Commentary
Find our newspaper columns, blogs, and other commentary pieces in this section. Our research focuses on Advanced Biology, High-Tech Geopolitics, Strategic Studies, Indo-Pacific Studies & Economic Policy
Why missed call democracy is a bad idea
The Narendra Modi-led government launched a ‘missed call campaign’ on January 3, 2019, asking people to give a missed call at a number to register their support for the controversial Citizenship (Amendment) Act. Home Minister Amit Shah has claimed that 52,72,000 missed calls have been received from verifiable phone numbers.
What has been happening in the background since the launch of the campaign is a reflection of the state of affairs in the country. Ever since the campaign started, Twitter has been abuzz with misleading tweets asking people to call the number by promising ‘job offers’, ‘free Netflix subscription’, ‘romantic dates with women in the area’, and so forth. Tweets such as ‘Akele ho? Mujhse dosti karoge?’ (Feeling lonely? Want to be friends?) by a Twitter account with 16k followers, Prime Minister Modi being one amongst them, point to a much larger misinformation campaign presumably by the IT-cell of the ruling party. A counter-campaign was also launched soliciting missed calls to demonstrate opposition to CAA and NRC.
Where’s my number?
In the age of surveillance capitalism, any entity, especially the government, running a campaign to garner support using phone numbers opens up private individuals to grave risks. The people who are calling the toll-free number have no information on whether their numbers would be stored in a database, shared with third parties, and/or used for a future campaign by the government. First-principles of privacy dictates that data collected should be proportionate to the legitimate aim and limited purpose that is being pursued. Furthermore, the data principal should provide informed consent to the collection of data.
There seem to be no means for citizens to determine if the government is storing their data, and no process to get their records deleted if they wish to. Repurposing the potential database to micro-target during election campaigns is a severe threat that emerges from this exercise. People who called the number are either staunch supporters of the Bharatiya Janata Party (BJP) or vulnerable youth who fell into the honeytrap while looking for jobs, subscription TV, or romantic partners. Given that the government now potentially has access to members of its core voter base as well as gullible people at the margins, it can push information and opinions that favour its ideology. Alternatively, participants in the counter-campaign can be categorised as anti-establishment voices. This narrative dominance, empowered by personalisation algorithms, can result in the formation of filter bubbles where people are isolated from conflicting viewpoints, reinforcing their existing beliefs.
The design of the missed call campaign itself is flawed. An honestly designed campaign would have provided options to vote either for or against an option. The absence of a way to express an opposing view reduces it to an exercise in confirmation bias. The missed call mechanism is also susceptible to manipulation. It is unclear whether these are features or bugs. While 52 lakh may seem like a sizable number, it is a drop in the ocean in a country of more than 130 crore people. In fact, the number is less than 3 per cent of the total BJP membership of 18 crore people.
Why referendums fail
If this approach to engage with citizens is legitimised, it opens the door to use it every time there is a risk of backlash over a government decision. Even before Brexit became the poster-child for failed referendums, political theorists had advised against them. When asked about the best time to use referendums, Michael Marsh, a political scientist at Trinity College, Dublin was quoted as saying ‘almost never’.
In Democracy for Realists, political scientists Christopher Achen and Larry Bartels, lament the idea that the ‘only possible cure for the ills of democracy is more democracy. They cite a body of research that concludes that citizens often do not have the necessary knowledge, nor the inclination to acquire it when it comes to voting on nuanced issues. Decisions are often made on short-term considerations like personal tax saving or reduction in government expenditure without an analysis of anticipated unintended consequences. Additionally, there is a tendency for referendum processes to be captured by certain interest groups and typically decided in favour of whichever has deeper pockets. Low-effort voting methods, such as online voting and missed calls, are likely to be overused. This will result in desensitisation of the public, exacerbating all the shortcomings of referendums.
The use of missed calls to vindicate its stand on contentious issues, by a democratically elected government, is not only ineffectual, but it also exposes unsuspecting individuals to severe risks. Employing systems without basic privacy considerations, clear purpose limitations, and straightforward redressal mechanisms, can lead to misuse in the future and undermine the democratic ethos of the nation.
Token Security or Tokenized Security
There is a need to protect the data belonging to individuals in these situations, providing the government with two possible policy options: it can choose to either overhaul the Aadhaar architecture completely, or it can build in additional security measures to ensure that individual data is not compromised.
Uninventing Aadhaar is not a practical proposal. It would have to include repealing the statute on Aadhaar, disbanding the database already created, and figuring out alternative means of delivering the services that are now dependent on Aadhaar. A more sustainable way forward is to better secure Aadhaar. This will involve not only the secure collection and storage of personal data but also a safe regulation of the manner in which third parties use it for authentication.
Read more here.
What the GDPR Means for India
As the GDPR seeks to protect data users in Europe (and regions where the EU laws apply), it might not really make a difference to data users in India. However, this law extends to both citizens as well as non-citizens within the boundaries of the continent. So, if you have plans to travel to Europe, you have the added advantage of being covered by the protections under the GDPR as soon as you land there.On the other hand, the GDPR requires companies all over the world to comply with its provisions if they provide any goods or services anywhere in Europe, or in any manner monitor the behaviour of any individuals in Europe. This means that some Indian sectors such as information technology, the outsourcing industry, and pharmaceuticals might be hit by the GDPR. As the penalty for a contravention is up to 4% of the annual turnover of the company, this is not a trivial obligation for affected Indian data controllers.