29 September 2018

Aadhaar: Techno-Capitalism, Constitutionalism, and Patriarchy

Law, technology, capitalism, and patriarchy make for a potent combination which, if not handled carefully, may become toxic. The Aadhaar project, which could conceivably be used as an instrument with which to enforce patriarchy on steroids, if care is not taken to avoid such an eventuality, exemplifies this. At the moment, it seems reasonably clear that privacy concerns related to Aadhaar aren't entirely unfounded. What isn't clear is the extent to which Aadhaar-related privacy concerns are valid and how they could manifest.

In a troubling judgment where the majority and the minority disagreed not only on matters of law but on basic issues of fact, the Supreme Court largely upheĺd the constitutional validity of Aadhaar and effectively mandated that each individual’s Aadhaar number be linked to their PAN card and be mentioned in their IT returns which, along with requiring an Aadhaar number to avail of government subsidies, likely means that almost everyone will have to participate in the project. The Court did curb Aadhaar demands by private companies although it isn't clear if companies' demanding PAN numbers, which are, in any case, necessary for most financial transactions, could lead to Aadhaar linkage by proxy.

ARPU projections (which quantify the Average Revenue Per User) in light of the Supreme Court's Aadhaar decision do not yet appear to be in the public domain. Once they are made, they'll probably determine how India Inc.'s response to the Aadhaar judgment will play out. After all, if there is one factor capitalism is sensitive to, it is money. 

ARPU projections may also effectively act as econometric analyses of the value of a person's life, if only by accident. After all, compromised privacy can have a direct impact on whether or not a person remains alive. Revealing a person's location and the establishments they frequent can, for example, put them at risk of being targeted at those places by those who would harm them.

Such information relating to location and lifestyle would anyway perhaps be available to a person out to do harm provided they asked the right people. The difference with Aadhaar which induces particular fear is that it potentially provides much more information to malefactors with much less effort on their part. Enhancing concerns is the lack of clarity about what the situation would be if an Aadhaar number had already been linked to a service either directly or by proxy through a PAN number.

The disclosure of information may well be entirely unlawful but it has to be borne in mind that unlawfulness doesn't necessarily mitigate the harm caused by disclosure and, communal concerns aside, social reality ensures that a weeping husband seeking his 'missing' wife, for example, cuts a sympathetic figure even if, unbeknownst to others, she's missing only because she's escaping his abuse. So, too, does a distraught parent or sibling looking for a relative who has married 'out of caste' in the face of family opposition. A third party has no way to know whether a tearful reunion will follow the disclosure of information or an honour killing.

It isn't clear that there are adequate practical safeguards against wrongful disclosure or to ensure that persons whose data is revealed are notified each time a disclosure takes place so as to enable them to take what precautionary steps they can. In effect, this means that anyone who lives in fear of social and familial violence is potentially permanently unsafe and forced to continually endure in a heightened state of alertness.

Although the technology at play does not architect for violence, it does not seem to have adequately architected for safety either. The social environment in which it operates, being patriarchal, serves to enhance safety concerns. And the legal construct in which the technology is deployed legitimises it through an understanding of the rule of law which appears to prioritise social order and not individual safety.

Early on in its judgment, the Supreme Court referred to Dicey (1835-1922) to explain what constitutes the Rule of Law. “The essence of rule of law is to preclude arbitrary action,” it said, continuing, “Dicey, who propounded the rule of law, gave distinct meaning to this concept and explained that it was based on three kindered [sic] features, which are as follows: (i) absence of arbitrary powers on the part of authorities; (ii) equality before law; and the (iii) Constitution is part of the ordinary law of the land," and, although it strayed into our own time, repeatedly referencing both contemporary jurists (including a former Chief Justice of Israel) and individual rights, the foundation of the Court's understanding seems to have been built on a conception of legality drawn from Dicey's Rule of Law.

The Rule of Law is, of course, basically an implementation plan for the social contract in which men supposedly freely and voluntarily submitted to the State, granting it legitimacy and pledging it obedience in order to create order from the chaotic state of nature. Women were co-opted into the social contract. This was presumably achieved through a preceding sexual contract which gave men legal dominion over women, as Carole Pateman memorably suggested. After all, there is no other way in which the social contract, which largely ignores women and which was developed at a time when married European women rarely had the right to contract independently due to coverture, could have been successful.

