1

Introduction

I do not want to live in a world where everything I do and say is recorded.

Edward Snowden, the twenty nine year old formal technical assistantfor the Central Intelligence Agency said to the journalist GlennGreenwald while disclosing the National Security Agency’s (NSA)surveillance programme. (MacAskill 2013) The documents leaked bySnowden brought to focus the massive extent of data collectionindulged in by NSA and possibly other government agencies. The allpervasive collection, analysis and use or misuse of the terabytes ofdata throws open the question does the rewards of big datacompensate for the privacy violations it generates?

Is the scale of privacy invasion too large to imagine?

Think of the advertisement on the side of your Facebook screen. Itwill either be the exact product you had checked at an onlineshopping site in the recent times or one similar to it. The browser,the internet seems to have become intuitive.

This customised advertisement is the product of analysis of thebrowsing data collected from all your online activities that allowsprivate corporations to make user profiles out of your data withoutyour knowledge, to sell their products to you.

The advertisement on your screen is the result of the same Big Datatechniques that is used by the NSA to collect and analyzecommunications, and activities of all individuals.

Creepy or convenient? It depends on the extent to which the analysisis pursued, but how to know where to draw the line between bigdata’s benefits and its privacy concerns?

“By understanding the mechanisms through which our privacy isviolated, we can win here.” (Snowden cited in Greenwald 2014, p.13)

In the following pages these mechanisms have been sought to beunderstood.

The first chapter explains the extent and mechanism of collection ofbig data, the second one portrays the concerns and confusionssurrounding privacy. The third chapter provides the state ofregulations surrounding privacy, followed by chapter five which

2

presents media’s role in the privacy debate. The conclusion attemptsto provide a hopeful framework for the evolution of discussion andproceedings concerning privacy challenges of Big Data.

The research, which is secondary, is based mainly on the Americanexperience since that is where the major events and discussionssurrounding the issue have been going on.

However India with its increasing internet proliferation andgovernment approved surveillance programmes is on the edge of apotential debate on similar lines.

1. Decoding Big Data

Data, the plural of the word datum which means “that is given”originated in 17thcentury as a philosophical term. (Naughton 2014a)Initially data was hard to come by and even harder to store oranalyze. But with the technological advancements like advent ofcomputers, advent of the internet in 1980’s and the mobile and theweb in 1990’s, data collection became easier.

In 1994, the web had 10 million users and the traffic was equivalentto shipping the entire collected works of Shakespeare every second.(Schubert 2008, p.17) According to a recent press release (CISCO2011) average global internet traffic is slated to be 245 terabytesper second in 2015 which is equivalent to about 5 million fourdrawer filling cabinets filled with text.

These huge amounts of data are now accumulated and stored indifferent formats and different database. Techniques can be used toanalyze relationships and patterns in the data.

What is Big Data?

Big data is a term that encompasses the whole range of activitiesfrom collection and storage of terabytes of data to analysis of hugeand complex data sets. In technical terms, it refers to datasets

3

that are too large and complex to analyse through standard methodsor tools. But the term is used loosely to define: a mindset that isobsessed with collection of all quantitative information, a logicalapproach to decision-making basing on derived predictions, a novelway to gain insights in newer computational and behavioural fieldsof study and a computing technology that combines massive processingpower with formidable storage capacity and parallel-processingalgorithms. (Naughton 2014a)

Huge amounts of personal data that is being collected forms themajor part of Big Data. It is not always clear who exactly controlsthe data. The kind of control also changes. Under large data, theway the database was structured mattered. Sensitive kinds of datacould be deleted, anonymized, or not collected at all. In contrast,under Big Data, every bit is welcome. The controller does not needto arrange the data at all: all bits are thrown together into onehuge bucket. The original context doesn't matter. Bits areconstantly collected, taken out of their original context, andmixed. Data is de-contextualized only to be re-contextualized in adifferent way. (Birnhack 2013)

The term comes with its own share of controversies, mostlypertaining to ethics and privacy. What makes big data dangerous toprivacy is not just the unfettered collection of information, butthe modes in which it is and can be potentially used.

Data collection

To understand its full scope and implications we need to know whocollects the data, how and what the consequences of it are.

Data collection can be of two types

A. Active submission of their own personal data by individuals toprivate entities or the government.

B. Passive collection of data by private corporations and Governmentagencies.

4

Active submission of data

Mark Zuckerberg, the Chief Executive Officer of Facebook, the mostpopular online social media site, has said that in ten years we’llshare a thousand times as much as we do now. (Thompson 2011) Thatseems to be both an observation and a goal. We are constantlysharing bits and pieces of our personal lives online; what we read,eat, buy, sell, when we sleep, how much we sleep, how far we walkor run, how healthy we are by the means of the apps we use on ourphone and the activities on the internet. All these in addition toour name, date of birth, phone number , address, card numbers, carnumbers which we willingly and knowingly submit to the corporationsfor services which make our lives all the more convenient.

In the United States of America, it has been found that governmentrecords and other publicly available information, which has beenvoluntarily offered to the state as part of one’s citizenshipresponsibilities, are also available to corporations. The stateDepartment of Motor Vehicles, for instance, may sell personalinformation— like name, address, and type of vehicles owned to datacompanies, although only for certain permitted purposes, includingidentify verification. Public voting records, which includeinformation about party registration and how often one votes, canalso be bought and sold for commercial purposes in some states.(Beckett 2014)

In the Indian context, the sale of private data might seem far-fetched now. However India is in the process of mandatorilyimplementing Aadhar card that includes all personal details and ofimplementing Aadhar linked DigiLocker for storage of all officialdocuments. Thus there remains a possibility of such informationbeing used for commercial process.

Involuntary collection of data by government agencies

Edward Snowden revealed how government intelligence agenciesindiscriminately and at times illegally collected data fromindividuals, though the full extent and intricacies of it are stillunclear.

