Inside India's Digital Panopticon

Essay by Aparajita Ghosh

After Philosopher Jeremy Bentham designed the architectural structure called panopticon, a circular prison with cells arranged around a central tower for the supervisor to constantly observe the inmates without being seen himself, the well-known French historian-philosopher Michel Foucault also introduced the disciplinary theory, panopticism, in one of his most influential books, Discipline and Punish: The Birth of The Prison. In many ways, government surveillance today can be metaphorically compared to this idea of panopticism.

On a late summer night in May of 2021, as S. Q. Masood was traveling through the bylanes of the Hyderabad city, he witnessed an unusual check carried out by a group of police. They stopped him instantly and took a photograph of him, despite his protest. Masood, who is a prominent activist in the southern city, was already aware of its surveillance issues.

He headed to the city police department the next day to follow up about the usage and storage of his data, but was left unanswered. He then approached the Internet Freedom Foundation (IFF) (1), a privacy advocate, and they served a legal notice on behalf of Masood against the police commissioner and the Telangana state, pointing out the “excessive policing” and violation of citizens’ rights to privacy guaranteed under the Indian constitution. However, the case is still awaiting hearing in the top court. The major factor that bothered Masood was the motive behind taking his photograph—ostensibly to feed into the facial recognition database.

The technology was first brought into use by the authorities in 2018 to curb crimes with an accuracy rate of less than 1%, and, despite data uncertainty, the law enforcement officials moved on to illegally use the technology to crack down on dissenters during protests held across the country. Anushka Jain, the Policy Counsel for Surveillance and Transparency at IFF, has repeatedly alerted citizens of the harassment the technology could lead to.

Today, the authorities are increasing the use of facial recognition secretly on the cusp of launching the world's largest facial recognition system. In Hyderabad alone, nearly 375,000 CCTV cameras are installed and equipped with facial recognition technology to surveil the population and match footage against the pre-existing databases.

Under Project Panoptic, IFF—in collaboration with international nonprofits Article 19 and Amnesty International—collectively launched the “Ban The Scan” campaign to track the use of facial recognition systems globally and discovered 126 surveillance projects running in several Indian states, creeping into the everyday lives of the citizens. The AI and Data Researcher for Amnesty International, Matt Mahmoudi cautioned the citizens of Hyderabad on becoming a total surveillance city: “It is almost impossible to walk down the street without risking exposure to facial recognition.”

This intrusive practice of data collection has further been routinely executed by adding facial recognition systems into “Aadhaar” verification. The Unique Identification Authority of India (UDAI) issued Indian residents a 12-digit unique identification number based on their biometrics (including fingerprints and iris scans) in 2016, which was made voluntary by the Supreme Court of India. However, the authorities went against the lawmakers and forced the residents to connect it with every aspect related to an individual—from opening bank accounts, filing tax bills, booking travel tickets, and availing scholarships to even registering deaths. That said, the draconian ID system has been dubbed the world's biggest mass surveillance project. Among several experts, Edward Snowden—the whistleblower behind the NSA’s surveillance who revealed the scary reality of the US government’s violation of citizens’ rights—also called out the controversial surveillance project and warned residents against it.

The authorities in India as well as the West use a common popular rhetoric, “If you have nothing to hide, you have nothing to fear,” to conduct rampant mass surveillance that causes a chilling effect on citizens and encourages self-censorship.

In 2020, when COVID-19 gripped the globe, countries adapted various surveillance technologies, such as drones and geolocation mobile apps, to help mitigate the virus. But the contact-tracing apps across the world, including India’s Aarogya Setu, have raised data security concerns. Despite fears concerning privacy escalating during the pandemic, the app stood as the world’s most downloaded, with over 150 million downloads since it was made mandatory for public and private sector employees. 

Unlike apps from other countries, Aarogya Setu requires bluetooth and GPS-based location tracking to notify users of potential risk of the virus around them. IFF strongly criticized the authorities for introducing a “privacy minefield” that carried a “palpable risk of either expanding in scope or becoming a permanent surveillance architecture.” Thus, the contact-tracing app indicates the risk of jeopardizing data security and launching a comprehensive regulatory framework that governs enforcement mechanisms.

