Let’s be realistic about Aadhaar

From the debates in the media after the recent landmark judgement of the Supreme Court on privacy as a fundemenal right, one would think that privacy is only a matter between State and citizen. While the judgement itself discusses privacy at many places in the context of technology, information, non-state actors and so on, the buzz around the judgement seems to be confined to a few issues: the Government, Aadhaar, Article 377 and, maybe, beef-eating.

Even among these, the focus of attention seems to be the ‘Aadhaar’ number. Kafkaesque scenarios are painted about the possible ways in which Aadhaar may be used for mining data and tracking individuals. A blinkered, Aadhaar-centric approach to privacy is ill-informed and misleading. It is akin to trying to close one door in a house with several doors, all open.

The benefits of Aadhaar have been written about extensively. Government programmes have been vitiated by the inability to target beneficiaries precisely. Aadhaar remedies this through unique identification and authentication of beneficiaries, de-duplication, eliminating ghost beneficiaries, nailing culprits and tax evaders, etc. It is interesting that after years of internet and mobiles, it required Aadhaar to kindle the privacy debate in India. Surely, this is an unanticipated, almost serendipitous consequence.

But the debate needs to be expanded. Why are we talking of privacy only in the context of Government and Aadhaar? What about the other ‘non-state actors’ in the smorgasbord that is our polity: the media, businesses, private establishments, technology companies and the like, who deal routinely with people and sensitive data? Take the media. So far persons affected by intrusive or false reporting had the option of resorting to action under defamation laws, writs, etc. Now, however, ‘breach of privacy’ may also become actionable.

Media houses photograph or videograph people for their stories, sometimes surreptitiously (recall the ‘sting operation’?) and access private documents which may also constitute an intrusion into privacy.

Yet, not many seem to be looking at any of this from the privacy angle. And even when they do, the justification will probably be similar: that the ‘truth’ has to be told and culprits nailed.

Under a ‘privacy law’, will the media also not have to deal with these questions equally carefully? It would be fitting if the legal fraternity and media come up with opinions on the matter which I think is a significant fall-out of the judgement, but seems to be receiving scant attention.

Next, consider private businesses. Snazzy shops, malls, jewellers and super markets use CCTV cameras for surveillance. E-commerce sites insist on registration before their services are used. Mobile numbers are almost being used like identity numbers and, worse, shared nonchalantly.

Some cellphones use biometric access with the data stored abroad. In many private establishments, biometrics-based attendance and visitors passes with photos are mandatory. Photographs have been used for ages to identify, name and track individuals. Uploading a digital photo of yourself makes you susceptible to facial recognition and tracking. But interestingly, we allow our ‘friends’ to tag our faces quite voluntarily using the face tagging feature on social media.

Technology in its entirety needs to be our object of attention. Every time we start browsing the internet, we are opening ourselves to intrusions. Anyone with a cellphone is ‘virtually’ (pun intended) being tracked by the service providers. Most software platforms, web browsers and search engines may actually be programmed to ‘remember’ your actions — sometimes even passwords — so that they can be of assistance. When we click the ‘I agree’ or ‘remember password’ button on a screen are we aware of the consequences for our privacy?

When we travel abroad we routinely allow our biometrics to be taken for our visas. No one seems to be protesting against foreign governments insisting on possessing our biometric data.

Have you ever heard anyone talking about privacy in the context of an identity card or photograph or web browsing or search engines or cell phones? Not much? Well, if anything, the photograph of an individual is equally a ‘biometric’!

After all, a fingerprint needs an expert to decode it whereas a photo can be taken without the subject even being aware of it and used to identify individuals with accuracy.

In comparison to fingerprint, s photos are so much more potent and liable for misuse that every photograph that is taken and shared — without a fraction of the controls there are on Aadhaar (for instance, do you know that you can ‘lock’ your Aadhaar number?) — would constitute a breach of privacy! But our faith in technology and in the benign intentions of unknown private — and foreign — service providers is touching!

An acquaintance related a possible scenario thus: ‘Using Aadhaar, governments will be able to virtually create a profile of mine for surveillance: where I go, what I do, whom I meet’.

I told him gently: Forget about governments; anyone who wants to ‘profile you’ can do so easily: all they would need to do is a web-search or ‘friend’ you on social media or access your phone records or video footage from CCTVs. Most of these are free, do not need permissions, passwords, resources or even great brains. And every time you click the ‘remember password’ it can be misused to access what you think is private.

Does anyone even seriously believe that junking Aadhaar is all we need to sit safely in our ‘private’ ivory tower cocoons? If so, they are in for a nasty surprise. For instance, all that Aadhaar can purportedly be used for can be done with a mobile phone or a vehicle registration number, and more effectively. Yet, our obsession with privacy seems to begin and end with Aadhaar.

Yes, privacy as affirmed by the Supreme court is our right. But when we talk about privacy can we also deliberate on its application to media, businesses, technology, etc? We need to expand the privacy debate to include more than what we are confining ourselves to at present. This much is sure: Technological naïveté and digital illiteracy are not going to help the cause of privacy.

The writer is with the IAS. The views are personal

COMMENT NOW