Aadhaar-issuing body UIDAI has finally announced a phased rollout of face recognition feature as an additional mode of authentication, starting with telecom service providers from September 15. The Authority had earlier planned to roll out face recognition feature from July 1, a target that was later pushed to August 1. It has also proposed a monetary disincentive for telcos found slipping on the prescribed targets from mid next month.
For authentication agencies other than telecom service providers (TSPs), UIDAI said specific instructions will be issued on implementation of face authentication feature, but did not give a fresh deadline. Significantly, the Unique Identification Authority of India (UIDAI) has further said ‘live face photo’ capture and its verification with the photo obtained in eKYC will be essential in those cases where Aadhaar is used for issuance of mobile SIMs. UIDAI says the move is aimed at curbing the possibility of fingerprint spoofing or cloning, and seeks to tighten the audit process and security around issuance and activation of mobile SIMs.
While Microsoft has been staunch supporter of Aadhaar, in July it stood up against facial recognition feature elsewhere. Microsoft’s official said, “Facial recognition technology raises issues that go to the heart of fundamental human rights protections like privacy and freedom of expression”. The company called upon thoughtful government regulation and for the development of norms around acceptable uses. However, the data protection law is still draft stage and there is no concrete law developed on facial recognition.
Furthermore, Amazon’s facial recognition algorithm matched 28 members of Congress to criminal mugshots in July. Microsoft pointed that using facial recognition techniques, a government can track everywhere you walked over the past month without your permission or knowledge. They added that the database of everyone who attended a political rally that constitutes the very essence of free speech. Mr Brad Smith, president at Microsoft said, “Imagine the stores of a shopping mall using facial recognition to share information with each other about each shelf that you browse and product you buy, without asking you first. This has long been the stuff of science fiction and popular movies — like Minority Report, Enemy of the State and even 1984 — but now it’s on the verge of becoming possible.”
Evidently use of facial recognition in law enforcement or surveillance could opens door for gross misconduct and exclusion. It may be recalled that in June this year, a Hyderabad-based mobile SIM card distributor had forged Aadhaar details for activating thousands of SIMs. “This instruction (for matching live face photo with eKYC photo) will apply only where Aadhaar is used for issuance of SIMs. As per Telecom Department’s instructions, if SIM is issued through other means without Aadhaar, then these instructions will not apply,” UIDAI CEO Ajay Bhushan Pandey said.
UIDAI has proposed a two-factor authentication for use of face recognition by telcos. Where an individual provides Aadhaar number, the authentication will be done using fingerprint or iris and face. For individuals providing Virtual ID, the authentication can be on basis of fingerprint or iris. UIDAI said in case where an individual is unable to authenticate fingerprint or iris, face authentication can be used as an additional mode, to make the system more inclusive.
“TSPs are hereby directed that with effect from September 15, 2018 at least 10 per cent of their total monthly authentication transactions shall be performed using face authentication in this manner. Any shortfall in transactions using face authentication would be charged at `0.20 per transaction,” said a UIDAI circular.
Pandey said this will ensure that telcos provide face capture facilities to customers who encounter difficulty in authentication due to worn out fingerprints. “Combination of live face with fingerprint in authentication will also enhance Aadhaar security as it will effectively curb fingerprint spoofing,” Pandey said.
The circular also states that after successful eKYC authentication, the telecom operators will also capture the live face photo (that is, not merely holding a still photo in front of a camera) of the individual, over and above the photo captured for face authentication. “It shall be the responsibility of the TSP that the live photo thus captured shall be verified at their backend system with the photo received in eKYC before activation of the SIM.
”The TSP shall store both the photos in its database for audit purpose…this process shall be followed for the eKYC performed for all the customers for issuance of SIM cards,” the circular said. Failure to comply, will invite a financial disincentive in line with the prescribed norms, the authority warned. “It has been noticed that due to non-readiness of few device providers, the various AUAs were not in a position to implement face authentication with effect from August 1, 2018.