Keywords: Panopticon, Surveillance, Ethical Dilemmas, Privacy, Big Data, Legal Boundaries
Abstract
The quintessential argument of this paper is that we stand at a Panoptic dilemma, a crossroads where the benefits of surveillance would clash with its costs. By launching an interrogation of the legal boundaries of the subject and its ethical quandaries, the paper aims to map out a course that hopefully balances power with accountability. The paper aims to critically analyse prominent legislations like the IT Act of 2000 and the new DPDPA, 2023, along with the EU’s GDPR and others, to explore how these legislations across the board deal with the challenges posed by modern surveillance technologies. This will lead to demystifying the gaps that exist within these codes and how these state and non-state actors exploit these gaps? The paper further seeks to explore the ethical complications of ubiquitous surveillance and its impact on the privacy and individual autonomy of the individual. It also looks into whether the purported benefits of surveillance can justify the erosion of privacy.
Introduction
The Latin adage “Scientia est potential”, which means “knowledge is power”, holds true now perhaps more than it ever has. In the 21st century, the pursuit of knowledge has now been converted into this lust for data, which is essentially driven by the belief that whosoever would possess the most amounts of data would inevitably wield influence which would be unparalleled. Another facet of this new exploration is that it is not confined to the corridors of power in the governments of the world but has also penetrated through the billion-dollar corporations. The sole yearning of these entities is to accumulate vast datasets, which would essentially be their critical leverage in a data-centric world. These entities, through predictive policing to targeted advertisements, are in a relentless pursuit of gathering information which would inevitably raise questions regarding legal and ethical boundaries of surveillance, as both state and non-state actors continue to exploit the gaps that persist in the modern regulations to consistently expand their reach as much as they can. Governments all around the world try to explain away these mass surveillance activities in the name of national security whilst they covertly develop tools like the NSA’s PRISM program in the United States. or the People’s Republic of China’s Social Credit System Used to monitor billions. Also, technological giants like Meta, Google, and Amazon have made their fortunes by extracting, analysing, and profiting from user behaviour. Their entire business model is to use this private information about people to push targeted adverts. Shoshana Zuboff, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power 78 (2019). What can be clearly observed is that this insatiable lust for data has transcended idealogy and geography. It has become somewhat of a universal obsession which is fuelled by the realisation that control over information equates to control over people. Nevertheless, as surveillance technologies advance, they reveal a rather disturbing paradox: the very mechanisms which were intended to safeguard societies now run the risk of undermining the liberties they
At the heart of this debate lies the concept of The Panopticon, a metaphor for modern surveillance derived from Jeremy Bentham’s 18th-century architectural plan for a prison, is central to this discussion. Bentham’s Panopticon had a circular network of cells around a central watchtower, its novelty was psychological and not physical as the detainees had no idea if they were being monitored, forcing them to monitor their own behaviour. Bentham described it as a “machine for grinding rogues honest.” However, its effects stretched far beyond punitive reform. The Panopticon represented a startling idea: power operates most efficiently in the midst of uncertainty. About two centuries later, a philosopher known as Michel Foucault resurrected the Panopticon in his book called The Discipline and Punish, where he reimagines the old metaphor for modern societal control. According to Foucault, the Panopticon symbolises how modern institutions enforce conformity within one, not through brute force but through constant observation, normalisation, and the internalisation of surveillance. Foucault, in his works states that “He who is subjected to a field of visibility assumes responsibility for the constraints of power.” The watched in this case would eventually become their own jailor and would end up changing their behaviour to conform with the imagined norms.
Whilst Bentham’s Panopticon was metaphorical, the technology of today has made it a tangible reality. Governments all around the world have been known to employ programs for the surveillance of their citizens, and more often than not, they justify doing so under the guise of national security. The technocrats of the world are in agreement to harvest the personal data of global citizens and are looking to leverage it for greater profits and greater influence, making Foucault’s theory an evident reality. In this digital Panopticon, surveillance is ubiquitous, asymmetrical and palpable. All of these activities are essentially blurring the line between public safety and control. There is a stark asymmetry in the way the people are being constantly observed, and they lack the ability to know who monitors them; this imbalance essentially reinforces the power hierarchies, which inevitably favour the interest of the state and corporations ahead of the individual’s autonomy.
