Jun 22, 2013
With the wall between government and private sector collapsing, our problems are compounded. India does not have laws to protect either data or our privacy.
There is public outrage in the United States because the government seems to have crossed the boundary of acceptable data collection. It started with Edward Snowden, a government official, leaking details of PRISM, an operation by which most of the global Internet technology companies in the US — including Facebook, Google, Yahoo, Microsoft, Skype and YouTube — handed over user information to the National Security Agency (NSA).
If true, this could be one of the biggest surveillance operations in history. It promptly slammed the panic button even in a society that has become increasingly tolerant of government surveillance in an age of terrorism. The government clarified that everything was legal and only targeted at “foreigners” as possible terror suspects, that the rights, freedoms and privacy of American citizens were unharmed. The tech companies denied that there was automatic or large-scale data transfers. Facebook, Yahoo, Microsoft and Apple gave out details of how many requests they had had for user data information and how these were generally related to criminal cases. The user could relax, they insisted, their personal information was safe, their privacy was respected.
Yet the outrage continued. the New York Times has now highlighted the ties between the Silicon Valley and the “spy agency” NSA, underlining the “deep connections” between the two. The fact that Max Kelly, the chief security officer for Facebook responsible for protecting the data of its billion-plus users had left FB in 2010 to join the NSA was suddenly headline news today as proof of the nexus between Silicon Valley and the government’s spook department. American civil society — in spite of its tendency to accommodate security measures that “fight terror” — was very concerned.
Yet the outrage continued. the New York Times has now highlighted the ties between the Silicon Valley and the “spy agency” NSA, underlining the “deep connections” between the two. The fact that Max Kelly, the chief security officer for Facebook responsible for protecting the data of its billion-plus users had left FB in 2010 to join the NSA was suddenly headline news today as proof of the nexus between Silicon Valley and the government’s spook department. American civil society — in spite of its tendency to accommodate security measures that “fight terror” — was very concerned.
The NSA’s interest in the Silicon Valley was understandable. Where information is power data is kingmaker. The amount of private data Silicon Valley has is amazing, and in an age of data mining it is heaven for commercial companies forever seeking information on consumers in order to ensnare them better. And when “security” is a magic word that quietly opens doors to a surveillance society, it is equally natural for the NSA to cosy up to the treasure trove in the Valley. Besides, on top of the raw data, the Silicon Valley also has sophisticated software that can analyse it. No wonder the NSA is so interested in a long and meaningful relationship. And no wonder the public — especially the media — is outraged.
We have seen this quiet convergence between government and commercial interests closer home. In India, with the Unique Identity (UID) number or Aadhaar project the boundary between government operations and private enterprise has blurred dangerously in the area of data collection. And there has been no outrage from the media, no flurry of concern from civil society, no panic — in spite of repeated warnings from worried experts and activists.
The Indian government uses its authority to collect personal data from its citizens and hands it all over to the Unique Identity Authority of India (UIDAI). For example, I went to get myself registered with the National Population Register (NPR), which is compulsory for all citizens. I specified, with the strict and repetitive enthusiasm of retired school teachers, that I did not want an Aadhaar number. Just the NPR, thank you. No UID, okay? Okay, okay, they said. Just look through here and give me your finger… And voila! I instantly got an Aadhaar number! The NPR data is automatically shared with the UID. And then, the data, by some peculiar logic, becomes the property of the UIDAI. The UIDAI can thereafter sell that data or share it with anyone they choose.
This may lead you to believe that the UIDAI is a rather peculiar government entity. Not so. Contrary to popular belief, the UIDAI is not a government entity at all. There was no democratic process behind it. There is no new law for it. In fact, when a couple of years after arbitrarily starting the UID process the government finally got around to drafting a Bill to convert the UIDAI into a statutory authority, it was unambiguously rejected by the Parliamentary Standing Committee on Finance, which examined it. Never mind. The UID project is elbowing its way through our fast eroding democracy without Parliament’s approval. And costing the national exchequer a bomb. After which, the UIDAI will not have any of the accountability issues that a government agency born and nurtured on tax payers’ money has. It will be a business enterprise bowing to – or winking at – only company laws.
Once the UIDAI has all its demographic and biometric data and processes in order it would swiftly cut the governmental umbilical cord and spring forth as a commercial body. Working for profit, it would offer identity authentication as a paid service to both private and government agencies. It will make money every time someone wants a gas or a telephone connection, a bank account, a PAN card, a passport, a credit card or whatever. The government will then have to buy its services.
Similarly, there are other data collating entities linked to the UID like the National Information Utilities (NIUs) that would be set up, fed, funded and nurtured by the government till they become self-sustaining, at which point the government would become their paying customer. NIUs will privatise government databases and, like the UID, will thereafter own that government data and use it for profit.
So what’s wrong with this fond sharing of personal data between the government and the born-to-be-commercial entities it creates? Just that unlike commercial companies, the government is supposed to protect the information on its citizens and not use it for its own benefit. There is a certain trust involved. Giving out the information to commercial companies is a breach of trust. It violates the citizen’s right to privacy. And it can lead to enormous harm.
With the wall between government and private sector collapsing imperceptibly, our problems are compounded. Especially since India does not have specific laws to protect either data or our privacy. Data mining is the new power tool, and both government and private businesses are likely to use data like never before. Now government accountability is low, and we cannot be sure that all this detailed information — say on caste or religious identities — would not be used for political purposes to harm certain communities and thereby harm our democracy. And once the government hands over the data to private enterprise there is no state accountability, and information on Indian citizens may be used by any paying customer for their own purposes.
Besides, government has no qualms about surveillance. Like the US we too need to “fight terror” and would happily overrule citizen’s rights for it. Unlike the US, our civil society seems unperturbed by the possibility. Or by the irresponsible sharing of personal data by government and the private sector that can wipe out the democratic freedoms guaranteed by our Constitution.
The writer is editor of The Little Magazine.