Ever since cellular telephony was in use, since the 1980's detailson user account information, location of nearest mobile phone tower,and numbers dialled by users have been collected by the service

5

provider. So it had the potential of being a surveillance technologyalways, but the details have changed significantly over time. Nowhow long the call lasted is also recorded. All this information iscalled “metadata” i.e. data about data. The content of the phoneconversations which is the data is excluded. The intelligencedepartment of the US government, the NSA collects these data withoutthe knowledge of the users. This program was revealed through aleaked Foreign Intelligence Surveillance Act court order in USAwhich had instructed Verizon to turn over all such information on adaily basis. (Greenwald 2014, p.27) Other phone companies, includingAT&T and Sprint, also reportedly gave their records to the NSA on aregualr basis. All together, this amounted to billion calls per day.(Stray 2013)

There are arguments that metadata is not revealing, to which thePrinceton Computer science and public affairs Professor EdwardFelton explained:

“Consider the following hypothetical example: A young woman callsher gynaecologist; then immediately calls her mother, then a man whoduring the past few months she had repeatedly spoken to on thetelephone after 11pm, followed by a phone call to a family planningcentre that also offers abortion. A likely storyline emerges thatwould not be as evident by examining the record of a singletelephone call.” (Felten 2013)

So, even without location data, records of who communicated withwhom can be used to discover the structure of groups. Taking theknown "target" (whom the agency deems to be involved in suspiciousactivities) as point of start, analysts can reconstruct the target’ssocial network "two or three hops" out, and examine all friends-of-friends, or even further out the friends-of-friends-of-friends, inthe lookout for new prospective targets. (Stray 2013) This meansthat potentially thousands or millions of people might be examinedwhile investigating one target. Results derived from analysis oftraits of targets can be used to narrow down new targets, whichmight be potentially wrong. Predictions from Big Data can thus leadto surveillance of an otherwise legal citizen.

One point to remember is that NSA is not legally required torefrain from collecting data of all non-US citizens. The protectionof law is guaranteed only to US citizens.

6

However, it is not always possible to determine whether someone is aUS person before looking at their data. For example, it’s notusually possible to tell just from someone’s email address, so NSAmaintains a database of known US email addresses alongside phonenumbers. Internal documents state that analysts need only “51%confidence” that someone is a non-U.S. person before looking attheir data, and if the NSA does not have “specific information”about someone, that person is “presumed to be a non-United Statesperson.” (Stray 2013)

There are some documents as well which shows even contents of somecalls have been recorded. (Gellman 2013) This phone surveillancecombined with Internet surveillance falls under NSA’s BoundlessInformant programme. (Greenwald 2014, p.92)

NSA retains the written content of emails sent between citizenswithin USA and also filters out domestic phone calls made withinternet technology. (Greenwald 2014, p.99-100) Also, according toa 1986 Stored Communications Act of US, any email that is over ahundred and eighty days old is treated to be “abandoned” meaning theauthor of the email can no longer reasonably expect that it wouldremain private. (Doyle 2012)

There is evidence that NSA via PRISM collects data directly fromthe servers of the following USA service providers- Microsoft,Apple, Yahoo, Google, Facebook, Paltalk, You tube, Skype, AOL.(Greenwald 2014, p.21) Government CommunicationsHeadquarters (GCHQ), the British counterpart of NSA uses a similarprogramme called Tempora to collate data. (MacAskill et all 2013)

Thin Thread co relates data from financial transactions, travelrecords, web searches, GPS equipment and any other metrics thatmight contribute to identifying a person. (Rothman 2013)

The NSA analysts using the XKEYSCORE software, can see “nearlyeverything a user does on the Internet” including emails, socialmedia posts, web sites visited, addresses typed into Google Maps,files sent, and more. Currently the NSA can only legally interceptInternet communications with at least one end outside the US, butsince there is no fully reliable automatic way to separate domesticand international communications, US citizens also come under theambit. (Greenwald 2014, p.154-155)

7

Other than direct collection, NSA has collaboration with specialsources operation unit that oversees contracts with telecomcompanies. These companies have access to international systemsthrough agreements with foreign telecoms to build maintain andupgrade their networks. These connections are leveraged to gainaccess to high capacity international fibre optic cables, switchesand/ or routers throughout the world (BLARNEY). (Greenwald 2014,p.102)

They also tap directly into fibre optic lines (including underwatercables) used to transmit international communication, redirectingmessages into NSA repositories when they traverse the US system.(Greenwald 2014, p.101)

Owing to USA’s involvement in developing the internet network, vastmajority of the world’s internet traffic flows through USinfrastructure, hitting various choke points in the US soil.Operation STORMBREW accesses all these communications. (Greenwald2014, p.102)

NSA has installed backdoors and vulnerabilities, and loweredencryption standards in order to fulfil its mission of collect all.The Dutch SIM manufacturing company Gemalto was hacked into byBritish and US spies for stealing the codes that protect the privacyof billions of mobile phone users, giving the agencies virtuallyuncontrolled power to eavesdrop. (Auchard 2015)

Involuntary collection by private agencies

Mobile tracking

MoPub, acquired by Twitter in 2013, which advertises itself as the"world's largest mobile ad exchange" uses Verizon's tag to track andtarget cellphone users for ads, but Verizon says it doesn't sellinformation about the demographics of people who have opted out.(Angwin, Larson 2014)

People using apps on tablets and smart phones present a challengefor companies that want to track behaviour so they can target ads.Unlike on desktop computers, where users tend to connect to sitesusing a single Web browser that can be easily tracked by "cookies,"users on smart phones and tablets use many different apps that donot share information with each other.

8

Previously device IDs were used by ad trackers but that had to bechanged under pressure from privacy critics. Telecoms began racingto find new ways, telecom equipment makers such as Cisco and Juniperbegan offering systems that allow the identifiers to be injectedinto mobile traffic. These identifiers then would enable them toprovide advertisements better by assembling a dossier of a user'sbehaviour. (Angwin, Larson 2014)

Another Verizon service – Precision Market Insights – has becomepopular among ad tracking companies that specialize in buildingprofiles' of user behaviour and creating customized ads for thoseusers. Companies that buy the Verizon service can ask them foradditional information about the people whose unique identifiersthey observe. One can choose to opt out of these, but the procedureis cumbersome and the knowledge not widely spread. (Angwin, Larson2014)

Online tracking on non-mobile devices

We have been traditionally tracked on sites by cookies, which aresmall text files installed in the computers that retains memory ofuser’s activity. Cookies can either be blocked or disallowed whenpermission is asked for installation of third party cookies (i.e.when the site sends information to a third party other than the siteyou are choosing to communicate to)

Another type of tracking, called canvas fingerprinting, functions byrequesting the visitor’s Web browser to draw a hidden image which isdifferent for each computer; the images can be used to assign eachuser’s device a number that uniquely identifies it.

Like other tracking tools, canvas fingerprints are applied tocreating user profiles detailing the websites visited, these thengoverns the type of media or news content and advertising contentthat is targeted to them. Traditional practises of web browsersettings or usage of anti-tracking tools cannot ward off canvasfingerprinting. Researchers have found 5 percent of the top 1million sites use this technology. (Angwin, 2014b)

Device fingerprints operate on the fact that each computer with itsvarying colour, font, display and other small settings is differentwhich makes it unique. Tracking companies are now trying to exploitthese differences in the face of ad blockers and increased user

9

concern over privacy settings of web browser to better track anddeliver content.

