Sanchar Saathi: The Government Has Earned Our Distrust

If a government application was forcefully implanted in your device, and was impossible for you to delete, what could go wrong?

The Sanchar Saathi application, which the Indian government told companies like Apple, Oppo, Vivo, Xiaomi and Samsung to install in new devices, and push to devices already in use by us, was, on the face of it, a well meaning exercise. It would allow people to report frauds, block and report stolen devices, and check all mobile numbers linked to their identity.

Even though the Ministry of Communications has backtracked twice now — initially it said that the application can be deleted, and later on said that handset manufacturers don’t mandatorily have to install it on user devices — I think it’s important to understand why there was a big backlash. 

First, it isn’t about what the application did, but what it could do: given that the application had access to your call records and messages, the files and media on your device, it could be used by the government to spy on you via your device. The initial notification said that the app should not be restricted, which meant that you possibly would have been unable to remove its access to your files as well. 

Second, it’s about risk for politically sensitive individuals, including journalists and opposition politicians. The application had read-write access to your device, so it is possible that it could have been used to implant files on their phone, and used to implicate them. I know this sounds like a movie plot, but it has happened before: in the Bhima Koregaon case, it was found that a malware called Netwire was used to implant 10 incriminating letters on Rona Wilson’s laptop. 

Fourth, the idea that it would not be un-installable, even though the government did a U turn on this, meant that there was a government application perpetually on your device, with access to all your files.

Importantly, smartphones are not like set-top boxes or routers. They hold messages, documents, photos, location histories, health data and financial information. They’re personal spaces, and the fact that an application is forced by the government on our devices is like the government invading our home. A point was made that handsets often come with applications already pre-loaded, so why do we have a problem with an Indian government application being preloaded on the device?

But there a deeper issue at play here: Rahul Shivshankar from Network18 made the point that we don’t have a problem with installing Chinese and US apps in a flash but “explode in outrage” when an Indian application, whether Aarogya Setu, digilocker or Sanchar Saathi “try to protect us”. He called this outrage selective and asked whether we are digital racists. 

Frankly, it’s not just about these apps, it’s about how our government deals with us as citizens. It has a record of lacking accountability: a decade or so ago, government departments used to publish spreadsheets online, indexed by Google Search, with people’s personal details, including their Aadhaar number. When Rachna Khaira reported that read-write access to the Aadhaar database was being sold for Rs. 500 each on WhatsApp groups, the UIDAI filed an FIR against her.

In every single instance of failure to prevent unauthorised access to Aadhaar, including when GPS signatures of enrolment agents were cloned, the UIDAI denied any breach of Aadhaar’s database. 

Since the launch of Aadhaar, we have been subjected to dictates from the government that are at times mandatory, and others voluntary but mandatory. In 2014, many were forced to link their bank accounts with Aadhaar under the threat of their accounts being frozen, and their phone numbers with Aadhaar under the pretext that their phones would get blocked.

For years, the government has mandated that people link their PAN number to Aadhaar, without which they won’t be able to file taxes, only to keep shifting the deadline. The Election Commission sent Block Level Officers door to door telling people to link their Voter ID to Aadhaar, and when this was questioned, they said it’s not mandatory. 

There have been times when birth certificates don’t get issued for babies without an Aadhaar being made. We’ve forgotten that ambulances in some instances refused to service patients in dire need of help without an Aadhaar being produced. School admissions don’t happen without an Aadhaar being given, and it invariably gets linked to another ID, the Apaar ID. Driving licenses are mandatorily linked to Aadhaar. More IDs are getting created, more data being collected, and importantly, more data is being connected with other datasets. If you look beyond tech, there’s even ethanol being forcibly added to our petrol.

Meanwhile, the government has exempted itself from the Digital Personal Data Protection Act, which means while we can possibly hold private companies to account and expect transparency and consent from them, we can’t expect any accountability from the government.

So I’ll accept giving data to Google or Facebook because they’re under constant global scrutiny for their practices, and I can hold them to account even in India. WhatsApp uses the OpenSignal protocol to keep messaging secure, and it’s tested for vulnerabilities, and even WhatsApp can’t read our messages, and this can be proved. The government is also rolling out the National Intelligence Grid or NATGRID, which connects public and private databases for realtime surveillance, without any surveillance law in place.

Do we really want them to be able to collect more data from us, or force apps into our phones? Where was the public consultation for forcing Sanchar Saathi on our devices, or for SIM Binding with social media applications? Why should I trust a government that constantly evades scrutiny and accountability, and robs me of choice? 

The government has earned our distrust.

(Nikhil Pahwa is the editor of MediaNama and is at x.com/nixxin. This is an opinion piece and the views expressed are the author's own. The Quint neither endorses nor is responsible for the same.)