Moneycontrol: National: Friday, 17 June 2022.
More than 100,000 digital life certificates (DLCs) have been generated using an Aadhaar-based facial recognition system, the National Informatics Centre (NIC) said. The document is necessary for retirees to draw pensions.
According to the NIC’s reply to a Right To Information (RTI) application filed by Moneycontrol, 102,576 DLCs have been generated using the system.
Although the government claims the use of facial recognition for pension disbursal is helpful to senior citizens, the fact remains that there is no law backing facial recognition. Additionally, there is no data protection law that can safeguard against the possible misuse or breach of such data.
“DLC is generated only after successful face authentication by UIDAI,” NIC said in the RTI. UIDAI is short for the Unique Identification Authority of India (UIDAI), the statutory body responsible for handling all Aadhaar-related services.
It was in 2018, that the Centre introduced Jeevan Pramaan, the program under which Aadhaar-based DLCs are generated. In 2021 December, the Centre introduced the facial recognition aspect into Jeevan Pramaan as an additional way of generating DLCs.
While introducing it, the government had claimed that"it will touch the lives of not only 68 lakh Central government pensioners but also crores of pensioners.. such as EPFO, State government pensioners".
Caveats
A successful generation of a DLC through facial recognition and Aadhaar authentication does not ensure pension payment. After a DLC is generated, Pension Disbursing Agencies (PDAs) decide whether to accept it or reject it, NIC said.
“DLC is only generated after successful face authentication by UIDAI and after that the DLC is shared with the PDA for verification of PPO (pension payment order) particulars. PDA either accepts or rejects the DLC after verification,” said the RTI reply.
As of now, 52, 987 DLCs have been accepted and 18,603 rejected by PDAs, NIC said.
Data storage
In another separate RTI application filed by Moneycontrol, the UIDAI said the Aadhaar-based facial recognition authentication data is stored for six months.
“Further as per regulation 18 (of the Aadhaar Regulation, 2021), the logs of authentication transactions shall be maintained by the requesting entity for a period of 2 years,” UIDAI said in its RTI reply.
Data is not stored at the Jeevan Pramaan portal, NIC added.
How it works
This process involves two applications. First, one has to download a Jeevan Pramaan Face App, available on the Jeevan Pramaan website, and second, an app called AadhaarFaceRD (Early Access) by the UIDAI, available on Google the Play Store.
On the Jeevan Pramaan Face App, the user has to undergo a facial recognition process for registering himself/herself as an operator of the app. This, Jeevan Pramaan says, is a one-time process.
Post, that the app restarts, and then the pensioner authentication process begins. A pensioner has to enter their Aadhaar number, mobile number and email address and PPO details. After that, the facial recognition window opens.
The app then restarts, and the pensioner authentication process begins. A pensioner has to enter his/her Aadhaar number, mobile number and email address and PPO details. After that, the facial recognition window opens.
Using either a front or rear camera, one can initiate the process of facial recognition.
“It will show ‘hold still and blink your eyes when the lighting is right and the camera is stable’. Follow the instructions shown on the screen to successfully complete the face authentication process,” a Jeevan Pramaan document said.
Other uses
This is not the first time facial recognition has been used for pension disbursal. In 2019, the Telangana government developed a facial recognition-based process for pension disbursal, a New Indian Express report said.
This is also not the first time that Aadhaar-based facial recognition has been used in governmental processes involving citizens.
According to a report by MediaNama, the National Health Authority had undertaken 266,943 Aadhaar-based facial recognitions as part of a touch-less Covid-19 vaccination pilot that was taken up in Jharkhand last year.
Recently, it was also proposed for air travel. As part of the DigiYatra scheme, the Ministry of Civil Aviation plans to use facial recognition for boarding purposes.
The scheme will also be integrated with Aadhaar, driving licence, PAN, passport and CoWin data, an RTI filed by Internet Freedom Foundation (IFF) had said.
In 2021, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar had said facial recognition technology (FRT) will not be integrated with Aadhaar, but will be used as one of the authentication procedures with ‘informed consent of the individual’.
