You are reading it here first: The National Crime Records Bureau will ask companies looking to bid for the controversial Automated Facial Recognition System to showcase that their facial recognition system can identify mask-wearing faces. This, despite studies showing that face masks severely reduce the accuracy rates of facial recognition systems. The NCRB also said that if a system fails to recognise mask-wearing faces, then the bidder’s system will lose marks during evaluation. The AFRS will also have to generate “comprehensive biometric authentication reports” consisting of a person’s face and fingerprints, NCRB said. It revealed this information as part of responses to questions raised by prospective bidders over emails.
The AFRS is a centralised web application, and is expected to be the foundation for “a national level searchable platform of facial images”. In its current iteration, the tender document has said that the deployment of the surveillance tool will neither involve the installation of CCTV cameras nor will it connect to any existing CCTV camera anywhere. The surveillance tool will be integrated with centrally maintained databases such as the Crime and Criminal Tracking Network and Systems (CCTNS), the Inter-operable Criminal Justice System (ICJS), and the National Automated Fingerprint Identification System (NAFIS).
The NCRB had held a virtual meeting with interested bidders in July to discuss some of the issues they were facing; MediaNama exclusively reported on the meeting. It had also asked them to email additional concerns. Several companies including from India and abroad are looking to help the NCRB in developing the surveillance tool (full list at the end). NCRB has also extended the last date of submitting bids to October 8, and this is the twelfth deadline extension.
NCRB divulges more insight into the surveillance tool
The NCRB offered more details about how the facial recognition tool will be integrated with other surveillance databases, and how information from those databases will be migrated into the surveillance tool:
- Integration with CCTNS and NAFIS: Selected vendors will have to develop the APIs (application programming interface), which defines interactions with a web-based software, for integrating the facial recognition system with surveillance databases such as CCTNS and NAFIS, in consultation with the Home Ministry or NCRB. Using the metadata available in CCTNS and ICJS along with images and visuals, a crime analytics software can be used to generate dynamic reports for analysing crime patterns, NCRB said.
- Accuracy of the facial recognition system: NEC Technologies pointed out that “Any Biometric system achieving of 100% accuracy is not possible (sic)”. To this, NCRB said that the system should be able to give an accurate face match for every search in the top two results for mugshots, during “peak usage hours”. For images where a face is slanted or at an angle, The system should be capable of “achieving the accuracy of getting hits 9 out of 10 times in top 10 results”, NCRB said.
- NCRB did not accept the fact that bidding companies shouldn’t be headquartered in China: The current tender document for the AFRS states that any foreign company that wishes to participate in the bidding process must have a global support setup. However, NEC, in their queries recommended that the NCRB should change this requirement to reflect that the developer of the facial recognition algorithm should not be headquartered in China, and that this developer should have a registered office in India for the last five years. NCRB did not accept any of these recommendations.
- N:N facial verification explained: One of the requirements of the surveillance tool is that it should be able to carry out N:N matching apart from 1:N and 1:1, but the issue is that N:N verification wasn’t clearly defined. While responding to a question asked by French digital ID company Idemia, NCRB explained that N:N is a bulk search requirement of images to images and crime scene video to video search.
- Data migration: NCRB said around 50 lakh facial images will have to be transferred to AFRS’s database. The developer of the system will also have to identify duplicate records within databases, based on the facial attributes of a person. This will then have to be linked so that all information on that person is available if any one of their photograph is searched. The AFRS will be integrated with databases like CCTNS and ICJS. While responding to a question raised by Hewlett Packard (HP), NCRB said that the database will eventually consist of 5 crore images. In response to a separate question asked by Swiss biometric company Tech 5, NCRB explained how deduplication will happen: “Based on photographs of a person, a group of such cases has to be created. The id of that group will be a unique id (sic)”. This basically means that all similar photographs will be grouped together and will be assigned a unique ID.
- On concerns around recognising faces modified by plastic surgery: Plastic surgery as a feature for facial recognition has not shown much promise, Innefu Labs, which makes facial recognition systems for the Delhi Police said. “In light of this, does plastic surgery as a feature for facial matching and recognition remain a non-negotiable component, or does it have certain parameters or relaxations in its requirement,” Innefu asked. To this, NCRB responded that the testing database will include plastic surgery cases, and if a system isn’t able to detect them, they will lose marks in that category. Israel’s AnyVision also urged the NCRB to remove the plastic surgery requirement as it could “completely change the facial features in many cases and that makes the expectation very open ended”.
