Tuesday, January 31, 2012

UIDAI's sham studies

The UIDAI published this sham study on the efficacy of their registration and de dup.
http://uidai.gov.in/images/FrontPageUpdates/role_of_biometric_technology_in_aadhaar_jan21_2012.pdf

Besides a lot of mutual back slapping and verbose rubbish, there are only a few paras that we need to look into.
  1. The POC performed in June 2010. http://uidai.gov.in/images/FrontPageUpdates/uid_enrolment_poc_report.pdf
  2. The UIDAI also carried out biometric enrolment of school children in the vicinity of Bangalore. About seventy five thousand people in all were enrolled during the first phase of the PoC study including people over 90 years of age,, and sixty thousand of the same people were reenrolled during the second phase after a gap of three weeks, in order to test the biometric matching efficiency using known duplicates.
  3. False Negative Identification Rate (FNIR): 0.035%. This implies that 99.965% of all duplicates submitted to the biometric de-duplication system are correctly caught by the system as duplicates. Given that currently approximately 0.5% of enrolments are duplicate submissions, only a few thousand duplicate Aadhaars would possibly be issued when the entire country of 120 crores is enrolled.
This POC had "rounded" the data - eliminated people involved in hard manual labour. Consequently it was another exercise in getting answers that you wanted, rather that asking tough questions. As per that POC after 3 weeks 40000 persons were re enrolled and were flagged by the system.
These figures are now being used to justify and show that the system is fine.

HOWEVER besides the mistake of "rounding" The POC does not test for biometric variability of natural systems.
The problem starts when you do a fresh capture after time intervals of  3 months and longer. Given that the UDAI quotes some fancy names, it might have surely heard about Template ageing and this study
Kim_Analysis_of_Effect_of_Fingerprint_Sample_Quality_in_Template_Ageing.pdf

Page 23 of the UIDAI report simply extrpolates the false metrics of comparing a small size within 3 weeks, rather clever, because failure to auth happens in about 4 weeks, aka error rates will start to render the system unstable AFTER this period and will climb steadily to 50% in 2 years.


Given the above study, they would have to hold their back slapping for a period of atleast two years and do those tests  every 3 months with an ever increasing population sample size. At the least the  sampling size would have to be an order of magnitude larger and include all those corner cases eliminated in their June 2010 POC. I must remind everyone of the UIDAI's social upliftment lies, wherein the corner cases would constitute 70% of the populace.

The UIDAI with some fancy verbiage then makes a claim that the error rates will be linear, and consequently nothing to worry about
Not a very meaningful claim without factoring in time scales, and some more minor details which the UIDAI conveniently obfuscates.

Section 5.1 tells you how to beat the system.

Devious as the UIDAI are, they have to hedge themselves against assaults from real world studies like the above. The UIDAI claims that Multi Modal biometrics (Iris scans) is the reason for their self proclaimed magnificence.

Hers is some more dope for them to mull over.
http://www.cse.nd.edu/courses/cse40151/www/Iris_Fall_2011_11.pdf

In this non study, done on an astronomically small sample size, the error rates on Iris template ageing are horrendous to say the least.

Notice how heavily qualified statement of the patentees and vendors of these tehcnologies, morphs into gibberish.

"The assessment in Flom and Safir,
that re-enrollment might possibly
be needed, morphed into the
marketing myth of “a single
enrollment can last a lifetime” –
even in the total absence of any
study on iris template aging."

One should note that these figures assume an extraordinarily high initial image quality. Not  the UIDAI's practice of overriding all quality checks on 4th try. The 4th try case occurs in 15% of the cases in rural areas - the poor. ALL of these 15% will Fail to enroll. But given the UIDAIs silence on reject rates due to image quality we cant make a sane statement on this issue. Indeed the UIDAI claims that these persons are assigned a UIN by manual process. For such cases, not only will auth  most likely fail at the first try, it opens up a hole of 15%. This is far higher than all duplicates in all government subsidy schemes!.
Iris based de dup uses gabor transforms to produce match frequencies. I.E. nothing verifiable was done on establishing biological non variance by comparison of actual bitmaps of iris images wrt template ageing.

Fingeprint vendors have quickly started to use gabor transforms on fingerprints, especially for de duplication and can thus claim the same benefits attributed to iris (in the abscence of deeper scientific study).

The converse of this argument is that iris is as big a problem as fingerprints!!

