Nowadays, digital security and personal security are at such deep risk. The rise of professional hackers has boomed over the need to adapt to better systems that could protect consumer data and the history and information of billions of people worldwide. Digital Id is now a thing for the present future.; With now, countries adapting to the digital ID system need to make it even stronger and encrypted (1). But, this isn’t easy as such a system is not easy to make. Professional, ethical hackers, also find it difficult to implement such a system, but it could only take less than a day for an unethical hacker to crack a defensive system. That is why the rise of digital system security is a questionable factor.
Several countries’ policy discussion is increasingly on digital identity, with several governments proposing or implementing national programs on digital identity and multilateral institutions making investments. Governments are trying to provide a single digital identity to residents (or sometimes only citizens) of a specific nation-state through these government-administered or coordinated programs. Many of these programs involve a push to gather, store, and use people’s biometrics as the primary means of establishing and authenticating their identity (2). Supporters of centralized national ID programs, particularly biometric linkage programs, argue that they bring benefits such as the more precise and efficient provision of government services, anti-poverty regimes, and welfare systems; that they can reduce corruption or increase inclusion; or that they can contribute to the interests of national security.
Over the years, several countries have taken into account, discussed, tested, and implemented a national centralized identity program. Australia may have seen the Australia Card initiative as one of the earliest proposals. This proposal didn’t see daylight and was abandoned. The UK (3) took charge of the later withdrawn scheme of national identity. Countries such as Belgium have seen non-biometric national identity programs. In Portugal, biometric Citizens Cards are implemented, with biometrics stored solely on the card. Since 1999, Taiwan has had eID talks in Asia, as reported by the Taiwan Human Rights Association. Taiwan is contemplating implementing a national eID amid privacy and civil-society surveillance concerns (4). In Taiwan, the eID should combine several separate paper IDs in one eID, including health insurance and driver’s license.
Many national digital identification programs raise concerns about privacy, data protection, governance, and cybersecurity, both conceptually and in practice. It also raises concerns about the design of schemes and the inclusion or exclusion of individuals from government services. We present three case studies below, which we believe to be of particular importance for this world debate: Estonia, Tunisia, and India.
Talking about India… Let’s see about the system in India.
Why need an ID System in India?
According to the State of the World Population Report, more than half the world’s population lives in urban areas, with the number growing steadily every year. This trend is no exception to India, where most of the population still depends on agriculture. India’s urbanization level increased according to the census from 28 percent in 2001 to 31 percent in 2011. The demographic explosion and poverty-induced rural-urban migration are causing urbanization in India. The Economic Survey of India in 2017 had estimated that, between 2011 and 2016, the magnitude of inter-state migration in India was nearly 9 million a year. In contrast, the 2011 Census estimates a total of 139 million internal migrants in India. The countries’ largest sources are Uttar Pradesh and Bihar; Madhya Pradesh, Punjab, Rajasthan, Uttarakhand, Jammu, and Kashmir West Bengal (5).
What is Aadhar?
Aadhaar, India’s single identity number program for each resident, is the world’s largest biometric identification scheme. In 2008, the program, created by June 2016, has created biometric identities for more than 940 million people. The program is also designed to achieve social inclusion and more efficient public and private services (6). It also started being used to digitalize government subsidy flows for several public purposes; for financial services, registration of attendance reduces absenteeism among government employees, passport issuance, identity cards, and other ID forms (7).
Many Indians now have various forms of identity for various purposes, such as a voter ID card, the public distribution ration card, the tax registration Permanent Account Number card, a driver’s license, and a passport. The process of application and verification is different and procedurally complex in each of these IDs. For a more accurate picture of Indian residents and their access to and use of public services, the Government proposed that a single biometric identifying system be created and monitored within the UIDAI (8). In 2006, the Indian Department of Information Technology proposed the idea of a universal electronic ID. The UIDAI was established in 2008, and Indian entrepreneur and politician Nandan Nilekani had been appointed as Chairman.
The Aadhar system was considered a necessity in 2012 and was made mandatory for the rest of its time. Every Indian citizen was deemed to hold an Aadhar card for all purposes, governmental work, registrations, rations, scholarships, etc. It has become a popular document to carry amongst all other forms of ID (9).
