By Vritika Mathur
Amid the recent hearings on Aadhaar cases, the Unique Identification Authority of India (UIDAI) announced its decision to launch ‘Face ID’ as a means of authentication. This move is aimed at providing ease to individuals having trouble with the existing system of biometric authentication.
Multiple methods of Aadhaar authentication
Aadhaar is used for identity authentication across several platforms such as banks, income tax companies, telecom companies and has an average of four crore authentications done on a daily basis. Recently, the UIDAI CEO, Ajay Bhushan Pandey, gave a presentation before a five-judge constitution bench to counter all petitions challenging the validity of Aadhaar as well as to assure the panel about the data safety.
In a bid to explain the different modes of authentication, Mr Pandey highlighted Regulation Four of the Aadhaar (Authentication) Regulations of 2016. One of the methods would be comparing and verifying the demographic details provided by the Aadhaar holder such as name, date of birth and gender. All of the data needed is stored in the Central Identities Data Repository (CIDR).
Another would be a One Time Pin (OTP) based authentication that would be available only for a limited time. In this, a pin would be sent to the registered mobile number or email address of the holder. A third would be authentication through a combination of any two factors from biometrics, OTPs or demographics. In January 2018, the UIDAI announced the introduction of the face authentication feature as a means of verifying Aadhaar users. It would be available along with the already existing options of iris or fingerprint scans.
This would be done to help citizens who have trouble with biometric authentication, either owing to old age or worn out fingerprints due to handwork. The feature would be permitted only in a combination mode, which means that it will be allowed either with a fingerprint scan, an iris scan or an OTP to confirm Aadhaar details.
Face ID as a method
This feature is aimed to provide a more inclusive measure for authentication. It will counter the problems of several residents facing difficulty with fingerprint or iris authentication. This provision will only be available on a need basis. The UIDAI emphasised on the need for Authentication User Agencies (AUAs) to ensure inclusive authentication, when a single modality is not working for specific residents, applications need to enable face capture via the RD (Registered Device) service to capture face photo in addition to fingerprint/iris/OTP.
Facial recognition technology works by creating a face print or a numerical code by measuring distinguishable features such as jawlines, cheekbone shape, the distance between the eyes and so on. This helps improve the level of security and has a high accuracy rate. The UIDAI said that cameras will be available easily on laptops and mobiles to make the capture of facial features easy for AUAs without the need for more hardware. In addition to this, the UIDAI database already has face photos available thus reducing the need for new reference data.
On the other hand, biometrics are extremely risky as once a hacker impersonates a fingerprint, serious havoc can be created. While it does prove to be a convenient option, it is also hazardous and could result in identity theft or fraudulent transactions. There is always a risk of hackers and once hacked, it is difficult to recuperate again. For instance, fingerprints are difficult to change again as opposed to passwords.
When it comes to facial recognition, many hackers use methods in which they access a user’s photo through social media and use it to bypass security. They hold the photo in front of the camera in order for the recognition to take place. An additional feature such as liveliness detection could be added to help distinguish a photograph from a real person to increase security.
However, hackers could evade it by simply making a movement in front of the camera that could be interpreted as a facial movement. 3-D face scanning could help counter this but would require efforts and that too has loopholes. Finally, facial features are changeable, more so than any other form of biometric data, especially with age and thus contribute to becoming Face IDs most problematic factor.
The Aadhaar security
The UIDAI takes the entire process of securing citizen information very casually. Private enterprises manage the process and operate freely without supervision. These entities are not closed off from selling this information for commercial gains, which is the main reason behind widespread data leaks. Mr Pandey assured the panel and said that any breach that takes place happens at the other end and not the repository, as it is completely safe and unconnected from the Internet.
However, the panel of judges before whom this was presented highlighted the pending need for robust laws to curb these breaches. This exposing of data led to a bunch of petitions that challenged the constitutional validity of the Aadhaar scheme. The UIDAI infringes upon our fundamental right to privacy by releasing data without consent and opens up space for harassment, violence and discrimination.
At a time when Aadhaar is broiling under multiple issues, it is good to see the UIDAI attempting to come up with a solution. However, Face IDs are more problematic and will simply add to the mess. The UIDAI announced that facial recognition would be introduced from 1st July 2018. However, it must take into consideration the several shortfalls of this feature and work on providing a more airtight solution.