Jan 29, 2019
Steps to make an Orwellian Curry
Last January I moved to the UK to work in a laboratory just on the outskirts of Oxford. I still remember walking across the office corridors for the first time and noticing bright animated posters pinned up on the walls. They were wacky, eye-catchy posters like the kind Netflix would use to adverstise a new show. Curiosity bugged and I walked up to these posters to take a closer look. It turned out that they were posters urging you to get well versed in the General Data Protection and Regulation (GDPR) before they would be implemented by the following Spring. Working in a Nuclear facility I always understood that protecting your data is one of the priorities (lest it falls on the wrong hands and someone uses it to create a bomb). Thus, having not really understood the need for the office in resorting to such bright and loud measures I went back to my cubicle to check if my simulation had crashed or not.
Come next spring, my inbox was jam-packed. Every email chain I was a part of, every website I had subscribed to, every online platform that I had an account in was asking me to go through and accept what kind of information they will harvest from me and what they intend to use it for. But this time it was different rather than throw a heap of text at me under their “terms and conditions”, the emails got frank with me and explained it to me in quite a simple manner. Even the organiser of our Friday evening badminton games had to get our consent to keep our IDs in the email chain. It turns out that GDPR was not just attempting to ensure that we don’t accidentally leak Nuclear data, but try to protect me from the prying eyes of the internet.
The General Data Protection and Regulation is a law applicable within the European Economic Area (Of which the UK is/was a part of) that primarily aims to give control of personal data back to the individual itself. The initial formulation for GDPR was released in 2012 and the regulation was released to the public in 2016 giving all institutions and companies a period of two years to get their data policies in order before the law came into full effect in 2018. The GDPR is a well thought out policy to prevent the megalithic silicon valley corporations from using own data against us and provide more transparency to what they intend to use our digital signatures for. It has been hailed as a monumental move towards preserving privacy all across the world and is currently the gold standard in data protection for individuals.
Three quarters of a year has passed since the GDPR has been implemented. Because the internet is ubiquitous, the move has created ripple effects across the globe, urging partners that operate within the confines of the EEA to strictly to adhere to it. The world has just finished celebrating the Digital Privacy Day on the 28th of January which is observed in more than 50 countries, including United States, Israel and India. However halfway across the world in the Prime Minister Modi’s “Bharat” the celebration of the day is marred in irony.
Last December in an over the night move the the Ministry of Home Affairs issued an order authorising 10 Central agencies to “intercept, monitor, and decrypt any information generated, transmitted, received or stored in any computer.” The agencies include the CBI, Enforcement Directorate, National Investigation Agency and more of the like. Under the pretext of ensuring “internal security” these central agencies have the authority to not just see what you are doing online, but also to directly snoop into your computer and laptop and access all the files in it. Your childhood photographs, the ridiculous videos you took in college, your half written novel manuscript, even my nuclear data that I have encrypted in my laptop is not safe anymore. On top of this the subscriber, service provider or any person in charge of the computer resource will be bound to extend all facilities and technical assistance to the agencies. If they fail to do so, they could be penalised with imprisonment up to seven years and/or a hefty fine.
Though the BJP led Government has clarified that this provision previously existed (since 2009) and that all this new ruling does is mention which agencies have been bestowed with this power, it is unprecedented to give 10 agencies the authority to monitor this kind of information. Nonetheless, whether the ruling is being renewed or whether it is something new being brought into effect, it all sounds a bit Orwellian to me.
The Government justifies this mandate by bringing up tracking and monitoring the digital presence of the Islamic State in India. Valid as the reason might be, where do you differentiate between surveillance for safety and surveillance for control. How much of surveillance is just right ? How can we ensure that transparency still prevails and powers are not abused. The monitoring and inspection by any of these bodies needs to be approved by the Union Home Secretary, who being an inner member of the Government circle, makes it seem as though we are running out of sufficient checks and balances.
I don’t intend to get into the possible ramifications of a right wing government amassing such powers, such as whether the Modi Government is building his very own Cambridge Analytica right before the 2019 elections. But it doesn’t help to ignore that intuition since the long awaited Personal Data Protection Bill, 2018 will by all likelihood be introduced to the parliament floor only after this year’s general elections. The bill having been drafted over the past couple of years, intends to give the power back to the citizens and internet users. We shall be able to decide for what our personal data can be used as well as authority to withdraw consent at any time.
As I write this piece, I am well aware that in the near future Medium might be forced by the central government to take it down from the Internet. Last December, the Government introduced a new set of rules that would compel social media platforms to remove unlawful content which is defined as anything that affects the “sovereignty and integrity of India” or that violates “decency or morality”. The content will have to be taken down within a span of 24 hours. The rules don’t stop there. The Internet companies would be compelled to provide information about the creators and the sharers of this offensive content within 72 hours. Though in the era of fake news this seems to be a handy tool, but there seems to be distinction between national security and that of the ruling party using it to target their critics that is not being addressed. The rules don’t seem to mention any oversights to prevent abuse by the ruling party. If the new rules are implemented the ruling party, under the disguise of an investigation would be able to gather information about individuals who maybe putting up posts that are critical against them.
There has been strong push back by the social media giants to fight these rules quoting misuse of these rules to crack down on dissent, as well as the impact these rules can have on how these platforms are governed. Currently twitter is sort of a digital war ground between the BJP and the Congress. Handles upload posts trolling senior officials from each party every day. They post memes about each other ad make outrageously abusive comments. Giving the BJP led ruling party that kind of power, might just help them tip the scales in their favour. It could be a way of externally wiring bias into another wise neutral platform. It can be treated akin to giving a speakerphone to the BJP while muting the voices of everyone else, infringing not just on privacy, but on the freedom of expression as well.
In a landmark judgement in August 2017, the Supreme Court had ruled that “privacy is a fundamental right, though it is not absolute”. So far the present Government in India has treated privacy as nothing but an absolute joke.
