The facial recognition drafted

The technology allows the police to match photos of subjects against a set of large databases. In the case of the rally, police officers matched attendees to video footage collected at the ongoing protests, allowing for the identification of potential rabble-rousers.

While the intention may seem understandable, the video surveillance and tracking of these ‘suspects’ has no legal basis. At present, the century-old Identification of Prisoners Act (IPA), only allows for the capture of fingerprints of prisoners as long as they are in jail. Once a prisoner is acquitted, the authorities are required to erase the record. In reality, authorities rarely comply with even this.

If the Union government has its way, however, this is set to change. Drastically.

For over two years now, the National Crime Records Bureau (NCRB)—the technology and statistical arm of the Ministry of Home Affairs (MHA)—has been working to amend the IPA. It aims to widen the scope of collection of all key biometrics, its storage, and the duration for which this data can be stored.

The actions

According to a high-ranking official working closely with the NCRB, the division’s Central Finger Print Bureau submitted nine amendments to the IPA. The home ministry has assimilated these in the form of a new Bill —the Identification of Prisoners and Arrested Persons Bill, 2020. It will likely be tabled in the Monsoon session of Parliament, which begins in July, the official said. Another official involved in the drafting of the Bill confirmed this, saying it would also legitimise this sort of data as evidence—something that has previously been a grey area.

If passed in its current form, the Bill will provide legislative backing far beyond the mere collection of fingerprints. The biometrics it will include range from foot and palm prints to photos, iris and retina images, voice samples, and even vein patterns.

Crucially, the Bill allows police agencies to collect biometric samples of not just prisoners and arrested persons but also individuals summoned for interrogation, as per section 41A of the Code of Criminal Procedure. “We can’t arrest some people. However, cops may want to examine biometrics to check the antecedents of the person,” the official explained. The Ken reached out to high-ranking NCRB officials for comment, but they declined to confirm or deny the Bill’s existence.

The collection of these biometrics will depend on the nature of the crime. The law would provide for time limits for storage of these biometrics, official sources said. “Not every biometric will be stored. The law will provide for what to collect and when,” the official said.

The Bill would tie in beautifully with the NCRB’s surveillance ambitions. In July 2019, the crime bureau issued a tender to set up a national AFRS. Under the AFRS, the crime bureau will link facial recognition tech to a series of databases. These include Crime and Criminal Tracking and Network Systems (CCTNS), a country record of criminals and their modus operandi.

Should the Bill pass, the video surveillance and tracking of criminals and suspects—including the capture of all facial features—will automatically be legalised, with the NCRB at the forefront of it all.

The all-seeing eye

The current lack of legislation surrounding surveillance hasn’t deterred states and intelligence agencies from pushing the envelope. Over the past years, trawling social media posts and chats, unauthorised access to call records, and the use of facial recognition and fingerprints to identify suspects have all become commonplace.

Telangana, for example, has built a ‘state of the art’ surveillance system, which brings together citizen records from voter ID databases, drivers licences, vehicle registration, ration cards, and other social schemes. The collated data set is called the ‘Integrated Information Hub’.

In Hyderabad, the police force employs a mobile app called the TS COP. Using a suspect’s name and a photo clicked by the police, the app can trawl several state databases—voter IDs or ration cards, for instance—and check one’s ID and police records.

All of this, says Supreme Court advocate Prasanna S, is illegal.

Traditionally, police and other law enforcement agencies have relied on mobile call data and financial transactions data for investigation and tracking of individuals. In security parlance, this is known as structured data. The problem with this, though, is co-relating these scattered inputs, said a senior executive with one of the security advisory firms.