Privacy Hearings III: Recalibrating Rights for Digital Technologies (Guest Post by Ujwala Uppaluri)

This is the third post by Ujwala Uppaluri in the series on the ‘right to privacy’ hearings in the Supreme Court. You can read parts I & II here and here

This case offers the court an opportunity to set the terms of engagement for civil liberties arguments in the face of technological change, and Petitioners’ arguments all through Day 2 and early on Day 3 provide just the openings by which to do so. Poovayya, Arora and Sibal (a new entrant who made brief submissions for West Bengal, Punjab, Karnataka and Puducherry on Day 3) all addressed the technology question at some length.

This post presents a template for good argument in defense of civil liberties confronting technological change, and discusses Petitioners’ treatment of the technology question with a view to showing that they offer the court some routes to meaningfully preserving privacy in contemporary times.

STEP 1: Identify the nature of the technological change

At the outset, though India did not have judicial recognition of this simple fact until Shreya Singhal v. Union of India, let us stipulate that civil liberties that exist in physical space exist with equal vigour in the digital space.

Arguments in both policy and rights talk take endemic recourse to lazy platitudes about the nature of technological change. From bad premises, we can only derive bad conclusions – it is not yet clear whether the court will ultimately resist this trap.

These platitudes typically come in two forms. One set casts technology as a panacea (as in the broadband-transforms-the-remote-village narrative or successive governments’ refrain that Aadhaar = Development). The other takes technology to be the trigger for existential alarm because of its capacity for brutal disruption (as in the privacy-is-dead-in-the-digital-age or the social-media-breeds-terrorists tropes). Both involve sweeping statements that repeatedly show themselves to be resistant to nuance and, often, to evidence to the contrary.

Technological change, while often fitful and unexpected, rarely meets its billing of being so sweeping that it lays waste to tools of existing law and legal argument. (An important example from outside constitutional law is early fear that the advent of the internet and of ‘cyberspace’ would make legal activity arranged along physical notions of space – including legal enforcement – impossible. Evidently, that was too strong a claim. (See here for a poetic and idealistic vision of a borderless digital world.)

We must set aside platitudes about the scale of transformation wrought by technological change if we are to effectively defend civil liberties in contemporary times. Instead, the effort must be to supply specific and rigorously defended indications of the nature and consequences of such changes. If we cannot arrive at a workable degree of specificity, we must discard them for the purposes of legal argument.

For all of us interested in the health of civil liberties in the digital age, our first task must therefore be to paint nuanced but minimal pictures of what about our new reality is different.

If we take the broad brush approach, as Poovayya, Sibal and Justice Chandrachud slipped into doing at several points, even if it does the argument no damage, there is little of use to take away. Let’s take one illustration of such a slip from into over-general statements through its paces:

What is different now as compared to previous times in which technological change had to be contended with in law is evidently the *rate* of change. (A characteristically perspicacious intervention about the consequences of rapid technological obsolescence from Justice Kaul acknowledged as much.)

What follows?

Nothing new. The caveat on a priori boundary setting introduced in the last post, which flows from the impossibility of perfect foresight, continues to hold just as it ever did.

Another illustration is more instructive in showing the utility of painting a clear picture of new realities. It is the line that Justice Sotomayor takes in her excellent concurrence US v. Jones, which Poovayya read from at length. She improves over the platitudinous premise I criticize above by identifying and describing specific changed circumstances that would demand a recalibration of applicable standards and then contextualizing her narrative to the question in the particular case (of technologically-aided surveillance of a suspect’s movements) before her.

Poovayya (through his reading of Sotomayor), Sibal and Justice Chandrachud all correctly hit on the most significant symptom of the digital age: the new ubiquity of cheap data storage systems.

Unlike in the previous illustration, what follows begins to get at the nub of the issue of the elements of the new reality to which we must calibrate the privacy right. We can apprehend, with simple knowledge of the pre-digital age, that there has been a switching of defaults: where the general default was the forgetting and imperfect recall characteristic of human memory, it is now perfect remembering and recall. (See Vicktor Mayer-Schönberger’s book Delete: The Virtue of Forgetting in the Digital Age for an involved account of this switched default.) There is, in other words, an increasing incidence of delegating remembering to machines.

STEP 2: Specify the necessary consequences of the change

To prime civil liberties argumentation for the digital age, we must draw out the logical entailments of the conditions we identify through the process above, and then proceed to confront them. For our case, the relevant entailments – all but the first acknowledged at least implicitly in the course of the hearings – are these:

Entailment 1. Information is increasingly stored outside of rights bearers’ minds in machines which (unlike a register or photos) may not be in the physical or sole possession of the rights bearer who is the author or owner of the information.

