The National Crime Records Bureau (NCRB) has extended the deadline for vendors to submit their bids to India’s controversial Automated Facial Recognition System (AFRS) for the eleventh time. The new deadline is now 5 pm on September 17. The earlier deadline to submit bids was August 27, and the organisation, which is a part of the Home Ministry and tasked with developing AFRS, said that deadline was postponed due to “administrative reasons”. The large scale facial surveillance tool is a centralised web application, and is pegged to be the foundation for “a national level searchable platform of facial images”.
Last month, NCRB had held a pre-bid meeting with prospective companies who are interested in helping the organisation develop the large scale surveillance system. MediaNama had exclusively reported on that meeting. The meeting had happened after the NCRB scrapped an original tender document for the project and floated a new one in June.
Changes to AFRS’s capabilities
While questions had been rightly raised against the privacy concerns of deploying an incessantly invasive surveillance tool at such a large scale, the government had tried addressing some of the challenges in the revised tender. The deployment of the facial recognition tool will neither involve the installation of CCTV cameras nor will it connect to any existing CCTV camera anywhere, under the new tender document.
However, while this was a welcome change compared to the old tender, the AFRS is now set to have more searchable attributes. It is envisaged to have a searchable image/visual database of missing persons, unidentified found persons, unidentified dead bodies and criminals based around “dynamic” police databases. The image/visual database will also have metadata like name, age, addresses etc. and special physical characteristics. The old tender did not specify the inclusion of any additional metadata.
Which companies are interested?
On July 13, MediaNama had exclusively reported on the pre-bid meeting that happened between officials of the NCRB and companies willing to develop the system for them. Among the companies that were present, were BECIL (Indian state-owned), Idemia (French), Tech5 (Swiss), Thales (French), Anyvision (Israeli), Vara Technology (Maharashtra-based), Innefu Labs (Delhi-based), NEC Corporation (Japanese), and Ernst and Young.
Indian companies present at the meeting, such as Innefu Labs argued that the surveillance tool should be developed by an Indian company given the sensitivity of the project. In fact, Innefu’s representative said that with foreign companies, there is a chance that a backdoor might be created.
Some companies urged the NCRB to allow a consortium of companies to place a joint bid. Currently, only independent companies, or joint venture companies can place a bid.
Legality, privacy issues
While the NCRB seems determined to go ahead with the project, it hasn’t yet — satisfactorily — justified whether there is a legal basis to deploy such a system. Last year, it said that the AFRS had received cabinet approval in 2009, and as a result had legal grounds to go through. Needless to say, since 2009, India has witnessed a landmark judgement declaring the right to privacy, which says that privacy can only be curtailed when there is a legal basis for it, and when the measure isn’t disproportionate on the right holder.
On top of that, India’s data protection bill, which is currently being deliberated upon by a Joint Parliamentary Committee, has carved out exemptions for government agencies to adhere to provisions of the bill. This suggests that when the AFRS is eventually deployed, there is a possibility that the NCRB might be able to collect, store and process biometric data of Indians without necessarily adhering to provisions of the Bill.