UIDAI announces phased rollout of face authentication with telcos from September 15
UIDAI has proposed a two-factor authentication for use of face recognition by telcos. Where an individual provides Aadhaar number, the authentication will be done using fingerprint or iris and face.Updated: Aug 19, 2018 00:09 IST
The UIDAI announced on Saturday a phased roll-out of face recognition as a way of carrying out Aadhaar authentication from September 15, confirming the implementation of a new mode meant to combat fraud that was initially set for July 1.
The UIDAI (Unique Identity Authority of India), the agency in charge of the Aadhaar programme, said telecom service providers (TSPs) will be the first to use face recognition to authenticate subscribers while issuing new SIM cards as an additional security layer.
“TSPs are hereby directed that with effect from September 15, 2018 at least 10 per cent of their total monthly authentication transactions shall be performed using face authentication in this manner,” said a UIDAI circular. “Any shortfall in transactions using face authentication would be charged at Rs 0.20 per transaction.”
As per the instructions, face authentication can be in addition to fingerprint or iris scans. UIDAI CEO Ajay Bhushan Pandey said facial authentication would ensure that telcos allow customers with worn out fingerprints to perform an Aadhaar-based authentication. Fingerprints wear out either with a person’s old age, or due to jobs such as heavy manual labour.
UIDAI also announced a new feature – ‘live face photo,’ which is a live feed of the person whose 12-digit unique number is submitted. The telco will have to capture this and ensure the person submitting the Aadhaar number really owns it.
“It shall be the responsibility of the TSP that the live photo thus captured shall be verified at their backend system with the photo received in eKYC (electronic know your customer) before activation of the SIM. The TSP shall store both the photos in its database for audit purpose...” the circular said.
The UIDAI said it would roll out face recognition to all agencies using Aadhaar for authentication in phases, and would issue specific instructions on its implementation, but did not give a timeline.
Experts, however, are not on board with this new idea. There are concerns regarding the sanctity of data UIDAI holds in its servers. “They have not certified a single biometric or demographic data they have with any of the Aadhaar numbers. Even the quality of pictures of most people is terrible. And they are asking people to just go and compare live feed with pictures in their database. That’s meaningless,” said Anupam Saraph, an e-governance expert for businesses and governments, and a former IT advisor to the chief minister of Goa, Manohar Parrikar.
Another expert was concerned with data protection. “Asking telcos to keep a copy of the live facial recognition is problematic, because what are the security norms they have to follow? It’s a major privacy concern. The fact that facial recognition is being implemented without a privacy law in place is deeply problematic,” Nikhil Pahwa, a digital rights activist, editor and publisher of MediaNama and co-founder of savetheinternet.in said. “In my opinion, this move of unilaterally forcing facial recognition should be challenged in court.”