Under a revised request for proposal for India’s controversial Automated Facial Recognition System, the deployment of the surveillance tool will neither involve the installation of CCTV cameras nor will it connect to any existing CCTV camera anywhere. In turn, the new solution will now need to have “interfacing ability to analyse data on images/visuals on crime and criminals from various sources”. The AFRS is a centralised web application, and is expected to be the foundation for “a national level searchable platform of facial images”.

The National Crime Records Bureau — the agency which has been tasked to deploy the AFRS — released the revised RFP last week, after about 3 months it started reworking it. Along with releasing the revised RFP, the Bureau also postponed the deadline to submit bids — for the ninth time — to August 6, and has scheduled a pre-bid meeting with prospective bidders on July 13.

The revised document, however, still did not clarify if such surveillance systems are even legal to deploy — a significant omission, because the NCRB had last year justified AFRS’ legality based on a 2009 cabinet note alone.

The new RFP has added police forces from Union Territories and “law enforcement agencies” as stakeholders of the project, apart from state police forces, MHA, and NCRB. The old RFP had MHA, NCRB and state police forces as the stakeholders. The AFRS hardware (servers etc.) will now be located at more places — it will be stored at NCRB’s data centre in Delhi and the Disaster Recovery Centre at Pune/Hyderabad/Bhubaneswar or “any other locations”. It isn’t clear if the hardware is supposed to be installed at all the 3 DRCs or in any one of them. Earlier, it was to be installed at only NCRB’s facilities.

What’s different in the updated AFRS RFP?

There are majorly two areas where the NCRB has made revisions: required technical specifications of the surveillance system itself, and the criteria for companies willing to participate in the bidding process:

Changes to technical requirements

Facial dataset will now include more attributes: The new RFP states that AFRS is envisaged to have a searchable image/visual database of missing persons, unidentified found persons, unidentified dead bodies and criminals based around dynamic Police databases. The image/visual database will also have metadata like name, age, addresses etc. and special physical characteristics. The old RFP did not specify the inclusion of any additional metadata.

Demands an advanced level of verification and search functionality: The system will be accessible through PCs as well as handheld devices. It should be able to verify the identity of a person using the 1:1, 1:N and N:N combinations. The system should also be able to return with facial matches based on textual attributes. The old version of the RFP only required the AFRS to be able to carry out 1:1 and 1:n searches.

  • It isn’t clear why the department aims to achieve with N:N face verification if it will not use AFRS with a CCTV network. A prospective bidder, on condition of anonymity, told MediaNama that this kind of a requirement only makes sense for live monitoring use cases, which use CCTVs as the camera input.

AFRS’ integration with pre-existing police face match software being used: The new RFP requires vendors to integrate AFRS with similar systems operational in some states — and with other police applications through a “service-oriented architecture”. A service-oriented architecture is a vendor-agnostic software design where services are provided to the other components by application components, through a communication protocol over a network. This suggests that apps such as TSCOP (used by Telangana Police) and FaceTagr (used by Tamil Nadu Police) can possibly carry out face matches against NCRB’s database.

Only images and videos from a crime scene to be used: The earlier RFP said that police could upload footage from “surveillance cameras” situated across a city to use it as the AFRS’ facial database. However, the new RFP only states that images and videos from a scene of the crime can be used. It isn’t clear if CCTV footage from a crime scene could be ingested into the system, as it wasn’t specifically mentioned.

  • In the old version, face images captured from CCTVs were allowed to be used in the system to match against the facial database. Earlier, AFRS was also required to work with ONVIF (Open Network Video Interface Forum) cameras, which are essentially IP based surveillance cameras. Both of these requirements have now been dropped.

The facial database will be more than just images: The AFRS should allow the NCRB to store not just photographs, but also “visuals on crime and criminals” collected across the nation, as per the revised RFP. The old RFP only required the NCRB to store photographs.

  • NCRB has scrapped the provision to create a database using images collected from newspapers and raids.

