The flight of rights

Long years ago, Air India released an advertisement for Bombay residents, offering a flight to Delhi to join in celebrating India’s first Independence Day festivities. Priced at a princely sum of 140 rupees, the ad promised the “cheapest, fastest, and safest” mode of transport. Over time, these promises have faded as air travel has become ubiquitous yet more expensive, cumbersome, and unreliable. Today, technological solutions like DigiYatra, often hailed as panaceas, rather than mitigating a passenger’s woe only add to their misery. This is a pattern that is widespread across several deployments of what is today termed as Digital Public Infrastructure.

Many air travelers have already encountered DigiYatra, now implemented across 13 Indian airports and soon to be expanded to all, according to the Ministry of Civil Aviation. Where active, it often involves ground staff armed with smartphones or seated beside facial scanners, enrolling passengers at entry gates—sometimes without their consent. Opting out is challenging: not only do many airports predominantly feature DigiYatra-only gates, but ground staff also seem to treat sign-ups like a game of ‘gotcha.’ Despite the Ministry of Civil Aviation stating on August 23, 2023, that ‘DigiYatra is not mandatory,’ the reality appears different. A Local Circles survey published on January 31, 2024, reveals that out of 10,892 respondents, only 15% knowingly signed up. Meanwhile, 29% said they were enrolled without understanding, and 15% felt they had no alternative but to sign up. This reflects a larger trend of Indians being coerced into digital systems. It reminds us of signing up for their Aadhaar, which was voluntary in court orders but mandatory in reality. 

Proponents of digital systems often propose quick fixes, focusing on enhancing staff training and educating users. These measures include creating standard operating procedures (SOPs) and adding disclaimers to billboards stating participation is not mandatory. Yet, such tweaks sidestep more deeper interrogation. For example, who really governs DigiYatra, and what structural incentives led to a design that disregards consent? Citizens might assume that a program enforcing biometric identification for air travel, especially in high-security areas like airports, would be managed by a government entity. This assumption is misleading. While the Ministry of Civil Aviation labels DigiYatra as its ‘initiative’ and the Directorate General of Civil Aviation has released policy documents and circulars mandating airline compliance, DigiYatra is actually governed by a private entity. The DigiYatra Foundation, established in 2019 as a Section 8 company under the Companies Act, involves the Airports Authority of India owning 26% of the shares, with the airports of Bangalore, Bombay, Delhi, Hyderabad, and Cochin holding the remaining 74%. This similar pattern of digital deployments such as the contact tracing application Aarogya Setu that emerge with tacit state control but are controlled by private individuals lead to deniability for accountability and remedy.

DigiYatra’s flawed ownership structure promises innovation and speed in technology development by intentionally excluding government oversight. Let’s give it the benefit of the doubt and assume the system functions perfectly, despite the lack of public feasibility studies or audits. Even so, its ownership model raises significant issues related to rights violations, accountability, and remedy. Firstly, coercive sign-ups occur because airport operators, as stakeholders in DigiYatra, have an ownership interest. They prioritize entry checkpoints for DigiYatra and set performance targets to boost sign-ups and adoption, sidelining consent protections for the sake of achieving scale and mass adoption. Secondly, the type of accountability expected in public enterprises—covering financial and operational transparency under laws like the Right to Information Act or audits by the Comptroller and Auditor General of India—is absent. Even security audits, possibly conducted by firms associated with the Computer Emergency Response Team, are commissioned privately, keeping their findings secret. Thus, claims about biometric data not being stored, as stated by DigiYatra’s privacy policy, its website, or its CEO, evade independent verification. Consequently, for the approximately 9 million passengers who used DigiYatra last year, the handling, sharing, and deletion of their data remain unverified by third-party audits. This casual approach towards  data protection and security is present across IndiaStack. For instance, for weeks after its launch the online vaccination booking platform Co-WIN did not even have a privacy policy. 

Finally, the most concerning issue lies in how DigiYatra’s economic incentives to collect and sell user data will fund its continued operations. Currently, DigiYatra is free for passengers, supported by development and operational funding from its airport shareholders, which in turn recoup costs through an airport development fee added to every air passenger’s travel expenses. While DigiYatra, like many digital services, will remain free in the sense of not levying a financial fee for its use, it is intended to make money by selling your data. This is intended as per the DigiYatra Policy and even the experience of the smartphone application that introduces value-added services like cab and hotel bookings. When made operational it will supposedly be done only with passenger consent, however it is a reasonable apprehension to lack trust given the manner in which initial sign-ups are through a privacy violation. Here passenger data such as identity and travel details will be shared with private vendors. This potential for revenue generation poses a significant incentive to enrich and retain detailed personal data of passengers. Such surveillance concerns are warranted, given the project’s expansive ambitions beyond airports. As revealed by the DigiYatra Foundation CEO at the Sixth Airport Modernization Summit, the project’s ‘roadmap’ envisions ‘seamless ID validation’ at hotels, other transport modes, public places, etc., essentially laying the groundwork for a mass surveillance system in urban areas. It matches the ambitions of turning Indian cities into data extractive environments as per the smart city programme that envisions integrating civic and policing services on the basis of facial recognition technologies that feed integrated command and control centers. 

Many people who have used DigiYatra, like many other digital services, seem to like them despite all these issues. They express delight at how they save time from the entry to the boarding gate. These experiences are valid however, do not negate the occurrence of technical issues and rights violations. In 2022, Cory Doctorow introduced the term “Enshittification” to depict the declining quality of digital platform services that nonetheless lock in users. Is this a fitting description for today’s air travel experience, influenced by DigiYatra? Conversations with frequent flyers suggest a deterioration in the economy, reliability, and safety of air travel, with rising ticket prices, unwarranted delays under clear skies, and the fears of leaking sensitive biometric and personal data leaving passengers exposed. Modern airport complexes, constructed far from city centers, echo a dystopian blend of luxury mall aesthetics and yet the eerie feeling of a holding cell. This prompts a critical evaluation: Is DigiYatra truly facilitating travel in the “cheapest, fastest, and safest” manner, or is it merely introducing distractions and new challenges? This question extends to IndiaStack the growing clamor around Digital Public Infrastructure as well, prompting us to ask whether they are genuinely fulfilling their promise and making our lives better.

(An edited version of this article was published in the Deccan Herald on March 31, 2024)

Leave a Reply

Your email address will not be published. Required fields are marked *