Business Today

Aadhaar safety: UIDAI's latest security feature, face authentication, to begin from July 1

The new measure shall only be allowed in fusion mode along with one more authentication factor, be it fingerprints, iris scan or OTP. | January 16, 2018 | Updated 12:10 IST
Aadhaar safety: UIDAI's latest security feature, face authentication, to begin from July 1

Earlier this morning Ajay Bhushan Pandey, CEO of the Unique Identification Authority of India (UIDAI) tweeted, "UIDAI introduces yet another landmark technology for authentication - Face Authentication. #AadhaarFaceAuth will help all elderly or others facing issues with fingerprint authentication. Service to be launched by 1 July 2018."

So what is this new face authentication system? It's basically your photograph. A big grouse against the biometric data currently required to get an Aadhaar card is that it inconvenienced the elderly with fading fingerprints and ageing irises as well as leprosy patients. According to the National Leprosy Eradication Programme's annual report for 2016-17, there were 88,166 leprosy cases on record as on April 1, 2017 and India, reportedly, remains home to 57 per cent of the world's leprosy patients. Even if only a fraction of these patients have lost their limbs and eyesight to the debilitating disease, a significant number of Indians were being excluded from the Aadhaar umbrella. It would pose a huge problem for them come March 31, the deadline for mandatory Aadhaar-linkages to bank accounts, PAN cards, mobile SIM cards, insurance policies and sundry government welfare schemes. Hence, facial authentication comes in as a second layer of verification to ensure that those having difficulty with their fingerprints/iris authentication are no longer excluded.

Moreover, since residents are already photographed at the time of Aadhaar enrolment, this new measure does not require any additional effort from existing Aadhaar holders. "Since the photograph is already available in the UIDAI database, there is no need to capture any new reference data for the Central Identities Data Repository," said a circular released today by UIDAI, adding that, "Camera is now pervasively available on laptops and mobiles making the face capture easily feasible for authentication user agencies (AUAs) without needing any additional hardware."

However, the circular specifies that this new measure shall only be allowed in "fusion mode along with one more authentication factor", be it fingerprints, iris scan or OTP (one-time-password).

UIDAI will work with biometric device providers to integrate facial modality into the certified registered devices and may also provide standalone registered device service as required by the ecosystem. UIDAI will also provide face capture software development kits to AUAs. The body hopes to release necessary implementation details by March 1.

This new move by the UIDAI comes just five days after introducing a new two-layer security system comprising Virtual IDs and Limited KYC to protect Aadhaar cardholders. To remind you, VID is a temporary, 16-digit, randomly-generated number that an Aadhaar holder can use for authentication or KYC services along with his/her fingerprint in lieu of the Aadhaar number. On the other hand, under limited KYC, a majority of AUAs will neither get access to full KYC of an individual, nor will they be able to store the Aadhaar number on their systems. Instead, they will get a tokenised number issued by UIDAI to identify their customers.

These measures have already been rejected by opposition party members and some sections of the public as ideas too late in arriving. After all, as of last month, close to 14 crore out of about 30 crore Permanent Account Numbers had already been linked to Aadhaar and 70% of the estimated 100 crore bank accounts had been seeded. This will be the case for insurance policies as well as all government-sponsored welfare schemes and services since the Supreme Court ruling to extend the deadline for mandatory Aadhaar linking came just a fortnight before the government's December 31 deadline. Besides, in the absence of a legal mandate to delete all previously collected Aadhaar data, AUAs can very well choose to retain it on their servers, leaving it open to any number of security breaches in the future.  

Will UIDAI's new facial recognition gambit woo detractors? Only time will tell, but if Apple's experience with facial recognition technology is anything to go by, all it takes to fool the system are 3D printed masks or a strong familial resemblance.


  • Print
A    A   A