Reduction in number of integrated databases: The new AFRS’ database will no longer be integrated with IVFRT (Immigration Visa Foreigner Registration Tracking) and Khoya-Paya, which is a government portal to track missing children. Integration with other databases such as CCTNS, ICJS will still be required, however.

Compatibility with ‘IRIS’ database no longer mandatory: The old RFP required the AFRS to be compatible with a database called IRIS, and we had in November last year pointed out that there was no publicly available information about what this database is, and how it was created. The new RFP has removed this condition.

International standards compliance: The new RFP requires the AFRS to be able to work on “diverse graphics and video formats, as well as video, feeds with infrared camera support’. It should also be able to carry out matches from image formats like NIST, JPEG, PNG, BMP, TIFF, GIFF, and video formats like AVE, AVI, MPEG, MP4, ASF, and MSV. These international compliance standards were not mentioned in the old RFP.

  • At the same time, the system is no longer required to comply with the Electronic Biometric Transmission Specification, which is a standard developed by the US’ FBI for electronically encoding and transmitting biometric image, identification, and arrest data.

Changes to bidder qualification criteria

When the old RFP was floated last year, several Indian companies had complained that it was too difficult for them to participate in it given stringent conditions for turnover and past experience in particular (read more about it here). The revised RFP has addressed those concerns to some extent:

Turnover and past experiment requirement halved: Perhaps the biggest concession that has been afforded in the revised RFP is that bidding companies or joint ventures need to have a turnover of at least Rs 50 crore in the last three financial years. Earlier, bidding companies were required to have an annual turnover of Rs 100 crore in the last three years. Moreover, startups recognised by DPIIT, and the government of India are exempted from this clause.

  • The amount of weightage that the NCRB will give to bidders based on past experience has also been halved in the revised RFP (from 30 points in the old RFP to 15 points now).
  • Companies registered as MSMEs and MSEs are not required to submit an earnest money deposit of Rs 40 lakh as part of their bid, presumably to ease the bidding process for smaller companies.

NIST FRVT evaluation mandatory: It is also now mandatory for bidders or any member of a joint venture to have participated in NIST FRVT evaluation program by 2016 or later. Earlier, this was only a “desirable criteria”. The FRVT (Facial Recognition Vendor Test) evaluation conducted by US’ NIST is aimed at the measurement of the performance of automated face recognition technologies applied to a wide range of law enforcement applications. Bidding companies are no longer needed to take NIST’s algorithm validation test.

  • A person from the industry said that this is still a problematic condition for small Indian companies who wish to bid as independent entities, without forming joint ventures with bigger firms. “This condition is almost as if the NCRB wants Japan’s NEC Corporation to participate in the bidding process, and then they talk of Make in India,” the person remarked.
  • There is another provision which says that a bidder or any partner in a joint venture should have at least 3 years of experience in installing similar tools, and have a database pool of 1 million facial images. This is also a difficult requirement for most Indian companies to meet, this person said.

No specific preference to hardware from ‘reputed’ companies: In the old RFP, NCRB had said that hardware manufactured by “reputed” and “well-proven” brands such as HP, Dell and IBM will be given preference, however, in the revised version, that requirement has been removed. Another industry person told us that this could possibly allow smaller companies to meet technical requirements. They also said that HP, Dell etc. make web protected servers for face recognition systems.

Joint bidding is no longer allowed: Earlier, a maximum of 2 companies were allowed to place a joint-bid. Instead, now joint venture companies have been allowed. Another industry person told us that this could lead to some kind of consolidation in the industry, where small Indian companies could possibly look to form joint ventures with bigger companies to participate in the bids.

Source of testing dataset unknown: To demonstrate the technical capabilities of their systems, vendors will be given a dataset of 1 million images, however, the revised RFP doesn’t make the source of these images clear. The old RFP stated that these 1 million images would be obtained by NCRB. Vendors will also have to establish a 24×7 help desk to address issues with the software, hardware and other infrastructure. Earlier, they were required to establish a 16×6 help desk.

The updated version of AFRS’ RFP can be found here. The old version is here