The Unique Identification Authority of India (UIDAI) is taking the Aadhaar authentication process up a notch by mandating the use of face recognition for services such as the issuance of mobile SIM, banking services, public distribution system dole-outs, and marking of office attendance at government offices.
This feature will be added to the existing authentication process, which uses an individual’s fingerprints or iris scan. The measure will be implemented in phases, with stringent punishment for those who violate the mandate. The UIDAI will treat violation as a criminal offence, punishable with imprisonment and/or a fine under sections 42 and 44 of the Aadhaar Act, 2016, a TOI report cited sources as saying.
Confirming the move, UIDAI CEO Ajay Bhushan Pandey was cited as saying: “There have been numerous instances where people have been excluded from Aadhaar authentication as their fingerprints are worn out due to old age, or since they are involved in manual labour or agriculture. The use of facial recognition will help include such people in the Aadhaar authentication process.”
The measure is aimed at strengthening the security around Aadhaar. The UIDAI has been facing criticism from its opponents and many other quarters over Aadhaar security breaches. Various categories of stakeholders have pointed out the vulnerabilities in the system even as a legal dispute is currently ongoing in the Supreme Court on whether Aadhaar should be made mandatory, especially for essential services.
The last couple of weeks have been not great for the UIDAI with the authentication agency being involved in bitter public spats, often fought on Twitter, over safety concerns.
Pandey, who said that the aim of the move was to make Aadhaar more inclusive, also added that the measure would be rolled out in a phased manner and it would be first directed at providers of SIM cards of telecom companies.
Related Article: UIDAI To Finally Roll Out Face Recognition Feature
Telecom companies have already been instructed to carry out at least 10% of their total monthly authentication transactions via facial recognition with effect from September 15. Failure to do so will result in a penalty of 20 paise per transaction (it’s not clear at present what percentage of the transaction value will this charge comprise).
“Face authentication is the latest technology and provides added security. After we hit 10% of authentication transactions, we will have a review of any possible shortfalls that we notice in the system or processes. Thereafter, we will expand, within telecom and also to other service areas where separate instructions shall be issued regarding the implementation of face recognition,” the UIDAI CEO said.
How The Facial Recognition System Works
It is pretty simple actually. When a person seeks authentication based on his/her Aadhaar, the authorised machine or device being used for the purpose will also capture a photograph of the individual’s face.
After that, the photo, along with the fingerprint or iris scan of the individual, will be sent to the UIDAI. The authentication authority will then verify the details from its database and confirm the authenticity of the individual based on his/her biometrics.
“Since face photo is already available in UIDAI database, there is no need to capture any new reference data,” said the June circular of the UIDAI, adding “camera is pervasively available on laptops and mobiles, making the face capture feasible for AUAs without requiring additional hardware.”
“Even if someone grows a beard, there will not be any issue in identifying his face with the picture that was originally submitted with us. We have sophisticated mechanisms. The whole idea is to provide convenience and additional security to the users,” the UIDAI CEO said.
Aadhaar Authentication? Smile Please
The original UIDAI circular on the matter, issued on January 15, sought integration of the facial recognition feature in the Aadhaar authentication system from July 1. The deadline was later extended to August 1, after which it was finally decided that it would be best to roll out the move in a phased manner “due to non-readiness of few device providers” to provide machines that have a face recognition feature.
It isn’t clear at this moment as to what exactly the above hiccup was and how it has been resolved, but the UIDAI moving forward with implementing the measure is an indication of the fact that it believes sufficient devices of this nature are ready.
It is important to draw a distinction here between this measure and the issue of privacy and safety of user data, which is one the key talking points in the Aadhaar debate. This measure is not related to the privacy issue as far as the government is concerned.
But the fight between the proponents and naysayers of Aadhaar is a battle of public perception and, were this measure to succeed, it could assuage many doubts doing the rounds about the reliability of the service, which is what the UIDAI says Aadhaar is best at.
This is also the first time facial recognition will be used in such a big way in India, and this could be a valuable use case (good or bad) for various organisations and stakeholders. Many latest technologies in artificial intelligence and consumer technology such as Apple’s iPhone X and Vivo use facial recognition, with the phone brands making this one of the key selling points in their advertisements.
The learnings from the Aadhaar use case could be key for Indian startups and companies looking to leverage facial recognition technology in the way Reliance Jio did with Aadhaar. According to a report, the global facial recognition market (yes, there is one) is estimated to reach USD 9.78 Bn by 2023 at a CAGR of 16.81% during the forecast period.
While the move is aimed at securing the Aadhar system from frauds and is also in line with the government’s quest to make Aadhaar the undisputed authentication ID for Indians, it is unlikely to quell the security debate. And given the fact that implementing the feature is heavily device dependent, the government will have to ensure it has its technology infrastructure down pat if it wants to avoid further security breaches and debacles.