ADVERTISEMENTREMOVE AD

Every Family in J&K To Get Unique ID: 6 Reasons Why Experts Say This Is Worrying

Surveillance, lack of laws to safeguard data: What other concerns have legal and technology experts flagged?

Published
Law
7 min read
Every Family in J&K To Get Unique ID: 6 Reasons Why Experts Say This Is Worrying
i
Like
Hindi Female
listen

The Quint DAILY

For impactful stories you just can’t miss

By subscribing you agree to our Privacy Policy

"We live in the era of information revolution, where the entire lives of individuals are stored in the cloud. We must recognize that while technology is a useful tool for improving the lives of the people, at the same time, it can also be used to breach that sacred private space of an individual."
Former CJI NV Ramana while constituting a committee to investigate the Pegasus case (2021)

Enter, the Jammu & Kashmir Family ID: A proposed identity card, with a unique eight-digit alphanumeric number to identify each family and its members vis-a-vis the head of the family. 

The programme, announced by Jammu and Kashmir (J&K) Lt Governor Manoj Sinha in November 2022 as part of the J-K digital vision document, is slated to carry details of all members of the family, including their names, ages, qualifications, employment status, according to media reports.

What's the objective? According to what government officials told The Indian Express, the objective of this is to create an authentic, verified, and reliable database of families in J&K to make sure welfare schemes reach eligible beneficiaries faster and in a more transparent manner.

Why this matters: Other than the ruling Bharatiya Janata Party (BJP), this development has not gone down too well with leaders across the political spectrum.

Former Jammu and Kashmir Chief Minister and PDP Chief Mehbooba Mufti in December 2022 called it "another surveillance tactic to tighten the iron grip" on the lives of Kashmiri people.

Technology and legal experts concur, except they seem to think that there is more to be worried about besides surveillance. 

Every Family in J&K To Get Unique ID: 6 Reasons Why Experts Say This Is Worrying

  1. 1. How Can This Potentially Lead To Surveillance?

    The new card will be linked to the Aadhaar and the bank account of the head of the family.

    While Aadhaar includes information about an individual, the family ID card, if implemented, will link details about families including name, age, qualifications, income, employment status and marital status, among other details.

    With all of this information, databases of this type end up having a “360 degree view” of residents, according to cyber security expert Anand Venkat.

    This is exactly what leads to surveillance, he added.

    “Put simply, profiling is surveillance,” Venkat wrote in his blog.

    For example, once this programme is implemented, the government, will not only know your religion, but will also know whether or not your entire family is from the same religious community. At the same time, it will know about the neighbourhood you reside in. With the help of the large-scale database, it will be able to piece together the approximate religious profile of your entire neighbourhood. 

    This can, by and by, lead to targeting of specific neighbourhoods (based on those whole live there) for intensified facial recognition and policing, based on the negative traits attributed to the said population by the authorities, Vikas Saxena, an independent tech & policy researcher, explained in conversation with The Quint.

    Expand
  2. 2. Kashmir Is More Prone To This Because…

    Experts also seem to think that Jammu and Kashmir’s precarious socio-political context makes this all the more worrisome and could add to the ever widening trust deficit between the government and people.

    “Things are already complicated on the ground in Jammu and Kashmir, the  trust between people and the government is very low, so it is understandable why surveillance and privacy concerns from this arise.”
    Maansi Verma, Lawyer and founder of civic engagement initiative Maadhyam

    On 5 August 2019, Kashmir, which has witnessed decades-long military conflict, lost its semi-autonomous status after the Indian government abrogated Article 370 of the Indian Constitution.

    This led to internet blockades for nearly a year and a half after reports of troop deployment and human rights violations.

    That’s not all – in 2021, the UT administration reportedly subjected new government employees to a verification process which included monitoring their social media accounts, according to a circular issued by J&K’s General Administration Department (O9JK-GAD).

    Expand
  3. 3. But, There Must Be Legislative Safeguards, Right?

    Not quite, say experts.