The quintessential argument of this paper is that we stand at a Panoptic dilemma of sorts, a crossroads where the benefits of surveillance would clash with its costs. By launching an interrogation of the legal boundaries of the subject and its ethical quandaries, the paper aims to map out a course that hopefully balances power with accountability.
Research Methodology
The paper engages a qualitative research approach, which is essentially a synthesis of theoretical analysis and various case studies in order to analyse several legal and ethical dimensions of modern surveillance. The piece further relies on multiple pieces of legislation, academic literature, court judgements, and reports on surveillance practices. An attempt has been made to draw a comparative analysis of regional and global regulatory frameworks to gain an understanding of the deficiencies within these codes and what can be done to make them more comprehensive.
Literature Review
The surveillance technologies all around the globe have surpassed the development of legal frameworks which were supposed to regulate them. Europe’s General Data Protection Regulation (GDPR) is perceived as the gold standard as it remarkably emphasises principles such as transparency, consent and accountability. Nevertheless, it comes with its own set of limitations, which are most evident when it comes to addressing challenges related to Artificial Intelligence (AI) and big data analytics. Another Western powerhouse like the United States, unfortunately lacks a federal privacy regulation and instead relies on other sector-specific regulations like the Electronic Privacy Act of 1986 (ECPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA),s which were perhaps good for the time in which they came out but now are understandably ill-equipped to be able to regulate modern surveillance practices.
In the Indian Context, The Information Technology Act, 2000 marked the nation’s first legislative attempt towards regulating data protection and digital surveillance. However now, the provision s of this legislation appear antiquated and fall short of addressing the complexities posed by the contemporary surveillance technologies. The recently proposed Digital Data Protection Act, 2023, (DPDPA) aims to bridge these gaps by establishing a Data Protection Authority (DPA) and by introducing more stringent safeguards governing data protection and processing. However the critiques have constantly flagged the broad exemptions provided to the state by the 2023 act in the name of maintaining public order and national security would in reality enable unchecked surveillance and monitoring. The Pegasus Spyware Scandale serves as a stark illustration for these concerns, the Israeli software originally intended to be used against organised crime and terrorism was employed to serval opposition leaders and journalists. These legal frameworks’ plight spotlights the challenges that they face in balancing the individual’s right with the state’s interest.
The gaps within these frameworks are exploited by both the state and non-state actors. Something similar was evident through the Snowden revelations, which exposed a behemoth of the west like the United State’s National Security Agency (NSA) circumvented legal and constitutional boundaries to conduct mass surveillance. Through the PISM program by the said agency collected vast amounts of data from big data giants without any proper oversight or transparency. This exposes the intent of these actors and is a stark reminder of where their intentions differ from ours. Similarly, in India, the Adhaar program which was initially posed as a tool to be for effective welfare delivery but was later repurposed for surveillance. Initially this was heralded as a cornerstone for digital governance, but overtime concerns have mounted over the kind of repurposing it has gone under, coupled with numerous reports of data breaches and misuse of the data collected.
Ever felt like whatever you have been talking about suddenly you are flooded with adverts for the same? That is because big data corporations of the world are unbelievably good at exploiting the regulatory loopholes and monetise personal data they collect. This belief was reaffirmed by the Cambridge Analytical Scandal which threw light over how social media giants of the world knowingly allow third parties to access the data of their users without the consent of the individuals themselves and at times even to manipulate the outcomes of the upcoming political outcomes. If we look over in India there is dearth of robust data protection laws too and which has led to creation of an environment where big data giants have be known to collect, store and monetise vast amounts of personal data of the Indian citizen. A rather telling example for this would perhaps be the conservancy surrounding Reliance Jio, where it was claimed that the Indian giant was sharing the data of its users with third parties and the state authorities without the knowledge and the consent of its user base. This is again a rather sterling example of how corporate objectives and state’s interest weigh far beyond individual rights.