The use of Gabor transforms on finger prints for de dup  might also be one of the reasons for the UIDAI's claims on error rates. This makes it all the more important to do an actual physical verification on a large scale, as Gabor transforms involve pure probability (as opposed to template matching and it's inherently higher FRR), which will be totally dependent on iris image and iris ring number that is captured on the machine.

Lies, damned lies and the UIDAI.

Saturday, October 8, 2011

GLASSHOUSE SEC.RITY Natgrid and privacy

Security is not about collecting information. It is about collecting very narrow and specific information. It is the reason why prevention is so hard. Even if one knows what one is looking for, it requires a constant state of receptiveness and intelligence to discern patterns. Quite obviously computers would fit the bill for being very receptive and could be scaled suitably for looking at EVERYTHING ALLTHETIME. So someone - it has to be a person swayed by sophistry about both computers and security - in the government swallowed that rubbish hook, line and sinker. They decided that snooping on all electronic communications all the time would prevent the type of attacks happening around the country with fair regularity. The government passed various laws that made it mandatory for service providers to record all our communications, including handing over cryptographic keys for services which were encrypted (Blackberry). Bad enough so far. Someone found that getting permissions from various state departments was a pain. Besides each state investigative agency was running their own pawn shop. How wonderful it would be if we could have a central secretariat. Each individual investigative agency need just forward their request to the central secretariat and the secretariat without having to send any request to the service provider - a particularly nice benefit - could then access your communications. Another nice benefit is that if more than one agency were investigating the same subject, they could all be alerted. This secretariat would also be linked to the NPR and 20 (or some such number) other databases, with probably more to follow (CCTNS).
 The secretariat is know as the NATGRID.
NATGRID is not a secretariat, it is a network with a storage backend that links to the above 21 databases. It will have capability to retrieve info and run various heuristics to discover patterns and correlations in the 21 (+) databases. These heuristics will proffer the intelligence in discerning underlying patterns. And here lies the rub.
Besides the obvious-to-all-except-the-government total breach of privacy, any claim to intelligence would have to be taken with a sackful of salt. It is utterly trivial to defeat such heuristics both on a lexical analysis as well as on geographic tracking. Any 2 pence terrorists would be really stupid not to stay under this surveillance radar, and tracking stupid people with "intelligent heuristics" speaks a lot about both the natgrid and our agencies. Methods to fool the system would include using various annoymizing proxies, including a large number of people to whom the suspects send random stuff, using codified words for real communications while asking everyone to include a random collection of explosive sentences, that would bomb the ears and create mayhem in minds of the infidels who kill chicken and massacre forests, etc - You get the drift. We havent even begun to talk of  encrypting your data, setting up fake BTSs, having zombie networks - top level domain nic.in might be a fine place to host one -, using steganography, captcha like devnagiri/indic fonts, or just plain not using data and voice networks. Do all the stuff man-o-man.
So, far from actually being able to detect anything meaningful, it is most likely to send an already overworked and grossly under-trained police force on wild goose chases. It will also set about enabling the means for political victimisation both at a macro level and at the local level by generating fake data.

As it now stands there is no supervision of the natgrid's use. An audit comittee - consisting of it's users IB, RAW and CBI (no it is not a joke) - is the only supervision. Given our investigative agencies penchant for political gamesmanship, one should oppose yet another waste of taxpayers money. While politcalisation and subversion of the police  continues unabated, we come up with these schemes with failure painted  all over it.
Security is about making U the public secure. Treating U and your data as sacrosanct. It's the U missing in the government's security (and other)  policies that is the cause of the problem.

Talking of bypassing supervision: In 1975 we had an exam prelims on economics. Many of us were a bit apprehensive of the subject. One of my classmates named Prithiviraj Dandu marches into the exam hall and starts writing right to left, an entire para. It took some looking at - especially if you did not see him actually writing -  to decipher that it was the answer to a question in the paper. The class supervisior as well as the principal, vice principal and senior supervisors passed by doing their rounds,  looked at the gibberish askance and never found out what it actually was. Hoodwinking humans is easy. Hoodwinking computers is a lot easier. Converting computers to zombies and gaming such systems is even easier. It would be utterly trivial for an inimical neighbour to plant or remove all sorts of data from such centralised, single point shoot-me-in-the-head targets.

 I would strongly recommend that everyone include a random smattering of guns-n-roses, bombs, grateful dead, mayhem, deep purple, nuclear, dirty bumb, man killall, shoot the foobar etc in all communications on the net. 


