wordpress blog stats
Connect with us

Hi, what are you looking for?

Explained: Why in the world is India’s Telecom department using facial recognition on SIM users?

The technology used by it is called ‘Artificial Intelligence and Facial Recognition Powered Solution for Telecom Sim Subscriber Verification—ASTR’

Some time ago, MediaNama talked about how the Haryana police deactivated 983 fraud SIM cards sextortion, ATM fraud and other crimes. The technology used by them is called the ‘Artificial Intelligence and Facial Recognition Powered Solution for Telecom Sim Subscriber Verification – ASTR.’ This mouthful of a name, despite its confusing acronym, gives you a rough idea of how the tool is used. And yet obviously, where there’s facial recognition, there arise questions about privacy and personal data safeguards. So, for the uninitiated, here’s a short explainer on ASTR and the concerns associated with it.

What is ASTR? Created specifically to address problems of SIM-card fraud, ASTR was conceptualised and implemented by the Department of Telecommunications (DoT) Haryana LSA unit “to carry out 100% mobile subscriber verification”.

How does it work? The system uses subscriber images provided by the Telecom Subscriber Providers (TSPs) as per DoT instructions and compares the same to groups of similar images using facial recognition. It also compares other details available in the database to confirm any cases of forged documents or duplication of SIM card registrations under different names, guardian name, date of birth or any other KYC parameter.

Basically, the flow chart works like this:

  1. Run all subscriber images through ASTR’s facial recognition mechanism until you get a match
  2. Use fuzzy logic for finding a unique set of names

Oh, what is fuzzy logic? According to an explainer video released by DoT authorities, “fuzzy logic is a science of approximate string matching”.  Using this, authorities can identify two entries that are approximately similar and so find a set of subscriber names.

  1. ASTR conducts unique mapping of the subscriber image with names.
  2. Police or any other relevant authority finds the fraudulent subscribers – with the same face but using different names via fake proof of identity and proof of address.
  3. Alternatively, ASTR comes across individual subscribers that have over nine SIMs in their name, in violation of DoT guidelines.

The Indian government claims that by detecting fraudulent SIMs and re-verification, law enforcement agencies can find the bank accounts and social media accounts linked to the fake SIMs and reduce cybercrime in the country. It also claimed that the offending person will be traceable using such a system.

FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.

Has ASTR proved useful? ASTR was first implemented in the Mewat region of Haryana which had reported the highest cases of SIM-card related fraud. As we mentioned before, No police near the Amravalli region of Haryana deactivated the contentious SIMs.

Before that The Economic Times in April reported that the use of ASTR has helped neutralise cybercrime syndicates in Mewat. And yet, despite this rosy picture, privacy concerns remain. According to the government video introducing ASTR, before its launch, there were approximately 16.70 lakh SIMs in Mewat across all TSPs. After running the details of these subscribers through ASTR, approximately 4.28 lakh SIMs that were considered suspicious were disconnected from the telecom network.

ASTR has an upper hand over conventional text-based analysis that is limited to finding similarities between the proof of identities or addresses and the accuracy of the provided information.

Our take on ASTR: Considering the increasing number of cybercrimes since Covid-19, it makes sense that the Indian government would want to use AI-based technology to fight the rising crime. However, there is no reason or provision that justifies the Telecom department’s decision to dismiss people’s consent before scanning their faces. Largely, what we are wondering is this:

  1. Was there a notification circulated when people’s data was processed via ASTR?
  2. How is the Telecom department ensuring people’s privacy if their mobile numbers are being scanned without their permission?
  3. Where is this data being stored?
  4. For how long is the subscriber data stored by ASTR, especially if the subscriber is verified or has a legitimate number of SIMs?
  5. Under the Criminal Procedure (Identification- CPIA) Bill, 2022, data collected from suspects can be retained for 75 years. If the subscribers verified are suspected of being involved in cybercrime, does their data come under the ambit of such provisions?

MediaNama sent some of these queries to the DoT by way of an RTI and is still waiting for a satisfactory response. All of this is not to say that “ASTR is bad”. The way we see it, there are two possible outcomes to ASTR.

Outcome 1 – Suppose a person using such fraudulent SIMs harasses or threatens individuals to extort money/information. The ASTR will allow the police to find not just the criminal’s identity and address but also detect their face. That is a desirable outcome. That is what the DoT and police are focussing on and pushing for ASTR accordingly.

Outcome 2 – Suppose you are an innocent SIM card holder who has gone through the ASTR system. Your data is now stored in the system for an X period of time that is not known to the people. The DoT will have access to your identity and address details and may share them with other government departments if they feel like it. All this time, your data will be circulated without your knowledge, which is essentially a violation of your privacy rights.

Take another scenario where you are an activist or someone involved in work that holds the government accountable. The data collected by ASTR will now be kept by DoT which is at liberty to share the same with the local police who can use the data for investigation–again without your knowledge. Plus, if we consider this in the backdrop of the Criminal Procedure Bill, 2022, the activist will already be considered a “suspect” for alleged cybercrime.

In the latter two cases, the big question is: where is the safeguard for people to have some amount of control over their personal data?

Even under the Digital Personal Data Protection Bill, 2022, a Data Fiduciary must send a notice to a Data Principal before their data is processed. Even if we assume that the authorities are acting under the provision of deemed consent–that deems the Data Principal to have consented to the processing of their personal information–it’s worth asking how such a mechanism will work in the case of the Criminal Procedure Bill, 2022.

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read:

Written By

I'm interested in the shaping and strengthening of rights in the digital space. I cover cybersecurity, platform regulation, gig worker economy. In my free time, I'm either binge-watching an anime or off on a hike.

Free Reads


The MPA has historically advocated for stronger copyright enforcement measures to combat online piracy.


The next-gen chip from MTIA v2 will double the on-chip SRAM size and triple the local PE storage size, revealed Meta

A Microsoft building A Microsoft building


The pitch was said to be part of an "AI literacy" training seminar hosted by the US Space Force back in October, 2023, The...

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...


Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...


The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...


Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