Could blockchain have prevented the CBSE Data Leak in India?

Could blockchain have prevented the "CBSE Exam Paper Leak in India" ?
Definitely yes!  I will explain how it will work and I have a picture that explains how 3 sets of Exam Papers set by 3 people are put on blockchain and they move across the 'Exam Paper Distribution Process'. The data/question papers is accessible only to those authorized users (those who are given access). No one else can access or hack blockchain and leak the papers except the authorized personal who will get identified and caught if they try to leak exam paper. The process is transparent, secure and has an audit trail which gives everybody confidence.

Blockchain was invested by Satashi Nakamoto in a paper he published in 2008.  Let me explain blockchain as I understand it.

1. Blockchain is a software program that runs on a network of computers  (for now this definition is good enough for newbies)
2. If a document is put on blockchain then blockchain allows AUTHORIZED USERS" to update the document but does not allow then to EDIT or DELETE any data. Its like a notebook in which you can write and notebook records the date and time of your writing but if you make a mistake and want to correct it it will not allow, you will have to add a next entry saying previous entry was a mistake and should be ignored. In short history of every transaction can be viewed at any point of time which makes the document trust worthy (of-course there is security that ensures that document cannot be tampered so don't worry about it for now)
3. Next aspect of blockchain is that every authorized user gets a copy of the blockchain record/ledger every time it gets updated. So if someone wants to tamper his copy of the document it is of no use because every other user will know what action you have performed this is 2nd level of trust.
4. Blockchain maintains all documents for ever and no one is allowed to delete any document  not even a hacker can do it. So any point of time any authorized user can view the document.

Now take our example of exam papers and how blockchain and a well defined process can prevent paper leak -

1. Lets assume paper setters, CBSE officials at center and in states & all school principals are authorized users of blockchain
2. Assume 3 paper setters create 3 sets of Mathematics exam paper and put them on block chain
3. Blockchain will record the transaction and inform all users that papers have been submitted and they will get a copy of the paper which is encrypted  with a password.
4. At this  stage only CBSE  officials have the password to view the papers and approve them to be used in exam. School principals come to know papers are set but cannot access them till password is given to them
5. On day of the exam CBSE will decide which paper from the 3 sets  has to be used for exam and 1 hour prior to the exam they will share the password with School principals. So far it is ensures that if paper leaks then it will be done by paper setter and he will get caught but less chance since he does not know which paper will be used for the exam
6. Once principal get the password it is their responsibility to take print, update the block chain as soon as they take the print so everybody in CBSE knows when the papers were printed and how many copies were printed. Next the principal is responsible to distribute ( with help of his staff who are not carrying mobile devices) papers in the classroom
7. Any student is missing and question paper is unused the school updates the blockchain that x number of paper are unused and they are being sealed and kept in principals custody.
8. From beginning to end each step, each transaction is recorded on blockchain and immediately all users on blockchain get informed over the internet. If there is any leak it can only be possible if the principal and his staff do it as no one else has a hard copy of the papers, not even CBSE.
9. This is a simple explanation of the process. Actual implementation can have more customization and security for example using GPS or RFID tags from the time  exam papers  are printed to track the Real Time movement of exam paper till they reach class rooms and many other security aspects can be added for additional security at the last leg of delivery.

I don't have knowledge of the system used by education institutes to deliver examination papers and there could be minor changes in the process. What is required is the transparency, security and trust that blockchain or similar solution can deliver so that students have faith in the system. Diamond merchants face challenge of fake or over valued diamonds and they use blockchain to trace the journey of each diamond from the mine to the stores and all the way to final buyer. Every diamond sold by DeBeers has a complete audit trail of every person who had handled each diamond and there the transparency in the process builds trust. Blockchain promises trust in your business process.

Does my company need a BPM software to implement business process management?

Please answer these questions in yes or no

1. Does your company implement continuous business process improvement ?
2. Do you think there is scope to improve company's productivity, collaboration, efficiency & QoS?
3. Do you think there is scope to improve customer satisfaction?
4. Does your company implement innovative changes to the way you do business?
5. Does your company spend too much time in modifying software to adhere to changing process?
6. Does your company face challenges in adherence to the defined process? 
7. Does your company want your employees to have simplified process management & removing redundancy in existing process?
8. Do you think your company can leverage big data to make smart decisions?
9. Does your management expert a dashboard view of your business process management including insight about the performance across departments?
10. Do you think there is scope to improve collaboration across distributed groups and partners ?
11. Does your company want to reduce the dependence on software engineers to manage your business process? 
12. Do you think a change is process should be tested in simulated environment before implementing the change?
13. Are your competitors already using BPM ?

                                                                           

If the answer to all these questions is yes than your company needs a state of art BPM product to automate the business process management . In the next post we will take an example of a business process and see how you can achieve the above goals.

What you should know about Artificial Intelligence (AI) ? Why are some people worried about AI?

When people talk about how Artificial Intelligence (AI) is going to revolutionize the game they fail to tell you that AI is as old as computers, well almost. AI is as old as the first computer program way back in 1940 when programmer Ada Lovelace tried to write a program to do something which is normally done by people and that is the simple definition of AI. Garry Kasparov, the chess Grand Master who was defeated by IBM’s Deep Blue Computer in the 90’s.  Garry's reaction to the defeat was that he realized that he would have performed much better if he had access to the same chess programs that Deep Blue had.  Deep Blue had huge storage and was fed thousands of detailed chess game moves data' from which it was able to anticipate opponents next moves and plan its moves and coupled with it's CPU computing power Garry was no match to him!