Merging offline and online data: Data brokers

The information age is fuelled by data. The flourish of data brokingcompanies like Acxiom bears testament to the fact.

Acxiom has 23,000 computer servers that process more than 50trillion data transactions per year,according to The New YorkTimes.It claims to have records on millions of Americans, an averageof 1,500 pieces of data per consumer.

These data include information gleaned from publicly availablerecord:home valuation and vehicle ownership, information aboutonline behaviour tracked through cookies, browser advertising, andthe like, and data from customer surveys, and “offline” buyingbehavior.

The CEO of Acxiom, Scott Howe, said, “The marriage of online andoffline is the ad targeting of the last 10 years on steroids," at aconference earlier this year. (Aquino 2013)

Companies that match users online and offline identities generallyemphasize that the data is still anonymous because user’s actualnames aren't included in the cookie.

But the data can easily be de- anonymized as can be proved from theexample of public genomic data sets where the identity ofrespondents could be revealed by knowledge of genetic markers andinvestigation on internet .(Rojhan 2013)

Critics worry about the consequences of allowing data brokers toprofile every person who is connected to the Internet. In May, in USthe Federal Trade Commission (FTC) issued a report that found thatdata brokers collected information on sensitive categories such aswhether an individual is pregnant, has a "diabetes interest," isinterested in a "Bible Lifestyle" or is "likely to seek a [credit-card] chargeback."FTC Chairwoman Edith Ramirez said at a pressconference, "Will these classifications mean that some consumerswill only be shown advertisements for subprime loans, while otherswill see ads for credit cards?" or “Will some be routinely shuntedto inferior customer service?" (Angwin 2014a)

10

The FTC has called for Congress to pass legislation requiring databrokers to allow consumers access their information and to opt outof targeted marketing. Presently, data brokers don't offer peopleeither one. (FTC 2014)

2. Understanding privacy

Big Data infringes privacy

The accumulation of personal data has an incremental adverse effecton privacy. A researcher will draw entirely different conclusions

11

from a string of online search queries consisting of the words“honey,” “india” and “nature” as compared to one featuring “honey,”“india” and “rap.” Collate thousands and thousands of searchqueries, and one can immediately sense how the data becomes evermore revealing. Moreover, once data—such as a click stream (avirtual trail left by the user on the internet while surfing) or acookie number—are linked to an identified individual, they becomedifficult to disentangle. This was demonstrated by University ofTexas researchers Arvind Narayanan and Vitaly Shmatikov, who re-associated de- identified Netflix movie recommendations withidentified individuals by crossing a de- identified database withpublicly available resources accessible online. (Tene, Polonetsky2013)

Big data may facilitate predictive analysis with stark implicationsfor individuals susceptible to disease, crime, or other sociallystigmatizing characteristics or behaviors. It can easily cross the“creepiness” threshold to infringe on privacy. (Tene, Polonetsky2013)

Let’s consider the following cases:

In Minneapolis, US a man went into Target and screamed at themanager “My daughter got this in the mail!” he said. “She’s still inhigh school, and you’re sending her coupons for baby clothes andcribs? Are you trying to encourage her to get pregnant?” (Duhigg2012)

The manager had no idea what went wrong, and apologized for themailer sent to the man’s daughter from Target which containedadvertisements for baby clothing and maternity products. It turnedout later that the man’s daughter was due in 6 months which he wasnot aware of. (Duhigg 2012)

Apparently, Target Inc. assigns a “pregnancy prediction score” tocustomers based on their purchasing patterns. According to theTimes, Target hired statisticians to analyze the historical buyingrecords of women who had signed up for baby registries. Theydiscovered latent patterns, such as women’s preference for unscentedlotion around the beginning of their second trimester or a tendencyto buy supplements like calcium, magnesium and zinc within the first20 weeks of a pregnancy. They were able to determine a set of

12

products that, when grouped together, allowed Target to accuratelypredict a customer’s pregnancy and due date. (Duhigg 2012)

In the Robins vs Spokeo Inc. case, Thomas Robin on the grounds of wilfulviolations of the Fair Credit Reporting Act (FCRA) sued Spokeo, acompany that aggregates personal data from various offline andonline sources and merges them in a single database. Robin allegedthat the website contained false information about him which harmedhis employee reputation and violated his statutory rights. Spokeowas fined $800,000 for marketing information to human resourcedepartments without adhering to consumer protection provided by FairCredit Reporting Act. (Lerner 2014)

Robin got properly compensated, but the question remains how doesindividual privacy or rights stand in the face of the collective orBig Data. Automatic profiling and buying/selling consumer datawithout their knowledge or consent is a question that figures big inthis era of data convergence.

Credit card breaches at point of sale vendors or at other outletsaffect huge number of consumers. In 2013, 70 million Targetcustomers, 33 million Adobe users, 4.6 million Snapchat users, andpotentially all 148 million eBay users had their personalinformation exposed by database breaches. (Honorof 2014) Inreflection, a recent FTC report on data brokers warned that"collecting and storing large amounts of data not only increases therisk of a data breach or other unauthorized access but alsoincreases the potential harm that could be caused." (FTC 2014)

These incidents bring out the mass concern that big data infringesprivacy and increases chances of breach of data which is supposed tobe private.

The question of privacy in Networked and non-networked worlds:

But while we cry ourselves hoarse on privacy infringement, we needto address the complicated issue of privacy.

In a non-networked world, one can define privacy as having personalspace, as having separate public and private lives. In public, onegoes by social norms, talks to acquaintances and friends andgenerally tries to live up to an image that would be normallyacceptable to masses.

13

“Public is not just what can be viewed by others, but a fragile setof social conventions about what behaviours are acceptable andappropriate.” (Dash 2014)

When one enters the realm of their house, which is the personalspace, one might find completely different level of sharing ofdetails and traits with close friends or family which is notpractised in the public sphere. If one goes a bit deeper, one wouldreach the notion of an intrinsic privacy where one chooses toexercise certain practises which he might not be comfortable sharingsocially or explore creativity. So privacy has different layers andit is contextual, we choose to share and withhold informationdepending on the people and the environment.

Regarding privacy from the state’s perspective, there is a notionthat if one has nothing to hide, one does not have to be weary ofbeing watched. But this pro-surveillance theory survives on thepresumed notion of guilt, fails to note that even if some things arenot immoral, unethical, offensive or criminal, one might want tokeep it to oneself. (Solove 2008)

Studies have shown that people’s movements and activities changewhen they know they are or can be watched all the time. The threatof surveillance, real or imaginary invades personal space andhinders freedom of expression and creativity. (Amabile et al 1990)

There has been an elaborate history of debate over privacy fromhistorical, legal and social sciences perspective, regarding itsdefinition or how we understand and participate in it. Now placingprivacy in the networked world, it comes with the added burden ofhow we implement it in technological terms. (Boyd 2012)

Our expectations of privacy have changed in this age. We tradeprivacy for increased convenience in terms of customised content orbetter product suggestions.

