On Friday, the Indian government will name the companies that will help it build what could be the world's largest facial recognition system.

Once it is set up, India's National Automated Facial Recognition System will provide a centralised database for police forces across its 28 states.

According to a government document published in July inviting companies to bid for the project, the authorities will be able to identify people - including criminals, missing children and the dead - by matching their images against a database of images.

That database will draw on images from existing records of prisoners, photos in passports, and "any other image database" with any entity.

Facial recognition identifies distinct points on an individual's face and creates a unique map of it, like a fingerprint.

The system is expected to enable searches based on images from closed-circuit television (CCTV) camera feeds, handheld mobile devices operated by security forces, and even photographs from newspapers, among other sources.

Oddly, for a project of this scale, there has been no discussion in Parliament on how the system would work, what oversight and safeguards it will be subject to, and whether it will even be accurate.

In July, India's National Crime Records Bureau organised a conference for nearly 80 potential bidders.

Bids will be accepted only from companies that, among other conditions, have an annual turnover of at least 1 billion rupees (S$19 million) for the last three years; have installed at least three facial recognition systems with a million-strong database for law enforcement agencies across the world; and meet technical standards set by the United States National Institute of Science and Technology.

The criteria effectively exclude home-grown businesses, say Indian companies like Staqu Technologies that has helped digitise records and already created searchable databases for eight police forces in India.

Mr Atul Rai, the co-founder and chief executive of Staqu, told Indian media outlets that foreign software might not be built for low resolution CCTV images, or the diversity of Indian faces.

At least a dozen foreign surveillance companies already operate in India, like CP Plus, Honeywell International, Bosch Security Systems, and Dahua.

Mr Apar Gupta, executive director of the Delhi-based Internet Freedom Foundation, said that having a foreign company collect and hold sensitive biometric data of India is "a threat to national security".

The push for this technology comes in the name of better law enforcement.

India's police are one of the most understaffed in the world, with just 144 police officers for every 100,000 citizens, compared with 318 officers per 100,000 citizens in the European Union.

But facial recognition technology is limited.

Related Story Facial recognition push at India airports raises privacy concerns

Related Story Beijing eyes facial recognition tech for metro security

Related Story France set to roll out nationwide facial recognition ID programme

"It can't even tell the difference between boys and girls," said Ms Vidushi Marda, a lawyer who works on artificial intelligence at Carnegie India and British human rights organisation Article 19.

The Delhi police force, for instance, told a court that the accuracy rate of the existing facial recognition software it used to trace missing persons was only 2 per cent.

Studies have declared even the most state-of-the-art technology used in the US, Britain and Germany to be inefficient.

Mr Gupta said: "Facial recognition systems are by design an act of mass surveillance. Such identification, even if done for purposes like law enforcement, is essentially collating and using data without any underlying basis of suspicion.

"This is termed as a general warrant, which is not permitted in law."

In a ruling that has far-reaching implications on state surveillance, the Bombay High Court on Oct 22 said that the authorities could not simply justify the infringement of a citizen's privacy by citing national security.

Government agencies first have to test if phone tapping or any other privacy-violating technology is necessary and proportionate in a democratic society, then request permission, and only after it is granted, can they carry out surveillance.

"Facial recognition does not meet these standards at all. In fact, it is just collecting data for the sake of it and finding a use for it later," said Ms Marda.

It has proven to be neither leak-proof nor secure. Recent revelations about unknown entities using Israeli spyware, to snoop on WhatsApp conversations of several Indian activists and journalists, have deepened worries about the absence of privacy protections for Indian citizens.

At the core of the issue is the absence of a data protection law in India.

"In this situation, a nationwide biometric record is essentially putting people at a very high degree of risk. The reality is that today we urgently need regulatory intervention, given that there is market failure in self-regulation," said Mr Gupta.