Written by Sanjib Pohit.
India’s quest for a biometric enabled identification of citizens began with Aadhaar which is supposed to provide proof of identity to a large segment of our population previously without any formal proof of identity.
This has helped a large segment of our population to avail themselves of better access to government services, earlier denied to them due to their inability to prove their proven identity (in the case of their current domicile which is usually different from their permanent residence). The large scale migration of economically backward people from rural to urban areas, within and intra-state, in search of job opportunities means that this segment of population are quite large and they are in need of government services (subsidised food, fuel for cooking, etc) because of their economic circumstances.
Unlike passwords, biometrics cannot be easily changed, prompting fears over the safety of people’s personal data. Thus, Aadhaar based payment mechanism or availing government services with biometric information being the sole security system is fraught with danger.
It is also equally true that a large number of them have been able to procure another set of government issued cards at their work places by paying bribes to government employees. Thus, while they avail subsidised food items from the government ration shop at their work place, their relatives/friends at their permanent place of residence (home town/village) access the same using their ration cards issued at their home town/village. No doubt, the authentication through Aadhaar will be able to identify those beneficiaries who are registered at more than one places. This would surely help in reducing the government subsidy bill.
Increasingly, Aadhaar is being linked to various forms of government services/utilities/forms, starting from attendance at government offices, payment for manual construction related work under the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), to direct benefit transfers to the beneficiary’s bank account. However, the data collated by the Telangana state government shows that the Aadhaar based biometric authentication failure rate in the ambitious rural job guarantee scheme is as high as 36 percent.
Telangana is the first state to release such detailed data about the failure rates of Aadhaar payments, but analysts fear that this could be reflective of a nationwide trend. This comes at a time when the government is moving swiftly to link all social security schemes and government benefit programmes with Aadhaar in an effort to plug leakages and ensure that government payments reach the intended beneficiary. The main reason for the payment failure in the operation was biometric mismatch, probably arising due to damage to the fingers of the rural labourers (the downside of fingerprint recognition). Consequently, workers have been denied wage payments due to them in many instances.
To increase the use of digital payments among the poor and illiterate population in rural areas of the country, the government is promoting Aadhaar Pay which authorises financial transactions by using fingerprint technology. Aadhaar Pay, which is the merchant version of the already-in-use Aadhaar-enabled payment system (AEPS), is supposed to become an alternative for all online and card transactions which require a password and PIN.
The basic premise on which Aadhaar rest is that biometric identity cannot be recreated by another and therefore, the intended beneficiary can be uniquely targeted. While the Aadhaar process collects biometric information during enrolment (including the retina of the eye, fingerprints of the hand) authentication in reality only involves matching one finger print with the same in the database. To misuse the system and avail the benefits of Aadhaar enabled services, one only, in principle, needs to recreate the biometric image of any finger print.
Since no two fingerprint match, it seems logical to assume that the Aadhaar enabled identification system cannot be fudged. While it was true some years back, the premise does not hold any more with the advances in 3D printing (i.e. near perfect reproduction of the original object), and its affordable cost.
3D printing, also known as additive manufacturing (AM), refers to processes used to create a three-dimensional object in which layers of material are formed under computer control to create an object. The objects can be of almost any shape or geometry and are produced using digital model data from a 3D model or another electronic data sources.
Currently, 3D printing is employed in industries including aerospace, architecture, automotive, defence, and medical replacements, among many others. It also finds application in custom fit accessories for athletes. Many of these systems are used for rapid prototyping, before mass production methods are employed. Higher education has proven to be a major buyer of desktop and professional 3D printers which industry experts generally view as a positive indicator. Libraries around the world have also become locations to house smaller 3D printers for educational and community access. Several projects and companies are making efforts to develop affordable 3D printers for home desktop use.
Is it possible then to produce custom made 3D images of finger prints? The answer is yes.
According to The Telegraph, US police cracked open a murder’s victim mobile phone by 3D printing a murder victim’s finger to gain access to their smartphone. Of course, the officers had access to the deceased’s fingerprints which they provided to biometrics expert Anil Jain from Michigan State University to recreate this 3D image.
Thus, technological advancement has make it possible to recreate bio-printing image of another individual finger. Since custom made accessories by 3D printing is a norm for athletes, what prevents an unscrupulous person recreating a finger print image of another person? In the past, India has been a victim of misuse of technology. For instance, the affordability and penetration of ultrasound imaging technique in the Indian hinterland has been systemically used to identify and then selectively abort a female fetus.
It should be noted that researchers at Japan’s National Institute of Informatics (NII) have found that peace sign selfies could let hackers copy one’s fingerprints. The fingerprints can be easily recreated from photos taken up to three metres away without the need for advanced technology. So long as the picture is clear and well-lit, prints can be mimicked.
Unlike passwords, biometrics cannot be easily changed, prompting fears over the safety of people’s personal data. Thus, Aadhaar based payment mechanism for accessing government services is fraught with danger.
Incidentally among the three forms of biometric identity (face, iris or fingerprint recognition) fingerprints are the easiest thing that can be recreated with 3D printing. India appears to have chosen the last one (fingerprint) simply because the price of the machine for verification is cheaper. Indian citizens may have to pay a heavy price in the long run.