When the Meghalaya government launched a mobile app in July to verify pensioners' identities using facial recognition technology, it led to criticism over privacy concerns. In response to a legal notice from Jodhpur-based law student Jade Jeremiah Lyngdoh flagging privacy concerns with the "Pensioner’s Life Certification Verification" app, the state government said the use of FRT was not mandatory. Those who had concerns could opt out, they said.
The Internet Freedom Foundation (IFF), a digital liberties organisation, was among those that have raised concerns that invasive technologies like FRT could be misused. They have called for a law to stop the government from using personal data.
ALSO READ: India's first poll using face recognition app conducted peacefully in Telangana
Other experts feel the technology has huge potential if deployed correctly, as contactless technology has become indispensable in the post-pandemic world.
“Research has shown that facial recognition technology has limitations. The risk elements of facial recognition include the possibility of racial discrimination, the risk of identity fraud, the risk of bias, and the risk of errors in technology," says Aarthy Venkat, Senior Legal Advisor of SignDesk.
"In India and around the world, FRT adoption as part of efforts to boost digital transformation has been extensive. However, any technology that can be invasive requires regulations ensuring risk mitigation,” Venkat says, adding that there needs to be a procedure for rolling out FRT projects with safeguards against misuse of the technology and steps to ensure the rights of the data subjects are protected.
“Even the proposed data protection bill, in its current form, is not sufficient to protect the rights of individuals in case of misuse of FRT or to address the grievances of data subjects. A dedicated regulation governing the use of FRT for use cases in the government sector is the need of the hour. There needs to be a Data Protection Impact Assessment (DPIA) to be conducted by regulators before adopting FRT and the publishing of DPIA reports in the public domain. There is also a requirement to effectively spell out Data Subject Rights and Grievance procedures and create provisions for close-quarter monitoring of deployed projects. Due to the massive potential benefits of FRT, a complete ban on its usage would be counterproductive, however, adequate steps for safeguarding citizens’ rights should be taken by publishing guidelines, rules and regulations for the use of this technology,” says Venkat.
Businesses and governments may also see FRT as a way of lowering security expenses or improving services by providing a reliable identification and authentication method, online and offline. But, there is still a lot that needs to be worked upon in the field of FRT. “While FRT has the potential to promote innovation in many different sectors, it is important to underline that facial recognition algorithms are a work in progress and they remain far from perfect. The accuracy of systems depends on factors like the environment, ageing [of the subject], their emotions, dissimilarities between the compared images in terms of lighting conditions, camera distance, background, head orientation and size of the face in the image," explains Jayanth Tadinada, an AI expert and Chief Technology Officer at Mobius.
The real worry is a situation like that in China, where FRT has become all-pervasive.
"Unlike other forms of biometric authentication, consent is very hazy. We do not know where the cameras are and whether we are being tracked by the government or private entities. Moreover, we do not know, and might never know how that data is processed, correlated and used to discern new and potentially damaging information about us. Living with all of these unknowns can create substantial and pervasive harms, including, intentional or unintentional censorship, control and inhibition of our actions, and the emotional harm of constant monitoring,” Tadinada adds.
Experts point out that the use of FRT goes against the General Data Protection Regulation (GDPR) guidelines being adopted by developed countries. “The government needs to assure us about how it aims to store and use such critical data, do we have the infrastructure to protect the privacy and data of millions of users,” says Tushar Chhabra, CEO and Co-founder, CRON AI.
Though a few experts have praised the step by the Government of Meghalaya to leverage technology to provide convenience to the end-users at a lower cost, they also agree with the IFF's observations.
“IFF has raised some valid points here. Data security and error rates in FRT seem to be a major concern of the government. On this, I can only think of a quote by Steve Jobs: 'Sometimes when you innovate, you make mistakes.' It is best to admit them quickly, and get on with improving your other innovations,” remarked Vikas Singhania, CEO at TradeSmart.