We are data.

In bits and bytes, we are the websites we surf, the comments we leave, the texts we send, the social networks we log on to, the videos we forward, the bills we pay, the subsidies we receive, the advertisements we click on. As more people and devices connect to the internet, it is inevitable that more of what we do will get digitised, collected and stored: what we eat, when we leave home, which flights we prefer, what time we go for a run or hit the gym.

Some of this data we give voluntarily—for subsidies and benefits, or even to health apps, for monitoring and assessing our performance. Some of it we give without realising: for example, details of where we are when we update Facebook, whose profile we check on the sly. Some of it we would never want anyone to get access to, which might make us vulnerable: the illnesses we carry, the people we flirt with, the things we bitch about, what we message our lawyers and doctors about. We are data.

The argument I hear most frequently about privacy is that if you have nothing to hide, you have nothing to fear. This is far too simplistic an approach, because the lack of privacy impacts vulnerable communities the most: it could be a friend from the LGBT community who wants to discuss about coming out; a student contemplating suicide; or someone who’s facing sexual harassment at the workplace and wants to discuss with you about whether they should go to court or not; or a farmer who doesn’t want anyone to know about how much debt he owes. It’s not whether we have something to hide or not, but whether someone can trust us with information that they want kept private.

Our identity is now essentially linked to all the data we keep generating. Who controls our data has the power to control us. Data is malleable. Those who can manipulate our data can take control of our freedom. Those who own our data can own us. For democracy, at the core of which are individual rights and civil liberties, it is essential that our data belong to us, and we have the choice to recall it, and not give up control over it.

This is where the impact of what the FBI is trying with Apple hurts most: by forcing the company to establish a backdoor entry into a system which even Apple can’t peek into, it makes everyone vulnerable. Governments across the world are pushing for lower encryption norms because that will help them break into all digital communications and storage, and check whether someone is a terrorist or not.

India’s draft encryption policy, which was put on the backburner last year, exp­ected citizens to store all their communications in plain text for 90 days and banned bulk encryption systems. Such attempts create a system which not just the government but also hackers can exploit to compromise our security. Once such systems are built into software and communication networks, you will be vulnerable; the easier it is for governments to access your data, the easier it becomes for hackers as well.

In India, we’re setting up an identification system in Aadhaar that is being made progressively mandatory for everything that we sign up for: the more the databases that link to Aadhaar, the more the information that the government can gain access to easily, without judicial oversight. The scope-creep in Aadhaar is scary: not just the increase in services it is being made mandatory for, but what was until recently only about collecting biometric information has now been expanded to biological information. If your Aadhaar data gets stolen, you can’t even go to court: only the UIDAI can.

There are, however, legitimate national security concerns: to protect citizens, governments need to be able to access communications quickly, and identify potential terrorist threats. The Uni­ted States has its National Security Agency (NSA), and India is setting up its Centralised Monitoring System, to spy on citizens.

This breaks one of the fundamental, foundational principles of our democracy. As Justice Vivian Bose, in his thoughtful dissent in the S. Krishnan and Others vs The State of Madras case wrote about the formation of the Indian constitution said:

“Look past the mere verbiage of the words and penetrate deep into the heart and spirit of the Constitution. What sort of State are we intended to be? Have we not here been given a way of life, the right to individual freedom, the utmost the State can confer in that respect consistent with its own safety? Is not the sanctity of the individual recognised and emphasised again and again? Is not our Constitution in violent contrast to those of States where the State is everything and the individual but a slave or a serf to serve the will of those who for the time being wield almost absolute power? …How can it be doubted that the stress throughout is on the freedoms conferred and that the limitations placed on them are but regrettable necessities?”

We need to work towards systems that ensure user privacy, and treat requests related to “National Security” as exceptions, and not the norm. Access to private information, in each instance, should be under strict judicial oversight, instead of allowing the state the opportunity to put in systems that let them access everything about us, with only a government committee providing oversight to government decisions.

You can’t make citizens more secure by making them more vulnerable.

Note: An edited version of this first appeared in Outlook Magazine.