Are the elements of India’s digital infrastructure, including DigiYatra, facilitating easy operations or are they introducing new challenges and threats to privacy?
Long ago, Air India released an advertisement for Bombay residents, offering them a flight to Delhi to join in celebrating India's first Independence Day festivities. Priced at a princely sum of Rs 140, the advertisement promised the "cheapest, fastest, and safest" mode of transport.
Over time, these promises have faded, as air travel has become ubiquitous, more expensive, cumbersome and unreliable. Today, technological solutions like DigiYatra, often hailed as panaceas, rather than mitigating passengers’ woes only add to their misery. This is widespread across several deployments of what is today termed as ‘digital public infrastructure’.
Many air travellers have already encountered DigiYatra, now implemented across 13 Indian airports and soon to be expanded to all, according to the Ministry of Civil Aviation. Where active, it often involves ground staff armed with smartphones or seated beside facial scanners, enrolling passengers at entry gates—sometimes without their consent. Opting out is challenging: Not only do many airports predominantly feature DigiYatra-only gates, but ground staff also seem to treat sign-ups like a game of 'gotcha.' Despite the Ministry of Civil Aviation stating on August 23, 2023 that 'DigiYatra is not mandatory,' the reality appears different.
A Local Circles survey published on January 31, 2024 reveals that out of 10,892 respondents, only 15 per cent knowingly signed up. Meanwhile, 29 per cent said they were enrolled without understanding, and 15 per cent felt they had no alternative but to sign up. This reflects a larger trend of Indians being coerced into digital systems. It reminds us of signing up for Aadhaar, which was voluntary according to court orders but mandatory in practice.
Proponents of digital systems often propose quick fixes, focusing on enhancing staff training and educating users. These measures include creating standard operating procedures (SOPs) and adding disclaimers to billboards stating participation is not mandatory. Yet, such tweaks sidestep deeper interrogation. For example, who really governs DigiYatra, and what structural incentives led to a design that disregards consent?
Citizens might assume that a program enforcing biometric identification for air travel, especially in high-security areas like airports, would be managed by a government entity. This assumption is misleading. While the Ministry of Civil Aviation labels DigiYatra as its 'initiative' and the Directorate General of Civil Aviation has released policy documents and circulars mandating airline compliance, DigiYatra is actually governed by a private entity.
The DigiYatra Foundation, established in 2019 as a Section 8 company under the Companies Act, involves the Airports Authority of India owning 26% of the shares, with the airports of Bengaluru, Mumbai, Delhi, Hyderabad and Cochin holding the remaining 74%.
This pattern of digital deployments is similar to the contact-tracing application Aarogya Setu, wherein the systems emerge with tacit state control but are controlled by private individuals. This eventually leads to deniability of accountability and remedy.
Ownership structure
DigiYatra’s flawed ownership structure promises innovation and speed in technology development by intentionally excluding government oversight. Let us give it the benefit of the doubt and assume the system functions perfectly, despite the lack of public feasibility studies or audits. Even so, its ownership model raises significant issues related to rights violations, accountability and remedy.
Firstly, coercive sign-ups occur because airport operators, as stakeholders in DigiYatra, have an ownership interest. They prioritise entry checkpoints for DigiYatra and set performance targets to boost sign-ups and adoption, sidelining consent protections for the sake of achieving scale and mass adoption.
Secondly, the type of accountability expected in public enterprises — financial and operational transparency under laws like the Right to Information Act or audits by the Comptroller and Auditor General of India — is absent. Even security audits, possibly conducted by firms associated with the Indian Computer Emergency Response Team (CERT-In), are commissioned privately, keeping their findings secret. Thus, claims about biometric data not being stored, made by DigiYatra’s privacy policy, its website or its CEO, evade independent verification.
Consequently, for the estimated 9 million passengers who used DigiYatra last year, the handling, sharing and deletion of their data remain unverified by third-party audits. This casual approach towards data protection and security is present across IndiaStack, the application programming interface where these systems are built and hosted. For instance, for weeks after its launch, the online vaccination booking platform CoWIN did not even have a privacy policy.
Finally, the most concerning issue lies in how DigiYatra’s economic incentives to collect and sell user data will fund its continued operations. Currently, DigiYatra is free for passengers, supported by development and operational funding from its airport shareholders. This, in turn, recoups costs through an airport development fee added to every air passenger’s travel expenses.
Privacy concerns
While DigiYatra, like many digital services, will remain free in the sense of not levying a financial fee for its use, it is intended to make money by selling your data. This is expressly stated within the DigiYatra Policy, and even the experience of the smartphone application that introduces value-added services like cab and hotel bookings. When made operational, it will supposedly be done only with passenger consent. However, it is a reasonable apprehension to lack trust, given the manner in which initial sign-ups already by forced registrations.
In the future, passenger data such as identity and travel details will be shared with private vendors. This potential for revenue generation poses a significant incentive to enrich and retain detailed personal data of passengers. Such surveillance concerns are also warranted given the project’s expansive ambitions beyond airports.
As revealed by the DigiYatra Foundation CEO at the Sixth Annual Airport Modernisation Summit, the project’s ‘roadmap’ envisions ‘seamless ID validation’ at hotels, other transport modes, public places, etc., essentially laying the groundwork for a mass surveillance system in urban areas. It matches the ambitions of turning Indian cities into data extractive environments, as per the smart city programme, which envisions integrating civic and policing services based on facial recognition technologies that feed integrated command and control centres.
Many people who have used DigiYatra, like many other digital services, seem to like them despite all these issues. They express delight at how they save time from the entry to the boarding gate. These experiences are valid, but they do not negate the occurrence of technical issues and rights violations.
In 2022, the famous technology writer Cory Doctorow, coined the term “enshittification” to depict the declining quality of digital platform services that, nonetheless, lock in users. Is this a fitting description for today’s air travel experience, influenced by DigiYatra? Conversations with frequent flyers suggest a deterioration in the economy, reliability and safety of air travel, with rising ticket prices, unwarranted delays under clear skies and the fears of leaking sensitive biometric and personal data leaving passengers exposed.
Modern airport complexes, constructed far from city centres, echo a dystopian blend of luxury mall aesthetics and yet the eerie feeling of a holding cell. This prompts a critical evaluation: Is DigiYatra truly facilitating travel in the “cheapest, fastest and safest” manner, or is it merely introducing distractions and new challenges? This question extends to IndiaStack and the growing clamour around digital public infrastructure as well, prompting us to ask whether they are genuinely fulfilling their promise and making our lives better.
---
Autor(en)/Author(s): Apar Gupta
Quelle/Source: Deccan Herald, 31.03.2024
Bitte besuchen Sie/Please visit:
