India's Advancement in AI-Powered Facial Identification: Is It a Needed Improvement or a Privacy Risk? A Dialogue with Sanjay Puri
AI-Enabled Facial Recognition Systems in Indian Railways: A Step Forward, but With Data Security Concerns
India is set to take a significant stride in the realm of artificial intelligence (AI) with the Ministry of Home Affairs (MHA) announcing plans to install AI-Enabled Facial Recognition Systems (FRS) in seven major railway stations across the country. These stations include Mumbai's Chhatrapati Shivaji Maharaj Terminus, New Delhi Railway Station, Howrah Junction and Sealdah Railway Station in Kolkata, Dr M.G.R. Chennai Central Railway Station, Secunderabad Railway Station, and Bihar's Danapur Railway Station.
The implementation of AI-enabled FRS aims to aid in tackling crime, particularly crimes against women, and increase the conviction rate. Moreover, it can help authorities precisely identify areas that need immediate response during disasters, and enable people in affected areas to access real-time, precise information about response teams and government initiatives.
However, the deployment of AI-enabled solutions raises significant data security and privacy concerns. With the potential for mass surveillance, extensive biometric data collection, and weak regulatory frameworks, it is crucial to ensure strict data minimization, obtaining explicit informed consent, robust data protection practices, transparency, and adherence to legal safeguards.
Privacy concerns are not negligible in these regards. It is important to ensure that citizens are clearly aware of what they are consenting to. Surveillance data with such high technology must be ensured to stay in safe hands. Regular onsite audits, data deletion after a certain period, data sitting on Indian servers, and limited and highly secured access points to the data are necessary security measures.
India's AI capabilities in the public domain are optimistic, as demonstrated by the successful implementation of the Aadhaar card and other initiatives. However, maintaining data security for AI-enabled systems, such as FRS, is paramount. It is crucial to ensure that there is no secondary use of the data, and strict vendor contracts, independent oversight, mandatory breach notification, and onsite audits are necessary to ensure data security.
When dealing with foreign vendors, India has the technical ability to conduct periodic audits and assess if data is being abused or misused. If someone does not consent to be captured, there must be an option for alternative means of checking or manual screening.
AI can cross-match, precisely track, and predict the movement and actions of individuals through facial recognition data, financial transactions, online interactions, social media activities, and movements of vehicles registered under one's name. This technology can also help prevent stampedes by managing and controlling the spread of misinformation.
International best practices, such as the GDPR in the EU, require such measures—prior consent and rights to data deletion—which Indian regulations currently do not fully guarantee. To mitigate the risks, organizations deploying facial recognition must limit data collection strictly to what is necessary, obtain explicit informed consent from individuals before processing biometric data, implement secure storage, access controls, and encryption, ensure transparency about data use, retention periods, and third-party sharing, conduct impact assessments to identify and reduce risks, particularly addressing biases in accuracy that might disproportionately affect certain groups, and establish accountability frameworks.
Despite the substantial data security concerns, the implementation of AI-enabled FRS in Indian railways is a promising step towards a safer and more efficient public transportation system. Addressing these concerns requires enforceable data minimization, consent mechanisms, transparency, security measures, and independent oversight to safeguard citizens’ biometric data and privacy rights.
- The integration of AI technology in business sectors, such as the railway industry, brings general-news and crime-and-justice benefits, like aiding in crime prevention and disaster response, but it also raises opinion questions about data security and privacy.
- Ensuring data security is crucial in the education of individuals about the implications of technologies like AI-enabled Facial Recognition Systems (FRS), especially regarding data minimization, consent, transparency, and adherence to legal safeguards.
- As Indian railways adopt AI-enabled FRS to provide a safer and more efficient public transportation system, it is essential to learn from international best practices in the area of data security and privacy, such as implementing explicit informed consent, secure storage, and accountability frameworks.
