NCRB finally responds to legal notice on facial recognition, we promptly send a rejoinder...

The NCRB promptly responds as we followed up on our legal notice and IFF replies having to restate original asks.

08 November, 2019
3 min read

Tl;dr

We sent a legal notice to the National Crime Records Bureau (NCRB) on August 18, 2019 to halt and recall the invitation for bids for the implementation of a centralised Automated Facial Recognition System (AFRS) put out on June 28, 2019 with extremely worrying features of the system. With no response, we sent a follow up on October 31, 2019, to which we received a very detailed reply by the NCRB on November 5, 2019. Excitedly, we readied ourselves to send across a rejoinder to their response but much to our dismay, we largely had to restate our original asks.

Position unchanged

The follow up to our legal notice was graced by peculiar circumstances. The NCRB responded on November 5, 2019 with a  detailed parawise reply to our notice dated August 18, 2019. However, not long after, we received emails from NCRB officials stating that they wished to recall the email response sent to us. Naturally, we wrote back enquiring if an updated or finalised version of the document needed to be sent, to which there has been no clarification.

Given the tender closes today, we promptly sent across our rejoinder two days back, in the same format of their response. It involved us indulging in a lot of rebutting and here's what we had to say briefly.

  1. Main submission dealt with legality
    Our legal notice informed the NCRB that there was no legislative framework that gave AFRS any legality and we reiterated that once again. Why? Because the NCRB informed us that AFRS will be hosted on the CCTNS database which finds its supposed legality in the CCTNS Cabinet Note of 2009. We made sure to explain that a cabinet note is not a statutory enactment but a record of proceedings, and hence, AFRS continues to lack legality. We very clearly observed that the use of such systems on dead bodies appears slightly redundant on account of bodies beginning to decompose within 24 hours after death, which does not justify public expenditure on this.
  2. Flawed understanding of consent
    The response was firm in stating that the principle of consent would not be violated but did not have much to substantiate this point. It also says that Aadhaar would not be integrated with AFRS. We sure had a lot to say to this; our rejoinder pointed out the inadvertent access that the integration of various databases will provide. Further, the Aadhaar database, through the already existing access State police have, quite clearly violates consent considering that an individual may have only given consent to one database and its use.
  3. Systems are apparently too cutting edge
    Our concerns of misidentification and discriminatory profiling were met with blanket responses that AFRS would simply not face these problems as it would meet NIST standards (National Institute of Standards and Technology) and also have sufficient safeguards in its Standard Operating Procedure. Our response makes sure to highlight how without any legal framework, there would be nothing to provide for strict safeguards and also cases from San Francisco and Massachusetts that have found that their cutting edge technology too faces concerns of misidentification and discriminatory profiling.
  4. No need for proportionality/safeguards but oversight and accountability will still exist
    The response by the NCRB claims that there would be no need for proportionality or any safeguards and they substantiate this with requirements provided for device security and unauthorised access. We point out their misunderstanding of proportionality and safeguards by explaining our worries of mass surveillance that could ensue because of such unregulated technology.

Stop! In the name of law

It is important to note that a lot of what the NCRB has stated, marks a large departure from what the Request for Proposal (the tender document) states. Although we appreciate the NCRB's efforts in responding to our legal notice, at the end of this, we had to restate most of our initial submissions. While we do not want to take any credit for this outcome, the date for the tender has once again been extended to January 3,  2020.

As a result, our rejoinder continues to ask for a withdrawl of this tender and a moratorium on all privacy invading projects until a data protection law and authority is in existence. We intend to examine all legal options to challenge it after conferring with counsel if it proceeds further.

Important Documents:

  1. IFF rejoinder dated November 6, 2019 to NCRB response dated November 5, 2019 [link]
  2. NCRB Response dated November 5, 2019 to IFF legal notice dated August 18, 2019 [link]
  3. Follow up Representation by IFF to NCRB dated October 31, 2019 [link]
  4. Previous post on Facial Recognition Systems [link]
  5. Legal notice to the National Crime Records Bureau dated August 18, 2019 [link]

Do you see eye-to-eye with us on how problematic facial recognition systems can be? Become an IFF member today!

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
No place for tech: How digital interventions in NREGA are undermining rural social security

Mandatory digital ‘solutions’ introduced in the NREGA scheme by union and state governments, like Aadhaar-based payments, mobile monitoring apps, facial authentication and surveillance tools, are impinging on workers’ statutory rights and poking holes in the rural social security net.

8 min read

2
Into IT Standing Committee’s review of action taken by MeitY following its recommendations on citizen data security and privacy

This post breaks down the 55th report of the Standing Committee on Communications and IT, in which the Committee assesses the extent to which its recommendations on citizen data security and privacy were accepted and acted upon by the Ministry of Electronics and IT.

11 min read

3
Statement: Reportedly, IT Ministry looks to block Proton Mail on request of Tamil Nadu

Reportedly, the E2EE email service Proton Mail has received communication from MeitY regarding a potential block under S.69-A IT Act, at the request of the TN police over a hoax bomb threat sent to private schools in Chennai. 

1 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!