The National Crime Records Bureau’s (NCRB) controversial Automated Facial Recognition System (AFRS) “will not violate privacy”, Minister of State for Home Affairs G Kishan Reddy said in Rajya Sabha on March 4. He said that the AFRS will use police records and only law enforcement agencies would be able to access the system. It will help in better identification of criminals, unidentified dead bodies and missing children and persons.
The AFRS is a centralised web application, and is expected to be the foundation for “a national level searchable platform of facial images”. The database of facial images will be created by using passports, data from the Crime and Criminal Tracking Network and Systems (CCTNS), and the Interoperable Criminal Justice System, among other things, NCRB had said in a tender document. The deadline for submission of tenders by vendors willing to develop the surveillance tool has already been extended six times, with the current deadline being March 23.
In July 2019, the NCRB had held a pre-bid meeting with vendors willing to bid to develop the AFRS, who raised queries regarding the future integration of AFRS with other systems, and how the system would deal with cases of plastic surgery. Prospective bidders had also said that requirements to qualify for developing the AFRS could hardly be met by domestic companies, and in turn give an edge to bigger international firms.
Concerns surrounding surveillance, violation of privacy: When NCRB had announced its plans of developing a centralised facial recognition system, it sparked concerns surrounding state surveillance, and privacy. Advocacy group, the Internet Freedom Foundation (IFF), had written to the organisation, stating that the proposed surveillance tool was unfathomably detrimental to Indians’ privacy, while highlighting that it lacked legality, and had no safeguards and accountability.
In response, NCRB had justified the legality of AFRS on the basis of a CCTNS Cabinet Note from 2009, where a system, akin to the AFRS, was envisaged. Based on this note alone, the Bureau said that the AFRS has cabinet approval, and is hence, legal. NCRB had also said that the AFRS will not be integrated with the Aadhaar database.
No data protection law in place: It is also worth mentioning that the department is planning to deploy a national level facial recognition system when India doesn’t have a data protection law. Moreover, the Personal Data Protection Bill, 2019, which is currently being deliberated upon by a Joint Parliamentary Committee, has carved out exemptions for government agencies to adhere with provisions of the Bill. This suggests that when the AFRS is eventually deployed, there is a possibility that the NCRB might be able to collect, store and process biometric data of Indians without necessarily adhering to the provisions in the Bill.