Aadhaar: Unique Number, Fingerprints, Iris Scan, and Now Facial Recognition: UIDAI Experiments Continue
Each time doubts are raised about the authenticity of Aadhaar, the Unique Identification Authority of India (UIDAI) comes out with some new gimmick. For example, when there were issues with its 'unique number' claim, UIDAI quickly added fingerprints to it. This was followed by iris scan. The latest in this 'search for uniqueness' is facial recognition of Aadhaar number-holders. Unfortunately, like its earlier experiments with fingerprints, and iris scans, the failure of facial recognition through ‘live face photo capture’ too is most likely to give way to something new, perhaps DNA profiling. This also means that UIDAI will continue to splurge taxpayers’ money on its experiments in search of really unique identification (UID).
 
While there is no official notification or circular by UIDAI, it published a news report from Asian Age on its website, which says “Face recognition feature to be rolled out Sept. 15: UIDAI”. In the report, UIDAI has been quoted as saying, “…‘live face photo’ capture and its verification with the photo obtained in e-know-your-customer (eKYC) will be essential in those cases where Aadhaar is used for issuance of mobile SIMs.” According to the report, unmindful of the directions from the Supreme Court, UIDAI has “finally announced a phased rollout of face recognition feature as an additional mode of authentication, starting with telecom service providers from 15th September.”
 
Earlier, on 13 March 2018, the apex court had extended the deadline to link Aadhaar to various services, including bank accounts and mobile numbers, until the disposal of the matter by the Court. Chief Justice, Dipak Misra, also clarified that the deadline had been extended covering all the fields, including telecom. The extension of deadline, however, does not apply to the benefits, subsidies and services under Section 7 of the Aadhaar Act. In other words, what UIDAI is trying to achieve through its ‘facial recognition’ feature is to cover up the lacunae in its ‘authentication’ system, if any.  
 
Earlier, talking about success rates of biometric authentication, Ajay Bhushan Pandey, chief executive officer (CEO) of UIDAI had told the Supreme Court that, for government systems, the success rate was 88%; for banks it was 95%; and for telecom it was 97%. "It is lower for government because vested interests are spreading misinformation and the media is helping them," he had alleged.
 
The documents submitted by Mr Pandey, however, showed a different picture about Aadhaar authentication. Without disclosing the sample size, the UIDAI CEO informed the five-judge Constitutional Bench that the UIDAI had conducted a ‘proof of concept’ where they visited senior citizens in their homes and found 83% success rates for finger prints and 90% for iris scans. Mr Pandey also said that the UIDAI has now developed face recognition technology, which is even more accurate and will be rolled out soon. It is another matter whether even 90% success rate is enough in time-critical situations like admission to hospitals or boarding an airline! 
 
Replying to other query from Justice DY Chandrachud, on whether UIDAI knew if denial of service was happening or only it was limited only to authentication failure, Mr Pandey, had said, “No. But, UIDAI constantly advise (sic) ministries that on the ground there will be exclusion if they solely depend on Aadhaar authentication. Which is why in law, they made exceptions and that any official not obeying and denying services would be taken a strong view of."
 
The biometric information being collected by UIDAI comprises facial photographs of the individual, all 10 fingerprints and a scan of both irises. UIDAI has been creating a vast data bank containing this personal information. However, it is not just UIDAI that has created such huge database on residents on India. Everyone, who is either a registrar or an agency associated with UIDAI, has created their own set of Aadhaar database. This includes government ministries and departments which, over the years, are coming out as being too careless as they have been publishing Aadhaar-holders’ data on the Internet. 
 
As pointed out by senior advocate Shyam Divan in his article, “The Prime Minister’s Fingerprints: Aadhaar and the Garrotting of Civil Liberties”, the procedure adopted by UIDAI is so casual that it borders on irresponsible. “Briefly, the entire process at the field level is in the hands of private enterprises known as enrollers who operate freely without any government supervision. The threshold qualifications for an enrolment agency are so low that not one of them is a recognisable name.  They comprise an assortment of trusts, societies, proprietary concerns, partnerships and what have you. The biometric information of each enrolee – that set of valuable parameters that we ought to most fiercely guard—is spirited out by filling out a form.
 
