As 2023 drew to a close, many Indians found themselves navigating the chaos of holiday travel. Overcrowded buses and trains, endless traffic jams, and exorbitantly priced flight tickets were the norms. Amid this seasonal tumult, a new challenge emerged for travellers at Indian airports: the ‘mandatory’ implementation of DigiYatra.
DigiYatra, a biometric face scanning system, has sparked concerns and confusion among travellers. Many were uninformed about why their faces were being scanned or why participation was compulsory. This system, already operational in 13 airports, is set to expand nationwide, prompting urgent questions about its implications for privacy, data security, and civil liberties.
Apar Gupta, a seasoned lawyer with deep insights into the intersection of technology, law, and civil rights, spearheads a YouTube channel called “1984.” The channel, named after George Orwell’s dystopian novel, delves into the impact of digital technologies on democracy in India. In a recent video, Gupta dissected the complexities of DigiYatra, raising critical issues about its governance, data privacy, and potential for abuse.
DigiYatra traces its origins back to 2018, with its primary objective being a seamless, contactless airport experience through facial recognition. The Ministry of Civil Aviation claims that privacy concerns have been addressed, citing a decentralised, mobile wallet-based identity management system. However, Gupta expressed skepticism, pointing to significant gaps in these assurances.
The DigiYatra Foundation, a joint venture established in 2019, administers the system. Its unique composition – a blend of public and private entities – complicates accountability. While the government holds a 26% stake through the Airports Authority of India, the rest is divided among major airports. This arrangement, Gupta argued, creates a quasi-monopolistic entity that lacks the transparency and accountability typically expected of public institutions.
The implementation model of DigiYatra raises questions about preferential treatment and the monetisation of passenger data. Gupta underscored the potential for airports to prioritise Digi Yatra users, thereby subtly coercing more travellers to opt into the system. The foundation’s revenue model, which includes using passenger data for marketing hotels, taxis, and other services, further blurs the line between security and commercial exploitation.
On the privacy front, Gupta highlighted the absence of regulatory oversight, despite the introduction of the Data Protection Act, 2023. The act’s loopholes and the non-application of the Right to Information Act to the DigiYatra Foundation obscure the system’s data handling practices. Moreover, the lack of public audits and the potential for data misuse raise alarms about the security of sensitive biometric information.
Gupta’s critique extended beyond privacy concerns, touching on broader implications for democratic freedoms. He warns of a future where DigiYatra becomes a ubiquitous ID, required for everyday activities enabling pervasive state surveillance. This scenario, while speculative, is not unfounded, given the foundation’s ambitions to expand DigiYatra’s applications.
In conclusion, Gupta called for public awareness and scrutiny. By sharing experiences and voicing concerns, citizens can challenge the encroaching reach of Digiyatra and demand transparency and accountability.