All about Criminal Procedure (Identification) Act, 2022

Introduction 

The Criminal Procedure (Identification) Bill, 2022, was passed by the Lok Sabha on April 4 and Rajya Sabha on April 6. It received President’s assent on April 18, 2022. This Act has replaced the Identification of Prisoners Act 1920.[1] The Bill was passed after all the concerns about the legislation were addressed by Union Home Minister Amit Shah. He contended that “next-generation crimes cannot be tackled with old techniques. We have to take the criminal justice system to the next era.”

This Act aims to increase the powers of investigating authorities to acquire biometric details of convicts. It will empower authorities to gather biometric data from detainees, including fingerprints, palm prints, footprint impressions, pictures, iris and retinal scans, and other physical and biological samples. It also suggests that police officers be authorized to gather behavioural characteristics of convicts, such as handwriting samples and signatures, or any other examinations referred to under section 53 or 53A of Cr.P.C.[2] of the convicts

 Objective of the Criminal Procedure (Identification) Act, 2022

The British colonial government enacted the Identification of Prisoners Act in 1920. The I.P. Act, instituted shortly after Gandhi’s non-cooperation movement amidst a swirling surge of nationalism, was indeed an attempt by the colonial government to strengthen its authority by broadening the vigilance scope. It empowered law-enforcement agencies to take and store photos, footprints, and fingerprints of convicted and non-convicted (only in specific circumstances) individuals and established provisions for their storage and disposal. A century later, the government of independent India replaced the I.P. Act, whose scope was limited, with vaguely drafted legislation that leaves no stone unturned to acquire more sensitive personal data and offers fewer safeguards as compared to the colonial legislation.

The term “measurements” used in the said Act authorized only the taking of fingerprints and footprints of a limited category of convicted and non-convicted individuals and photos on the Magistrate’s order.

The ruling by the Supreme Court in the State of U.P. vs. Ram Babu Misra[3] case and the 87th Report of the Law Commission[4] of India called for amendments to the legislation in the 1980s. The 1920 Act received criticism and had to be amended mainly due to its narrow definition of “measurements”. Hence, one of the primary goals of the 2022 legislation appears to resolve this issue.

According to its Statement of Objects and Reasons, the Criminal Procedure (Identification) Act, 2022 declares its goal as modernizing the law to take into account the latest techniques of identification and measurement that have emerged over the past century, especially in developed nations, which produce highly reliable and trustworthy results that are acknowledged around the world. The new Act of 2022 allows for more efficient and expedient criminal investigations, resulting in a higher conviction rate.

Features of the Criminal Procedure (Identification) Act, 2022

The Act expands the types of data that can be gathered, the people from whom such data can be gathered, and the authorities that may authorize them. It also stipulates that information be stored in a centralized database. In accordance with section 6(2) of the 2022 Act,[5] resistance or refusal to provide information or data will be considered to hinder a public worker from carrying out his duties.

The legislation makes it legal for police and prison officials to collect, store, and analyse physical and biological samples, including retina and iris scans of individuals who have been convicted.^[6] According to the Act, the record of measurements will be kept for 75 years from the date of collection.^[7] The people who have not been convicted or arrested for crimes against women or children or in detention for an offense that is punishable for less than seven years can refuse to give their biological samples.^[8] The National Crime Records Bureau (NCRB) will serve as the organization that keeps track of the data.^[9]

However, the Act does not stop there; it also includes three other elements that have nothing to do with keeping the legislation up to date with scientific advances in the field of body measurements.

To begin with, “it expands the ambit” of the law’s application to anybody who has been arrested for any crime, including those detained under the preventive detention legislation. The abuse of police powers of arrest, and even more so of the preventive detention legislation in India, is well documented; however, the Act puts the privacy of individuals who have not been convicted of any wrongdoing at the mercy of the state.

Second, the Bill permits the storage of a guilty individual’s personal data for up to 75 years. In practice, this means an average individual’s lifespan, which further violates an individual’s “right to be forgotten.” The legislation, however, overreaches in its blanket applicability to all people guilty of a crime. There is no justification for why this virtual permanent data collection will aid in preventing or prosecuting crime

Third, the National Crime Records Bureau will be able to share and publish personal information with “any law enforcement agency.” This goes against the well-known data protection practices, such as the principle of “purpose limitation”, which states that even when data gathering is legal, data obtained for a given reason should only be used for that purpose and nothing else. As a result, Act’s indiscriminate character and unwillingness to discern between those categories where the acquisition of personal data is necessary — even indispensable — for investigating a crime and those where it is not is an overreach.

