You are reading it here first: The deadline to submit bids for India’s controversial Automated Facial Recognition System has been shifted for the tenth time. The deadline is 5 pm on August 27. The earlier deadline to submit bids was August 6, and the National Crime Records Bureau said that the deadline was extended due to “administrative reasons”. The large scale facial surveillance tool is a centralised web application, and is pegged to be the foundation for “a national level searchable platform of facial images”.
The extension comes less than a month after the NCRB held a pre-bid meeting with prospective bidders to answer some of the queries they had about the surveillance tool, which MediaNama had exclusively reported on. The meeting had happened after the NCRB scrapped an original tender document for the project and floated a new one in June.
Changes to AFRS’s capabilities
While questions had been rightly raised against the privacy concerns of deploying an incessantly invasive surveillance tool at such a large scale, the government had tried addressing some of the challenges in the revised tender. The deployment of the facial recognition tool will neither involve the installation of CCTV cameras nor will it connect to any existing CCTV camera anywhere, under the new tender document.
However, while this was a welcome change compared to the old tender, the AFRS is now set to have more searchable attributes. It is envisaged to have a searchable image/visual database of missing persons, unidentified found persons, unidentified dead bodies and criminals based around “dynamic” police databases. The image/visual database will also have metadata like name, age, addresses etc. and special physical characteristics. The old tender did not specify the inclusion of any additional metadata.
Similarly, the surveillance tool is now required to integrate with similar systems operational in some states — and with other police applications, suggesting that apps such as TSCOP (used by Telangana Police) and FaceTagr (used by Tamil Nadu Police) can possibly carry out face matches against NCRB’s database.
Companies that want in, and their concerns
On July 13, MediaNama had exclusively reported on the pre-bid meeting that happened between officials of the NCRB and companies willing to develop the system for them. Among the companies that were present, were BECIL (Indian state-owned), Idemia (French), Tech5 (Swiss), Thales (French), Anyvision (Israeli), Vara Technology (Maharashtra-based), Innefu Labs (Delhi-based), NEC Corporation (Japanese), and Ernst and Young.
Indian companies present at the meeting, such as Innefu Labs argued that the surveillance tool should be developed by an Indian company given the sensitivity of the project. In fact, Innefu’s representative said that with foreign companies, there is a chance that a backdoor might be created.
Some companies urged the NCRB to allow a consortium of companies to place a joint bid. Currently, only independent companies, or joint venture companies can place a bid.
Legality, privacy concerns
While the NCRB seems determined to go ahead with the project, it hasn’t yet — satisfactorily — justified whether there is a legal basis to deploy such a system. Last year, it said that the AFRS had received cabinet approval in 2009, and as a result had legal grounds to go through. Needless to say, since 2009, India has witnessed a landmark judgement declaring the right to privacy, which says that privacy can only be curtailed when there is a legal basis for it, and when the measure isn’t disproportionate on the right holder.
On top of that, India’s data protection bill, which is currently being deliberated upon by a Joint Parliamentary Committee, has carved out exemptions for government agencies to adhere to provisions of the bill. This suggests that when the AFRS is eventually deployed, there is a possibility that the NCRB might be able to collect, store and process biometric data of Indians without necessarily adhering to provisions of the Bill.