By Dr Sanjib Pohit
Dr Sanjib Pohit is a Senior Fellow at the National Council of Applied Economic Research, New Delhi.
The discourse on making Aadhaar compulsory to avail a host of services (subsidised government services or else any other transaction such as banking, mobile, ticket booking, availing pension, property transaction, etc.) is getting murkier day by day. This article highlights two major lacunae of the Aadhaar system, arguing that there is danger in adopting the all-pervasive Aadhaar system for India.
Change in biometric data over the years
Up to this point, the focus on Aadhaar has been on universal coverage, namely allocating an Aadhaar number to residents. There is no discourse for repeat enrolment, i.e. re-mapping the biometric image of the same resident after a gap of few years. Thus, the Aadhaar authority implicitly assumes that biometric images (retina/fingerprint) do not change over the lifespan of an individual. Is this a valid argument? The answer is not a straightforward no. Although the fingerprints don’t change with age, it can get a little difficult to capture them in old people. This happens because the skin becomes less elastic with age and the patterns become less prominent, especially due to thickening of ridges and furrows in the finger. Thus for senior citizens, matching of biometric images could be tricky. Hence, senior citizens need to re-submit biometrics at frequent intervals (once a year) if he/she intends to live independently in India as an honest citizen! The way the world of Aadhaar is evolving, no one can access banking services without validating biometric image, nor can he/she use mobile service or avail pension.
Moreover, there are a lot of skin diseases that destroy the epidermis and the dermis layers of the skin. As a result, in such people, it becomes extremely difficult to identify their prints using fingerprint recognition systems. What would happen to those persons if Aadhaar is made compulsory for availing banking, mobile and other government-linked services?
It is also a fact that people who do manual work (such as in the construction industry) can have their fingerprints worn out over a period of time. This is important in the context of India as most of the workers do not wear any protective gear while undertaking such works. These are the people who are also most dependent on government enabled services at subsidised prices, which are increasingly being Aadhaar linked. Thus, they may be denied services for none of their faults. The general discourse by the officials is that so many crores of rupees have been saved due to linking of Aadhaar, while the truth may be that genuine beneficiaries are being removed due to faulty technology!
Duplication of biometric information
From the policy-makers as well as Aadhaar authority, we are given the impression that Aadhaar cannot be recreated by others and so the intended beneficiary can be uniquely targeted, unlike any other method. Thus, there is no danger even if Aadhaar is linked with banking accounts.
In real life, the Aadhaar based authentication basically involves matching any fingerprint with the same in the database. To misuse the system, and avail the benefits of Aadhaar enabled services or avail banking services, one, in principle, needs to recreate the biometric image of any fingerprint. Is it technologically possible?
The answer is yes, given the advancement in 3D printing. The 3D printing, also known as additive manufacturing (AM), refers to processes used to create a three-dimensional object in which layers of material are formed under computer control to create an object. The objects can be of almost any shape or geometry and are produced using digital model data from a 3D model or another electronic data sources. Presently, 3D printing is employed in industries including aerospace, architecture, automotive, defence, and medical replacements, among many others. It also finds application in custom fit accessories for athletes. The affordability and access to 3D printing technology imply that one can reproduce a custom-made 3D image of fingerprint for bad intention. Since custom made accessories by 3D printing is a norm for athletes, what prevent an unscrupulous person to put on accessories on a finger with the fingerprint image of another person?
Recreating a 3D image is not fiction, but a hard reality. According to a report in The Telegraph in July 2016, US police has cracked open a murder victim’s mobile phone by 3D printing the victim’s finger to gain access to their smartphone. Moreover, researchers at Japan’s National Institute of Informatics (NII) have found that peace sign selfies could let hackers copy one’s fingerprints. The fingerprints can be easily recreated from photos taken up to three metres away without the need for advanced technology. So long as the picture is clear and well-lit, prints can be mimicked.
Unlike passwords, biometrics cannot be easily changed, prompting fears over the safety of people’s personal data. Thus, an Aadhaar based payment mechanism or availing government services with biometric information being the sole security system is an idea that is fraught with danger. Incidentally among the three forms of biometric identity –face recognition, iris and fingerprint- a fingerprint is the one that can be easily re-created. India seems prefer using fingerprints simply because the price of the machine for verification is the safest. In the process, Indian citizens may have to pay a heavy price.
Featured Image Source: Pexels
Stay updated with all the insights.
Navigate news, 1 email day.
Subscribe to Qrius