A myriad concerns
Despite the government claiming that Aadhaar is infallible, its critics have cited a myriad Aadhaar-related payment frauds, identity theft cases and so on.
So much so that recently, in a now-retracted notification, the Bengaluru Regional Office of the UIDAI asked people to not share photocopies of Aadhaar as the information could be misused.
Flaws in facial recognition, too, have been well documented. For instance, a United Kingdom privacy regulator recently fined Clearview AI, a facial recognition company, for $9.4 million for collecting images from the web and social media sites of people in Britain to create a database that can be used by law enforcement for facial recognition.
Civic society organisations such as the IFF have also pointed out that the usage of Aadhaar-based facial recognition can prove to be exclusionary and discriminatory.
“Linking welfare schemes to Aadhaar and its biometric verification system has caused mass exclusions… an untested facial recognition system will increase the risk of exclusion,” the IFF said in a statement against the use of Aadhaar-based facial recognition for vaccination,
Facial recognition technology does not have a 100 percent success rate, it said. “Implementation of an error-prone system without adequate legislation containing mandatory safeguards, would deprive citizens of essential services,” the IFF said.
“An error-prone FRT system, as the only mode of identification, would lead to false negatives, as the system will not be able to correctly identify individuals, and arbitrarily deprive them of access to essential government schemes,” it added.
Way forward
Although there exist no legal safeguards for use of facial recognition, it is not illegal, said Anushkaa Arora, principal and founder of ABA Law Office said.
Arora said data protection and privacy laws in India are still at a nascent stage and would evolve in the future.
With the Supreme Court’s K. S. Puttaswamy v Union of India judgement recognising Right to Privacy as a fundamental right, and with a Personal Data Protection Bill in the works, Arora said informational privacy matters would get a boost.
“However, unless India does not have a strong legal folio to protect data and privacy of citizens, the government must be aware and safeguard citizens from possible data breaches or scams. Until then, as blunt as it may sound, any kind of public data for government or private use is at risk,” Arora said.
More than 100,000 digital life certificates (DLCs) have been generated using an Aadhaar-based facial recognition system, the National Informatics Centre (NIC) said. The document is necessary for retirees to draw pensions.
According to the NIC’s reply to a Right To Information (RTI) application filed by Moneycontrol, 102,576 DLCs have been generated using the system.
Although the government claims the use of facial recognition for pension disbursal is helpful to senior citizens, the fact remains that there is no law backing facial recognition. Additionally, there is no data protection law that can safeguard against the possible misuse or breach of such data.
“DLC is generated only after successful face authentication by UIDAI,” NIC said in the RTI. UIDAI is short for the Unique Identification Authority of India (UIDAI), the statutory body responsible for handling all Aadhaar-related services.
It was in 2018, that the Centre introduced Jeevan Pramaan, the program under which Aadhaar-based DLCs are generated. In 2021 December, the Centre introduced the facial recognition aspect into Jeevan Pramaan as an additional way of generating DLCs.
While introducing it, the government had claimed that"it will touch the lives of not only 68 lakh Central government pensioners but also crores of pensioners.. such as EPFO, State government pensioners".
Caveats
A successful generation of a DLC through facial recognition and Aadhaar authentication does not ensure pension payment. After a DLC is generated, Pension Disbursing Agencies (PDAs) decide whether to accept it or reject it, NIC said.
“DLC is only generated after successful face authentication by UIDAI and after that the DLC is shared with the PDA for verification of PPO (pension payment order) particulars. PDA either accepts or rejects the DLC after verification,” said the RTI reply.
As of now, 52, 987 DLCs have been accepted and 18,603 rejected by PDAs, NIC said.
Data storage
In another separate RTI application filed by Moneycontrol, the UIDAI said the Aadhaar-based facial recognition authentication data is stored for six months.
“Further as per regulation 18 (of the Aadhaar Regulation, 2021), the logs of authentication transactions shall be maintained by the requesting entity for a period of 2 years,” UIDAI said in its RTI reply.
