1.Vulnerabilities of UIDAI data expose The Hindu
2.Zero Budget Natural Farming : An Andhra farming case study Down to Earth
1.Vulnerabilities of data expose (The Hindu)
Synoptic line: it throws light on the vulnerabilities of data safety in UIDAI regime.
- Those who were reassured that the Aadhaar architecture is safe and secure have faced a few rude shocks lately. First, there was the recent report in The Tribune on how one of its reporters was easily able to log in to the Aadhaar website and access any enrolled Indian’s personal information, all for a grand fee of Rs500.
- While the veracity of this report is still being contested by the Unique Identification Authority of India (UIDAI), it has stirred panic over the security of personal data entrusted to the government. This came close on the heels of reports last month that a telecom company was utilizing the eKYC (know your customer) data of its mobile subscribers to open payment bank accounts without their consent.
- the public interest which lay in showing how easily the database could be breached and drawing attention to the existence of an organised racket to facilitate this far outweighed, or more than compensated for, the act of unauthorised access, in this case secured on payment of a few hundred rupees.
- The investigation was written up in the best journalistic tradition it focussed on how the data were being mined for money, it did not leak any Aadhaar numbers or other details to establish this, and it sought and received a response from shocked officials of the Unique Identification Authority of India.
- Instances highlight scenarios where data from the Aadhaar database is vulnerable. In the first, the weaknesses in security measures and processes around the database leave information susceptible to an attack. In the second, providing third-party entities loosely regulated access to an individual’s data leaves scope for abuse.
Need to protect
- There is a need to protect the data belonging to individuals in these situations, providing the government with two possible policy options: it can choose to either overhaul the Aadhaar architecture completely, or it can build in additional security measures to ensure that individual data is not compromised.
- Uninventing Aadhaar is not a practical proposal. It would have to include repealing the statute on Aadhaar, disbanding the database already created, and figuring out alternative means of delivering the services that are now dependent on Aadhaar. A more sustainable way forward is to better secure Aadhaar. This will involve not only the secure collection and storage of personal data, but also a safe regulation of the manner in which third parties use it for authentication.
How to protect
- One way to protect Aadhaar-related communications is to channel them through a secure conduit. This can be achieved through a system of temporary tokens for Aadhaar-based verifications. Sunil Abraham from the Centre for Internet and Society (CIS) has recommended a system of using dummy or virtual Aadhaar numbers along with a smart card to protect information belonging to individuals.
- Tokenization is the process of masking sensitive personal data with another innocuous dataset, allowing it to be shared with third parties without the risk of the personal data being exposed. So, every time a service provider asks for identification, the individual can provide a one-time-ID number generated by an Aadhaar app or on UIDAI’s website. The service provider can authenticate the one-time-ID number with the Aadhaar database, without needing to know or store the Aadhaar number.
- The algorithm used to generate the one-time-ID number must be constructed using hard-to-replicate information and kept a well-guarded secret. No two service providers will have the same one-time ID, making it harder for personal profiles to be constructed by mining data from multiple service providers, thus enabling a higher level of privacy protection.
- Allowing such a system of tokenization for every eKYC can create a welcome layer of ambiguity around individuals’ personal data and preserve the individuals’ Aadhaar-related information with the government. This system also breaks the link between the Aadhaar database and any third party having access to an individual’s Aadhaar number. If this link is not broken, then any entity—government or private—would have access to potentially millions of Aadhaar card numbers, opening endless possibilities for data abuse.
- The tokenization process allows the authority to arrest any attempts at data abuse. In fact, to make this system of tokens or one-time-ID numbers effective, the law must build in measures to penalize any attempt to recreate an individual’s Aadhaar number from the unique token number. In other words, the service provider is given a token number for authentication, but prohibited from obtaining the Aadhaar number it corresponds to.
- Tokenization is an improvement over the status quo, but only in one aspect making Aadhaar secure. It is imperative that the government pays equal attention to the manner in which all data is collected, stored and disposed of by the authority. There are two facets to be explored here: first, ensuring secure storage of the vast information database, and second, plugging security loopholes that happen at collection by limiting access to the database.
