Surrenderance of privacy in exchange of national security in the wake of Digital currency

This article was adjudicated as the third best entry to the First NLUJ CSBF Essay Writing Competition, 2019-20. The article was submitted by Rachel Mary Jacob & Angelina Joy. The authors, at the time, were students at National University of Advanced Legal Studies, Kochi [NUALS].


The authors through this essay would like to draw the attention of the general people towards the predicament of privacy breaches and constant surveillance that would arise out of the lack of adequate robust machinery of legislations that focuses on fostering the right to financial privacy. With an increased inclination of the state to move towards a digital alternative to the current currency system from a cash-based society toward a cashless society it is imperative that a serious deliberation is made on the topics of digital currency, financial privacy, national security. And the privacy breaches taking place in the embodiment of state surveillance facilitated through an inexhaustible list of national security concerns    which comes hand in hand with the increased use of digital currency. The author starts by stating the different complications resulting from malafide acts of private individuals in the context of taking our currency the digital way, then the concerns shifts to a graver issue i.e. uninterrupted and continuous state surveillance by mining our financial data, the act of which is being strengthened by the current ‘The Personal Data Protection Bill’. The author critically analyses the different nuances of the Bill concerned with State surveillance and how it provides as a detrimental factor for individual privacy regarding his financial tracts which would evidently result in individuals making hyperconscious choices hence invalidating their right to personal autonomy within right to privacy, further the author relooks the Puttaswamy judgment and tries to address the privacy violation taking place within the ambit of the endorsement made in the judgment. The author while addressing the problem believes that an active support of all the organs of the government from the legislature to the judiciary upholding the need for the recognition of right to financial privacy within the framework of right to privacy can accentuate the sanctity of financial data.

Nuances of going digital for currency

Digital currency, according to the Bank for International Settlements in the “Digital Currencies” report of November 2015, is an asset represented in digital form and having some monetary characteristics.[i] Digital currency can be represented as electronic money or e-money. It can be denominated to a sovereign currency and issued by the issuer responsible to redeem digital money for cash. Digital currency denominated in its own units of value or with decentralized or automatic issuance will be considered as virtual currency.

A system void of physical currency where digital currency replaces the role and need for physical currency or cash is one which many countries around the globe are moving towards.

 It can be recognized that going the digital way has a lot of benefits such as convenience and ease of transactions since money can be paid in real time, helps in saving time and efforts that had to be put into logistics for the transportation and payment of the money especially in the case of large transactions where previously one had to go about with bundles of paper currency, crimes in regard to this can also be avoided to some extent. There is also an increased confidence in transactions as the parties get the confirmation of the money being deposited instantly reducing the hassle of procedures to be followed to get the other party to honor a dishonored cheque. Financial management becomes easier as the entire budget can be presented and availed at one’s finger tips instantly at any given point of time from the electronic data stored. With an increased dependence and rise of digital currency it is inevitable that the amount of paper currency needed in circulation will reduce, the State will no longer need to mint currency. [ii]

However, a Panglossian outlook towards going the digital way will backfire badly, should one overlook the cons of e currency and fail to safeguard against it with practical solutions. Without a minute examination of the problems arising and immediate remedies digital currency may prove to be a fatal blow to the economy.

Nigeria bore the brunt of taking a peripheral view on digital currency and has paid the price of more than $450 million for not exercising proper caution. Central Bank of Nigeria (CBN) had introduced cashless system on a pilot basis in Lagos on January 1 2012. Since then the number of online transactions had slowly increased[iii], simultaneously the number of cyber-crimes also increased. The Minister of Communication Adebayo Shittu in a statement to the press had said that the there was a loss of over $450 million in the year 2015 alone due to cyber-crime.[iv]

Denial of service attacks[v], ransom ware,[vi] man in the browser [vii]attacks are some types of cyber-attack threats faced in the use of e-money where legitimate uses are denied of services, taking of data and files of the host device as hostage and holding it to ransom, surveillance when the legitimate user logs onto banking sites and online payment portals to make payments respectively. Phishing attacks, interception of OTA transmission, jail broken and rooted devices[viii] are other common cyber threats that the user’s digital currency in today’s world has to overcome.

