of 40% of PDS supplies to the open market? Do the sceptics/perfectionists have any alternate solutions to prevent leakages of subsidies which are self regulating? | | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | Mathematicians and logicians have the luxury of dealing in certainty. Scientists don’t.
Scientists have to bring to bear all their knowledge and all their imagination to create a hypothesis which explains the known events to date and predicts future events. If those predictions prove false, then their hypothesis is disproved. That’s for sure. Otherwise, their hypothesis is vindicated for the moment, but there never comes a time when it is proved. It’s lop-sided, it’s asymmetrical, but that’s the way things are, that’s the problem of induction.
Which is why the natural position of good scientists is scepticism.
DSOHIndian says:
QUOTE
Finally I got the answer I am looking for. Throw suspicion until people can not distinguish between right and wrong.
UNQUOTE
It’s not suspicion. It’s scepticism. It is scientifically respectable to be sceptical about biometrics. The alternative is to be naïve or credulous or gullible.
It is only naïve or credulous or gullible people who can’t tell the difference between right and wrong.
The Unique Identification Authority of India is in the unique identification business. It takes raw materials – biometrics – and it creates unique electronic identities on the CIDR. Is UIDAI running its business properly? Is it checking that all those millions of electronic identities it has amassed are unique? Is UIDAI to be trusted?
Yes.
In which case it will no doubt have no trouble explaining how it ensures that each electronic identity on the CIDR is unique. It will no doubt have no trouble telling India how it has compared each set of biometrics (fingerprints + irisprints) against every other set of biometrics on the CIDR. It will no doubt have no trouble telling India how many false positives it discovered and how they resolved the problem.
If UIDAI are being scientific, if they are respectably sceptical, they will have all the procedures in place to keep testing their hypothesis that biometrics allow them to create millions of unique identities. Testing it all day, every day, as the enrolment details coming flooding in by the million from registrars all over India.
And they will, no doubt, be proud to share with India the results of their findings to date. As, indeed, they should be. After all, the Indian taxpayer is paying UIDAI quite a lot of money and they have the right and the duty to make sure the money is well-spent.
That’s not suspicion or paranoia or conspiracy theory neurosis, it’s respectable, scientific scepticism.
Scepticism is always called for. It is perhaps especially called for in the case of the mass consumer biometrics industry, which has a patchy history -- please see for example http://dematerialisedid.com/BCSL/Genealo... and http://dematerialisedid.com/Evidence/Bio... -- and needs to prove that it is now going straight. | | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | How long have we known each other? A day or so? Not long but I’m beginning to recognises IgnorantIndian’s Dry Sense Of Humour. He’s obviously not ignorant. I shall henceforth call him DSOHIndian.
Take this comment of his, for example:
QUOTE
... if you need to know accurate duplicate registrations are done so far use this link:
http://portal.uidai.gov.in/uidwebportal/...
UIDAI is pretty good in updating fake numbers. They are in fact even creative to the extent that they prepare daily reports down to state/district/sub-district level.
UNQUOTE
For anyone who doesn’t get the joke, the whole point is that you can spend as long as you like clicking away on the UIDAI portal and you won’t find any statistics on false positives or duplicates or deduplication.
Very amusing. | | » Reply » Link » Report abuse | | | | | SANarayan 1 year ago | | David Moss' full report on 'India's Card-----' more lucidly brings out the full impact of 'false positives and how UID is really not unique. But thanks for the first comment by Ignorant Indian, I would not have been wiser. I wonder whats the reaction of UID authorities to David Moss' point? | | » Reply » Link » Report abuse | | | | | Ignorant Indian 1 year ago | Finally I got the answer I am looking for. Throw suspicion until people can not distinguish between right and wrong.
BTW, David if you need to know accurate duplicate registrations are done so far use this link:
http://portal.uidai.gov.in/uidwebportal/...
UIDAI is pretty good in updating fake numbers. They are in fact even creative to the extent that they prepare daily reports down to state/district/sub-district level. | | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | DailyIndia.com [1]:
'India issues two millionth UIDAI number using Morpho's technology'
The Economic Times [2]:
'Morpho helps issue unique identity to 3.5 million people'
IgnorantIndian:
'UIDAI has alread issued three million numbers'
2 million? 3 million? 3.5 million? Which is it? Who knows?
Whatever the number of UIDs issued:
QUOTE
"We are truly proud that our cutting-edge biometric technology has allowed the UIDAI authority to reach the x million milestone in this large-scale project," said Morpho chair-man and chief executive officer Jean-Paul Jainsky.
