Khushi Jaiswal [1]

Abstract

This article portrays how the internet has taken control over everyone’s lives and how it is playing with the subconscious mind without anyone getting a hint. The internet has a wide surveillance system to spy on us. Even the government has a system to know about the citizens, which in a way is breaching the privacy of citizens. To prove this, the Aadhaar Card information leak that happened in the year 2018 has been dealt with. This article later talks about how, during COVID-19, privacy concerns and data breaches have increased and how the government has taken advantage of COVID-19 for its welfare. Since privacy laws have not been enacted till now, this article analyses the existing laws of data protection and the right to privacy to find an alternate and applicable solution for privacy breach.

Introduction

For the past decade, the internet has been an integral part of our lives. We have different platforms that keep us busy all day round. The services for which we used to struggle are now within our reach. With just a tap, we can access social media, payment services, communication services, commercial sites, search engines, and many more. Humans have become reluctant to interact with each other in a gathering or an event. We care about the notification of a number of likes and comments on our post or those 15 seconds reels on Instagram, not realising the big game behind those screens. It is like we have teleported ourselves to a virtual world. We cannot imagine our lives without the internet at this point.

But do we realize that our whole life is under surveillance? No, right? We think we are using the internet; we are searching for shows and talking to someone personally, but it is what we believe and not what is actually happens. It is vice-versa. The Internet is using us. “If you don’t pay for the product, then you are the product”.[1] These apps play with your psychology. They have made you work and behave according to them.

Social Media- Friend or a Foe?

Have you ever noticed a section on social media and online shows or platforms that recommend various services specifically for you? This section displays different shows, videos, and posts on your feed based on what you have seen earlier. They know all of your preferences and choices. We do not realize that we are under their surveillance system. By monitoring us and tracking our activities online, they know how to sustain commercial growth. We see videos and posts of random people whom we do not even know. We spend a huge amount of time scrolling through our feed or watching shows. We have reached the era where even if we want to resist internet usage, we cannot because we have found that comfort around it and most of the work in our lives require internet and now, companies have found this weakness of people and are playing with their subconscious mind.

Let us take the example of Instagram. It had come to engage us even when we decided to ignore it. As rightly said in The Social Dilemma (the Netflix movie) - “social media isn’t a tool that’s just waiting to be used. It has its own goals and has its own means of pursuing them.” A notification has been sent that there is a message from XYZ. It is all on purpose to grab attention. These apps already have a message column to check. Once the app has been opened, there is no going back as stories and feeds have overpowered you. In a blink, 30 minutes have been wasted doing this. The internet is aware of an individual’s choices because of their 24/7 spy. All individuals are attached to Instagram because of their strong surveillance system.

Government’s Cyber Espionage

The Indian government has its own mass surveillance system that poses a threat to the security and privacy of the people. One of their central mass surveillance system was DRDO Netra to detect words like bomb, kill, attack from messages and emails. Another was the LIM system used to detect calls, voice records, calling history and others. Easy access to users’ data suggests that privacy safeguards remain inadequate for mass surveillance. In 2018, around 200 official government websites made personal Aadhaar data public. The problem reached such a level that the confidential information stored on government databases could easily be accessed just by searching it on the web. The repercussion of this leak affected the citizens the most as their information was accessible to the general public. The government’s negligence and carelessness led to severe consequences. How will the law work if the lawmakers are the ones at fault?

Covid-19 as a Catalyst to Cyber Spying

The Coronavirus pandemic locked more than half of the population in their homes. With nothing to do, people occupied themselves on internet platforms. Social media apps like Instagram, Facebook, and WhatsApp have gained ample importance in this situation. All entertainment is now online as one cannot go to theatres and clubs for fun; Netflix, Amazon, Hotstar, Youtube are the mediums that are used. Working from home has become the new normal for those who used to go to work. All conferences and meetings are now held on Zoom, Teams, and other video calling apps. Schools and colleges have changed their mode of teaching to the online medium. Teachers and students are using Google classrooms and WhatsApp groups. All the shopping streets were transformed into online shopping through Amazon, Flipkart, Snapdeal, and whatnot. With increased usage, there is an increased concern about a breach of privacy and cyber-attacks.