Analysis of the Criminal Procedure (Identification) Act, 2022

In particular, the Act impacts Indian citizens who are under trial, arrested, in jail, or detained under a preventive custody law, which will be enacted to cover everyone who is arrested in a case. It principally violates  the fundamental rights enrshrined under Article 14, 20(3), and  21.[10] It gives the police and magistrates considerable power. They have the power to compel the accused to testify, which is ludicrous and might lead to abuse of authority and rampant corruption.

The Act’s provisions allow the police to forcibly take “measurements” of convicts, arrestees, detainees, undertrials, and anyone else who may be remotely involved with the connection of an offense without first establishing their involvement or the evidentiary value of such “measurements.” “Measurements” also include “biological samples”, “analysis”, and “behavioural traits” and can be seized forcefully in the event of resistance or refusal. These phrases can be interpreted to include “measurements” of a testimonial kind obtained through a coerced mental assessment. As a result, this coercive clause^[11]  violates the right against self-incrimination, a well-established element of our criminal justice system stipulated by Article 20 (3).[12]

The current Act provides for collecting iris and retina scans, pictures, finger imprints, palm-print impressions, footprint impressions, physical and biological samples and their analysis, and behavioural characteristics such as signatures, handwriting, or any other examination.[13] All of this data is incredibly personal to each individual, and collecting it breaches the right to privacy guaranteed by Article 21.[14] There seems to be no connection between collecting this data as evidence and the goal alleged to be achieved.

To withstand judicial scrutiny, the Act must meet four requirements of the proportionality concept outlined in Justice KS Puttaswamy v Union of India.^[15] While the Act has a reasonable goal of increasing crime investigation, detection, and prevention, it fails to meet the other three conditions of appropriateness, necessity, and balance.

Specific terminology in the law, such as “behavioural traits” are ambiguous. According to Clause 6 (2) of the Act, resistance to or refusal to allow the taking of measurements under this Act is deemed to be an offense under section 186 of the Indian Penal Code.[16] Does this mean that if a person convicted under section 186 of the IPC is later found innocent and acquitted, his details will remain on the record since he was convicted under section 186 of the IPC? This is a significant flaw that must be addressed. This legislation lacks the critical element of “reasonable classification”  because section 3(c)[17] requires biological samples to be taken from anyone charged with a felony punishable by seven years or more or a crime against a woman or child. However, the authorities may still require other individuals to provide measurements if they are arrested. The logic in itself is as apparent as mud and arbitrary.

The Act violates the Constitutional right against self-incrimination and the right to life. Furthermore, the Act did not go through a public consultation procedure before being enacted. The Internet Freedom Foundation (IFF) noted that the Act “significantly compromises the privacy of regular citizens and undertrials.” Any bill that incorporates data collecting in any way must adhere to the Supreme Court’s Right to Privacy judgment, which states that it must be essential and proportionate to the government’s goals.^[18] It is not required nor proportional to collect such a large amount of data and keep it for 75 years.

In criminal investigations, the Act permits the collection of certain identifiable information about individuals. The right to privacy protects the information listed in the Act, which is deemed personal data. The Supreme Court (2017) has declared the right to privacy to be a fundamental right.[19] The Supreme Court established guidelines for any statute restricting this liberty. These include a public purpose, a rational link between the law and the aim, and the fact that this is the least invasive means to achieve the goal. That is to say, the invasion of privacy must be both essential and reasonable to the goal. Several parameters may cause the Act to fail this test. It may also fail to meet the requirements of Article 14 of the Constitution for a legislation to be fair and reasonable and equality under the law.

Another concern is that the Act makes no mention of safeguards for the data collected. The Software Freedom Law Centre’s (SFLC)[20] Legal Director, Prasanth Sugathan, noted that law enforcement’s extensive data collection could lead to its misuse. “Without sufficient safeguards in place, this is a recipe for disaster.” He further added that, “It may be difficult to ensure that data is deleted in the event of an individual’s acquittal or discharge when data is shared across multiple entities.” The problem arises because the data collected does not need to have any relationship with the evidence required for the case; the data is stored in a central database that can be accessed widely and not just in the case file; and safeguards have been diluted by lowering the levy.

Section 45 of the Indian Evidence Act of 1872[21] classifies scientific evidence as relevant evidence. They have a high level of dependability and have a significant influence on judges’ thoughts. However, our country lacks such scientific knowledge and laboratories, which are reliable sources of information. The NCRB already operates a centralized database, namely the Crime and Criminal Tracking Network & Systems (CCTNS), without a clear legal framework. The working relationship between the proposed law and CCTNS is not clearly defined, but it is expected, based upon the fact that digital records are governed by the same government department. This may endanger the entire criminal justice system.