Monday, October 3, 2011

RTI reply UIDAI style

                       No. F-12013/44/2011 /RTI-UIDAI
                             
  Government of India
  Planning Commission
  Unique Identification Authority of India
  2nd Floor, Tower-I, Jeevan Bharati Building,
  Connaught Circus, New Delhi - 110 001.
  Dated: 2 ^September, 2011
To
       Ms Sahana Sarkar
       No. 194, 2nd 'C' Cross
       Domlur 2nd Stage
       Bangalore - 560071
Subject:     Applications under RTI Act, 2005 .
       Please refer to your RTI application dt 30.06.2011 received in this
office on 08.07.2011. In this context, parawise reply is as under:
Question 1: Please provide us all such mathematical algorithms and values
             of all such statistical variables which are necessary for
             calculating probable errors in the process of de-duplication or
             identifying duplicates by the Aadhaar System using biometric
             inputs.
Reply      : The following definitions for calculation of biometric errors in the
             de-duplication system are being used :
             "False Positive identification" A team applying to de-
             duplication transactios only. An incorrect decision of a biometric
             system that an applicant for a UID has previously been enrolled
             in the system, when in fact they have not.
             "False Positive Identification Rate (FPIR)" A term applying to de-
             duplication transactions only. The ratio of number of false
             positive identification decisions to the total number of enrolment
             transactions by un-enrolled individuals.
             "False Negative Identification" A term applying to de-
             duplication transactions only. An incorrect decision of a
             biometric system that an applicant for a UID, making no
             attempt to avoid recognition, has not previously been enrolled
             in the system, when in fact they have.
             "False Negative Identification Rate (FNIR)" A term applying to de-
             duplication transactions only. The ratio of number of false
             negative identification decisions to the total number of
             enrolment transactions by enrolled individuals.

The above is not an algorithm. It is the definition of terms for a  final permitted statistical error that the UIDAI will accept as valid from the vendor. The reply to the next query clarifies this.
Two separate queries were needed one for iris and one for finger prints.
You will also have to ask Is demographic data being used in de duplication. If yes, what data? why is this data being used when one of the uidai objectives was to remove incorrect data widespread in documents which are now used as proof for issue of adhar or in it's abscence not verified at all. (one may point out huge numbers of UINs having the address of a single NGO).
Are all fingerprints of an applicant compared with all fingerprints in the database or only index to index, middle to middle etc. If the latter is true what is the logic for not doing the former.                                                                
                             
Question2: Please provide the value of all statistical variables being used for
           the purpose of de-duplicaiton, e.g. FPIR, FNIR, FMR, FNMR, etc.
           Please note that this request is not limited to the aforesaid
           variables, and all variables being used for the purpose of de-
           duplication are requested.
Reply     : The biometric service providers have to meet the following
           accuracy SLA's for FPIR and FNIR.
           FPIR<0.1% (of non-duplication enrolments)
           FNIR< 1% (of ONLY duplicate enrolments)

Question 3: If the value of the statistical variables being used for the
           purpose of de-duplication is going to be changed during the
           various phases of implementation, you are requested to provide
           the value of these variables for all such phases of
           implementation.
Reply      :UIDAI has specified SLA for FPIR and FNIR. In addition volume
           allocation to each BSP is dependent on FPIR & FNIR. BSPs is
           dependent on FPIR & FNIR. BSPs may internally to set best
           FPIR & FNIR.

How are they monitoring the above. This is a perfect incentive for vendors to falsify data

Question 4: Please provide the number of new enrollments and the number
           of duplicates identified by the Aadhaar project on a monthly
           basis (since inception, till date).Please provide this information
           broken state-wise and month-wise if such records are available.
Reply:     The information on monthly enrolments is provided in the
           Aadhar Portal. A total of 2.59 crore enrolments has been
           completed as of 17th August, 2011. Enrollments rejected as
           residents were duplicates. The number is 2005 (verified as on
           17th August 2011). Break up may not be possible as requested.

Question5: Please provide the number of new enrollments and the number
           of duplicates identified by the Aadhaar project, state-wise, on a
           monthly basis (from inception, till date).                         
Reply:     Information provided in Question No. 4 above.

Question6: If a false positive match is found, what is the established
           operating procedure?
           a. What will the (operator) do?
           b. What will the UIDAI do?
Reply:     If a False Negative Identification were to be found the Aadhar
           would not be issued for the second enrolment.

