The recent ransomware attack questions the security of data storage. The supreme court will take up the larger issue of privacy in the Whatsapp case

India was one of the several countries hit by the global cyber-attack several days ago. The Kaspersky Lab recorded over 45,000 attacks in nearly 100 countries, which included Russia, UK, US, Ukraine and China. The virus belonged to the category of Ransomware, and the programme was WannaCry (technical name: WanaCryptor 2.0). It encrypted the users’ data and demanded a ransom in crypto-currency, Bitcoin, for unlocking the hardwares.

As per the experts, the attackers earned almost $20,000. The 22-year-old British researcher, Marcus Hutchins, who halted the global attack by simply activating the “kill switch” of the malware, has warned that they could “change the code” and attack again. The alarming situation demonstrates how anyone can randomly breach our digital spaces, which are hugely vulnerable. Social media users, people who store banking details on PayTM and mobiles — practising cashless, and big data that’s in the possession of government and private organisations is at risk.

No law to save privacy

The problem in India is that we don’t have any regulatory laws to protect privacy, especially digital one. We install TrueCaller on our phone to block spam calls and know the identities of the callers. In exchange, the app accesses our contacts, updates its own data, and makes our identity public. That’s what free services do. Each app that we install accesses personal data. And we agree. No one asks Ola why it needs to access our photo albums. The netizens seem careless about the fact that tech giants record our moves by tracking caches and storing files and so on and so forth. This is why the Supreme Court hearings in the WhatsApp privacy case may become crucial in the near future.

The five-judge constitution bench will decide whether private companies like Facebook and WhatsApp take undue advantage of the lack of regulation on users’ data privacy. In August 2016, WhatsApp said that it will share the users’ information with Facebook which can, in turn, be accessed by the latter’s commercial partners. This, in a country, where the total number of users exceed the total population of several countries!

In one of the hearings, the apex court raised two intriguing questions. One, if the government is in the process of legislating the regulatory framework, which it claims to be doing, what is the role of the court in a case like this? Two, what if WhatsApp claims that in the absence of the regulations, the court cannot do anything even if the privacy rights of an individual are infringed upon? Some claim that the court may not be able to interfere. Others contend that a company like WhatsApp, which trades in “right to information, right to choice, and right to knowledge”, cannot take away the right of the court to intervene.

Nothing is secret to government

At the same time, there is a debate on the Unique Identification Authority of India’s Aadhaar. The biometric will store the digital footprint of every activity of every citizen of the country. The previous UPA government sold the idea by calling it a single-point identity, which will ease the identification problems of a citizen. It claimed that the move would minimise criminal activities as it would ease the manner in which the criminals could be tracked.

Despite condemning it in the past, the present regime went ahead with Aadhaar. And now the government can track our earnings, holidays, preferences, in fact everything. In December 2016, the All India Institute of Medical Sciences wrote to the union health ministry, to seek permission to mandate the linking of Aadhaar with Unique Health Identification number. The problem isn’t just that the data is being stored and can be hacked. It’s also that the data will never be forgotten. So, in 2027, you can be denied a promotion because you visited a psychiatrist in 2017, or a decade earlier.

According to advocate Shyam Divan, the rulings of the German Federal Constitutional Court emphasised the individual’s right to determine what information belonged to her, and what can be used by the state. Divan linked it with the right to dignity under the Article 21 of the Constitution. He claimed that the Aadhaar data shared with the private firms do not even come under any contract. Thus, if you go to buy a Jio sim card, and the retailer ask you to press your thumb against a small machine, the seller gets all your data on his computer.

There’s no denying the fact that the West has the most technologically advanced security systems. Yet the hackers were able crack them, time and again. The level of security may be lower in a country like India, although it has the technological expertise which claims to save the citizens from such attacks.

The recent Ransomware malware’s effect was largely restricted to parts of South India. We were just lucky. Large portion of our banks operate on traditional systems, and our ATMs are outdated and survived WannaCry. But as recent attacks have shown, we aren’t foolproof. We need to be careful.