Telcos to provide face authentication from Sept 15: UIDAI
NEWDELHI:THE Unique Identification Authority of India (UIDAI) announced on Saturday a phased rollout of face recognition as a way of carrying out Aadhaar authentication from September 15, confirming the implementation of a new method of combating fraud that was initially set for July 1. The move raised privacy and data protection concerns.
UIDAI, the agency that oversees the Aadhaar unique identity programme, said telecom service providers (TSPS) will be the first to use face recognition to authenticate subscribers while issuing new SIM cards as an additional security layer.
“TSPS are hereby directed that with effect from September 15, 2018 at least 10 per cent of their total monthly authentication transactions shall be performed using face authentication in this manner,” said a UIDAI circular.
“Any shortfall in transactions using face authentication would be charged at ~0.20 per transaction,” the circular added.
As per the instructions, face authentication can be in addition to fingerprint or iris scans. UIDAI CEO Ajay Bhushan Pandey said facial authentication would ensure that telcos allow customers with worn out fingerprints to perform an Aadhaar-based authentication.
Fingerprints wear out either with a person’s old age, or due to performance of jobs such as heavy manual labour.
UIDAI also announced a new feature – ‘live face photo’ -- which is a live feed of the person whose 12-digit unique number is submitted. The telco will have to capture this and ensure the person submitting the Aadhaar number really owns it.
“It shall be the responsibility of the TSP that the live photo thus captured shall be verified at their backend system with the photo received in EKYC (electronic know your customer) before activation of the SIM. The TSP shall store both the photos in its database for audit purpose...” it said.
The UIDAI said it would roll out face recognition to all agencies using Aadhaar for authentication in phases, and would issue specific instructions on its implementation, but did not give a timeline.
Experts, however, are not on board with this idea. There are concerns regarding the sanctity of data UIDAI holds in its servers.
“They have not certified a single biometric or demographic data they have with any of the Aadhaar numbers. Even the quality of pictures of most people is terrible. And they are asking people to just go and compare live feed with pictures in their database. That’s meaningless,” said Anupam Saraph, an e-governance expert for businesses and governments, and a former IT advisor to the chief minister of Goa, Manohar Parrikar.
Another expert was concerned with data protection.
“Asking telcos to keep a copy of the live facial recognition is problematic, because what are the security norms they have to follow? It’s a major privacy concern. The fact that facial recognition is being implemented without a privacy law in place is deeply problematic,” according to Nikhil Pahwa, a digital rights activist, editor and publisher of Medianama and co-founder of savetheinternet.in. “In my opinion, this move of unilaterally forcing facial recognition should be challenged in court.”