Over the years as computers and related technologies have evolved we see evolution in AI capabilities.When you buy a laptop from Amazon and amazon web-page suggests relevant laptop accessories for your product that's actually a low level AI program that has processed your purchase data in real time to smartly predict what accessories you may require. Few others examples of AI implementations that you might already be using are Apples Siri, Google's Assistant and Now, Microsoft Cortana and IBM's Watson. We will discuss narrow AI & general AI , strong AI & weak AI at a later stage and for the moment you should know that these are just advanced concepts in AI implementation.
                So why is there sudden surge in implementation of AI over last 4/5 years?  As the info-graphic by digitalintelligencetoday.com shows research on developing smart programs has been going on since 1950 and we have seen some working examples over the years. Over last 10 yrs we have seen cost of storage decreasing drastically, the cost of internet decreasing and internet speeds are improving. We have seen technologies and software like Big Data, Social Media, Mobiles, Sensors, Cloud, Hadoop are enabling creation & consumption of huge amount of data. This huge amount of data created every second and the technologies that make it possible to store and process the huge data are helping AI evolve and become smarter. Don't let some hi-fi techie tell you that AI is a new born and its going to make your job absolute. Like any other successful technology AI is being used for few years and it will help drive data driven intelligent automation to make our lives simpler. Way back computers were supposed to take away the job of millions of workers and though some jobs became obsolete, computers actually created many more new jobs and improved & simplified the way we do business. Today no one seems to blame computers for rendering them job less and in few years people will accept AI (which is nothing but a smarter computer program) as an invisible entity that is integral part of their life.

AI - Its about machines/computers learning from Data from Everywhere

Learning from mistakes is human nature but humans have finite memory and processing power as compared to a computer. From mid 1950s research is being done on machine learning, since machines can access data storage and learn from the data to continuously correct the mistakes and improve. The latest advances include self-driving cars, IBM Watson, a computer that can beat humans at Jeopardy and real-time machine translation that  seem quite like the universal translator in Star Trek.

My favorite AI info-graphic is the one below and it is owned / created by www.digitalintelligencetoday.com

Next post -  So where is AI being used by today's businesses?

What's wrong with Aadhar? My blog posts in chronological order

Here are the links to my posts on #Aadhar in chronological order

1] Why you should be concerned about #Aadhar being made mandatory for citizen of India?

2] Burning questions about #Aadhar that we want answered

3] Whats is wrong with Aadhar Software System ? (Part-1)

4] Whats needs to be fixed in Aadhar Software System ? (Part-2) 

5] Open letter - Could we not have implemented Aadhar System in an inclusive manner? (Part-4)

6] Aadhar Data - How much would the enemy pay for Aadhar data of armed forces? (Part-5)

7] Linking Aadhar to Bank is a redundant exercise & bad software design 

8]  It's high time we have an IT Strategy & Data Strategy for India

                                                          

How Blockchain could have prevented the 'Great Indian 11000 Crore PNB Bank Fraud' ?

Blockchain is a distributed digital ledger that enables and records the secure transfer of data and documents through a public or private peer-to-peer network. Blockchain allows secure management of a shared ledger & transactions are verified & stored on a network without any governing authority.  Blockchain configuration can be on a public open-source network or a private Blockchain network that required explicit permissions to read/write.

The best example of how #Blockchain can prevent fraud is the 14th Feb 2018 news report about The Great Indian INR 11000 Crore PNB Bank Fraud.

1. A businessman #NiravModi allegedly bribed couple or more bank officials of PNB (Punjab National Bank) and managed to get a fake letter of Undertaking or LOU from PNB Bank, without providing any collateral to the bank (providing collateral is the standard practice).
2. Then #NiravModi allegedly used the FAKE  LOU to fool few more banks and businesses ( which basically means that PNB bank is his guarantor as per the fake LOU and if Nirav is not able to pay his creditors then PNB Bank would be responsible for paying his creditors, to an amount of INR 11000 Crore or more. Holy Flying Cow!)
3. The Fraud was not detected for years because the fraudster issued a fake LOU but did not record it in the bank account so bank was not even aware of the LOU (apart from the people who were involved in the fraud)
4. Whats also  surprising is that none of the business associates or banks cross checked with Punjab National Bank for 7 years to verify that the LOU was authentic.

Core issue of PNB Fraud is poor implementation of BPM process :

Before we discuss blockchain lets make one thing clear that the main issue in the PNB Scam is poor definition and implementation of business process regarding LOU. If the business process management software does not implement tasks of review and approval for critical process like LOU then this calls for a immediate review of the BPM system of PNB Bank (and other public sector banks) as there could be other issues in implementation of other critical processes. The other issues is banking process defined by RBI does not seem to have a task of crosschecking with issuing bank to verify the authenticity of LOU or similar  documents issued by a bank.  As a matter of fact if on bank official can forge a document and the banking does not have process to validate the authenticity of the document then tomorrow some outsider can also forge the document and bank would not be able to identify the fraud! Some serious software process audit is immediately required by PNB and would be ideal if other banks also audit the software implementation of their business process management and seek expert guidance on how to fix/improve the BPM implementation and have an audit trail which can help trace any anomaly or attempt at fraud .


So how could blockchain prevent a similar fraud? Before we begin discussing blockchain let me remind you to not confuse blockchain with Bitcoin or any other cryptocurrency Bitcoin is one implementation uses cases of blockchain technology. The following image shows typical steps in working of  #blockchain.

                                       
                                                                        
The Great Indian 11000 Crore PNB Bank Fraud is in-reality is a very basic type of fraud!  This kind of fraud is so basic that it needs brain of a 5th grade school kid who hides his mark sheet from his parents when he gets poor grades! The bank officer who gave the forged LOU to #NiravModi did not document in bank record that he had issued a LOU. As there was no record of issues LOU in the bank computers, no one in the  bank was able to detect the fraud for years. The LOU was allegedly used by  #NiravModi to commit more frauds of which details are not available in media as of today. Its a huge scam because if #NiravModi (assuming the fraud is proved) did not honor the creditors then PNB bank would end holding the sack worth INR 11000 Crore! This fraud was successful  because in the banking process there was no process to restrict a corrupt employee to issue a LOU and neither did the bank define a process for other banks to validate the authenticity of LOU issued by the bank.
                                                          At at business process level one would call this a very poor implementation of a business process. Any letter of credit issues by any bank should not be valid unless it is cross verified by the bank with PNB but here the letter was used for many years without any creditor ever bothering to check the authenticity of the LOU with the provider bank! Frankly I can't believe this fraud actually happened but I guess there are many fools in the business world who don't even bother to check a bank guarantee is authentic or not! So how could we have a software system than can prevent such fraud irrespective of how many foolish bankers are involved in the process!

How blockchain could have prevented the PNB Bank 11000Cr Fraud?

