Last week, I walked into an office building in DLF Cyber City in Gurgaon, the one that has offices for Google and Yahoo, only to find that the security guards at the entrance wanted me to hold up my identity card (I carry my drivers license) in front of a digital scanner, “for security purposes”. I declined, and asked them to explain why. “For security,” I was told, once again. On being asked about what they do with the data, and where it is stored, the guards at the entrance were apologetic, and eventually delegated upwards: they took me to a small one-room office in the basement parking of the building, which looked and felt like a dilapidated government office, and appeared to house the officers in charge of security at DLF Cyber City.
I faced a similar situation while visiting Amazon at the World Trade Center in Bangalore last month. While the building security declined to let me through, the executives I had gone to meet were quite apologetic about the situation, and met me in the building lobby. They had similar misgivings about this data being collected, and understood my point of view of not giving my data.
There is data that I put on a business card – name, address, mobile number, twitter handle and mobile number – that I have no issues sharing. Some of it is on MediaNama’s twitter profile. What is important here is that it is my choice, but it is also worrying that we’re in a situation where someone has to make these decisions. I chose not to allow The World Trade Center in Bangalore to scan my ID, and they chose not to let me in. It’s almost like a trade. But there is data that validates my identity, such as my drivers license number, that I don’t want anyone to get access to. I’m willing to show it, if anyone wants to validate it for authenticity, but I certainly don’t want them to copy it. How do I know someone wont be able to copy this digital scan, and create a fake copy of my ID?
There is also some sense of privacy and security in the fact that many of the databases that collect information about us are not connected. This is the danger than the Aadhaar number holds: being used as a primary identifier, it becomes a number that connects multiple databases together. Of course, this is a country wherein the election commission has allowed demographic data to be copied en masse (read this and this).
There are many reasons why the government of India needs to implement a privacy law. The earlier government had drafted a Bill on the Right to Privacy in the hope of curbing the trend of unbridled surveillance and to ensure that there are legal mechanisms for safeguarding individual privacy, to balance the concerns of both individual privacy and state security. Read more about it here.