- No connection to a video management software: Responding to a question raised by NEC Technologies on whether the facial recognition system will be integrated with a video management system, NCRB clarified that there will not be any such integration. A video management system is a component of a security camera system that collects video from CCTV feeds.
- A Windows mobile app to search the facial dataset: NCRB said that the selected bidder will have to mandatorily develop an app for “Windows mobile” to carry out facial recognition. However, NEC Technologies pointed out that Windows mobiles are now defunct. NCRB then said that the functional requirements for the mobile app are the same as a browser-based application, and users should be able to search and see the results on it. The system should have the capability to handle 2500 users concurrently. Several companies including Indian state-owned BECIL, France’s Idemia, and Israel’s AnyVision urged the NCRB to not require an app developed for Windows phones.
A Delhi Police facial recognition vendor doesn’t want foreign companies to participate
Innefu Labs, a prospective bidder for the AFRS, and also a supplier of facial recognition systems to the Delhi Police said that its facial recognition software has been trained on over 3 million “South Asian” faces using Artificial Intelligence based Deep learning and machine learning algorithms. It claimed that achieving desired levels of accuracy by foreign companies will be “well near impossible”.
NIST accused of accommodating ‘backdoors’: NCRB has made it “desirable” for bidders to have participated in a vendor evaluation test conducted by US’ National Institute of Standards and Technology. However, Innefu Labs claimed NIST has been accused of accommodating backdoor entries for the US’ National Security Agency, thereby rendering this as a “security risk”.
“Keeping the nature and scope of project into consideration with the stakeholders like NCRB/MHA/State/UT Police Forces/ Law Enforcement Agencies, it is not recommended to expose the facial data of identified Criminals / Radical profiles / terrorists and other such classified person all across India to a Foreign based Organization which may have a backdoor provision of relaying to any other agency outside India. Request you to remove this clause,” Innefu Labs told NCRB.
No preference to ‘Make in India’: Touting its Indian credentials, Innefu Labs said that the tender document doesn’t give any kind of preference to Indian companies, and is “favoring a preferred foreign / Internal OEM which is quite visible in the entire tender document at multiple places”. MediaNama has understood that this is likely a reference to NEC Technologies. To this, NCRB responded by saying that DPIIT-recognised startups and MSMEs have been given several relaxations to participate in the bidding process.
Tata Consultancy Services also told the NCRB to remove the NIST requirement as “the main reason for re-tendering the AFRS opportunity was to promote make in India”.
Innefu also argued that the surveillance system should have “100% Indian IP rights with company establishment, development house / R&D Lab and Support Center based out of India since [the] last 8+ years”. It also recommended that the application must be developed in India using India datasets. The manufacturer should share the source code in escrow account, it said. However, NCRB declined to accept both these recommendations saying that it will make the tender restrictive, and that the training dataset will be planned with the bidder at a later date.
Companies that look interested in building the surveillance tool
Here’s a list of all the companies and individuals who sent questions to the NCRB on the facial recognition tool:
- Centre for Development of Advanced Computing (CDAC) Pune (India, IT Ministry’s R&D department)
- Tata Consultancy Services (India)
- Telecommunications Consultants India Limited (India, state-owned)
- NEC Technologies (Japan)
- Innefu Labs (India)
- Bharat Electronics (India, state-owned)
- BECIL (India, state-owned)
- Idemia (France)
- Tech5 (Switzerland)
- VARA Technology (India)
- Hewlett Packard Enterprise Pointnext
- A person called Ashok Kumar Barama also sent a few questions. MCA filings indicate that he’s the MD of Labcal Biometric Technologies
- Gemalto, from Thales Group (France)
- FaceTagr (India)
- Ernst and Young (USA)
- AnyVision (Israel)
- UL Technology Solutions (India)
- Pyramid (We couldn’t ascertain which company this is, but from the questions it asked, it looks like it’s an India-based company, as it was batting only for Indian companies to participate in the bid)
- Leading Edge Communication (India)