The Indian government is yet to convincingly answer questions on the data safety of its biometric identity programme, Aadhaar. The country’s supreme court is hearing multiple appeals against the pervasive use of the unique identity.
However, that has not stopped the government from adding a questionable new verification feature.
In addition to biometric information, digital facial recognition will also be added for authentication of Aadhaar from July 01, Ajay Bhushan Pandey, CEO of the state-run Unique Identity Authority of India (UIDAI), told the country’s apex court in a presentation last week.
In January 2018, the UIDAI had announced that facial recognition for Aadhaar will be available “on need basis.” Currently, identities can be verified through a combination of two of three factors—fingerprints, an iris scan, and a one-time-password sent to the mobile phone linked with the Aadhaar number. Facial recognition, when implemented, can work as an additional, fail-safe layer for the digital verification process.
But can the technology used by enrolment centres adequately capture data for facial recognition?
Facial recognition technology maps an individual’s face mathematically and stores that data. Social media websites like Facebook and Snapchat have developed algorithms to identify faces in pictures. However, the technology used for security verification would need to be more sophisticated, said Kiran Jonnalagadda, a trustee at online freedom advocacy group Internet Freedom Foundation.
Currently, employees at Aadhaar enrolment centres typically take a single photograph of Aadhaar users with standard-quality web cameras at best. In order to implement facial recognition, the data collection employees will have to be trained to at least capture multiple photographs, and do a three-dimensional mapping of faces.
“Without (3-D mapping), it is not possible for a software to tell if it’s the same person. Because photograph-based matching will only tell you whether the eyes, nose, and mouth are in proportion to each other,” Jonnalagadda told Quartz.
Therefore, the entire process may have to be revamped.
“You can take a web-cam and do this. But the process and the software must be changed. And the process itself is very expensive,” Jonnalagadda said.
Meanwhile, the UIDAI had earlier indicated that existing photographs would do for facial recognition verification. “Since face photo is already available in UIDAI database there is no need to capture any new reference data at UIDAI Central Identities Data Repository,” the UIDAI had said in January.
Experts, however, say that the use of existing infrastructure for facial recognition would make the system extremely vulnerable to data theft. Without proper 3-D mapping, photographs of individuals can be used to easily circumvent facial verification, said Vikramaditya Singh, a supreme court advocate involved in one of the cases against Aadhaar. “Facial recognition…can be easily mimicked by photographs,” he said.
The UIDAI is yet to respond to queries raised by Quartz on how the technology will work.