For the past few days, reports that the Unique Identification Authority of India (UIDAI) will be bringing in facial recognition for authentication from September 15 have been doing the rounds. However, a discreet circular in January this year highlights that the matter has been under consideration for a while. Apart from the apparent ethical aspects of facial recognition technology vis-a-vis the issue of privacy, for which the UIDAI has been taken to Court, the technical aspects too are worth considering.

Also Read: Even Sharma Knows that He Lost the Aadhaar Challenge

The circular dated January 15, 2018 argued that as a way to reduce the rejection rates for biometric authentication, an additional authentication feature needs to be brought in i.e. facial recognition. The circular stated the advantages of using facial recognition as:

Face authentication will provide additional choice to create inclusive authentication for residents having difficulty with their fingerprints/iris authentication.

Since face photo is already available in the UIDAI database, there is no need to capture any new reference data at UIDAI's Central Identities Data Repository (CIDR).

Cameras are now pervasively available on laptops and mobiles making the face capture easily feasible for Authentication User Agencies (AUA) without needing any additional hardware.

Face authentication with liveness detection can be used as an additional factor to increase security.

The circular then stated that the UIDAI has decided to implement the facial recognition feature through the following features:

Face Authentication provides additional option for AUAs to ensure that inclusive authentication is offered to all residents.

Face Authentication shall be allowed only in fusion mode along with one more authentication factor. This means Face Authentication must be combined with either fingerprint or iris or OTP to be able to successfully authenticate an Aadhaar number holder.

UIDAI provides the fingerprint and iris biometric authentication to select AUAs, similarly Face Authentication shall be allowed on need basis.

Also Read: Is UIDAI Paying Attention to Aadhaar Security Failures, Asks FSM

The circular further stated that the AUAs would be required to ensure that in case one mode of authentication fails, they should be able to provide alternative modes through their registered devices. They should also make necessary changes on the AUA server side to process the encrypted authentication input.

Also See: We’re Stuck With It, Even Though It Is Collapsing All Around Us: Usha Ramanathan

The first question that should come to people's minds concerns the creator of the facial recognition software. In the course of the Aadhaar hearings, the petitioners alleged that the software on which the entire system is based was provided by a contracting foreign company. Similarly, facial recognition technology like other forms of AI-driven technology is in a nascent stage. At present, possibly, the most advanced commercially available system is that used in the Apple iPhone X. Therefore, the question of who is the creator of the UIDAI's facial recognition technology is worth asking.

Also See: How Aadhaar Makes Identity Fraud Much Easier

The next question regarding this technology is regarding its accuracy. There is an ongoing race between the tech giants like Google, Samsung, Apple and Facebook in creating powerful facial recognition software. However, like in all emerging technology, there have been errors. For example, Google's software had labelled the faces of African origin people as 'gorilla'. Meaning that it was unable to recognise faces with African features. When Samsung launched a similar feature in its Galaxy S8, it soon emerged that the software could be spoofed by showing it a photograph of the phone's owner.

Also Read: Aadhaar: A Sinking Ship?

The UIDAI circular has mentioned that 'liveness detection' should be included in the facial recognition software's features. However, till date, only the iPhone X has the capability to render a three-dimensional image to determine the authenticity of the subject. This is a hardware feature, and hence, it would mean that all the devices through which such authentication should take place would have to be iPhone X's. No doubt Apple will be thrilled. Yet, what is astounding is that facial recognition technology is in its infancy, and hence has a higher error rate than both fingerprints and iris scans. Thus, a technology with a high error rate is being brought in to reduce error rates in other modes of authentication.