1. In a blockchain world , all the steps in the 'Letter Of Credit' process would have been recorded in a blockchain ledger database
2. Notification of each step in the process of  'Letter Of Credit' process would have gone to all approving bank officials and it would be impossible for any employee junior or senior to issue a letter of credit without knowledge of the bank officials.
3. Even after 'Letter Of Credit' is issued when the customer shares the 'Letter Of Credit' with any bank or business entity, they would be able to view the process trail of the blockchain which is fool proof because blockchain ledger database it is like a database which only allows insert and does not allow update or delete
4. Since 'Letter Of Credit' entry in database cannot be deleted from a transaction ledger in blockchain it is not possible for anyone to HIDE any information or UPDATE any information without knowledge of the approving bank authorities.This means the LOU could not have been issued at all if a system similar to blockchain was implemented.
5. When the LOU is shared with another bank or business entity the guarantor bank (PNB in this case) would get notified when the blockchain transaction gets updated. This would ensure that same LOU is not shared with multiple banks or business entities to commit fraud.
6. The following figure shows transactions in a sample business process flow

 


1. A bank officer initiated a LOU , thus creating a transaction in the blockchain
2. How approving authorities are automatically notified by the blockchain system
3. How the approval transaction is inserted in the same block and becomes an immutable entry in the database
4. How the issuing bank keeps getting informed when the LOU is submitted to another bank to get credit or to a business associate to ensure there is a immutable chain of life-cycle of the LOU that is only accessible to authorized personals
5. For the life-cycle of the LOU the entire chain of transaction are attached to the LOU and all concerned people would be able to see the history and authenticate the LOU  

• In summary, blockchain or a similar software design that creates an immutable log of a bank process flow foe ex. LOU ensures that a ''log' of all activities or transactions is maintained in a secure ledger database  and is through the life of the document and even after the document validity expires. The immutable log helps build a trust relationship between partner entities and and it also helps speed the business process as all entities get copy of entire transaction log' as updates in real time this facilitating transference. 
• For those who did not understand the above example of business process, imagine a tamper proof paper register (from which pages cannot be removed!) in which all banking transactions have to be recorded in sequential order, using a permanent marker pen (so entries cannot be erased). A copy of the paper register is sent to each supervising  bank official (sounds redundant but this is just an example) Since a copy of register goes to every official within seconds of transaction being done, there is no way a official will not know about a transaction. Now when borrower submits this LOU document to another bank, a copy of register is again sent to the issuing bank officials and also to the receiving bank officials  - so all authorities get a copy of updated register every time a new update happens ( This is only an example in reality an entry is made in a 'Write only database" for every transaction, from which data cannot be deleted nor updated) . 
• The rule of the game is to build trust of participating parties, each transaction is recorded in a 'write only immutable database' and participating parties get a copy of transaction log every time a new transaction happens. So at any point of time every participant has the latest  transaction ledger. There is some amount of redundancy in the process because the ledger gets sent to all participants every time there is a transaction but it helps to ensure absolute trust since there is no one person managing the central database and there is no change of manipulation of data without knowledge of other concerned parties and as mentioned earlier all participants have their own copy of database which is immutable and tamper proof.

How could Sensors, Social Media, Call data, Intellegence Data & Big Data help prevent terror attacks on Indian Borders?

As we hear the news of another terror attack in Jammu & Kashmir in India, I wonder what kind of software driven intelligence is used by Indian Army to predict and prevent terror attacks. I was in discussion with an army officer from intelligence department and we discussed how these technologies are being used by telecom, bank & insurance companies to prevent frauds, by power and oil companies to predict and prevent power outages and the army gentleman was amazed at the use of big data, sensor, predictive analytics, artificial intelligence technologies by industry verticals.

Software architects are trained to identify scope for innovation by using existing infrastructure coupled with latest technologies. We can sit with a bottle of beer or a cup of coffee and tell you a incredible story that may seems fantastic and surreal but quite easy to implement. The army men promised me that he would discuss the case studies with his boss and hopefully set a meeting with him! What could be better than being invited to share ideas with the guys from army intelligence and do my bit for the country. I am going to post some usecases that can be used to build a Border Security solution using Sensors, Predictive Intelligence & historical data. I am not familiar with the technologies in use by border security forces so I am going to assume certain facts.


What I think can be achieved in a short time is a Multi Dimensional Intelligence Dashboard (we love buzz words!) that can give various insights into potential security breaches on border and real time alerts.

Intelligence Dashboard can give intelligent insights for example :


1) What are the locations around the border where enemy may try to sneak in on a particular time on a particular day?

2) What is probability of an intrusion at various locations on border based on human movements on both sides of the border

3) What is probability of intrusion based on weather condition and day/time of the year

4) What kind of intrusion strategy can be expected on next D-day

5) What are the support groups that could be working within the border to support the enemy  intrusion and how to track their movement

6) What is the synergy between social media, telecommunication and messaging application and enemy activity

7) How to auto detect events that indicate potential enemy activity in near future

The following sample illustration shows different data sets being collected, processed in real time and predictive analytics being performed on data at rest. Data sets are collated and analysed to derive insight into potential incidents and displayed on user friendly dashboard

Aadhar Data - Aadhar Data is worth more than most expensive substance in the world (Part-5)

Did you know the most expensive material in the world is Antimatter and it valued at $62.5 trillion per gram.approximately.

