wordpress blog stats
Connect with us

Hi, what are you looking for?

UIDAI adds Face Authentication and fresh set of issues with it

To address failures in fingerprint and iris authentication, the Unique Identification Authority of India (UIDAI) said that it will now introduce ‘Face Authentication’ on July 1st, 2018. CEO Ajay Bhushan Pandey said that this was being done address issues “elderly or others” faced, but the move would more likely hurt them instead.

Last week, security analyst Elliot Alderson pointed out flaws in the mAadhaar app and showed that the app stored a user’s eKYC data on the phone itself, this includes the Aadhaar Number, Name, address, photograph among others.  An individual’s photograph is classified as ‘biometric information’ under section 2(g) of the Aadhaar Act, 2016.

When the story broke, the UIDAI issued a false statement saying that the mAadhaar app does not capture, store or take any biometric inputs.

A circular from the UIDAI says that Face Identification will be only used in “Fusion Mode” and will need an additional form of authentication with a fingerprint scan, iris scan or one-time password. The agency also added that Face Identification will be provided to only certain AUAs (Authentication User Agencies ).

It also added that currently, the face photo is not enabled on the Aadhaar authentication API within the CIDR (Central Identities Data Repository) but it can be enabled. The circular also said that “since the photo is already present in the UIDAI database there is no need to capture any new reference data”.

The Face Identification will also have ‘liveness’ detection and can be used as an additional factor of authentication. Cameras on laptops and mobile phones can be used to make face capture for AUAs without the need for additional hardware.

Security and privacy issues

Face Identification poses a number of security and privacy problems from the start and could lead to fraud if implemented.

  • First, the UIDAI needs to understand that biometrics of a person will change with time. If the Aadhaar system is matching a person’s face to the photograph in the database, there are bound to be failures. Remember, the UIDAI started collecting information for its database in 2009 and people age over nine years.
  • Secondly, hackers claim that the broke Apple’s Face ID authentication within a week of the iPhone X launch. Bakv, a Vietnamese security firm, claimed that it was able to spoof Apple’s systems by building a mold and paper cutouts. Hackers could easily engineer a social hack with photographs of a target.
  • Third, ArsTechnica points out that Apple’s Face ID  captures additional facial features over time and uses them for authentication and make improvements. If the UIDAI implements this solution, this would mean that it would rely on constant surveillance on the Aadhaar holder to keep updating its database. Publically, the UIDAI has told the Supreme Court that the Aadhaar system cannot be used for surveillance. But documents from State Resident Data Hubs (SRDHs) show that they are building a 360-degree profile of residents. Note that Aadhaar Act specifically states that a 360-degree profile cannot be built using Aadhaar.
  • And finally, Facial recognition technology on existing consumer devices uses the same camera for capturing the reference image of the face and for authentication, something that will be very unlikely with the Aadhaar. Additionally, the most reliable (relatively speaking) facial recognition technology doesn’t just capture a two-dimensional image of the face but uses infrared emitters to map the shape of the face. The Aadhaar database only has two-dimensional images (very dimly lit in some cases) as a point of reference.

The UIDAI will have a conundrum if it implements Face Identification. The only way it can implement the solution effectively is by updating the database regularly by surveillance but will run contrary to its public stance on surveillance and the Aadhaar Act.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....


By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...


By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...


By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...


This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like


India has been witnessing a trend in the deployment of facial recognition technology for several purposes such as surveillance and more recently, in a...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