Digital native: The rules of the game

There isn’t much left to say about the ongoing contestations of the Aadhaar project that hasn’t already been said by people who have been critiquing, investigating and resisting its onslaught on privacy. We now have no doubt that the technological architecture, governmental oversight, and the corporate cronyism that frames the larger context of the world’s largest biometric citizen database is designed to make us transparent citizens, who shall continue bearing the burden of data extraction, as the system becomes more integral to our everyday transactions. As India slowly tries to formulate a national right to privacy with absolute rights granted to its citizens — and in the face of the landmark Supreme Court judgement that reinforced the idea that our right to privacy is tied to our constitutional rights of life and dignity — it is now clear that the operations of Aadhaar have outstripped the machinations of privacy.
We now live in a semi-mandated state of Aadhaar, where almost all of us (the penetration of Aadhaar is on the upward side of 90 per cent now) are in the system, unsure of either the state or the future of the data that the Aadhaar number accrues, as it gets tied to basic public delivery systems, financial transactions, and identity and residence verification processes. Aadhaar is here to stay. Despite all its technological breakdowns, data leaks and human corruptions, it has already achieved a data-shroud through the data-cloud that now circulates our private data to unknown destinations and purposes. I remember sitting in on one of the first consultations for the Aadhaar, at the National Law University Bengaluru, when Nandan Nilekani had announced that he didn’t see the hoopla around privacy because we have no sense of privacy in this country. He had glibly pointed to the fact that people give out more private information to people offering lucky draws in malls than they give out to the Aadhaar registration offices.
What Nilekani had failed to highlight was that the information given to the malls or to restaurants in feedback forms was never going to be the central mechanisms that exclude common people from basic services. The privacy regulation has indeed gained momentum recently, especially given the demonstrable data and security breaches of technological order. But we must realise that at the basis of Aadhaar was a wilful and conscious neglect of privacy rights. The closest Aadhaar architects came to talk about privacy was in terms of data storage and security, neglecting the decades of work that social scientists and humanists have produced in thinking through conditions and materiality of safety and privacy.
What we have now, then, is a system that is layered with unregulated private entrepreneurs whose service level agreements about the use and protection of our data are opaque. We are faced with a state that has the ambitions of digital consolidation without the requisite literacy for its protection. And we are working within a framework of technocratic utopianism where technology is deemed more trustworthy than the people around it.
Ironically, the current government reaction of issuing showcause notices to civil society organisations, privacy activists, and investigative journalists who are exposing the vulnerabilities of the Aadhaar database has taken the tone of the very first alarmists. The state is now suddenly realising that leaks and breaches are a two-way process. If you build systems that attack the personhood of citizens, the same system is not going to keep you protected against technological misfortunes. If you design a system that is aimed at data leaks without attention to privacy, safety or the consequences of this data gathering, then the tools that were developed to exploit the subjects are also going to be turned around to attack those who are in power.
It is necessary to see the current data trading and transaction on the backchannels of the dark web, not only as a leak but as an attack on the personhood of the state. Just like its citizens were not allowed their rights to privacy, the state is now suffering from its private sovereignty, being questioned, attacked and compromised. It is a good reminder to technocrats that a state which does not take the safety of its citizens seriously, will eventually find itself in the same position of attack from technologies that it built. And this time, there will be no rights protecting the state’s privacy either.