Dicey himself appears to have supported both patriarchy and the British imperial project which derived its theoretical legitimacy, in no small measure, from the racial hierarchies developed by white men during the Enlightenment which, unsurprisingly, put themselves on top of the pyramid, so to speak.

Drawing on the understanding of Dicey hardly seems appropriate in a world that's supposedly striving towards gender and racial equality. Nominally, anyway. The validity of the Rule of Law is being challenged in the context of colonialism which saw no dearth of entirely legal atrocities against colonised peoples. It may well be worth extending those enquires so as to vigorously interrogate the potential unlawfulness of the Rule of Law in other contexts too, and to challenge the idea that being lawful is akin to being acceptable.

Ultimately, what we need is a conception of the Rule of Law which is viscerally sensitive to individual rights and which does not allow what should be inalienable rights to be sacrificed at the altar of social order. It is not immediately apparent that the understanding of the Rule of Law which the Supreme Court has adopted in its Aadhaar judgment, and which appears to underlie its rationale, is an understanding that is entirely shorn of the sexist and racist baggage of the past.

In the context of Aadhaar, there are still several unknowns. That it is lawful for society is not identical to its being safe for the individual simply because it could, depending on how it is used, increase security risks exponentially. The challenge now is to shape the techno-legal environment in which Aadhaar exists and operates to ensure that it is unquestionably safe for the most vulnerable amongst us. 

11 September 2018

IPC Section 377 and Publishing Explicit Content

In India, the legality of publishing explicit content hinges on three factors : obscenity, privacy, and consent.

Focusing on consent in the wake of the IPC Section 377 judgment:

Without the consent of persons featuring in explicit content, it is generally illegal to film, photograph or otherwise record such content, or to disseminate it in any manner. An exception to this general rule (which makes legal recording and disseminating more difficult) is indicated by Section 377 of the Indian Penal Code which criminalises 'carnal inter­course against the order of nature with any man, woman or animal'. This Section makes the acts which fall within its scope illegal, so it follows that regardless of the consent of those who engage in such acts, it would be very questionably legal to disseminate content featuring the acts as they are illegal and engaging in them cannot be legalised by consent.

Except for a brief interval from 2009 to 2013, since the time it was introduced into the Indian corpus juris by the British, IPC Section 377 has criminalised all sex other than possibly procreative M/F sex. There was some confusion brought in by the 2013 amendment to the Indian Penal Code which, through an amendment to the definition of rape in Section 375, suggested that non-procreative M/F sex could be considered non-criminal if it was engaged in with the consent of the woman involved. However, all M/M and F/F sex continued to be considered criminal by virtue of Section 377 of the Code.

There has never been any explicit statutory hierarchy or separation between IPC Sections 375 dealing with rape and 377 dealing with supposedly unnatural acts, so the interaction of the two provisions remains in need of judicial clarification.

What has changed, however, is that on September 6, 2018, the Supreme Court read down IPC Section 377 with the effect of decriminalising sexual relations between consenting adults. Although, in reference to the overlap with IPC Section 375, the judgment isn't entirely clear, it is clear that consensual homosexual acts have ceased to be criminal.

This subtly changes the law on the legality of publishing explicit content featuring homosexual acts. Since the acts themselves are no longer illegal, the barriers to publishing content featuring them have been lowered, and it would likely be easier to consent to the their being recorded and, possibly, if one were a participant, monetised through dissemination.

The details of how the how the 'new' law will be applied remain to be seen. As I'd argued in a piece over at Scroll:

"Decriminalising consensual sexual acts, as the Supreme Court has done, is important but the devil will lie in the details and in how the Indian body of law is recalibrated. One can only hope that those who have had no recourse but to rely on the provision [Section 377] to address sexual violations that would not otherwise be criminal are not left out and forced to endure without adequate legal recourse to address the wrongs done unto them. Ensuring that the law respects the agency and autonomy of individuals, too, will likely require careful consideration and a range of proactive measures."

