A facial is a form of biometric Artificial Intelligence which identifies people on the basis of certain characteristics of their face. This can be based on a digital image or video. Facial recognition can work off of software, mobile app or part of a security system. The facial recognition system works by collecting information about a user’s face including the contours, textures, colors, etc., and comparing these to the data it receives when a new face is fed into the system. If the data received matches the data stored then the face is identified.
Thus, the mechanism of facial recognition allows the database to collect information that can help it identify an individual face and correlate this data to other information regarding the individual. Further, every time an individual uses facial recognition software, this database is expanded to cover more information regarding him/her.
Facial Recognition Technology makes virtual identification easy, fast and more reliable. Facial recognition technology has actually caught up to the human ability to recognize faces today. In 2014, researchers at the University of Hong Kong created facial recognition software which was capable of 98.52% accuracy as compared to 97.53% of human beings. This success was later seen commercially when Facebook announced the DeepFace program which was capable of determining whether two pictures belonged to the same person. Google has achieved the highest accuracy of 99.63% with FaceNet.
Facial recognition technology has been used by the Indian government in many aspects including NCRB’s recent project known as the ‘National Automated Facial Recognition System’.
India’s firsts attempts with biometric national identity databases with Aadhaar faced certain major data protection issues. With the new project declared by NCRB, there have been worries expressed with regard to the protection of the data, especially from the Internet Freedom Federation(IFF).
IFF – a Delhi based NGO – issued a legal notice against NCRB with regard to this move. NCRB defended it saying that it is not violative of people’s right to privacy since it “only automates the existing police procedure of comparing suspect’s photos with those listed in LEA’s databases”. This system will use photos available in the public realm, including newspapers, sketches, online as well as private information received from individuals.
However, while the bids are currently flowing for this new technology in the law enforcement of India, there is a severe lack of a legal framework to support such a move. India has no specific law relating to data protection and security and even now, cases are fought on the basis of privacy laws and the IT Act both of which are severely outdated to deal with the enormity and advancement of technology today.
In Europe and the UK, the General Data Protection Regulation serves as the legal framework to protect data collected and stored by facial recognition databases. This is a European regulation that replaced the Data Protection Directive. It sets down standards and duties Controllers and Processors of data must adhere to. It applies not only to government authorities controlling data but also to private businesses.
The USA also has a well-developed framework for the protection of the biometric data. While there are no nation-wide laws relating to this, State laws have gained expansive reach and consequence. Illinois was the first state to formally protect biometric data, followed by Texas and Washington. There are bans on facial recognition in cities like San Diego and Somerville which are in pursuance and addition to the California Consumer Privacy Protection Act which covers biometric data as well.
There have many instances of hacking and disruption of the facial recognition databases in the past. These incidents have the capability of compromising the data of billions of people. Such technology was academically developed at the University of Toronto in 2018. Further disruptive technology has been developed by many companies and individuals in countries from the USA to Russia to Vietnam which is capable of fooling or avoiding facial recognition technology.
In the future, the use of biometrics and facial recognition will mean that almost every fact about an individual will be available in well-categorized databases for hackers to steal or companies to sell. In addition, the increased use of AI means that this data can be used to draw a rather accurate picture of the complete life and character of the person whose data has been acquired. Due to the bandwagon effect of social media and technology, there will come a point of time were giving out this personal data is no longer practically optional and will become mandatory to use regular services such as phones and websites. This presents a major security threat and breach of privacy to individuals.
In this light, there is a serious need for national and international jurisprudence to cover and protect the data of individuals and their privacy.