What we share on online social media is by default public. We haveto make efforts to keep it private. So as we move from non-networkedto a networked world there is a definite inversion of interactionfrom default private to default public. (Boyd 2012)

One of the ways that people deal with the challenges to theirprivacy online is to employ multiple strategies for managing

14

identity and reputation across different networks and transactions.Users bounce back and forth between different levels of disclosuredepending on the context. People choose to engage using wide rangeof identifiers-screen name, actual name, and anonymity. So havingagency over how you share what you share is crucial to privacy.(Boyd 2012)

What makes online privacy so difficult is that one has to employextra privacy settings or controls to limit the sharing which mightnot be always available. So the power to control your owninformation i.e. ownership which in turn relates to privacy is lost.

Moreover the web by virtue of its digital memory and techniques ofdeep search will retain some ephemeral thought or idea one hadrandomly shared. While in a non-networked world it would have beenforgotten with time or confined to a small set of people, it now hasthe potential of having being dug up years later with some majorrepercussions considering new acquaintances or employers. So thedigital memory gets intricately twisted with the questions ofprivacy.

When we use the web and its services for submitting or sharinginformation or maintain accounts on social media platforms, we areoften required to agree to a privacy policy or terms and conditions.It holds for most that they impatiently hit agree to go to the nextpage without fully understanding how the data would be handled, whowould be the owner of the data or how it would be used.

So we do not have the knowledge to control the information flow eventhough we might have the agency to do so.

Then there are the times we do not have any control at all.Technology has outpaced the legal framework. Private corporationsindiscriminately collect, store and analyze our data: Governmentagencies without our consent intercept our mobile and internettraffic. It can be aptly described as what the CEO of SunMicrosystems said way back in 1999- “ you have zero privacy anyway”.(Sprenger 1999)

Alex Pentland, a MIT scientist and author of a new book called "SocialPhysics", says that "The power of big data, is that it is informationabout people's behaviour instead of information about their beliefs.It's about the behaviour of customers, employees and prospects for

15

your new business. (Naughton 2014a) “It’s not just about theFacebook posts, or Google searches, nor it’s the data from internalcompany processes and RFIDs [radio-frequency identifications – ameans of tracking items], this sort of big data comes from thingslike location data from the cell phone or credit card,” it's thelittle data breadcrumbs that you leave behind you as you move aroundin the world." (Naughton 2014a)

"What those breadcrumbs tell," he continues, "is the story of yourlife. It tells what you've chosen to do. That's very different fromwhat you put on Facebook. What you put on Facebook is what you wouldlike to tell people, edited according to the standards of the day.Who you actually are is determined by where you spend time, andwhich things you buy. Big data is increasingly about real behaviour,and by analysing this sort of data, scientists can tell an enormousamount about you. “(Naughton 2014a)

In an earnest attempt to get privacy one might choose to goanonymous hoping that as long as the origin of the data remainsprivate, even if the data is public the privacy is retained. But inthe world of big data, there is no such thing as anonymous data.There are methods to easily de anonymize data.

In order to keep our dealings private, one also tends to opt forencryption, i.e. secure channels of communication to keep dataprivate. Security of communication channels is tantamount toprivacy. So for individual privacy to be preserved one must have theagency and the knowledge to control the information flow in anenvironment.

But individual privacy is not the only concern here. The networkedera brings with it the notion of networked data. (Boyd 2012)

As the media critic Mark Andrejevic points out to Pew ResearchCentre, many people today treat email as though it's equivalent to aprivate face-to-face conversation. It is not. Who owns theinformation that transpires in an email thread? There is no clue asto who owns the aggregate data. (LaFrance 2014)

Sense of ownership or property is intricately linked with privacy.But in a networked environment, the terms of ownership is notproperly delineated.

16

If we extend this further, let’s think of us donating DNA samples toa public human genome project. In the process of contribution, oneis not only giving away information about oneself, but all hisprevious and future generations. All these data just lies to bestored, analyzed and concluded from.

Violation of intrinsic privacy

In an age which sees privacy invasion as business model andcollective data as the way forward, "We will continue to act as ifwe have what we once called ‘privacy,’" Andrejevic told Pew, "but wewill know, on some level, that much of what we do is recorded,captured, and retrievable, and even further, that this informationwill provide comprehensive clues about aspects of our lives that weimagined to be somehow exempt from data collection." (LaFrance 2014)

What we surf and what we store online is intimate, we might checkfor medical problems we are uncomfortable talking about or writedown thoughts which we feel are too embarrassing to be shared. Youronline activity is like your private locker in a personal closedused to store most intimate parts of you. Revealing such sensitiveinformation has wide range of consequences, embarrassment andinsecurity being a few of those.

The Apple boss, Tim Cook proclaims that “history has shown us thatsacrificing our right to privacy can have dire consequences. Westill live in a world where all people are not treated equally. Toomany people do not feel free to practice their religion or expresstheir opinion or love who they choose.” (Cook 2015)

Shi Tao, a Chinese journalist was arrested in 2004 and sentenced toprison the following year on charges of disclosing state secrets. Hehad sent details of a government memo about restrictions on newscoverage of the Tiananmen Square massacre anniversary to a humanrights forum in the United States. Yahoo had disclosed the detailsunder state demand. (Kahn 2005)

With the potential of all data being snooped or analysed human rightactivists, peace activists also remain at danger from atrociousgovernments.

Big Data, which is after all a tool at the hand of humans, suffersfrom the flaw of encroaching privacy but what makes this flaw fatalis how the decisions derived from it can prove to be fatal.Profiling based on big data affects individual credit score,

17

insurance eligibility, discriminatory pricing based onclassification.

Predictive analysis is particularly problematic when based onsensitive categories of data, such as health, race, or sexuality.Recommending books, music or movies for purchase based on previousbrowsing or purchase patterns is one thing, but identifying her aspregnant even before her closest family knows is clearly takinganalytics a step too far. (Tene, Polonetsky 2013)

From the law enforcement perspective, predictive analysis raises therisks of surveillance or even incriminating individuals based onpatterns and click streams rather than the action. This type ofactivity, while clearly unconstitutional is none-the-less possibleas countries come to rely heavily on preventive technology to fightnational security challenges.

