Amid recent revelations about the US PRISM program and the deployment of India’s own Central Monitoring System, our notions of privacy are being redefined — and the Indian citizen doesn’t even have the tools to ask exactly how. In the 1970s, US president Richard Nixon, a Republican, was forced to resign because he had hired criminals to search for documents at the Democratic Party office in Watergate Hotel, Washington. Several of his associates went to jail.
Today, US President Barack Obama receives daily reports from the National Security Agency (NSA).
The NSA logs every phone call on the US telecom system, records every website accessed by American surfers and demands personal user information from electronic service providers. This is legal under the US Patriot Act and the Foreign Intelligence Surveillance Act.
Governments around the world are emulating the Americans in creating cyber networks to carry out secret surveillance on their own citizens on massive scales. The British are doing it. The Indian government is doing it.
Bharat Sarkar rolled out the Central Monitoring System (CMS) this April. Under CMS, a central agency, the National Cyber Coordination Centre, will coordinate data gathering.
The Indian government via various agencies will monitor phone calls, text messages, social media content and internet usage. The consequences for citizens are chilling.
How did governments, including some of the most free and democratic political regimes, persuade their citizens to grant them such powers? The magic word was terrorism. The lever was technological ignorance.
Most people are prepared to forego some rights of privacy and free speech in the hopes that this will keep them safe from terrorists.
Very few understand the inter-connected nature of digital networks and just how much of a personal digital footprint they possess. So government after government has used the T word to justify ever more pervasive monitoring of citizens.
Unfortunately, surveillance can be used for nastier purposes, like censorship, and the suppression of civil rights. India has extremely repressive digital laws in place, such as the IT Act (Amendment), 2008.
Those laws have already been used multiple times to carry out political vendettas. If the government has more data, it stands to reason that it will have more scope for misuse.
A university professor was arrested in Kolkata for disseminating funny cartoons about the chief minister of West Bengal.
Two college girls were arrested in Mumbai for expressing a dislike of a Mumbai bandh called to mourn the death of local political party chief Bal Thackeray. In Pondicherry, an individual was arrested for questioning the sources of wealth of the union finance minister's son.
Numerous other criminal cases have been registered using the IT Act, victimising people for their opinions.
Google’s Transparency Reports claim that the Indian government sends the second-largest number of requests for censorship and for personal user information. In many, if not most, cases, the content pertains to political opinion or criticism.
It is ironic but true that I could, for example, harshly question the mental competence or poetic skills of the law minister in print, or in a TV studio.
But I could be arrested and sent to jail for three years for being “offensive” under Section 66A of the IT Act if that criticism was posted online.
Digital monitoring may also be used to preventively detain people planning a peaceful protest, as in December, after the Delhi gangrape.
Surveillance could decode the strategies of political opponents in election campaigns, a la Watergate. Or, as in the case of the infamous Radia tapes, conversations may be leaked to influence political discourse.
Apart from politically motivated misuse, or violation of civil rights, data can enable criminal activity. A rogue member of the Indian surveillance establishment could blackmail a citizen, or even take over a digital identity, using the CMS.
Much of this data-gathering borders on the unconstitutional and violates civil liberties such as the right to free speech (Article 19) and the right to personal liberty (Article 21).
However, the secrecy provides a cloak, which means that the activity goes unchallenged.
Indian citizens are particularly badly placed when it comes to such snooping. India has neither a privacy law nor an oversight mechanism for the gathering and use of personal data.
The CMS is, to put it bluntly, outside the law, as indeed is the National Identification Authority of India, which oversees the UID or Aadhar project.
The CMS system, for instance, is up and running (if as a pilot project), and there are still no answers to the following questions: Who can authorise the interception of communication? With whom can data monitored by the CMS be shared?
Is such data retained and, if so, for how long? Do individuals have the right to be informed about being monitored and about data retained about them?
India may eventually have a Privacy Act, if the recommendations of the AP Shah Committee on privacy are accepted.
The Justice Shah Committee pointed out that India’s lack of privacy laws leads to “an unclear regulatory regime that is non-transparent, prone to misuse, and that does not provide remedy for aggrieved individuals”.
The Commission also pointed out that the proposed DNA Profiling Act and the rollout of the UID (Aadhar) would result in the harvesting of huge new mounds of data tied to individuals at biological levels, along with personal identifiers.
The DNA Profiling Act proposes to record DNA profiles of all people tried in criminal cases, other “offenders”, people embroiled in paternity suits, organ donors and recipients, even victims of crimes and suspects. How will this data be used?
Will the government destroy the DNA records of somebody if they are acquitted? Also, how will it use or restrict the use of Aadhar, which is a biometric identifier tied to a huge amount of information about residency, financial records, etc? Again, no answers.
Any privacy Act will have to wait several years. Meanwhile, Aadhar is up and running, CMS is rolling along and DNA profiling could start soon.
Technologically speaking, digital environments are designed for surveillance. Every mobile phone user’s location can be tracked.
All calls, texts and instant messages can be logged. Every internet site visited by an Indian surfer can be logged. Every credit or debit card transaction, every bank transaction, is logged.
And you are not even allowed to ask what information the state has gathered about you. It’s the kind of surveillance state Stalin, Mao and Kim Jong Il could not have dreamed of.
(Devangshu Datta writes on technology, finance and the confluence of the two)