Re: 2015 SCJ 177

From: Ish Sookun <ish_at_hacklog.in>
Date: Sat, 06 Jun 2015 11:54:57 +0400

Hi Dhiruj,

The points you raised are interesting.

On 6/5/15 11:26 PM, Dhiruj Rambaran wrote:

>
> However when I look at Mauritius, of how far behind the country is
> vis-a-vis the developed world, I can't help but think how education, the
> health system, legal system, general bureaucracy etc could really
> benefit from having our data recorded.
>

Can a country which is far behind vis-à-vis the developed world be
considered ready to safeguard "biometrics"? The United States of America
suffered a massive data breach[1] affecting around 4 million people. The
State announced a compensation. Will the State of Mauritius be able to
compensate its citizens in the event of a similar data breach?

> We have a lot of catching up to do if we want this nation to be
> intelligent, prosperous and a raised standard of living throughout our
> country. Using Information tech with such data can have patients bodily
> functions monitored from their own homes, education could be vastly
> improved, without chance of plagiarism, monitoring students progress on
> a daily basis throughout their 9 years of schooling, thus producing a
> vastly superior education system (see Khan Academy as a broad example).
>

I agree we have a lot of catching up to do but in the correct direction.
Are you telling me people who have failed in simpler tech projects will
accurately & securely use biometrics to solve the above mentioned?

I am more of the opinion that we need to catch up in "tech" first, have
a sound knowledge and be producers of tech before we could tap into
"high tech". I do not consider biometrics as a simple technology.

> Voting would be accurate (and not people in Rose Belle stealing whole
> ballot boxes, people voting twice etc), the whole country would become
> efficient through data.
>

Is biometrics the only means of authentication? I didn't see the
developed world being crushed when biometrics wasn't being used. So,
just because the rest of the developed world are ahead, should we take a
multiple kilometres leap and attempt a suicide? I believe no, Mauritius
should adopt simple and incrementally. Adopting a technology which we do
not understand, cannot manage, cannot safeguard, is a real suicide.

> So let's look at our lives as it is. If you're stopped for a crime and
> you're innocent, chances are technology would have saved you rather than
> having human error/greed/corruption, condemn you. If you're ill, chances
> are you'll die from human error than being tracked by technology. If
> you're at school, chances are technology will turn you into a
> semi-genius rather than human teachers, with degrees acquired by copying
> fellow students, thus making your children even more stupid in the long
> run.
>

If I did not commit a crime, chances are technology can be used to prove
that I committed the same. If I am ill, chances are that erroneous data
from tech could prove fatal to me, just because the rest of the staff
are blindly bowing down to the tech. Could I say there are chances that
technology would turn my "future kids" into semi-genius? Wait. Just as
some people are comfy with self-paced learning there are others who are
not. However I did not understand the part about technology vs human
teachers. Did you mean like "robots" replacing teachers?

> All our basic needs, education, legal, health, jobs, etc, will all
> benefit from Data acquisition, starting from our personal data.
>

Safeguarding that data is a priority. Until one can ensure an expertise
in a field, I do not think it will be wise to trust your data there.

> And another thing. We have no problem revealing our deepest secrets to
> Zuckerbergs' "Graph API" (re: Facebook), mapping the whole of humanity,
> segmenting all personal data acquired for systematic target marketing,
> influencing our behaviour (as zuckerberg once tried to do as part of a
> secret experiment) etc. We have no problem giving banks all our personal
> details, or hospitals all our medical information. Yet all this
> information is kept in paper files or easily accessible systems.
>

You missed a point here. There is a difference between faking elements
through a distributed network of databases and faking through a central
database. I do share the opinion that we are ready to have all our
sensitive & personal data (including biometrics) centralized in one
location. That is a honey pot.

I find it more difficult to fake a paper based information compared to
changing the info in digital format.

An electronic format without proper security allows privacy breaches
more easily that the paper-based records in hundreds of thousands.

> My point, at the end of this is, are we giving too much importance to
> the, so-called, "privacy" we THINK we currently "enjoy"? ... or has our
> privacy already been compromised 20 years ago?
>

Can you effectively fake my identity right now? You need to access the
CEB, CWA database to change my name & address. You need to access the
Civil Status DB to change my details. You need to access my hospital
records to change details. You need to access my education history
separately. That is one thing.

With a centralized location not properly secured, you get access to
everything you need.

Privacy can be seen at different levels. Your name is at one level, your
address is on higher level, your medical record is even higher.

Can you elaborate more on what has been compromised 20 years ago?

Cannot e-health, e-education, e-services exist without my biometric
information stored in a a central population database within the
government infrastructure?

[1] http://www.bbc.com/news/world-us-canada-33028158

Regards,

-- 
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Sat Jun 06 2015 - 07:55:18 PST

This archive was generated by hypermail 2.3.0 : Sat Jun 06 2015 - 08:00:01 PST