IFF presents: A Know-Your-Rights information leaflet and merchandise on Digi Yatra #RejectDigiYatra

You asked, we delivered! In collaboration with several artists, IFF presents an all-you-should-know leaflet and a special line of merchandise on Digi Yatra that you can flaunt when catching your next flight.

01 March, 2024
3 min read

Impossible to miss and difficult to circumvent, Digi Yatra is an opt-in and completely voluntary service at Indian airports launched by the Ministry of Civil Aviation on 8 June 2017 with the aim of making air travel “seamless, contact-less, hassle-free and paperless” for passengers. Its objective is statedly simple: to help passengers board their flight faster. To this end, it enables digital processing of passengers at airports by using facial recognition technology (“FRT”) and personal credentials to authenticate them instead of traditional boarding passes. However, it does so with inadequate privacy safeguards, in a non-transparent data ecosystem, and sometimes without your consent, making it a challenge for you to navigate airports without enrolling in the service.

[ Click here to view in full ]

We have consistently voiced our concerns with Digi Yatra, originally a scheme of the Indian union government, now a privately-run service. At the heart of Digi Yatra is FRT – a deeply flawed and dangerous tool that can lead to harrowing consequences for individual privacy, dignity, free speech, movement, and life. Surveillance capabilities aside, the Digi Yatra data ecosystem presents a number of concerns with regards to personal data of users, especially their highly vulnerable and sensitive facial data. On top of this, Digi Yatra was being rolled out aggressively at Indian airports the last few months, with no regard for passenger consent or autonomy. This was covered by the media extensively (see here, here, here). A recent survey even showed that up to 30% of all Delhi airport passengers have unknowingly signed up for Digi Yatra.

For more context on the service and our rights-centric concerns, here is a resource list of our publications on Digi Yatra:

  1. Read our blog post deeply analysing Digi Yatra and its privacy and surveillance concerns.
  2. Read our opinion piece for The India Forum on all that is wrong with Digi Yatra.
  3. Listen to our deepdive on the Digi Yatra data ecosystem and FRT in this episode of the InFocus Podcast by The Hindu.
  4. Read our letters to Ministry of Civil Aviation (here), NITI Aayog (here), Airports Authority of India (here), Digi Yatra Foundation (here), regional airport authorities Delhi (here), Bengaluru (here) Cochin (here), Mumbai (here) and Hyderabad (here). 
  5. Read our past publications on Digi Yatra.

Why should you care?

Digi Yatra collects and/or processes your personal identifiable information along with sensitive facial data to authenticate you in airport security processes. Its non-transparent methods of storing, processing and sharing this data, along with a weak privacy policy, are deeply concerning. Facial recognition technology is known for being inaccurate and if misused, can become a tool for surveillance without your knowledge or consent. How Digi Yatra uses your facial data and how secure its data ecosystem really is, remains a worrying mystery.

Digi Yatra’s privacy policy potentially allows for your data to be used by the Foundation and third parties for a variety of unrelated purposes without your explicit consent and far beyond its stated use of providing a “hassle-free” airport experience. The lack of transparency leaves unanswered questions about the effectiveness of Digi Yatra’s claims of ‘privacy by design’ since it does not periodically publish any audits or reports to prove so, which causes a much bigger hassle!

The Digi Yatra Foundation, a private company operating Digi Yatra, has a 26% shareholding from the union government, but is not covered under the Right to Information Act, 2005 and does not disclose its cyber security audits. For us passengers, there's limited transparency, accountability, and recourse in case of data breaches or security threats

Many aspects of Digi Yatra, be it the use of facial recognition or the unclear data policies, lack a strong legal basis and compromise your privacy without statutory safeguards. Future data protection laws also may not adequately address these issues, especially when it comes to sensitive data like your facial biometrics.

What can you do?

Digi Yatra is a dangerous thing – but we are not here to scare you. We are here to empower you and arm you with information, so you can make decisions for yourself. No airport staff should be able to force you into registering for Digi Yatra and putting your privacy at risk. To this end, in collaboration with Kruttika Susarla, IFF presents our Know-Your-Rights leaflet (or KYR), which doubles as a comprehensive tool to briefly understand what is wrong with Digi Yatra, and an illustrative guide to avoiding it at airports.

We also present, in collaboration with Kruttika Susarla and Sanitary Panels, a line of merchandise (tees, totes and more!) with a call to #RejectDigiYatra so you can show up for your next flight in the coolest of airport fits which make a statement without saying a word. 

And per usual, you can support IFF by becoming a member and donating today!

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!