Even with non-sensitive data categories, predictive analysis mayhave a stifling effect on individuals and society, perpetuating oldprejudices. The wealthy and well- educated will get the fast track;the poor and underprivileged will have the deck stacked against themeven more so than before. By ignoring outliers and assuming that“what has been is what will be, predictive analysis becomes a self-fulfilling prophecy that accentuates social stratification. (Tene,Polonetsky 2013)

Privacy which is of basic interest or is a fundamental right crucialfor freedom of expression, free choices, free speech might becomeextinct or a luxury good in the future.

18

3. Does law ensure privacy?

While we are bombarded with information on how our communicationsare being intercepted and activities being tracked by government andprivate entities, it might certainly arise in one’s mind isn’t therea law to safeguard us?

There are a few, but the legal framework protecting our privacy isas muddled as the notion of privacy itself. The discussion aroundprivacy has a long history of contestation; technological progresshas simply added a newer dimension to it.

The recognition of a general right to privacy requiring legalprotection is a relatively modern phenomenon. The origin of themodern legal academic discussion on the topic is generallyacknowledged to be Samuel Warren and Louis Brandeis’s article, ‘TheRight to Privacy’ published in the Harvard Law Review in 1890 whichintroduced the concept of “right to be left alone”. (Warren,Brandeis 1890)

In the United States, under the fourth amendment of theconstitution, individual as well as location privacy is guaranteed.The “right to privacy” is never used in the constitution, butimplications generating from it and its and invasions areinterpreted in many lights. While right to be let alone isunderstood clear enough, the more recent notion of control overone’s information is still unstructured and evolving. (DeVries 2003)

The privacy torts are not readily applicable to misuse of personalinformation unless the information was taken from the victimdirectly or from some other private source, such as the victim'sbank account. Thus protection of one’s information from marketers ordata brokers is not governed. The Privacy Act of 1974 which extendsto only social security numbers and welfare benefit data are alsolimited by exceptions for “routine use” and Freedom of InformationAct. (DeVries 2003) Similarly, the electronic Communications PrivacyAct of 1986 introduced before the age of world-wide web, socialmedia and cloud stored data are outdated to be of much practicaluse. (Doyle 2012) As an added disadvantage, the US PATRIOT actpassed to protect national security made snooping on digitalcommunications facile. (DeVries 2003)

Sweden has one of the oldest data privacy laws, introduced as a DataProtection Act in 1973 and constituted what we now recognize asbasic principles of data protection. (Greenleaf 2012)

19

In fact, most other European countries have data privacy laws,article 8 of the European Convention on Human Rights guarantees theright to respect for private and family life, one's home andcorrespondence. (Wagner 2013)  

Only 9 Asian countries have data privacy laws, but Graham Greenleafin his book Asian Data Privacy Laws: trade and Human Rightsperspective, reflects "In Asia, data privacy laws, or in some casestheir enforcement, have not yet caught up with surveillancetechnologies and practices, but they are necessary, even though (aseverywhere) they need to be supplemented with other modes ofregulation. There are grounds for optimism, but not overconfidence,that in future they will restore a better balance between the humanright of privacy and other interests." (Greenleaf 2014)

India, as of now has no dedicated privacy and data protection laws.A right to privacy bill has been suggested in the year 2011, andredrafted in 2014; a study of the leaked copy of the bill shows theright extends to all residents of India, and there are substantialpenalties for offences but it has sought exemption for intelligenceagencies. Once the law comes into being, the government or a privateagency will have to adequately inform citizens before collectingdata, stating the reasons and only collecting as much information asis necessary. It will also have to clearly define the time periodfor which the data will be stored and the security measures taken toprotect it from misuse. It has not been debated n the Parliamentyet.(Hickok 2014)

According to Mr. Sudhir G. Vombatkere, Major General (Retired),Indian Army,

“The advances in technologies to acquire data and store and processdata are fast out-stripping the legal imaginations even of anOrwellian world.” (see Appendix)

Legal framework globally is still underdeveloped to guaranteeprivacy in the age where information flow is uncontrolled. Moreover,cross border flow of information, or data stored in foreign serverscannot be covered under individual country laws and a globalconsensus needs to be arrived at.

20

4. What can the media do?

Presently, what is required is an extensive discourse that can ariseout of sustained research and public pressure and media isobviously, pivotal in raising public awareness and creating a publicdiscourse and stimulate a public opinion.

Privacy is often seen to be at odds with the advertising industrywhich tracks user data to deliver targeted advertisements. Mediawhich often runs on advertisements need to put ethics as a toppriority before anything else.

Media also needs to be fearless while coverage of issues relating toprivacy invasion, as The Guardian has shown in case of NSAdisclosures.

In fact it was Glenn Greenwald, a journalist who unveiled the storyof Edward Snowden’s disclosure of US government’s mass surveillance.

21

One might argue that Greenwald is a freelance journalist free ofinstitutional trappings and could afford to do so, but it is also tobe remembered he got the backing of an acclaimed institution becausethe information was right and required public disclosure.

Post Snowden there has been a spate of articles in the media, mostlyfrom The New York Times or The Guardian or Pro Publica dealing withsurveillance and Big Data’s impact on privacy. But the debatesurrounding it is mostly relegated to university research and paperson law.

The critical conversations need to be brought out in the publicdomain, out of the regulatory and research domains. Journalists inthis regard can be helpful mediators between the academics and mass.People need to get out of their silos and engage. (Boyd, 2012)

In India, there is a woeful lack of coverage of these issues at acritical level, and ends up to be mostly a rehashing of US mediaconversations. Papers dating back to the 90’s by A G Noorani inEconomic and Political Weekly are some initial attempts to discussprivacy, but those are insufficient in today’s world.

One might argue that in a country which has a computer literacy ofless than 7% (Manzar 2012), with most citizens devoid of broadbandconnections, what’s the need to discuss privacy.

One must not forget that India has one of the most rapidly growingsmartphone populations, projected to become 200 million by 2016(eMarketer 2014); web communication and browsing are increasinglyconducted on smart phones. Internet proliferation is thus set toincrease. Moreover Indians are to be compulsorily required to useAadhar and according to a recent announcement, they will also beasked to store all information centrally on Aadhar linkedDigiLocker.

India is also architecting a number of initiatives that seek toenable the collection and sharing of intelligence such as theCentral Monitoring System (CMS), National Intelligence Grid NATGRID,and Netra. (Nevagi et al 2013)

In light of such developments, and the insufficient laws surroundingdata privacy it is crucial to carry out conversations on privacy inthe media.

22

5. Finding the balance

 Technologies surrounding big data are in a nascent stage, and itsimplications and consequences are still not fully understood.

