27 March 2016

Why We Are Losing The War On Privacy; Aadhaar At Least Gives Us A Figleaf

http://swarajyamag.com/ideas/why-we-are-losing-the-war-on-privacy-aadhaar-at-least-gives-us-a-figleaf
R Jagannathan, March 22, 2016
We have lost the battle for privacy – both to government and private parties.
Big brothers will be watching over us now, and one can only hope our privacy will not be compromised to a level where it hurts us.
On the brighter side, the big brother may occasionally protect us from the jihadi suicide-bombers.
Whether we like it or not, citizens are steadily losing the battle for privacy. A brave Tim Cook, CEO of Apple, has said ‘no’ to the US Federal Bureau of Investigation’s request to take a peek at the encrypted iPhone used by a terrorist, Syed Farook, who killed 14 people in San Bernardino, California, and was himself killed in the shootout.
The case will be argued in court, and will, surely be appealed repeatedly till it reaches a conclusion in the highest court. The chances are Apple will ultimately lose the appeal, especially when terrorism has shown no signs of abating. Even if it wins, it would have won a battle, not the war. The war is heading in the other direction.
If Apple can’t win this war, India can’t either, but we must thank the NDA government for small mercies. Last week the government legislated the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill 2016, which – for the first time – mandates a modicum of privacy for the data gathered by the Unique Identification Authority of India (UIDAI).
Nearly a billion Indians – men, women and even children – have shared biometric data with the UIDAI. Under the new law, this data will not be shared with anyone, including the Aadhaar recipient, and only national security can be a reason for forcing UIDAI to share it with the law enforcement agencies, and that too after proper vetting by responsible officials.
This is a darn sight better than what the UPA did, which simply pushed ahead with collecting private data without any legislation – effectively making the Aadhaar effort partly illegal. The NDA law at least gives Aadhaar a post facto legal basis for directing subsidies to the right beneficiaries.
Given our scant respect for the law – any law – it is quite possible that in actual practice the privacy protections guaranteed by the legislation may be breached. If someone high up (say, a top cop, or someone in the PMO or the CMO) asks for data, the system may still oblige even without formal authorisations. Remember how the Radia tapes got leaked to the media? But overall it is clear that there is some legal protection for the privacy of citizens.

The problem though emanates elsewhere, and the Apple case in the US illustrates this very well. In its fight with the FBI, Apple has only declined to share information stored on the terrorist’s iPhone (which is encrypted), but the company still provides anti-terror investigators lots of info on email, pictures, and other data stored on its iCloud servers. In other words, the fight is only about data stored in the iPhone device, not all the data Apple stores. This is like putting your finger in the dyke.
Even though other tech giants – Google, Facebook, and Microsoft, who like to encrypt their services and devices - have weighed in on Apple’s side, the companies have effectively bartered away their data to police forces all over the world. Blackberry, which tried hard to restrict access in India and the rest of the world, ultimately caved in as pressure from governments has proved insurmountable. They have already compromised privacy to a large extent.
In China, any global player has to allow his data to be accessed by the government. The point is simple: Silicon Valley’s giants can huff and puff, but governments hold the high cards in this battle. Consider how Julian Assange and Edward Snowden, both of whom leaked government data and files, are being pursued to the end of the world by the US, which claims to operate a liberal regime.

Photo by Frederick M. Brown/Getty Images

Unlike private players, governments are elected by the people, and when people start worrying about vulnerability to terrorism, privacy fears vanish. The public is divided on how much privacy can be sacrificed for security – or pecuniary benefits.

It is also pointless to put only governments in the dock for invasions of privacy. The big internet platforms – from Google to Amazon to Microsoft to Apple, and almost every mass market e-tailer – know a lot about citizens, their habits and predilections. The credit card companies can actually construct what kind of person you are from your spending patterns and payment cycles.

Through GPS-based maps, Google gets real-time information on where you are. Apple and Amazon know exactly what you buy, and when you are likely to buy books or other things on their portals. Based on what you buy and when, they can develop a psychographic profile of you without even a photograph. By a careful analysis of customer buying patterns, and by matching age and gender profiles, big retail chains can predict when you are likely to buy what.

One chain even figured out when a woman is likely to be pregnant by studying her shopping trends. If you are pregnant, you are likely to change purchase behaviours in the run-up to delivery, by buying certain kinds of books, medicines, clothes or dietary supplements. So when the baby arrives, the retailer can actually offer focused post-pregnancy products and babyfood and clothes.

Your bank knows all about your finances, and increasingly, your mobile phone operator, who may soon become a payments bank, will know not only where you are, but what you do, and what you pay by way of telephone or electricity bills every month, not to speak of the taxi rides you take and to which places.

This is how intrusive the world has actually become. The only limitation is the data gatherer’s ability to use tonnes of data being spewed out daily by seven-and-odd billion people.

The other issue is this: we ourselves tend to be ambivalent about how much privacy we want. We may be happy to receive a restaurant discount coupon based on GPS location services, but we may not want our financial or internet browsing patterns to be so easily deduced by data gatherers.

Privacy is also a haves-versus-havenots issue. In the case of Aadhaar, for example, it is not the poor who are protesting about possible violations of privacy, but the rich, who worry about which part of their data will be known to the government, the tax agencies, or even to crooks. The poor have nothing to lose by having their data bandied about.

But the rich are happy to share their fingerprints with Uncle Sam, since this is a primary requirement for obtaining a US visa. As this procedure is now being fully adopted by the European Union, the rich will find that their personal data is now part of a global shareable database among law enforcement agencies; this is over and above the data we voluntarily (or unknowingly) give to the Googles and Amazons of the world.

A couple of years ago, I was strongly opposed to Aadhaar, given its complete lack of privacy protection and quasi-illegal status. Now, I have changed my mind, thanks to the legal figleaf provided by the NDA government. Last month, when it became clear that there would be a law on Aadhaar, I quietly got myself an Aadhaar, but I have promised myself I will use it only when it is unavoidable.

The fact is we have lost the battle for privacy – both to government and private parties. Big brothers will be watching over us now, and one can only hope our privacy will not be compromised to a level where it hurts us. And who knows, big brother may occasionally protect us from that jihadi suicide-bomber.

No comments: