In India, the COVID-19 pandemic has killed over 100,000 people as of early October. Yet, this appalling figure does not fully convey the sheer magnitude of the situation.
Human rights abuses have run rampant over the course of the pandemic’s assault. Migrant workers, in their hundreds of thousands, were subjected to monstrous heat, police beatings, and unimaginable exhaustion as they sought to escape unemployment and penury in the aftermath of a poorly implemented lockdown. Journalists, exposing corruption and mismanagement in the government’s response to the pandemic, were threatened and slapped with dubious legal charges.
Beyond the malice of those in power, the ignorance of ordinary people emerged, too, from underneath the cover of the pandemic, with some spewing vitriol against those from the Northeast, whose “Chinese” features made them a target for suspicion.
For many Indians, the pandemic and its associated abuses have eroded the most fundamental tenets of what it means to be a human being: food, shelter, employment, recreation, physical and mental health, travel, dignity. Another aspect, more insidious, is the creeping encroachment of the state on citizens’ right to privacy.
India is home to an extensive architecture of mass surveillance, particularly in Kashmir and other restive parts of the country. The present government has also used considerable tools at its disposal, such as facial recognition technology and drones, to pursue its political opponents.
In India, as elsewhere, the onset of the pandemic has proven to be a blessing in disguise for the regime, which is now positioned to vastly expand its surveillance network in the name of protecting public health. The government’s contact-tracing app, Aarogya Setu (Bridge to Health), is the chief source of such concern, alongside others.
Around 80 countries have national data protection laws. India is not among them, although the Personal Data Protection Bill is currently pending in Parliament. Despite the lack of legislation, the right to privacy for all Indians was conclusively established by a 2017 Supreme Court ruling that grew out of the biometrics-linked Aadhaar identity program run by the government.
Aarogya Setu is not India’s first controversial and large-scale data-collection project. Aadhaar has become the world’s largest biometric ID system, with most Indians using it to open bank accounts, receive unemployment benefits, and so on. The program met with a similar outpouring of privacy-related concerns during its years-long rollout process. In 2012, retired High Court judge K.S. Puttaswamy challenged the constitutionality of the Aadhaar project before India’s highest court.
Although Aadhaar was eventually ruled constitutional, the Supreme Court laid out a landmark judgment in response to Puttaswamy’s suit, five years after he brought it. It asserted that privacy was a fundamental right, protected under the Constitution.
“Privacy safeguards individual autonomy and recognizes the ability of the individual to control vital aspects of his or her life,” declared the court’s majority opinion.
The court clarified, however, that this right was not absolute. To justify an impingement, any government intrusion on the right to privacy had to meet a three-pronged test: legality (done through an existing law); necessity (meets a legitimate state objective); and proportionality (demonstrates a direct link between the objective and the means to that objective).
Hence any violation of the right to privacy through excessive and egregious surveillance during the pandemic, through negligence or deliberate action, must be treated as a critical human rights issue. Violating this right can have dreadful consequences for the most basic individual rights, such as those to speech, movement, and association, and allows the government to exercise enormous control over a person’s life.
Amid the current crisis, the Indian government introduced Aarogya Setu to track the spread of the pandemic. The contact-tracing app is now used by an estimated 100 million people. It collects detailed personal information about its users, including name, gender, travel history, and phone number, as well as precise location data — to a far greater extent than comparable apps, the Internet Freedom Foundation has argued.
There was little transparency on how the app was constructed, and the sort of data it gathered. In contrast with government contact-tracing apps in other democratic countries, Aarogya Setu’s release on April 2 was accompanied by strict rules against reverse-engineering it, sparking concerns about government secrecy in an already tension-fraught arena.
A barrage of criticism eventually led to an open-source release of the app’s code, some seven weeks later. Hackers quickly discovered that the app took a rather relaxed approach to data protection. One was even able to use the app to find that a number of senior government officials were infected with the virus.
The MIT Technology Review, ranking contact-tracing apps, derided Aarogya Setu, awarding it only two stars out of five data-security parameters. This meant that the app failed to meet the Review’s criteria for limited and voluntary use, and minimal data collection.
Government officials have defended the app as being both necessary and protective of user data, but it has faced pushback from multiple fronts. In May, the home ministry made downloading Aarogya Setu mandatory for every employed person in the country, threatening to impose fines on anyone who failed to comply. It was the only democratic country to take such a position, and the decision was met by a wave of criticism from opposition parties and civil society groups.
