Earlier this week, the Internet Freedom Foundation (IFF) published responses to its Right to Information (RTI) requests filed with the Delhi Police, Kolkata Police, as well as Telangana State Technology Services (TSTS), which asked for answers regarding the exact nature in which their facial recognition technologies are being used, and their subsequent privacy impact for the common person. In response to their RTI queries, the Delhi Police cited Section 8(1)(d) of the Right to Information Act, 2005 and refused to offer answers to any of the queries put forth by IFF.
The RTI and its response
In an RTI request filed on October 23, Anushka Jain of IFF had asked whether the facial recognition technology has been used in line with any ongoing investigation, whether arrests have been made using it, what are the accuracy rates of Delhi Police’s Automated Facial Recognition System (AFRS), what databases are being used with it, and whether any privacy impact assessment was done prior to the technology being deployed.
In response, the Office of the Deputy Commissioner of Police and PIO cited the aforementioned clause of the RTI Act, 2005, which states, “Notwithstanding anything contained in this Act, there shall be no obligation to give any citizen, information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information.”
Is the response legally adequate?
According to N.S. Nappinai, senior advocate at the Supreme Court of India and founder of Cyber Saathi, the queries submitted by IFF did not seek details regarding the technical aspects of Delhi Police’s AFRS. “The RTI queries asked for responses regarding the application part of the technology, and not the core technology itself. As a result, this clearly seems to be an evasive and inadequate response given by the Delhi Police, since there is no actual query here that can reveal information that gives away commercial or IP secrets to any competitor.”
Mishi Choudhary, technology lawyer and founder of Software Freedom Law Centre (SFLC), also agrees with the evasive nature of Delhi Police’s RTI response. “Section 8(1)(d) further says, “…unless the competent authority is satisfied that larger public interest warrants the disclosure of such information,” which this case clearly does. Like any other professional organisation, I am sure IFF will appeal this answer. In my experience, we have had to go through rounds of appeals and litigation to get any information related to surveillance,” says Choudhary.
In this context, Choudhary highlights the public interest litigation (PIL) that SFLC had filed alongside the Centre for Public Interest Litigation (CPIL). The PIL was admitted by the Delhi High Court on Thursday, December 3, where it asked the central government for a response on the PIL's appeal to have India’s three primary surveillance systems, CMS, NATGRID and NETRA to stop collecting mass surveillance data. Lawyer Prashant Bhushan, who argued on behalf of CPIL and SFLC, stated that there is “insufficient oversight” behind operating these surveillance systems, and therefore represents a significant threat to privacy.
Underlining this very aspect, Nappinai adds, “It is because of this that we are eagerly awaiting our Personal Data Protection Bill to be passed by the government. However, until then, the urgent need of the hour is to establish a preliminary, regulatory and policy framework with regards to personal privacy, which can help set up definitions for what constitutes a privacy breach of a person, by law.”
Choudhary adds that what may be interesting for privacy watchdogs to observe here would be the contract agreed upon between the Delhi Police and Innefu Labs – the company that sourced the facial recognition technology to the police body. “Often customers (in this case Delhi Police) enter into proprietary agreements that read on public data, and I am curious to see how those terms were negotiated. That will tell us why this particular answer (from the Delhi Police) was received.”
Did the contract entail a ‘trade secret’?
News18 reached out to Tarun Wig, founder of Innefu Labs – the company that sourced the underlying technology behind AFRS, to understand the concern of “commercial confidence, trade secrets or intellectual property”. In response, Wig states, “The technology, its servers and applications are entirely within their (Delhi Police’s) premises, and our role is only limited to occasional server maintenance, as per their requirements.”
Touching upon Innefu’s contractual agreement of service with the Delhi Police, Wig further adds, “If the Delhi Police have such a thought process (of treating AFRS as a trade secret), that would be their internal decision. They may wish to refrain from revealing the technical details behind such technologies in order to prevent other private entities from using it. Personally, I am not aware of any clause or contract that binds them to it.”
The Delhi Police’s response to IFF’s RTI application hence appears to be clearly wanting for more details, since the queries submitted were not warranting answers that could have divulged trade secrets of Wig’s Innefu Labs. As Wig stated, Innefu is no longer associated with administrative and working details of AFRS, which leaves the apex police body with clear jurisdiction to furbish details on how and why it has been using a public surveillance tool, and the purposes it has been deployed for.