Nagaland plans to roll out a facial recognition-based teacher attendance monitoring system across all the public schools in the state, MediaNama has learnt from a tender the state education department floated on March 2, 2022. The tender has since been taken up by unknown parties, a government source confirmed, and has been removed from both the Nagaland Education Department and Government of India’s e-Procurement websites.
The scope of the project covers the entire public schooling structure which includes not only the 1,953 primary and secondary schools under the Nagaland Board of Secondary Education but also state-funded religious schools and single teacher academies which are prevalent in the mountainous state. Notably, the state’s 717 private schools are exceptions to the rule.
“The Department of School Education realizes that while teaching positions at all levels of schooling were filled with regular teachers, there was a phenomenon of ‘proxy-teachers’ across the state, particularly in the more remote areas. This involved appointed teachers not taking classes themselves and instead sending unknown substitutes on their behalf,” the government said as the reason behind the roll-out.
The tender expects the prospective service provider to be experienced in or have ongoing assignments of maintaining attendance monitoring system for schools, educational institutes or offices in the last five years. It also expects an implementation methodology proposal from the service provider rather than have the vendor follow governmental conditions. Put simply, the tender’s criteria specifications make it look as if the Nagaland state is looking to put the entire onus of the face recognition program and its management to the third party service provider, which is probably why there is a strict non-disclosure agreement attached with the project.
Never miss out on important developments in tech policy, whether in India or across the world. Sign up for our morning newsletter, with a “Free Read of the Day”, to experience MediaNama in a whole new way.
How do facial recognition-based attendance systems work?
How does facial recognition work? Face recognition systems use computer algorithms to pick out specific, distinctive details about a person’s face. These details, such as distance between the eyes or shape of the chin, are then converted into a mathematical representation and compared to data on other faces collected in a face recognition database.
How do attendance systems use face recognition? An attendance system uses facial recognition technology (FRT) to identify and verify a person’s facial features and automatically mark attendance. This software can be used for different groups of people such as employees, students, teachers, etc. These systems record and store the facial and timestamp data in real-time.
As seen in other states, such as Andhra Pradesh and Delhi, which have implemented FRT-based attendance mechanisms in their schools, the software usually comes in the form of a mobile application. The user (student or teacher) has to first upload their master identity (could be Aadhaar, school ID card, etc.) on the app. Once that is done, the user must take a photograph of their face with the app and the algorithm would mark them present or absent based on a combination of facial recognition and location data. In some programs, the higher authorities and parents are sent attendance notifications directly on their mobile phones.
What are the Nagaland FRT program’s characteristics?
The tender’s primary criteria that the bidder needs to be able to “successfully complete an application based software development, system integration (specially projects involving central web-based solutions and hosting services), facility management services, real time data tracking etc. for entities like departments or PSUs or corporations in the last five years.”
Below, we take a closer look at the broad characteristics of this proposed project.
- Requirement Analysis and Solution Design: “The selected Agency or SI is required to carry out detailed level of requirement analysis and current system study in consultation with the identified stakeholders,” the tender says. The vendor will have to understand the scope of the application in the first phase of implementation and to this end, the department will providing them a detailed list of schools and existing teachers’ data. The agency will then prepare discovery questionnaires, requirement traceability matrixes etc. to finalize the high-level Business Requirement Document (BRD) before proceeding to create the functional design. The functional design will have to be approved before implementation.
- Data collection and validation: The vendor is required to collect all data pertaining to the existing teachers, school of the states to prepare them for data entry into the proposed system. “Data collection shall be performed at department level, district level and sub-divisional headquarter level,” the tender notes. The agency has to get the collected data verified validated by the education department before updating it in the system. “The Agency or SI is required to digitize all the data collected for teachers, schools in the system
developed after proper validation is done by the department,” the document mandates.
- Application development or customization: The state allows the select agency the freedom to create the application on its own based on the previous studies. Alternatively, the vendor can opt for COTS implementation after required customization if any off-the-shelf product meets the requirement of the proposed system. “In both the approaches the Agency or SI is expected to complete the development and customization of the application following the best practices of software engineering including unit testing, systems testing, performance testing and security testing,” the tender says.
- Application hosting: While development of the app is free, the vendor is required to ensure that the final product can be hosted in the Nagaland government’s server infrastructure. The server details and requirements have to be suggested by the agency to the Department of School Education. The vendor also has the freedom to choose the data center for hosting the attendance system but needs to also host a copy of the application in their own server. The Nagaland state would not be commissioning any servers or software for development or testing purposes although the government demands access to the vendor’s independent server.
Which third party actors will have access to the data? The tender specifies that any potential vendor needs to be based out of or at least maintain an on-ground office in Nagaland. It mentions that the vendor would need to have at least 24 personnel members in the state during the project’s implementation. These include a project manager, four project coordinators, six on-site engineers, five software developers and eight managers to train teachers in the usage of the attendance app. The developers, engineers and project coordinators may have direct access to the back end of the app.
