The Supreme Court recognised the fundamental right to privacy in 2017, the same year the country witnessed some of the most large-scale violations of privacy to have ever occurred.
You can describe people in words, or you can describe them in numbers. As a rule, neither system is perfect, but in general, words tend to create bonds while numbers tend to create distance. Technology, and its poorer cousin e-governance, though seems to tilt towards numbers and in 2017, in India, the tilt got a lot steeper.
A deep vein of technological determinism has always run within Narendra Modi’s Digital India. Over the last year, it has made itself more clear than ever. From demonetisation, to the Goods and Services Tax (GST) to 360-degree-Aadhaar projects, there appears to be nothing that cannot be solved by a string of numbers in a centralised database.
The messiness involved with governance has stopped being viewed as a problem brought on by contending and noxious interests. Instead, there is a subtle, if consistent, push towards handing over the process of administration towards a technological system that can supposedly fulfil a set of explicit specifications.
This is why in 2017, nearly a billion Indians were forcefully nudged into re-verifying their SIMs with Aadhaar – a development that was brought on over concerns of terrorists getting their hand on SIM cards – even though the government knew the underlying enrolment system was broken enough for Pakistani spies to be able to get their hands on legitimate Aadhaar numbers.
Or why the GST network was pushed out as a crippled system – in Modi sarkar, some technology is always better than no technology – even as its crucial goal of reducing tax evasion was hamstrung by unwieldy rates, lobbying and political flip-flops.
However, even back then, the threat of computerised governance leading to a surveillance state was voiced loudly.
In August 1985, Rajiv Gandhi wanted his party’s MPs to digitise and formalise their work with the help of computers. The Indian Express flashed the news with the headline “Computer to Watch Cong MPs”, and went onto report that the computer would now give “periodic warnings” about the lapses of MPs and that it would also store details of their “adverse activities”.
The Times of India even went to bat over whether it would violate the privacy of MPs over potential privacy violations, with an editorial that called the move “wrong and dangerous”. The implication, as India Today wrote in late 1985, was that Rajiv did not trust his party and that it would make the Congress’s MPs “even more docile”.
In 2017, the Supreme Court recognised that all Indians have a fundamental right to privacy.
However, in the year that was, the country also witnessed some of the most egregious and large scale violations of privacy to have ever occurred.
The sprawling and viral proliferation of the Aadhaar programme into every walk of life lead to over 100 million Aadhaar numbers being leaked by central and state government agencies in direct violation of the Aadhaar Act. What’s worse is that nobody was held responsible for the abysmal information security practices that lead to the numbers being made public.
Private and corporate entities tried their best to match Indian government. As The Wire reported and tracked, data breaches from Reliance Jio, Zomato and McDonalds exposed in some way, shape or form the personal details of (at the very minimum) 30 million Indians. Again, no one really held responsible.
Online surveillance manifested in small ways (In Kerala, school authorities reportedly gained unauthorised access to an Instagram account, leading to the suspension of a boy and girl) and the bizarre – The Wire reported in mid-2017 how Indian police allegedly helped a division of UK’s Scotland Yard hack into and monitor the email accounts of Greenpeace activists.
India’s formal surveillance infrastructure, which boomed after the 26/11 attacks, crystallised in 2017. As we reported, the centrepiece of the Indian government’s surveillance efforts, the Central Monitoring System (CMS), was made fully operational by the first quarter of 2017.
The functioning of the CMS, however, still remains exceedingly opaque. All we have are stray data points – in 2014, a SFLC report, which quoted an RTI reply, revealed that up to 9,000 telephone interception orders are issued by the central government every month..
The story of surveillance in 2017 was also one of state governments realising that they should not be outdone by the Centre. In West Bengal, chief minister Mamata Banerjee amended an outdated set of laws to create a near-Orwellian world of surveillance that would track and monitor dissenters and protestors.
In Andhra Pradesh, a tender floated earlier this year for the state’s “Integrated People Information Hub” (IPIH) gave us a glimpse of how local surveillance networks by India’s police will evolve across the country.
