This essentially means that the government can ask any bank, public or private, to hand over data of its customers, in violation of the secrecy and confidentiality clauses that they may have signed with their customers. The statement comes in the face of the banks’ documented unwillingness to share any data with the government without legislative safeguards.
This is the not the first attempt by the government to access databases held by banks without a proper legislative framework. In October 2010, when the United Progressive Alliance-II government was in power, senior officials from NATGRID held a meeting with the Reserve Bank of India and several other private and public sector banks seeking to create protocols that would allow them to access their data.
This presentation was followed by a meeting in December to find ways in which the data could be accessed by the government. In the meeting, attended by 40 officials from the RBI and all the major public and private sector banks, NATGRID received an unequivocal refusal to share any data in the absence of a suitable law.
The minutes of the meeting, accessed by Venkatesh Nayak, who heads the transparency initiative of the non-profit Commonwealth Human Rights Initiative, clearly record the bankers refusing to share any data without a law. The bankers were “informed about the request of the government of India asking banks to provide information like name, address, and account number to NATGRID,” according to the minutes. But the “banks opined that such sharing may not be possible given the extant of customer confidentiality clause and the possibility of fraud”.
The bankers went a step further to suggest to the government that the only way they could share the data would be through a specific law that allowed them to do so. “However, in case of any specific legislation for providing the information passed, banks would comply with the provisions,” the banks stated.
So how did this position change four years later?
The threat of terror
In the aftermath of the attack on Mumbai by Pakistani terrorists on 26/11, the government was keen to improve its ability to track any potential threat as quickly as possible. The ministry of home affairs under P Chidambaram came up with the idea of NATGRID, an agency that could link 22 available databases to ensure that the government had the capability to start tracking suspicious dealings in real time. The idea for NATGRID came up when the government learnt about the several trips to India by a Pakistani-American working for the Lashkar-e-Toiba.
David Coleman Headley, who was of Pakistani origin, had become influenced by the LeT over several years surveying potential targets for the terrorist outfit. All his trips were cleared by Indian agencies and no one noticed his frequent trips to Pakistan. In hindsight, these should have set alarm bells ringing. Instead, the Indian consulate in Chicago kept issuing Headley visas without realising that it was helping a potential threat to India.
NATGRID began very well, and within a couple of months had a detailed project report ready. Prepared by some of the brightest minds from the private sector and government officials, NATGRID was to be the key big data analyser for the government. At the same time, those chosen to head the NATGRID also insisted that it would ensure strict privacy safeguards for citizens before allowing security agencies to tap into sensitive data. It also created a complex architecture that had enough safety protocols to dissuade any agency from accessing data that could be misused for purposes other than countering terrorism.
Emerging concerns
However, NATGRID began to meet with fierce resistance from various quarters, both within and outside the government for two very different reasons. First, it received resistance from the Intelligence Bureau because it would restrict the easy access to sensitive data that the agency had. Second, for privacy advocates, NATGRID was the nightmare that most democratic societies feared.
“Such linking of data can prove disastrous to any democracy and its citizens,” Usha Ramanathan, a senior law researcher with the Centre for the Study of Developing Societies, told me a few years ago. By then Ramanathan had become probably the strongest advocate for privacy in India, horrified by the United Progressive Alliance government’s determination to make citizens more and more vulnerable to the state.
“It changes the power balance between the state and citizens,” she argued. “If citizens become so transparent to the state, then there is great danger to its democratic tenets, as Nazi Germany discovered. What complicates this issue is that the state, on the other hand, is becoming more opaque and we have no idea what they are doing. That is a very real danger.”
Opaque state
Almost on cue, on June 9, 2011, the UPA government ensured that NATGRID was no longer under the ambit of the Right to Information Act, India’s sole transparency law. Through an amendment the government ensured that NATGRID was included in the list of intelligence and security agencies that were already exempt from the RTI. Ironically, this happened despite opposition from within NATGRID, which was keen to remain under the transparency law. Even though NATGRID was neither a security nor an intelligence agency, it was no longer answerable to citizens.
The fact that NATGRID is not an intelligence agency has been reiterated by the minister of state Haribhai Chaudhary in his statement to the Lok Sabha on March 10. “The NATGRID and Unique Identification Authority of India have not been declared as intelligence agencies,” Chaudhry said.
Instead, the statement continued, “as per Cabinet Committee on Security mandate, the information or data relating to the financial sector has to be obtained by NATGRID through the financial intelligence unit. A nodal officer has already been appointed by the FIU to have interaction with NATGRID.” Chaudhry also pointed out that the Supreme Court was already hearing a petition seeking oversight for intelligence agencies. Ironically, this does not cover agencies like NATGRID, as the minster pointed out.
“There is a major debate within the government right now,” a senior home ministry official told me on the condition of anonymity, since he is not allowed to speak to the media. “Many feel that there must be ironclad safeguards to protect the privacy of citizens from an intrusive state. But there are others who feel that if citizens are not doing anything wrong, why should they shy away from revealing their information?”
In response to a detailed questionnaire, the home ministry said, “The government has not finalised any mechanism to share bank customers’ information with NATGRID. Given the mandate of NATGRID, from a security and counter-terrorism point of view, it falls under the category of security organisations, and is accordingly placed under the second schedule of the RTI Act. It is, however, not an intelligence agency."
Right to privacy
The argument that if citizens don’t have anything to hide, they shouldn’t mind an intrusive state has already been comprehensively discarded by democracies across the world. Privacy is now considered a fundamental right and an important democratic safeguard.
Framed in July 2013, the ‘International principles on the application of human rights to communications surveillance’ were introduced at the 24th session of the UN Human Rights Council. The principles found wide support. They seek to create a framework that ensures that citizens can be placed under surveillance only when absolutely necessary. Their data would remain private and only exceptional circumstances could allow governments to access this data. It also stated unequivocally that surveillance must be proportionate to the necessity of the situation.
“Without our limited big data analysis capabilities, it makes sense to have such an approach to surveillance,” a senior intelligence official told me recently. “We are always looking for the proverbial needle in a haystack. Does it make sense to keep increasing the haystack then?”
But this view is shared by only a tiny minority within the Indian intelligence community. At the moment, Indian citizens lack any protection from intrusion from the state. A privacy bill draft has been pending for over four years now.
“Post-Independence, once the constitution was framed, we had fundamental rights. These days we only have fundamental restrictions and our rights have long been forgotten,” said Ramanathan. “The dangers of an intrusive state is very real and history has borne witness to its horrors several time.”