Uploading a selfie for DOST authentication? Digital experts claim privacy concerns

Hyderabad: Data security experts have raised privacy concerns over the use of facial recognition technology by Telangana higher education board. This followed the registration for Degree Online Services Telangana (DOST) which commenced on August 24, where students have to upload a 'selfie'.

The state higher education board is using facial recognition technology to 'ease' the process. Students can now register on the official T App Folio with a selfie and Aadhar card details, which would then be matched with their intermediate degree details.

While officials in higher education and information technology departments claim that this is a student-friendly move, digital experts in the state are raising privacy concerns.

Data security experts allege that this is part of the state government creating digital IDs for citizens without their consent.

"This is essentially like a state-based Aadhar card system where facial recognition is being used to construct Real-Time Digital Authentication of Identity (RTDAI). The said information is then being used in tasks such as granting pensions and student enrolments," said Srinivas Kodali, a data security researcher based in Hyderabad.

As per the new guidelines issued by the Telangana State Council of Higher Education (TSCHE), students can download T App Folio and register themselves for admissions. All they have to do is to fill in Aadhar details, name, phone number, intermediate board ID, along with a selfie.

However, students are also required to check a consent box that allows Information Technology, Electronics, and Communications (ITE&C) and TSCHE to access their data.

Screenshots of DOST authentication process on T App Folio

Kodali, however, raised concerns that the ITE&C already has access to data submitted by students during their intermediate degree.

Professor B Limbadri, Convenor of DOST and Vice-chairman of TSCHE, said it is only in the context of a pandemic that they decided to proceed with facial recognition authentication. "Earlier, students had to undergo biometric authentication by visiting a MeeSeva center. To reduce 'touch' and provide facilities for a contactless authentication process, we chose to engage with facial recognition," he said.

Principal Secretary, IT&EC, Jayesh Ranjan noted that this is only a temporary measure. "When students take admissions in schools, they provide photographs. We are using the data that has been previously provided by the students. This is a COVID reaction, and we are not jeopardizing or putting them at risk," he said.

Kodali is one of the few vocal citizens in the state raising concerns over the government creating a centralized digital database. He claimed that the government has utilized data from the Election Commission of India to create a 360-degree profile of all citizens, which is being done without consent or any legal grounds.

He further said that this data is stored at Telangana State Technology Services (TSTS), which is responsible for the creation of new digital ID. At the same time the data is stored in Telangana's state resident data hub, Samagraha Vedika, which continues to add various departments data to its database to create 360 degree profile database

"While officials say that the data is temporary, we have seen the privacy leaks in the case of Aadhar. Data storage is never temporary," Kodali added.