Protection vs Privacy: The Debate on Surveillance and Digital Rights in India

The recent controversy that erupted over the Israeli spyware Pegasus that was used to snoop on at least 100 Indian journalists, activists and politicians on WhatsApp raises some serious concerns over targeted surveillance, especially since that the central government is suspected to have been directly involved. This is not the first time that data privacy has been violated in India. Another reading list by EPW Engage has looked at how unregulated mass surveillance benefits the government and helps to further the commercial interests of the corporate sector. Legislation protecting individual data privacy has also been quite poor — though the Puttaswamy judgment was considered a landmark judgment in the Aadhaar case, it has fallen short in terms of implementation. 

The Pegasus case came to light when messaging platform WhatsApp submitted a disclosure in a United States court that they had discovered that the Israeli surveillance company NSO had developed and used the spyware to hack into phones across the world, of which 121 were reportedly in India. While, several opposition leaders have been vocal in holding the central government responsible, union information technology minister Ravi Shankar Prasad made a statement that turned the tables around to hold WhatsApp answerable for the breach, claiming that the government had not been notified by the messaging platform. WhatsApp responded on 3 November stating that it had informed the Indian government of the breach twice, once in May and again in September this year. In keeping with demands, of the opposition, a standing committee has been set up to investigate the case, and is scheduled to meet on 20 November. 

Surveillance via digital media has increasingly become the modus operandi of the government-corporate complex today. Mass surveillance, and the buying and selling of aggregated data have become commonplace. In this reading list we look at why and how governments, and particularly the Indian government, has justified snooping and surveilled citizens. 

Counterproductive Reactions

The internet has now become a space for geopolitical battles, writes Aasim Khan and Nishant Kumar. In the aftermath of the terror attacks in Mumbai the Parliament passed 8 bills in 17 minutes without debate. One of these bills was the IT (Amendment) Act which provides the legal basis for government surveillance of telephonic and digital communications in India. They argue that governments often tend to see communications issues in terms of sovereignty. Therefore, they tend to have knee-jerk reactions, particularly when antagonised by external threats. However, these reactions often tend to be counterproductive, in that they end up infringing the digital rights of the citizenry. 

In democracies, it follows that citizens must guard against violation of their rights. This includes their “digital rights” being violated by governments and corporations ‒or both acting in concert‒ regardless of whether the company involved is censoring and discriminating on its own initiative or acting under pressure from authorities. One of the central concerns related to the issue of regulation of the internet in India is that due to absolute lack of knowledge and transparency, a common citizen does not even recognise who the regulators are and how such regulations occur. An internet that is compatible with and conducive to democracy has to be governed publicly and in a manner that reflects the will of the governed. 

Corporate Collusion

Governments have justified digital surveillance as necessary to tackle crime and terror. But as Kirsty Hughes argues, governments do not really need to monitor entire populations to ensure safety simply because digital technology makes surveillance easier to conduct. When democracies do this, Hughes writes that they undermine their own ethos and institutions. In her article, she outlines how corporate interests are increasingly prevailing over governments, which eventually hurts the freedom of expression. 

Free speech does not prevail where everything is being monitored, or collected, or stored so one day it may be checked on. And while governments need to be challenged not to censor and monitor and undermine the global digital space we share, private companies have become an increasingly important part of the equation – but one less easily held to account. Facebook’s users hit the one billion mark this autumn. But not only does Facebook make a lot of money out of the private and public information that the one billion share on its pages, it also sets the rules for the conversations in its space. Fair enough you may say, so do plenty of clubs or newspapers or societies. But telephone operators do not set rules of what you can and cannot say on the phone; cafes do not ask you to sign up to what you can and cannot say at the door. And as Twitter, Google and others respond to governments’ requests to take material down – or stand up to governments (as they sometimes do) and defend what has been posted – we are witnessing a major privatisation of censorship in the digital world. 

Contempt for Privacy

In 2014, following several instances of privacy breaches by government authorities, the South Asia Human Rights Documentation Centre wrote that the “Indian state's agencies' relentless surveillance of citizens and censorship show[s] an alarming contempt towards issues of privacy.” Particularly, the organisation was concerned about the centralised monitoring system (CMS) that was introduced in 2009, which allowed the government to listen to any telephonic communication and pin locations. Then the suggested “Citizen Intelligence Network,” also in 2009, envisioned ordinary citizens engaging in active surveillance of each other, in a system that was reminiscent of the USSR under Stalin.

In April 2013, the United Nations’ Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression cited the Indian state’s CMS as threatening to “take communications surveillance out of the realm of judicial authorisation and allow unregulated, secret surveillance, eliminating any transparency or accountability on the part of the State”. Along with the CMS set up in 2009, we also had the beginnings of a “Citizen Intelligence Network (CIN) allowing residents to participate actively in the intelligence gathering mechanism to help prevent terrorist strikes in the country” (Parashar 2009). M K Narayanan, then national security advisor (NSA), was “the force behind the proposal.” According to the report, once the proposal, which aims to revamp human intelligence, gets the go-ahead from CCS, which can be as early as a month from now, the police and IB will actively go about interviewing residents, initially only in the metro cities but gradually all over the country, to select men and women who could play the role of ‘special intelligence officers’ in their areas. To keep their motivation high, these officers will also be provided with mobile phones and the government will foot the bill. The Intelligence Bureau’s (IB) official staff strength is not big but the number of stringers and informers it employs is huge. 

Campaigning Against Surveillance

Soon after Edward Snowden exposed the US government’s involvement in the collection of personal data across the world, Richard Stallman wrote that given the worrying disregard for privacy that governments have been demonstrating, citizens need to actively engage and campaign for their digital rights and privacy. Campaigns that demand the legal recognition of the individual’s rights on the internet constantly, he argued, is the only way to circumnavigate the legal grey areas that rapidly developing technology has been presenting for some decades now. 

When people organise such campaigns, typically, the first proposal is to legally limit “access” to the accumulated data. This is inadequate to solve the problem. When the state wants to find an excuse to imprison a whistle-blower, it will find ways to satisfy whatever requirements there are. To avoid the total surveillance state, we need to limit the col­lection of data. Systems that log activities must be designed not to keep personal identifying data for very long, except when there is a prior court order to keep the data about a particular person. We must replace the advertising-based system for funding websites with an anonymous method for paying to access a page.

Read More: 

• India's Surveillance Laws, Then and Now: Has Anything Changed? | EPW Engage, 2019
• Questioning Surveillance sans Data Protection | EPW Editorial, 2018
• Remembering Emergency: Coercion and Surveillance as Bases of the State | Suhas Palshikar, 2017