The systematic mass invasion of citizen’s privacy in the absence of personal data protection law has led the world's second largest population towards a sharp democratic decline. In August 2022, the legislation was dramatically withdrawn after at least five years, as some provisions such as data localization and non-personal data regulation became points of heated debate. Since privacy was deemed a fundamental right under India’s constitution in 2018, several policymakers demanded a major privacy law for more than 1.4 billion people in India.

Meanwhile, Narendra Modi’s government has imposed severe data regulation, targeting social media websites such as Facebook, Twitter, and other firms, including Virtual Private Networks (VPN). In early 2022, the authorities announced a crackdown on the VPNs that encrypted data online. The service providers were required to retain a wide range of user data and IP addresses for at least five years and hand over the information to the government, if asked. This directive has eventually forced several international VPN providers to shut down operations in India. This nation–with less than 50% internet penetration–has witnessed a surge of over 600% in VPN usage in the last few years according to Sindhu Hariharan from The Times of India. The tool has often been used to bypass government censorship and browse safely. As per Srinivas Kodali, a digital researcher who claims this move “could eventually be used for targeted surveillance of journalists, lawyers, and activists”–was proven rather true.

Two years back, Prime Minister Modi was accused of treason for snooping on nearly 150 journalists, activists, politicians, and businessmen with an Israeli spyware called Pegasus, programmed to target terrorists. However, the government neither categorically admitted nor denied the use of the spyware. The malware sold by the NSO group to the “vetted governments” as clients was capable of remotely hacking the mobile devices and gaining access to the contents, including microphones and cameras. Earlier, the “cyber weapon” infected phones with malicious links sent through text messages and emails, but as the program advanced, the phones were infected through “zero-click” attacks which did not require any interaction from the phone owner to succeed. The spyware was simply placed through the WhatsApp messaging platform to a target device several times, and the tech giant informed the Indian government as well as some journalists of the hack. Eventually in early 2019, the messaging platform filed a lawsuit against the Israeli firm seeking damages in the US Supreme Court.

A year later, several Indian journalists and activists filed petitions at the Supreme Court of India, which ordered an independent inquiry against the Modi government on the misuse of spyware. As the bench of judges set up an expert panel to investigate, they criticized the government asserting that “the state cannot get a free pass every time by raising national security concerns.” However, although the expert panel found 5 out of the 29 examined phones infected with malware, they could not confirm it was Pegasus.

The state actors have adapted various monitoring mechanisms in the absence of surveillance reform in the past, but its inexplicable continuance that violates citizens’ fundamental rights of privacy exhibits the urgent need for sturdy laws to limit the existing authoritarian surveillance in India.

Subsequently, by drawing from the works of Bentham and Foucault, panopticism in the modern era serves as a strong example of how a government can control and watch its citizens without their knowledge, using digital security as an excuse which will eventually lead to a greater digital divide in their countries.

(1) Internet Freedom Foundation is an Indian non-governmental organization that conducts advocacy on digital rights and liberties, based in New Delhi. IFF files petitions and undertakes advocacy campaigns to defend online freedom, privacy, net neutrality, and innovation.

Works Cited:

"Ban The Scan Campaign." Amnesty International, 1 Jan. 2022, banthescan.amnesty.org/.

Datta, Saikat. "The End of Privacy: Aadhaar Is Being Converted into the World's Biggest Surveillance Engine." Scroll.in, 24 Mar. 2017, scroll.in/article/832592/the-end-of-privacy-aadhaar-is-being-converted-into-the-worlds-biggest-surveillance-engine.

Hariharan, Sindhu. "VPN Use in India Grows Over 600% in H121: Report." The Times of India, 20 July 2021, timesofindia.indiatimes.com/business/india-business/vpn-use-in-india-grows-over-600-in-h121-report/articleshow/85412089.cms.

"How AarogyaSetu Knows about Your COVID-19 Positive Test?" Aarogya Setu, 16 June 2020, www.aarogyasetu.gov.in/.

Kuchay, Bilal. "India's PM Modi Accused of ‘Treason’ Over Pegasus Spyware Scandal." Aljazeera, 20 July 2021, www.aljazeera.com/news/2021/7/20/pegasus-project-india-modi-treason-spyware-snooping-scandal.

Recommended Reading:

What does the panopticon mean in the age of digital surveillance? –The Guardian

Facial recognition is out of control in India – Vice