Monday, January 09, 2006

MAPIN is back; so let's get the privacy right

MAPIN is a database about individuals, which uses fingerprints to ensure that one individual cannot have multiple accounts. This makes possible interesting applications in the financial sector. For example, if a person is debarred from working in the securities industry for X years by the regulator, the database makes it possible to prevent him from resurfacing under a new identity. SEBI has begun by making MAPIN mandatory for a few people (board of directors), but the long-term goal is to have a large number of people in the system.

Many pillars of society have complained about being treated like common criminals, and having to supply fingerprints. There are also concerns about the safety and privacy of the data.

For a while, SEBI seemed to want to kill the MAPIN system, but they have changed their mind now and seem to be headed to restart MAPIN. Business Standard has an interesting editorial on the MAPIN database. They say that the system is required, in dealing with problems like insider trading and market manipulation. They show a host of questions that the citizen should worry about on questions of safety and privacy of data, and argue that while MAPIN is needed a concerted policy focus on privacy.

The questions they pose are:

  • If a private investigator could tap Amar Singh's Reliance telephone, what is to ensure privacy of the information with MAPIN?
  • Can computer-scanned thumbprints, obtained from MAPIN, be used to frame a person at a crime scene?
  • The Amar Singh case involved attack by a private individual. But very often, in India, the worst perpetrators in terms of violation of privacy are employees of the government. Is all MAPIN data available to the IT department?
  • Can the police query one record? Can the police run a search on the full database?

My understanding of the treatment of thumbprints is that scanned images of fingerprints are put through a feature-detection algorithm, and a compact vector of characteristics is stored in the system. Testing that two fingerprints are identical is then synonymous with testing whether the two vectors are close to each other. The actual scanned fingerprint is not stored. (And, it a person can be tricked to hold a glass of water, his fingerprints can be extracted from it).

The attacks on privacy can occur in two ways: based on policy and based on violations of policy.

Violation of policy would involve attacking NSDL computer systems, unethical employees at NSDL, etc. NSDL needs to comprehensively persuade the country that it is doing a good job of blocking attacks which are based on violations of policy.

Policy-based attacks can be where a policeman walks up to NSDL and asks for information. NSDL is only the agent of SEBI. So when a policeman walks up to NSDL and asks for information from MAPIN, NSDL needs an instruction in writing from SEBI to release the information. So the question of policy-based attacks goes one deeper: SEBI needs to write down a privacy policy for the securities settlement database and MAPIN; the Income Tax Department needs to write down a privacy policy for TIN, and so on.

3 comments:

  1. Two errors I must point out as a lawyer. NSDL is not an agent of the regulator (is ICICI an agent of the RBI?). Secondly, NSDL must comply with the request if the police has obtained a court order to that effect, Sebi does not enter the picture or need to give any permission (another example: will the courts ask RBI's permission before attaching a bank account).

    ReplyDelete
  2. In the limited context of MAPIN, NSDL is the agent of SEBI. NSDL has been contracted by SEBI to build the MAPIN database. The database belongs to SEBI. In the future, SEBI can take the database away from NSDL and recruit someone else to manage this data.

    ReplyDelete
  3. I've heard you talk about the MAPIN system in the risk meetings at NCDEX. I've found them to be interesting. But, wouldn't you agree that a unique identifier like the Social Security Number might be much more practical and easy to administer in the long run?

    ReplyDelete

Please note: Comments are moderated; I will delete comments that misbehave. The rules are as follows. Only civilised conversation is permitted on this blog. Criticising me is perfectly okay; uncivilised language is not. I delete any comment which is spam, has personal attacks against anyone, or uses foul language.