SUMMARY
The government think tank has proposed a codified data protection regime ‘at the earliest’ to govern facial recognition technology systems in India
Build Digi Yatra around principles of equality, non-inclusivity, privacy, safety, transparency, reliability and accountability: NITI Aayog
India is currently home to 125 facial recognition systems, with the government spending more than INR 1,464.18 Cr on such products so far
Government think tank NITI Aayog has called for instituting data protection laws to govern use of facial recognition technology in the country.
“In order to ensure propriety and legality in the manner in which data processing happens to train and develop FRT systems, it is imperative to have a codified data protection regime in the country at the earliest,” said NITI Aayog.
The think tank made the observation in a draft discussion paper ‘Responsible AI for All: Adopting the Framework – A use case approach on Facial Recognition Technology.’ It has sought comments from the general public till November 30 via email.
The paper proposes rigorous standards for data processing, storage and retention to adequately address privacy issues associated with facial recognition technologies (FRTs). It also envisages the constitution of an ethical committee to assess the implications of FRTs and oversee their mitigation measures.
NITI Aayog has also called on the developers and vendors of FRTs to consider the ‘realities of the Indian population in training the AI model. Essentially, it has sought an accurate and inclusive identification mechanism to train FRT systems across segments of Indian face types, genders, age, and others.
Vendors have also been told to customise the products according to Indian use. The paper also calls on the players to embed the element of human review into the AI system for specific uses and grey areas.
The Digi Yatra Scope
Dissecting the Ministry of Civil Aviation’s ambitious Digital Yatra project, NITI Aayog highlighted a slew of issues that could potentially come to the fore of the initiative. The think tank has recommended building the project around principles of equality, non-inclusivity, privacy, safety, transparency, reliability and accountability.
It has sought more clarity on deletion of facial biometric data from the database of airports and other allied registries. Currently, Digital Yatra rules mandate that airports delete biometric facial data related to flyers on just the airport’s servers within 24 hours.
The paper also calls for the authorities to specify any security-based exceptions regarding data usage, adding that the proposed ethics panel should clearly define standard operating procedures (SOPs) for such black swan events.
“Any security-based exceptions should be clearly identified by the proposed ethics committee and must be set out within the SOPs. This should be a continuous process that is updated regularly as deemed necessary,” said the report.
It has also sought implementation of a robust and state-of-the-art information security throughout the Digi Yatra Central Ecosystem. Calling for adopting peer-to-peer encrypted communication systems, NITI Aayog made reference to in-built privacy designs to ensure security of data hosted on the platform.
Besides, it has also recommended frequent cybersecurity audits, vulnerability tests and algorithmic audits of the airport FRT platform at set intervals.
The think tank has also directed the government to identify a responsible body to publish standards for ‘representativeness’ of datasets for training FRT systems.
Pointing to the digital divide in the country, the paper has also sought retention of manual identity verification at airports to avoid the pitfalls of Digi Yatra emerging as an exclusionary service.
It has also warned against sharing of personal data with third party service providers, without the explicit permission of the user.
“The Digi Yatra Policy mentions that users may also be able to provide consent for value-added services at the airport, for which purpose their data may be shared with other entities like cab operators and other commercial entities. There must be specific care taken to ensure that such consent is meaningfully provided and is not bundled by default,” said NITI Aayog.
Critics Raise Alarm
The recommendations come close on the heels of deployment of facial recognition systems for passenger verification at Delhi and Bengaluru airports on Independence Day this year. This was part of the beta version of the DigiYatra which was unveiled for passengers at these two airports.
FRTs allow easy passenger verification at airports using just facial biometric data. Once implemented, the project will enable airport operators to lower congestion and allow for a paperless and a contactless passenger experience. Many have also pointed out that the project could supplement human efforts through automation and reduce operational costs for both airport operators and airlines.
While the project is expected to be launched at other locations too, critics have panned the technology citing ‘pervasive surveillance.’ Recently, many privacy experts and activists said that the project may lead to misuse of air passengers’ data and unauthorised surveillance.
Besides, there is no data governance framework to oversee collection and retention of the sensitive data. While the government has tried to assuage the public about the safety of such platforms, the recent past has seen many knocking on the doors of court to prevent the percolation of the technology.
Last month, the Allahabad High Court sought a reply from the Uttar Pradesh government on a plea challenging the use of FRT for recording attendance of the teaching and non teaching staff at Kanpur’s Chhatrapati Shahu Ji Maharaj University.
Earlier this year, the Telangana High Court (HC) also issued notices to the state government and Hyderabad police commissioner on a petition that questioned the alleged use of face recognition technology by officials without proper sanction.
125 facial recognition systems are currently installed in the country, with the government spending more than INR 1,464.18 Cr on such systems so far.