The answer does not make sense. The query is about false positives.

Question7: If a false negative match is found, what is the established
               operating procedure?
                     a. What will the (operator) do?
                     b. What will the UIDAI do?
Reply:       Investigation is an ongoing process.

What do they investigate? is there a mechanism for field visits?. do they have human fingerprint matching experts.

Question8: For the number of duplicates identified till date, please provide
               the percentage of cases which have been successfully
               investigated till date.    Please provide the breakup of the
               reasons for the duplications (eg. Number of duplicates because
               of false positives, number of duplicates because of clerical
               errors, number of duplicates due to criminal intent of enrolling
               individual etc.)
Reply :       Investigation is an ongoing process.

So we can be assured that they are clueless. To test you will have to get about 10% of the people issued UINs and ask them to re register. Then investigate the false accepts. 10% does not mean 10% of 5 people. It means that they will have to get 10s of lakhs of people to re register. No half measures. Feeding already captured data is precisely what you don't want to do.

2.    If you are not satisfied with the reply, you may appeal to the Appellate
Authority, UIDAI within 30 days from the receipt of this letter. The address
and contact number of the Appellate Authority is given below:-
       Shri Ashok MR Dalwai
       DDG & Appellate Authority
       Regional Office, UIDAI
       Khanija Bhavan, No. 49, 3rd Floor
       South Wing, Race Course Road
       Bangalore - 01
       P h - 080-22341622
                                                                 (Ashish Kumar)
                                             Assistant Director General & CPIO
                                                           Tele : 011-23752677

Sunday, October 2, 2011

Rub 78 paise of salt in your wounds to stay above the poverty line.

That's what the planning commission's prescription of Rs.32/- per person per day amounts to. We saw several defences of this prescription. The defenders were using planning commission data, personal info on slalries they pay to maids etc.
The secretaries of the planning commission are by any standards a clever lot, and are quite aware of the ground realities. Why then would they make such comments, that too in a court of law. Moreover why would others defend them. To me it seems our bureaucrats and our middle class have lost touch with the other 80% of India. The one that carries the burden of the middle class on it's shoulders. They, or rather we have not only become inured to the exploitation, we now see any granting of rights to this underclass as an impediment to our profligate ways.
The average daily wage earner earns about Rs.100~150 a day in most urban areas. The lower limit is in city regions that are predominantly residential. The upper limit is in predominantly commercial regions of the city. Now a person from one locality can't just go to a commercial area and solicit work. He will face immediate opposition if not violence. He might be able to enter such a higher paying area if he has a close family member or friend / well wisher, sufficiently well connected in that area. None of them enjoy any perks like leave. So every day that is an holiday, means no wages. In many cases, the nature of work requires the worker to be at a designated place  early. Any disruption in transpaort effectively kills his chances of work. Given our creaking infrastructure, it translates to atleast a days wage loss in a month on account of public holidays, another days loss for transport breakdown, 4 sundays, and for a substantial number reduced opportunity on Saturdays. That makes 6.5 days of no wage in a month. Thus monthly wage is between Rs.2350/- `3525/-.  Rs.78.33/- per day at the lower end.
But that is not the end of the story. Every family member has to pull their weight. So the wife works too. As do the kids at the innumerable roadside joints. The women earn approx the same as the men but put in longer hours - 12 hours, not counting their own house work - mainly as domestic help. The kids earn about 30 to 45% of the minimum figure. A family of 4 thus earns Rs.5700/- pm. or Rs.47.5 a day per head.
Is this money sufficient. Absolutely not. The first casualty is children education. Next is health of the women. And god forbid that some ill luck befalls any of them.
It is a very hard run to stay in the same place.

