Issues Concerning the Mass Surveillance of Indian Public based on the
proposed DNA Bill
In the 21st century, concerns regarding mass surveillance have become a hot
topic for discussion in academia and especially in the sphere of law. The idea
of mass surveillance is favored by the majority of the governments worldwide
because they claim that it would help them in ensuring better national security.
On the contrary, there is a stiff opposition against this because it violates
the privacy of individuals.
These are the broad binaries related to mass
surveillance. I will get into the legal aspects of privacy in the later part of
the paper. India is a liberal democracy which has never been associated with a
major governmental snooping on its public, until recent times where Cambridge Analytica was alleged to help in determining some election results.[1] Since
India is a third world country with lesser a lesser number of educated citizens
as compared to the west, the notion of data breach is still not perceived as a
big threat. For the same reason, there is no specific legislation regarding the
protection of privacy of an Indian citizen other than a Supreme Court judgment.
Even though the idea of privacy is a relatively new concept to an otherwise
communitarian world, UDHR Article 12 says that every human being by virtue of
birth deserves privacy.[2]
In the first part of the paper, I would discuss the
possible adverse outcomes of the Human DNA Profiling Bill of 2015 [hereinafter
referred as
the bill] which recommends the establishment of a DNA Profiling
Board and a DNA data bank. In the second part of the paper, we would analyze the
normative aspect of privacy and the security related issues of the bill in a
comparison to the Aadhar issue which came into the limelight recently. I would
also briefly explain the government narrative of the necessity for mass
surveillance.
In this age of technological advancements collection and storage of information
has become very easy. With CCTV cameras, GPS and other similar gadgets, the
world could be easily monitored. There are obvious advantages to this but like
most of the technological advancements, the possibility of misuse is a serious
threat to the data stored. We have seen a lot of villainous characters in Bond
movies who threatened the world with hacking into the governmental servers of
the west. Even though those were matters of fiction, when whistle blowers like
Edward Snowden and Julian Assange came up with information which was supposed to
be really secure, the world realized the potential danger of cyber-crimes.[3] We
are not discussing whether the act of Assange or Snowden was bonafide or
ethically correct or morally defensible. Even though their acts exposed a lot of
scary realities of world politics, the fact that even the most secured firewalls
could be hacked into is the security scare I am pointing at.
Especially when the
cyber security infrastructure of India is nowhere close to that of the west, we
might face some severe security breaches. In case of Aadhar we have already
witnessed a data breach despite UIDAIs claim that the servers are
secure.[4] However, UIDAI denied this allegation probably because they think
that the Indian populace would not really bother about making this an issue and
we may have to agree with their guess because there were no debates in
parliament about this or any sort of public reaction. We also had a recent hack
in the home ministry and the Supreme Court website which shows the lack of
security and preparation in case of a cyber-attack.[5] So, even in case of the
DNA databank which is promulgated in the bill, the security system is not
explained.
Now we will analyze the role of Indian judiciary in the matters related to
privacy. Even with the 70 years of jurisprudence, the Supreme Court was never
faced with the question of privacy in case of personal data until recently. It
is true that the court has given a plethora of judgments about individual
liberty and right to life with dignity under Article 21 of the constitution but
data privacy is the first of its kind in the Supreme Court.
The Aadhar related
issues are in front of the constitutional bench of the Supreme Court and the
matter is sub-judice. So, we cannot really delve more into that. Supreme Court
has already considered right to privacy as a fundamental right in
Justice K S Puttuswamy V Union of India and will decide whether Aadhar is in consonance with
that judgment.[6] We can only hope that the court considers all the aspects of
Aadhar including the security issues and deliver the verdict upholding the
constitutional values. Similar to Aadhar it is highly likely that in a scenario
in which this bill becomes a law, the constitutional validity would be
questioned in the Supreme Court again. Ultimately, we will have to wait for the
parliamentary process and the judicial process before facing the effects of this
law in our lives.