MediaNama reached out to various officials of the state education department of Nagaland with questions regarding the rollout but they have not been answered yet. The story will be updated when the authorities send in their replies.
- Why did the state feel the need to rollout this system?
- How were traditional attendance systems falling short in Nagaland?
- Is the initiative based on any studies?
- What benefits have these studies observed?
- Has the education department examined the legal ramifications of rolling out a facial recognition system?
- While the current scope of the initiative involves only teachers at the moment, what are the chances that it wouldn’t include children next?
- According to the 2017 Puttaswamy ruling, any new intrusion into privacy rules need to be backed by law (or the law ministry), did the Nagaland government consult the law ministry before taking the decision to roll out a face recognition system?
Why are privacy rights experts worried about this rollout?
MediaNama reached out to privacy rights lawyers and cybersecurity experts to figure out the concerns regarding this sudden implementation of facial recognition technology in attendance systems.
- Legal vacuum: “There is a legal vacuum when it comes to protection of any kind of personal data considering that India does not have a data protection bill,” said Anushka Jain, senior policy counsel at the Internet Freedom Foundation. She added that even if someone’s face data got stolen and then used by some criminal group, the victim would be hard pressed to pursue data theft charges the offenders. Similarly, this vacuum also allows the various state and national government agencies to roll out surveillance or data collection initiatives with just internal consultation. “The only way to take on such cases would be either to bring up a breach in contracts or use a privacy argument,” Jain said.
- Once biometric hash code is stolen, it can’t be recovered: As mentioned above, FRT algorithms convert the captured facial data into a mathematical code to store it in its servers. This code is called a hash code and the same is also commonly used by text-based password management systems as they take up less space on the server. “If its text based hash code, then its easy to change. However, one can’t just up and change the hash code of their face, can they?” asked Nandrajog. “If someone can steal the hash code of your face then it’s out there forever. You can’t do anything about it short of changing your face.”
- Potential surveillance: Both Jain and Nandrajog were skeptical about the need to roll out face recognition tech to manage attendances. Instead they were concerned that this could lead to a wider statewide face recognition surveillance project down the line, especially amid the longstanding political turmoil in the state. Nandrajog also expressed concerns that if face recognition technology could be rolled out to monitor teachers’ attendances then the same could be done for students at any point.
- Will the source code be publicly available? According to the Ministry of Electronics and Information Technology’s (MeitY) Policy on Adoption of Open Source Software, the codes of all of the Central and compliant state governments’ various software based initiatives should be available for public viewing by communities, adopters and end-users. The measure is supposed to cover not only all new e-governance applications and systems being considered for implementation but also the new versions of the legacy and existing systems. However as in the Delhi government’s FRT-based attendance systems, the source code was not made public. “If the source code isn’t made open under the MeitY policy then what guarantee does the public have regarding the sanctity of the program? Let alone what databases it is operating on and whether and to what extent it is talking to other programs?” asked Divyam Nandrajog, cybersecurity researcher and lawyer at the Delhi High Court.
- Technological accuracy: “Facial recognition systems are not a hundred percent accurate,” Anushka Jain pointed out, adding, “So if the algorithm fails to recognize a certain person’s face then the person will be marked absent. This can then result in them losing out on leaves or even in financial repercussions. Different strata of teachers might be affected disproportionately.”
- Accessibility to private parties: “On-site engineers, data operators and government officials have access to the face recognition servers but out of these three categories, two are third party employees, raising questions about who really has access to the data,” noted Jain. She also pointed out that since the face hash codes could be stored in the private service provider’s website, the company itself might have access to this information.
- Implications of identity theft: “Once an attacker has accessed biometric hash codes, they are only limited by the limits of their imagination as to what they can do with it,” warned Nandrajog. He cited a recent case from Hyderabad where a cyber criminal was arrested with the biometric information of around 2,000 people. The man had allegedly bought the data from a source and had been using this data to help fraudsters open fake bank accounts, launder money and commit mobile based frauds. “Thousands of phishing scams are committed via phones, every day and crooks need SIM cards for each of them, biometric IDs can be used to purchase SIMs which could be used to commit further fraud under a fake identity” Nandrajog said.
Multiple states across India have adopted FRT-based attendance
The use of facial recognition systems in Indian schools is not new. Individual states have been attempting such rollouts since at least 2018. Many authorities have cited “teacher absence” and “student truancy” as the reasons behind the rollout but have faced with resistance during implementation. An RTI filed with the CBSE by digital rights organization, SFLC.in, revealed that CBSE uses facial matching as one of the authentication mechanisms in multi-factor authentication for providing digital marksheets, especially to overseas students. IIT Delhi also has a FRT enabled attendance app in place which is called Timble.
Here we look at some of these programs at state levels and see how they have fared.