Expectations surrounding big data swing two extremes: hopeful utopiaand absolute fearful dystopia . (Boyd 2012)

Extrapolating from abstract fears or euphoria surrounding big data,one can either say that it is futile to worry about privacy in theage of digital sovereignty or could go into a hyper private mode

But surely, it is not the way to live. It is clear that privacy isvital to people, as evidenced by the excitement a change in privacypolicy of Facebook generates or the spate of inventions that isgoing on to ensure privacy.

The majority of adults in a new survey by the Pew Research Centrefeel that their privacy is being challenged along such coredimensions as the security of their personal information and theirability to retain confidentiality. (Madden 2014)

One solution, espoused by some programmers, is to make the Internetde- centralized. Jacob Cook, a twenty-three-year-old student, is thebrains behind ArkOS, a lightweight version of the free Linuxoperating system which is designed so that average users can createpersonal clouds to store data that they can access anywhere, withoutrelying on a distant data center owned by Dropbox or Amazon.(Kopstein 2013)

Most of the inventions attempt to give people power over controllingtheir information in form of encrypting communications, usingadditional third party blockers while browsing to prevent tracking,encrypting hard drives of phones and computers . Underpinning allthese inventions is that if engineering ingenuity succeeds inmaking mass surveillance much more difficult (and expensive), thenthe spooks will have to become more focused – and refrain fromcollect it all attitude.

But politics often trumps technology, as is shown by history.

There was a time when we believed that Pretty Good Privacy (softwarefor encryption of emails) gave us immunity from surveillance. Thenthe Regulation of Investigatory Powers Act (2000) came, which gave

23

the home secretary the power to demand that you handed over yourencryption keys or face two years in jail. And all of a sudden,technology didn't look so omnipotent. (Naughton 2014b) As digitalinventions continue transforming the society, there is morehappening in the domain of privacy than a fight over encryption.

There are fights going on not only over data collection but on theownership and usage of data. Till now, for most data-brokers, theopt-out process is laborious. But to actually opt-out effectively,one needs to know about all the different data brokers and where tofind their opt-outs. Most consumers, of course, don't have thatinformation. And even then, there is no legal guarantee that thedata has been deleted, laws governing data brokers and data privacyis non-existent.

So laws regarding data collection and data usage needs to evolve.

Privacy rights are recognised by the constitutions of over 80countries and numerous international instruments including theUniversal Declaration of Human Rights (A 12) and the InternationalCovenant on Civil and Political Rights – ICCPR (A 17). Further,global treaties such as the ICCPR already deal with the human rightto free speech and its applicability and enforcement in a globalcontext for example, through the recognition of permissiblederogations. These could form the basis of any such protection forhuman rights in the con- text of the internet. (Taylor 2014)

There needs to be a general awareness as well, in fact in a 2012privacy report, the FTC suggested that data brokers should create acentralized website that would make it easier for consumers to learnabout the existence of these companies and their rights regardingthe data they collect.(FTC 2012)

President Barrack Obama has also proposed a Consumer Privacy Bill ofRights that would give consumers the right to access and correctcertain information about them. (Robertson 2015)

Laws keeping only the technological aspects in mind would however beineffective.

In the tech world, there is a bad tendency to view the concept of"private" as a single bit that is either 0 or 1.Privacy is notsimply about the state of an inanimate object or set of bytes; it is

24

about the sense of vulnerability that an individual experiences.(Boyd 2006) Whenever people feel exposed or invaded, there's aprivacy issue. The feeling of one’s privacy being secure thus needsto be given back, balancing well the need for national security andprivacy.

Any suggestion wishing to trump privacy with security issues need tobe dealt with caution.

In the way forward, there is a definite need for new regulationswith the discussions surrounding it moving out from the domain ofintellectuals and academics into the public with dialogues focusedtowards striking the balance between security concern and privacyconcern, regulation of data usage rather than data collection.

Technologically there should be a dedicated approach toanonymization of data, innovation to preserve privacy of networkedinformation.

Big data techniques which use algorithms for predictive decisionmaking are not human and do not possess the discretion or judgementof a human. So such algorithmic predictions might have faultycorrelations or be potentially embarrassing or harmful.

There needs to be a human intervention in the process of deliveringthe interpretations gleaned from big data.

6. Bibliography

1. Amabile, T., Goldfarb, P. and Brackfleld, S. (1990). Social

influences on creativity: Evaluation, coaction, and

surveillance. Creativity Research Journal, 3(1), pp.6-21.

25

2. Angwin, J. (2014). The 'Fingerprinting' Tracking Tool That's Virtually

Impossible to Block. [online] Mashable. Available at:

http://mashable.com/2014/07/21/impossible-block-tracking-tool/

[Accessed 12 Mar. 2015].

3. Angwin, J. (2014). Why Online Tracking Is Getting Creepier. Pro

Publica. [online] Available at:

http://www.propublica.org/article/why-online-tracking-is-

getting-creepier [Accessed 12 Mar. 2015].

4. Angwin, J. and Larson, J. (2014). Somebody’s Already Using

Verizon’s ID to Track Users. Pro Publica. [online] Available at:

http://www.propublica.org/article/somebodys-already-using-

verizons-id-to-track-users [Accessed 12 Mar. 2015].

5. Anil, D. (2014). What Is Public? [online] Medium. Available at:

https://medium.com/message/what-is-public-f33b16d780f9

[Accessed 12 Mar. 2015].

6. Aquino, J. (2013). Acxiom Prepares New 'Audience Operating System' Amid

Wobbly Earnings. [online] AdExchanger: News and Views on Data-

Driven Digital Advertising. Available at:

http://adexchanger.com/analytics/acxiom-prepares-new-audience-

operating-system-amid-wobbly-earnings/ [Accessed 12 Mar.

2015].

7. BerkeleyISchool, (2012). danah boyd: Privacy Challenges for Big Data

(DataEDGE Conference 2012). [video] Available at:

https://www.youtube.com/watch?v=aOIUYWW4uv8 [Accessed 12 Mar.

2015].

8. Birnhack, M. (2013). S-M-L-XL Data: Big Data as a New

Informational Privacy Paradigm. SSRN Journal.

9. boyd, d. (2006). Facebook's "Privacy Trainwreck": Exposure,

Invasion, and Drama. [Blog] http://www.zephoria.org/thoughts/.

Available at:

26

http://www.danah.org/papers/FacebookAndPrivacy.html [Accessed 12

Mar. 2015].

10. CISCO, (2011). Global Internet Traffic Projected to Quadruple by 2015.

11. Cole, D. (2013). The NSA on Trial. The New York Review of Books.

[online] Available at:

http://www.nybooks.com/blogs/nyrblog/2013/dec/18/nsa-spying-

leon-ruling/ [Accessed 12 Mar. 2015].

12. Cook, T. (2015). Tim Cook: 'Sacrificing our right to privacy can have dire

consequences' – video. [video] Available at:

http://www.theguardian.com/technology/video/2015/feb/13/tim-

cook-white-house-summit-video [Accessed 12 Mar. 2015].

13. DeVries, W. (2003). Protecting Privacy in the Digital Age.

Berkeley Technology Law Journal, [online] 18(1). Available at:

http://scholarship.law.berkeley.edu/cgi/viewcontent.cgi?

article=1407&context=btlj.

14. Doyle, C. (2012). Privacy: An Overview of the Electronic Communications Privacy

Act. [online] Congressional Research Service, pp.35-45. Available

at: http://fas.org/sgp/crs/misc/R41733.pdf [Accessed 12 Mar.

2015].

15.Duhigg, C. (2012). How Companies Learn Your Secrets. The New York

Times Magazine. [online] Available at:

http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?

_r=0 [Accessed 12 Mar. 2015].

16. Emarketer, (2014). 2 Billion Consumers Worldwide to Get Smart(phones) by 2016

[online] Available at: http://www.emarketer.com/Article/2-

Billion-Consumers-Worldwide-Smartphones-by-2016/1011694

[Accessed 12 Mar. 2015].

27

17. Eric, A. (2015). Hack gave U.S. and British spies access to

billions of phones: Intercept. Reuters. [online] Available at:

http://www.reuters.com/article/2015/02/20/us-gemalto-cybercrime-

idUSKBN0LO0K720150220 [Accessed 12 Mar. 2015].

18. Federal Trade Commission, (2014). Data Brokers: A Call for Transparency

and Accountability. Federal Trade Commission.

19. FEDERAL TRADE COMMISSION, (2012). protecting consumer privacy in an era of

rapid change. FEDERAL TRADE COMMISSION.

20.Felten, E. (2015). DECLARATION OF PROFESSOR EDWARD W. FELTEN. [PDF]

ACLU, Natsec. New York.

21. Gellman, B. (2013). U.S. surveillance architecture includes

collection of revealing Internet, phone metadata. The Washington

Post. [online] Available at:

http://www.washingtonpost.com/investigations/us-surveillance-

architecture-includes-collection-of-revealing-internet-phone-

metadata/2013/06/15/e9bf004a-d511-11e2-b05f-

3ea3f0e7bb5a_story.html [Accessed 12 Mar. 2015].

22. Greenleaf, G. (2012). Global Data Privacy Laws: 89 Countries, and

Accelerating. [online] Papers.ssrn.com. Available at:

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2000034

[Accessed 12 Mar. 2015].

23. Greenleaf, G. (2014). Asian data privacy laws.

24. Greenwald, G. (2014). No place to hide. pp.13,21,27,99-102,154-155.

25. Halpern, S. (2013). Are we puppets in a wired world?. New York

Review of Books. [online] Available at:

http:///http://www.nybooks.com/articles/archives/2013/nov/07/are

-we-puppets-wired-world/ [Accessed 12 Mar. 2015].

28

26. Hickok, E. (2014). Leaked Privacy Bill: 2014 vs. 2011. [online] CIS

India. Available at:

http://cis-india.org/internet-governance/blog/leaked-privacy-

bill-2014-v-2011 [Accessed 12 Mar. 2015].

27. Honorof, M. (2014). Half of US Adults Hit by Data Breaches in Past Year.

[online] Tom's Guide. Available at:

http://www.tomsguide.com/us/data-breaches-exposed-

information,news-18862.html [Accessed 12 Mar. 2015].

28. Kahn, J. (2005). Yahoo helped Chinese to prosecute journalist.

The New York Times. [online] Available at:

http://www.nytimes.com/2005/09/07/business/worldbusiness/07iht-

yahoo.html [Accessed 12 Mar. 2015].

29. Kopstein, J. (2013). The Mission to Decentralize the Internet.

The New Yorker. [online] Available at:

http://www.newyorker.com/tech/elements/the-mission-to-

decentralize-the-internet [Accessed 12 Mar. 2015].

30. LaFrance, A. (2014). By 2025, the Definition of 'Privacy' Will Have Changed.

[online] The Atlantic. Available at:

http://www.theatlantic.com/technology/archive/2014/12/by-2025-

the-definition-of-privacy-will-have-changed/383869/ [Accessed 12

Mar. 2015].

31. Lerner, K. (2014). Spokeo Asks High Court To Consider Standing In FCRA Suit -

Law360. [online] Law360.com. Available at:

http://www.law360.com/articles/536492/spokeo-asks-high-court-to-

consider-standing-in-fcra-suit [Accessed 12 Mar. 2015].

32. Lois, B. (2014). Everything We Know About What Data Brokers Know

About You. Pro Publica. [online] Available at:

http://www.propublica.org/article/everything-we-know-about-what-

29

data-brokers-know-about-you [Accessed 12 Mar. 2015].

33.Lusky, L. (1972). Invasion of Privacy: A Clarification of

Concepts. Political Science Quarterly, 87(2), p.192.

34. MacAskill, E. (2013). Edward Snowden, NSA files source: 'If they

want to get you, in time they will'. The Guardian, [online]

pp.http://www.theguardian.com/world/2013/jun/09/nsa-

whistleblower-edward-snowden-why. Available at:

http://www.theguardian.com/world/2013/jun/09/nsa-whistleblower-

edward-snowden-why [Accessed 12 Mar. 2015].

35. MacAskill, E., Borger, J., Hopkins, N., Davies, N. and Ball, J.

(2013). GCHQ taps fibre-optic cables for secret access to

world's communications. The Guardian. [online] Available at:

http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-

world-communications-nsa [Accessed 12 Mar. 2015].

36. Madden, M. (2014). Public Perceptions of Privacy and Security in the Post-

Snowden Era. [online] Pew Research Center's Internet & American

Life Project. Available at:

http://www.pewinternet.org/2014/11/12/public-privacy-

perceptions/ [Accessed 12 Mar. 2015].

37. Manzar, O. (2015). Recipe for 100% digital literacy before 2021. [online]

http://www.livemint.com/. Available at:

http://www.livemint.com/Industry/XmQNrsrg8zWfOFKHuMDtfJ/Recipe-

for-100-digital-literacy-before-2021.html [Accessed 12 Mar.

2015].

38. Merrick, A. (2014). A Death in the Database. The New Yorker.

[online] Available at:

http://www.newyorker.com/business/currency/a-death-in-the-

database [Accessed 12 Mar. 2015].