The biometrics are initially stored and collected in private hands before it is (sic) transmitted to the UIDAI Central ID Repository (CIDR) via memory stick or courier or by direct uploading. The UIDAI has no privity (sic) with the enrolling agencies. The loose framework of relationships linking UIDAI to the collection of biometric data is through MoUs with state governments or departments known as registrars. It is these registrars who engage private sector enrolment agencies," Mr Divan had said.
 
Yet, UIDAI continued to collect biometric data on residents. It also continues with its experiments for its so-called verification and authentication. However, as pointed out by Dr Anupam Saraph, an expert in governance of complex systems, and confirmed through information obtained under Right to Information (RTI) Act, UIDAI does not acknowledge, certify or take responsibility for the identification of any person. In an article published in Sunday Guardian, he says, “They (UIDAI) cannot. They know that a match of the biometric or photograph associated with an Aadhaar number to one being submitted for authentication does not identify anyone. Just as your username and password to your email account does not identify you. Just as the key that opens the lock to a door does not identify you.
 
“Identification is a responsible process. It requires someone to take responsibility of identification. To take responsibility it requires the person identifying another to be co-present. Co-presence confirms that the identified person is real and not mere photographic, video-graphic or biometric data. It confirms the identified person is there in their own free will. It causes the person undertaking the responsibility for identification to confirm satisfactory identification for the transaction for which the identification was undertaken. In order to identify a person using an official document (like the passport, driver’s licence or election ID), the official document has to acknowledge or certify that the data captured on the official document is genuine and belongs to the person who it claims to belong. The UIDAI does not take any responsibility of identification. It is not co-present with the person being identified. It does not and cannot confirm whether a real person was present and not their photographic, video-graphic or biometric data,” Dr Saraph added.
 
Since many experts have already pointed out how biometrics, like fingerprints, and iris scan failures, I will not talk about it here. However, let us look at the latest 'tech salvo', the facial recognition offered by UIDAI. 
 
At present, UIDAI has an image of the Aadhaar-holder captured by a camera (mostly webcams) linked to the PC (personal computer) or laptop at the registrant's desk. These cameras capture image of the Aadhaar-holder, which are not of a high resolution. Plus, there are other factors like poor light on face, which will hamper the quality of the photograph or the captured image. And this is where the main problem lies. 
 
Facial recognition is now becoming popular, mainly due to introduction of FaceID by Apple for its iPhone 8 and iPhone X. But then Apple uses an extremely sophisticated technology, both in terms of camera and the processing chip in the mobile. 
 
For FaceID, Apple uses TrueDepth camera for facial mapping. The FaceID projects and analyses more than 30,000 invisible dots to create a precise depth map or 3-D image of the user’s face. Apple used every trick in the book to train its A11 bionic chips to prevent any misuse. This includes using masks and make-ups, or high-quality photos and videos that were created by professionals. There is one more technology, evil twins, where there is always a one in 50,000 chance of matching a stranger’s fingerprint with the user’s to unlock the device. However, this matching ratio drops to 1 in 1 million with FaceID. That means, even with evil twin, there may be only two identical face maps in every 1 million faces. (Read: Apple FaceID)
 
Now try comparing Apple's FaceID technology (including TrueDepth camera and chip) and UIDAI's facial recognition through the image captured at the time of registration or updating. 
 
“The trust quotient with Aadhaar is falling,” says an editorial from the Times of India, adding, "Earlier, we were told fingerprints are almost foolproof but then iris scanners were introduced. Goalposts keep changing all the time. Or is it Aadhaar that is floundering?" 
 
