India’s Digital Governance `Model’ Fails on Rights

India, a leader in the global digital economy, is leveraging its digital transformation story as a central theme of its rotating presidency of the Group of 20 (G20) economies. Indian leaders claim they have used “technology to transform governance, to make it more efficient, inclusive, faster and transparent.”

“We in [the] G20 have a unique opportunity to lay a foundation of an inclusive, prosperous and secure global digital future,” Prime Minister Narendra Modi told a G20 working group recently. “We can include financial inclusion and productivity through Digital Public Infrastructure.”

But the dark side of India’s digital transformation and the massive costs it carries for millions of Indians will likely be obscured at the G20 summit, scheduled for Sept. 9-10 in New Delhi. Over the past five years, India has shut down the internet more than any other country. The residents of India’s northeast Manipur state, for instance, have been without internet service since early May, even as the area has been wracked by ethnic violence that has killed more than 180 people and displaced tens of thousands. The government restored fixed-line internet access after 83 days of complete blackout, but continues to cut off mobile internet, used by more than 96 percent of internet subscribers.

The Manipur government, led by Modi’s Bharatiya Janata Party, asserts that the internet is shut down to curb rumors and misinformation, but violence has continued despite the blackout. To the contrary, lack of internet means that residents do not have timely information or access to essential services ranging from banking to health care.

The shutdown has also hindered reporting on ongoing abuses. This became evident on July 19, when a video emerged on social media showing a mob from the Meitei majority community stripping and parading two Kuki minority women. The incident took place on May 4, but the internet shutdown prevented it from getting out earlier. Only after the video became available and prompted widespread outrage did the authorities promise action, showing the internet’s critical role in human rights protection.

Default Policing Action

A June report from our organizations, Human Rights Watch and the Internet Freedom Foundation, respectively, documents how Indian authorities frequently shut down the internet as a default policing action, violating domestic and international legal standards that require such shutdowns to be necessary, proportionate, and lawful. In most cases, the authorities say the shutdowns are to maintain law and order. In reality, they are often used to prevent cheating on school examinations and to prevent peaceful protests or criticism of government policies.

Internet shutdowns also run contrary to the government’s digital governance model. “Digital India” has made the internet essential to access social-protection programs including minimum work guarantees, public food distribution, and e-governance in rural areas. As a result, the shutdowns can cause millions of Indians, especially from socially and economically marginalized communities, to lose access to free or subsidized food and to their livelihoods.

For instance, the Mahatma Gandhi National Rural Employment Guarantee Act (NREGA) provides vital income security for more than 100 million households in rural areas. The government has moved to digitize this benefit, including its attendance checks and wage payments, which requires adequate internet access. Network coverage is already poor in remote areas, but internet shutdowns make the situation worse. “I have been working in NREGA for two years,” a 35-year-old Dalit woman with five children from Rajasthan state told us. “When the internet is shut down, I have no work, do not get paid, cannot withdraw any money from my account, and cannot even get food rations.”

At the heart of India’s digital public infrastructure is “Aadhaar” – the world’s largest biometric identity database, which is required to access all government programs, including food rations. In 2017, as part of schemes to digitize the government’s social security system and ostensibly increase administrative efficiency, the government required all people eligible for subsidized food rations to link their ration card with Aadhaar. Now, people can’t receive subsidized food grains if they are unable to authenticate their biometric Aadhaar IDs using the internet.

The other big transformation is the development of the Unified Payments Interface, which has enabled people to make instant, real-time digital payments for a range of goods and services using their smartphones. There are also online applications for health and education. Access to all these core Digital India components is disrupted every time the government turns off the internet.

At the same time, India has developed its digital public infrastructure in the absence of laws regulating privacy and data protection. There have been multiple reports of serious breaches in these databases, leaks of people’s sensitive data including bank information, and collection or use of personal data by government and private companies without consent or accountability. For instance, Human Rights Watch found that Diksha, an education app owned and used by the central government, transmitted children’s data to a third-party company using advertising trackers and also had the capacity to collect children’s precise location data, which it failed to disclose in its privacy policy.

Digital Authoritarianism

Despite these revelations, India adopted a personal data protection law in August that not only fails to protect against such violations, but instead grants the government sweeping powers to exempt itself from compliance, enabling unchecked state surveillance.

Indeed, gaps in the data protection law and internet shutdowns appear to be part of the government’s bigger toolbox to intensify its crackdown on civil society dissent. It has enforced Information Technology Rules, for instance, that allow for greater governmental control over online content, threaten to weaken encryption, and seriously undermine media freedoms, rights to privacy, and freedom of expression online. The rules require traceability of information that compromise end-to-end encryption on platforms such as WhatsApp or Signal. They also authorize the government to set up a “fact checking” unit with arbitrary, over-broad, and unchecked censorship powers to identify any false or misleading information online about “any business” of the government. Online intermediaries, including social media companies and internet service providers, are required to take down any such content. If they fail to remove it, they risk losing their safe harbor protections, and may be held liable in a court proceeding for any third-party information hosted on their platform.

The rules also require social media companies with more than 5 million registered users in India – which pretty much means all the major internet companies – to appoint local staff in-country. With more of their personnel living in India, where they could face criminal liability and prosecution, companies will find it difficult to resist arbitrary and disproportionate government orders to take down content or hand over data on users.

At the G20, India is pushing its Digital Public Infrastructure model as a vision for a sustainable digital future. But a digital future will fail to be inclusive or sustainable if it does not ensure that everyone’s rights are protected. If India truly wants to lead by example, it should amend abusive technology laws, ensure that digital governance does not come at the cost of people’s privacy and data, and fulfill its commitments to ensure an open, free, secure, and reliable internet.

This article has been co-authored with Jayshree Bajoria. An edited version of the article is available on the website of Just Security.

Comments are closed.