Not even once did anyone of us realize how much personal data we are providing to the internet. All the data has been stored. From card details, address, mobile number to email address, login credentials, messages, much more. Though we did not have any option left other than using the internet, we have become victims of the crimes. A lot of frauds happened in these past few months where the privacy of people was breached.

Incognito- not a private space

We are living in an illusion created by the internet. A few months back, Google was sued for $5bn in the US for tracking people illegally even when they are browsing in incognito mode. Most of us browse in the incognito tab thinking it to be a private space where no one would know what we are searching for. We are being spied on in incognito mode as even though history has not been recorded on the browser, this mode tracks down whatever we search and whatever websites we visit. A Google spokesman, Jose Castaneda, said that they had already mentioned that “Each time you open a new incognito tab, the website might be able to collect information about your browsing history.” Till now, many of us did not even know that this happens; we are unaware but concerned at the same time. After knowing that your personal data is collected and stored in the private mode also, would you still go for the incognito mode to have a private browsing session that is actually not private?

Zoom’s privacy breaching

We all know that Zoom has been one of the most helpful and useful application during the pandemic. Moreover, bureaucratic operations of the government and international relations were maintained through this platform. However, Zoom has a lot of privacy issues, with data security topping the list. In March, calls hijacking and Zoom bombing were detected. Random people and hackers were able to log into any meeting. Zoom’s security and privacy implementation were not possible. There is no end-to-end encryption. There were so many security flaws like bugs that can hack cams and microphones in the meetings. Hackers were also able to get hold of the credentials, IDs, and passwords used for zoom meetings. This shows how unsafe the Zoom platform can be as there are no user’s privacy concerns. Later, zoom changed its privacy policy. It included end-to-end encryption, waiting rooms, security postures like password-protected meetings. Most of all, it advised users to take precautions to stay safe even after their new policy.

Privacy concern with Aarogya Setu

During the pandemic, the government made an application to trace the people affected by coronavirus around oneself, called Aarogya Setu. This application requires a set of personal information like name, sex, phone number, travel history, and location. All this information is stored in government databases. Just by switching on your phone’s Bluetooth and GPS log, you will know if you have crossed paths with a covid-19 positive patient. The main problem is that even though the application policy tells you for how long and where your personal information is stored, it does not tell you who can access this information. This is where privacy concerns arise. Contact tracing, surveillance, and technological tools that are viewed as solutions for the ongoing pandemic are actually the possibility and danger of breach of privacy. There are technical loopholes in this application. For instance, it provides us with a unique number that is very easy to hack, and this poses a major problem. We know that the government’s carelessness with the Aadhaar information led to severe repercussions for the citizens. Being aware of this, providing sensitive personal data that will be saved in the government’s server when the accuracy and reliability of the application are not known is not a good step to take. Although the application is made for a good cause, it is still breaching your privacy; anyone around could see if you are a positive patient or not. There are no proper guidelines for enforcement or penalty. How would they expect to meet the standards by keeping our information at risk?

Solutions Through Law

Currently, India cannot compete with the European Union and the United States when it comes to data privacy. They have a strong system to protect the privacy and data of their citizens like GDPR (General Data Protection Regulation), which is European legislation since 2018 to govern the usage of personal data, whereas in India, till now, there are no laws specifically pertaining to data protection. The Indian government, even after getting into several debates, is still not taking any action to make a law on data protection. As of now, the only remedies we can get is through the fundamental right of right to privacy under Article 21 of the constitution and Section 43A, 72 and 72A of the Information Technology Act, 2000. Personal Data Protection Bill, 2019 can just be understood and not applied as it has not become an Act yet.

Information Technology Act, 2000

Under this act, sections 43A, 72, and 72A are relevant for personal data crimes.

Section 43A states that if a corporate body deals with any sensitive personal data and is negligent in protecting that data which may cause wrongful gain or loss to any person, then that corporate body shall be liable to pay damages.