- The adoption of appropriate technical safeguards is indispensable to thwart external threats to the Aadhaar database, such as ransomware attacks. Having appropriate security, and having periodic audits to test the adequacy of such security, is indispensable.
- Equally, limiting access to the database is crucial for preventing leaks, such as the ones reported in The Tribune. It is important that only a select few individuals have access to the database and that these personnel are properly vetted before being vested with such responsibility.
- These various facets of the Aadhaar ecosystem are likely to be further examined in the public in the weeks to come as the Supreme Court gears up to hear the petitions on Aadhaar. Regardless of the verdict, there is an urgent need to improve the safety of the Aadhaar ecosystem and the use of tokenization goes some way towards achieving this objective.
Question: How Implementing a system of tokenization for Aadhaar verification will address the security loopholes highlighted in recent reports?
2.Zero Budget Natural Farming : An Andhra farming case study (Down to Earth)
Synoptic line: it throws light on the advantages of the zero budget natural farming.
- As climate is changing, creating resilient food systems has become the need of the hour. Across the world, agriculture is facing multiple setbacks, be it in the form of extreme weather events like floods and droughts or factors such as soil degradation, soil salinity and water shortage.
- To feed the global population of 9.6 billion by 2050, as projected by a United Nations report, scaling up food production is important. But ensuring food security, producing more with less resources and building the resilience of smallholder farmers are also important in creating a food-secure future.
Zero budget natural farming
- The Andhra Pradesh government’s unique initiative to improve farmers’ livelihood through zero budget natural farming (ZBNF) is the right solution to fight climate change in the drought-prone Rayalaseema region.
- Districts like Anantapur, Prakasam, Kadapa, Kurnool and Chittoor have traditionally been drought-prone. The only advantage Kurnool has is the occurrence of black cotton soils over a greater portion of the district that can retain moisture for a longer period of time. However, the western part of the district has dry, red soil. There are villages in Kurnool which witness dry spells for over a month. For such villages, ZBNF has come as the right solution.
- ZBNF was initially launched in September 2015 under the Centre’s Rashtriya Krishi Vikas Yojana. Initially, 50 villages across 13 districts of the state were selected for the pilot project. It has been so successful that the government wants to scale it up, according to T Vijay Kumar, who is in charge of the project. Last year during the Kharif season, work started in 704 villages to bring farmers under this practice. There is a plan to cover an estimated 6 million farmers by 2025-26.
- The main aim of ZBNF is elimination of chemical pesticides and promotion of good agronomic practices. Many farmers, who were initially reluctant to take up ZBNF, have been practising it for two seasons now. There are some who switched over last year and has witnessed good results.
- In rain-fed agriculture, it is important to make water available in the form of moisture. By practising composting on the farm itself, soil organic matter increases. There is a greater need to make organic matter available in rain-fed areas.
- Intercropping is an important feature of ZBNF. Towards this end, Yerraguntla farmers grow pearl millet, red gram, foxtail millet, along with chilies and tomatoes.
- Besides reduced input cost, farmers practising ZBNF gets higher yields. In Anantapuram district, there has been a 136 per cent higher yield in groundnuts under natural farming. Naidu gets five quintals (1 quintal is 100 kg) of red gram under ZBNF compared to three quintals under non-ZBNF.
- In Gosanipalli village, around 150 farmers are practising ZBNF. Ramajaneyulu, a local farmer, has 0.809371 ha of land on which he has been practising ZBNF for two years. He has witnessed nine quintals of groundnut as compared to six or seven under non-ZBNF. Besides groundnuts, he also grows onions, tomatoes, carrot and red gram.
- The Food and Agriculture Organization (FAO) of the United Nations advocates environmentally-friendly farming methods that can take us to a more sustainable future. We need a global transition to a more resilient and sustainable agriculture that is less dependent on agrochemicals and draws more on natural biological and ecosystem processes.
Question: Ensuring food security, producing more with less resources and building the resilience of smallholder farmers are important towards creating a food-secure future.