A software engineer mind is devils workshop. Every time we see a new software we start reviewing the software for quality, usability, scalability, availability, security & performance without even getting access to the software code.Over the time as we came to know about different implementation of Aadhar services,for example Aadhar being used to log daily attendance of Mumbai BMC (Bombay Municipal Corporation) employees, my concern was how many hits would the Aadhar server withstand if we use #Aadhar authentication for 'services that don't really need Aadhar validation'  If every Municipal Corporation across #India starts accessing #Aadhar Server every time employees enters and leaves office, I wonder how many servers would be required ?
                                     It also made me wonder if  we ares misusing the Aadhar services for everything sundry just because we have a new gadget in hand! Using Aadhar for services that don't really require identity verification is bad design and we need to be concerned about it. BMC employer attendance is an example of misuse of Aadhar verify the identity of an employee everyday in fact 2 times a day? is the next step tp use Aadhar to take attendance of school children from kg to post-graduation? What purpose is Aadhar identity verification serving? Would it not be simpler to continue with a local automated attendance service (most companies already have had it)  instead of hitting the Aadhar server? I won't repeat the 'Misuse of Aadhar for BMC attendance' example as I have explained the issue in another post on my blog (Whats is wrong with Aadhar Software System ? (Part-1))
            The other point we should worry about is hackers, simply because no internet based service is safe from hackers. The alleged data leaks are concern for most Indians because UIDAI has not been able to arrest the guilty and since they have not arrested the Tribune reporter as of 6th Feb 2018 there is reason to believe that the data leak incident was REAL. From the facts reported by media I have done an Virtual-Technical-Analysis ( no there is no such term as VTA, I just coined it myself and I am laying claim to the IP rights) of what could be wrong with Aadhar System and I would be more than happy if someone can prove my analysis wrong. Assuming a data leak has happened or can happen if a expert hacker group decides to target Aadhar database. After all if hackers could breach the security of Pentagon intranet, what in TODAYS AADHAR IMPLEMENTATION makes us so confident that Aadhar security cannot be breached? We have honest gentleman politicians in India so I will not go into the use-case where a political party decides to access financial data about certain individual or group of individuals because that would be an illegal activity yet its a potential risk we need to consider. What if a future government decides to use the Aadhar data to target a group of people?
        For a commoner like me the worry is that if my data is leaked, the personal data can be sold to marketing companies and I will lose my privacy. Some entity with access to my Aadhar data can easily associate the Aadhar data with my financial data (banks, stock, insurance, credit card purchases etc) and I could be subject of blackmail or kidnapping or even corrupt government officials - Tribune report exposes that it was corrupt officials who breached the data and UIDAI was not even aware till Tribune published the news report. So enough reasons for a civilian/commoner to worry. Right?

Take a use case of a enemy country that buys the leaked data thought multiple intermediaries so the Corrupt Patriot who sells the data to a marketing company would actually be selling it to an enemy like Pakistan. Now why would Pakistan buy Aadhar data? Well soon #Aadhar number will be linked to
1) SIM number
2) Bank Account
3) Credit card
4) Land purchase records
5) Children School and other services

So from Aadhar data and Credit card company data I can write a book on an army officers daily routine.
Where does he live?
What did he study? What is his skill set? Is he a fighter pilot or a grenadier?
What toothpaste does he use? What flavor of corn-flex does he like ( his wife's credit-card is also linked to Aadhar and card is linked to man's bank account - Damit! Everything financial is linked!)
Does the person take a bus or car to office (from credit card used at tolls)?
Where is the address of the person's office? What time does he return home? (time from toll plaza where you used credit-card to pay toll, his mobile tower data)
How many hours does he speak on cellphone? Who are the ppl on his mobile call list?
If he is an army officer is he on leave or at work? What is his current posting? (credit-card usage location)
What brand of clothes does he wear? Which restaurant does he  usually eat at? Can he afford the clothes? Does he have expensive taste and is he in debt and hence easy target for honey-trap?

Imagine if enemy gets the #Aadhar data of a security personal they will have all details about each army personnel  including

1) Count of service men in armed forces
2) The current posting of each service men
3) How many men are deployed at a given post?
4) What is age of each service man.
5) What is his credit history
6) What are his vices if any
So practically everything that is linked by Aadhar and everything required to profile and lay a honey-trap, can be pulled out if you get access to a persons Aadhar data. Now that could be a big risk for the armed services. By linking Aadhar to financial transactions we are creating a rich data-bank that is bloody valuable and magnet to hackers and enemy and services should introspect if they need to raise their concern with the government. I am sure armed forces cannot be excused from Aadhar but if the government understands the risk it can revisit its Aadhar Vision and use Aadhar for extending social benefits as was the original plan and not make it a Hop On Hop Off Bus.Other examples of using Aadhar for school admissions and hospital admission are glaring lapses in the Aadhar vision. These are basic services that citizen has right to and you cannot force people to use Aadhar to get heath care, especially when they are not using government sponsored health care. The aim of government in making Aadhar mandatory for getting health seems to be to keep a tab on the expenses which is unfair and invades privacy and recently a woman lost her life when hospital refused admission as she could not produce Aadhar card.
                                    So how do the progressive nations protect this data-bank? They don''t have to protect any bio-metrics data bank. Every nation that has some kind of UID never use it to link financial data of a citizen and they do not capture bio-metrics because of the huge responsibility to protect the identity of a citizen. USA thought of using bio-metrics in early 40s and the parliament ruled against it. There are couple of countries that use blockchain for e-governance but even these countries   (eg Estonia) do not have Aadhar like system. Instead they have a chip ID that holds UID of the person and if you lose the chip-id you can block it within seconds (something like losing a credit card.) Chip is used to verify that you are you and no data is shared with service providers . The Estonia chip-id is not used to validate your personal details like Aadhar uses to verify the address and other details when you buy a cell sim card. Since the chip id is a card that is not linked to internet, it can be used to validate your identity but cannot provide access to other financial transactions of the citizen. India should have thought on these lines before hurrying to extend Aadhar to sundry services.

Some will say you are scaring the common man with you examples of what could happen but do you know whats wrong and do you have a solution? Yes as a software professional I do know whats wrong or at least I think I know what is wrong with Aadhar. I know why we have faced certain issues that were reported and by reasoning I can tell you what are the potential issues of the future that Aadhar 'seems' to have overlooked and how to build a robust UID.

