Identity Project

As countries across the world forge ahead with digital ID projects, where does privacy fit in?

India’s Aadhaar could be a blueprint for identity systems, but there’s a difference between what institutions want and what individuals need.

Privacy concerns are a major part of modern digital life; data breaches are becoming more common and victims often have no knowledge of how their data is being used. As we move more of our lives online, we struggle to maintain control over our own data, often sacrificing sovereignty for convenience.

In the second article in the series (you can read the first one here) , Padmaparna Ghosh talks to the victims of digital identity theft, online privacy experts, and more, exploring the questions we need to ask of ourselves and the public and private organisations that control our data today.

When Anantha Subramanian got a new email address in 2004, he soon found himself living other people’s lives.“I started getting all kinds of emails, including sensitive material, meant for other people with the name Anantha,” said Subramanian, an IT engineer who lives in Chennai, India. “One Anantha Laxmi Talluri, a real person, decides to get a bank account and uses my email ID as hers. I start getting her bank statements. The same with telecom companies: I get emails for six or seven numbers, even though I have one number.”

A week before we spoke, he’d received an email about someone’s insurance claim: details of the incident, phone numbers, an address. No one is verifying these email IDs, which mystifies him. As an IT engineer, he’s especially concerned with how data is collected – and how it’s maintained – both by private companies and the government. “The system,” he said, “is flawed.”

Despite his worries about digital security, Subramanian hasn’t left the web: he has Facebook and Twitter accounts, he makes purchases online, and he uses search engines even though he knows they track his proclivities. But he’s very concerned about digital privacy. He uses an ad blocker, and browses the web incognito. “It may seem like I wear a tinfoil hat, but I take a few precautions on what I post and upload,” he said. “It might be misguided. But I have a sense of control.”

Few of the websites we give our information to are truly secure; as long as you use Google or Facebook, there’s a limit to how much of your data you will ever be able to control. But a Facebook profile isn’t mandatory for modern life. What about digital systems that are? As governments around the world build biometric databases and online ID systems, they are creating networks that we can’t opt out of.

We’ve already explored some of the gaps in India’s Aadhaar system, and the damage done when people – especially young children – are unable to get a digital ID. Assuming you can get an ID, there are a whole host of other privacy and security issues to contend with. Subramanian is part of a Facebook group where people share stories about Aadhaar data being leaked or misused. “One member posted that he’d received an email from a bank official in India, which had details of all the bank accounts in that branch, with Aadhaar numbers attached,” he said.

For all his research, Subramanian does not know where his information goes, who owns it, and which third parties have access to it. This uncertainty defines all of our digital lives: our financial records, job applications, medical information, and, above all, government ID. Can we truly trust that our most sensitive information is secure?

Who can we trust?

On the web, we’re building systems based on relationships that help us figure out who we can trust. Those often begin with an email address, even though, as Anantha Subramanian found out, few companies take the trouble of verifying that email ID.

Governments, on the other hand, have long been in the business of verifying identity. When they issue a passport or a driver’s license, they have processes in place to make sure it’s really your photo and address under the lamination. No form of identity is wholly immune to fraud, but government IDs carry more trust than most.

But will this hold as governments extend their digital reach? Gemalto, a multinational firm which sells digital ID systems, predicts that 3.6 billion people around the world will carry some form of national electronic ID card by 2021. Some countries are using biometrics in their national identity frameworks, from small ones like Nepal to large, populous ones like Mexico.

The Chinese government is planning to take digital identity to a Black Mirror extreme: the Social Credit System will rate the trustworthiness of its 1.3 billion citizens on the basis of daily online activities, social media posts, and tax payments. An individual’s rating could be compared to those of other citizens to determine who gets a loan or a job. The emergence of these electronic IDs reflects a concerted move towards digital government which, designed and implemented correctly, has the potential to change lives on a scale that analogue identity systems never could.

The Indian national biometric ID card, Aadhaar, has kicked up a storm of concerns since its inception, from inclusion to transparency to privacy to the security of personal data. The government has decided to link Aadhaar to mobile phone numbers, bank accounts, land registrations, car purchases, and, as we saw in the last article in the series, school admissions: the card could soon be a part of every aspect of private and public life.

