Beyond Aadhaar: India wants to create a giant centralized facial recognition database

Two years ago, Privacy News Online wrote about Aadhaar, India’s billion-person biometric database, used to check identity, and its potential to become the world’s biggest privacy disaster. Barely six months after that post, it emerged that access to the Aadhaar database could be bought very cheaply, as reported here by the Indian newspaper The Tribune:

It took just Rs 500 [about $8], paid through Paytm [an Indian online payment system], and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.

What is more, The Tribune team paid another Rs 300 [$4.75], for which the agent provided “software” that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.

Despite that breach of security, it seems the country’s appetite for giant databases of personal information is still not satisfied, and that it wants to go beyond Aadhaar. A 172-page document published by India’s National Crime Records Bureau requests bids from companies to build what is likely to become one of the world’s largest facial recognition databases. It would allow police from across the country’s 29 states and seven union territories to have access to a single, centralized resource. The document says that automated facial recognition systems can play “a very vital role in improving outcomes in the area of Criminal identification and verification by facilitating easy recording, analysis, retrieval and sharing of Information between different organizations.” Here’s the basic idea from the bid document:

The solution will be web-based application which will be accessed through a web browser on computers. Identifying or verifying a person from various kinds of photo inputs from digital image file to video source. The system shall offer logical algorithms and user-friendly, simple graphical user interface making it easy to perform the facial matching.

Capture face images from CCTV feed and generate alerts if a blacklist match is found.

Add photographs obtained from newspapers, raids, sent by people, sketches etc. to the criminal’s repository tagged for sex, age, scars, tattoos, etc. for future searches.

As that indicates, the idea is that any kind of image – whether a photograph, a drawing, or a CCTV feed capture – can be run against the database to search for matches. The system will be required to have an option to upload bulk subject images, and to generate alerts if any of the subject images matches with the registered faces in the database. The requirements for the new system are extremely demanding. The system will be expected to find matches even subject to the following limitations:

i. Varied lighting conditions.
ii. Small image sizes (300 x 300 pixels)
iii. Low Jpeg image quality.
iv. Plastic Surgery
v. Aged Images
vi. Bearded faced images
vii. Makeup images
viii. Slanted Face

And just to make creating this system even more challenging, the bid document says that everything needs to be built in just 30 weeks. The ambition and complexity of the system means that is close to impossible. At best, there is likely to be either a skeletal, incomplete solution, or one that appears finished, but is in fact deeply flawed. Given the sensitivity of the information held, that’s a huge concern. One of the first things that suffers on rushed projects is security. Even though the bid document emphasizes that “Information security is very important to maintain Integrity, Confidentiality & Availability of data”, it won’t prevent mistakes being made, or backdoors being left accidentally for others to discover.

It seems likely, then, that the implementation period will be extended if the Indian government intends to go ahead with this project. However, even assuming that the best code is written under the circumstances, and problems, when found, are fixed, there is another huge issue with India’s facial recognition database.

One source of images explicitly mentioned in the bid document is from the country’s passport database. That’s dangerous enough, since it would potentially allow a huge number of innocent citizens to be included in the system with little oversight. But conspicuous by its absence is any mention of India’s biggest facial image database: Aadhaar. There is, however, a requirement that “The solution should be compatible with other biometric solutions … for generation of comprehensive biometric authentication reports.” Once the system is up and running, and the main problems have been sorted out, it is easy to imagine that the police and grandstanding politicians will start calling for Aadhaar’s images to be added to the database. After all, the argument will surely go, if doing so makes it easier to catch criminals, identify dead bodies and find lost or kidnapped children – the stated aims of the new database – surely it would be immoral not to do so?

This is the problem with all such systems. Once they exist, there is a constant pressure to extend them, because it is easy to make these incremental steps seem quite minor extensions after the initial work has been completed. But adding in some or even many of the billion images of Indian citizens to a facial recognition system designed to be used routinely by the police across the country would create a surveillance system that eliminated privacy in every public place. Indian citizens need to start considering and resisting this risk now, before it is too late to do anything about it.

Featured image by Biswarup Ganguly.