Also, the ethical conundrum that is posed by the kind of omnipresent surveillance that goes on has been for long a serious debate all over the world. Through a unilateral leans the kind of surveillance that goes on can perhaps be justified by touting its purpose as security and public welfare. There have been proponents of this line of though especially after the reduction in crime rates post the introduction of surveillance cameras equipped with facial recognitions systems have led to noticeable reduction in crime rates in mega cities like London and Delhi. Whereas the opposition to this approach stand at a morality based pedestal that lay specific emphasis over the intrinsic value of privacy and autonomy. They are staunchly arguing against the said utilitarian perspective regardless of any short term benefits that may be apparent against the violation of fundamental rights of the individuals. A fuel to fire moment for this prospective happened when the supreme court heard the case of K.S Puttaswamy v Union of India in 2017 which led to the recognition of privacy as a fundamental right in India. As big a triumph as the landmark judgment may have been for individuals right against that of state’s interest and corporate objectives controversies like that of Adhaar scandal, Pegasus scandal have continued to erode faith in the systems as privacy time and again takes a beating in the name of national security and public welfare.
Since the genie is out of the bottle and here to stay, there have been thinkers like Helen Nissenbaum who tries to explain privacy as not just one’s control over their personal information. She rather puts it as a careful and meticulous system where one decides what kind of personal information would be appropriate for them to share given the situation’s social context. She coined this exercise as “contextual integrity”. Through this what she has tried to lay emphasis is on that fact that different social setting have different norms attached with them. Meaning, who can share what sort of information with whom and what would be the accompanying conditions alongside with it forms the premise of this exercise. She argues that privacy is maintained in all social settings if these preconceived norms are adhered to. Given her explanation violation of one’s privacy would happen when an individual’s data moves outside a certain context. Whereas, if we look at it from the vantage point of surveillance it would essential boil down to not just whether if, the data is collected but rather, that data is being used in a way that would break these established societal expectation.
Even if one benevolently give the benefit of doubt to the state’s interest, the core ethical dilemma still persists if the supposed benefits of surveillance are enough to justify the intrusion on privacy. There are those who argue that privacy is but a modest concern and pails severely when put in comparison with surveillance, especially when framed as a matter of national security, crime prevention and public health. Example of contact tracing app is used during the COVID-19 pandemic is often quoted in this context. Critiques are also known to caution against uncheck surveillance having impact not only upon the privacy of said individuals but may also have far reaching effects on the democratic lives of the people as well. Further there are also reservations that this kind of belligerent surveillance may lead to a ‘chilling effect’ which is a situation in which the subjects become overly conscious of their activities being under observations upon which they begin to self-censor. This is problematic because this may lead to a reluctance in voicing any dissents or engage with topics that may be mildly controversial or may have a tendency to attract official scrutiny even when they might be lawful in nature. A scenarios like this is deemed to be the death of democracy through the slow killing cancer of surveillance. This is a situation identical to what Bentham and Foucault explored through their works, they may not have used the exact phrases but were touting towards this direction. Bentham in his writings stated that the effect of the Panopticon would be like having power of mind over the minds of the imprisoned Bentham, The Panopticon Writings, p. 29). This idea virtually mirrors the condition that creates the chilling effect, where the individuals consciously alter their behaviours to conform with the acceptable norms. Further Foucault in his work Discipline and Punish (1975) takes a critically look at the ideation of Panopticon by Bentham and terms it as a metaphor. He goes on to describe how according to him surveillance functions not only through external observation but also through the internalisation of the gaze by the individual who end up policing their won behaviour. “He who is subjected to a field of visibility, and who knows it, assumes responsibility for the constraints of power; he makes them play spontaneously upon himself; he inscribes in himself the power relation… he becomes the principle of his own subjection.”(Foucault, Discipline and Punish, p. 201).
Method Employed
The paper engages qualitative research in order to analyse various legal and ethical dimensions of the modern surveillance . The paper is fundamentally grounded in theoretical farmwork which particularly draws from Jeremy Bentham’s Panopticon, Michel Foucault’s Disciplinary power, supplemented with contemporary critiques of surveillance capitalism of Shoshana Zuboff and Helen Nissenbaum’s ideation of individual’s privacy.
The research further relies on various primary and secondary sources which would include legislations such as the European General Data Protection Regulation (GDPR, India’s Information and Technology Act, 2000, proposed Digital Personal Data Protection Act, 2023.
The paper further relies on certain case studies such as the Pegasus Spyware scandal, India’s Adhaar Program, PRISIM Program by (NSA), Cambridge Analytica Scandal.
