“The government has now reduced the idea of data and of governance to knowing everything about the people. They are saying that if the state has to give anything to a people, the people have to be willing to give it a lot. This is a process by which the inversion has started happening, where people don’t need to know the state, but the state needs to know the people. And this is the battle that was fought in the court in the UIDAI (Aadhaar) matter,” says Usha Ramanathan, independent law researcher on poverty and technology, commenting on the State Family Database (SFDB) project of Tamil Nadu, Haryana, Maharashtra and several other states.
The Tamil Nadu e-Governance Agency (TNeGA) floated a second tender in December 2022 for implementation and maintenance of a Master Data Management and de-duplication tool for SFDB. The objective is to assign the ‘Makkal ID’— a unique identification number already allotted to the state’s seven crore residents— to different records across departments.
The SFDB is projected to be the “single source of truth” of all state residents by merging information of an individual across all government departments, from education, health and vehicle ownership details to land records, income and community details among a host of other personal data. This information, including that of births, deaths and marriages, will also be used to identify a resident’s relationship with other members in their family.
Similarly, in April 2022 the Maharashtra government had floated a tender for creation of a “data integration and data exchange platform” called the Maharashtra Unified Citizen Data Hub, which will be used to assign a unique ID for every citizen. The unified database will provide a ‘golden record’ of citizens bringing together information from over 56 databases across 377 government bodies giving insights into a person’s name, Aadhaar, caste, education, bank, property, and employment details among others.
In addition to Tamil Nadu and Maharashtra, Haryana and Uttar Pradesh have their own family ID card schemes called the Parivar Pehchan Patra and Parivar Kalyan Card. Andhra Pradesh’s Praja Sadhikara Survey or the Smart Pulse Survey conducted in 2016 aims to achieve real-time governance by digitising socio-economic data of every resident through village volunteers. Similarly, Telangana’s Samagra Kutumba Survey was completed back in 2014 to create a master database of every household in the state. Rajasthan, under the Bhamashah Act maintains a Bhamashah Resident Data Hub of families residing in the state for ‘efficiency and transparency’ in delivering welfare benefits.
The Jammu & Kashmir administration is also planning to create a database of all families permanently residing in the Union Territory by allotting them an eight-digit Unique Alpha Numeric Code, which will be used to determine the eligibility of residents for availing social welfare facilities through “automatic selection of beneficiaries for receiving social benefits”.
As these massive data-collection, linkage and integration projects take shape in several states with many taking the same course, we attempt to take a look into why are states keen to create these centralised family databases, when did it all really begin and how these exercises can harm citizens’ rights.
STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today!
Why are states undertaking these projects?
While states are experimenting with the idea of creating SFDB currently, the concept is not new. Just as experts point out, it stems from another e-governance project, the State Resident Data Hubs (SRDH), undertaken by several states before the 2018 Aadhaar judgment. The SRDH, a state-level repository of Unique Identification Authority of India (UIDAI) data of residents along with demographic information and photo, was also aimed at creating 360-degree profiles of citizens representing again, a “single source of truth”.
States such as Odisha, Tamil Nadu, Delhi, Andhra Pradesh, Madhya Pradesh and Haryana had created their own SRDH, which an analysis by Anand Venkatanarayanan shows, contained “maximum information about residents, with no restrictions on usage and questionable legal protection”. These already existing state databases, after the Supreme Court struck down section 57 of the Aadhaar Act in 2018, were further leveraged to develop Enterprise Architecture projects by some states such as Punjab and Meghalaya.
Though they go by different names, experts say these projects are built on the fundamental concept of creating centralised databases for digital governance. These projects are focussed on building tools for data standardization essentially emphasise on “real-time governance” and “predictive governance” as the ultimate goal. This is also an essential feature of the family databases which will also be tracking births, deaths and marriages in a family by linking these certificates for automatic updation.
To add to it, the Economic Survey of 2018-2019 had pitched the creation of a ‘Central Welfare Database of Citizens’ by merging databases from different ministries. Srinivas Kodali, researcher, Free Software Movement of India, explains that these governance databases are further connected to the Centre’s India Digital Ecosystem Architecture project which outlines grand ambitions of providing “one government experience to citizens and businesses” in a digital ecosystem.
Reading between the lines: How specific groups may be harmed
Most of these centralised database projects come with a promise of maximum governance and end-to-end delivery of services as the ultimate goal, but experts say there are other ways in which this resource can be used.
