Big brother getting bigger? The privacy issues surrounding Aadhaar are worrying

By Anita Gurumurthy

The vexatious question about what to do with the normative ideals enshrined in law, when society undergoes paradigmatic change, is not new. Justice Brandeis’s dissenting opinion in the US Supreme Court in 1928 is one of the more notable dissents in American history.

The case – Olmstead versus United States, 277 US 438 (1928) – concerning wiretapping by federal agents, bears uncanny parallels to contemporary conjuncture. Only that nearly a century ago, the American judicial system was grappling with whether tapping telephone conversations would comprise an invasion of privacy. In his dissent, Brandeis avers that even though the letter of the 18th Century Constitutional law does not explicitly protect citizens from wiretapping, its spirit must be adequate to new conditions and purposes, tackling the new forms that “evil” takes. He argues that the evil of wiretapping technology allowed government to use subtler and more far-reaching means of invading privacy than before. By using the information so tapped for its own ends, the Government becomes a lawbreaker and cannot declare that in the administration of the criminal law the end justifies the means.

Image: Reuters

Image: Reuters

Brandeis also underlines that the “greatest dangers to liberty lie in insidious encroachment by men of zeal, well meaning but without understanding”. In the early 20th century, phones could replace the brute force of breaking into the private space. The anatomy of present times is the digital-data paradigm. And so, we must examine our liberties in the context of what computational and network power does to the social contract between citizens and the state.

If times of telephony made governments evil, the surveillance quotient under digital technologies confer no less than Godly command to the state. As governments collect data from us, the transfer of the data creates a huge asymmetry of information and power, leading to the absolute or totalitarian state.

What does data related power mean?
The concurrent ability to know the individual and her private sphere in microcosmic granularity and to process this knowledge for its macroscopic vastitudes is what distinguishes digital age surveillance. It means the possibility to know, as in the case of the Chinese government, precisely which woman is flouting the one-child policy, and when the policy is abandoned, who the millions of women are that must get their intrauterine device (IUDs) removed.

This is raw power. Little wonder then that governments are tempted to play God.

The dictum in the data age is not the need to know; it is the instinct to harvest the knowable, and the cunning to shape the known. As the citizen becomes more and more legible to the state, the state becomes more and more opaque to the citizen. Government open data reveals less about the true nature of democratic governance, and as has been pointed out time and again, adds up to nothing more than ‘gesture politics’.

Image: Microsoft

Image: Microsoft

Big Data techniques can allow politically motivated messages to be planted strategically and delivered virally, creating myths that crowd out the real issues needing deliberation, public interest mediation and norm development.

Brandeis’s ‘men of zeal’ in current times may even be ‘well meaning’, but their deep faith in the digital-data apparatus can unleash the greatest dangers to liberty, undermine rule of law and disrupt democratic institutions. Unlike times of wiretapping, when American authorities needed human agents to listen in, digital intelligence today is an agent in its own right.

Research by MIT points to how FBI’s face recognition systems are trained on data sets that under-represent some demographics and hence incorrectly identify black people more frequently than white. But given that black people are more likely to have facial-recognition software used to identify them, it is clear that the due process of law to discern their likeness in situations of crime is programmed to be prejudicial. Rule by data is thus a real threat to our democratic futures. The fact that 87 lakh job cards under the MNREGA scheme have been removed by the Ministry of Rural Development, as a “cleansing drive” reflects the absolute power of the state to take decisions without pre-decisional hearing.

What is clear is that the technological precision and effectiveness of state intrusion into citizens’ lives – the capability to identify, track, manipulate and control individuals – today far outweighs the social and technological capability to manage or eliminate the risks. As global society struggles to come to grips with this emerging digital-data paradigm, the greed for data has become part of the race for geo-political supremacy.

The result, as the UN Special Rapporteur on the Right to Privacy has remarked, is a short-shrifting of the right to privacy in the digital age. At the global level, the ‘terror card’ has been used to justify global programmes such as PRISM. At the national level, as the Special Rapporteur argues, “unduly disproportionate, privacy-intrusive laws have been drafted and rushed through the legislative process of States with clear political majorities to legitimise practices that should never have been implemented”.

Aadhaar as a digital age invention
This brings us to Aadhaar, the unique ID system introduced in 2009, legitimated through the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016. A unique citizen ID is that one piece of data which allows the government the prowess to piece together multiple fragments of an individual’s life in order to produce a singular narrative. Your unique ID, when introduced into databases, can allow different databases to talk to each other, allowing particular personas representing you to be assembled at will by the state.

This, it can be argued, may be technically useful for enhancing the quality and reach of welfare delivery. But what is critical is that in the absence of a data protection law and privacy rules, there is no accountability structure for use and abuse of citizen data. This is why the seeding of Aadhaar to databases can bestow unchecked power upon the already powerful – bureaucrats, politicians, corporate actors, and other vested interests – who can exploit people by accessing information about them.

Aadhar UID Iris Scan 720

Despite Supreme Court rulings that have clarified that Aadhaar enrolment is not mandatory, more and more services are being sought to be linked to Aadhaar. Not just welfare services – PDS, NREGA, pensions, mid-day meals and scholarships – but also, PAN card, income tax, cell phone numbers (by 2018) and train tickets bookings online.

De facto, everyday citizenship is thus mediated through Aadhaar, something that makes opting out of Aadhaar a Hobson’s choice, while conferring inordinate power to the state. A 5-judge bench had noted in 2015 that Aadhaar did pose challenges to right to privacy, "the fundamental rights guaranteed under the Constitution of India, and more particularly, the right to liberty under Article 21 (which) would be denuded of vigour and vitality."

Experts have argued that the mission creep here from establishing identity – which may be useful within proportional limits for effective last mile delivery of welfare – to allowing agencies to hold the number through seeding, is extra-legal. Section 8(2)(b) of the Aadhaar Act is categorical that an agency requesting authentication "ensure(s) that the identity information of an individual is only used for submission to the Central Identities Data Repository (CIDR) for authentication".

So, what should constitute a reasonable expectation of privacy in the digital age?
In the Philippines case of Ople versus Torres, 1998, the Supreme Court struck down the Administrative Order that sought to implement the National Computerised Identification Reference System. The Court held that citizens needed assurance that personal information will only be processed for unequivocally specified purposes, to prevent “fishing expeditions” by government authorities. The Court observed that possibilities of abuse and misuse of the PRN, biometrics and computer technology are accentuated since individuals lack control over what can be read or placed on their ID, much less verify the correctness of the data encoded. New technologies therefore threaten the very abuses that the constitutional Bill of Rights seeks to prevent.

What scholars studying privacy urge is that the stakes for privacy in the digital age be understood for the social, rather than individual, value of privacy. This would include the freedoms that Brandeis referred to as core to the pursuit of happiness – “freedom of beliefs, thoughts, emotions and sensations”, which have profound implications for a society that is diverse. The individual needs to be let alone so that, as a society, we can safeguard the dignity and integrity of all.

Privacy also has a public value. It is a precursor to freedoms of speech and association and democratic participation non-negotiable for limiting government power. Finally, privacy, in these times, when personal data is assembled by unscrupulous third parties for private gain, must also be seen as a collective good that cannot be divided. These ideas exhort a deeper thinking about what may be frameworks for data related policies.

The way Aadhaar works currently, without being grounded in a such an articulation of privacy, is a dangerous case of the tail wagging the dog, where the techno-capability to track is being offered to us as the justification to do so.

The author is with IT for Change, an NGO that works at the intersections of digital technologies and development