Skip to main content
Image source: EngageMedia

This piece was originally published by APC member organisation EngageMedia.

This article is part of Pandemic of Control, a series of articles that aims to further public discourse on the rise of digital authoritarianism in the Asia-Pacific amid COVID-19. Pandemic of Control is an initiative by EngageMedia, in partnership with CommonEdge. Read more about the series here.

As it raged through the world’s largest downgraded democracy, the COVID-19 pandemic not only resulted in a great loss of life in India, but also provided an impetus for authoritarian control. The increase in data collection justified by the pandemic has led to a populist-protectionist form of digital authoritarianism.

In 2017, one of the main architects of India’s Aadhaar, the world’s largest biometric program, made a presentation on how India must embrace data democracy, recognising the vast potential of using accessible data for profit. Even as the India Stack – a project to create a unified software platform – had been active for a few years prior, the presentation made it amply clear on what to expect for India’s technological development over the following years.

In recent years, India has focused on a deterministic usage of technology with serious implications for human rights, as seen in the use of AI surveillance systems for policing and proposals to govern personal and non-personal data.

Stacking authoritarianism: Towards an ID nation

India Stack is a set of tools and pathways for the creation of technology architecture. Led by iSpirt, a host of volunteers and software developers are working on the multi-layered India Stack to build digital “public” goods, catering to the country’s digital governance needs. A recent example of this is the Unified Payments Interface (UPI), dubbed as a fintech revolution in India for real-time digital payments. By combining digital payments infrastructure with the Aadhaar biometric system, India Stack is an attempt to exploit what is seen as a booming digital economy. However, those who have been following the India Stack (and iSpirt) story know that the group has withered into defending invasive technologies and the privatisation of what ought to be public technology, along with contributing to trolling and online hate speech against critics. One such anonymous Twitter account harassing Aadhar critics on social media was apparently set up and operated by iSpirt cofounder Sharad Sharma.

The story of India Stack is also a story of the evangelical segment of the transnational Indian technology community’s ideology. Technological determinism, embraced by India Stack’s proponents, is a unilinear idea of development and progress, which disregards others’ ideas, lived experiences and rights. It seeks to institutionalise putting more faith in technology than people. The latest case of caste discrimination by Google against Equality Lab’s Thenmozhi Soundararajan is a case in point. A strong belief in a strange mix of protectionism for the Indian technology industry and populist rhetoric and policies seem to guide much of their functioning.

During the pandemic, the CoWIN app was introduced as the sole mechanism to deliver vaccination to India’s very large population. But this approach excluded much of India’s rural population; according to the Indian Telecom Services Performance Indicator Report, only 34.60 percent of the rural population have internet access, leaving many without the option of informed consent.

In addition, instead of functioning as public infrastructure, activists and ethical technologists accused CoWIN of open-washing (presenting an initiative as open-source despite not meeting all criteria of openness). In this news report, activist Anivar Aravind suggested that the Open APIs in India’s current public digital infrastructure aren’t actually open and only promote government access and consolidation of private proprietary interests.

Multiple bugs, privacy concerns, and technology issues aside, the CoWIN app was also used to harvest data to build the database for India’s National Digital Health ID program. With GovTech becoming a big part of governance today, India is activating a slew of measures, piggybacking on India Stack to privatise and close off technology architectures from the public. While this is one side of the coin, the other is that such technologies, without adequate safeguards in place, may be used to fuel hate and discrimination, accentuating animosity and spelling catastrophe for India’s social fabric. This was seen in how digital platforms have been used to compound anti-Muslim hate during the pandemic. In late March 2020, there was a surge of disinformation targeting Muslim communities following a COVID-19 outbreak linked to the group Tablighi Jamaat. Lists identifying some of the group members and containing their personal details circulated on social media. While it is unclear whether this information came from GovTech platforms, most of the lists circulating online were prepared by authorities and bore officials’ signatures. This incident has shown how entire communities can be targeted and caricatured as super-spreaders, with technology being used to promote profiling of individuals.

Surveillance cultures: Cities of control

One of the most common manifestations of digital authoritarianism is the deployment of surveillance technology to police, control, and demarcate people. Delhi and Hyderabad’s deployment of Facial Recognition Technology (FRT) led Amnesty International to call Hyderabad a ‘police state’. Hyderabad, home to some of the biggest multinational technology corporations, has deployed around 600,000 CCTV cameras. This is in addition to the various other apps and technologies at the disposal of Hyderabad’s police department to mark, demarcate and surveil.

During the pandemic, AI-based facial recognition systems were deployed to spot violators of pandemic norms set by state and central governments. This process was normalised during the pandemic, and raises serious questions about AI and the right to privacy. Additionally, by tailoring pandemic responses to technological solutionism, the government and its agencies deployed invasive technologies to substitute for governance. This has disastrous implications. For instance, FRT can misinterpret and wrongly identify those tagged as criminals, and can be used to target certain neighbourhoods in the name of predictive and targeted policing, embedding and increasing bias in existing systems.

The pandemic has been used as a pretext for smart and 360-degree policing and surveillance in the name of maintaining COVID-19 protocols. Authorities have piloted the use of FRT systems for “contactless” vaccine delivery, a move that has raised privacy concerns and fears that this would marginalise millions of vulnerable people.

Fluxes and fissures: Data governance in India

A third arena that has registered massive fluxes during the pandemic is that of data governance. In a bid to become one of the few countries to govern the area of non-personal data, and to also address personal data protection, the Indian government developed a committee that looked at legalities and governance mechanisms for personal and non-personal data (a demarcation made by the government).

In 2018 the first draft of the Personal Data Protection Bill was released, which set a framework for the governance of personal data. Subsequent versions of the draft bill, however, reflected state intervention in the realm of personal data protection. In the revised 2019 version, the government could access private data by citing national security or public order, exempting its agencies from rules governing the processing of personal data. Even Justice Sri Krishna, who headed the committee that prepared the first draft of the bill, decried these subsequent revisions, saying it could “turn India into an Orwellian state”. As of this writing, the government has withdrawn the Data Protection Bill 2019, and has come under criticism for this move.

Concerns over data protection measures have been highlighted during the pandemic, with the government expanding its access to the personal data of millions of people, particularly health data. In an article on technology policy portal MediaNama, lawyer Sarada Mahesh suggested that India’s vaccine rollout needed a privacy policy to protect citizen data. Ensuring the security of personal data has become all the more complex with travel opening up and vaccine passports becoming important. However, concerns over the usage of personal data from contact tracing apps remains alive, since it is tied to the digital health ID architecture of India’s digital public infrastructure thrust.


India’s focus on a deterministic and ideological usage of technology for pandemic management has not only mismanaged the pandemic, but has pushed the country to contend with Orwellian realities. India’s tryst with invasive high technology for policing as governance is eroding digital public infrastructure and consolidating control over people’s data and lives.

That the pandemic and subsequent health crisis was used as an opportunity for techno-solutionism, surveillance, and control is worrying and highlights the need to pay much deeper attention to how such crises are weaponised.

Preeti Raghunath is Lecturer (Communication and Media) at Monash University, Malaysia. Her academic interests lie in communication and media governance, and media anthropology. She is currently working on developing the philosophical and pragmatic approach of Critical Data Governance, and is most interested in using this lens to contextualise and historicise the linkages between people, data, and governance in South and Southeast Asia.