The Tamil Nadu government, through SFBD, envisions providing a “data driven decision support infrastructure for improving Governance by aiding planning, implementation and execution of government schemes and programs”. “It will complement the existing Department infrastructure by enabling data harmonization and synchronization among various departments to ensure transparent and seamless service delivery to citizens,” the state tender adds. The objectives stated in the tender include ensuring effective service delivery, greater accountability of government departments, GIS integration of data driven governance and providing Aadhaar authentication to various department applications to ensure the benefit reaches eligible beneficiaries among others.
Srikanth L, a public interest technologist, observes it is crucial to understand the unstated or understated objectives of this project design, which could directly benefit the state in the long term. While ‘efficient governance’ seems to be the stated objective, regardless of whether it is achieved or not, the government has got its hands on a lot of granular data about every resident.
In addition to cutting government expenses by removing duplicate beneficiaries in a scheme, access to this in-depth information will also enable them to determine the outlines for policy-making in future. For example, defining income criteria for economically weaker sections of the population through the means of algorithms. These systems, he says, will then replace the deliberations between politicians and bureaucrats over defining target groups for these schemes and policies on the basis of ad-hoc criteria.
“A policymaker could actually say that this is the budget I’m having now, give me a criteria which will fit this budget. You have algorithms, you generate criteria and give them and that criteria would kind of go into a policy or a benefit or whatever,” he adds.
In the near future, access to these cross-sectoral databases will empower the government with a much clearer and categorised list of information on an individual’s education, health, income level, savings, property and tax-paying behaviour. This, Srikanth notes, can also enable further segregation on the basis of religious and caste groups with district-level categorisation being the next layer of information, thereby benefiting one set of people and directly harming the other. The fact that this will essentially be decided by the political masters based on what suits them, is what he explains is the desired aim here and an “understated objective”.
What are the harms?
Privacy infringement without legal backing
It is important to note that the states are undertaking SFDB projects to integrate databases across government departments without the notification of a specific law. While the Rajasthan government enacted the Bhamashah Act in 2017, experts say that the legality of the current state family database projects is questionable.
“If you collect data, you collect data to profile your residents, there’s certainly the right of privacy engaged. Once that is the case, the requirement of law becomes absolutely indispensable. The fact that all of these exercises have been carried out without the backing of a law itself falls short of the first test of privacy,” says Prasanna S, a Delhi-based lawyer who had assisted petitioners challenging the Aadhaar Act 2016.
Experts highlight that any data collection exercise leading to in-depth profiling of citizens, and conducted in the absence of the law is a direct violation of fundamental right to privacy. The fact that there is no defined law detailing such linking of databases fails the first requirement under the three-fold test of legality, legitimacy and proportionality for any restriction of right to privacy laid out by the Supreme Court in the Justice K.S Puttaswamy v Union of India 2017.
“The law is a critical piece there. Because the law will then tell you what purposes you can use it for, to what extent the data can be collected and retained and what you cannot use it for. Otherwise, it’s a database that the state can use for any purpose it wants,” Prasanna adds.
While the state governments say the objective to merge databases is digital governance, there is no transparency over how it is going to be done and how data-sharing can take place. According to Ramanathan and Kodali, the move to merge databases of different government departments and create “golden record” or “master databases” amounts to 360-degree profiling of residents, which in effect is a clear case of infringement of people’s right to privacy. Kodali stresses that this concept stems from the already existing idea of SRDHs, a matter that remained largely unaddressed by the Supreme Court during the Aadhaar trial in 2018.
Further, citizens have no means to find out to what extent and where their data is being used, shared and whether they have the rights to erasure of this data. Additionally, in the absence of a data protection law, there is no clarity over how consent management and data-sharing will work with respect to SFDB. In 2021, MediaNama had reported that of the seven crore beneficiaries in Tamil Nadu’s PDS database, the 8-digit Makkal number or unique identification number of over six crore people was exposed to a massive data breach. The Makkal number is an important component of the state’s SFDB. In the absence of a data protection law, instances like these raise doubts about how people’s privacy can be assured under such projects.