Data breaches and cyber-attacks are not crimes that happen in some distance place that does not concern the common man in India but rather a serious problem that has already crossed the moat and entered the fort. The impact of rushing towards a digital cashless society without taking the proper precautions beforehand has had India stand witness to, under the Digital India program an initiative of the government, the biggest financial data breaches in the entire banking history of India, the digital fraud through the BHIM app as well as the e wallet app. These two incidents have highlighted and cemented the consequences of a hasty decision to turn to a digital currency. This failure should serve as a deterrent to future quest to adopt digital currency without having the proper facilities to support the move.

Digital currency is truly a challenge to even developed countries in the face of the threat posed by cyber-crime however in the case of developing countries it is not just this issue that has to be overcome but also the problems caused by the lack of appropriate infrastructure and a proper support system. Outdated operating systems, problems in network connectivity, the lack of access to internet connection are some infrastructural shortcomings that developing countries have to overcome before they can even consider digital currency to be viable option for their country. Support of service providers and other support systems for a successful transfer towards digital currency is a must. Banks especially in the case of India where a sizeable chunk of the population does not have bank accounts and still depend on hard cash for their financial transactions the necessary support has to be provided for digital currency to flourish. The general financial capabilities as well education of the populace also has to be taken into consideration, cost of internet, extra charges on transactions made by digital mode, limitations on the amount of each transaction, lack of techno society or awareness towards digital currency, affordability of smart phones all these has an important role in making or breaking the advent of digital currency in a given society.

The advent of big data and the internet of things moved the discussion to from problems of common parlance to privacy infringements. Unlike the traditional currency which leaves no trail, the digital payment holds the potential to leave its trail as individuals in their mundane lives drop their digital footprints in every digital transaction and movement.[ix]

Big Brother Surveillance

Another hiccup arises from the activities of state actors. There is always a looming danger of state surveillance. The Indian state proactively wants to have real time access to the  the humongous inflow of the data as was evident from the Blackberry case of 2010 wherein the government insisted upon having access to monitor the  the user data from the private entity or to ban the company on refusal to abide with the governmental impositions which led to the partial access of the government to the services[x]. Later the state wanted to acquire real time access to the encrypted data by limiting the encryption by private companies to not more than 40 bits without the prior permission from the government., for the same WhatsApp was in turmoil for exceeding the encryption rate by around 200 bits[xi], later the Draft National Policy of 2015 released an addendum providing an exemption to social networking apps like Facebook, Twitter, WhatsApp, payment gateways when an apprehension of state surveillance was sensed by the citizenry. According to the 2019 Forrester Global Map of Privacy Rights and Regulations India has been compared to the likes of China when it comes to state surveillance[xii].

As compared to the ordinary hard cash the digital currency has the ability to leave digital trail of the data principal making him vulnerable to unwanted intrusions in the nascent stages of the life of the data principal as is evident from the bombardment of mails, SMS in our inboxes for the advertisements by webbots[xiii].

With the coming of big data, privacy related concerns of an individual has increased many a fold since this threat is not only induced by private actors but also from state actors who wield a larger portion of the power leading to power inequilibrium in controlling the data of the respective individuals especially when an inexhaustive lists of national concern is drawn which often results in making the data principal a dumb spectator watching his data being grabbed by a powerful entity. Since the data is the new oil[xiv] it often catches the fancy of the oligopolist in order to exploit the general citizenry by calculating their vulnerabilities based upon a sophisticated algorithm infrastructure.

An individual often expects a higher degree of privacy protection from the State ideally due to the asymmetric power dynamics[xv] wherein the State wields its power by the virtue of it being a sovereign and thrusting upon obligations by being in a position of a determinant human superior[xvi], though privacy protection is expected from each and every entity but it varies in its degrees, when it comes to the private entity it is solely  based upon consent of the individual in the user end agreement, choice, control even if it is illusionary, but privacy protection from the State emanates from the Preamble of our Constitution primarily based upon the notions of freedom, liberty and dignity.

