Rediff.com« Back to articlePrint this article

Privacy in the Dock

August 24, 2017 08:26 IST

'No government will forego the usage of data of this order and nor will any private concern.'
'Unless, of course, there are strong safeguards to privacy.'
'Which is why that nine-member Supreme Court bench could make or mar everybody's future,' says Devangshu Datta.
Illustration: Uttam Ghosh/Rediff.com

Illustration: Uttam Ghosh

PayTM wants to enter the instant messenger space.

WhatsApp wishes to become an online payment centre.

These ambitions are understandable because Chinese giant WeChat offers both these facilities.

Consider the privacy implications.

What does PayTM know about its users?

It has details about their financial profiles.

It has links to bank accounts and to debit cards and credit cards.

It knows phone numbers.

If the user does a KYC, PayTM has the Aadhaar details as well.

PayTM can therefore infer a great deal about consumption patterns.

Now, what does WhatsApp know its users' profiles?

It knows the users' phone numbers; it knows their locations.

It knows how much data the user moves around.

It knows who the user connects with, although end-to-end encryption means that it may not know the contents of conversations.

If the Web version of WhatsApp is used, it has a sense of the user's other hardware, internet service provider, etc.

Now assume that PayTM becomes a social messaging service and WhatsApp becomes a digital payment centre.

Both service providers will then know most of these details. They will be able to make pretty good guesses as to the lifestyles of users, by tying together financial profiles, consumption patterns, travel plans, friends and acquaintances, and hobbies.

If either service bothers to do digital searches on their users, and there's no reason why they wouldn't, they might discover a great deal more.

Facebook accounts, LinkedIn profiles, Twitter handles, personal blogs, etc would also turn up.

If both services scrape cellphones for data regarding conventional phones calls and SMS, they might be able to build an even more complete profile.

Most people's occupations and hobbies can also be stitched together from information that is publicly available on the Web.

Quite often, people keep digital copies of tax returns, passport scans, driving licence scans, PAN, etc, on their phones and they often transmit such data via messaging services as well.

A social-media messaging service plus payment centre would be able to build a near-360-degree profile of each of its individual users.

Now, a private service cannot legally hold biometric information pertaining to the Aadhaar, but, of course, there is little to prevent a rogue employee from rigging up a system to capture and retain biometric data when KYC authentication is done.

There are already private databases in the hands of banks and telecom service providers with hundreds of millions of accounts seeded with Aadhaar cards.

The government can do this sort of data gathering legally and it is trying to make the job of 360-degree profiling easier for itself by forcing everybody to link everything they do mandatorily to Aadhaar.

It can also easily add a couple of elements, such as political affiliations.

It is easy enough with the electronic voting machine system to figure out the political affiliations of wards and match that more or less reasonably well to voter data (which are publicly available).

Add the sort of detail that this data mining gives you and the government of the day knows everything that it chooses to about every voter.

This gives the government of the day the ability to explicitly target voters, perhaps even to profile 17 year olds who will be voters.

That targeting can consist of directed campaigns that pull in the sympathetic, using social media and digital outreach.

It can also consist of harassment and outright intimidation to ensure that the unsympathetic don't vote.

What recourse does an individual have if s/he wishes to retain some privacy? None.

Exiting the banking system is not possible and neither is it possible for a normal person to avoid using cellphones and digital payments.

If Aadhaar is linked to everything and used as a primary means of authentication, then everybody's life is an open book.

No government will willingly forego the usage of data of this order and nor will any private concern.

Unless, of course, there are strong safeguards to privacy. Which is why that nine-member Supreme Court bench could make or mar everybody's future.

Devangshu Datta
Source: source image