We wrote to the Ministry of Civil Aviation urging them to stop the DigiYatra Scheme

We wrote to the Ministry of Civil Aviation urging them to immediately cease the DigiYatra Scheme and to ensure that passengers are not inconvenienced due to exclusion cause by the Scheme.

12 April, 2023
4 min read

tl;dr

The Digi Yatra Scheme (‘the Scheme’) was launched at the Delhi, Bengaluru, and Varanasi airports on December 01, 2022. During the second phase of implementation, the Scheme will be launched at Kolkata, Pune, Vijayawada, and Hyderabad airports. The Scheme allows digital processing of passengers using facial recognition to check the passengers’ identities at the entry checkpoint, entry into security check, self-bag drop, check-in, and aircraft boarding.

We wrote a letter to the Secretary, the Ministry of Civil Aviation raising our concerns about the exclusion that may be caused by the Scheme. In this blog post, we look at not only logistic exclusion but also the Scheme’s exclusion by design.

Why should you care?

The implementation of the Scheme puts data privacy and passenger ease at risk. While the Scheme states that the Digi Yatra Biometric Boarding System will conform and adhere to data protection laws as applicable and mandated by the Government of India, presently the country does not have any specific laws on data protection. Further, when Facial Recognition Technology (‘FRT’) itself is the subject of an international challenge as well as proceedings before the Allahabad High Court and the Telangana High Court for being antithetical to the rights to equality and privacy, the usage of such technology for ‘passenger ease’ seems redundant.

Background

The Scheme was launched by the Ministry of Civil Aviation on June 08, 2017, by the then Minister of State for Civil Aviation, Shri Jayant Sinha, to make air travel paperless and hassle-free per a press release. The Scheme would facilitate the digital processing of passengers at airports. Using the Scheme, a passenger can get a Digi Yatra ID by sharing details like their name, email ID, mobile number, and any approved identity proof, including Aadhar.

With FRT being proven to be racially and gender biased, it increases the chances of exclusion in a diverse country such as India. Logistically, instead of increasing passenger ease, as it sets out to do, the Scheme will only increase the burden on the airport personnel and the passengers, especially at busy airports.

The categories of data listed for collection also include a passenger’s Personally Identifiable Information (‘PII’). As per a press release, the Ministry of Civil Aviation stated that there is no central storage of a passenger’s PII data; the same is encrypted and stored in the passenger’s smartphone wallet and purged from the system within 24 hours of the flight. This is at odds with the interview given by Avinash Komireddy, the founder and CEO of Dataevolve, which has designed the Digi Yatra ecosystem. He states that data authentication takes place on the Amazon Web Services cloud platform. The Ministry has not referenced this authentication flow in its statement about the exchange of information between a passenger’s smartphone and the origin airport. Further, the Privacy Policy of the DigiYatra Scheme states that the collected data may be used for other purposes, such as improvement of products, contact for surveys and to process user requests, among others. The collection of this wide range of data for purposes other than passenger verification appears to be irreconcilable with the object of the Scheme.

Our Letter

We wrote a letter on April 05, 2023, to the Secretary, the Ministry of Civil Aviation, about our concerns concerning the implementation of the Scheme across airports in India.

We have raised logistical concerns regarding the Scheme in the letter. Due to the exclusion caused by FRT, the DigiYatra Scheme could fail to identify registered travellers, which could lead to unnecessary delay and inconvenience to passengers as well as airport staff. Our letter also highlights that the Scheme does not sufficiently advertise the alternative to FRT for passenger-ID verification.

We relied on illustrative examples to elaborate our point. In India, for instance, if just 1% of passengers on a daily basis opt for verification using the Scheme, the multiple check-in spots should be allocated in such a manner that there is no impact on the resources allocated to the 99% who do not opt for the Scheme resulting in bottle necks. This could prevent inconvenience at airports such as Delhi’s Indira Gandhi International Airport, where all boarding and entry gates are reportedly soon going to become Digi Yatra-enabled. Internationally, additional concerns have been raised that opting out of FRT at airports has purposely been made more convoluted by design to increase dependence on the technology.

In our letter, we have requested:

  • The operation of the Scheme be ceased at airports, or
  • The Scheme not become the primary method of verification, and
  • The allocation of resources to the implementation of the Scheme be made according to the average percentage of passengers opting for verification using the Scheme.

In light of the concerns raised in the letter as well as in our previous posts (linked below), we hope that these are taken into account and that our recommendations are implemented.

This post has been authored by Policy Intern Anahida Bhardwaj and reviewed by the IFF Policy Team.

  1. Letter to Secretary, the Ministry of Civil Aviation with our concerns with respect to the implementation of the Scheme across airports in India dated April 05, 2023. (link)
  2. Part 1: The dangers of DigiYatra & facial recognition enabled paperless air travel #SaveOurPrivacy dated January 18, 2022  (link)
  3. IFF explains DigiYatra: Turbulence ahead dated January 29, 2022 (link)
  4. DigiYatra Project on Panoptic website (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

2
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

3
IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!