Data Leak crisis and Sustainability
All the data currently are technically held in a central repository operated by three private sector companies managed and supervised by UIDAI. No company can access the entire set of information of a person as a security feature. Such data may not be shared without the individual’s consent with any public or private agency. Once you connect your UID number to a bank account or a government welfare payment database, the Government may search for duplicates using the UIDAI system or pay if they authenticate on an authenticator. That is to say, any government department can obtain an individual’s number but has no information or biometrics.
Having requested that agencies send Aadhaar’s central database, the main idea behind Aadhaar was proper identification authentication or so-called CIDR (10). The requesting agencies request authentication by sending Aadhaar information and the authenticated person’s demographic and biometrics. All the information from persons registered under Aadhaar is available at the CIDR. The CIDR processes each application and gives the Agency a yes or no answer and other information. For the KYC authentication in the Aadhaar program, the CIDR returns ‘e-KYC’ data, including the demographic and authenticated pictures. KYC authentication can only be performed through biometric data or single passwords created and transmitted to the authenticatee’s registered mobile number (11).
Earlier in 2019, In partnership with a self-proclaimed anonymous French security investigator, the Indian cybersecurity machine claimed that it had plugged an important data leak during the past nine days, using its Twitter account to talk about data security. In a tweeted article on 10 March, the researcher, who goes by the name Elliot Alderson display name, tweeted that three lakh and five thousand ID documents including aadhaar cards” were leaked by two “Indian government websites.” The top sources reported that the top-level discussion of the Indian Government took place after the initiation of a highly secret operation, which identified and plugged the leaks. Again, Alderson tweeted, “Thanks to everyone involved, this has been resolved, and three lakh personal documents have been secured.” He criticized Aadhaar, saying it is a risk to keep all Indian personal information on a common server. Alderson said it was a safety risk (12).
How Indonesia and others are going about with Digital security
The pioneering of digital governance is what Estonia considers itself to be… Estonia, which became independent in 1991, leverages technology in every aspect of Government. This is what e-Estonia means. Estonia is the first country to hold internet elections and e-residency. Another step towards e-government is the Estonian identity card. The ID card contains a chip that stores digitized user data, such as user name, sex, and national number. The ID system also uses public-key encryption as an authentication mechanism. ID cards are used for a 2.048-bit public-key/private-key open-source encryption that holds two digital certificates separately: a certificate for confirming the holder’s identification and a digital signature for an individual (13).
Back in 2001, Malaysia was the first nation in the world to use MyKad, pictures, and fingerprint biometric information card embedded in a plastic computer chip built into it. Also, MyKad (14) can be used in Malaysia as a validation tool to access services from government agencies, a touch n transport card, and even as an electronic bag, to name a few use cases, as a formal identification paper, which all citizens aged 12 and older must have by law. Plans have been announced at the Malaysian Ecommerce Entrepreneur Summit, held in October 2018, to launch the new Digital ID by mid-2019. A digital identity would also be a key and integral platform to make Malaysia a smart nation for the digital Government.
In Indonesia, The e-KTP provides unique biometric data. In line with the then Interior Ministry, improving government services and census of the population and reducing fraud, and monitoring security threats were at the heart of its implementation. It has contactless technology, nine layered, a single serial number, a microchip, and can be used for various government services applications (15). The e-KTP forms the basis for issuing passports, driving licenses, identification numbers for taxpayers, insurance policies, land ownership licenses, etc. The bearer’s full name, religion, profession, address, and marital status are personal and sensible data in the e-KTP.
The Future of Digital security
Considering a future that is not far away, the world security system still has much work to protect user data from being leaked. With passwords now being encouraged to be lengthier to discourage hacking, the same follows with biometrics(16) that now are close to being secure, but, still the movies prove us one thing- if the third is desperate, they will do anything even to get your eye or even a fingerprint but, we can’t compare fiction with reality. With software and system being more complex, so does data plunge. It is very crucial that personal data be safe to ensure that you aren’t a part of a larger scam that blows you off. The future of such technologies might get more intricate, and we might even see a world where personal data isn’t a toy to be meddled with.
