Data Protection & Privacy

UIDAI is hosting a Hackathon looking for innovation in facial authentication

The Unique Identity Authority of India (UIDAI) is hosting a Hackathon titled “Aadhaar Hackathon 2021” targeting young innovators. The hackathon is themed around two topics- ‘Enrolment and Update’, and ‘Identity and Authentication’.

The first-ever hackathon by the Aadhaar team runs from 28 Oct 2021 to 31 Oct 2020, up to 2300 hrs.

The purpose of hackathon

The first theme of the hackathon ‘Enrolment and Update’ expects innovators to solve real-life challenges that residents are facing while updating their addresses.

The second theme aims to solicit innovative solutions to prove identity without sharing the Aadhaar number or any demographics information. It is also looking for innovative applications around UIDAI’s novel face authentication API, in an effort to “popularize some of the existing and new APIs to solve the needs of residents”.

UIDAI will reward the winners of each theme with prize money and other lucrative benefits. Interested teams can register here.

Concerns around Privacy

UIDAI was running a pilot project for facial recognition-based authentication last year. Speaking at the Indian government’s RAISE 2020 Summit, Vivek Raghavan, chief product manager and biometric architect at UIDAI, revealed details around the project. He said that UIDAI has built “advance liveness models” to further strengthen the facial recognition algorithm.

However, Raghavan didn’t comment on how UIDAI developed the training dataset to test its facial recognition algorithm, Medianama reported.

The collection of mass data by the state always raises concerns around privacy. Besides the fear of a data breach, there is a constant threat of misuse of data by the government to conduct illegal surveillance. In absence of a data protection law, these concerns are only exacerbated. Moreover, the proposed personal data protection bill of 2019 exempts the government from adhering to its provisions.

Further, facial recognition is not a reliable technique. Besides algorithmic bias, it can be manipulated, which may exclude genuine beneficiaries from availing services. The European Parliament has recently passed a resolution calling for a permanent ban on AI-based facial recognition systems. Canada has also banned Clearview AI’s facial recognition service. Sweden’s data watchdog imposed a fine on local police for unlawful use of Clearview AI. The UK  has also declared facial recognition implementations illegal citing privacy rights. The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have also called for a ban.

UIDAI has also, till date, not revealed details about its technology. Although it confirmed, in a parliamentary response, implementation of facial authentication, it vaguely says it has a “strong fraud detection and monitoring system in place”. It also said it has a robust system to test and certify any solution including facial authentication which “precludes any attempt of misuse/ fraud.”

Key point: UIDAI needs to be careful. Citizens can always change their password, but neither their fingerprint nor face.

Do subscribe to our Telegram group for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.

Rohit Ranjan Praveer

Rohit is a practicing advocate at Delhi. Beginning as a tech enthusiast, Rohit always had a keen interest in computer forensics and information security. Building upon these fundamentals, he has undertaken extensive research on various techno-legal topics and continues his pursuit pass on valuable information to the masses, with a zeal to build something that outlasts him.​

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.