The lack of a public debate on the effectiveness or safeguards created for the Central Monitoring System, NATGRID, and Aadhaar puts data at the sole discretion of the government

Although criminalisation of speech is distressing, other corrosive threats to our democracy and liberty are surging unnoticed and unchecked. There has been a sharp rise in state surveillance, government collection of data and government aggregation of big data sources. It appears that we are thoughtlessly mutating into what Jack Balkin calls the “National Surveillance State”. This is a governance form in which governments use surveillance, data collection, data mining and other such invasive methods to prevent crime, terrorist attacks and to deliver welfare services.

No one seems to have noticed that the Central Monitoring System (CMS) is already scanning our communication in real time in Delhi and Mumbai; or that the National Intelligence Grid (NATGRID), which links multiple government databases, aggregating all kinds of information, will be operational next year. No one has asked whether Aadhaar, with its access to our biometric identification and its connection with all kinds of databases from banking to health and scholarships, will be a part of NATGRID.

We have no idea how secure these databases are and have given no thought to what will happen if someone hacks them or misuses the sensitive information contained in them. Although major data breaches have been reported from entities ranging from the U.K. government to Adobe, Sony and Ashley Madison, it has not yet occurred to us that creating these databases means risking data breaches.

It is the nature of politicians and governments to seek and consolidate power. Indian politicians and the Indian government are no different. Our National Intelligence Agency, precursor of the infamous Intelligence Bureau, is older than the British MI6. Prime Minister Indira Gandhi is alleged to have put President Giani Zail Singh under surveillance, and reports indicate that this extended to having his office bugged.

The imbalance of power created by the state’s attempts at treating citizens like pawns is dangerously magnified by advances in digital technology that allow for easy monitoring of communication and access to large amounts of data. It has not helped that the Indian judiciary was shortsighted in its approach to phone tapping in the nineties. It responded to large-scale, unfettered government surveillance with weak safeguards that became obsolete very fast.

The problems with this have been highlighted in a piece by Arun Jaitley, the current Union Finance Minister, when the previous government was in power. He wrote “every citizen in India has a right to privacy”. In his powerfully argued piece, Mr. Jaitley pointed out that even access to citizens’ call data records violates privacy since it reveals their relationships and potentially confidential transactions.

This year, the CMS is actually being used to monitor our communication in Delhi and Mumbai, and its reach will be expanded gradually. This system has never been discussed meaningfully with the public, and no efforts have been made to explain what safeguards prevent its misuse.

In response to questions in Parliament, Law and Information Technology Minister Ravi Shankar Prasad has clarified that law enforcement agencies get access to intercepted communication on a near-real-time basis through the CMS. He has also made it clear that such interception will take place secretly, without the involvement of the telecommunications service provider, eliminating the only third party that ever had any idea of government excesses in this context.

This creates two potential problems. One, of course, is that the state will use the system for surveillance excesses as it has done in the past. The other is that whoever actually executes the ambiguous ‘automated process’ through which the government accesses our communication in real time may abuse this access to private information for personal gain.

In addition to the CMS, the government has spent approximately Rs.150 crore from 2009 onwards on the NATGRID, which is supposed to offer law enforcement agencies data access to 21 providers such as airlines, banks, the Securities and Exchange Board of India, railways and telecommunications operators by 2017. NATGRID is classified among the ‘intelligence and security’ organisations and is exempted from the Right to Information Act.

Congress MP Shashi Tharoor asked about potential parliamentary scrutiny of NATGRID in 2015, and the government responded saying it considers the current oversight mechanism adequate.

In the meantime, the controversial Aadhaar project is functional without any meaningful public debate or cost-benefit analysis. The identity number is being pushed aggressively by the government. For example, citizens are pressured to enrol by making critical services contingent on Aadhaar numbers. Most people would enrol if told that their bank account, pension, scholarship, driving licence or voter identification card is in jeopardy.

It makes matters worse that people are lining up to add their children to this database. Given that no one can opt out of the database once enrolled, this is a very serious human rights violation. It does not offer adults a way to withdraw consent and does not offer the next generation the opportunity to reverse their parents’ decisions.

It appears that we are travelling fast towards a complete transformation into a National Surveillance State. This journey may be irreversible. However, there is a lot that we could have done, and that we can do, to mitigate the imbalance of power created in this state.

We have had no public debate about the effectiveness or safeguards created for NATGRID and Aadhaar. We have put our children’s personal information in these databases without any information about the resilience of these databases in the face of sophisticated cybercriminals. We have not asked how easily they may be hacked, and what the consequences will be if our data are compromised or misused.

Even the United States lets its citizens know when public databases are breached. Aadhaar and NATGRID might be hacked several times a year for all we know; no one is obligated to tell us. The government wants to add our travel and bank information to these databases, and is pressuring all the phone manufacturers to integrate with them. This renders us powerless and steps around our painstakingly crafted civil liberties to hand control of our lives and information back to the state.

Chinmayi Arun is Executive Director of the Centre for Communication Governance at National Law University, Delhi, and Faculty Associate of the Berkman Klein Centre at Harvard University. Parul Sharma helped with the research for this piece.