"This achievement highlights the efforts and commitment of all the partners involved to make the Aadhaar program a success," he added.
UNQUOTE
The question for India is, under what circumstances is Jean-Paul Jainsky entitled to feel proud?
The Unique Identification Authority of India has to deliver one thing -- unique identifi-cation.
Monsieur Jainsky can be proud if those first two million records on the Central ID Re-pository (or 3 million or 3.5 million) are unique.
How do you prove they are unique? According to UIDAI, their mission is to "design biometrics system that enables India to achieve uniqueness in the national registry" [3].
How do you prove that two million sets of biometrics are unique, i.e. there are no dupli-cates? Answer, you compare each set of biometrics with every other set of biometrics and demonstrate that they are different.
How many unique pairs of biometrics are there in a population of two million? Answer: 1,999,999,000,000.
Has Monsieur Jainsky made all those comparisons? Yes or no? And what was the result? Were they all different?
If he can answer "yes", then he can justifiably be proud and India can be confident that its money is not being wasted.
Otherwise, Aadhaar should be stopped now, at this early stage, and re-designed. It is cheaper to drown in a sea of false positives now than later.
Follow the advice of Nagesh KiniFCA. Every journalist should take every opportunity to ask Monsieur Jainsky if he can prove that all the records on the CIDR are biometrically unique. And press him on the point. How long did the proof take? How many people were involved? Were there independent scrutineers?
Without that, I don't know, IgnorantIndian doesn't know, Monsieur Jainsky doesn't know how many duplicates there are on the CIDR already.
He can keep piling up the registrations, one million a week, 10 million a week, and all the time India could be getting further and further away from unique identification, everyone thinks progress is being made but actually the whole project is drowning and all the money and all the effort and all the resources are being wasted and Monsieur Jainsky has less and less reason to be proud.
----------
1. (http://www.dailyindia.com/show/430123.php)
2. http://articles.economictimes.indiatimes...
3. http://uidai.gov.in/index.php?option=com... | | » Reply » Link » Report abuse | | | | | Ignorant Indian 1 year ago | Hi David,
Your calculation of number of matching that will happen after 120 crore enrollments is impressive, but Unless you can explain how they are able to roll out 1 lakh numbers a day with so many false positives, i can not believe what you say.
UIDAI is ramping up pace of enrollment, i see that they will do more 1 million in march and looks like very soon they will come up to 1 million per week speed.
You have to explain how they can possibly do it with fundamental flaws in their design. If you can not explain that your theory is practically busted by those guys. | | » Reply » Link » Report abuse | | | | | Nagesh KiniFCA 1 year ago | | Since both the British and Indian pilot studies have come up with major road blocks it is imperative that all these concerns be addressed and set right before they blow up into major issues as even the smallest glitch can turn out into a major problem at implementation. All the necessary safe guards need to be built in here and now even if it means a few crores more, to make it work.. | | » Reply » Link » Report abuse | | | | | David Moss 1 year ago | I am the person whose brain doesn't work properly according to IgnorantIndian. SANarayan doesn't seem to be very impressed either.
Still, at least Nandan understands.
In the academic year 1976-77, I taught A-level maths to 50 students. 49 passed. I can't remember much maths now. But I can remember nCr, the number of unique combinations of r objects chosen from a population of n.
nCr = n!/(n-r)!r!
There are 7.2 X 10^17 unique combinations of 2 that can be chosen from a population of 1.2 billion and nothing IgnorantIndian and SANarayan say can change that.
It's not an ethical matter. It's maths. Not a matter of opinion. There's a right answer that everyone agrees on, if someone disagrees it just means they don't understand the words.
And the words according to UIDAI are that their job is to prove that every record on the CIDR is unique and that that proof will be conducted by reference to people's biometrics only.
UIDAI's own report shows that that proof is impossible. It would require every Indian alive to check and resolve 15,000 false positives.
And that's not going to happen. There isn't time.
So UIDAI can't possibly accomplish its mission.
Would supporters like to take that into account now? Or would they -- highly unethically -- prefer to waste several billion dollars first?
Whose brain isn't working again? | | » Reply » Link » Report abuse | | | | | Ignorant Indian 1 year ago | Ok Sir, 18 lakh crore FP's are expected for 120 crore poulation by your skewed analysis. That means 15000 FP's for each UID application.
UIDAI has alread issued three million numbers, what is your expert estimate of number of FP's so far? How much time they should have spent reviewing those?
If 1 lakh numbers are issued a day now, how many are getting manual reviewed?
