advertisement
In addition to the disturbing news that Aadhaar-based biometric authentication for government services fails 12% of the time, the documents submitted by UIDAI CEO Ajay Bhushan Pandey to the Supreme Court of India include another revelation that seems counter-productive for the authority — that nearly one out of five attempts to authenticate Pandey’s Aadhaar details have failed.
Twenty-six authentication attempts were logged with the UIDAI during this time period, one from a telecom company, eight from two different banks, and the remaining 17 relating to UIDAI EKYC, internal monitoring, and services. Five of these attempts resulted in failure, which amounts to 19.2% of all attempts during this period.
Too caught up to read the whole story? Listen to it instead:
Interestingly, of these 26 attempts, only one was made using the biometric authentication mode (which has been trumpeted as the flagship feature of Aadhaar by Pandey). This request, from a private sector bank, resulted in failure with error code 330. According to the UIDAI’s website, the description for this error code is “Biometrics locked by Aadhaar holder.”
The irony of the UIDAI CEO locking his own biometrics – which means they cannot be used for Aadhaar authentication – will not be lost on anyone. The petitioners challenging the constitutionality of Aadhaar have raised many concerns about the biometric aspect of Aadhaar, both in terms of its violation of privacy, as well as the risk of exclusion from benefits as a result of biometric mismatch. This risk, they claim, will only increase as more and more biometric details are added to the system and authentication attempts made, since this increases the chance of false positive results during verification.
The UIDAI claims that this isn’t an issue since alternative forms of authentication or verification can be used instead, and that the biometric authentication success rate has been improving for banks (it is 95.1% for 2017 and 2018). Pandey did not attempt to use an alternative mode of authentication for whatever transaction he was attempting to do there, and no other authentication requests were made by that bank.
The other four failures all took place on the same day, in relation to authentication requests from the other private sector bank. This means that five out of eight attempts to authenticate Pandey’s Aadhaar details for banking transactions/KYC failed. This is obviously a far cry from the UIDAI figures.
These attempts were made using the OTP mode (used for 25 of the 26 attempts). All seven authentication requests from this bank were made in the space of 1 minute 51 seconds. Three attempts were successful, four unsuccessful with error code 400. The description for this error code is “OTP validation failed”.
It would also seem strange for this to be the reason for the failures since there are multiple failed attempts in such a small space of time (and some successful ones). Regardless, it is clear that even alternative forms of Aadhaar authentication are not foolproof.
This is hardly going to increase people’s confidence in the reliability of the system, and the likelihood that its usage will not lead to exclusions.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)