Tech vs. Regulators: A Case In Point
We remember being horrified at the invocation of emergency powers in Hong Kong to ban wearing masks in the pro-democracy protests. We might have felt grateful even, to be safe from such violative facial surveillance. But consider this: a UK-based research firm, Comparitech found New Delhi to be among the top 20 cities in the world for CCTV surveillance per unit population (which, by the way, stands at more than 9 cameras per 1000 individuals). This is worryingly close to several infamously surveilled Chinese cities. Automated facial recognition is the creeper that’s inconspicuously taken over our world; now we’re having a hard time dealing with all the offshoots. “Technology is a useful servant but a dangerous master.” (Christian Lange)
Evolving since the 1960s, automated facial recognition is a technology that used to identify somebody by using the unique characteristics of their face in video, pictures or real-time. Contactless and non-invasive, it’s been put to a wide variety of uses: unlocking devices, detecting identity thefts, locating missing children, airport security screening, identifying criminals and worryingly, surveillance.
While it has come a long way, the system is far from perfect. In 2018, Delhi Police reported the accuracy of its facial recognition system at a paltry 2%. Computer vision dazzle patterns and privacy visor glasses can cleverly confuse the algorithm. And, lest we forget, masks! There’s another lurking problem. The tech requires a database of pictures from which to learn identification. The initial databases often lack diversity with the result being that the system is more accurate in identifying certain races and genders more than others. The lopsided accuracy can further amplify biases when used in policing and criminal identification. And there is the debate around the image storage and the consequent privacy issue. Understandably, no technology is perfect but calibrated policies can pave the way for its successful adoption.
As it stands, however, the response of countries to facial recognition technology has been haywire. Several American states have banned all use of the tech. A British court has termed its use by the police unlawful, citing low robustness. On the other hand, Argentina has a prospective bill legalizing facial recognition in public places. China is well known for using extensive facial recognition in all spheres. The Indian government has also ramped up the use of AI in general and plans an overarching automated facial recognition system for criminal identification across government departments. India and several other countries using the tech lack a legal infrastructure to govern its use. This poses a grave risk of rights abuse and privacy violation. India’s IT Act, 2000 is completely silent on facial recognition. The Supreme Court has established the proportionality standard for collecting personal data, but detailed rules are needed. The Personal Data Protection Bill, 2019 categorizes facial images as sensitive personal data on the lines of GDPR, but there are several grounds to allow government processing with and without consent.
It is impossible to have a one-size-fits-all regulation, yet, it is important to have an unambiguous regulatory legal framework in proportion with the intended and possible use of facial recognition technology. When “efficiency is an unfulfilled promise, but discrimination and unreliability are demonstrated effects” (Vidushi for The Print, 2019), we cannot proceed with the current haphazard approach. We must adopt a responsible strategy for the gradual assimilation of technology; one based on freedoms, rights, accountability, transparency and fairness.