- Andhra Pradesh: The Andhra Pradesh state government announced in April 2022 that it will deploy facial recognition software to address “teacher absenteeism”. Teachers in government schools will have to record their attendance twice a day through the system. The initiative is expected to cover nearly 1.89 lakh teachers. In May, the Department of School Education launched a pilot project in four zones of the state, with four different vendors. In the Guntur district, teachers are punching in their attendance through an Aadhar-enabled biometric attendance system, the MeitY’s artificial intelligence portal stated. The state nodal officer of the project told the Times of India that by using the facial recognition system, teachers can also give their attendance from their mobile phones. But they have to be present in the school as the technology is linked to the Unified District Information System for Education (U-DISE) and records the longitude and latitude of the place where the teacher is present. The government said that the system will send an attendance alert to administrative officials via SMS telling them whether the teacher is present or absent from school. Parents will also receive SMS updates on their children’s arrival to and departure from school.
- Gujarat: A system of marking attendance using face recognition technology was put into place for primary school teachers in Gujarat in September, 2019. Just a week before the announcement, the government abandoned the plan to use Microsoft’s Kaizala mobile application to mark attendance. The face recognition tech was added to an already existing online attendance application for nearly 2.5 lakh government and grant-in-aid primary school teachers (in place since December 2018), featuring geo-tagging and geo-mapping for the Block and Cluster Resource Centre coordinators. According to the Indian Express, the app is optimized with an intelligent algorithm that will record facial features of the teachers at the time of the registration, such that a minor variation will not be a hindrance in the recognition. The app was developed in association with multiple companies as part of their CSR activities and comes free of cost to the government of Gujarat.
- Tamil Nadu: Two government run higher secondary schools located in Chennai’s Triplicane and T-Nagar localities, had installed cameras equipped with facial recognition technology in order to mark the attendance of students in September, 2019 as part of a pilot project to reduce truancy. Months later, the Tamil Nadu Education Department proposed an FRT based attendance system which would work via a mobile phone app called ‘Face Reader‘. The app was rolled out in over 100 public schools as part of the project’s first phase, however, there has been no major follow-up on the project that has been reported, yet.
India’s FRT-based surveillance beyond schools
Twenty four hours state surveillance is the primary concern that privacy rights experts have with the usage facial recognition technology. Currently, the Union government is inviting proposals for the creation of a National Automated Facial Recognition System which would be used to create a national database of photographs which would be used to identify criminals by gathering existing data from various other databases like Passport, CCTNS , ICJS and Prisons, WCD Ministry’s KhoyaPaya, NAFIS or any other image database available with the police or any other government entities.
While this Central programme is still in its nascent stages, individual states have come a long way into implement facial recognition technology based surveillance networks with the help of public as well as private developers, depending on the scope of the software. Although, most of these technologies are still in the pilot stage.
- Maharashtra: As on April 2022, the Maharashtra government is planning to introduce a unique, unified ID for its residents that would provide a “360-degree view of its citizens” by merging databases managed by various departments under several government bodies. Over 56 databases, across 377 government bodies, including Maharashtra Aadhaar, Maharashtra State Police, Health, Education, and Finance departments, will be ‘participating’ in the creation of this unified database providing 360-degree profiles of the state’s residents. These profiles will also include a ‘golden record’ of each citizen consisting of details such as their names, caste, employment details, and more.
- Odisha: Under the Smart City Project, Rourkela (the third-largest city in Odisha) is all set to come under facial recognition surveillance and artificial intelligence-based video analytics for ‘tracking people’, ‘recognising patterns of demonstration in crowds’, and so on, as of April 2022.
- Uttar Pradesh: The Uttar Pradesh ‘Trinetra’ database was launched in 2018 with the intention of creating a database that will allow police officers to use face recognition, text search, biometric records analysis, phonetic search, artificial intelligence (AI) and gang analysis to “zero in on the criminal” in a “quick and targeted manner.” The app is supposed to contain the biometric details of at least five lakh alleged criminals with their data collected from the state police, the prisons department and the GRP that guards the railway network.
- Telangana: The police in Telangana have been using face recognition since at least 2019 with the advent of the TSCOP application which stores fingerprints and facial data of thousands of people. Telangana is also planning to introduce a face recognition based public distribution ration management system and earlier this year, it ran a pilot project to generate and facilitate the sharing of electronic health records (EHRs) of residents which included their identifying photographs. The use of face recognition had become so popular in Telangana that the High Court had to send a notice to the state seeking an explanation.
- Delhi: As of January 2022, the Delhi Police has installed facial recognition systems (FRS) as well as over 300 IP based CCTV cameras in and around Rajpath, the boulevard where the Republic Day parade is conducted. The facial recognition system is supposed to have a database of 50,000 ‘suspected criminals’, the commissioner of police had claimed though MediaNama couldn’t independently verify these claims.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- 360 Degree Profiling: Maharashtra Government To Assign Unique IDs To Citizens, Integrate Databases
- Exclusive: Facial Recognition In Rourkela To Track People, Detect Protest Patterns