To address failures in fingerprint and iris authentication, the Unique Identification Authority of India (UIDAI) said that it will now introduce 'Face Authentication' on July 1st, 2018. CEO Ajay Bhushan Pandey said that this was being done address issues "elderly or others" faced, but the move would more likely hurt them instead. @UIDAI introduces yet another landmark technology for authentication - Face Authentication. #AadhaarFaceAuth will help all elderly or others facing issues with fingerprint authentication. Service to be launched by 1 July 2018. — CEO UIDAI (@ceo_uidai) January 15, 2018 Last week, security analyst Elliot Alderson pointed out flaws in the mAadhaar app and showed that the app stored a user’s eKYC data on the phone itself, this includes the Aadhaar Number, Name, address, photograph among others. An individual’s photograph is classified as ‘biometric information’ under section 2(g) of the Aadhaar Act, 2016. When the story broke, the UIDAI issued a false statement saying that the mAadhaar app does not capture, store or take any biometric inputs. mAadhaar uses a local db to store the user preferences on the user's device. This data is application preferences as created by user on his/her phone. The app does not capture, store or take any biometric inputs. So question of biometrics being compromised does not arise. — Aadhaar (@UIDAI) January 11, 2018 A circular from the UIDAI says that Face Identification will be only used in "Fusion Mode" and will need an additional form of authentication with a fingerprint scan, iris scan or one-time password. The agency also added…
