The Crime and Criminal Tracking Network & Systems (“CCTNS”) was conceptualized by the Ministry of Home Affairs in 2009 as “an effort to modernize the police force”. Set up under the National Crime Records Bureau, CCTNS looks to digitize and migrate data available with police stations, computerize criminal processes, and enable data sharing among police stations, courts.
A closer look at the Request for Proposals (“RFP”) published by different States for the implementation of CCTNS reveals that while the Centre’s vision may have seemed innocuous, States’ implementation of the system potentially pushed it into a different direction. Odisha’s 2011 RFP demands as one of its requirements that the system be able to have an interface with the State voter list and the system be able to search a citizen based on various parameters from this list. Odisha’s requirements also include “extremist management” whereby the system should be able to record details of the “financer, sympathizer, harbourer, frontal organization” of suspected extremist groups.
Jharkhand’s functional requirements included a “Naxal Information Management” system which would include Naxal lists, Naxal profiles, etc. In its implementation, Jharkhand also tracks the movement of Naxals based on call detail records (“CDR”). Uttarakhand has an “Illegal Migration module” to register and confirm the nationality of “illegal migrants” in the State. Jammu & Kashmir’s 2011 RFP required that all data associated with mobile subscribers and the CDRs of individual subscribers be integrated with the State’s CCTNS.
In September 2020, the railways floated a tender for installing thermal cameras with facial recognition technology at stations to screen people for COVID-19. One of the plans for these cameras include linking the facial recognition system with CCTNS to identify criminals at railway stations. Future plans for CCTNS include linking with the National Automated Fingerprint Identification System, Finger Print Enrolment Devices at police stations, and Advanced Facial Recognition System.
What is especially concerning is that these databases are intended to include search function capabilities equivalent to a “Google type search for Police Department”. Odisha’s search functionality allows any police personnel to type a name in the database and gain easy access to all possible results from the search.
While there may be multiple layers of legal challenge to CCTNS, the purpose of the present writing is to place it in the context of an individual’s right to privacy as discussed in K.S. Puttaswamy v. Union of India (Privacy). Puttaswamy (Privacy) affirmed that a fundamental right to privacy is guaranteed under Article 21 of the Constitution. In order to place restraints or impinge upon this fundamental right, the State must meet 3 requirements: (a) legality (existence of statutory law), (b) legitimate State aim or necessity and (c) proportionality (rational nexus between the objects and the means adopted to achieve them).
CCTNS is not based in any legislative enactment but exists purely as a Cabinet-approved Executive scheme where the Centre is responsible for hosting data from across India and providing the software for capturing data to each State. Each State designs its systems according to its needs and stores data obtained from police stations within the State. A State can choose to share its data with the Centre. Consequently, the national database includes data from the States that share data.
Lack of statutory backing means that legislative limits to the purpose of CCTNS and demarcation of circumstances in which sensitive categories of data can be accessed by law enforcement are now absent. There is no mechanism to ensure that collection of data is done in a lawful, fair and transparent manner with checks and balances in place. These leave room for excessive and unchecked Executive discretion with the possibility that data collected may be used for other purposes.
The purported objectives behind CCTNS does constitute a legitimate State aim in the name of “public order”. However, the possibility that sweeping database integrations as illustrated above give law enforcement free access to data on a person who may not have even been accused of committing a crime bears no rational nexus to “public order”.
The test of proportionality for CCTNS must be understood in the context of the extent of free access that CCTNS allows to law enforcement. Most States look to digitize all FIRs, general diary entries and port them into the system along with the metadata. This is then integrated with other databases as each State deems fit including voter records and CDRs. At the outset, integration of CDRs of all mobile subscribers with J&K’s CCTNS constitutes bulk collection of telephone metadata and does not stand the test of proportionality. Under existing guidelines, obtaining CDRs is limited to officers of certain rank in case a crime is suspected and the directory of the records obtained is to be submitted to the concerned District Magistrate on a monthly basis. J&K’s CCTNS envisages collection and review of CDR of an entire population without any suspicion of wrongdoing on the part of individual persons. Data collection and integration with the State’s CCTNS at such magnitude allows for consolidation of intimate facts about individuals not even suspected of a crime. This is also a clear invasion of privacy and would constitute mass surveillance which is disproportionate to the purpose of the system. In a bid to prevent crime, different States are also profiling people by branding them as “Naxals”, “Extremists”, “illegal migrants” and using CCTNS to consolidate data about them.
With regard to Odisha’s voter list integration, guidelines issued by the Election Commission of India in 2008 lay down that sharing of electoral databases with the Government is to be done only for the purpose indicated in the request received and that the entire database of the respective State/UT need not be supplied. Instead, the guidelines require that the Government be asked to supply the particulars of the specific persons whose elector database they require.
In order to meet the proportionality standard vis-a-vis the Aadhaar programme in K.S. Puttaswamy v. Union of India (Aadhaar), the Government relied upon judgments by foreign courts where the collection of biometric data from persons suspected of criminal activity had been upheld. While differentiating the two situations, Chandrachud, J. (minority opinion) found that the courts had upheld “narrowly tailored legislations set out to achieve very specific objectives”. These objectives included “prevention of crime”. Pertinently, the courts in those cases had also tested the laws to ensure that the collection of biometrics was not invasive enough to be unconstitutional and that there were adequate safeguards to prevent misuse. Chandrachud, J. found that Aadhaar “treats every citizen as a potential criminal without even requiring the State to draw a reasonable belief that a citizen might be perpetrating a crime or an identity fraud.” Similarly, the majority opinion found the mandatory linking of Aadhaar with bank accounts as a purported measure to prevent money-laundering and black money to be “a sweeping provision which targets every resident of the country as a suspicious person.” The majority accepted the possibility of bank accounts being used to launder money but noted that such instances would be very few. Therefore, the provision for mandatory linking was held to not meet the test of proportionality.
Due to the opaque nature of CCTNS, the exact structures as they stand implemented in different States is difficult to ascertain. However, the clear intent is to put in place sweeping collection and integration of data in law enforcement’s Google search. There is, therefore, an urgent need to bring in proper legislation based in sound data and policy to regulate the functioning of CCTNS
Karishma Maria is an advocate practising in Delhi.