The Bharatiya Janata Party-run government and other supporters of the Aadhaar project seem to have taken the recent Facebook-Cambridge Analytica revelations as an opportunity rather than a warning sign. The controversy, which involves the Facebook user data of more than 50 million people being used by the political consulting firm to create strategies for Donald Trump’s election campaign in the US, stands as proof that Aadhaar is the least of our data protection troubles, they claim. The real danger, as far as these people are concerned, lies elsewhere.
“Forget Aadhaar, Facebook threat real,” said the headline to one column by Sunil Jain in the Financial Express. Another piece in the Pioneer says there is “collective hypocrisy” from those who have misgivings about Aadhaar but have not spoken up about the danger posed by social networks. “We are outraging over Aadhaar and its threats to privacy, when the GAFA foursome knows the colour of our underpants,” writes R Jagannathan in Swarajya, referring to Google, Amazon, Facebook and Apple.
The government may not have drawn the connection explicitly, but it was impossible not to compare the two when IT Minister Ravi Shankar Prasad was wagging his finger at Facebook founder Mark Zuckerberg on the same day that Attorney General KK Venugopal told the Supreme Court that Aadhaar data was safe because it sat behind tall, thick walls. On Sunday, Tourism Minister KJ Alphons offered up a different variant of this, saying Indians have no problem “getting naked” for the white man, but claim that their privacy has been breached when asked to give their fingerprints to their government.
Question of consent
There is one obvious response to this false comparison: consent. For whatever it is worth, Facebook, and others like Google and Amazon, are voluntary services, which an individual may choose to engage with and provide their data to. Aadhaar was supposed to be voluntary too, but this government has made it mandatory not just to have a Unique Identity number but also link it with a huge number of services.
This means that the government can make it impossible for Indians to get services that they are due without Aadhaar, whether those are food rations, their provident fund accounts or a phone connection. Being off Facebook does not take away any of anyone’s rights or access to public services. At a basic level, Facebook cannot influence the relationship between Indians and the government. Aadhaar seeks to define that relationship.
But in some ways that response alone is not adequate.
For one, optional services like Facebook and Google are so large at this point that many see them almost as utilities. They may not be mandatory, but vast swathes of those who are online can be expected to have interacted with either Google or Facebook at some point. Attempting to stay away from either seems nearly impossible. So it might be disingenuous to rely too much on the consent argument.
Linking to other services
That said, the pro-Aadhaar argument rests on the belief that Facebook and Google scoop up as much information about individuals as they possible can. The services want to look at users’ photos, know whom they talk to, gauge their political views and spy on everything they read, listen to and watch. Aadhaar, per this view, simply collects names, addresses, a few more demographic details, and biometrics. How could that be dangerous?
The answer is linking. Aadhaar is built on providing each resident a single 12-digit number that serves as their ID. This number is then seeded across multiple databases, from the public distribution system to schools and colleges to utility corporations. Many private companies, from banks to telecom service providers to insurance agencies also collect Aadhaar numbers now, in a manner that could help them build customer profile databases that could have serious implications for everything from what prices or interest rates Indians are quoted to whether they can get insurance and be admitted at a hospital. In effect, UIDAI itself may have collected only some information for each individual, but the ability to track individuals across multiple databases is what makes the Aadhaar project as disturbing as Facebook and Google.
Most importantly, this is not a binary discussion. Facebook and Google are not pitted against each other in a zero-sum contest to see which one can collect and store more information about Indians. The two can easily end up being used together and the combination of data controlled by all of these entities would be even more disturbing from a privacy angle. Apple’s recent decision to host iCloud services in China have raised concerns about an authoritarian government forcing private services to hand over their data.
The Cambridge Analytica scandal is no balm, allowing us to be sanguine about Aadhaar fears as being a lesser evil than the bigger data breaches abroad. Instead, they should both serve as deafening alarm bells that tell us how being able to protect our data from the prying eyes, either of private companies or the government, is one of the most important issues of our times. India is currently in the process of trying to figure out a data protection regulatory regime. If anything, rather than trying to compare the two scandals, citizens should be using the fears about Cambridge Analytica and Aadhaar to push for data protection rules that are as strong, clear cut and transparent as possible.