On any given night in the southern state of Tamil Nadu in India, it is common to see police officers on patrol stopping mostly pedestrians and two-wheeler riders to check their credentials. Since 2021, they have been able to point a mobile phone at the face of any of these people and within seconds pull up a number of potential matches in the state crime database. Since 2025, some of these officers have had access to a 360-degree view of a person’s life, including their bank accounts, their families and relationships, their social media history, their travel records, their Aadhaar authentications and more. This is the operational reality of one of the most expansive surveillance infrastructures in the world; one that is being built on a foundation of flawed data, fallible people, and decades of discriminatory policing. And most Indians have no idea it exists.
For my doctoral dissertation, I studied one sliver of this surveillance stack: the facial recognition software (FRS) used by police in the southern state of Tamil Nadu. My research revealed the extent to which the adoption and use of this technology relied on a complex network of existing infrastructures, databases, practices, and beliefs. The FRS app used by the Tamil Nadu police was built by C-DAC—the Research & Development Wing of the Indian Ministry of Electronics and Information Technology—as a stackable component on top of the Crime and Criminal Tracking Network System (CCTNS) database. The CCTNS database, a crowning achievement of the modernization efforts of the Indian police, is connected to over 15,000 police stations across the country and houses whatever information has successfully been digitized by these stations regarding complaints, active and past investigations, and criminal cases currently in the courts. Most importantly for the FRS app, it also houses photos of suspects and convicts connected to these cases from across the country.
The CCTNS database, in turn, feeds into the National Intelligence Grid (NATGRID), a master database initially built as a mass surveillance and intelligence sharing platform accessible only to a select few agencies at the national level. The NATGRID contains highly sensitive, identifying information about people and enables the formation of a 360 degree profile of almost every adult in India. It incorporates information from databases like the CCTNS, national identity systems like the Aadhaar, driving licenses, and passports as well as the controversial National Population Register (NPR) that contains family-level demographic information on 119 crore Indians. It also tracks information from banking and financial institutions, digital payment platforms, telecom operators, transportation systems such as FASTag (a cashless toll collection system), airlines, and railway bookings. Your digital traces, internet habits, and social media posts all get fed into NATGRID.
In July 2025, Piyush Goyal, the Chief Executive Officer of NATGRID, wrote a letter appealing to state police units to “proactively” use the larger NATGRID solution to enhance their predictive policing efforts. Essentially, this means that certain police officers in your district can access a full profile of you, your family, your financial status, your social media rants, and your online habits if they believe you’re a person of interest in a crime. By December 2025, NATGRID was reportedly receiving 45,000 requests a month.
So why should the average, law-abiding Indian citizen be worried? Police officers exist to serve and protect people, right? Isn’t it good if they have more information to do their jobs? Unfortunately, the line that separates a good citizen from a bad one is often a politically drawn one that can be easily shifted to serve the prerogative of those in power. Maybe you spoke out against a corrupt former government that is now back in power and ready to use it. Maybe you participated in a minor political protest that is now considered a high-stakes national security issue. Maybe you’re like 25-year old Vignesh, a Dalit youth who got caught in the wrong place at the wrong time. A quick FRS search during a routine traffic stop revealed a minor pending case in CCTNS that somehow led to a police chase, and eventually to his brutal torture and death in police custody. Once you’re tagged as “accused” in a database, you’re caught in an intricate, ever-expanding infrastructural net from which it is nearly impossible to escape.
It’s also worth noting that police officers in India are mostly average, middle-class citizens with their own incentives, anxieties, biases, and opinions. They are not, in contradiction to local popular culture portrayals, highly trained and rigorously conditioned heroes with fundamentally different moral or ethical codes. They make mistakes and are more than capable of harm, as the tragic case of Jeyaraj and Bennix showed in 2020. In my interviews with police officers, some casually admitted to extra-judicially detaining people for inquiries based on their “instinct” despite a clear negative result from the FRS app.
To make matters worse, the databases at the foundation of this surveillance stack that these instincts are checked against are themselves flawed. In my fieldwork with police data entry operators, I found that they were instructed to collect photographs of any “bad characters” and “suspects,” including those who were not yet involved in any police case so far. This has disproportionate consequences for minoritized populations such as Dalits, Tribal communities, and Muslims. Decades of discriminatory policing and surveillance of these communities has meant that they are already over-represented in crime data, more visible to the state, and more vulnerable to being targeted. In many states, the police standing orders explicitly allow for surveillance of entire families based on their association with “habitual offenders.” In this context, giving officers the discretion to capture the images and data of people they consider “suspicious” and building technologies like the FRS on top of this data means that these discriminatory practices become technologically reinforced and infrastructurally perpetuated.
Further, the process of translating and digitizing written and verbal complaints introduced several opportunities for errors. For example, Tamil names were transliterated automatically in English and this was often prone to mistakes. The volume of paperwork that needed to be digitized was so high that data entry operators often rushed through data entry and left fields empty when they thought the information was irrelevant. These problems are present in a database that is limited in scope and carefully checked. Consider the scale of errors in the other vast interconnected databases that form the base of India’s surveillance stack where data is automatically captured, processed, and filed without contextual awareness.
These are not separate concerns. They are all a part of one compounding systemic problem: discriminatory instincts, encoded into flawed databases, and handed back to those same officers as algorithmic confirmation of what they already believed. Each layer of the stack amplifies the errors of the layer beneath it. In short, people need not worry if they’re confident that the political environment of the country is and will always be favorable to people like them; if they believe police officers always act in good faith and never make mistakes; and if they believe that their unwittingly captured data will always tell the truth. If you are Indian and have even slight misgivings about any of these, then it’s worth paying attention to the surveillance infrastructure steadily being built in your name and with your data.