30

39. Naughton, J. (2014a). We're all being mined for data – but who

are the real winners?. The Guardian. [online] Available at:

http://www.theguardian.com/technology/2014/jun/08/big-data-

mined-real-winners-nsa-gchq-surveillance [Accessed 12 Mar.

2015].

40. Naughton, J. (2014b). Can Google really keep spies out of our

email?. The Guardian. [online] Available at:

http://www.theguardian.com/technology/2014/jun/08/google-gmail-

pgp-encryption-cant-stop-nsa-gchq-new-law-needed [Accessed 12

Mar. 2015].

41. Nevagi, A. (2013). Surveillance in India and its Legalities. [online]

Legalindia.in. Available at:

http://www.legalindia.in/surveillance-in-india-and-its-

legalities/ [Accessed 12 Mar. 2015].

42. Noorani, A. (1990). Press Freedom and Right to Privacy. Economic

and Political Weekly.

43. Noorani, A. (1997). Cyberspace and Citizen's Rights. Economic and

Political Weekly.

44. Robertson, A. (2015). White House releases draft of consumer privacy bill.

[online] The Verge. Available at:

http://www.theverge.com/2015/2/27/8123057/white-house-obama-

consumer-privacy-bill-draft [Accessed 12 Mar. 2015].

45. Rojahn, S. (2013). Study Highlights the Risk of Handing Over

Your Genome. MIT Technology Review. [online] Available at:

http://www.technologyreview.com/news/509901/study-highlights-

the-risk-of-handing-over-your-genome/ [Accessed 12 Mar. 2015].

46. Rothman, J. (2013). Takes: The N.S.A.’s Surveillance Programs.

The New Yorker. [online] Available at:

31

http://www.newyorker.com/books/double-take/takes-the-n-s-a-s-

surveillance-programs [Accessed 12 Mar. 2015].

47. Rothman, J. (2014). Virginia Woolf’s Idea of Privacy. The New

Yorker. [online] Available at:

http://www.newyorker.com/books/joshua-rothman/virginia-woolfs-

idea-of-privacy [Accessed 12 Mar. 2015].

48. Schubert, D. (2008). Monetizing Web 2.0.. Hamburg [Germany]:

Diplomica Verlag, p.17.

49. Solove, D. (2007). 'I've Got Nothing to Hide' and Other Misunderstandings of

Privacy. [online] Ssrn.com. Available at:

http://ssrn.com/abstract=998565 [Accessed 12 Mar. 2015].

50. Solove, D. (2008). The End of Privacy?. Sci Am, 299(3), pp.100-

106.

51. Sprenger, P. (1999). Sun on Privacy: 'Get Over It'. [online] WIRED.

Available at:

http://archive.wired.com/politics/law/news/1999/01/17538

[Accessed 12 Mar. 2015].

52. Stallman, R. (2013). What we need to learn from Snowden.

Postscript.

53. Stray, J. (2013). FAQ: What You Need to Know About the NSA’s

Surveillance Programs. Pro Publica. [online] Available at:

http://www.propublica.org/article/nsa-data-collection-faq

[Accessed 12 Mar. 2015].

54. Taylor, E. (2014). Evolving a New Internet Governance Paradigm. [online]

DomainNewsAfrica. Available at:

http://domainnewsafrica.com/evolving-a-new-internet-governance-

paradigm/ [Accessed 12 Mar. 2015].

32

55. Tene, O. and Polonetsky, J. (2013). "Big Data for All: Privacy and User

Control in the Age of Analytics" by Omer Tene and Jules Polonetsky. [online]

Scholarlycommons.law.northwestern.edu. Available at:

http://scholarlycommons.law.northwestern.edu/njtip/vol11/iss5/1

[Accessed 12 Mar. 2015].

56. Thompson, N. (2011). Bigger Brother: The Exponential Law of

Privacy Loss. The New Yorker. [online] Available at:

http://www.newyorker.com/culture/culture-desk/bigger-brother-

the-exponential-law-of-privacy-loss [Accessed 12 Mar. 2015].

57. Wagner, A. (2015). Article 8 | Right to private and family life.

[Blog] UK Human Rights Blog.

58. Warren, S. and Brandeis, L. (1890). The Right to Privacy. Harvard

Law Review, [online] 4(5). Available at:

http://www.jstor.org/stable/1321160?origin=JSTOR-

pdf&seq=1#page_scan_tab_contents.

33

7. Appedix

Email Interview with Sudhir G. Vombatkere, Major General (Retired),

Indian Army.

1. What does the term privacy mean to you? For me, privacy emphasizes the

fundamental right to not associate with others, since this is

implicit within the fundamental right of association according

to Article 19(c) of the Constitution.

2. What do you feel about the future of information privacy and privacy as a whole,

especially in India? Privacy of information is a fundamental right as

explained above. Permission of an biological person (as distinct

from a corporate person) for an agency to acquire/extract,

collate, store or transmit his/her biometrics and other socio-

economic or demographic information is valid only insofar as the

permission or consent is informed. In India, with low literacy

(and noting that mere literacy does not include understanding of

the more complicated issues of privacy), permission/consent will

be generally uninformed, and hence socially cannot be justified.

Only if a duly enacted law exists to acquire/extract, collate,

34

store or transmit individuals' biometrics and other socio-

economic or demographic information, and a separate law to

ensure bio-privacy enacted, would this be valid. Further, there

need to be legal safeguards in place against government or other

agencies using collated data for commercial purposes and/or mass

surveillance.

3. What are the newer avenues coming up for collecting data from individuals? How do

you think our laws should evolve to protect privacy? The advances in

technologies to acquire data and store and process data are fast

out-stripping the legal imaginations even of an Orwellian world.

Laws to protect privacy will necessarily lag behind the

technologies and the intentions of persons and agencies which

will benefit from possession of privacy data and mass

demographic data.

4. Do you think privacy is crucial for freedom of expression and democracy to survive?

How can we balance privacy and state security in light of surveillance?Yes,

privacy is crucial for freedom of expression and freedom of

association to survive. The existence and the survival of these

freedoms are among the essentials of democracy. Indeed, the

Preamble guarantees every citizen liberty of thought,

expression, belief, faith and worship, and all of these are at

the core of privacy. Regarding “balancing” privacy and state

security, there is a false perception of “attack on society”,

mostly created by agencies which have a stake in control of

people and populations. This is typical of a male-dominated

society, in which there is a section of the population (male,

socio-economically high) which “protects” society and another

35

(exclusive) section (female, child, old) that needs to be

protected. The dangers of mass surveillance by states (including

corporates) will persist so long as present male-dominance in

all societies on the globe persists, to perpetuate conflict and

war.