    “With all of these data collection exercises, there is no safeguard in place to ensure that the information is not accessed by someone who should not be accessing it."
    Anushka Jain, Policy Counsel (Surveillance & Transparency) at Internet Freedom Foundation

    Kashmir is not the only state with such databases. More recently: Haryana, Tamil Nadu, and Maharashtra, among other states, also introduced similar programs. But none of these states have notified a specific law to integrate databases.

    “If you collect data, you collect data to profile your residents, there’s certainly the right of privacy engaged. Once that is the case, the requirement of law becomes absolutely indispensable," Prasanna S, a Delhi-based lawyer who had helped petitioners challenge the Aadhaar Act, told MediaNama in a conversation about integrated databases.

    He further pointed out how any data collection exercise leading to a 360 degree profiling of citizens in the absence of a law is a direct violation of the fundamental right to privacy.

    “The law is a critical piece there. Because the law will then tell you what purposes you can use it for, to what extent the data can be collected and retained and what you cannot use it for. Otherwise, it’s a database that the state can use for any purpose it wants,” Prasanna added.

    Expand
  4. 4. And Then There Are Potential Data Leaks…

    Interestingly, after Kashmir’s family ID program was announced, senior superintendent of police (security) M Y Kichloo told news agency PTI that the risk of “vulnerabilities and possibilities of cyber attacks will remain” when it comes to storage of data in a digital format.

    “We will face the same problems in Jammu and Kashmir which are faced across the country viz- a-viz data. The risk of vulnerabilities and possibilities of cyber attacks will remain. In case of data breach, the quantum of punishment would be 10 years which would work as a deterrent."
    Senior Superintendent of Police (Security) M Y Kichloo

    A report published by the Netherlands-based cybersecurity firm Surfshark VPN revealed that India ranked sixth among countries vulnerable to digital attacks since such attacks were first recorded in 2004.

    Even with Aadhaar – the world’s largest biometric system – there have been data security concerns. The Comptroller and Auditor General (CAG) of India, in its April 2022 report on functioning of the UIDAI, flagged several security concerns with Aadhaar. 

    And, this becomes seemingly more concerning when you take into consideration that India currently has no data protection law in contrast to the European Union's General Data Protection Regulation (GDPR), which is considered the most stringent framework on data protection and privacy rights in the world.

    “Any data collection exercise in the country right now is unregulated. Because there is no data protection law to govern how data is being collected, whether it is being stored only for the purpose it was obtained for, how it is being stored, whether it is being deleted after its use is done: so all of these things need to be considered to ensure that personal data protection rules are abided by in accordance with the right to privacy that we have.”
    Anushka Jain, policy counsel (surveillance & transparency) at Internet Freedom Foundation

    The Personal Data Protection Bill has still not been passed. Initially introduced in 2018, was withdrawn after strong opposition on the exemption it proposed for the central government and its agencies from its provisions. 

    Even a new version of it, which is yet to be discussed in parliament, has the potential to give more powers to the government if passed, The Quint had reported in a previous piece.

    Expand
  5. 5. Exclusion, Election Propaganda: What Are Some Other Concerns?

    Exclusion from Welfare Schemes

    Remember reports about starvation deaths in Jharkhand that are said to have happened as a result of people not being able to link their Aadhaar cards with their ration cards and therefore not avail of promised ration?

    Experts fear a similar tragedy could emanate from the Family ID programme too.

    “There have been reports of people not being able to get their Aadhaar cards made, for no fault of their own. Which has led them to miss out on schemes. The architecture of the family ID database, which is being pushed for speedy delivery of social schemes could also lead to exclusion in a similar manner.”
    Maansi Verma, lawyer and founder of civic engagement initiative Maadhyam

    Election Propaganda

    “With the new Family ID database, you can geographically profile people and get a hold of their economic data and when you can do that you can influence election behaviour.  Alternatively, you can also get more votes by demarking geographical boundaries according to your own convenience."
    Vikas Saxena, independent tech & policy researcher 

    In 2021, a petition in the Madras High Court alleged that the Bharatiya Janata Party’s Puducherry unit had misused voter data collected by the UIADIA during its Assembly election campaign.

