The Delhi, Bengaluru, and Varanasi airports have recently begun the ‘DigiYatra’ service. It is a facial recognition technology (FRT)-based passenger boarding system verified by Aadhar details. Recent news also says that the Western Railways’ use of its FRT-based surveillance system has reduced crime on its routes and stations. Earlier this week, Maharashtra deputy chief minister Devendra Fadnavis said that Mumbai should have an AI-enabled, FRT-based surveillance system to combat ‘street crime’ even as such surveillance systems exist in multiple Indian cities already. Independent reports have found top Indian metros among the world’s most surveilled cities.
Implementing mass surveillance
Several programs that involve capturing and retaining personal data are underway in India in the absence of a data protection law Tenders by authorities in Dharamshala, Himachal Pradesh and Jabalpur, Madhya Pradesh show its intent of creating integrated surveillance networks powered by CCTV cameras and Artificial Intelligence. In Jabalpur, the city authorities have specifically sought “behaviour monitoring”, “protest control”, and vehicle monitoring among the capabilities of such a system, while the Lucknow ‘Safe City’ project
involves the Uttar Pradesh police monitoring people’s rooftops using drones in the state capital.
A report by The Wire explores the extensive surveillance in place in Hyderabad in detail. It also highlights the concerns that emerge from the Indian government’s proposed Automated Facial Recognition System which will be the world’s largest if implemented.
Increased government powers of surveillance, data collection
Legislation like the Criminal Identification Act, 2022, the IT Rules, 2021 (subordinate to the IT Act, 2000), and the 2022 drafts of the telecom and data protection bills are just some examples of laws that allow virtually unchecked powers to authorities to gather personal information on citizens and control our communication.
It should be easy to see that these powers can easily serve political and ideological ends. Journalists countering state-backed information can be surveilled to reveal their sources or endanger their families, as documented in this report. This enables extensive intelligence-gathering on activists and provides justifications to target vulnerable minority groups, like Muslims, in ‘investigations’ following rioting in Delhi in 2020.
The government would prefer that the immense amount of data generated by Indians be seen solely in terms of an economic asset to be channeled in favor of business and governance. However, ownership and control of personal information is also intertwined with fundamental rights, particularly those of privacy, and freedom of speech and political activities.
The latest draft of India’s data protection law, the Digital Personal Data Protection Bill, 2022, has reduced the guardrails around the State’s ability to acquire and retain personal data. This vastly increases the scope for surveillance as the government has been empowered to exempt any entity, including its agencies and instrumentalities, from provisions of the bill protecting personal information. (Read here for 12 major concerns with the draft law).
The draft telecom bill mandates licenses for all internet platforms that provide communication services. It also requires identification of internet users and weakens end-to-end encryption. It confers vast powers to intercept communications and shut down the internet, for poorly defined “public emergency” reasons. With India’s record number of internet blackouts, the new bill did nothing to institute reforms on network disruptions and did not include mechanisms for judicial oversight or independent review of such decisions.
This comes amid the IT Ministry, MeitY, demanding that VPN providers maintain user logs, something antithetical to the idea of such a service itself.
While we may have a Fundamental Right to Privacy on paper, it is largely absent as a significant value in our culture, a fact often used by the State to justify its powers to override it for supposedly more important ‘collective’ interests, whether phrased in terms of security, or playing into entrenched social attitudes towards youth and women, as my examples will show.
Privacy: On paper vs. realit
The Supreme Court in August 2017 affirmed privacy as a Fundamental Right. Yet, five years and four versions later, we do not have a data and privacy protection law in place. The UIDAI’s Aadhar, meanwhile, continues to be linked to basic services like availing rations and subsidies, obtaining mobile numbers, or opening bank accounts, all of which involve giving biometric data to the state or be left out of accessing them.
Privacy violations by the state are often carried out using the justification of a presumed ‘collective’ interest that is almost always unfairly balanced and improperly considered. The Hyderabad Police’s ‘Operation Chabutra’ involved randomly fingerprinting people and acquiring other biometric details for reasons as vague as ‘fighting crime’ to preventing teenagers roaming the streets at night. The police in Bengaluru reportedly forced young people to show them private WhatsApp chats to find incriminating material on drugs. While limited resistance to such moves does exist, including a petition in the Supreme Court, it is difficult not to comply when actually confronted with such a situation since the police in India is known for informal pressures and off-the-book tactics during civilian interactions.
The passage of the Criminal Identification Act only makes the process of collecting personal information easier for the police, and has been challenged on human rights grounds in court, although the outcome remains to be seen.
Conclusion: What must change
In the public consciousness and government rhetoric, such measures, whether legal or not, are justified in the name of ‘societal’ interests. The government recently used this argument against a petition in the Supreme Court on unreasonable search and seizure of personal devices, saying that the right to privacy is subject to restrictions considering “compelling public interest”. This is similar to its response to WhatsApp in court against the IT Rules’ provisions to break end-to-end encryption, saying that “privacy is not absolute”
We must confront the insignificance of privacy in our cultural life and social priorities to reverse this trend and enjoy greater democratic rights and freedoms and achieve social progress. When Madhya Pradesh’s chief minister said that women working outside their homes should register themselves at police stations to be tracked for their ‘safety’, he was not just making a case for a further expansion of police powers but also reinforcing an entrenched patriarchal social worldview while ignoring the real needs or voices of women.
Ours is not a privacy-friendly society, and that naturally makes the State hostile to privacy too, since its apparatus is nothing more than an instrument of socially powerful groups and ideologies. Changing this is up to us.
Arjun Banerjee is a writer and sub-editor at MediaNama. Opinions are personal.