Apart from that reliance has been placed on various books, scholarly articles and reports on data protection, surveillance and privacy.
The piece implores to ethically and comparatively analyse the gaping holes of various legal frameworks around the globe, to be able to assess the implications on privacy and autonomy of individuals. By drawing together these perspectives, the paper aims to offer a nuanced understanding of the Panopticon dilemma and further seeks to suggest thoughtful measures to be able to strike a appropriate balance between power and accountability.
Future Direction and Possible Solutions to the Dilemma
Right of the bat the proposed legislation of the Digital Personal Data Protection Act, 2023, (DPDPA) should go through a round of amendments as to be able to curb the broad exemptions the statute bestows upon the state in the name of maintaining public order and national security. Another safeguard that can perhaps be added is that the said exemptions shall be made subject to judicial oversight to prevent any kind of misuse. What can further be improved is that the proposed legislation can draw further inspiration from the EU’s GDPR which pays a greater emphasis over principle such as consent, accountability and transparency. The European law has provisions such as the right to be forgotten and provision on data portability that should ideally be a part of the new regulation. Another very integral amendment that can be made to the proposed framework is that the (DPA) Data Protection Authority shall be made independent and should be bestowed with the ingrained power to investigate an penalise any violators. The authority should also be provided with power to conduct regular audits of various surveillance programs that will ultimately be key with the honest compliance of the said provisions.
Secondly, all the state and non-state actors can be statutorily compelled to publish an annual transparency report mandatorily which will shed light on the scope and purpose of surveillance activities undertaken by these entities. This is already a mandate under the GDPR for any big data corporation that operates within its applicable jurisdiction. Further, inspiration can be drawn from the United States to introduce judicial scrutiny whenever surveillance is requested by the state agencies. This can act as a faithful check against arbitrary and excessive surveillance. Other than this, the state authorities must engage in public consultations before introducing any new surveillance technologies. They should lead these discussions by explaining how are they different from the current models and what could be the possible impacts that may be faced if they are implemented.
The states and corporates together should develop and stringently adhere to ethical boundaries that would guide their surveillance activities. These guidelines should be guided by principles of proportionality, necessity and minimal intrusion. Apart from that laws should be made more comprehensive for the protection of the whistle-blowers who courageously come forward to expose the unethical surveillance activities as was also observed in the case of Snowden.
Governments and corporates should be statutorily be compelled to invest and incorporate Privacy Enhancing Technologies like encryption and anonymisation to be able to safeguard personal data. Measures like these are employed by Meta’s WhatsApp and Apple’s I-Messages they use end-to-end encryptions to ensure the privacy of the data of their users. Further a grave concern that needs to be solved imminently is the need for data localisation within the jurisdiction of the state. This could be done through technologies like blockchain which would make the storage of these datasets decentralised and significantly reduce the risk of mass data breaches.
The state’s authority can launch campaigns for the citizen to educate them about their digital, privacy rights and what would be the prospective risks associated with surveillance. Something similar is also included within the provisions of GDPR in Europe. India can further endeavour to collaborate with other global international bodies to develop international standards for how standard surveillance operations are to be conducted and how the personal data of the individuals is to be protected.
Lastly, regulations that allow for surveillance should mandatorily include sunset clauses which would require a periodic review and renewal to prevent any overreach.
From Panopticon to Possibility
The Panopticon dilemma lies in the profound tension that exists within the modern surveillance regime, it is both a shield and as well a shackle. Whilst, surveillance technologies do indeed offer immense benefits when it comes to security but one shall also remain mindful of the possibility of it intruding over people’s privacy, opinion and free discourse. The paper had aimed to highlight the gaping hole that persists around the world’s regulatory frameworks, and to law an analysis of the ethical quandaries of ubiquitous monitoring. The only way forward would demand a nuanced approach one that would marry the benefits of surveillance and rugged safeguards for the protection of individual autonomy. To be able to ingrain principles of accountability, transparency are of utmost importance when one invasions the further development of these technologies. The challenge no doubt is formidable but it’s a matter of absolute necessity that there tools shall remain tools that work for the public purpose and not against it. If any failure is observed it would straight away led this to be a tool for oppression and all hell will break loose.