The suggestion for the bill traces back to 2003. In 2007, the DNA Profiling
Advisory Committee was appointed by the Department of Biotechnology (DBT) under
the Ministry of Science & Technology. Since its inception, the committee has
been working on the bill till 2013 when a committee of experts was formed to
finalize the bill. By the end of January 2015, the reviewed document was on its
course to the Legislative Department of the Ministry of Law & Justice.[7] In DBT
Secretary K. Vijay Raghavans estimation, the department is done and dusted with
the Bill and has submitted it for the authorization.[8]
As we all know, in
India, DNA testing is used in criminal law as a mandatory provision and as a
matter of choice in the civil law. The bill will bring under a statute, every
activity concerning the analyzing, storing and matching of DNA profiles. As
mentioned earlier, a central DNA Profiling Board will be set up along with a DNA
Data Bank. The board will act as the supervisory body, and oversee all
activities relating to testing, storage and matching of DNA samples while the
data bank would store the information. The bill also suggests state wise
establishments of boards and banks. Both the existing as well as new DNA labs
would be mandated to seek official approval from the Board. All provincial or
state-level data banks would be legally bound to share the informatory materials
with the central bank.
The bill in its present arrangement neither reprimands the databank from holding
defining personal information nor does it recognize that likelihood. The
individual whose profile is under inspection should be able to know how the data
stored is being used and why, and to determine its obliteration when due.
The
bill does not have a provision for informing the person or police or court even
if the persons DNA is tainted, lost or embezzled. In my opinion based on my
limited legal knowledge there is going to be a possible civil contempt charge
because there is no provision for informing the individuals when there are
modifications in what way their DNA is going to be retrieved, or if the way
their DNA is being deposited or used is altered. This is against the right to
know about contents which was well established in
Ozair Husain vs Union of
India.[9]
Moreover, there are no specifications regarding the situations in
which the doctors or the police have an access to the DNA profiles. The DNA
Profiling Board has given itself suo moto powers in selecting the DNA profiles
which enter the databank. Additionally, the powers extend to who has access to
them, and how the databank will be organized and retained. This is in effect
instituting a reduced quality check on itself. The board is not an elected body
by the people and it is not a constitutional body but it has self-given powers
which is against the idea of a representative democracy.
There exists an Ex post facto repercussion when we analyze section 13 which
states that any laboratory that needs to commence human DNA-profiling need to
get aforementioned permission from the board. However, Section 14(2) authorizes
any DNA laboratory that is in existence at the time the bill is legislated to
execute human DNA profiling despite having no prior authorization from the
board.
There exists an unnecessary limitation period without any rationale
because anybody who has been aggrieved by any of the provisions of the bill can
approach a court only if the concerned individual approaches the board initially
and provides it three months to act on that grievance. In those three months or,
Section 57(1) of the bill stops the complainant from approaching the judiciary
unless it is the central government or a member of the board itself.
This could
violate various provisions of CrPC as well as hinders the writ jurisdiction of
apex courts under articles 32 and 226 of the Indian constitution.[10] Moreover,
there is nothing prescribed for the profiles of missing individuals who might be
identified and other profiles that are likely to be collected at crime scenes.
Additionally there is no rationale offered for holding the profiles of those who
are imprisoned for crimes like rape or murder despite them ending up spending a
time in the prison.
These are a couple of legal and security related issues pertaining to the bill
at this point of time. Since the privacy judgment is going to be applicable it
would be under more scrutiny as well. However, the committee is working on it to
make it a foolproof one. As mentioned before, the Supreme Court of India is the
last chance of scrutiny for this bill. The present union government has more
than enough mandate in both the houses of parliament to pass this bill without
any resistance from the opposition. At this stage, the only scope of addressing
the grievances is the judicial intervention which is most likely to happen just
like the case of Aadhar.
Now we would be dealing with the definition of privacy, social efficiency of the
mass surveillance programs and delving deeper into the evolution of privacy as a
concept. This would be based on an analysis of the efficiency of some Indian
governmental programs which is claimed to have improved after making Aadhar
mandatory.