Before start scaring people, put your your feet on ground and give a reasonable explanation of what you are saying?
| | » Reply » Link » Report abuse | | | | | Nandan 1 year ago | For those who are ignorant or blind here are the calculations....
How many unique pairs of biometrics can be chosen from 40,000? Answer: 40,000 x 39,999 / 2 = 799,980,000. UIDAI are right. 40,000 is a number of the order of 10 raise to 4, whereas the number of comparisons which have to be made to prove uniqueness is of the order of 10 raised to 8.
The population of India is of course not 40,000. More like 1.2 billion or 1.2 x 10 raised to 9. So that the number of comparisons between pairs of biometrics that would need to be made to prove uniqueness is 7.2 x 10 raised to 17.
It would take a very long time but, in a perfect world, those 7.2 x 10 raised to 17 comparisons could be performed by computer and it could be proved automatically that there are no duplicates, i.e. each electronic identity is unique.
How many false positives should India expect? In the Results section of their report UIDAI define FPIR, the false positive identification rate, and they say “we will look at the point where the FPIR (i.e. the possibility that a person is mistaken to be a different person) is 0.0025 %”. At that point, UIDAI would get 2½ false positives on average for every 100,000 comparisons.
Given that UIDAI have to make 7.2 x 10raised to 17 comparisons, how many false positives should they expect? Answer: (7.2 x 10raised to 17) x (2.5 x 10 raised to -5) = 1.8 x 10 raised to 13. That’s 18,000,000,000,000 or 18 trillion or 18 lakh crore false positives for people to investigate and resolve.
| | » Reply » Link » Report abuse | | | | | SANarayan 1 year ago | | On reading the first comment ,I, too arrived at a false positive of only 30,000 for a 120 crore population. The basic premise of the Moneylife article collapses and I suggest that it be withdrawn , lest falsehoods are unwittingly spread. | | » Reply » Link » Report abuse | | | | | Ignorant Indian 1 year ago | This one line shows ignorance of the articles author and his/her poor math skills:
This means, for every 1 lakh comparisons, there would be two and a half false positives. On a large scale, it means for a population of over 120 crore, there would be 18 lakh crore false positives
Some body make this author's brain working in right way. 2.5 false positives for 1 lakh comparisions makes 250 for one crore matches and 30,000 FP (False Positive) for whole population. This number is manipulated by author as "18 lakh crore false positives". That is absurd.
Also the author really failed to understand the consequences of false positive. It only triggers a manual review of the UID application, but not a automatic identity number. What that really means is when 120 crore applications are processed, 30,000 of them will trigger un-necessary manual review. It is not a big expense compared to the size of the project.
This magazine is not following journalistic ethics, but is helping some stupid SC lawyers to push their agenda with manipulated numbers. | | » Reply » Link » Report abuse | | | |
What's Hot
From this section
- JP Morgan Loss: Were any laws broken?
When banks are in trouble, they often mislead the world about their financials. Maybe JPMorgan disclosed everything properly about its $2 billion loss, but that's what we need to determine. - Ayurvedic doctor penalised for giving allopathic medicine that led to
The National Consumer Commission, while upholding State Consumer Forum’s decision, questioned why an Ayurvedic practitioner administered allopathic medicines without any knowledge of the same - 4 doctors of Max Hospital held guilty of negligence; anxious father
Following the death of his daughter due to medical negligence in Delhi’s posh Max Hospital, the aggrieved father invoked 50 RTI applications in various departments to seek justice. Last week’s order by CIC Shailesh Gandhi provides some hope - ‘Lucrative’ assignments: A Messy Saga
Top bureaucrats and chairmen of banks and public sector entities (barring a few honourable exceptions) are guilty of corruption and looting of public assets. However, their political godfathers ensure that they escape strict action - Harshad Mehta Scam: A Distorted Picture of 1992
Even after a 20-year effort, the special court is discussing the possibility of pushing the hearings. The only major beneficiaries have been India's lawyers, whose incomes rose by a factor of 10 or more
|
What's HotRecent Additions
 Daily cleansing for the mind Breathe away to happiness and glory! Bath for the mind consists in daily replacing our negative thoughts like hatred greedy, jealousy, anger and pride with positive thoughts like
 Most Popular
|
Submit your comments
RSS Feeds
Register Now!
Newsletters
RIL does not hold stake in any media company – True or 
Did New India overcharge lakhs of policyholders? – II 
Did New India Assurance overcharge lakhs of mediclaim 
President Pratibha Patil’s luxurious home continues to 
Pathbreakers
Plain Truth about Stock Investing
Plain Truths about Mutual Funds
Plain Truths about Investments