Aadhaar is interesting to watch, given America's debate over using social security numbers for the same purpose, and how to replace that in the wake of Equifax. It seems like the winds are starting to align for us to have something like Aadhaar, so it's interesting to see Indian reaction to it.
SSN for services is par for the course in the US. My cable company has mine.
Because a lot of services don't work without trust. Credit rating agencies are the Certificate Authorities of the physical world.
To give an example, a company will hand you a $1K smartphone for as little as $20. The only guarantee they have that you'll pay the remainder is that you have a history of doing so, they gather this history from credit ratings agencies.
In order for you to be uniquely identified they need a unique identifier. Even full name + birth location + birthdate may not be unique given enough data-points.
SSNs aren't fit-for-purpose. But the purpose of uniquely identifying an individual is a valid one and likely a hole that will need to be filled one way or another (and there are many good concepts to replace SSNs).
That seems like an unsatisfactory explanation. In Germany, for example, although we have a national ID card with a number, that number is almost never necessary to get a service. They seem to manage without it. The only institutions regularly demanding it are the state itself and banks.
So no, a national ID is not necessary for the purposes of creating trust.
But this doesn't seem responsive to the point. If I pre-pay for my phone and service, why does Verizon still demand my SSN and other data? Why do they even care who I am?
I bought an unlocked Android phone from Target, and use T-Mobile prepaid. They don't have my SSN, and didn't even have my name til I paid for some minutes via the website. (Now I pay by CC every month, but oh well, not real important to me.)
Cable service can certainly work without trust. Most of the services are fixed-price, and you can use your own equipment. There's no reason this can't be prepaid anonymously.
What the cable company usually does genuinely need is a physical location, which isn't very good for someone with hardcore anonymity needs like a criminal or a spy, but fine for those of us concerned with needless data leakage.
Most institutions in the UK demand a passport or driving license.
You need a birth certificate to get a passport [1]
You need a passport to get a driving license [2]
In order to vote you need a national insurance number [3], which is issued to you on your 16th birthday, via your guardian's/parent's electoral registration information.
Ergo a birth certificate is a de-facto national ID (or immigration documents)
And many many don't. It's not a requirement to have a passport or driving license to open a bank account, or to sign up with a credit agency (although many/most lenders will want some ID to actually lend to you).
I don't have a british passport, a british drivers license, but I do have a NI number. I can vote, I can open bank accounts, I can get amazon parcels, I can do normal daily things without them. The only people who have my NI number are 1) the electoral register, 2) my employer, and 3) hmrc (as far as I'm aware at least).
I've not shared it with Amazon (who are the company mentioned in the post), or with my utility provider, or with my broadband provider. I've also not given them my passport or drivers licence, and yet they all seem perfectly capable of verifying I am who I say I am, all without me having any form of national ID.
I 90% agree, with the 10% exception that most cable companies admit you to the Internet, so under current legal frameworks for handling stuff that genuinely shouldn't be on the Internet, a case can be made that they need to know who you are. Not saying that's right, saying it's probably best at the moment. Granted, they also have a service address, and the clever ones can proxy up, but...
You state yourself that the ISP also has the service address, and it's also clear that everybody in the house is using the internet connection, not just the person who is paying the bill.
So identifying the customer provides the ISP with neither the identity of the person using the internet connection, nor any more information (than the service address) about how to locate the person using the internet connection.
So, even if you believe it is right and proper that ISPs are deputised to track down internet users on behalf of the government: why is it advantageous that they identify their customers?
Um, if someone drops a bunch of child pornography from your Comcast account, very upset people in suits are going to talk to (and very likely arrest) the accountholder, which is you, first. An accountholder is responsible for what takes place using the service, just as if you were to hand your phone to someone and they call in a bomb threat, or you lend your friend your car and they go rob a bank with it. They're going to talk to you first, and your house doesn't matter. That's not "deputization." That's accountability for actions utilizing a service that is able to touch other people. That identity is not revealed until an alleged crime meets the minimum bar to subpoena the provider. Nobody is asking Comcast to go looking for you.