As I posted in my earlier blog post,  'Open Letter to decision makers', the first thing to do is to accept that Aadhar is a revolutionary system that needs to onboard all political parties. We cannot have new
Aadhar vision every 5 years as & when there is political changes at the center and we cannot have political parties fighting on Aadhar Vision. Once you have a documented Aadhar Vision then hand it to the IT guys to finetune the Aadhar Vision (what is doable) and then define a Aadhar Roadmap (What to implement 1st and so on) and then create a solution that takes care of 1.3 billion Indian and growing.  Once the vision is decided there should a a well defined change management process to do any change to the vision, one smart pants should not be able to change the vision without approval of change control board. Change control is how we maintain sanity in the software development world or else we would never stop accepting changes from the business that gets ambitious bright new ideas every week!
                 Final words of advise, like a civil architecture, well designed foundation is the most critical element for the success of a software. If you have laid a foundation to build Taj Mahal and after a year you decide to erect a Burj Khalifa instead of Taj Mahal then you need to start from zero and design and build a new foundation or else the Burj Khalifa will collapse even before the 10th floor is laid down. When we build software for fortune 100 companies they have best domain experts and software architects working for them to advise them and ensure that the IT service provider has designed a good system. Change in governments usually changes the entire setup of governance and I think that's why governments miss the services of IT experts with huge experience of architecting large complex software using proven Software Development Methodology (Whats that!). When you are embarking Digital Journey make sure you hire experienced architects who have developed software for Fortune 100 companies and have burnt their hands few times. Let the architects drive the vision or else when you go in production the lack of vision will drive everybody crazy. Before implementing anything new make sure you know the risks and have a risk mitigation plan. When I read about Aadhar glitches and see  UIDAI get into a huddle, I wonder why it was not documented as a risk and why there was no risk mitigation plan to counter the risk! Purpose of this post was to share some thoughts with personals from services and then let them as questions. My worst fear is Aadhar data of our armed forces in the hands of a enemy country and we should not let that happen just because some ambitious politicians ranting Digital Mantra and with no understanding of Software Development Methodology (process followed to build software) implements some crazy Aadhar services to earn some browny points with the voters.

If Estonia can have a blockchain based e-governance why can't India have it too?

When Estonia started building their information society in 1999, there did not have any citizens digital data. The general population did not have the internet or even devices. It took great vision and foresight to invest in IT solutions and take the information technology route to reach a stage in 2008 where they implemented blockchain to provide solutions like egovernance ,eHealth, eResidency, eTax, eVoting, eID and ePolice.

eGovernance - 99% public services are available on line

eHealth          -  95% medical records are online

eResidency   - transnational digital identity

eDatabase     - all state data is stored on open source distributed database

eTax              - 95% tax filling is done electronically

eVoting         - 1st country to offer internet based voting

eID                - chip based id, 2048 bit public key encryption, unlike Aadhar it stores personal ID

ePolice          - helped reduce crime & accidental deaths by 50%

eSecurity       - blockchain technology to ensure data and systems integrity and combat insider risk

eReporting    - cut-down on business reporting by intelligent automated reports 

Do visit https://e-estonia.com/ to read more about their vision and implementation. What a country can do with right experts on the job! I salute their vision, planning and implementation.

Does RDBMS tick all the check-boxes of a blockchain database for your system?

We know that Blockchain stores information in one immutable structure. Reliability, availability, and suitability are implicit characteristics of this decentralized database and multiple copies of data remain synchronized.
                         Just as cloud-based application services provide common functionality that allow developers to focus on key features to realize their applications, blockchain database incorporates data distribution, replication, synchronization, and update facilities, eliminating the need for developers to implement these features into each application. Storing all information in one place, allows for deploying a single suite of audit tools for reporting on all financial transactions as they are enriched by numerous applications during their processing.

Enterprises have been using  RDBMS like IBM DB2 and Oracle and would like to avoid another technology called blockchain if they can implement the same functionality & features using a existing database technologies. We know the strengths and weakness of RDBMS and we need to see how RDBMS can fit the blockchain use-case. If we have to use a database to implement say a Bitcoin use case where participating entities will either Read/Write and there is no requirement for updating or deleting rows from database then we can expect as very high improvement in the performance of a RDBMS.  Now add feature of partitioning to the database where you have option to partition a database by various parameters like transaction scope, day/week/month, partner_id and the resulting database will have even better performance for read and writes operations.
                                    So question to ask is why not implement a RDBMS database by designing it for blockchain use-case instead of investing in blockchain technology which requires additional investment and resources in terms of hardware, maintenance, security.

A partitioned distributed database system can perform the job of a Blockchain ledger and can be designed to give comparable or better performance than blockchain along with better reliability, availability and scalability. The following table highlights some key considerations that I could think of when I design a RDBMS database to support a Blockchain use-case

Lets take an automobile industry use-case. 

A car has a manufacturing defect that results in a part being replaced. The typical communication chain could follow the following pattern:

• The car owner brings the car to the dealer to diagnose a problem

• Car dealer inspects the car and notifies the manufacturer about the faulty part

• Manufacturer works with the part supplier to determine where the fault lies

• Part supplier and manufacturer agree that the part is faulty, then notify the dealer

• Car dealer notifies the customer
• Car owner brings the car back to the car dealer for part replacement

In this scenario, communication among the participants customer, car dealer, manufacturer, and part supplier can be delayed by incomplete information, so full and accurate responses along the chain are impossible. Second, all communication goes through email, telephone, or postal mail, and the customer has to visit the car dealership multiple times to have the part replaced, possibly being unable to use the vehicle until the car is repaired. This is a very shabby customer experience.

Now let’s look at the customer experience when blockchain style technology platform is implemented. In the same scenario, the communication chain will be as follows:
                                                                     

• The IoT sensor automatically notifies the manufacturer, car dealer, and car owner about the defective part

• Car dealer contacts the car owner and sets a service appointment for an inspection

• Car owner brings car to the dealer for inspection, which confirms the faulty part

• By now the information about the faulty part is already put on blockchain, which has by now notified all the parties – manufacturer, insurer, part supplier, car dealer, and owner

• Manufacturer, dealer, and part supplier collaborate to analyze the car’s IoT sensors and dealer inspection report to identify where the fault lies

• Manufacturer gives an instant approval for part replacement on blockchain, which automatically notifies all parties

• Car dealer replaces the part and delivers the car back to the owner

When can we use Database with Blockchain design?

When all the participants of the transaction are known entities and registered in the system, Blockchain's universal availability feature is not going to be particularly useful here. What is useful from Blockchain is the concept of the immutable ledger , availability and notification to participants and it can be achieved by a traditional RDBMS.

Big Data Reference Architecture For Telco

>

Value from Big Data at Rest & Big Data In Motion

Big Data is of value when we process it for insight but did you know Big Data in motion is as important if not more important than data at rest. Enterprise processing big Data in motion have a edge over competition because they are deriving intelligence and insight from data  in motion even before it hits the database, using technologies like Complex Event Processing . A diagram to explain how value is derived from Big Data At Rest & Big Data In Motion.

