Now that the inevitable death of Free Basics by Facebook has happened and the dust has settled, the real outlines of the government of India’s Internet and Digital India policies are coming into focus.
The four pillars of the government’s intentions have been declared and are already under construction: a policy to prefer free and open source software in all egovernance software solutions; new guidelines on patenting ‘computer-related inventions’, which will adhere strictly to the prohibition on patenting computer programs; comprehensive reliance on Aadhaar to provide a biometrically-backed digital identity for every Indian citizen; and the ‘India Stack’, a set of software designs that build atop the Aadhaar unified digital identity to provide cashless payment systems available to all Indians, electronic government services and a ‘consent layer’ for transactions exchanging Indians’ personal information in the private market.
This is an immensely ambitious agenda, but how this agenda is fulfilled, and, in particular, what the consequences are for freedom in the world’s largest democracy, will depend on the fifth pillar of the new Digital India. This pillar is protection of all citizens’ right of privacy.
About the role of privacy in the future Digital India, the government is plainly ambivalent. Having announced it would seek a definitive Supreme Court ruling in the ongoing Aadhaar litigation, the government last week chose instead to rush Aadhaar legislation through Parliament under the contentious claim that it represented a money bill insulated from Rajya Sabha consideration, thus avoiding any significant form of public policy debate.
The Aadhaar legislation ensures that there will be a single database, at CIDR, holding fingerprint, retinal scan and, eventually, full genomic information on every Indian, along with name, address, phone number and — in a continuing reminder that every Indian woman is treated as some man’s property—the name of each woman’s husband or father. From this data, the ordinary conduct of the simplified statistics, we call data science, can infer other pieces of sensitive information with almost flawless reliability.
The rules concerning access to and operations on this data — which will be determined by future subordinate legislation — whether the surveillance and control of will be enormously facilitated; whether each Indian’s purchases, savings, gifts and receipts will be trackable, controllable and preventable by anyone with sufficient political power or a stolen set of digital keys.
The Bill accords the government an unrestricted right to access and use CIDR’s database for purposes of “national security”, a term nowhere defined in this legislation, or anywhere else in Indian law. Given that this database can be used to identify, locate and control people — and the likelihood that any uses made for “national security” will be kept secret and outside the scope of judicial review —only the declaration by the Supreme Court of the broadest and most powerful individual constitutional right of citizen privacy can prevent the inevitable misuse of this power by some future government.
Ministers of the present government who were jailed under the Emergency declared by a government without such tools, or whose phones were surveilled by a more recent past government with lesser tools, should be among those most concerned by the possible consequences The government’s concern with acquiring free and open-source software and its decision to resist the blandishments and threats of the multinational IT companies speak to the strongly nationalistic quality of the Digital India vision.
But without an equally clear and determined set of policy commitments to protect the privacy of Indian citizens comprehensively, the digitisation of identity and payment threatens to replace foreign “white” owners of Indians’ lives with domestic “brown” ones. Because information is power, such an oligopoly of data, if it is not imperialism, would be tyranny.