I'm not sure what logical point you're trying to make. They've identified the user of the Internet connection; the user is the accountholder. The strong identification of that accountholder follows them if they disappear, which is useful for both receivables and security/LEO. That's the advantage.
Most people using cable also are using rented equipment, you would have to buy your own cable box, dvr, and modem if you want to go completely pre-pay.
> you would have to buy your own cable box, dvr, and modem if you want to go completely pre-pay.
Which I consider - independently from this discussion - as a very good idea. Indeed: In Germany when getting a Digital Subscriber Line most providers will also give you the option to rent the router or modem. But nearly all subscribers know that increasing running expenses this way is nearly always a bad idea, so they know that one should better buy some decent router/modem that one owns.
If you pay for the service after consuming it, you are by definition using a line of credit.
For cable you'd have to load a prepaid balance into your account, from which the the cable provider could debit by usage. As soon as the balance hits 0, service is shut down.
With verizon FiOS I am billed at the beginning of the month and yet I still had to hand over my SSN. Who else am I going to go to, Comcast? I paid for the first month's service when I signed up and I pay for each month before the beginning of the month. For example, I paid for 11/02 to 12/01 on or before the due date which was 10/27. In other words, I paid for the month of November before November began. I have no Verizon equipment. The ont was already here when I moved here. I bought my own modem/router. I can provide proof if you don't believe me.
The poor can borrow money from source (yes, divulging their identity to that one source, and paying interest) and buy products in cash from all their vendors.
Lending to the poor not only barely happens, it’s a market overrun with predatory lenders. I remember an ad that used to run on late night TV that buried something like 150% APR in the fine print, attempting to avoid US regulation by nature of being operated on a Native American reservation.
Who took them down, you ask? That oh so useless CFPB.
Edit: Here they are. Look at the image of this woman’s loan:
He didn't say that the rich automatically get privacy and the poor don't. He said that the rich can afford privacy. The poor cannot afford it even if they desire it.
I've long since resigned myself to the fact that getting privacy is a struggle and costs money, and most people won't bother.
It’s not exactly the same. Authentication with SSN is simple - SSN + date of birth/name/mother’s maiden name. All of these are immutable so you’d better hope that any firm that collects this information is careful with it. With Aadhaar, authentication is marginally better - either with biometrics (fingerprint or retinal scan) or with an SMS OTP. Identity fraud is still possible but it isn’t scalable, thankfully.
There is still a concern though. If every service that you consume uses Aadhaar as a primary key, it becomes trivial to track the movements and activities of every citizen. I’m certain that for a fee to a shady person you’d get a dossier of places a person has been, where they’ve stayed, who they’ve spoken to, what they’ve spent money on. That’s not theoretical - you can get this info on a Chinese citizen today for less than $100 if you know whom to talk to.
Because you'd have to clone SIM cards / otherwise gain access to someone's text messages instead of just using a bulk list of "secret question" answers.
All tied to the Infineon TPM being broken and apparently nobody bothering to audit it before -- I don't know -- buying cards with it for your whole country?
And to think that people still believe in the secure online voting utopia. As long we will rely on humans to write the code, verify, and patch the online/electronic voting systems, they'll never be secure. So you might as well get them off your mind.
> and how to replace that in the wake of Equifax. It seems like the winds are starting to align for us to have something like Aadhaar
That was the point of the Equifax hack. To push biometrics. They have been itching for the mark since way back. It's getting close.
Did you ever get the felling you're being followed?
Are you not familiar with the Revelations of St.John
The final book of the Bible, prophesied the apocalypse
He forced everyone to receive a mark on his right hand
Or on his forehead so that no one shall be able
To buy or sell unless he has that mark
Which is the name of the beast and the number of his name
And the number of the beast is '6 6 6'
What can such a specific prophecy mean?
What is the mark?
SSN for services is par for the course in the US. My cable company has mine.