“When they set up Aadhaar…the purpose was identification only, and it was voluntary,” said Subramanian, the eternal digital privacy worrier. “But slowly, slowly, slowly – look at the scope of it, it’s endless.” Indian privacy advocates have taken the government to court, challenging the reach of the Aadhaar scheme. Aadhaar has become linked to countless aspects of a person’s life, a key that could conceivably unlock every one of those attributes and build a sort of “profile” of an individual.

Reetika Khera, an economics professor at the Indian Institute of Technology in Delhi, explains the risk of the aggregated profile. “Today, information about my life is stored in different data silos  – train travel, air travel, bank account, mobile phone, employment history, health,” she said. “The only person who can easily construct a full picture of my life is me. But if the Aadhaar number is ‘seeded’ into all these databases, it integrates these silos, and I lose control over who reconstructs my profile.”

Aadhaar is sold to the public as part of the “India Stack,” a technology platform that allows integration with both current and future digital services. In theory, it means that any given service will be able to verify someone’s ID just by using the biometric information stored in the Aadhaar database.

The India Stack features “layers” where information like bank details for cashless payments can be stored. To pay for something, you’ll only need to prove your identity with fingerprints or iris scans. In the future, it might be possible to walk straight through an airport’s doors and onto a flight without having to show a passport. But centralising so much personal data presents a substantial data protection risk; a single data breach could expose everything, and our most private information is on the line.

Middle men

When you enter your personal information online, it doesn’t go directly to the company running the website. There is almost always a middleman in between: a “Customer Identity and Access Management,” or CIAM, platform. Many companies offer these services, from large players like Microsoft and Salesforce to smaller ones like Janrain and Auth0.

CIAMs were initially developed to allow different people in a organization access to different amounts of data in a safe and secure way. They were never intended to control data collection, but to protect what was already in the system. Different CIAM providers recommend different privacy protocols to protect their clients’ data, but ultimately the decision is up to that client – the company that wants your data.

Oregon-based Janrain follows Privacy by Design, a protocol that minimises and secures the information collected. “We make sure there’s a reasonable purpose for asking for that data,” said Mayur Upadhyaya, a managing director at Janrain. “For instance, why do you need the location? Is it to offer some targeted content that customers can opt into? Is it for a delivery service? Then great. If it’s arbitrary, then no.” But while Janrain advocates for the Privacy by Design approach, it can never fully enforce it. “We could say, this is our best practice, this is our recommendation. But if a customer did want to collect more data, they could.”

Governments are slowly becoming aware of the vulnerabilities in their digital data collecting. The European Union, which has a history of standing up to multinational companies over the privacy concerns of its citizens, is trying to give back some of what individuals are losing online: control and ownership. The EU’s General Data Protection Regulations takes effect from May 2018. The rules include the right to have your personal information deleted from a company’s database (the right to be forgotten); the right to transfer your data from one company to another (portability); and the right to know when your data has been compromised.

The General Data Protection Regulations require companies to seek your informed consent, in clear and plain language and at every stage, as they collect and store your data. The regulations also ban data “profiling,” a technique used to analyse or predict a person’s performance at work, economic situation, location, health, or behavior based on the automated processing of personal data. The fines for violating these rules are considerable: smaller offences could result in penalties of up to €10 million or two percent of a firm’s global turnover, whichever is greater, and more serious infractions carry penalties of up to €20 million or four percent of global turnover.

In an era of data breaches, hacking, and leaks, the stringency of the EU’s rules should be a comfort to those who will benefit from their protections. But while governments will protect personal data across the commercial web, data collection by governments themselves is another story. The state, which has our most basic data and controls access to essential services, can be even harder to hold to account than commercial tech giants. Companies barter services for our information; states claim the right to diminish our privacy in exchange for things like physical safety and national security.

This is not a theoretical issue. Estonia, often referred to as the most digitally-minded state in the world, had security issues with its ID cards that made identity theft easier, and had to block the affected cards as a result. While there have been so many leaks from corporate services that it’s nearly impossible to keep track, government websites in the UK and the US have had private data leaks in recent years as well.

Data leaks

In India, Aadhaar has been plagued by personal information leaks since its launch. The most recent of over a dozen incidents saw more than 200 government websites publicly host private personal data. Corporations are also finding it hard to secure their data: in July 2017, Reliance Jio, one of India’s biggest telecom companies, leaked the data of 120 million people, the largest hack in the country’s history. You verify your identity with Aadhaar to get a SIM card – so Aadhaar numbers were leaked as well. As the Centre for Internet & Society has found, giving so many different services access to Aadhaar has greatly increased the risk of abuse and future leaks.

What should the objective of a digital identity be? What should it look like? In most users’ ideal scenario, it would be a verified, portable ID that would be controlled entirely by the individual, who can choose to parcel out some parts of their identity and not others. Verification should be robust, leaving no room for doubt as to the authenticity of an individual’s identity – but once verified, a user should be able to carry that identity into commercial platforms with the assurance that it’s just as secure as it would be on a government platform.

Privacy advocates argue that digital identity ought to be sovereign unto itself, unaffected by the circumstances of its use, always fully in control of its owner, and as inalienable a right as any other civic freedom. Individuals should control their digital identities in full, and should be able to choose when to offer or retract it, in whole or in part. These aspects of control and choice are essential, because we cannot know how we will need to deploy our digital identities; we cannot know what the future will hold.

This piece is part of The ID Question, a series examining how identity is changing in the modern world from ID cards to Facebook profiles, work life to indigenous rights. You can explore the whole series, including videos, a reading list, and more, at How We Get To Next. The ID Question on How We Get To Next is published under a CC BY-SA 4.0 license.

Support our journalism by subscribing to Scroll+ here. We welcome your comments at letters@scroll.in.
Sponsored Content BY 

The next Industrial Revolution is here – driven by the digitalization of manufacturing processes

Technologies such as Industry 4.0, IoT, robotics and Big Data analytics are transforming the manufacturing industry in a big way.

The manufacturing industry across the world is seeing major changes, driven by globalization and increasing consumer demand. As per a report by the World Economic Forum and Deloitte Touche Tohmatsu Ltd on the future of manufacturing, the ability to innovate at a quicker pace will be the major differentiating factor in the success of companies and countries.

This is substantiated by a PWC research which shows that across industries, the most innovative companies in the manufacturing sector grew 38% (2013 - 2016), about 11% year on year, while the least innovative manufacturers posted only a 10% growth over the same period.

Along with innovation in products, the transformation of manufacturing processes will also be essential for companies to remain competitive and maintain their profitability. This is where digital technologies can act as a potential game changer.

The digitalization of the manufacturing industry involves the integration of digital technologies in manufacturing processes across the value chain. Also referred to as Industry 4.0, digitalization is poised to reshape all aspects of the manufacturing industry and is being hailed as the next Industrial Revolution. Integral to Industry 4.0 is the ‘smart factory’, where devices are inter-connected, and processes are streamlined, thus ensuring greater productivity across the value chain, from design and development, to engineering and manufacturing and finally to service and logistics.

Internet of Things (IoT), robotics, artificial intelligence and Big Data analytics are some of the key technologies powering Industry 4.0. According to a report, Industry 4.0 will prompt manufacturers globally to invest $267 billion in technologies like IoT by 2020. Investments in digitalization can lead to excellent returns. Companies that have implemented digitalization solutions have almost halved their manufacturing cycle time through more efficient use of their production lines. With a single line now able to produce more than double the number of product variants as three lines in the conventional model, end to end digitalization has led to an almost 20% jump in productivity.

Digitalization and the Indian manufacturing industry

The Make in India program aims to increase the contribution of the manufacturing industry to the country’s GDP from 16% to 25% by 2022. India’s manufacturing sector could also potentially touch $1 trillion by 2025. However, to achieve these goals and for the industry to reach its potential, it must overcome the several internal and external obstacles that impede its growth. These include competition from other Asian countries, infrastructural deficiencies and lack of skilled manpower.