Data is not stored at the Jeevan Pramaan portal, NIC added.
How it works
This process involves two applications. First, one has to download a Jeevan Pramaan Face App, available on the Jeevan Pramaan website, and second, an app called AadhaarFaceRD (Early Access) by the UIDAI, available on Google the Play Store.
On the Jeevan Pramaan Face App, the user has to undergo a facial recognition process for registering himself/herself as an operator of the app. This, Jeevan Pramaan says, is a one-time process.
Post, that the app restarts, and then the pensioner authentication process begins. A pensioner has to enter their Aadhaar number, mobile number and email address and PPO details. After that, the facial recognition window opens.
The app then restarts, and the pensioner authentication process begins. A pensioner has to enter his/her Aadhaar number, mobile number and email address and PPO details. After that, the facial recognition window opens.
Using either a front or rear camera, one can initiate the process of facial recognition.
“It will show ‘hold still and blink your eyes when the lighting is right and the camera is stable’. Follow the instructions shown on the screen to successfully complete the face authentication process,” a Jeevan Pramaan document said.
Other uses
This is not the first time facial recognition has been used for pension disbursal. In 2019, the Telangana government developed a facial recognition-based process for pension disbursal, a New Indian Express report said.
This is also not the first time that Aadhaar-based facial recognition has been used in governmental processes involving citizens.
According to a report by MediaNama, the National Health Authority had undertaken 266,943 Aadhaar-based facial recognitions as part of a touch-less Covid-19 vaccination pilot that was taken up in Jharkhand last year.
Recently, it was also proposed for air travel. As part of the DigiYatra scheme, the Ministry of Civil Aviation plans to use facial recognition for boarding purposes.
The scheme will also be integrated with Aadhaar, driving licence, PAN, passport and CoWin data, an RTI filed by Internet Freedom Foundation (IFF) had said.
In 2021, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar had said facial recognition technology (FRT) will not be integrated with Aadhaar, but will be used as one of the authentication procedures with ‘informed consent of the individual’.
A myriad concerns
Despite the government claiming that Aadhaar is infallible, its critics have cited a myriad Aadhaar-related payment frauds, identity theft cases and so on.
So much so that recently, in a now-retracted notification, the Bengaluru Regional Office of the UIDAI asked people to not share photocopies of Aadhaar as the information could be misused.
Flaws in facial recognition, too, have been well documented. For instance, a United Kingdom privacy regulator recently fined Clearview AI, a facial recognition company, for $9.4 million for collecting images from the web and social media sites of people in Britain to create a database that can be used by law enforcement for facial recognition.
Civic society organisations such as the IFF have also pointed out that the usage of Aadhaar-based facial recognition can prove to be exclusionary and discriminatory.
“Linking welfare schemes to Aadhaar and its biometric verification system has caused mass exclusions… an untested facial recognition system will increase the risk of exclusion,” the IFF said in a statement against the use of Aadhaar-based facial recognition for vaccination,
Facial recognition technology does not have a 100 percent success rate, it said. “Implementation of an error-prone system without adequate legislation containing mandatory safeguards, would deprive citizens of essential services,” the IFF said.
“An error-prone FRT system, as the only mode of identification, would lead to false negatives, as the system will not be able to correctly identify individuals, and arbitrarily deprive them of access to essential government schemes,” it added.
Way forward
Although there exist no legal safeguards for use of facial recognition, it is not illegal, said Anushkaa Arora, principal and founder of ABA Law Office said.
Arora said data protection and privacy laws in India are still at a nascent stage and would evolve in the future.
With the Supreme Court’s K. S. Puttaswamy v Union of India judgement recognising Right to Privacy as a fundamental right, and with a Personal Data Protection Bill in the works, Arora said informational privacy matters would get a boost.
“However, unless India does not have a strong legal folio to protect data and privacy of citizens, the government must be aware and safeguard citizens from possible data breaches or scams. Until then, as blunt as it may sound, any kind of public data for government or private use is at risk,” Arora said.
.JPG)
.JPG)