Surveillance and data security vulnerabilities
“This is not just a surveillance state, it is a state that wants to track you at every stage,” says Ramanathan commenting on the nature of 360-degree databases providing cross-departmental information on every aspect of an individual’s life, from birth to death. She further highlights that the state’s imagination that governance is synonymous to collecting granular data of residents and allowing it to be shared wherever it deems fit exposes citizens to the risks of surveillance and cyber attacks by hackers, national as well international.
The condition laid up on citizens to choose between privacy and welfare was the crux of the arguments during the Aadhaar trial in 2018. To the petitioners stating Aadhaar violated people’s right to privacy, specifically their right to live with dignity, the SC majority opinion maintained that Aadhaar does not violate an individual’s right to privacy as it enables disadvantaged sections to live a dignified life by assuring better access to state benefits and subsidies.
However, Justice DY Chandrachud, in his dissenting opinion, expressed fears that this could pave the way for a surveillance state allowing extensive profiling of citizens by the government as well as by private firms. He also highlighted how Aadhaar, if seeded into every database, becomes a bridge between different “data silos” and if this database is compromised, it will allow anyone with access to the information to “re-construct a profile of an individual’s life”. This, he stated, “is contrary to the right to privacy and poses severe threats due to potential surveillance”.
Experts view the existing SRDHs and upcoming SFDBs, as a step towards this direction; an attempt to break down these silos and create a single source of truth, thereby opening avenues for exploitation of people’s information in the name of e-governance, policy making as well as maintaining law and order.
Talking about the cybersecurity risks involved, Ramanathan says one needs to revisit the government’s promises of data security during the implementation of the Aadhaar project. The Comptroller and Auditor General of India in its April 2022 report on functioning of the UIDAI flagged significant security concerns with Aadhaar. Among the other issues discussed, the UIDAI had not been able to ensure whether the entities collecting and storing of Aadhaar data had built Aadhaar Vaults, which are mandatory and primary provisions for data safety under the Aadhaar Act.
In the Tamil Nadu tender, the TNeGA states that the technical resources required for implementation of the project must be deployed at its premises and the members “should undergo suitable training in relation to security aspects of the project, and maintain the confidentiality of data”. The TNeGA will be reviewing and monitoring activities of the bidder. The Maharashtra government tender calls for the bidder to provide Security Operation Centre and vulnerability management services to protect personal data, along with financial data from unauthorised access.A lot of these security aspects laid out in the tender are also based on the cybersecurity guidelines laid out by CERT-In.
However, it is important to note in the recent past, we have only seen a surge in cybersecurity breaches and ransomware attacks on government databases. Further, The Economic Survey of 2018-2019 had stated that the government can sell select citizens data to private companies and data analytics firms for commercial use and generating insights. The survey pointed out that, “In thinking about data as a public good, care must also be taken to not impose the elite’s preference of privacy on the poor, who care for a better quality of living the most”, MediaNama had reported. Under such circumstances, there is little to no clarity over how governments can ensure safety of people’s personal information.
A direct hit on democracy
When the government has access to all information about an individual’s existence, profiling them becomes easier. It is not an unexplored concern that this data can then be used for electioneering purposes. Experts that MediaNama spoke to for this story derived inferences from the Cambridge Analytica revelations four years ago , which demonstrated how huge amounts of online profiles of citizens can be used by political parties for targeted election campaigning and voter manipulation.
An India Today investigation in 2018 revealed how local political consultancies in New Delhi had their hands on voter information, including Aadhaar, PAN and income data, which was then used for making all kinds of election promises through targeted communication to influence the individual’s voting behaviour. With the upcoming remote voting project, regional parties have already raised concerns of how big parties can monopolise their control over polling booths.
Further, the attempts to ‘purify’ electoral rolls, push for the linking of voter ID and Aadhaar and seeding such information with state-level databases are not really new. In 2019, the Election Commission of India (ECI) suo-motu deleted nearly 55 lakh entries from electoral rolls in Andhra Pradesh and Telangana without following mandatory door-to-door verification process. Kodali, who is fighting the case in Supreme Court, through his petition stated that the voter data was also seeded with the SRDH, the state’s own Aadhaar repository. This is a prime example of how databases are being accessed by governments to interfere with people’s right to vote and carry out voter profiling.
“There’s a lot of privacy violations, which will have its effects on society and democracy, because people are being denied welfare. People are being further targeted by political parties for electioneering purposes. It’s changing the way governance, politics works in the country. It’s being abused, rather weaponized,” he adds.