There is a common sentiment across big manufacturers that India lacks the eco-system for making sophisticated components. According to FICCI’s report on the readiness of Indian manufacturing to adopt advanced manufacturing trends, only 10% of companies have adopted new technologies for manufacturing, while 80% plan to adopt the same by 2020. This indicates a significant gap between the potential and the reality of India’s manufacturing industry.

The ‘Make in India’ vision of positioning India as a global manufacturing hub requires the industry to adopt innovative technologies. Digitalization can give the Indian industry an impetus to deliver products and services that match global standards, thereby getting access to global markets.

The policy, thus far, has received a favourable response as global tech giants have either set up or are in the process of setting up hi-tech manufacturing plants in India. Siemens, for instance, is helping companies in India gain a competitive advantage by integrating industry-specific software applications that optimise performance across the entire value chain.

The Digital Enterprise is Siemens’ solution portfolio for the digitalization of industries. It comprises of powerful software and future-proof automation solutions for industries and companies of all sizes. For the discrete industries, the Digital Enterprise Suite offers software and hardware solutions to seamlessly integrate and digitalize their entire value chain – including suppliers – from product design to service, all based on one data model. The result of this is a perfect digital copy of the value chain: the digital twin. This enables companies to perform simulation, testing, and optimization in a completely virtual environment.

The process industries benefit from Integrated Engineering to Integrated Operations by utilizing a continuous data model of the entire lifecycle of a plant that helps to increase flexibility and efficiency. Both offerings can be easily customized to meet the individual requirements of each sector and company, like specific simulation software for machines or entire plants.

Siemens has identified projects across industries and plans to upgrade these industries by connecting hardware, software and data. This seamless integration of state-of-the-art digital technologies to provide sustainable growth that benefits everyone is what Siemens calls ‘Ingenuity for Life’.

Case studies for technology-led changes

An example of the implementation of digitalization solutions from Siemens can be seen in the case of pharma major Cipla Ltd’s Kurkumbh factory.

Cipla needed a robust and flexible distributed control system to dispense and manage solvents for the manufacture of its APIs (active pharmaceutical ingredients used in many medicines). As part of the project, Siemens partnered with Cipla to install the DCS-SIMATIC PCS 7 control system and migrate from batch manufacturing to continuous manufacturing. By establishing the first ever flow Chemistry based API production system in India, Siemens has helped Cipla in significantly lowering floor space, time, wastage, energy and utility costs. This has also improved safety and product quality.

In yet another example, technology provided by Siemens helped a cement plant maximise its production capacity. Wonder Cement, a greenfield project set up by RK Marbles in Rajasthan, needed an automated system to improve productivity. Siemens’ solution called CEMAT used actual plant data to make precise predictions for quality parameters which were previously manually entered by operators. As a result, production efficiency was increased and operators were also freed up to work on other critical tasks. Additionally, emissions and energy consumption were lowered – a significant achievement for a typically energy intensive cement plant.

In the case of automobile major, Mahindra & Mahindra, Siemens’ involvement involved digitalizing the whole product development system. Siemens has partnered with the manufacturer to provide a holistic solution across the entire value chain, from design and planning to engineering and execution. This includes design and software solutions for Product Lifecycle Management, Siemens Technology for Powertrain (STP) and Integrated Automation. For Powertrain, the solutions include SINUMERIK, SINAMICS, SIMOTICS and SIMATIC controls and drives, besides CNC and PLC-controlled machines linked via the Profinet interface.

The above solutions helped the company puts its entire product lifecycle on a digital platform. This has led to multi-fold benefits – better time optimization, higher productivity, improved vehicle performance and quicker response to market requirements.

Siemens is using its global expertise to guide Indian industries through their digital transformation. With the right technologies in place, India can see a significant improvement in design and engineering, cutting product development time by as much as 30%. Besides, digital technologies driven by ‘Ingenuity for Life’ can help Indian manufacturers achieve energy efficiency and ensure variety and flexibility in their product offerings while maintaining quality.

Play

The above examples of successful implementation of digitalization are just some of the examples of ‘Ingenuity for Life’ in action. To learn more about Siemens’ push to digitalize India’s manufacturing sector, see here.

This article was produced on behalf of Siemens by the Scroll.in marketing team and not by the Scroll.in editorial staff.