An increased risk of State surveillance - Hindustan Times
close_game
close_game

An increased risk of State surveillance

Mar 31, 2022 08:34 PM IST

The Criminal Procedure (Identification) Bill 2022, impinges on privacy by creating and storing a database of biological and physical samples, and detailed profiles

The government recently introduced the Criminal Procedure (Identification) Bill 2022, in the Lok Sabha to provide for modern “measurement” techniques of convicts and other persons, make the investigation of crime more “efficient and expeditious”, and increase conviction rates. The Bill seeks to repeal the Identification of Prisoners Act, 1920, which is in need of modernisation. However, the Bill goes a step too far and marks an increase in the surveillance powers of the State.

Perhaps the most egregious component is the retention of all measurement data digitally for 75 years from the date of collection, without any in-built checks to protect the confidentiality of such data, (File Photo) PREMIUM
Perhaps the most egregious component is the retention of all measurement data digitally for 75 years from the date of collection, without any in-built checks to protect the confidentiality of such data, (File Photo)

The Bill expands the definition of “measurements” from finger impressions and footprint impressions in the 1920 law to include photographs, iris and retina scans, “physical, biological samples and their analysis”, and “behavioural attributes”, including signatures and handwriting.

The definition of “physical and biological samples” is not provided, and can arguably extend to the collection of DNA samples. The government has previously demonstrated an interest in using DNA profiles and samples to facilitate the prosecution and adjudication of criminal cases through the introduction of the controversial DNA Technology (Use And Application) Regulation Bill, 2019. Notably, in February 2021, the Parliamentary Standing Committee submitted its report raising concerns about privacy and profiling with the use of DNA samples in criminal investigations.

There is further lack of clarity on what the government intends to collect through the “analysis” of such physical and biological samples. The use of this term widens the ambit of the proposed law considerably and potentially authorises the use of techniques such as facial recognition and emotional recognition technology that analyse facial features. These tools – that have significant privacy and discrimination concerns in their use for law enforcement – may also be brought in through the terms “behavioural attributes”.

Under the 1920 law, the police could take the measurements of persons convicted of, or arrested for, offences punishable with at least one year rigorous imprisonment or those ordered to furnish bonds for his good behaviour under the law. If such a person (not having been previously convicted) was discharged or acquitted by the court, all his measurements and photographs were to be destroyed or handed over to him. The law placed some constraint on the exercise of State power to ensure that it was narrowly tailored for use only in serious offences.

These limited fetters have also been removed under the proposed law. First, the present Bill broadens the scope of State power to allow the police to take measurements of persons convicted, arrested, or preventively detained under any offence (including traffic violations), regardless of the gravity of the offence. The result will be the creation of a massive database comprising sensitive personal data of all arrested, detained, or convicted persons. Taken together, it will enable detailed profiling of individuals by the police.

Second, the Bill authorises the National Crime Records Bureau (NCRB) to centralise the storage, preservation, and destruction of all records at the national level. This further concentrates and centralises power, without adequate safeguards, and raises security concerns and risks of unauthorised leakage of data. This is particularly concerning since the Bill conspicuously fails to restrict the sharing of such data by NCRB with other State and private agencies.

Third, and perhaps the most egregious, is the retention of all measurement data digitally for 75 years from the date of collection, without any in-built checks to protect the confidentiality of such data. The proposed Bill neither restricts access to such retained data nor makes access dependent on a prior judicial or administrative review. There is no purpose for such prolonged storage of data, which is wholly disproportionate, as held by the Supreme Court in the Aadhaar judgment (2018) as well as the European Court of Justice (Digital Rights Ireland, 2014). Indeed, the long-term storage of such data runs contrary to the core purpose of the Bill, which is to help in criminal investigation.

The storage provisions make no exceptions for juveniles who may be in conflict with the law. It is violative of the letter and spirit of the Juvenile Justice (Care and Protection of Children) Act, 2015, which is based on the principles of fresh start, privacy and confidentiality, rehabilitation, and ensuring best interest of the child. Under the Juvenile Justice Act, all past records of any child under the juvenile justice system must be erased except in special circumstances. The proposed Bill adopts a directly contradictory approach by retaining children’s data for 75 years, spanning their entire adult life.

Finally, while the Bill provides for the destruction of data of persons who have been acquitted or discharged during trial, it does not account for situations where the police decide not to prosecute individuals after arresting them or files a closure report.

Like many of the recent Bills (DNA Regulation), laws (for linking Aadhaar and electoral IDs) and measures (facial recognition technology) proposed and operationalised by the government, the Criminal Procedure (Identification) Bill 2022, was introduced in the absence of a national data protection law and with very little or no prior public consultation. The processing of such large swathes of sensitive personal data should ideally be preceded by proper data protection impact assessments and be audited for their data minimisation and privacy by design policies. The proposed law, unfortunately, does not seem to be cognisant of any privacy concerns, and does not even mention the term in its entire text. It is thus essential that the Bill be referred to a Parliamentary Standing Committee to enable an in-depth examination of some of these issues.

Vrinda Bhandari is a lawyer practicing in Delhi, and specialises in digital rights and privacy 

The views expressed are personal

Unveiling 'Elections 2024: The Big Picture', a fresh segment in HT's talk show 'The Interview with Kumkum Chadha', where leaders across the political spectrum discuss the upcoming general elections. Watch Now!

Continue reading with HT Premium Subscription

Daily E Paper I Premium Articles I Brunch E Magazine I Daily Infographics
freemium
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Friday, March 29, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On