OpenSource For You
Exploring Software: Building a Web of Trust
The headlines scream, “So many thousands of people deprived of rations, in our national capital, New Delhi.” So how do these people prove they are who they say they are, when Aadhaar verification has failed for some reason or the other? The author takes up the issues concerning trust in a world where machines can be fallible and senior citizens can be easily lured by conmen.
The man smiled and said to me, “Now let us use the left thumb.” I rubbed it against my shirt and tried. The man said, “Let us try the other thumb. You will have to help me. Otherwise …” I tried the other thumb. Cleaned it on my shirt and then rubbed it on my forehead to make it moist. The man gave me a big smile and said, “Welcome back and have a pleasant stay.”
This set me thinking, “How do you prove that you are who you say you are.” At US Immigration, my wife and I went to the self-service booths first. There were many automated counters and we could take our time. My wife’s verification was a breeze. A man helped me and my verification was partially successful. But because it was partial, both of us now had to be manually verified. Had my manual verification failed, I expect I would have had to be verified by the security police.
So, while most people may not have a problem with biometric or other verification processes, how do you handle the cases that are problematic? Since crossing international borders is usually a rare occurrence, delayed verification may not be critical. Besides, at borders, governments are willing to spend money on the security process.
The issue of a central authority
I faced difficulties with Aadhaar verification as well. Fingerprint verification just would not work. Fortunately, I could link my registered phone using a one time password (OTP). I wanted to do this just in case the Supreme Court allowed mandatory linking of phones to Aadhaar while I was away. I could not risk the phone used for all the OTPs being disabled.
In another case, the iris verification worked only after a couple of attempts. The person at the counter mentioned that on some days, as many as 40 per cent of the people had problems – not all because of biometrics but also because of a mismatch in the name or age. The operator felt disheartened as he had to deal with the frustrated, retired people who had often come from out of town with their children having taken the day off.
The second issue is related to what happens if you rely on a common authority for authentication. The day I was leaving for the US, I read in a Mumbai paper how a woman had been cheated of ` 100,000. It seemed that the recent death of her husband entitled her to an insurance claim of ` 10 million. She trusted the phone calls she received because the people who called seemed to know so much. And she believed them when they claimed that they had got all this information from her husband when he took the insurance policy.
True, centralised verification is convenient. But the trouble lies in its convenience. It is far too easy for spammers and con-artists to target their victims. In one case, I myself shared information so easily to a person pretending to be from the income tax office. As it happened, this turned out to be useful. I had informed the caller that my father had passed away a few years earlier. Coincidentally, I stopped getting calls from an investment company wanting to talk to my father!
Retired people are a favourite target of sellers of fake insurance policies. I would actually regard it not as misselling but as legalised fraud by the insurance companies. It should be obvious to even an idiot that certain types of policies make no sense for any retired person. One of my relatives got a policy for which he was to pay premium till he was over a 100! He had eight such absurd policies. It was legally too late to force the insurance company to cancel the policies. And my cousin said that his father deserved to lose the money for being so stupid. He refused to approach the consumer courts. Victims of such policies are invariably the ones who are financially vulnerable and are easily misled by false promises of returns.
There is nothing secret or dangerous about announcing your retirement or the death of a loved one except that with a common verification process, criminals can mine data more effectively and target their victims with a greater success rate.
It is important to appreciate that the centralised authentication process does not have to be compromised for the fraudsters to be able to collect the information about their targets. A common thread to link various sources of data is enough.
A Web of trust
I am reminded of years ago, when security issues for websites became a major concern leading to the formation of companies like Verisign and Thawte (incidentally, the money from Thawte helped create Ubuntu).
An alternative mode of verification, modelled on the way humans trust each other, was proposed. If you trust a group which trusts a site, you trust the site. This is obviously extensible, as you can trust a site that is trusted by a group, which in turn is trusted by a group that you trust. So here, you have a ‘Web of trust’. Obviously, it is more complex than that. Check out https://en.wikipedia.org/wiki/Web_of_trust for more details, including the issues and concerns associated with the model.
With the success of blockchains, a decentralised model like the ‘Web of trust’ may become a convenient and viable alternative now. For example, rebooting the Web of trust is an interesting possibility (http://www.weboftrust.info/).
Email as the link
Some years ago, BSNL forced changes in email IDs on its users, and I was unhappy. I believed that the single lifetime ID offered by Google was a saviour. Now, as I think about this, I wonder what I have done!
It was far too painful to create and maintain different email IDs. Hence, most of the sites know me by my gmail ID. This makes it far too easy for data miners to create a profile of me for whatever goals they may have. Even though Google sites and Facebook sites are not related, it is easy to link the data as Facebook knows my email ID.
One of the very useful features of email from the early days was the concept of an alias. The external world knew of a simple email ID, which could be forwarded to the appropriate person. The same concept could be extended to individuals. What if you could create aliases for your email ID and use a different alias for different sites.
You can do that even today, by creating multiple email IDs and forwarding the mail to a common ID. You could set it up to delete the mails from the secondary email accounts after forwarding. Although there is the nuisance of having to create passwords for multiple accounts, I wish I had thought of it in the light of the recent misuse of people’s Facebook data.
Security can be visible, like a person surrounded by police vehicles with policemen holding terrifying guns. Or it can be like the understated kind provided for western leaders. You know the security men are around but they are virtually invisible.
We do not want security to be so complex that even simple operations like transferring a small sum of money become a pain. However, we are no longer living in small villages, at a time when there was no need to lock one’s front door. We need to make sure that we use processes that do not leave so wide a public trail that criminals can target us with ease.