[Read the whole piece here: Section 377: Decriminalising homosexuality is great, but the fight for true equality is not yet over]

The Supreme Court's decision in Navtej Singh Johar, the case in which IPC Section 377 was toned down, is incredibly important but it is not a story complete. The publication of explicit content is but one narrow issue. More important are the many steps which are yet to be taken to establish an equal society without reference to the positions of individuals on the spectrums of sex, gender identity, and sexual orientation.

(This post is by Nandita Saikia and was first published at IN Content Law.)

4 August 2018

Structuring Privacy through Confidentiality Obligations

Privacy has, of course, assumed centrestage in recent years with concerns about data and how to handle personal information becoming increasingly urgent. The Indian Supreme Court issued a decision in August 2017 which was unarguably in support of privacy although it recognised that the right could not be absolute.

At the time, I'd written in a piece in Business Standard saying: "The Supreme Court has done more for Indians in its judgment on privacy which was released yesterday than many had the temerity to hope for. The nine judges who heard the case have developed a comprehensive jurisprudence of privacy for India through six largely-concurring judgments appended to each other (with one of them having been signed by four of the judges). They have effectively harmonised the law which had earlier been developed on a case-by-case basis by providing a doctrinal basis for it, and, critically, they have held, without a shadow of doubt, that privacy is a fundamental right."

The months since the judgment was rendered have seen the emergence of an increasingly polarised debate about privacy which has, unfortunately, been marked by widely-accepted suggestions in some quarters about the legitimacy of structuring privacy protections based on consent instead of on rights. What this, if it were ultimately accepted, means is that being able to protect one's privacy would, in large part, be dependent on one's ability to impose confidentiality obligations on others and on one's willingness to adhere to non-disclosure commitments oneself.

In other words, a consent-based model of privacy protection would require those within its remit to possess a basic degree of legal literacy which would enable them to understand the implications of non-disclosure agreements, at the very least. This poses problems in a country where basic literacy itself is far from universal but, amongst the literate, it is not unachievable.

The structure of non-disclosure agreements or NDAs is fairly simple. The information sought to be protected is clearly defined in terms of its nature and the period during which it is disclosed; information either not listed or not disclosed within the disclosure period is generally not subject to contractual confidentiality obligations. A separate confidentiality period is also defined during which the receiving party is required to keep confidential information disclosed to it private. However, confidentiality obligations even during the confidentiality period are subject to agreed exclusions such as allowing necessary disclosure to law enforcement perhaps with notice to the disclosing party, and allowing any disclosure of what would otherwise have been confidential information to anyone in respect of information which is demonstrably in public domain but not as a result of the receiving party having breached its confidentiality obligations. Agreements also tend to contain either remedial or punitive provisions which are intended to come into play in case confidentiality obligations are breached; these provisions may involve monetary reparation, indemnification, or some other arrangement which the parties agree to.  

Provided one doesn't fall foul of the 1872 Contract Act, Indian law allows parties a great deal of leeway to structure confidentiality obligations in a manner that makes sense to them. There are, however, a few statutes which recognise privacy as a right and which could be considered to impose supra-contractual statutory requirements on to parties. For example, Section 23 of the 2017 Mental Healthcare Act begins by stating: “A person with mental illness shall have the right to confidentiality in respect of his mental health, mental healthcare, treatment and physical healthcare,” and then goes on to impose specific obligations on certain people.

The effect of statutory provisions such those recognising the rights of people with mental healthcare concerns to confidentiality is that, in some cases, individuals are granted the option of choosing how to structure their privacy requirements within the framework of basic rights which they, hopefully, cannot simply sign away in toto. This helps level the field in cases where the power dynamic between parties is so skewed that “consent” becomes meaningless.

It is perhaps important that we inch towards developing a stronger framework which recognises limited choice within rights rather than one which could potentially legitimise unlimited choice despite rights. Ultimately, in a world rife with choice inhibition, we shouldn't be able to sign away, possibly by oversight, what should be inalienable rights.


This site is supported by FrontierNxt.