How can Indian Army leverage Artificial Intelligence in today's Big Data World?

It is 2025.

Indian Intelligence has petabytes of unclassified social media posts. Machine learning software isolate images of potential Criminal elements agitating protests, cross referencing cell phone pictures are posted on social media with traffic cameras, and more sensitive collection platforms.

Intelligence agency distribute the images of Criminal elements on a cellular alert network that lets concerned citizens turn their cell phones and other personal devices into a civil defense sensor network. This civil defense network acts as a cloud, helping cyber defense apps secure critical infrastructure and conducting predictive models of where possible cross-border insertions might occur based on historical data, weather, terrain, and news reports.

The technology in this future battlefield is already driving a wide range of commercial applications. From Amazon figuring out what book you want to buy next  to Google optimizing the ads you see while searching, we live in a world defined by “big data” and artificial intelligence applications that identify patterns in our consumer habits and daily life. These applications have the potential to change the character of warfare. The countries that adapts accordingly and integrates artificial intelligence across the force will have a generational advantage on the battlefield. 

                                           The NIA & Indian army needs to develop a strategy for integrating narrow artificial intelligence applications into the force. Existing investments in artificial intelligence of most countries tend to emphasize future autonomous systems such as tanks, robot soldiers, and planes that can operate with minimal human input. An alternative approach is to experiment with predictive models and big data to increase the combat power of the current force and that can only be done by building a sensory network by setting sensors at strategic locations as well as using the mobile devices of citizen as virtual sensor network.

What is Artificial Intelligence?

Artificial intelligence is commonly defined as the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making & translation between languages. It can range from weak forms, such as narrow artificial intelligence, that processes big data to answer basic questions and generate predictions (e.g., Google maps helping you drive home) to strong forms such as “Artificial General Intelligence” and “Artificial Super Intelligence” that exceed human intelligence, creativity, and adaptability. Short of the promise of driver-less cars and robot servants, narrow forms of artificial intelligence like machine learning are starting to change sectors ranging from healthcare to logistics. With respect to public health, the flowminder.com uses narrow artificial intelligence to predict the spread of diseases. In logistics, machine learning is helping companies make supply chain adjustments, optimize delivery routes, and design warehouse systems. Vehicle manufacturer are applying artificial intelligence to improve predictive maintenance of motors. Volvo collects data with smart sensors on their vehicles and applies machine learning techniques to conduct diagnostics that reduce down time for services and better inform the resupply.

Artificial Intelligence for the defense forces

While many commercial applications of artificial intelligence are based on identifying patterns and trends using big data, most military applications focus on autonomous systems.  Example of an artificial intelligence programs in the US governments unmanned undersea and aerial vehicle programs such as LOCOUST (Low-Cost Unmanned Aerial Vehicle Swarming Technology) & GREMLIN anti-surface-to-air missile drone program.  Another ideas is for the army to leverage existing unmanned vehicle systems and develop a logistic system that can be used in combat scenario where multiple unmanned vehicles can intelligently follow a manned vehicle.Technology is being used for civilian services and it needs to be adapted by Intelligence  agencies and armed forces. Border and Marine border security can be improved with reduction in human patrol by using Big Data & Predictive Data Analysis. Are armed forces & intelligence agencies already using these technologies?

x

Could we not have implemented Aadhar System in an inclusive manner? (Part-4)

Dear decision makers,
The first thought that came to my mind when I heard of  new Aadhar Face Recognition feature was that, next time Jio might refuse me a SIM if my face recognition does not get validated! What was originally a scheme to ensure that social benefits reached the deserving has now become a number in Jail Roster or so people fear!

The infamous Government Babu's of India who so far were famous for quite a few wrong reason are now custodian of my personal identity data including bio-metrics and iris scan. A SIM card is a commodity like any other commodity and it is definitely not a government benefit for which we have to validate our bio-metrics. We pay for the SIM service and it is responsibility of telecom company to validate I am who I claim to be. So what is governments interest in offering private Telcos to use the bio-metrics validation which was originally meant for Social Security distribution? Mr Modi is friend with quite a few world leaders. Will he care to ask the heads of USA ,Australia, Israel,Germany, China or Japan if they take the responsibility of validating SIM users identify for the private telco companies? So why is India so keen to do the identify verification job for Jio ? And now the privilege is extended to every telco company! I can understand that government wants to prevent criminals from using SIM using fake identity documents but using bio-metrics and face recognition to buy a SIM card is stretching things too far. Next the grocer may refuse to sell sugar if I do not have Aadhar card , quite like a woman was refused medical treatment in a hospital and died few days back.

Did government ever wonder why do USA, UK, Singapore did not capture bio-metrics of their citizen for their UID program? Do these countries have more terrorism incidents or higher crime because they do not use  bio-metrics like #Aadhar? How is Indian smarter than these countries who have Avoided Risking their  Citizens Privacy and Identity by not Capturing their iris and bio-metrics scan?

Who is making these decisions about #Aadhar for the country? Is it the Indian PM? or the Home Minister? or Mr Nandan Nilekani? From when did India start implementing national policy decisions made by a select few people without review by all the 750+ Member of Parliaments, who are true representatives of people in the parliament? Are the MPs not capable of conveying people views and concerns? Or are we no longer government of the people, for the people and by the people? Finally why is the Supreme Court not asking the government to include MPs in such a major decision making process that effects the country? Do the oppositions MP becomes unworthy of opinion because their party did not form the government? So may question that no one dares to ask because most people don''t know the impact of data leak of Aadhar data and the future of India is stake if identity of Billion people is risked even once. Guess it is too late already as the data seems to have leaked too often or else The Tribune reporter would have been in Jail  Chakki Peesing & Peesing & Peesing as Dharmendra said in Sholay)

We expect some maturity from the individuals who form the government irrespective of which party they belong to. I assume government has not forgotten that their term is only 5 years unless they win again and if they lose next election then the opposition parties who are objecting to Aadhar policies will come to power and change the policies again.  Is this not waste of national resources? Is it not duty of an elected government to forma  committee to get views of all the elected representatives and implement majority view & wish before implementing a software system that has potential to screw every Indians happiness?  So why did government not form an all party committee to decide the vision for Aadhar? As of today no 2 political parties agree to governments Aadhar vision in totality so every time the government changes can we afford to change Aadhar Software implementation?  I am also shocked that opposition parties not demanding that every elected peoples representative in parliament should be included in this decision making on Aadhar, the 1st of its kind scheme which is literally being forced upon people?  Another surprising fact is that the Supreme Court that has taken suo moto decisions on various cases of less importance does not feel that it should direct the government to form an All Party Aadhar Decision Making Committee ?  Gives me the feeling that for most fo the wise men of India ignorance seems to be the bliss An immature nation, barely exposed to IOT and the risks of internet are living in blissful ignorance.