    The Madras High Court, during the hearing, had said there appears to be a “serious breach” in how the party conducted itself and directed the Election Commission to investigate this.

    Experts The Quint spoke to, said that with this new initiative, similar misuse of data for electoral gains could become more convenient.

    Like Vikas Saxena puts it:

    “Hypothetically, these same data points can impact everything from redistricting and policing to accessing essential services like healthcare and education. In practice, once correlated with the Aadhar database, the use cases are potentially endless.”

    He adds:

    “Ultimately, whether these additional data points can be wielded as a weapon of mass surveillance and division, or to deliver social welfare schemes with speed and ease – only time will tell.”

    (At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

    Expand

How Can This Potentially Lead To Surveillance?

The new card will be linked to the Aadhaar and the bank account of the head of the family.

While Aadhaar includes information about an individual, the family ID card, if implemented, will link details about families including name, age, qualifications, income, employment status and marital status, among other details.

With all of this information, databases of this type end up having a “360 degree view” of residents, according to cyber security expert Anand Venkat.

This is exactly what leads to surveillance, he added.

“Put simply, profiling is surveillance,” Venkat wrote in his blog.

For example, once this programme is implemented, the government, will not only know your religion, but will also know whether or not your entire family is from the same religious community. At the same time, it will know about the neighbourhood you reside in. With the help of the large-scale database, it will be able to piece together the approximate religious profile of your entire neighbourhood. 

This can, by and by, lead to targeting of specific neighbourhoods (based on those whole live there) for intensified facial recognition and policing, based on the negative traits attributed to the said population by the authorities, Vikas Saxena, an independent tech & policy researcher, explained in conversation with The Quint.

ADVERTISEMENTREMOVE AD

Kashmir Is More Prone To This Because…

Experts also seem to think that Jammu and Kashmir’s precarious socio-political context makes this all the more worrisome and could add to the ever widening trust deficit between the government and people.

“Things are already complicated on the ground in Jammu and Kashmir, the  trust between people and the government is very low, so it is understandable why surveillance and privacy concerns from this arise.”
Maansi Verma, Lawyer and founder of civic engagement initiative Maadhyam

On 5 August 2019, Kashmir, which has witnessed decades-long military conflict, lost its semi-autonomous status after the Indian government abrogated Article 370 of the Indian Constitution.

This led to internet blockades for nearly a year and a half after reports of troop deployment and human rights violations.

That’s not all – in 2021, the UT administration reportedly subjected new government employees to a verification process which included monitoring their social media accounts, according to a circular issued by J&K’s General Administration Department (O9JK-GAD).

ADVERTISEMENTREMOVE AD

But, There Must Be Legislative Safeguards, Right?

Not quite, say experts.

“With all of these data collection exercises, there is no safeguard in place to ensure that the information is not accessed by someone who should not be accessing it."
Anushka Jain, Policy Counsel (Surveillance & Transparency) at Internet Freedom Foundation

Kashmir is not the only state with such databases. More recently: Haryana, Tamil Nadu, and Maharashtra, among other states, also introduced similar programs. But none of these states have notified a specific law to integrate databases.

“If you collect data, you collect data to profile your residents, there’s certainly the right of privacy engaged. Once that is the case, the requirement of law becomes absolutely indispensable," Prasanna S, a Delhi-based lawyer who had helped petitioners challenge the Aadhaar Act, told MediaNama in a conversation about integrated databases.

He further pointed out how any data collection exercise leading to a 360 degree profiling of citizens in the absence of a law is a direct violation of the fundamental right to privacy.

“The law is a critical piece there. Because the law will then tell you what purposes you can use it for, to what extent the data can be collected and retained and what you cannot use it for. Otherwise, it’s a database that the state can use for any purpose it wants,” Prasanna added.

