Spy In The Room
One of the most fundamental of our rights is the presumption that we are law-abiding citizens living in compliance with the law. State surveillance turns that on its head
Just imagine a new device in your living room — a camera, installed by any of the big global technology giants. But this one doesn’t take instructions from you. It just silently sits there, quietly observing you go about your mundane daily activities. Occasionally it will remind you that you are going to be late for office if you don’t leave now. It might ask you if the sofa cushions you just bought were comfortable, and even remind you to change it every now and then. If you fight with your spouse, it will suggest therapists you could meet; or even the number of an ambulance service, depending on the seriousness.
But it mostly just observes. It keeps track of the pages of the newspapers you are reading, the tone of your dinner table conversation, and the kind of friends you share a drink with. If it is witness to some criminal activity, it is mandated to inform the police. Needless to say, all of these are designed to make your life more comfortable, and arguably safer.
Would you be okay with such a device snooping on you all day (maybe a less intimidating version of the TV from the novel “1984”)? Most of us certainly wouldn’t. And yet, we seem to have invited global big tech companies to do the exact same thing, albeit through our phones and other gadgets.
Even as technology companies strive to hide the evidence of their snooping in dense legalese and non-denials whenever questioned, the government seems to have no such compunction. Take for example, the recently released draft Unmanned Aircraft System Rules, 2020, to govern drones. Section 35 of the Rules permit drones to take pictures after ensuring privacy of an individual or property. But there is not a whiff about what steps the drone operator would need to take so as to ensure privacy.
Questions also abound about the data collection practices of the Aarogya Setu app. With the government not releasing the source code of the server, we simply don’t know what information the government is collecting, storing and evaluating.
Or take the tender floated by the Ministry of Information and Broadcasting for the empanelment of an agency for the “fact verification and disinformation detection”. Some of the services sought in the tender are the identification of suspicious profiles, identifying key influencers behind disinformation, and geo-location analysis of disinformation. These sound innocuous enough, and in fact, essential too; however, it is quite likely to end up being just a tool for targeting dissenters who question the government.
This follows earlier attempts by the Unique Identification Authority of India (which gave us Aadhaar) for setting up a social monitoring hub — aborted after the Supreme Court observed that it was a step towards setting up a surveillance state. Earlier, in December 2018, the home ministry issued a circular authorising 10 security agencies to intercept, monitor, and decrypt any information generated, transmitted, received or stored in any computer or device. While the circular was immediately challenged before the Supreme Court, arguments in the case are still pending.
The government inevitably defends such collection, as it did during the Aadhaar hearings, saying that Indians voluntary give this data, and so much more, to social media companies based abroad. So why frown at the government, which is only looking to protect the public interest? That is a legitimate argument, and needs to be addressed.
India does not have a privacy law. The Personal Data Protection Bill, 2019, has been held up due to oppostion to one clause
However, the two are not comparable. Simply put, private companies don’t look at you with suspicion — they are morally indifferent. On the other hand, the State can declare you a possible criminal and arrest you. And that’s a world of difference. Or speaking as a lawyer, there’s a reason for the constitutional protection from being randomly searched by a police officer without a reason. One of the most fundamental of our rights is the presumption that we are decent law-abiding citizens going about our lives in compliance with the law. State surveillance turns that on its head. Every thought, every interaction, every emotion is connected and analysed —because that is what big data analysis does.
Compounding the problem is that India does not have a privacy law. The Personal Data Protection Bill, 2019 has been held up due to opposition to a clause that grants omnibus exemption to security agencies for accessing information without the statutory compliance responsibilities. According to Justice BN Srikrishna, on whose committee report the Bill (which did not have this clause) was based, this single provision could usher in “an Orwellian state, with big brother snooping on citizens”.
But mark the irony. In a country where the majority of people are simply not capable of reading legal verbiage, forget understand the privacy intrusions they are consenting to, the government could have been an ally to its citizens — protecting her from intrusions from private data companies. Instead it chooses to be an even bigger predator.
There are three reasons why we should not be comfortable with unrestricted data collection and access by government agencies, even for the stated aim of national security, without a privacy framework in place.
First, mass surveillance is justified on the basis that agencies are analysing anonymised data for undesirable activity — nobody is individually targeted. This is a myth. Researchers have been able to work backwards to identify the person corresponding to the data with alarming accuracy. A study from Carnegie Mellon University in 2000 found that a combination of just data about gender, date of birth and zip-codes was sufficient to arrive at the identity of 87 per cent of the people of the population. Ninety nine per cent accuracy can be achieved with just 15 fields of data. India’s 2011 Census collected information under 29 heads.
Joined with this is the fact that large-scale analysis of data through algorithms (or in other words, Artificial Intelligence) is still ridden with inaccuracies and biases — the algorithm might throw up patterns that are wildly off-the-mark.
Second, often what is done in the name of public interest is often merely the interest of the government in power. Decades of India’s history has shown that security agencies mostly work at the bidding of the party in power. To give them access to your private and personal conversations would leave citizens in a constant state of fear and would render almost all constitutional protections nugatory.
Finally, and perhaps most importantly, such data collection is simply unlawful. The judgment of the Supreme Court in the phone tapping case (People’s Union for Civil Liberties vs Union of India, 1997) declared that the right to hold a telephone conversation in the privacy of one’s home can certainly be termed as a fundamental right, which can be breached only according to the procedure established by law. The Court had also laid down procedural safeguards for when the State needed to tap telephones. Sans a law, such mass surveillance perhaps is an outright breach of privacy.
The writer is a Delhi-based advocate and
chartered accountant