I have asked enough questions, now let me talk about the right way to implement a software that can change the course of a nation. If I was the Prime Minister of this country, responsible for the actions of his ministers and his government I would be bloody concerned about the Aadhar project. I am not the type of man who will let the team do the work and when they screw-up ,tell that we screwed up because the Ministers did not do their homework or that the IT team was not smart to highlight the risks and mitigation.Let's be clear, Success or failure the onus of this ambitious scheme lies with the head of the government. So to implement a scheme like Aadhar my government would do the following things-

1) Aadhar is a scheme for the benefit of people, its a scheme which takes responsibility of capturing and protecting database of identify of every Indian and that is why it cannot be implemented without having all elected representatives of people on board. Period. If I can't convince 790 member of parliament (MP) of Indian parliament (250 Rajya Sabha & 545  Lok Sabha) that Aadhar is beneficial and safe for Indians, how do you expect me to convince entire country?

2) Form an Aadhar Vision team of MPs, ensuring each state & union is represented by at least 2 MP lead by the Minister of Home and ask them to draft a vision for Aadhar card along with help of IT, security and policy experts.

3) Form a review committee of another set of  2 MP  from each state & union to review the Vision document created by the Aadhar Vision team and finalise the 1st draft for review by Home Ministry.

4) Publish the Vision on the website and take inputs from the public, God knows we have enough smart people in India to give create inputs and this is the age of crowd sourcing so why not use the knowledge bank?

5) Final Aadhar Draft is reviewed and presented in parliament with all the above inputs and gets approved by the parliament for implementation.

6) The Aadhar Vision is given to the Aadhar Information Architect to define the solution architecture and road map for the Aadhar System. The Solution architecture is reviewed by 2 independent IT consulting firms who are bound by a NDA (non disclosure agreement) and the final draft of solution is ready for implementation.

People may say that 790 people can never agree to a common vision but they would be wrong. GST was implemented including each Indian state and union territory and thousands of people were included in the decision making process and here we are talking about only 790 people who represent the entire country. Aadhar cannot be solution to all problems so let's not cook the hen that lays golden egg! My final word for those leaders who think Digital is magic and Digital is future. Let me be burst your bubble about the New Digital India! Indian digital journey started in 1980s when  Rajiv Gandhi & Sam Pritroda revolutionized Indian telecom sector and STD booth started poping up everywhere. People started using the squeaky 56kbps modems with their phone lines to access internet, the state governments started their digital journey way back in 2001 with their e-governance initiatives. I had the privilege to be part of a team that bid for Goa state governments e-governance project in 2001. What has happened in last 2 years is there is lots of marketing and that has brought Digital to focus. Even the IT companies are MAKING HAY as the Digital sun shines. IT companies don't want to tell their customers that they there is nothing new about Digital except the renewed focus. Let me also remind you that many large enterprises have burnt hands when playing with Digital because they jumped into the digital well without a clear vision and road map. Problem is that with Aadhar, government is not jumping in the well alone,  they are taking the plunge into the well with 1 billion people and risking their lives as well. So decision makers please keep your ego in  your hip pocket and spare a thought for India. Do you really require government employees to use Aadhar to validate their daily attendance as it is happening in Mumbai Corporation and will soon be implemented across India? How is this stupid implementation ánd many similar usecases going to be useful for India''s progress and Digital journey? Sorry Mr Government you have made a blunder by now consulting experts and not learning from other countries like USA, Canada, Japan and UK. Correct your mistakes before something worse happens because history never forgives anyone. Jai hind!

Where there a genuine will & concern for people,

then pray, one will always find a way. 

Whre there is ego, over confidence & arrogance,

then failure is only a step away.

Your may be interested in my past posts on Aadhar

1) Why you should be concerned about #Aadhar being made mandatory for citizen of India?

2) Whats is wrong with Aadhar Software System ? (Part-1)

3) Whats needs to be fixed in Aadhar Software System ? (Part-2)

Whats needs to be fixed in Aadhar Software System ? (Part-2)

If you would like to read my past post on #Aadhar here is the link  Whats is wrong with Aadhar Software System ? (Part-1)  You may also be interested in reading a previous comparison between SSN & Aadhar at this link Why you should be concerned about #Aadhar being made mandatory for citizen of India?

Continuing from  

Whats needs to be fixed in Aadhar Software System ? (Part-1)

One pertinent question I want to ask UIDAI is, for a company that in implementing Aadhar should it not be a prerequisite for it's employee & service partners to have an Aadhar number and use Aadhar for registering new user of Aadhar System? In this alleged data leak case how did the system allow new ASA and AUA users (Authentication Service Agencies & Authentication User Agencies ) to be added without their Aadhar numner keyed in? Would the alleged hacker dare to sell data if he knew his activity was being tracked by his Aadhar number and that he would be caught? Software Design flaw eh?

