Profile picture
Anand V @iam_anandv
, 12 tweets, 6 min read Read on Twitter
Long thread on the @thetribunechd story by @rachnakhaira. First of all good reporting, but I must say, it is not "excellent" and could have been excellent. Here is why.
1. The report explicitly did not call out portal.uidai.gov.in/cas/login was the one that is compromised first.
2. It did not actually connect the dots on "How". For instance @buzzfeed reported that the person from which she got the login details is a stupid guy who knew nothing.
Link :buzzfeed.com/pranavdixit/in… .
3. So the seller is not the king pin, but a cut-out.
4. What is a cut-out? Imagine a master-mind ordering a hit job. He doesn't do it himself but tells someone, who then tells someone and then the hit man. If the hit man gets caught (like in our case), only one layer in the chain needs to be cut to hide the true source.
5. Who is the true source? It is the enrolment agents themselves.
6. But then why did they need this login at all?
7. The answer is @UIDAI's enrolment model.
8. @NandanNilekani brilliant idea of outsourcing enrolment was just not for speed but also for reducing costs.
9. Enrolment costs a bomb. How much? @thetribunechd offers the clue. Link: tribuneindia.com/news/punjab/no…. It is 3 Lakhs a piece.
10. That is a lot of money. To break even the operator needs a continuous stream of revenue.
11. But that is shutdown from March because of rampant issues
12 What rampant issues? Bribery, overcharging, fake enrolment, You name it. @Anumeha's article on Scroll.in will help.
Link: scroll.in/article/826089…
13. Again why is this rampant? It is because the enrolment model itself is unviable to begin with for operators.
14. It was a cost offload model to save money. Hence when complaints happened and the UP Aadhaar hack case happened, their business was shutdown.
15. They can't enroll, make updates. But PVC Cards they can make and got the logins. However the demand is again not high.
16. So it is "Fire Sale" of admin IDs. WA works better for that because you just need a OTP on a phone and not be the owner of the phone. This is Ring 1 of the cut out.
17. These guys sold access to Ring 2 (Our stupid) which @rachnakhaira contacted. He made one more login.
18. @rachnakhaira is Ring 3. So even if @UIDAI puts FIR on her and the Ring 2, they don't know who Ring 1 is. The point is they never knew so far.
19. The idea that caused this C-Sec breach is not only "technology stupidity" but "operational and financial stupidity".
20. At the heart of the "operational and financial stupidity" is to reduce costs of enrolment under all circumstances to compete with the NPR project and also win political brownie points.
21. Outsourcing is at the heart of this mistake. There is no tech. fix for this.
22. Why? The problem has not been technology to begin with. It is procedural, conceptual and financial.
23, That is why expecting @NandanNilekani to fix this won't work. You can't roll back time with a 20/20 hindsight. Good luck @nixxin on trying to think about how to.
24. This is why @UIDAI can't do anything but denial. Their very structure disallows any other response. In short, it is not the technology stupid that is the problem, but the history that went behind the creation of the organisation.

#
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Anand V
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!