Uinique identity, biometrics and all that jazz

UIDAI launched a scheme to provide Unique Identity Numbers to all Indians. The reasons publicly proposed for provision of such an identification was that those the poor and marginalised do not have identities and without identification are prevented from obtaining entitlements and participating in the Indian economy. Other reasons provided by the UIDAI (and by other government agencies) include national security, prevention of leakages, enabling support to school going children, tracing out lost children.
Of course all of the above statements predicate that the UIN is unique and ubiquitous. Inorder that the UIN be unique, the UIDAI decided that fingerprints would be used as the unique identifier as well as the authenticator. Inorder that it become ubiquitous they began building collaborations (MOUs) with various semigovernment and government agencies mandating the use of the UIN. Naturally one would question the logic of doing things in such a roundabout way. Why not make UIN compulsory? Because it turns out that the UIDAI has no sanction to carry out it's activities by passing a bill in parliament, and was constituted as a part of the planning commission. In short it has no legal standing. Yet it began issuing RFPs and documents for various parts of the infrastructure that would be required. Tenders worth Rs.1100 cr have been floated till date. Miniscule compared to the projected cost of Rs.17000 Cr for issue of 200^6 UINs
One would imagine that for such a massive investment a substantial pilot would have been done and there would be huge amounts of data to support all the grand proclamations mentioned in the first para.
Indeed a pilot was done, not on all the stuff given in the first para, but to validate the technology that was going to swallow up the Rs.17000Cr. Talk of putting the cart before the horse.
The pilot was done in 3 states and the sample as per the UIDAI PoC report "The goal of the PoC was to collect data representative of India and not necessarily to find difficult-to-use biometrics. Therefore, extremely remote rural areas, often with populations specializing in certain types of work (tea plantation workers, areca nut growers, etc.) were not chosen. This ensured that degradation of biometrics characteristic of such narrow groups was not overrepresented in the sample data collected."

The reality is that it is this eliminated section that is in dire need of state interventions AND will prove to be the most difficult to accommodate into all the UIDAI's assumptions. Indeed their report attributes longer enrollment times to hard work. But coming back to the sample size of 75000, it is so abysmally low as to be statistically insignificant or (.0000625% )in comparison to our population size of 1.2^9. They would require a sample size atleast 100 times this size to be able to detect failures for the specified FAR/FRR/FNIR/FPIR.
Next they check re enrollment after 3 months and declare it to be a success, inspite of the data graphs showing a significant reject rate. One may note that biometrics, particularly fingerprints vary substantially as time goes by.

The most important piece of any authentication system is that it has to have with-drawable credentials, whenever a compromise occurs. Biometric credentials, by their nature, are non with-drawable. If your biometrics are spoofed, you will be unable to protect yourself.

By now you must have guessed that biometrics are spoofable. Watch the two videos below.

http://www.rediff.com/news/report/fool-proof-uid-system-for-indians-blah/20110201.htm

http://www.youtube.com/watch?v=0a96L_SphR4

The above are videos by me.

The link below provides substantial details on other techniques.

http://cryptome.org/gummy.htm

The article above, as well as my spoof demo, uses a "low cost" reader, commonly used for single finger authentication. An official from any government body promoting biometrics, will defend their decisions claiming superior technology.

Subsequent to these spoof videos getting circulated, one uidai official made a statement that their readers (1) used sophisticated patented (2) technologies.

1) Turns out that the readers from L1- technology and (afair) all the other vendors use THIS tech (2) to do the job better. This is essentially a technique for measuring texture and flow of sweat through the pores on ones fingers, when it comes in contact with a scanner platen.
As per the developer of the tech it helps by reducing spoof vulnerability to less than ten percent, who also says that “As security systems based on biometrics continue to develop, it is important that people are reassured that their privacy is protected, ” she said. “How confident will someone feel giving his/her fingerprint over a public communication channel, such as the Internet? The technology needs to be solid and reliable and offer adequate privacy protection before biometric security systems will be accepted by the public.”

What she did not say was that this tech also raises the rejects by a huge number. During enrollment by the uidai as much as 10% of the enrollments failed because finger prints could not be recorded at all, and substantially more had to have repeat scans. This is unofficial news from enrolling agents. Officially everything is bliss.

Further, the use of this technique increases the size and cost of the device substantially. Therefore as an authentication device, it will not only incur far more cost, but, will also cause a huge number of authentication failures.

In my opinion It also does not in any way make it more difficult to adapt current spoofing techniques.

The false premise that patented technology, which is therefore secret, enhances security, is thoroughly refuted by all security experts. One does not need to know the mechanism or manufacturing process of a lock inorder that a fake key be built.

I was monitoring the rate of issue of UINS on https://portal.uidai.gov.in/uidwebportal/dashboard.do . The rate of issue was so horribly low that it would have been impossible to complete the task ever. The required rate of issue is 1uin every .185 secs for 1.2^9 population size. The rate was below 1 per sec. AND that site was more down than up, raising the issue of basic technical competence. Probably in response to this data (UIDAI have hired spin doctors to monitor the web and media - they actually issued a tender for the service), one UIDAI official stated that they will use demographic data in addition to biometrics for speeding up de duplication. This after a huge backlog of applications piled up. They could also be using binning and time stamps. Binning means compare index finger to other index finger only and middle to middle etc. + no need to deduplicate applicants that were captured at locations that ere distant from each other, but having similiar time stamps. In a previous statement UIDAI were explicit in stating that they would not disclose demographic data to third parties, yet are doing exactly that by releasing it to the deduplicating agency.

