Union Home Minister Amit Shah’s recent statement proposing a single, multipurpose national identity card (MNIC) containing the details of the cardholder’s passport, bank account, Aadhaar, driving license, and voting card based on the 2021 ‘digital’ census data hasopened up a pandora’s box of issues surrounding data handling by the state and the privacy of citizens.
The sheer scale of the identity consolidation envisioned by Shah in the card, a proposal very similar to the Multipurpose National Identity Card (MPNIC) recommended to the Vajpayee government in 2001 by an empowered Group of Ministers (eGOM), will have profound implications for the relationship between citizens and the Indian state.
The card certainly has its merits in terms of convenience for citizens to verify identity, access state services such as subsidies, financial transfers and ease of mobility without resorting to a cumbersome multiplicity of traditional documents such as birth certificates, drivers license, voter ID, passport etc. Further, if the earlier MPNIC proposal is reprised, non-citizens could be issued identity cards of a different design and color, to also enable them to access key state services, along the lines of the Social Security Number (SSN) system in the US.
However, those merits need to be carefully weighed against a host of potential problems with strong implications for India’s democracy, privacy of citizens and the ability of the state to access unprecedented amounts of citizen data. Unless a thorough, multidimensional debate is carried out, the creation of a national level multipurpose identity card system risks becoming a victim of the policy of unintended consequences.
An important consideration in this regard is the feasibility of the MNIC and the state’s ability to create, what amounts to a countrywide National Register of Indian Citizens (NRIC). The NRIC creation will be much larger and data-intensive than the recently concluded NRC in Assam, and will reign in chaos and controversy. In a country where significant sections of the population still don’t have foundational identity documents such as a birth certificate and proof of lineage, the MNIC will require vast state resources and will pose a formidable challenge at the operational and logistical levels while also being challenged in the courts.
The hitherto sparsely regulated yet vital domain of individual privacy in India has recently witnessed the emergence of an enabling legal and policy architecture, albeit with imperfections. The Supreme Court’s landmark judgment on 24 August 2017 set the stage with the right to privacy being identified as a fundamental right guaranteed by the Indian Constitution with consent being mandatory for the collection or distribution of personal data. It also ruled that, in the absence of consent from the data principal, a legitimate state goal in the broader public interest could allow the state to access data only in proportion to that goal.
The recent Data Protection Bill is progressive in terms of following the European Union’s stringent General Data Protection Regulation’s (GDPR) premise of declaring privacy as a fundamental right and requiring informed consent from the data principal for processing any personal data. However, the bill’s attempt to shore up privacy of Indian citizens is diluted by certain glaring exemptions which are particularly relevant for the multipurpose card issue. In particular, the exemption provided to the state to access data on national security grounds, ostensibly on behalf of the intelligence agencies who rely on data-analytics to spot threats to internal security, needs to also take into account the more recent policy proposals such as the MNIC. The incorporation of safeguards at various levels is vital to prevent state overreach, as was revealed in 2013 regarding the massive surveillance programs of US National Security Agency whose primary goal to intercept and analyze texts, calls and web-traffic to identify threats to US national security ended up overreaching into bulk collection of phone calls and texts of Americans.
India is currently in a particularly polarizing political phase and the consolidation of all the data of Indian citizens into a single card will open the door for potential state intrusion into the lives of individuals. The state may use it as a potential tool for surveillance on individuals that it announces as inimical to the national interest, but in reality may be legitimate political opponents. Given this potential for 360-degree surveillance, there is a need for embedding a neutral arbiter such as a court in the process used by the state’s coercive bureaucracies to obtain user data without consent.
Technical fixes- Consolidation and compartmentalization
At a technical level, the massive centralization of user data on the multipurpose card will create a ‘single-window’ system for the state to access a wide tranche of user data. The level of this access needs to be calibrated with the embedding of vertical and horizontal barriers across databases that require the state agency accessing the data to convincingly answer certain pre-designed questions that ascertain proportionality, prevent overreach and can be used as evidence later in a court of law.
A related issue is the risk of ‘state voyeurism’ since the centralization of data and the associated linkages may allow the state to access the entirety of a citizen’s data through a single database. For example, the National Investigative Agency (NIA) may get disproportionate access to data including not just a citizen’s identity details and financial transactions but also sensitive personal and professional data. Any consolidation of multiple data points on the multipurpose card must reckon with this risk and introduce mitigative measures at the technical level. In particular, access to private data by agencies should pass through some degree of judicial scrutiny.
At the broader political level, the powerful emerging paradigm of digital governance has increased the capacity of the state to monitor individuals via CCTV cameras at public places, monitor web-traffic and financial transactions. This has had positive implications for national and individual security but there also needs to be serious thought given to the long-term impacts of the growing digitalization of India’s governance for individual autonomy. The line between digital governance and Chinese-style, techno-authoritarianism is a thin one and there is significant risk of a digitally governed India tipping over into a digitally controlled one.
- Prof. Chaitanya Ravi, Assistant Professor – Public Policy.
- Prof. Shivakumar Jolad, Associate Professor – Public Policy.