Union Home Minister Amit Shah told the Lok Sabha on Wednesday (March 11) that officials used facial recognition from voter ID cards, driving licences and other documents to find that 300 people who took part in the Delhi riots were from Uttar Pradesh. An Indian Express report pointed out that this comes at a time when a joint parliamentary committee was examining the Personal Data Protection Bill.
Facial data is classified as ‘sensitive personal data’ under the latest amended version of the Bill. The latest draft asserts that the Centre can allow any firm to process personal data as long as it is ‘satisfied that it is necessary or expedient’ for purposes such as ‘preventing incitement to the commission of any cognizable offence.’
Shah, while speaking at the Lok Sabha, said that CCTV footages had been ‘analysed in detail by 25 computers.’ “Through facial recognition software, we began to identify… This software doesn’t see religion, doesn’t see clothes. This software only sees faces.”
He added that the software identified 1,100 people totally as having been involved in the violence.
Shah said 60 social media accounts had opened on February 22 and been deactivated soon after the riots died down, on February 26.
“Will they be able to escape just because they have closed their account? Wherever they are, we will find them…” he said.
According to a report in The Indian Express in December, the Delhi police had acquired the Automated Facial Recognition Software from Innefu Lab in March 2018 to identify missing children. However, sources claimed this software was now being used to identify protesters.
Sources said the Delhi police had created a photo database of more than 1.5 lakh “history-sheeters” for routine crime investigation. The police also had created another database meant for monitoring sensitive public events that has more than 2,000 images of terror suspects, “rabble-rousers and miscreants”, according to the sources.
Cybersecurity experts told The Indian Express that there are two kinds of facial recognition software — ‘one-to-one’ and ‘one-to-many’.
As the name suggests, ‘one-to-one’ software would match the image of one person’s face to another image. In the case of ‘one-to-many’, a single person’s image is attempted to match with faces in a crowd. This method generally has a lower accuracy rate compared to the one-to-one method.
The previous draft for the Personal Data Protection Bill had given exemptions to the government to collect such data for security, criminal investigations, and crime prevention.
However, it had also mentioned that these exceptions should be authorised by a separate law and that the data should be collected only if it was “necessary for, and proportionate to” the government’s interests.