Surveillance through digital currency by State actors is not new to the world as it had been widely practiced especially through the  social credit system by the Chinese government to track the citizens to eventually arrive to a ‘trust score’, it has been reported that the credit score system has already blocked the citizens from taking more than 11 million flights and 4 million train trips[xvii].

Limiting state surveillance in acquiring user data is the need of hour which the current Data Protection Bill fails to address and facilitates to more arbitrary interpretations by the state actors which gives the State free hand in acquiring user data according to its whims and fancies, hence we have effectively sleepwalked into a surveillance society[xviii]. The Data Protection Bill while recognising the privacy violation by private individual and addressing the issue in the most holistic manner by virtue of Section 12[xix] gives leeway to the State hence undermining its end aim in securing a digital economy.

Irregularities in the current Legislation

Ambiguities in dealing with State’s intrusion in a data principal’s starts crawling from Section 13 of Part II of the Bill[xx] wherein the bill gives the State a free hand in harvesting user data for any State purpose which is welcome to many interpretations by virtue of the inexhaustible criteria which one can put in for extracting data from the concerned data principal. Section 13 (2)[xxi] allows processing of data from the data principal if it is done for the benefit or service of the same, which leads to an exceptional abstruse inquiry since the ‘service’ or ‘benefit’ has not been defined in the bill[xxii].

When it comes to the processing of sensitive data such as credit card, debit card information, our credential etc Section 19 of the Bill[xxiii] provides a safeguard in such data harvesting by a precondition of processing of data only if it is ‘strictly necessary’. But how would this Section prove to be as a shield depends entirely on its interpretation by the State players, a liberal and anarchic interpretation would certainly transform this shield into a sword against the masses. For example, if we were to consider processing of our credit score to study consumer spending the government can easily argue that such harvesting of our consumption pattern is ‘strictly necessary’ for the next Union Budget for say regulating tax cap in certain commodities. Hence the Bill through Section 13 and Section 19[xxiv] instead of providing essential protection to the citizenry gives complete immunity to the Sate actors to process the personal and sensitive data of the masses[xxv]. The Bill hence propagates the facilitation of the collective interest at the cost of consent[xxvi].

The concerns regarding our digital currency data enhances by virtue of Section 42 of the Bill[xxvii] which specifically deals with processing of the data for the security of the State, this is a 3 folded argument. Firstly, the Section states about the application of proportionality principal while processing the data, it is of pertinent observation to note that the Report[xxviii] itself defines national security as a nebulous term, further ‘the State will be hard pressed to justify that mass surveillance is a proportionate response to a security threat’[xxix].

The second fold of argument is that the data stored by the state data fiduciary is exempted from complying with the purpose/collection/data storage limitation which implies that the data collected can be stored for as long as it is deemed to be ‘necessary’ or ‘proportional’. Here a looming danger surrounds regarding the facilitation of data collected from one source to monitor the other aspects of an individual’s life, for say the data collected from my online wallet can be used to track my financial status, my daily requirements, itinerary, life choices , which can well establish a daily pattern and be used for my profiling against me later in time.

The third argument is in lieu with the previous one which is greater profiling of an individual would lead to loss of breathing space and could lead to a discriminatory pattern based upon the varied differences in caste, religion, gender etc.[xxx].

A relook on the Puttaswamy judgment in the context of going digital

The nine judges in Puttaswamy[xxxi], were unanimous in their view of privacy forming the constitutional core of human dignity and autonomy. The right to privacy would include a bundle of rights such as the right to privacy of beliefs, thoughts, personal information, home, and property.

Right to privacy of personal data could also be seen as the claim of individuals to “determine for themselves when, how, and to what extent information about them is communicated to others“.[xxxii] The data protection bill of 2018 has narrowed the scope of sensitive data and has widened the ambit of state intervention. Earlier legislations like IT(Amendment) act 2008, DSCI Data Security Framework, Microfinance (Development and Regulation) Bill, 2011 (Draft), Code of Banks, Code of Conduct by the Indian Banks Association (IBA) all had created an intricate set of methods to prioritise the consent of the individual in regards to sharing of their financial data and bank records to third parties including the state but the new data protection bill has undermined the concept of consent of the individual on the collection of their personal information by the state by the application of different standards for private parties and the state on the basis of national security and functions.