After all of the above shortcuts and games, the current rate of issue is .2 secs for a compare size of 3^6 UINS. That rate is several orders of magnitude slower than .185 per UIN for a compare size of 1.2^9

Even when all of this is quite apparent to everybody, UIDAI officials continue to dodge real issues, instead accusing us of being extremist in our perception of the UIDAI's grand effort, and asking us to take a less critical view. If anything at all we should be taking a far more critical view.

The above spoof was also demoed in Bangalore, where a Karnataka state IAS official was present. I had categorically asked for provision of a UIDAI scanner and dedup software, for independent public test. The official had promised a meeting with the UIDAI tech team. A year later no such meeting has happened.

All we hear is spin.

Saturday, February 13, 2010

Indian Openstandards, or double standards

The government of India decided that it was necessary to formulate a standards policy on egovernance. It released a draft policy on open standards for eGovernance-
http://egovstandards.gov.in/Policy_Open_Std_review.
The policy draft was excellent, in that it mandated open, unencumbered (not restricted by patents) standards.

Ofcourse such a policy would be inimical to certain business interests and NASSCOM stepped in with some weasel worded recommendations. The recommendations were submitted inspite of strong objections from many of it's members. In effect Nasscom recommends that
  1. Patented encumbered technologies be permitted for inclusion as part of standards, as it helps wealth creation and will stifle innovation if not permitted.
  2. Multiple standards be permitted , as it provides choice.
The upshot of such recommendation, particularly in the context of egovernance, is that you and i will have to pay for software for using egovernance services. One might note that many of these services are fundamental rights and many obligatory duties.

Firstly standards do not stifle innovation or the ability to earn. In fact it allows much wider participation and hence much more innovation and creation of wealth. Nothing in a standard prevents multiple implementations and thereby innovation, efficiency and consequent creation of wealth. The above is true only if the standard is available freely and without patent / copyright encumbrances, for use and implementation. Thus if the standards are not open and unencumbered, the standard will actually stifle innovation and wealth creation. Quite the opposite result of what the recommendation implied. NASSCOM is confusing wealth hoarding for a microscopic minority with wealth creation for the majority

Secondly multiple standards came into existence PRIOR to or in parallel with the standards process, primarily to carve out niche markets. In most cases geographically isolated regions had set a particular standard and subsequent globalisation forced the use of multiple standards. In every case of multiple standards, the end user bears the hughe costs of supporting interoperability ( by having to purchase additional goods and or services).

Some examples:

PAL /SECAM /NTSC tv broadcast systems.
Every television set had to incur additional costs to incorporate circuitry which most people rarely used.
Every broadcaster had to incur costs converting feeds from one format to the other.

The Indian Railways
A particularly useful example is The Indian railways. IR will be spending a whopping Rs.16500 Cr (and most likely a substantially higher amount) for converting 18000Km of narrow and meter gauge lines to broad gauge in the next few years.
This is excluding the costs of 7000 odd Km already converted since 1992. They need to do so to minmise their costs and provide seamless services. Most readers will be very familiar with the hassle of transiting from Broad gauge to Meter gauge in the course of their travels.

There are numerous examples where not following a standard (eg. roads - Indian road standards are followed more in the breach) results in everybody else incurring a penalty forever. Another example is the humble electrical socket. Everyone knows the hassle of using electronic equipment purchased in one country, when moved to another (UK - USA for example).

The existence of multiple standards should be viewed as a failure of the standardisation process and a burden on the public, instead of being justified on grounds of innovation, creation of wealth and other lame reasons.

There are several other technical reasons (software bitrot, vast volume of data, life times of data, authenticity, security etc), that are even more pressing in case of egovernance, which will absolutely mandate single, open and unencumbered standards.

Only an idiot will commit the folly of proposing and approving encumbered and multiple standards when there exists an opportunity of avoiding it.

Saturday, October 24, 2009

So at long last I have started a blog. Considering that i am on the net most of the time and tech savvy, wonder why it took soooo long