I found the so called Aadhar System's Vision at their website and it is the briefest software vision document that I have seen in 20 years. Even after reading the Vision you won't know what are all Services that Aadhar is designed to provide today & in future. Our understanding was that Aadhar would be used for distribution of social security benefits to the eligible. Now goverment wants to make Aadhar the Single Source of Truth of your identity, something even the USA & UK do not dare to do with their SSN because of their concern for the privacy of their citizen. You have to read my earlier post to know why USA does not use bio-metrics for their SSN which is similar to Aadhar (Link)  Now your Aadhar number will get verified when you open a Bank accounts, do Stock investments, buy insurance and even when you get admitted to a hospital? Why are we using Aadhar for the financial transaction tracking? Was PAN not supposed to be the 'Universal Identification for Financial Transaction' as per the Income Tax website? I can understand that  goverment wants to link PAN and Aadhar to ensure people do not  create multiple PAN  and that makes sense. But when you are linking PAN with Aadhar where is the need to provide Aadhar to Bank & Stock exchange? They already have my PAN which is already linked to Aadhar (Read older post Linking Aadhar )! This is just bad,bad, bad, software design,  Last week it was in the news that a lady who was ill tragically died because she was denied admission to hospital because she could not produce Aadhar card. Who has given this ABSURD instruction to hospital that Aadhar is required to get medical treatment or to get admitted to hospital? Even the Nazi did not have such inhuman laws! Recently someone raised a valid question - How many homeless and nomads people live in India? Without a address how will they get Aadhar card to receive social benefit? I would have liked to know if such problems were already thought by the UIDAI ? Are these problems part of Vision document and is the Vision shared somewhere on their website so citizen can read and be aware of Aadhar Features.

If you want to build a Digital India start educating people and making them aware of what is coming their way. Sadly goverment schemes are very poor at educating citizen and GST is another example. Govt announces GST & the PVSindus 1 minute TV commercial does not tell how GST is going work. Who is going to educate the business men? Why could goverment not conduct 1 hour TV Training on all TV channels to demonstrate and educate business community on GST? When you go shopping talk to your grocer and you will be shocked to know that 50% of the times your grocer does not know how and when GST has to be filed! Sorry Sir, you cannot go Digital without training the last man & woman in the village, in a medium & language they understands. Everybody is not as smart as people sitting in Delhi!

Software engineering works on well defined Software Development Life Cycle Process. Software Managers help client define their Software  Vision. A Software Vision document defines the high-level scope and purpose of a program. It is a clear statement of the problem, proposed solution, and the high-level features of a product helps establish expectations and reduce risks. So a vision document is kind of a Geeta or Bible that has all major functionality and behavior that has to be built into the software to support the enterprise's business goals. If something is not in the vision it will not be part of the software road map & software design. Period. Next we create a Software Road-map which has milestones for different functionality that has to be built into the software and then the software architecture and design work starts. What I want to highlight to non-IT folks is that if you don't have a documented vision or if your Software Vision changes every year/months than it requires frequent changes to design, leading to patchy software and it affects the software quality including quality of software security.
                I believe Changing Requirements are a big challenge is software that we develop for government. The government changes, the Vision changes and software has to be changed - no scope for arguments! Take Obama Care where USA has spent millions on the program and developing software for the online program which might get scrapped now or else take Indian Aadhar Card. Vision of the government that started the UIDAI program was at least 90 degree if not 180 degree apart, from the vision of next government. Now think about different Government Software that have been built by past government, how subsequent governments have changed the Vision to what software should do and how software would have gone through structural changes making it patchy.

To give an example to those who are not from IT, imagine we order custom built Luxury Sedan, then goverment changes and wants the sedan to be modified to work like a Bus. Again the goverment changes and they want the vehicle to be again modified to work as a Bullet Train!  The chassis of the car can only take load of 5 to 6 people and you change the requirement to carry 60 people or worse 1000 people? Don't you think it is Better, Cheaper and Safer to use the car as it is and build a new Bullet Train from scratch? That's what happens to a software that starts as a modest application to perform few services and then client gets ambitions and wants to continue to modify the same software to serve the entire humanity. If the software foundation was not meant to handle all the ritz then it is better to start from scratch and build a new software. I hope that's not what is happening to Aadhar but it could if the people who make the decisions are not advised about the impact by their software architects.
                       I believe it is a duty of an IT engineer (and every professional ) to highlight the risks to the management on paper and provide the best recommendation to implement the software system but never compromise on quality and security of a software. I wonder if Aadhar software architect & engineers have done their duty well because the operations issues like data leaks and publishing data Aadhar data on their website do not give me the confidence that it is a robust system..

In my 1st post I mentioned Aadhar is currently being used for taking attendance of municipal employees and I think that is WRONG use case for Aadhar and if I may say so it amounts to abuse of a software system. Hey, I want to use Aadhar bio-metrics verification for my driver & housemaid to make sure she comes on time. Can I please have it? There was news that children will have to provide Aadhar to get admission in school and I am not sure that is makes sense to implement that because one study says that bio-metrics of children change quite frequently and it will create issues if bio-metrics cannot be verified. So much for basics of software design now lets look at it as a black box system and visualize an 'ideal software architecture' that can support services that we know Aadhar is going to be linked with in future.

Aadhar currently is an identify proof that will confirm that you are you and you don't use a fake identify to fool the government services like Passport or Income Tax department. Aadhar system should provide an web page to allow various departments to verify your identity by entering your Aadhar number & getting a validation response from UIDAI server. It is a basic validation service that guarantees that you are who you claim to be verifying Aadhar number and maybe asking you a random question about your Aadhar data like DOB, COB etc.  USA uses SSN for validation and the below image  is the response message that you get from SSN validation  no chance of anyone viewing your SSN details. So why do some uses have access to download users Aadhar Data ? Why does the Aadhar system design allow a use access to data? What UIDAI has to understand is it is a poor design that you are providing a interface for someone to download  Aadhar data. Period. So don't pass the blame to user if he downloaded and sold the data because your design itself is faulty.

If the Aadhar system allowss sharing your Aadhar details with private concerns like bank or letting them access your profile using your Aadhar number then it is a huge risk to the security and privacy of an individual and that is why people have filed PIL in court. What Aadhar system should do is allow a user to enter his Aadhar number and in response show him a standard success or failure message like the Americans show for their SSN!

Moving on lets discuss a model architecture and its key components that would ensure that we have a well designed that will work smoothly. What are the check points of making the system secure, fool proof, intelligent & proactive? How to build  software a system that notify authorities when a miscreant tries to access restricted data using password or even if he manages to hacks into the system bypassing authentication (if hackers can get into Pentagon you should be prepared for the worst)? That's what is coming next, right here on this post, in another couple of days. I will leave you with a diagram of a model architecture for now.

Sample block architecture for an enterprise system

Thanks for visiting my blog.
                                                 

Speaking Technically - My take on Aadhar System

Some time photos express better than 1000 words. So this is my attempt at creative art!