A rose by any other name? CBSE's face matching technology is just facial recognition in disguise

Read our representation to CBSE highlighting the concerns that come along with the use of facial recognition technology which they have put in place for accessing digital documents.

21 January, 2021
4 min read

tl;dr

After coming across reports that the Central Board of Secondary Education (CBSE) was using facial recognition technology to provide access to digital documents, we pursued multiple paths of transparency and accountability. Firstly, we filed RTIs and then we wrote to them highlighting our concerns.

What is the CBSE doing?

As per a news report published in the Indian Express, the CBSE is now using facial recognition technology to provide access to digital documents to students.  The application will enable students to download their digital academic documents of classes 10 & 12 after a live image of the student is matched with the photograph on the CBSE admit card already stored in the repository.

First step: Right to Information

Pursuant to this, we filed a Right to Information request with CBSE bearing reference no. CBSED/R/E/20/03761 on October 28, 2020 asking them to provide information about the scope and nature of the project. In their reply dated November 24, 2020 bearing reference no. CBSED/R/E/20/03761/3176, CBSE stated that they were not using facial recognition technology instead they were using face matching technology thereby trying to create a measure of difference between the two.

As a result, we filed another RTI request on December 10, 2020 bearing reference no. CBSED/R/E/20/04158 asking CBSE to explain how the face matching technology operates. However, even after the prescribed time limit of 30 days within which a reply has to be provided expired, the CBSE has failed to provide any response to our second request.  As a result, we have filed a first appeal highlighting the CBSE's failure to respond. We still await further information on this for which we reserve our rights to remedies as per law.

Next step: A recommendation to halt use by highlighting concerns

Since we have received no response on our last RTI request, we decided to write to the CBSE highlighting the various concerns that use of facial recognition brings with it.

A. Concerns related to privacy

Use of this technology, in a legal vacuum, especially with regard to children, is extremely concerning as pertaining to the fundamental right to privacy. Here, we take the liberty to draw your attention to the Hon’ble Supreme Court's decision in Justice K.S. Puttaswamy vs Union of India (2017) 10 SCC 1 which says that certain standards have to be met in order to justify intrusion by the State into the right to privacy. These standards are :

a. Legality (existence of a law) : Where the intrusion must take place a defined regime of law i.e. there must be an anchoring legislation, with a clear set of provisions.

b. Legitimate goal/state aim : Which justifies that the restriction to people’s privacy (in this case data collection and sharing) is needed in a democratic society to fulfill a legitimate state aim.

c. Proportionality : Where the Government must show among other things that the measure being undertaken has a rational nexus with the objective. The state must also demonstrate that there are no other alternatives both analog and digital which can fulfil said mandate which are less intrusive but equally effective; and that the extent of the interference is proportionate to its need.

d. Procedural guarantees to check against the abuse of State interference : Where there is an appropriate independent institutional mechanism, with in-built procedural safeguards aligned with standards of procedure established by law which are just, fair and reasonable to prevent abuse.

Laws with regard to facial recognition which may act as anchoring legislations, unfortunately do not exist in India thereby failing to satisfy the first Puttuswamy standard. Additionally, the use of FRT by CBSE fails to satisfy the proportionality requirement since, according to the reply sent to us by CBSE, it is just one of the authentication mechanisms being used under the multi-factor authentication process in place. Finally, there are no procedural guarantees, such as a data protection law, in place to ensure that misuse of the technology does not take place thereby increasing the risks related to its use.

B. Concerns related to exclusion

In addition to concerns related to privacy, concerns relating to exclusion due to inaccurate technology become a factor here. This is also important to consider since students accessing these documents may be under stressful conditions like application processes for colleges and universities abroad. In such a situation, this technology could act as an unnecessary hindrance. Another factor to consider here is since the technology is being used on children whose appearance is bound to undergo changes over the course of the time since when the picture in the CBSE repository was taken and when the student is trying to access it, this technology could fail to identify students thereby adding to the stress that children may already be undergoing.

Our recommendation

In lights of these concerns, we recommended that CBSE cease use of facial recognition irrespective of the nomenclature being used for it as face matching for any of its deployments.

Project Panoptic

Under our Project Panoptic, we try to bring transparency and accountability to all facial recognition deployments by the government, both State and Central across the country. You can read more about the CBSE deployment here and sign the petition calling for a ban on facial recognition use here.

Important Documents

  1. Representation to the CBSE on use of Facial Recognition Technology dated January 21, 2021 (link)
  2. Reply to RTI request by CBSE dated November 24, 2020 (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
No place for tech: How digital interventions in NREGA are undermining rural social security

Mandatory digital ‘solutions’ introduced in the NREGA scheme by union and state governments, like Aadhaar-based payments, mobile monitoring apps, facial authentication and surveillance tools, are impinging on workers’ statutory rights and poking holes in the rural social security net.

8 min read

2
Into IT Standing Committee’s review of action taken by MeitY following its recommendations on citizen data security and privacy

This post breaks down the 55th report of the Standing Committee on Communications and IT, in which the Committee assesses the extent to which its recommendations on citizen data security and privacy were accepted and acted upon by the Ministry of Electronics and IT.

11 min read

3
Statement: Reportedly, IT Ministry looks to block Proton Mail on request of Tamil Nadu

Reportedly, the E2EE email service Proton Mail has received communication from MeitY regarding a potential block under S.69-A IT Act, at the request of the TN police over a hoax bomb threat sent to private schools in Chennai. 

1 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!