In rural India, the villagers say when you give a hammer to a blacksmith, he or she will only think in terms of nailing something. The only difference is that here it is the human body, which is being nailed. If you only have a hammer, you tend to see every problem as a nail. If biometric technologies are at hand, UIDAI, under the influence of technology, continues to see every problem only as an identification problem. 
 
A paper from UIDAI titled “Role of Biometric Technology in Aadhaar Authentication” had stated, “Of the three modes, fingerprint biometric happens to be the most mature biometric technology in terms of usage, extraction/ matching algorithms, standardisation as well as availability of various types of fingerprint capture devices. Iris authentication is a fast-emerging technology which can further improve Aadhaar authentication accuracy and be more inclusive.”
 
This paper explains, “Authentication answers the question ‘are you who you say you are'..” This is done using different factors like, what you know—user ID/password, PIN, and mother’s maiden name, what you have—a card, a device such as a dongle, and mobile phone and what you are—a person’s biometric markers such as fingerprint, iris and voice. The ‘what you are’ biometric modes captured during Aadhaar enrolment are fingerprint, iris and face. It is noteworthy that this paper refers to biometric markers like ‘fingerprint, iris, and voice, etc’ revealing that after fingerprint and iris, ‘voice’ print is also on the radar and its reference to ‘etc’ includes DNA prints as well. 
 
Such absolute faith in biometric technology is based on a misplaced assumption that there are parts of human body that do not age, wither and decay with the passage of time. Basic research on whether or not unique biological characteristics of human beings are reliable under all circumstances of life is largely conspicuous by their absence in India and even elsewhere.
 
However, UIDAI seems to have taken the facial recognition route instead of directly going to DNA. While, for a common user, this is one more ‘gimmick’, for UIDAI and its partners, including registrars, this is one more opportunity to make money. Remember, even for updating your mobile number or address, you are required to pay a certain amount of money. In short, Aadhaar-holders need to cough up more money now for this new gimmick of ‘facial recognition’.  
 
You may also want to read...
 
 
 
 
 
 
 
Like this story? Get our top stories by email.

User

Aadhaar Is a Mass Surveillance Tool and There Should Be Criminal Penalty for Its Misuse, Says Edward Snowden
Labelling Aadhaar as mass surveillance tool created by Unique Identification Authority of India (UIDAI) and supported by those in power for political benefits, globally known whistleblower Edward Snowden has warned that due to linking the UID with everything, Indians could face a civil death.
 
He also recommended criminal penalty, including jail, for anyone demanding Aadhaar for providing a service that is unrelated with social benefits from the government. 
 
Speaking at the fifth edition of ‘Talk Journalism’ in Jaipur via video conferencing on 11 August 2018, Mr  Snowden, who exposed mass surveillance programmes run by the US government, intelligence agencies and big corporations, warned about excessive abuse and privacy violation through demanding Aadhaar for everything by the government and private players. 
 
“You will be tracked, monitored, and recorded in a hundred different ways and not just by UIDAI, but by the Aadhaar number they created that is being used by every other company and every other group in society,” Mr Snowden said.
 
 
"There should be a criminal penalty on those seeking Aadhaar number for providing any service and they should be sent to jail, if required, for this crime. It has become so vulnerable that if you search a number on the internet, you will get all information of a person," Mr Snowden said while referring to the RS Sharma Aadhaar exposure episode. 
 
Moments after RS Sharma, chairman of Telecom Regulatory Authority of India (TRAI), shared his Aadhaar number on Twitter with a challenge to 'harm him' on 28 July 2018, several people revealed his personal information, like permanent account number (PAN), his date of birth, mobile numbers, and residential address. Some even claimed to have created a profile on e-shopping sites using these credentials. (Read: Aadhaar: TRAI chief RS Sharma's challenge boomeranged as his personal info gets disclosed)
 
Snowden feels Aadhaar should be used only for social benefit from the government and not for any other service from the government as well as private players. "The biggest crime behind this system is that it is being used for things that are unrelated to what the Government is paying for. To open a bank account, to buy a train ticket, or for more and more services they are demanding not just the number but physical (biometric) verification of your ID card. All these players and corporates have 100 ways of monitoring and abusing your privacy through this system," he added.
 
