Anna Funder, in Stasiland, her remarkable account of the most sophisticated surveillance system of all time in East Germany, recounts the extent to which the State sought to identify and know its citizens. By enrolling one in seven citizens in a spiralling web of informers the Stasi accumulated vast amounts of private information on all its citizens. The cold damp rooms in the "Runde Ecke" office of the Leipzig district unit of the Stasi, now converted into a museum, remind us of the devious use of technology, methods of social surveillance and the political and military mechanisms employed by the Stasi. In one remarkable case, a 17-year-old boy, who failed to produce his identity card, was branded "provocateur", placed under periodic surveillance and was denied a place at university or opportunities to advance his career. The Stasi had amassed a 400-page file on this provocateur's life. Despite these excesses the Stasi failed to anticipate the fall of the Berlin Wall and the end of communism in East Germany.
Closer home, the Niira Radia tapes webcast by several websites in the last fortnight has resulted in an explosion of comment and criticism in cyberspace. The casual eloquence of the conversations and the uninterrupted clarity of the recordings have mesmerised the general public with the power of surveillance technology. It is reported that the tapes were secured by the National Technical Research Organisation, a non-statutory body at the behest of the Income Tax Department. While the legal framework governing this operation is presently unclear, the belligerent mood cloaks these operations with the veneer of public approval. These tapes are a small portion of the recordings made by the NTRO.
The Unique ID project — appropriately titled Aadhaar — will provide a new ominous technological foundation for surveillance in India. Surveillance is defined as the close observation of a person or group without their knowledge. The use of a biometrically based identifier will provide an individuated node that will hereafter anchor the surveillance matrix. The UID will allow authorities to track, collate and organise data on the physical movement, data exchanges, phone conversations and other commercial and legal transactions for which the UID is used. The proliferation of a wide range of uses for the UID in the state and private sector will spawn a large number of secondary databases apart from the UID master database which will multiply surveillance possibilities manifold.
In Singapore, the National Registration Identity Card (NRIC), initiated in the 1960s, is integrated with almost every citizen state interaction — passports, voter registration, driving licences, state library system, public transport cards, car registrations, tax payer identification and property transactions. Further, the adoption of the NRIC by the private sector means that it is the default mechanism through which one books a haircut, carries out banking transactions or purchases insurance. The everyday life of the NRIC is busy and growing in the absence of strong regulation by the National Registration Act 1965 and the rules and regulations made under it or a general privacy law.
India seeks to rapidly roll out the UID programme in a legal environment that is roughly analogous to that in Singapore. While the UID will not issue a card, the draft UID legislation formally allows authorities to access the official UID database and usage data with high level authorisation. However, if the informal (and often illegal) modalities adopted for telephone tapping are any indication, state authorities will have a relatively unhindered access to this database. Secondly, there is scanty regulation of private sector use of the UID number as a tracking device to establish and follow customer usage. The introduction of a fee for authentication by the UID authority establishes incentives for the authority to promote extensive usage by the private sector. If the extensive dissemination of mobile phone data to telemarketers by mobile phone companies is any indication, there will be a vibrant market for secondary data linked to the UID card.
The Department of Personnel and Training has published an Approach Paper on Data Protection, Security and Privacy earlier this year. This initiative may develop into the legal framework that binds the private and public sectors to minimal standards of protection of citizen liberties. However, it is too early to predict the scope and strength of this proposed legal regime. It does not help that the constitutional protection of privacy stands on a weak footing and it is not a value that ranks highly in our historical and cultural inheritance.
The rapid deployment of new technologies of identification and surveillance in India the second decade of the 21st century raises serious concerns for the protection of liberty and privacy in India. The East German Stasiland experience and the ubiquitous Singaporean NRIC alert us to the two primary drivers of a surveillance regime: the state and the market. In India ordinary citizens are at risk from both fronts and it is critical that we articulate and translate into policy a well conceived normative framework that governs this arena. The German Constitutional Court has developed a concept of informational autonomy, whereby it protects every person's right to control their private information by requiring their informed consent at three key stages: access, storage and use. The German court's emphasis on privacy draws on the experience of the Third Reich and Stasiland. By embedding India's freshly minted legal regimes with the norm of information autonomy we can insulate ourselves from these terrifying possibilities.