Show more

RT @logic
Category 3 -- Any other entity of national importance as determined by the Authority - for (which are directly connected to ) access is BS.

Does the authority have powers to determine entity of national importance in base act @apar1984 @prasanna_s @PrasanthTweets? t.co/w5wXU3Km2M

RT @logic
1.3 is specifically for @AyushmanNHA - Remember NHA is an authority *WITHOUT* Centre / State Act.

"Special Purpose Organization" is a new phrasing.

2 is all regulated entities in financial / telecom sector.

3.1.7 is strange - What is "Any other entity"?

RT @logic
ASA too will have to maintain logs for 2 + 5 = 7 years.

Missed a key point on consent. Unless explicitly opted-out, you have presumed to have consented to modified purpose!!!

This is by regulation

RT @logic
Log maintainence -- While @UIDAI itself will keep logs only for 6 months, per SC judgement, @UIDAI is now regulating that private entities / AUAs will have to keep them for 2 + 5 = 7 years!

RT @logic
- This is pratically every amar-akbar-antony entity in India that demands .

1 (b) makes no sense, after allowing to collect paper copies of Aadhaar at the top.

RT @logic
Chapter III is about licensing of service providers. Basically, any private entity fulfilling the criteria (regulated financial sector entities / telcos) + OTHERS(!) are eligible. Chapter also deals with responsibilities of ASAs

RT @logic
Notification about authentication / verification to Aadhaar holder, including the case of offline verification, where OVSE should notify about verification. through email and/or SMS on mobile number and/or paper based
acknowledgement. Basically, get a slip when you share

RT @logic
Coming back - "In all modes, Aadhaar number is mandatory and is submitted along with input parameters" - is such a disregard to . But this is where we see - Token eventually replacing, but there are no technical details of the same available, while the regulation has it

RT @logic
Side stepping a bit on facial authentication guidelines by volunteers. Yeah, you will not see any reference to UIDAI, but this is how all tech was built.

cryptpad.fr/file/#/3/file/9e36

RT @logic
Capturing biometrics. It is to be noted that @AyushmanNHA is capturing facial data for facial authentication pilot - without the processes and specification laid down by the authority in public domain.

RT @logic
Upon withdrawing consent, Aadhaar data shall be deleted by the requesting entity in a verifiable manner and an acknowledgement of the same to be shared with resident.

RT @logic
must tell the Aadhaar holder - the nature of information received during auth / verification, its use - in local language *AND* must provide alternate viable means of identification, and cannot deny / refuse any service.

RT @logic
Authentication types - such careful wording to allow facial authentication, without explicitly mentioning that in regulations.

is the first large scale app to perform facial authentication.

RT @logic
4 types of offline verification. They are allowing paper copy to be collected, which is deeply problematic.

But regulations now seek redaction / black out of first 8 digits. Will we see this in reality? Take your guess

RT @logic
On definitions - ANCS - Number Capture Service is a new tech getting a mention. There are very references technical details of this service, which will run by @UIDAI. At the outset, does seem like OAuth endpoint being run.

Regulations without sufficient details is bad

RT @logic
Draft Aadhaar (Authentication and Offline Verification) Regulations, 2021 - uidai.gov.in/images/Draft_Aadh

Draft put for consultation 'silently' by @UIDAI on May 20, 2021 and closing by June 2, 2021.

Some highlights on thread.

@SFLCin @internetfreedom @nixxin

I was exploring Clubhouse last 2-3 days. If anyone wants to follow, my handle is @an1var

RT @logic
The only part that was let down in an otherwise excellent maiden speech by @ptrmadurai

1. Extension on T&M basis is just subtly accepting vendor lock-in to Infy.

2. Allowing extension of IRP to fintechs - is just expanding DataTax collection at source to private entities

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!