There are different perspectives to privacy. In the Indian scenario, the
definition and the scope of the right as what certainly it implies privacy is
yet to evolve through upcoming judicial pronouncements and parliamentary
legislations. Most of the educated people say that they value their privacy.
However, when they are offered the opportunity to trade private, personal
information for immediate but minor benefits such as access to a website, they
routinely do so. Young people appear to value privacy even less, constantly
uploading revealing material about themselves and others to widely-accessible
social media sites like Facebook, Twitter and other web portals asking for
user-credentials.
This conundrum has been termed as the
privacy paradox by Mr.
Gordon Hull who is an associate professor of UNC Charlotte.[11] Hence, there are
variations from person-to-person that how they perceive the right to privacy and
how much sensitive they must be about their privacy beyond being regarded as a
normative right. The matter must be left for legislations and judgments as they
are the lawmakers and law interpreters. However, the threats of a mandatory mass
surveillance must be kept in mind and ultimately the individual should have the
discretion.
On 24th August 2017, a nine-judge bench of the Supreme Court, headed by Chief
Justice JS Khehar, has ruled that the Right to Privacy is a fundamental right
for its citizens and no legislation passed by the government can violate it.
The
bench over-ruled the decision passed in MP Sharma as well as in Kharak Singh
which held that the Right to Privacy is not protected by the Constitution of
India. Hence, the bench defined privacy based on an individuals dignity. This
newly propounded right has been conferred to an Indian citizen as an intrinsic
part of the right to personal liberty under article 21 and as a part of freedom
guaranteed by part III of the constitution.[12]
Since we have already discussed about the DNA bill before, we would focus on
UIDAI in this part. With the help of, The UIDAI Project and Welfare Schemes
the author Ms. Reetika Khera has critically analyzed two of the most important
and old government schemes: PDS (Public Distribution System) for food rationing
among the registered household and MGNREGA or the bundle of schemes dealing with
the Right to Work. She analyzed the credibility of UIDAI program and its
feasibility of claims that being promised by the UIDAI project.[13]
The Unique Identification (UIDAI) project was a flagship project of the United
Progressive Alliance (UPA-II) government. The Unique Identification Authority of
India's (UIDAI) ambitious plan of issuing a unique biometric- enabled number,
innocuously called "Aadhaar", to every Indian resident has also begun to
generate a debate on citizen-state relations, privacy, financial implications,
and operational practicalities.[14]
However, it is the credibility of the UIDAIs claims in the field of social
policy, particularly the National Rural Employment Guarantee Act (NREGA) and
public distribution system (PDS). Several claims (
the project possesses the
power to eliminate financial exclusion, enhance accessibility, and uplift living
standards for the majority poor) have been made by the UIDAI, but have not been
carefully analyzed. As Ms. Khera has asserted in her paper, that the claim of
controlling corruption through the UIDAI is made on the premise that payments of
NREGA wages, the main source of embezzlement was by fudging attendance record-
by either adding name of people who had not worked or inflating the attendance
of those who had worked.[15] Payment of wages through banks and post- offices
has made corruption quite difficult.
According to her there are three potential
ways of corruption - Extortion, collusion and deception. Extortion means that
when inflated wages are withdrawn by the laborer; the middleman turns
extortionist and takes his share from him or her. Collusion means that the
laborer and the middleman share agree to share the inflated wages that are
credited to the laborers account. Deception means that the middleman opens and
operate account on behalf of laborers, withdraw the inflated wages from these
bank accounts, pay workers their due in cash and pocket the difference.
To
counter these methods, Biometric-enabled UIDAI to authenticate identity can help
to prevent deception, but not effective in preventing collusion and extortion.
Despite these claims being a true portrayal of the reality in India, the
solution offered is perplexing. Similar claims are made with respect to the PDS
(Public Distribution System). For instance, the UIDAI often claims that the
project will improve access to government benefits because they do not have the
required identity proof.
To this claim, she has critically asserted that this
claim is based upon incorrect diagnosis of why people are excluded from
government schemes.[16] She further asserted that reason behind such
non-implementation of government programs are due to two reasons: One being the
poor coverage related to low allocations for these programs and two being the
misclassification of people.