Hyderabad’s IPIH, while billed a smart policing mechanism, is a natural outcome of two developments over the last few years. One, ‘Digital India’ (in this case, the rapid creation and storage of citizen data) is growing at a pace that is not contained by legal safeguards, a serious information security culture and a proper regard for civil liberties. Two, centralised databases that were slowly being created and populated over the last few years are now starting to talk to each other.
Consider the data sources that IPIH mixes and matches: CCTV footage, fingerprint data, call data records (CDR) using entity matching and other data mining algorithms. It also takes into account other variables such as family demographics, address, date of birth, mobile number, contact number, driving license, voter ID, Aadhaar number and a ‘crime number’.
As The Wire reported at the time: “While there are indeed serious issues for the police to take care of, smart and predictive policing can easily turn into total blanket surveillance from all forms”.
Digital residue and persistence
It’s strange how India’s technology-driven development agendas are carried out in pairs. In the 1990s, Rajiv Gandhi had Sam Pitroda.
Today, Modi has Nandan Nilekani – an odd partnership considering that in the run-up to the 2014 elections, the Gujarat chief minister slammed the Infosys founder, calling him a “person who has 1000 crore but no Aadhaar”.
“They have a person who has 1000 crore but no Aadhaar. They made him candidate. He must answer what has been done with hundreds of crores of rupees meant for Aadhaar card. In the end the Supreme Court had to intervene,’’ Modi said of Nilekani and the Aadhaar project in April 2014.
By August 2014, Modi had changed his mind. Perhaps what prompted a re-think were Nilekani’s ideas for what Aadhaar, after propping up India’s welfare system (which has shown middling success so far), could go onto radically change how Indians interact with their central and state government.
In a world filled with post-facts, the truth is approached through repetition. The message that is transmitted and repeated most often is the message that wins. Today, Indians wake up everyday to SMS-es that threaten the shutdown of basic services (their mobile phone connections, their bank accounts) if they don’t start connecting Aadhaar to every part of their lives.
Nilekani’s last book, Rebooting India, is an illuminating if startling read on how the UID project can slowly link the rest of India’s society together, layer within layer. The book, which was released in 2015, is prescient only if how much of it has gone onto become a part of the Modi government’s agenda. The national health policy released in March 2017, which proposed the creation of a national health information network that would be linked to Aadhaar as a means of sharing patient data is pure Nilekani.
Resistance and the road ahead
What should India’s citizens – who are wary of how Aadhaar, the interconnection of massive centralised databases and an utter lack of legal safeguards are starting to snowball – think about doing?
There are, of course, tech hacks that help ward off the dangers of using Silicon Valley services. And WhatsApp’s decision to switch on end-to-end encryption last year has probably done more to help safeguard the personal privacy of most Indians than anything else in the last two decades.
However, the personal information of most Indians still remains shockingly leaky – the going-rate in 2017 for the personally identifiable information of up to one lakh people was anywhere between Rs 10,000 to Rs 15,000.
But what has become clear in 2017, is that we need to push our elected representatives into doing more, into caring. Most government officials and members of parliament are exceedingly aware of India’s surveillance state. In private interactions, they warn you to switch off your phone or leave it in a room outside their office. Services like Gmail, which come with the stigma of being run by a foreign company, are still preferred to local alternatives offered by the National Information Centre.
“Surveillance doesn’t affect only criminals, it affects everyone individually, and collectively. Question it. Currently, if the government eavesdrops on you illegally, you would never know. The government should notify all subjects of surveillance after the surveillance is done, so that citizens can challenge illegal surveillance. Ask for better protection of your rights,” said Chinmayi Arun, Executive Director at the Centre for Communication Governance.
“We have been very careless about letting the state bully us into getting Aadhaar cards. Now our data is integrated, leaking and being sold to unknown third parties for all we know. If we go the Chinese way, this will affect our health insurance premiums, eligibility for public services and much more that we do not anticipate at present. We must show a little more concern for our future and our rights.”
The first venue that the fight for our rights will be tested next year is at India’s data protection committee. Set up towards the end of this year, with public consultation meetings scheduled in the first week of January, the committee is off to a decent start. However, it will still only scratch the surface of what needs to be done.