The first phase of DigiYatra – the Indian government’s paperless air travel project which uses facial recognition – will be implemented in major airports across the country by March 2023, the Ministry of Civil Aviation revealed in response to a parliamentary question by Rajya Sabha MP Kirodi Lal Meena on April 4.
The facial recognition tech-based boarding system will be rolled out at airports in Kolkata, Varanasi, Pune, Vijayawada, Bengaluru, Delhi, and Hyderabad. In 2021, this system was implemented for a trial period in these airports. Those who want to opt-out of this system can still use the existing boarding process.
The government has been pushing to implement facial recognition technology at various locations including multiple examination centres and railway stations. These programmes are being implemented at a time when India does not have legislation in place to regulate such technology and the data generated.
Dear reader, we urgently need to build capacity to cover the fast-moving tech policy space. For that, our independent newsroom is counting on you. Subscribe to MediaNama today, and help us report on the policies that govern the internet.
DigiYatra will be integrated with Aadhaar, CoWIN: RTI
In response to an RTI filed by the Internet Freedom Foundation (IFF), the Ministry of Civil Aviation said that DigiYatra will be integrated with Aadhaar, driving license, PAN, passport, and CoWIN data.
The ministry also informed that Rs 165.43 crores will be spent over seven years for the implementation of this scheme at four AAI airports. However, since the first phase includes a higher number (7) of airports, it’s safe to assume that the expenditure also goes up.
IFF’s RTI was filed in connection to facial recognition being carried out at the Varanasi airport. NEC Corporation Pvt Ltd and Larsen & Toubro (L&T) bid for the tender floated for FRT systems at Varanasi airport.
Last year, Minister of State for Civil Aviation General (retd) V K Singh confirmed in Parliament that NEC Corporation was chosen to implement facial recognition-based biometric boarding at Varanasi, Pune, Kolkata, and Vijayawada airports.
The selection of the vendor was done through an open tender process, Singh informed.
“Our focus is on creating a technology which accurately (99.99%) identifies people and delivers services to them. We are also working with some banks to create finer print supported money transfer systems for bank employees,” Pradeep Kushwaha, the head of public safety at NEC Corporation was quoted as saying by The Hindu
How will the DigiYatra system work?
Access through biometrics: “A camera will capture the face for comparing with DigiYatraID Photo. On successful verification of the travel details and facial matching, the E-Gate will open. The system will also generate a token in the system combining the face of passenger with PNR of the ticket, so that at subsequent check points the ticket details will be available on face recognition,” former MoCA secretary Rajiv Nayan Choubey had said.
Boarding after facial verification: “At check-in counter or at the Self Bag Drop counter, the passenger will be identified by face and there is no need to show any document or ID for this purpose. The passenger will gain entry to the security check area through an E-Gate by facial recognition. Similarly at the boarding gate also the passenger will be identified by face for entering through an E-Gate for boarding the aircraft,” he said, adding that physical frisking of passengers as per security procedures will continue.
DigiYatra ID: One can get a DigiYatra ID by sharing details such as name, e-mail ID, mobile number, and details of an approved ID; Aadhaar ID is not mandatory, former MoCA minister Jayant Sinha explained.”This DigiYatra ID will be shared by passengers while booking ticket. Airlines will share the passenger data and DigiYatraID with the departure airport,” he said.
One-time verification: Sinha pointed out that a passenger who has created the Digi Yatra ID has to undergo a one-time verification at the departure airport during his/her first travel. “In case a passenger opted for Aadhar based verification, the identity will be verified online. On successful verification, facial biometric will be captured and stored in the Digi Yatra ID profile of the passenger. In case the passenger has chosen any other identity for creating Digi Yatra ID, verification will be done manually by security personnel and facial biometrics will be captured and stored in the Digi Yatra ID profile. By this process the registration is complete,” he explained.
DigiYatra fails to fulfill thresholds in Right to Privacy judgement
Exemptions in policy are vague: In its legal analysis of the DigiYatra Policy, IFF pointed out that the exemption given to the Bureau of Security Standards to change data-purge settings based on security requirements, was ‘wide and vague’. “Sharing of biometric data with the government agencies without consent may also lead to violations of specific fundamental rights such as the right to move freely within the territory of India enshrined in Article 19(1)(d) of the Constitution of India,” IFF said.
“This is because it could result in additional screening measures for those categories which have historically lower facial recognition accuracy rates such as women and people with darker skin as reduced accuracy could result in them not being identified as themselves correctly.” — Internet Freedom Foundation
Right to Privacy: “The Policy does not have any force of law as it is untethered to any policy or legal framework and is thus unenforceable. Further, it fails to fulfill the thresholds of necessity (which justifies that the restriction to people’s privacy is needed in a democratic society) and proportionality (where the Government must show that the intrusion is proportional to the necessity and that there are no other alternatives which can fulfill said mandate). This is because mere convenience cannot be justified as a necessary restriction on privacy,” IFF said.
Draft Data Protection Bill is insufficient: “Clause 35 of the Bill grants powers to the Central Government to exempt certain departments from the application of the Bill if it feels it necessary for certain legitimate purposes such as security of state. It stands to reason that therefore exemption under Clause 35 could also be provided to data processed under the Scheme as the Policy itself also discusses sharing data with security agencies and other government agencies,” IFF said.
An app may be used for capturing facial data
To avail DigiYatra services, one has to send their travel details including facial biometrics, PNR number, and other passenger details to an app. This information will be received by the biometric boarding system of the respective airport, Singh said.
“Moreover, if for a particular journey, the passenger does not want to avail the Digi Yatra services then the passenger has an option to not send the data and use existing manual process at airports.” — General (retd) VK Singh, Minister of State for Civil Aviation
Moreover, Singh informed that when a passenger would share their data it would be used “for the purpose defined and would not be shared with any external stakeholder.” He also said that the passenger data will not be retained for more than 24 hours after the departure of the flight.
Independent teams to assess the security of the DigiYatra ecosystem: “The Digi Yatra Central Ecosystem envisages assessments (by independent teams to assess the level of security and system resilience to protect PII) and periodic audits by governing/regulatory bodies e.g. CERT-IN and/or STQC etc., twice every year,” Singh said. He also claimed that the facial recognition that was being introduced was as per “industry ISO standards”, and with algorithms “complying to data privacy and data protection requirement as laid down by government.”
What happens when facial recognition is used on people of colour?
Despite claims that FRT systems have a 100% success rate in identifying people, a study conducted by tech policy researchers audited four FRT tools (Amazon’s Rekognition, Microsoft Azure’s Face, Face++ and FaceX) and found the following:
- The facial recognition tools failed to identify far more Indian women than Indian men.
- Out of 32,000 faces that were a part of the study’s database, over 2,000 Indian women were misidentified.
- The error rate was highest in the case of Microsoft which was unable to detect a little over 1,000 Indian faces.
- FaceX, which is produced by a Bengaluru-based company, misidentified the gender of Indian women 11% of the time and 1.35% of the time in the case of men. It also failed to detect over 800 Indian faces.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
Also Read:
- Facial Recognition-Equipped CCTVs Installed At 310 Railway Stations: IT Minister In Parliament
- A Complete Guide To The Personal Data Protection Bill, 2019
- Exclusive: Major Entrance Examinations Such As JEE, NEET, UGC-NET To Come Under Facial Recognition Surveillance
- RTI On FRT-Based Authentication Reveals Details About Govt’s ‘Touchless’ Vaccination Pilot Project
Have something to add? Subscribe to MediaNama here and post your comment.