ADVERTISEMENTREMOVE AD

And Then There Are Potential Data Leaks…

Interestingly, after Kashmir’s family ID program was announced, senior superintendent of police (security) M Y Kichloo told news agency PTI that the risk of “vulnerabilities and possibilities of cyber attacks will remain” when it comes to storage of data in a digital format.

“We will face the same problems in Jammu and Kashmir which are faced across the country viz- a-viz data. The risk of vulnerabilities and possibilities of cyber attacks will remain. In case of data breach, the quantum of punishment would be 10 years which would work as a deterrent."
Senior Superintendent of Police (Security) M Y Kichloo

A report published by the Netherlands-based cybersecurity firm Surfshark VPN revealed that India ranked sixth among countries vulnerable to digital attacks since such attacks were first recorded in 2004.

Even with Aadhaar – the world’s largest biometric system – there have been data security concerns. The Comptroller and Auditor General (CAG) of India, in its April 2022 report on functioning of the UIDAI, flagged several security concerns with Aadhaar. 

And, this becomes seemingly more concerning when you take into consideration that India currently has no data protection law in contrast to the European Union's General Data Protection Regulation (GDPR), which is considered the most stringent framework on data protection and privacy rights in the world.

“Any data collection exercise in the country right now is unregulated. Because there is no data protection law to govern how data is being collected, whether it is being stored only for the purpose it was obtained for, how it is being stored, whether it is being deleted after its use is done: so all of these things need to be considered to ensure that personal data protection rules are abided by in accordance with the right to privacy that we have.”
Anushka Jain, policy counsel (surveillance & transparency) at Internet Freedom Foundation

The Personal Data Protection Bill has still not been passed. Initially introduced in 2018, was withdrawn after strong opposition on the exemption it proposed for the central government and its agencies from its provisions. 

Even a new version of it, which is yet to be discussed in parliament, has the potential to give more powers to the government if passed, The Quint had reported in a previous piece.

ADVERTISEMENTREMOVE AD

Exclusion, Election Propaganda: What Are Some Other Concerns?

Exclusion from Welfare Schemes

Remember reports about starvation deaths in Jharkhand that are said to have happened as a result of people not being able to link their Aadhaar cards with their ration cards and therefore not avail of promised ration?

Experts fear a similar tragedy could emanate from the Family ID programme too.

“There have been reports of people not being able to get their Aadhaar cards made, for no fault of their own. Which has led them to miss out on schemes. The architecture of the family ID database, which is being pushed for speedy delivery of social schemes could also lead to exclusion in a similar manner.”
Maansi Verma, lawyer and founder of civic engagement initiative Maadhyam

Election Propaganda

“With the new Family ID database, you can geographically profile people and get a hold of their economic data and when you can do that you can influence election behaviour.  Alternatively, you can also get more votes by demarking geographical boundaries according to your own convenience."
Vikas Saxena, independent tech & policy researcher 

In 2021, a petition in the Madras High Court alleged that the Bharatiya Janata Party’s Puducherry unit had misused voter data collected by the UIADIA during its Assembly election campaign.

The Madras High Court, during the hearing, had said there appears to be a “serious breach” in how the party conducted itself and directed the Election Commission to investigate this.

Experts The Quint spoke to, said that with this new initiative, similar misuse of data for electoral gains could become more convenient.

Like Vikas Saxena puts it:

“Hypothetically, these same data points can impact everything from redistricting and policing to accessing essential services like healthcare and education. In practice, once correlated with the Aadhar database, the use cases are potentially endless.”

He adds:

“Ultimately, whether these additional data points can be wielded as a weapon of mass surveillance and division, or to deliver social welfare schemes with speed and ease – only time will tell.”

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Read Latest News and Breaking News at The Quint, browse for more from news and law

Topics:  Jammu and Kashmir 

Speaking truth to power requires allies like you.
Become a Member
3 months
12 months
12 months
Check Member Benefits
Read More
×
×