Right to privacy is also seen as an assertion of individuals to “determine for themselves when, how, and to what extent information about them is communicated to others”[xxxiii]. Such normative account of privacy dictates our association with our peers, society and State. With the coming of digital currency our interlinking to such entities have become even more intrinsic, since cash is the tool through which an individual facilitates his everyday ventures which formulates his social standing and in turn composes his correspondence to his peers, society and State. This normative form of right to privacy was given judicial admission by Inter-American Court of Human Rights in the In Vitro Fertilization case[xxxiv]  and was also endorsed by the 9-judge bench in the Puttaswamy case in upholding the view.

While dissecting the different ambit of privacy and its superimposition on digital privacy of digital currency users one must specifically take note of Gary Bostwick’s[xxxv] construction of privacy as ‘repose’, ‘sanctuary’ and ‘intimate decision’. Herein ‘repose’ indispensably means freedom from unwarranted stimuli, unwarranted stimuli in the context of digital currency can happen via the likes of cyber security threats such as ransome ware, denial of service etc. Whereas sanctuary acutely emphasizes on the protection from intrusive observation, insistence is given on protection against both private and state entities, while the current legislation has gone rigid over the unwarranted exploration by private entities it falls short over regulating state surveillance. The third limb of the framework i.e. intimate decision essentially means the autonomy to make personal life decisions but in the wake of big brother surveillance it creates a chilling effect[xxxvi] which results in a type of ‘psychological restraint’ in the ability to think and act and thus effectively paralysis an individual’s autonomy in the nitty gritty aspect of his life. Since our digital trail of financial transactions can determine our sexual preferences, food habits, friendships, family relationships, language, ethnicity, political affiliation etc the individual would then have to make hyperconscious choices to invalidate the constant intrusive surveillance put up against him by an omnipotent and omnipresent entity i.e. the State.

While evaluating Allen Westin’s[xxxvii] pioneering elements of privacy which regulate a person’s extent and involvement in the public sphere the author wants to put forth the 2 basic stumps on which an individual’s discourse in the public realm stands, namely ‘anonymity’ wherein an individual seeks freedom from identification despite being in public domain, with respect to digital currency, an individuals’ transaction essentially is facilitated in a public domain though by virtue of it being a public platform the individual may not necessarily consent himself to be identified in his mundane endeavours and would want a structured freedom in the commission of his daily activities with the surety of not being disproportionately observed. The second stump which the author wants to put forward is ‘reservation’ which is enunciated as “the need to hold some aspects of ourselves back from others, either as too personal and sacred or as too shameful and profane to express[xxxviii]. Financial transactions often revolve around the abovementioned personal, sacred and shameful aspects, our financial dealings can reveal a plethora of our inner vices which in a civilized society we may not want others to be made aware of especially with the view of not being judged by our peers. While on a personal level, individuals can have a pandora’s box of reservation which they may not want to let others be aware of which may be later used against them as a source of their vulnerability.

Recognition of right to Financial Privacy

With access to financial information there is a real time tracking of ones every action and reaction, every transaction and interaction. Each place you have been to, the transportation you used, your arrival time and departure time, what you ate and wore every single transaction recorded and stored permanently. China’s social credit system is just the beginning of an impending avalanche of crisis awaiting the world community at large should the right to financial privacy not be recognized.

In fact, even a White House-commissioned Report has cautioned against the usage of algorithmic systems such as predictive policing software, given its subjectivity nature and possibility of increasing profiling and discrimination.[xxxix]