Commenting on how the UIDAI phone number landed on all Android phones in the country, Snowden raised questions on user rights and privacy in India. A few days ago, millions of Android phone users found UIDAI helpline number 1800-300-1947 in their contact list. While UIDAI tried to distance itself from the helpline number controversy, Google took the blame. It stated, in 2014, the UIDAI helpline number was 'inadvertently coded' in Android release given to original equipment manufacturers (OEMs) or mobile makers.
 
Mr Snowden, however, expressed concern over this explanation from Google and overall the episode where a number was 'pushed' in mobile phones without the knowledge or explicit consent from the user. He said, “Google has about 95% or so market share in India, which is extraordinary. Almost everyone in India uses an Android phone. When you have that kind of position, it is very difficult to make a change that affects the mobile phone of every user in the country and yet somehow, they managed to push this phone number to everybody.”
 
"UIDAI should make people aware of how Aadhaar can be misused instead of transferring the blame on Google and pretending not to have any knowledge of the fact. The number of things they (UIDAI) always say is that their data is safe, their biometrics are secure. The idea is not that you can go on the internet and access anyone’s Aadhaar information directly, but that it is being leaked all over the place. There is an unrelenting train of scandals about Aadhaar, and they should respond to this in a reasonable way. They should be addressing the criticism and reforming the system instead of saying any criticism of us is illegitimate, it is scare-mongering,” he added.
 
The global whistleblower, who heads FreedomofPress, also talked about the importance of having free press in a democracy. He said, Rachana Khaira, the journalist from The Tribune, who was able to buy access to Aadhaar system and thus to personal details for just Rs500, deserves an award and not police complaints.
   
There are several people, especially youngsters, who freely share every bit and piece of information with others, without understanding their right to privacy or its implications. One of the reasons could be the statements from the government to not to worry about privacy, data security and rights. "Where did that argument originate from? The answer is from Nazi Germany. But in a free society this should be the opposite. You do not need to explain why you have a right. You do not need to explain why your personal data is valuable or why you need your privacy," Snowden said. 
Like this story? Get our top stories by email.

User

COMMENTS

Parthasarathy J

9 months ago

Utter nonsense....

Aadhaar Data Breach: HC seeks Centre's Response
The Delhi High Court, on Tuesday, asked the Centre and the Unique Identification Authority of India (UIDAI) to file a response on the plea seeking exemplary damages for the losses caused due to leakage of Aadhaar data.
 
A bench of Justice S Ravindra Bhat and Justice AK Chawla asked the Centre and UIDAI to file response within six weeks and listed the matter for further hearing on 19th November.
 
The Court was hearing a plea filed by Shamnad Basheer through advocate Siddharth Aggarwal alleging that the dissemination of personal information of Aadhaar-holders made it clear that government is responsible for any breach of right to privacy.
 
The petitioner has said his constitutional rights have been breached due to the negligence of UIDAI.
 
Citing top court's judgement, the petitioner said that when the State violates the constitutional rights of a citizen, courts may award compensation.
 
He also said that his petition is very different from the other proceedings in the Supreme Court as he is seeking claim to damages due to breach of data.
 
Mr Basheer has also requested the Court to appoint an independent committee comprising multiple experts to investigate the scope, extent of breaches and the magnitude of harm caused due to data leak.
 
He has also sought direction to release information on the number of data breaches which have taken place since the inception of the Aadhaar scheme and the steps taken by the government towards remedying and rectifying their security practices after the breaches.
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.
 
Like this story? Get our top stories by email.

User

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

online financial advisory
Pathbreakers
Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
online financia advisory
The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Online Magazine
Fiercely independent and pro-consumer information on personal finance
financial magazines online
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
financial magazines in india
MAS: Complete Online Financial Advisory
(Includes Moneylife Online Magazine)