wordpress blog stats
Connect with us

Hi, what are you looking for?

Telcos to use facial authentication for Aadhaar KYC from next month

The UIDAI has announced a phased rollout of facial recognition for Aadhaar starting with telecom companies from 15 September, reports The Financial Express. Telecom companies can now use this as one of the methods for user authentication. Companies which miss the prescribed targets of 15 September may face a monetary disincentive. Additionally, if a telco wants to issue a SIM card providing Aadhaar as one of their identification documents, it will need to take a live photo for its eKYC verification.

“TSPs are hereby directed that with effect from September 15, 2018 at least 10 per cent of their total monthly authentication transactions shall be performed using face authentication in this manner. Any shortfall in transactions using face authentication would be charged at Rs 0.20 per transaction,” said a UIDAI circular, according to an Economic Times report.

Facial recognition was originally announced for rollout in July to address the failures in fingerprint and iris authentication, but was later pushed to 1 August. UIDAI and its CEO Ajay Bhushan Pandey have maintained that facial authentication will be used as an additional form of authentication to “help all elderly or others facing issues with fingerprint authentication”. An earlier circular from  the UIDAI on the launch of facial authentication said that Face Identification will be only used in “Fusion Mode” and will need an additional form of authentication with a fingerprint scan, iris scan or one-time password. ‘Fusion mode’ implies that face authentication will always be combined with either fingerprint or iris authentication. The agency also added that Face Identification will be provided to only certain AUAs (Authentication User Agencies).

Why facial recognition is worrying

1. First, a person’s face changes over time at different ages, and very significantly during adolescence. When Aadhaar enrolment began in 2009, it was collecting biometric information (including photograph) of children aged over nine. If an AUA tries to verify a person’s face with an outdated photograph, it will inevitably run into authentication failures.

2. Secondly, hackers claim that they broke Apple’s Face ID authentication within a week of the iPhone X launch. Bakv, a Vietnamese security firm, claimed that it was able to spoof Apple’s systems by building a mould and paper cutouts. Hackers could easily engineer a social hack with photographs of a target.

Advertisement. Scroll to continue reading.

3. Third, ArsTechnica pointed out that Apple’s Face ID captures additional facial features over time and uses them for authentication and to make improvements. If the UIDAI follows this example, it would imply constant surveillance over the Aadhaar holder to keep updating its database. Note that publicly, the UIDAI has told the Supreme Court that the Aadhaar system cannot be used for surveillance. In fact, the UIDAI has safeguards built into the law and its systems to ensure that the government cannot use Aadhaar for surveillance even if a court were to permit them. But documents from State Resident Data Hubs (SRDHs) show that they are building a 360-degree profile of residents. The Aadhaar Act specifically states that a 360-degree profile cannot be built using Aadhaar.

4. Finally, Facial recognition technology on existing consumer devices uses the same camera for capturing the reference image of the face and for authentication, something that will be very unlikely with Aadhaar. Additionally, the most reliable (relatively speaking) facial recognition technology, say Apple Face ID is far more advanced than the technology the UIDAI banks upon. The iPhone captures a 3D image of the user’s face with infrared emitters. The UIDAI will rely on 2D images, shot years ago in some cases and in poorly lit conditions. It is bound to fail authentications.

Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create a repository of non-personal data?


A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'


India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data


Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