Section 72 provides for the penalty for the breach of privacy. If a person in pursuance of any of the power conferred in the act secures access to any data or information and discloses it to some other person, then that person shall be punished with two-year imprisonment or one lakh rupees fine or both.

Section 72A talks about the punishment for disclosure of data by breaching a lawful contract. A person who is under an obligation of a lawful contract gets access to any information about the other person and discloses it to the other person by breaching the contract knowing that it may cause wrongful gains, or loss shall be punished with three years imprisonment or five lakh rupees fine or both.

Even after the 2008 amendments that brought punishment clause and gave power to authority to decrypt any information, the Information Technology Act's scope is limited and not sufficient enough to act as a safeguard against data privacy. The provisions are limited to corporate entities only. It does not cover a wide range of entities,

Right to Privacy

A nine-judge bench of the Supreme Court in Justice K.S. Puttuswamy v. Union of India declared the right to privacy as a fundamental right under Article 21 of India's Constitution. Since then, the right to privacy has become an integral part of Part III of the Indian constitution. Since it is a fundamental right, no other law can infringe it. This defence is not sufficient to pull out all the problems arising out of breach of privacy and data hacks. To solve the problem of internet spying and cyber espionage, specific laws related to online data protection are required.

Personal Data Protection Bill, 2019

Mr. Ravi Shankar Prasad introduced the revised Personal Data Protection Bill, 2019, in the Lok Sabha. This bill has come under proceedings by observing the General Data Protection Regulation of the European Union. This bill protects the privacy of the individuals relating to their personal data, specifies the usage and flow of personal data, and provides remedies for harmful processing of data.

The bill proposes that personal data should be processed on the basis of free and informed consent. Any data processed without such consent would be counted as a violation. This bill also provides a different category of “sensitive personal data”.

Section 34 of this bill empowers the central government to exempt governmental agencies from complying with this bill's provisions.

These policies in this bill are criticized widely. Exempting the government from the provisions is completely biased. Providing the government with all the citizen’s sensitive information for use in national security and other matters is not the problem. The concern is the privacy of the data. Our right to privacy will be breached if the data stored with the government is leaked or hacked, but there would not be any action as the government would not be liable for data privacy breaches. Here, the chances and scope that data can be misused are wide and expected. The bill asks data fiduciaries to collect data in a fair manner without breaching anyone’s privacy. Still, the bill does not explicitly mention the reasonable manner and procedure for data collection. The bill needs to be refined thoroughly if it is to be passed.

Conclusion

Cyber spying, privacy breaches have increased in the past few years and will continue to do so in upcoming years. Covid-19 acted as a catalyst to increase privacy scams, so here we are struggling with no laws for the protection of our privacy. At this time, we must take measures and steps to prevent ourselves from falling into the pits of hackers. Since the trend and the new normal is working from home and all-day use of the internet, we have to be aware of what we are browsing. We are under a wide surveillance system, and realizing this; we need to keep some policies in mind like using safe connections instead of open Wi-fi, using VPNs to encrypt your connection, often changing IDs and passwords, not downloading apps like zoom which have already been targeted for privacy concerns.

These solutions are suggested precautions until the government does not pass any specific law for online data protection. The steps should be taken in accordance with the citizens. The surveillance over individual’s activities should be limited to a research purpose or for a specific need. Spying over all the activities and at all times should be penalised. IT department should take measures for the safety of personal data and keep it encrypted to all the authorities. Also, schools, companies, and various organizations must adopt more ethical and reasonable steps and procedures for the smooth work at home experience.

[1] Orlowski, Jeff. The Social Dilemma, Exposure Labs, 2020. https://www.netflix.com/title/81254224.

[1] Khushi Jaiswal is an undergraduate from Jindal Global Law School, Sonepat, India. For any discussion related to the article, she can be contacted via mail: 20jgls-khushi.j@jgu.edu.in

Preferred Citation – Khushi Jaiswal, “The Surveillance Ecosystem - Internet Spying Activities and Solutions", Syin & Sern Law Review, Published on 19th February 2021.