For example, the scheme of BPL (below poverty line)
when schemes are targeted, benefits are conditional upon being classified, and
selection of these BPL families is based on a census which is conceptually
flawed and poorly implemented. And has often fallen into identity fraud and
misclassification of household. Hence, the UIDAI scheme is promising as giving
biometric identity to individuals will marginalize to some extent. Further she
asserted that what the UIDAI cannot or is elimination of Bogus cards.
(Khera,2011)
She describes three kinds of cards that are existing in the PDS system.
A) Ghost cards, i.e., where cards exist in the name non-existent or deceased
persons.
B)
Duplicates where one person or household, entitled to one card,
manages to get more through unfair means;
C)
misclassified cards, when ineligible
persons, household claims benefits.[17] The question arises, that what amount of
such cards are bogus or duplicated. Hence, the Government has no accurate data
to replace such cards effectively with Aadhaar cards.
Lastly, she concluded that getting enrolled in the Aadhaar database and being
given a number carries no welfare benefits. Having an Aadhaar number does not
eliminate the need to apply for a bank account, or a ration card or a job card
(required to be eligible for work under NREGA schemes). Therefore, the Id, does
not replace other existing number of Ids.[18] And, it can only serve as a valid
form of identity in the same way that a driver's license or passport currently
do.
Hence, the UIDAI project is among several technological innovations. And though
its claim promises that it will bring efficiency in implementation of public
services, but the existing corrupt-policy implementing institution is bringing
down the claims and vision of the project.
Conclusion
There is always a conflict between privacy of an individual and the national
security based on public interests. The idea of giving up certain liberties in
return for social security has been the basis of every modern nation state which
is democratic in nature. It is agreeable that the reduction of any sort of
security threat on a nation is superior to the privacy of an individual.
However, national security should not be used as a political gimmick to extract
information from individuals and given to private actors who may reap benefits
out of it. The risks should be mitigated, and it is the responsibility of the
government to ensure the confidentiality as well as the security of information
regarding the citizens of the country. If the elected government fails to do so
or for worse ends up colluding with private actors and resulting in jeopardizing
the privacy of individuals, then the last legal measure would be the judiciary.
End-Notes
[1] https://www.nytimes.com/2018/03/19/technology/facebook-cambridge-analytica-explained.html
[2]http://www.un.org/en/universal-declaration-human-rights/
[3] https://www.theguardian.com/commentisfree/2013/sep/03/snowden-manning-assange-new-heroes
[4] https://thewire.in/government/data-breach-aadhaar-details-grabs-just-rs-500
[5] https://www.indiatvnews.com/internet/news-was-supreme-court-website-attacked-by-brazilian-hackers-438350
[6] (2015) 8 SCC 735
[7] https://timesofindia.indiatimes.com/topic/DNA-Profiling-Bill
[8] https://blog.ipleaders.in/human-dna-profiling-bill-india/
[9] AIR 2003 Delhi 103
[10] https://www.financialexpress.com/archive/writ-jurisdiction-of-high-courts/53998/
[11] Successful Failure: What Foucault can Teach Us about Privacy
Self-Management in a World of Facebook and Big Data
Gordon Hull, UNC Charlotte /
[email protected]
[12] (2017) 8 SCC 735
[13] The UID Project and Welfare Schemes\Author(s): REETIKA KHERA\Source:
Economic and Political Weekly, Vol. 46, No. 9 (FEBRUARY 26-MARCH 4, 2011),
pp.38-43\Published by: Economic and Political Weekly
[14] ibid
[15] ibid
[16] The UID Project and Welfare Schemes\Author(s): REETIKA KHERA\Source:
Economic and Political Weekly, Vol. 46, No. 9 (FEBRUARY 26-MARCH 4, 2011),
pp.48-53\Published by: Economic and Political Weekly
[17] ibid
[18] “there are 75 million homeless people in the country and a lot of nomadic
people – all of them dont have Id. We think UIDAI will enhance their access to
public services (chairperson Nilekani in Indian Express 2009).
Please Drop Your Comments