Who owns your digital life?
Who decides what resides inside your personal devices?
When does security stop being protection and begin to resemble surveillance?
Is digital sovereignty about empowering citizens or commandeering their machines?
And when the State enters your phone by decree, where does your private world truly end?
These are actual constitutional questions, but in the language of “technology policy”. They confront every citizen the moment the State insists that government code must be embedded into private devices by law.
The Erosion of Digital Autonomy
The government’s order to mandate the pre-installation of the Sanchar Saathi application on every phone sold or used in India is being framed as routine cyber hygiene. In reality, it is anything but routine. It is a blunt insertion of state authority into the most intimate object of modern life. Even if the app can be deleted by the user.
The aim itself is unimpeachable. IMEI fraud exists. Stolen phones circulate in grey markets. Counterfeits undermine network integrity. A responsible state must act. But legitimate objectives do not sanctify illiberal methods. The real question is not whether fraud should be addressed; it is whether addressing it justifies permanently occupying private hardware with a non-removable state application. That design choice is not merely excessive. It is structurally hostile to personal autonomy, legally brittle, and symbolically dangerous.
It is also intellectually thin. Nowhere in the directive is there a serious explanation of why a permanent resident application is necessary for what is essentially a verification problem. Nowhere is there a technical rationale for transforming a finite function into lifelong digital residency.
Absence of Dialogue and Transparency
The controversy around Sanchar Saathi is not driven simply by anxiety over data, but by the manner in which power announced itself. What unsettles most is not merely the existence of an application, but the silence that accompanied its arrival - the absence of explanation, consultation, and credible safeguards. When policies that touch the private lives of millions arrive as administrative instructions rather than public conversations, they forfeit moral authority even before legal scrutiny begins.
The modern state possesses unprecedented technological reach. Good policy is knowing when not to deploy it.
Digital sovereignty is secured through resilient institutions, enforceable rights, transparent standards, and accountable systems. Embedding authority into devices reflects a failure of governance imagination, where coercion substitutes for architecture and control is mistaken for capability.
The Danger of Unilateral Decision-Making
What makes the mandate more troubling is what it omits. There are no meaningful disclosures on data use. No clarity on permissions. No sunset clause. No technical firewall against future expansion. A permanent application is not just software; it is infrastructure. And infrastructure grows. Citizens are not being asked to trust a tool. They are being asked to trust an evolving system of authority.
There is a quiet irony now, in light of this undue controversy, in the name “Sanchar Saathi” itself. A “saathi” is meant to be chosen, not imposed; earned through trust, not delivered by decree. In a democracy, partnership cannot be pre-installed, and trust cannot be hardwired.
This unease is compounded by timing. The mandate arrived just days after another sweeping compliance framework that would force communication platforms to rigidly bind user identity to SIM cards. Replace your SIM, risk losing access. Use companion devices, face repeated logouts. Systems designed for resilience were recast for dependence. Architecture itself became enforcement.
Predictably, backlash followed. The minister later clarified that the app could be uninstalled. The defence cited scale: crores of users, lakhs of devices traced, millions of connections blocked. The numbers may impress, but democracies are not governed by dashboards. Surveillance systems also generate results. Efficacy does not convert intrusion into legitimacy.
Security vs. Surveillance
Judicially, this mandate fares no better. The Supreme Court’s privacy doctrine mandates that any intrusion into personal life must satisfy legality, necessity, and proportionality. Even if legality and necessity are conceded for the narrow objective of verification, proportionality collapses. The government already maintains non-intrusive methods for IMEI checks, including portals, SMS systems, and codes that verify without embedding anything into the phone itself. There is no technical explanation for why an occasional function requires permanent presence. A lifetime intrusion for a limited purpose is not regulation.
Nor can the mandate be rescued by assurances of benign intent. Law does not operate on trust; it operates on restraint. Rights are not calibrated by today’s conduct but by tomorrow’s possibilities. Architecture matters because it outlives intention. In constitutional governance, capability itself is power - and power once installed rarely retreats on reassurance.
Supporters often argue that foreign technology companies already operate system-level software with extensive privileges and that public anxiety toward government access reflects misplaced suspicion. This misunderstanding is fundamental. Corporations, while they profit for sure, do not prosecute, imprison, tax or legislate. Governments do. Constitutional restraint exists not because the State is wicked, but because it is powerful.
India has been here before. The Net Neutrality debate carried the same assumptions: that control could be made invisible, that intrusions could be framed as progress. What restrained excess then was not bureaucratic foresight but civic intervention.
This rule, if tested, is unlikely to survive judicial scrutiny. Digital governance cannot be drafted in administrative isolation. It must be stress-tested by constitutional lawyers, cyber architects, engineers and risk analysts before being imposed on a population at scale. Mature states do not experiment on citizens live. They model failure before enforcing design.
That is also why global technology firms will not accept such mandates easily. Not out of ideology, but design. Devices are built upon an implied contract: that the product belongs to the user. Coercive integration violates that promise and invites litigation — on privacy, competition, and arbitrary interference.
Balancing Power and Protection
The timing of this decision has also invites chatter. It is difficult to imagine that any government with years of parliamentary experience would be unaware of the turbulence such an order would trigger, especially on the eve of a parliamentary session. Disruption consumes attention. Attention delays scrutiny to things that matter. And when Parliament is preoccupied, other decisions may travel quietly.
While significant credit is rightfully due to this government for advancing India’s digital transformation, progress must not become a pretext for intellectual complacency. Not every intervention in the digital domain is inherently visionary, and not every policy stamped “technology” is path-breaking by default. India’s digital future will be shaped not by hurried mandates, but by depth of intent, clarity of thought, and the courage to design institutions before deploying instruments.
The State exists to defend the citizen, not inhabit. Every policy that bypasses consultation, proportionality and transparency weakens that compact, however benign the stated intent may be. Measures that redefine the boundary between citizen and State must arrive through dialogue, law, and parliamentary debate - not through firmware.
(Srinath Sridharan is Author, Policy Researcher & Corporate Advisor, Twitter: @ssmumbai.)
Views are personal, and do not represent the stand of this publication.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
