Aadhaar for face detection: Good to nab criminals, bad for common man's privacy

Chennai Police could be the pioneers in deploying face-detection technologies on a large-scale. But deployment of these technologies is neither limited to Chennai now, nor is it confined to facial detection.

With almost all states, except some northeastern states, now deploying the technology and the government seriously considering the request by different police forces for formal linkage of the Aadhaar database with their face-detection and biometric-based criminal detection software, digital crime detection and prosecution would soon come to depend on all-India crime Big Data including personal data, to the last citizen.

Sharing of Aadhar data with police a matter of time

Different police forces in India might have begun with first creating a digital database of those with criminal records. But what if the crime has been committed by a first-time offender whose photo or biometric details do not figure in the crime records? From the police’s point of view, ideally the database for criminal identification should be extensive enough to cover the last Indian and even all foreigners visiting or living in India. In other words, in the name of facilitating detection of first-time criminals, they want their criminal detection Big Data to encompass not only crime data but the entire civilian data.

That’s why the state police forces are pitching for formal Aadhaar linkage as Aadhaar database contains biometric identities and addresses of all citizens and now authorities have started recording even the photographs. On June 20, 2018, Ish Kumar, the chief of the National Crime Records Bureau (NCRB), made a fervent plea for “limited access” to Aadhaar data for police departments for detection of first-time criminals though he didn’t bother to explain what he meant by “limited access”. The UIDAI put up a brave face the very next day saying that sharing of Aadhaar biometric data for crime investigation by any agency is not allowed under the Aadhaar Act. Use or access to Aadhaar biometric data for criminal investigation may not be permissible under Section 29 of the Aadhaar Act, 2016 but Section 33 of the Aadhaar Act already allows exceptions and permits access to and use of Aadhaar biometric data in cases involving national security. So by simply adding NSA or UAPA sections to the FIR the police can access Aadhaar database as it is.

However, the same day, then Union minister of state for home Hansraj Ahir clarified that the Centre would look into the request for sharing of Aadhaar data with police for the purpose of cracking cases involving first-time offenders and for identification of unidentified bodies. Suggestions for allowing Aadhaar information sharing and amendments to the Identification of Prisoners Act would be discussed in the ministry, he said in his address to the 19th All-India Conference of Directors of Finger Prints Bureau in Hyderabad, the same event at which the NCRB chief made his plea the earlier day. “There is need for access to Aadhaar data to police for the purpose of investigation. This is essential because 80 to 85 per cent of the criminals every year are first-time offenders with no records (of them available) with the police,” Ahir said. So, with the government thinking along these lines, formal sharing of Aadhaar data with the police is only a matter of time pending amendment to the Aadhaar Act.

Using ‘mini-Aadhar’ dataset

Worse, even before formal clearance from the government, the police departments in different states have already started building up their own Aadhaar-based databases. As far back as in January 2018 itself, the Telangana Police started linking the profiles of criminals with Aadhaar data in their Geo-Tag project. The police forces in Rajasthan and Madhya Pradesh had also started doing the same thing. How could they do it without access to Aadhaar database, the UIDAI never took the trouble to explain it. In Telangana, the police collected the Aadhaar cards of all offenders, took their photographs and fingerprint details and other personal information and prepared their own “mini-Aadhaar” dataset of 2.18 lakh individuals. After the UIDAI refused their formal request, the Rajasthan police also went from door-to-door and built up their own Aadhaar-like database using Aadhaar cards.

By coincidence, UIDAI sent circulars on June 19 and again on August 17, 2018 to all Authentication User Agencies (AUAs), Authentication Service Agencies (ASAs), and certified biometric device providers that they should also include on-the-spot live pictures of the person whose identity ought to be sent along with other biometric data like fingerprints and iris scan for authentication and for issuing Aadhaar cards the UIDAI is also including photograph of a person as an additional feature besides the existing biometric features. The new multimodal technology and software enable the agencies to do face reading from videos and photos of crowds, and they are so advanced that they can even decode lip movements in conversation in obscure tribal languages in real time which is being deployed by Jharkhand Police.

In any case, if Amazon, Walmart/Flipkart and Google can do customer identity authentication with UIDAI based on Aadhaar data for the delivery of products, if youngsters running Aadhaar Service Centres in remote villages can access Aadhaar database and if panchayat offices issuing caste and nativity certificates and ration shops can cross-check the biometric identity of customers with the Aadhaar records and if UIDAI also allows offline verification of name, address etc., even to private parties, it is no big deal for the police to access the Aadhaar database indirectly through some commercial intermediary to authenticate some given identity with KYC data. Once if they have full access to the Aadhaar biometric data, it will be easier for them to match a photo with the photos in Aadhaar database in seconds and find the identity of the person.

Legal viability

Will digital detection of possible culprits in an act of crime through face-recognition technologies pass for evidence in a court of law? Yes, the material collected through Ambis, the software being deployed by the Maharashtra Police, would be acceptable as forensic evidence in courts, asserts the Maharashtra government.

But there are many types of crimes including white-collar crimes, crimes using financial technology and other high-tech crimes through internet hacking and crimes that can be tracked through records of phone conversations, thefts in malls having CCTV cameras, traffic crimes and so on. Since PAN cards are linked with bank accounts, the police can easily get access to the data bases of e-commerce companies, money-changers and digital money-transfer agencies, malls, internet service providers, banks and mobile payment companies and so on. The identity of criminals figuring in these datasets would be cross-checked with the Aadhaar database.

The case of IT Grids (India) Private limited in Hyderabad gaining access to Aadhaar database for voter profiling created a huge furore during the last Assembly elections in Andhra Pradesh. Talking to The Federal, Karan Saini, programme officer with the Centre for Internet and Society, said, “These face-recognition systems could also falsely identify innocents as criminals. The accuracy rate was 17–29 per cent in a trial conducted in Germany. To expose the possible pitfalls of technological glitches, the American Civil Liberties Union scanned the faces of all 535 members of the US Congress with Amazon’s facial detection system and ironically the results identified 28 members of the Congress with hardened criminals!”

Even assuming that the system would work without tech glitches, with police amassing such a massive database with which they can also trace every move of the citizens, their every money transfer and ever travel and stay details and tap into every phone conversation, Aadhaar would lead not just to quick crime detection but andhkaar, a world of darkness with no right to privacy.