Shortly after one of the worst riots New Delhi has seen in decades, law enforcement agencies in India used facial recognition technology to identify more than 1,100 people who allegedly took part in those riots at the end of February. India’s home minister, Amit Shah, told parliament that law enforcement provided its facial recognition system with photos from government-issued IDs, like drivers licenses, and other databases.
According to a Techcrunch report, the information law enforcement fed into the system also included 12-digit Aadhaar numbers (personal identity numbers based on an individual’s biometric and demographic data), which have been issued to more than 1 billion residents. It’s a voluntary program, and the largest of its kind in the world.
But there are a slew of legal questions surrounding the use of facial recognition to track down suspects in India. There currently aren’t any laws that clearly lay out ethical uses for such technology. According to the Internet Freedom Foundation, a digital rights advocacy group in New Delhi, the system only had a 1 percent accuracy rate when attempting to identify missing children, and “failed to distinguish between boys and girls.” The group claims that law enforcement in India has no clear legal authority to arrest people based on the technology, let alone the amount of people that supposedly took part in the violent riots.
But this isn’t the first time India has used facial recognition to aid in its police work, nor the first time Aadhaar data has been shared with law enforcement. Earlier this year at a protest, New Delhi police used facial recognition to identify individuals who were suspects in an investigation. Reuters reported last month that activists were worried about “insufficient regulation around the new technology” and potentially being targeted because of their religion.
In 2013, the Central Bureau of Investigation (CBI) was investigating the rape of young girl in the state of Goa when it asked the Unique Identification Authority of India (UIDAI), the governing body that collects and maintains all Aadhaar data, to turn over all its fingerprint records so it could figure out whose print was discovered at the crime scene. The Bombay High Court initially told the UIDAI to hand over its data, but after an appeal the court ordered the Central Forensic Science Laboratory (CFSL) to see if it would be possible for law enforcement to match a crime scene fingerprint with one in the Aadhaar database instead. Eventually, the court ruled that Aadhaar data could not be shared to any third party without consent from the Aadhaar-holder themselves.
But with massive databases like Aadhaar and facial recognition technology at its disposal, law enforcement can potentially identify—or misidentify—anyone it wants for any reason. Former Uttar Pradesh police chief O P Singh told Reuters the technology “helped cut the numbers of wrongful arrests and highlighted the state’s extensive database of more than 550,000 ‘criminals.’”
But groups like the Internet Freedom Foundation are fighting for more legal oversight when it comes to using such technology to prevent innocent people from being arrested and protect individual privacy.