India’s Face Recognition Program is Moving to the Next Phase

Last updated June 29, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

It is no secret that India wants to build a massive facial recognition database and link it with their central Aadhaar citizen identification system. For those who aren’t familiar with it, Aadhaar is a 12-digit identity number that is accompanied by biometric and demographic data. Indians can get it after having their face, iris, and all their fingers scanned. Now, the Indian government has expressed its intention to move the facial recognition program forward through a relevant proposal by the National Crime Records Bureau. The relevant request for proposal suggests the procurement of a National Automated Facial Recognition System (AFRS).

According to the proposal document, the goal is to create a facial recognition database that the police on all seven union territories would have access to and to do so in just 30 weeks. Many citizens (89%) have already provided their face images for Aadhaar, so there’s already enough material to use for the population of the database. Whether or not the remaining 11% will be forced to a face scan hasn’t been clarified, but considering that the Aadhaar ID is needed for everything in India, the percentage of people who don’t have one is steadily decreasing.

The facial recognition system that is proposed should be able to match the database entries with a photograph, a sketch/drawing, or a capture from a CCTV feed. The requirements that are set were pretty rigorous, expecting the system to even work with low image quality, varied lighting conditions, small image size, bearded faces, slanted faces, and aged images. Even people who have undergone plastic surgery are expected to still be recognized and correlated with database entries. Finally, there is a whole section dedicated to the integrity, confidentiality, and availability of the information in the database, and this is where the worries begin.

About a year ago, Aadhaar’s biometric system was compromised by hackers who were able to generate fake ID numbers at will. Moreover, leaks such as the one that we reported in February can potentially compromise highly sensitive private information. Remember, biometric data that correlate the identities of people with their face cannot be reset after they have been compromised. Whatever protections are implemented, the possibility of backdoors or vulnerabilities that malicious actors can exploit in order to gain access to the database is always there. With the government expressing their intention to move forward, it is now up to the citizens of India to decide if they will accept the associated privacy risks or not.

Do you oppose the plans, or are you happy with the national facial recognition system that was proposed? Let us know where you stand in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: