Aadhaar: 'Safety Is Regularly Evolving'

While the introduction of new features such as face authentication, virtual ID, and limited know-your-customer (KYC) by the Unique Identification Authority of India are being seen as reactions to mounting public pressure over the security of Aadhaar, experts, who have helped build the citizen identity system, say these have been in the pipeline for a long time.

Pegged to be fully functional by July 1, the new features will make Aadhaar more secure, but that hasn't stopped the UIDAI from drawing flak over the recent issue of rogue agents selling demographic data of individuals.

Moreover, the agency's handling of the issue has not inspired confidence among the public and security researchers.

Experts say for a system of Aadhaar's size, security is continually evolving.

Lalitesh Katragadda, former head of Google's product centre in India and who also helped build Aadhaar, says as a country we need to understand there's 'no such thing as a 100 per cent secure system'.

While security gaps will always exist, he says it's the UIDAI's duty to ensure there's no 'large-scale theft of people's identity'.

According to him, the new security features will help significantly in this regard.

Face authentication will be another biometric Aadhaar will begin offering to combat the reportedly high failure rates of fingerprint authentication.

The system will use common Webcams to capture photos of individuals and match them with the existing photo on the UIDAI's database.

The system will not use any high-end hardware backed facial recognition like the recently launched iPhone X, which the company claims is more accurate than its previous fingerprint authentication technology.

The UIDAI will work around this issue by clubbing face authentication with other forms of authentication — fingerprint, iris scan or a one-time password sent to a user's mobile phone.

While it isn't known how exactly the feature will be built into apps relying on Aadhaar authentication, Srikanth Nadhamuni, the former chief technology officer of Aadhaar, envisions a scenario where a photo of an individual could be captured and matched when fingerprint authentication fails, in order to improve the probability of a match.

But even this isn't a foolproof plan, some believe.

"Your face is again a biometric, and that comes with the same host of issues that is plaguing the other biometrics that have so far been used," says Sunil Abraham, executive director at the Bengaluru-based think-tank, Centre for Internet and Society.