More than 40 civil-society organizations wrote to the prime minister, condemning the app as damaging “the privacy, autonomy, and dignity of workers.” Rahul Gandhi, the opposition’s most prominent voice, accused the government of using the app as a “sophisticated surveillance system,” warning that “fear must not be leveraged to track citizens without their consent.” B.N. Srikrishna, a former Supreme Court judge who chaired the committee that drafted the pending data protection bill, called the mandatory nature of the app “utterly illegal.”
Legal challenges to the app’s constitutionality did not stop its rollout, but the backlash forced the government to dilute the app’s mandatory nature just weeks later. After a slew of vaguely worded orders led to desperate calls for clarity, similar rules mandating travelers to download the app were also quickly dialed back. Downloads have plunged 90 percent since April.
The technological failings and involuntary nature of Aarogya Setu make it difficult to argue that Puttaswamy’s three-pronged test has been met. The violation of privacy committed by Aarogya Setu may be in pursuit of a legitimate state objective — curbing a pandemic – but the wide scope of its data collection, out of sync with comparable contact-tracing apps and without precedent when compared with other democratic governments, casts doubt upon the proportionality of its surveillance. Information about the app’s technology is muddled or unavailable.
Aarogya Setu exemplifies India’s privacy problem. A relaxed, negligent attitude to data-protection is no better than a deliberately harmful one because the result is the same: a gross violation of the individual’s right to privacy and facilitation of future harm to other rights.
Aarogya Setu is not the only instance where the right to privacy has been stretched to its limits or shattered entirely. The pandemic has led the Indian government to increase its visual surveillance of its citizens. The sophistication of such technology has been stepped up in response to the pandemic.
For example, police have deployed facial recognition technology to aid their surveillance of COVID-19 patients. One may argue that such technology is a fairly standard part of modern policing, and should thus provoke little alarm. Such a view ignores the reality of India’s present government.
Pre-pandemic state surveillance
Authorities have already used such software to scan crowds of people who were peacefully protesting the government’s hugely controversial reworking of citizenship laws. This fact remained secret until it was revealed by media reports earlier this year. Following such protests, the ruling party has been known to legally harass critics of the government, while ignoring concrete proof of criminal behavior by party-linked sectarian gangsters.
It is likely that, although the pandemic may pass, the sophisticated facial recognition infrastructure used in the response will become standard protocol for the government and the police. When viewed considering the government’s markedly authoritarian streak, and its penchant to use visual-surveillance techniques to commit flagrant abuses of the right to privacy, such a scenario becomes deeply concerning.
Meanwhile, on the so-called virus “red zones” in the conflict-ridden state of Jammu and Kashmir, police have used drones to conduct aerial surveillance and monitor the movement of people. These are operated by extensive “control rooms” that monitor large swathes of territory, aiming to curb the spread of the virus. Again, divorced from the political context of this country and this government, such methods appear to be simply the most effective ways of reducing community transmission of the virus.
In Kashmir, however, such operations must be treated with particular care and skepticism. It is a part of the country where the movements and actions of private citizens are already curtailed immensely by the Indian government, which exercises a direct, rigidly authoritarian rule there, protected by sweeping military-immunity laws.
Drones are not an unfamiliar sight to the people of Srinagar or Pulwama districts in Kashmir: they were also used to enforce the government’s clampdown on the area during the abrogation of the state’s special status last year, a period in which already rampant human rights abuses soared.
Over the next few years, the carnage of the pandemic will manifest itself in many forms. But India’s surveillance architecture, built over the last decade and strengthened for the pandemic, will be the most silent of COVID’s offspring.
The most-watched place in India is liable to become even more so in the aftermath of the pandemic. The next chapter of Kashmir’s life will unfold in the epicenter of a growing surveillance network.
Over the next few years, the carnage of the pandemic will manifest itself in many forms. City streets may be quieter, schools and offices only thinly populated. Millions will likely be pushed into poverty, feeding the already chaotic scramble for jobs in a listless labor market.
But India’s surveillance architecture, built over the last decade and strengthened for the pandemic, will be the most silent of COVID’s offspring: humming away, with a watchful eye on our private lives, it holds untold potential for damage to fundamental rights. Life under an authoritarian regime is one where the benignity of government action can never be taken for granted. It would do well for Indians to keep that in mind, as the cameras train their eyes on us, all in the name of public health. ●
Aditya Narayan Sharma is a freelance writer and a student at Columbia University, New York. He tweets @AdityaNSharma.