In the case of United States v. Miller[xl] the court had declined to extend constitutional privacy protection to financial records maintained by the banks. The decision was justified on the grounds that bank customers should not have expectations of reasonable privacy towards their financial transactions since they have voluntarily revealed their financial transactions to the bank by availing the services provided by the bank. It was held that by knowingly disclosing the financial data to the bank, customer has to assume the risk of their financial records being released to the government. However this justification cannot hold ground in the case of India because having bank accounts or using digital currency is not a free will choice of the common man of the country but one taken under the engineered schemes of the government which has directly or indirectly forced upon the general populace through a myriad of legislations that vary from a bank account being vital to receive the benefits of the government such as LPG gas cylinder subsidies to legislations that restrict the use of cash while engaging in a financial transaction. Which include imposition of acceptable limits where in accepting of a cash transaction of an aggregate worth Rs 2 lakhs or more from a single person on a given day or more transactions relating to one occasion or event will settle in a violation of cash transaction laws. Repaying or receiving cash transactions amounting to more than Rs 20000 for the transfer of immovable property are inviting trouble in the form of penalties. Business payments of amounts more than Rs 10000 made in cash in expenditure relating to your profession or business can result in a fine. Donations made in cash is strictly monitored by tax laws and a donation made out to any registered trust or political party of an amount more than Rs 2000 is in violation to the law.

The decision of the court in the Miller case had sparked an intense public outcry and had raised a tempest in the US Congress. In a direct response to the courts holding in the Miller case The Right to Financial Privacy Act of 1978[xli](which will be now referred to as financial privacy act) was passed by the Congress. The Financial privacy act directly limits the scope of the holding in the Miller case by regulating the disclosure of financial data and records to federal agencies. Through the comprehensive set up in the Financial privacy act, financial institutions are prohibited from disclosing a customer’s financial records to the government except in the limited circumstances of, one where in the customer has provided a written consent to the transfer of the information or were the information is sought under a valid subpoena or a search warrant by the government or lastly in special circumstances wherein the government has submitted a written request.

The position of India today is no different from the situation of US in the wake of the Miller case judgement. Financial privacy is not a recognized fundamental right by either the legislations in India nor by the iconic hallmark Puttaswamy judgment which while defining the various facets of right to privacy has overlooked financial privacy, failing to endorse this vital right. However, all is not lost since the nine judges of the bench here had unanimously supported the right to privacy of personal information. The judgement also recommends that the guidelines and rules laid down on private parties in regard to information and privacy be made applicable to the state too.

Since the global situation has already reached up to the stage wherein “Today everybody is on the list no matter how innocent. System of mass surveillance strives to record all people, in all places, in all times. The question is no longer “Am I on the list?”, it is “What’s my rank on the list?[xlii]” Hence proper measures should be taken to rectify this pressing issue because should it deteriorate even further it would not be long that the reel scenes from Captain America Winter Solider would play out in real life with Project Insight being authorized and algorithms identify and divide the population into two threats on one side and humans confining to the norm on the other. However how can one forget that what made the list even more outrageous was be the inclusion of future and potential threats to Hydra and Hydra being actually in a position to launch advanced technology to exterminate all accurately with a flip of the switch.

The author is keeping fingers crossed so that this hypothesis will not play out in reality and that the government’s wish to continue monitoring the activities of the common man  would be only for the sake of national security and safeguarding the nations interests, and that even this statement doesn’t sound so familiar because you heard this statement previously as the Hydra objective to make humanity surrender its freedom in exchange for security, because, pretty sure that there is no Captain America to show up here saying “this isn’t freedom this is fear, the price of freedom is high and it’s a price I am willing to pay” before saving the day.

[i] “Digital Currencies” (PDF). November 2015

[ii] Cashless Transactions and Its Impact – A Wise Move Towards Digital India,

[iii] Central Bank of Nigeria.” g / c a s h l e s s / C a s h – Less%20FAQs.pdf.

[iv] Nigeria suffered 3,500 cyber attacks in 2015, lost $450m | Africanews. 10 Nov. 2016, 16/11/10/nigeria-suffered3500-cyber-attacks-in-2015- lost-450m/.

[v] Definition of ‘Denial-of-service Attack, The Economic Times,

[vi] How Ransomware Spreads and Works ,COMBOFIX.

[vii] Five new threats to your mobile device security ,CSO Online,21 May 2014, l e / 2 1 5 7 7 8 5 / d a t a – protection/five-new-threats-toy o u r – m o b i l e – d e v i c e – security.html.

[viii] id.