Entailment 2. A new actor who deals in the various forms of activity made possible by externalized remembering has emerged. Let us call these actors – both state and other entities – data processors. Their activity spans collection, storage, processing (including aggregating information and mining it), and use/dissemination of information.

(On Day 2, several references by Poovayya of the need to regulate two sided-platforms like Uber proceeded on the unstated basis of the new factum of large (and often commercially held) banks of data. On Day 3, Justice Chelameswar intervened in Sibal’s argument to note that pre-dissemination stages were just as likely to trigger privacy concerns as dissemination itself does.)

Entailment 3. The existence of data processors creates new and easy avenues for accessing, sharing and combining records of information without the knowledge or intervention of their author. (Poovayya acknowledges this in his emphasis on notice and consent to subjects of data on Day 2.)

STEP 3: Review the strength of old assumptions and explanatory devices (and revise/replace where necessary)

 To respond to the switched default, we must begin by acknowledging that judicial precedent about privacy and the various heuristics they use proceed on assumptions deriving from the old default, where authors/owners of information had a greater measure of control over information than they do now (in view especially of Entailment 3).

Next, we must test them for continued efficacy:

Over the course of Sibal’s one hour of argument on Day 3, he used illustrations drawn from the facts of criminal procedure cases concerning the constitutionality of searches under the US Fourth Amendment to show the increasing incoherence of the inside/outside and private/public distinctions that are at the core of conceptualizing privacy harms:

He read from Riley v. California (searching contents of smartphone without warrant – even consequent on arrest), where the court reasoned that its capacity for storage of “the privacies of life” made a smartphone distinguishable from other objects in a suspect’s pocket and deserving of protection. He also presented a variant of the facts in Kyllo v. United States (thermal imaging technology used without warrant to determine that heat consistent with the lamps used to grow marijuana indoors emanates from suspect’s home), to press the point that no trespass was at all is necessary to raise a privacy harm.

So far, so good. What must follow is a clear statement of how the existing rule must change.

Justice Chandrachud intervened to do just that. He noted Katz v. United States (obtaining incriminating evidence by placing a listening device in a public telephone booth without search warrant). There, Justice Stewart recognized the need to extend privacy’s reach in view of the new technological capacity to surveil without “physical penetration” of the booth from which the suspect placed his calls. By a process of induction, he arrives at a revised guiding principle: privacy inheres in people, and not only in places as the theories based in trespass which found favour in Olmstead v. United States (wiretapping without warrant; overruled) would suggest.

 STEP 4: Strategically deploy existing tools –

In the new realities created by technological change, it is easy to lose sight of the fact that tested instruments for the preservation of civil liberties and constitutional values continue to exist in the law. Before we expend the effort of searching out or building new tools for defending rights, it is worth returning to brass tacks to see how existing law can serve our ends.

  1. to reinforce the right

One example of existing legal construct that could be deployed in furtherance of privacy (understood as the right to control flows of information about oneself) is that of consent in contract law. Poovayya and Sibal both acknowledged this in their arguments:

In response to questions from the bench late on Day 2, Poovayya made references to notice and purpose specification and limitation as important ideas that must regulate actors, such as Uber, who essentially deal in information. These are merely contextualized framings of the usual rule as to informed consent that data protection laws (being simply frameworks for preserving rightsbearers’ control over their information) have adopted globally.

On Day 3, Sibal placed the 2012 Report of the Group of Experts on Privacy constituted by the Planning Commission under Justice AP Shah before the court. In it, the GoE recommends that India enact a data protection legislation that would codify the principles that Poovayya’s arguments alluded too among other similarly fundamental principles in law.

        2. to circumscribe state interference with the assailed and related rights

Arora, whose arguments were sadly cut short by those before her (excepting for Sorabjee and Diwan) running well over their share of time, made the simple and elegant point at the close of Day 2 that the well-entrenched requirement in criminal procedure of warranting must not be lost sight of in the discussion around the government’s adoption of new technology.

She is right:

The underlying logic of warranting – that rights invasions by the state must be for written and revieweable reasons and that oversight of the executive by courts, an independent and co-equal branch is an important route to preserving civil liberties – is as relevant as ever.

Leave a Reply

Your email address will not be published. Required fields are marked *