Modi Government and its goal to digitalise India is moving forward with full steam. After deploying the world’s largest National ID biometric system, it is now time for the deployment of the facial recognition system. However, the proposed Automated Facial Recognition System (AFRS) by the Ministry of Home Affairs through the National Crime Records Bureau has been questioned by many. It seems that there is a concern with regards to the threat it poses to the privacy rights and dignity of citizens.
India’s National Crime Records Bureau is in the midst of collecting bids from private companies to create the country’s first centralized facial recognition surveillance system. The NCRB has not specified a time frame for its launch. However, once it is launched, it will be linked with more than a dozen databases. Although it is still unclear at this point whether Aadhaar, India’s biometric ID database that has drawn criticism for enabling the surveillance of 1.3 billion citizens, would be one of them. But first, let us look at the pros and cons of this system:
The Objective of the System
The AFRS aims at modernising the police force, improving outcomes in the area of criminal identification, and verification by facilitating easy recording, analysis, retrieval and sharing of information between different organisations. The Indian Government says the motive of the system is to help one of the world’s most understaffed police forces, which has one officer for every 724 citizens. The added benefit will go to the emerging Tech companies, as research suggests that the Indian Facial Recognition system will grow six-fold by 2024 to $4.3 billion, nearly on par with China.
The Mechanism of AFRS
As part of the Automated Facial Recognition System (AFRS), images from various sources like CCTV, phone cameras, sketches, social media, and others could be instantly matched with the photo database. According to the circular, this would help identify criminals, missing children, unidentified deceased bodies and other alien people on the borders. The end product will be made available on the web platforms and mobile devices be in Android, iOS or Windows.
NCRB is also working for the integration of fingerprint data under the NAFIS program to be integrated with Crime and Criminal Tracking Network & Systems (CCTNS). Here, facial data that includes all metrics of the face, combined with fingerprint, will help the law enforcement agencies in their investigations. The proposal for mobile data terminals to each police station has been made under CCTNS Phase-II. The facial image database will also be integrated with various other systems & databases like ICJS, IVFRT, Immigration Visa Foreigner Registration Tracking (IVFRT) and with all the police systems in different states.
The Conditions Specified by NCRB for AFRS
There will be a bid process to choose the right vendor for the technology, according to the published circular. As part of the conditions, the system will have to offer logical algorithms and user-friendly, simple graphical user interface. At the same time, it will depend on the state-of-the-art machine learning capabilities to achieve its objective of generating accurate alerts by analyzing the massive database.
NCRB also specified that the system should be able to work despite changes in facial expression, lighting, age, hairstyle, facial hair, scars and tattoos that may occur in facial data over time. Not just that, the technology should also have the capability to identify a facial image by automatically extracting it from solid backgrounds and other landmarks. The system will be designed where algorithms, modes and search depths work for varying environments like fast-moving situations and supporting not just CCTV but also infrared and thermal cameras. It seems the specified conditions for the system will require state of the art solutions from the vendor.
Deployment of AFRS at the Airports
On September 6, New Delhi’s Indira Gandhi airport became the fourth airport in India to test a facial recognition system to let passengers board by letting a machine scan their faces. The tech is scheduled to roll out at all the major airports in the country in the next few years. The government calls it “Digi Yatra” - Digital Journey - and it is a partnership between India’s federal aviation ministry and private companies. The aim, according to a 2018 government document, is to use biometric data to create a “digital travel experience.”
The same system was first introduced in the cities of Hyderabad and Bengaluru in trial phase. Since it is still under a trial phase, the CISF personnel verified the travel documents and other necessary credentials.
It is not just airports; hundreds of Indian police stations, malls, and schools already use a patchwork of facial recognition systems powered by tech from dozens of private companies, and major cities have rushed to install hundreds of thousands of closed-circuit cameras on the street corners.
Challenges That Come with Facial Recognition Technology
The facial recognition technology depends on how well the system is trained on the data sets, and barring China which with the largest facial photo database, no other country has achieved high precision in mass deployments. Many experiments have also proven how facial recognition systems may fail to identify objects accurately, as highlighted by multiple research works. Facial recognition software tested by the UK’s Metropolitan Police generated false positives in more than 98% of match alerts.
In another experiment, in Germany, researchers found the accuracy of facial recognition technology between 17-29% and full of false positives. There are also concerns around demographic bias that may unintentionally creep into the system during training the ML models. According to an MIT study, facial recognition systems make more significant errors in recognising subjects with darker skin complexion and females.
Facial Recognition System: Data Security May Be the Biggest Roadblock Here
The notice has identified the related security challenges on unauthorised access to database or application, accidental modifications or deletions, unintentional modifications or deletions, encryption/decryption of records while storing/loading the records to/from the database. It has been proposed that AFRS needs implementation of an access control policy, MD 5/SHA encryption layer, prevention from BRUTE Force Attack, SQL Injection, other vulnerability patches, etc.
Considering the advanced state of state-sponsored hackers, it will remain uncertain how government agencies help protect facial image databases. According to reports, the entire Aadhaar database had been breached in the past, leaking data to hackers on the dark web. A new database containing extensive facial data belonging to Indian citizens may become another juicy target for hackers across the globe.
Personal Privacy Vs Law & Order: What Will Be the Priority?
Looking at the positive side, the use of facial data in criminal investigations will likely bring down crime rates. To achieve this, it is expected that the government will be working on a nationwide installation of closed-circuit cameras that can capture facial imagery in real-time. Similar systems have found success in the US and China, where criminal data is shared across different departments, helping to solve investigations effectively.
But in a country like China, facial data is not just used to catch criminals but also to monitor citizens and create social credit scores. To prevent such a scenario, it may be imperative for the government to clarify its data privacy law and have a governance body that ensures data is used ethically and for helping the nation in the right direction.
The concerns for privacy are highlighted by a recent instance where San Francisco – the technology hub of the world made it illegal to use facial recognition collected by police forces. The reason cited is the lack of proper regulation on how such personal data will be managed and secured. Given the lack of privacy laws, experts say the proposed AFRS may pose a great challenge in determining the accountability of any unintentional misuse of facial data. This particularly is of greater importance in India, a country that guarantees the right to individual privacy as part of the constitution.
With the concerns raised by the critics and advocates regarding the inefficient and weak privacy rights, this system could be abused and could pose greater security threat to the nation. Before deploying this system, the Government should have an extensive public conversation addressing their queries and explaining the primary objective of the proposition. But, it seems that ship has already been sailed; so before accepting bids and putting this in action, the data privacy rights should be revised in order to prevent its use for dubious purpose or God forbid, this might turn our nation into a Chinese style Orwellian state.
Find other articles of digitisation activities in India, here.