[ix]Arun, P., Uncertainty and Insecurity in Privacyless India: A Despotic Push towards Digitalisation, Surveillance & Society (August 10, 2017),

[x]Daily Mail. “No secrets on Blackberry: Security services to intercept information after government gets its way on popular messenger service.” April 7, 2012. Accessed April 29, 2017.

[xi]Itika Sharma Purohit, After Blackberry and Google, it may now be WhatsApp’s turn to annoy the Indian government, Glitches (April 6 2016),

[xii] Hemani Seth, Government surveillance at alarming levels, Info-Tech (June 25 2019),

[xiii] Supra 9

[xiv] The world’s most valuable resource is no longer oil, but data, The Economist (May 6, 2017),; Data is giving rise to a new economy, The Economist (May 6, 2017), https://www.

[xv] Vrinda Bhandari; Renuka Sane, Protecting Citizens from the State Post Puttaswamy: Analysing the Privacy Implications of the Justice Srikrishna Committee Report and the Data Protection Bill, 2018, 14 Socio-Legal Rev. 143 (2018).  

[xvi] Laurent Sacharoff, The Relational Nature of Privacy, 16(4) LEWIS & CLARK L. REV. 1249, 12741280 (2012).

[xvii] Rachel Botsman, Big data meets Big Brother as China moves to rate its citizens, Wired (Oct. 21, 2017),;

[xviii] Jenny Booth, UK ‘sleepwalking into Stasi state’, The Guardian (Aug. 16, 2004),

[xix] The Personal Data Protection Bill §12 (2018).

[xx] The Personal Data Protection Bill §13 (2018).

[xxi] The Personal Data Protection Bill §13(2) (2018).

[xxii] Supra 15

[xxiii] The Personal Data Protection Bill §19 (2018).

[xxiv]  The Personal Data Protection Bill (2018).

[xxv]  Amba Kak, The Srikrishna Committee’s Data-Protection Bill Does Not Do Enough To Hold The Government Accountable For Use Of Personal Data, The Caravan (July 28, 2018),; Madhav Khosla and Ananth Padmanabhan, Draft data protection Bill pays little attention to the dangers of State power, The Print (July 30, 2018), https://theprint. in/opinion/draft-data-protection-bill-pays-little-attention-to -the-dangers-of- state-power/905 1l/.

[xxvi] Sri Krishna Committee Report

[xxvii]  The Personal Data Protection Bill (2018).

[xxviii] Sri Krishna Committee Report

[xxix] Vrinda Bhandari, Data Protection Bill: Missed Opportunity for Surveillance Reform, The Quint (July 28, 2018), personal-data-protection-bill-2018-draft-srikrishna-committee-loopholes-surveillance.

[xxx] Supra 15

[xxxi] id.

[xxxii]Alan Westin, Privacy and Freedom, (Atheneum Publishers, 1967).

[xxxiii] Alan Westin, Privacy and Freedom, (Atheneum Publishers, 1967).

[xxxiv] Artavia Murillo (In Vitro Fertilization) v. Costa Rica, 2012 SCC OnLine IACTHR 30..

[xxxv]  Gary Bostwick, A Taxonomy of Privacy: Repose, Sanctuary, and Intimate Decision, Calif. L. Rev 1447, 1449 (1976).

[xxxvi] Neil M. Richards, The Dangers of Surveillance, 126 HARV. L. REV. 1934, 1949-50, 1964 (2013); Zachary Smith, Privacy and Security Post Snowden: Surveillance Law and Policy in the United States and India, 9 INTERCULTURAL HUMAN RTS. L. REV. 137, 155 (2014);

[xxxvii] William L. Prosser, “Privacy”, Calif. L. Rev 383, 385 (1960).

[xxxviii] id.

[xxxix]Cecilia Munoz, Megan Smith and D.J. Patil, Big Data: A Report on Algorithmic Systems, Opportunity, and Civil Rights, Executive Office of the President, White House (2016), at 21-22.

[xl] United States v. Miller ,425 U.S. 435 (1976).

[xli] The Right to Financial Privacy Act,12 U.S.C. §§ 3401-3422 (1994).

[xlii] Edward Snowden, Permanent Record (Henry Holt and Company, 2019).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s