ADVERTISEMENTREMOVE AD

Here’s Why UIDAI’s Face ID for Aadhaar Is Not Likely to Work

Aadhaar will soon get a face authentication feature to ID people whose iris or fingerprints do not match. 

Updated
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large

The use of face authentication for Aadhaar is unlikely to work in the way that Unique Identification Authority of India (UIDAI) has envisioned. This sentiment has been shared by noted experts in the domain, who believe that implementing face ID (as part of the two-factor authentication) has come ‘too little too late.’

While they accept that implementing the two-factor authentication (2FA) is the right move, they’re not sure how the UIDAI will be able to execute it across different parts of the country by 1 July, the day when the feature is supposed to come into the system.

ADVERTISEMENTREMOVE AD

But before we tell you what we think is going to happen, let’s take a look at what the official circular from UIDAI has to say about the matter and why this feature is being added.

Also Read: Chehra Hai Ya Aadhaar ID? UIDAI Rolls Out Face Authentication

While most of the residents are able to authenticate using fingerprint or iris authentications, some residents face difficulty in successfully using biometric authentication using either of them.  Face authentication (FA) will come as an additional choice to create inclusive authentication for residents having difficulty with finger/iris IDs.
UIDAI circular

And how is the UIDAI going to make this feature work? According to Ankush Johar of Infosec Ventures, an IT security company, UIDAIs face ID feature is basically going to see if the likeness of the original image is the same as the image that was taken while registering for the Aadhaar card.

Also Read: Aadhaar’s Dirty Secret Is Out, Anyone Can Be Added as a Data Admin

The matching of photo is not going to happen on the device, it will only capture. The photo will be sent to a central server, just like how it happens right now with Aadhaar numbers. 

Let’s put its use-case into a real-life example now. A person heads to collect his monthly ration, where the vendor is likely to have an entry-level phone/tablet.

He will take a picture with that, which will check with the server where your original picture resides to see if there is a likeness of that image.

But that’s where the big concern lies.

To do the authentication you don’t need a high-end device, but the larger issue is the origin/source (required to verify), is compromised. The image stored in the database is not high-resolution which could result in failure to authenticate the person
Ankush Johar, Director, Infosec Ventures

This situation is bound to arise, especially when UIDAI plans to use the single face photo which is already there in the database.

UIDAI’s Face ID Different From Apple’s Tech

Ever since the announcement was made, many people started co-relating the face authentication feature with Apple’s iPhone X. But sadly, Ankush is confident that UIDAI’s tech is nowhere close to how Apple’s face ID works.

In addition to that, he points out the big difference between UIDAI and Apple’s implementation of the feature.

Given that Apple invested a big sum to develop the infrared-based specialised hardware to capture a 3D image of a person’s face, it’s dicey how it would compare to the 3-5 MP cameras used at the time of enrolment.
Ankush Johar, Director, Infosec Ventures
Every two to three years, our face changes. While Apple lets users update their face ID on the iPhone X, UIDAI will have a tough ask updating its photo database on a regular basis. 
Ankush Johar, Director, Infosec Ventures
ADVERTISEMENTREMOVE AD

Face ID for Aadhaar – Will it Work?

While Ankush is pleased that the 2FA has been finally put into place, but in hindsight they feel these measures are being taken without actually considering its viability, especially with respect to executing them.

By bringing FA in fusion, UIDAI is saying we’re not going to rely on this completely. Also, they should have brought this long back, not when 1.9 billion people have already enrolled for Aadhaar 
Ankush Johar, Director, Infosec Ventures

India isn’t going to be the first country to implement face authentication, but using 2FA could reduce the instances of mass breaches, as accessing data of millions of users simultaneously becomes harder to execute.

With 2FA in place, UIDAI is likely reduce negate instances of mass data breaches in the coming future.

But their appreciation comes with a word of caution, and the recent security mishaps compel them into mentioning that.

The photo is essentially 2D in nature, captured in low-resolution. Anybody could use your picture and the likeness will be 100 percent.
Source to The Quint

So, there is a high possibility that UIDAI might have to take the source picture of the people one more time, making it mandatory for those who aren’t able to use fingerprint or iris IDs right now.

All this has made them believe that bringing Face ID into the equation, is not going to make any qualitative difference and the number of people using it is likely to be miniscule.

(We Indians have much to talk about these days. But what would you tell India if you had the chance? Pick up the phone and write or record your Letter To India. Don’t be silent, tell her how you feel. Mail us your letter at lettertoindia@thequint.com. We’ll make sure India gets your message)

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 
Speaking truth to power requires allies like you.
Become a Member
×
×