The justification for claiming that a person’s written samples are distinct is lacking. In numerous cases, the reliability of iris and retina scans has been called into question. In Daubert v. Merrell Dow Pharmaceuticals Inc.[22], the United States Supreme Court issued broad standards governing the scientific legitimacy of forensic procedures employed to prosecute an accused. Such guidelines do not exist in India.

Conclusion

The rate of technology advancement and how personal data is processed impact us in many ways. Unlike the European Union’s General Data Privacy Regulation (GDPR)[23], the new Act was passed without any overarching data protection legislation in place in the country. A data protection framework is desperately required. Sound practices must coexist with increasing biometrics collection rather than being an afterthought. Biometrics in society has also grown in the last decade, from personal gadgets like cell phones to attendance records, passports, and visa applications.

In reality, technology has made it possible to connect the many branches of the criminal judicial system. CCTNS (Crime and Criminal Tracking Network System) links all police stations, and e-prisons, e-prosecution, and e-courts are included in the Inter-Operable Criminal Justice System (ICJS). In jails, the practice of capturing pictures and fingerprints, and even retina scans, already exists, and biometric information has helped speed up the process of entrance and release.

Aadhaar data of all inmates, including visitors, are stored and have aided in monitoring criminals. The national database of sexual offenders contains over 1 million names, fingerprints, DNA samples, Aadhaar card numbers, and voter I.D.s and is exclusively accessible to law enforcement authorities. It would be a significant problem to keep such data and samples secure for an extended length of time in order to prevent their unauthorized spread and abuse.

Further, the measure fails to consider the stigma it may impose on a person whose personal data is floating about on the internet. This can be used as a weapon against society’s underprivileged groups. Countries worldwide are making efforts to secure their citizen’s data. How can the safety of the data obtained be assured in the absence of data protection legislation in India? There is an urgent need to develop data protection regulations to secure citizens’ personal information. So that people’s rights are not violated, terminology like “measurement,” ‘behavioural traits,’ and so on should be given a definitive meaning.

Without a question, law and order, state security and sovereignty, and citizen safety are critical. However, the state must also find methods to protect fundamental rights such as the right to privacy and equality of its citizens while attaining these goals.

This article has been contributed by Tirtha Ajith and Akarsh Sachan, students at the Army Institute of Law, Mohali.

End notes

[1] The Identification of Prisoners Act, 1920 (act 33 of 1920).

[2] The Code of Criminal Procedure, 1973 (Act 2 of 1972), s.53

[3] State Of U.P vs Ram Babu Misra, AIR 1980 SCR 1067.

[4] Law Commission of India, 87th Report on Identification of Prisoner Act,1920 (August, 1980).

[5] Section 6(2) of The Criminal Procedure (Identification) Act, 2022 (Act 11 of 2022).

[6] Section 3 of The Criminal Procedure (Identification) Act, 2022 (Act 11 of 2022).

[7] Section 4(2) of The Criminal Procedure (Identification) Act, 2022 (Act 11 of 2022).

[8] Supra note 7

[9] Section 4(1) of The Criminal Procedure (Identification) Act, 2022 (Act 11 of 2022).

[10] The Constitution of India, arts. 14, 20(3), 21.

[11] Section 3(c) of The Criminal Procedure (Identification) Act, 2022 (Act 11 of 2022).

[12] The Constitution of India, art. 20(3).

[13] Section 2(1)(b) of The Criminal Procedure (Identification) Act, 2022 (Act 11 of 2022).

[14] The Constitution of India, art. 21.

[15]K.S. Puttaswamy and Anr. vs. Union of India AIR 2017 SC 4161.

[16]Section 6(2) of The Criminal Procedure (Identification) Act, 2022 (Act 11 of 2022).

[17] Section 3(c) of The Criminal Procedure (Identification) Act, 2022 (Act 11 of 2022).

[18] Supra note 15 at 3.

[19] Ibid.

[20] Software Freedom Law Centre available at : https://sflc.in/ (last visited on May 19, 2022).

[21] Indian Evidence Act, 1872 (Act 1 of 1872), s.45.

[22] Daubert v. Merrell Dow Pharmaceuticals, Inc.(1993) 509 U.S. 579.

[23] EU General Data Privacy Regulation, 2016.