Open Letter to the Finance Committee: Finance and Security
This note explores the three connections between finance and security and demonstrates the cost implications of operating a centrally designed identity management system as proposed by the UID. In doing so, it shows how the monitoring, storing, and securing of transactional data in a centralized database fall short of meeting the project's objectives of authentication, and thus is an additional cost. Further, it is argued that the blanket monitoring of the transaction database is not an effective method of detecting fraud, and is an expensive component of the project.
- Operating a centralized identity management system that requires the use of a remote database for every transaction is always more expensive than a decentralized identity management system that could optionally use a local database.
Centralized database costs
- Both public and private keys must be centrally stored
- All transactions require connectivity for the sending and receiving of authentication of data, and have an associated connectivity cost
- Securing all data at a central database has augmented costs
Decentralized database costs
- Only the public key must be centrally stored
- Some transactions require connectivity for the sending and receiving of authentication data
- The cost of building an identity management system that includes recording, monitoring, and securing each transaction is more than the cost of building only an identity authentication system. The goal of the project is to identify a person. Recording each transaction will add unnecessary cost.
Cost of identity authentication system |
|
Cost of monitoring transactions |
> Cost of identity authentication system |
Cost of securing transaction data |
|
- Increasing security or fighting fraud can be done in two ways - having a targeted approach or through blanket monitoring. The UID scheme, through the monitoring of the transaction database featuring trillions of transaction by 1.2 billion people is a blanket approach, and will provide lower return on investment than a targeted approach.