@adamstallard, really pleased to see you here and I think brightid’s work is fascinating (rereading my prior post it came across more critical than I intended).
One of the problems with aadhaar I heard about was that it was not uncommon to fail the identity check. The fingerprint and retina scanners worked at first, but after some time (a year or more) didn’t scan correctly. Whether this is a problem with the hardware or the biometric algorithm or the person themself changing is unclear but in the end it didn’t work. Fortunately this is an aspect which can be improved with better technology, so failures should be lower in the future. WRT brightid, I think the technique for verifying identity needs to be robust, and public key crypto is probably a robust way to achieve it so long as key management is, well, manageable.
This failure of technology for identification is itself not so bad. However, all other mechanisms for verifying identity also failed (I think these include presenting an aadhaar card, using their phone app, not totally sure). These people are now ‘not people’ according to the aadhaar system. That’s pretty confronting, especially if it happens at the pharmacy being denied medicine. I think brightid needs to be conscious that not everyone will be good at managing public keys, and not all vendors or customers will be good at recovering from failures.
Which leads into the next point, where aadhaar is voluntary in theory but in practice certain things are not practical without aadhaar (opening a bank account, some medical services, running a business, getting a sim card). The issue I take with this is that central identity services can’t maintain the promises they start with (in this case the promise is to be voluntary) and are prone to erosion of privacy and security (whether intentional or unintentional). This is at the whim of the authority that manages the system (and the processes of vendors who utilize the identity for services) which will change over time. Hopefully brightid doesn’t face this problem since it’s a distributed p2p system, so pushing dubious changes should not be as easy. But it does provide an important question of ‘how are changes introduced’ and what recourse do people have if they don’t agree with changes to how their identity data may be used. This starts getting into governance and becomes very nuanced so I’ll leave it for now.
Aadhaar is vulnerable to fake identities and stolen / sold identikits. It brings into question the idea of ‘value’ of identity and that’s not a rabbit hole I want to go down just now. I’m glad brightid is exploring this and even though I’ve been overall negative about proof of unique human I’m definitely interested in it as a technical and social problem (even though I don’t really see the value behind it). So please don’t take criticism as disapproval, and remember it stems from my own very strong prior biases. I think identity is a critical aspect of technology and has been poorly implemented thus far, but unique identity per person… I’m less convinced about the value of that form of identity.
There are concerns about aadhaar keeping so much information about so many people all in one place. I think it’s a valid concern, but I don’t really understand the details of the risk (for aadhaar or brightid) so it’s not a point worth expanding here. Brightid seems in a good position to manage these risks compared to most identity companies.
Hopefully the brightid beta brings some really interesting results! Thanks for working on such an interesting project.