Moreover, instances of electoral frauds exposing booth-level data to unauthorised agencies have also raised alarms in the past. Srikanth explains that “when such booth-level data is juxtaposed with this (SFDB) kind of granular socio-economic data, which covers for people who are not even on social media, it becomes to accurately predict or reverse predict an individual’s voting choice or political inclination with “reasonable confidence”.
While the Cambridge Analytica case shows us how social media profiles can be exploited to decipher political choices, he stresses on how state family databases and polling data can potentially be used to determine a voter’s choice. And this will be regardless of the fact that they are on social media or whether they have expressed their political choices on social media or not.
Is this really ‘inclusive governance’?
According to Kodali, the family database projects enable governments to use such information to determine a citizen’s truth, whereas the facts and the citizen’s version of truth might vary from that of the government. In simple words, the government can now decide, based on their assessment of the data obtained, whether a person belongs to the economically weaker section or not, is poor or not or whether they deserve certain welfare benefits or not.
Further, political interests in a region will also determine who the ruling party is likely to not account for while deploying welfare schemes and programmes. As discussed above, with access to voter data and other demographics of citizens in a database, it is not incorrect to say that this information will be used by local politicians to only address the needs of the constituency that voted for them, ultimately leading to exclusion of some other groups and communities from welfare.
In addition to this, it is well-documented in the case of the Aadhaar how due to lack of digital literacy, financial and material resources people continue to face exclusion and feel cheated by technological solutions without human intervention. In Haryana, errors in the Parivar Pehchan Patra have already led to the deletion of people’s names from the BPL list and people were unable to avail benefits of the ration card. An exercise which was meant to ease people’s difficulties, Ramanathan says, only opens up more challenges for them, adding to their burden even for the most basic need for ration.
Prasanna S is of the view that these projects are undertaken under the presumption that there are more beneficiaries than there ought to be and that some are gaining benefits when they are not entitled to it. However, nobody has tested to what extent this assumption is correct. “But the assumption is just that there is a scope for making it more efficient. When that is the case, then you are always going to end up with deletion of a few people..some of it will be wrong, while some right. There will always be false positives and false negatives in the system.”
When it comes to SFDB databases, Prasanna questions whether the state can make ethical considerations while looking at the aggregate data. He explains, “So in aggregate they’ll say that yes, at the end of the day, only less than 0.5 percent of people got excluded. But, what do you do for that 0.5 percent? And those who have been able to demonstrate that they are wrongly excluded, what is the state’s liability towards them? Unless you answer that question, you should not be allowed to do this kind of thing.”
A blind trust in ‘techno-utopia’ of data extraction?
It is a recurring stance among experts studying the intersection of technology and policy that the state must be able to understand the limitations of technology when it comes to policy making. Currently, they believe the states are blindly giving in to ‘techno-utopia’, wherein governance is entirely dependent on extraction of more and more people’s data.
Ramanathan believes these projects are being carried out without testing what happens with people, especially to those who already face vulnerabilities of being poor. Instead of incentivising a state culture where databasing itself becomes a state function, the state must use technology to aid in its functions.
Amidst unaddressed issues relating to digital inequity, access to the digital infrastructure, impoverishment and uncertainties that plague technological interventions, the government’s obsession with data-driven policy-making raises serious concerns. As state governments continue to fall for Centre’s grand digital enterprise plans without assessing situations on-ground, experts believe, such projects have larger implications on the federal structure of governance too.
According to Prasanna S, “Certainly, in the last ten years or so, we’ve seen a completely lacklustre bureaucracy which have absolutely no imagination of creative solutions beyond databases. And then you don’t even know the size of the problems and finally you build a solution, you don’t know whether it solves the problem or not. We need to keep reminding the state that databasing is not a state function at all. You use databases in aid of a legitimate function that you have. You cannot just build databases and then figure out the functions.”
Note: The headline was updated on January 27, 2023 at 3:45 PM to correct punctuation
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
Also Read:
- How To Explain Tamil Nadu’s 360-Degree Database To Your Peers
- Tamil Nadu’s All-In-One Database For E-Governance: State Family Database
- 360 Degree Profiling: Maharashtra Government To Assign Unique IDs To Citizens, Integrate Databases
- Haryana’s Family ID Is An Aadhaar Redux, And A Massive Data Collection Exercise
- India Working On Creating A Common Database With Family As The Unit: MeitY In Parliament
