The policeman who came to see me was affable and just following instructions. It was 2009, near the end of Sri Lanka’s brutal 27-year-old civil war, though nobody knew at the time.
He asked me to enter my personal details on a website called citizens.lk, set up by the all-powerful Ministry of Defence (MoD). I asked him politely what law required me to enter my data into the system. He didn’t know. I told him to go ask his superiors. He never returned.
Citizens.lk was ostensibly set up to register all “permanent and temporary residents of Sri Lanka” and “ensure the safety and security of the entire island”. As its sole custodian, the MoD could use the information as it saw fit, with minimal oversight.
Governing information from a human rights perspective — tackling privacy concerns, usage rights, access, and monetisation of personal data — remains, as yet, alien to official big data discourses in Sri Lanka and in other countries with a democratic deficit.
Sri Lanka’s move was perhaps desirable from the perspective of intelligence operations aiming to thwart terrorism. The MoD was explicit about the data’s intended use — it was to monitor people. 
But the palpable danger was that data collected — name, address, ethnicity, national ID number, passport number, driving licence number, gender, date of birth — would spawn a far wider, more sophisticated, intrusive and enduring surveillance architecture to clamp down on dissent and suppress democratic governance.
At the time, the MoD was widely feared for silencing independent media, often violently and with complete impunity, and for sponsoring hate speech against leading human rights activists. Citizens.lk was a thinly veiled state enterprise collecting data to contain, control and censor inconvenient truths — what one leading blogger called the “logical extension of checkpoints into digital space”. 
Once harvested, information in these big, official datasets is completely within government control. There is no enabling legislation on rights to information — so individuals become mere numeric targets for government. They have little or no power to interrogate their own records, or how they are used.
Five years after the end of the war, citizens.lk, though still online, lies forgotten. And yet, in late 2013, the government’s Information and Telecommunication Agency proposed a Unique ID System (UID) for Sri Lanka — “a highly secured electronic authentication” system claimed to address “forging and duplication” of national identity cards. 
The language suggests validation, authentication, enrolment and registration. But given the present government’s suspect democratic credentials, the information collected is at risk of abuse by official policies and practices that further marginalise or discriminate against specific individuals, identity groups and communities.
A recent World Economic Forum report on Big Data flags the pivotal importance of enabling people to control their own information, reflecting a widespread concern over generating big data in an illiberal context. 
The reality is that aggregate data will inform more granular, smaller scale decisions. Big data, in other words, will increasingly affect ‘small lives’, and the assumption that those already vulnerable in society stand to benefit from more data online needs to be questioned.
My primary concern stems from poor transparency and accountability. A concern over governments’ enhanced capability to infer patterns and behaviours by combining large sets of information given voluntarily by people, as well as over how private enterprises, like telecommunications companies, use such data.
In mature democracies, big data can be immensely helpful in driving greater accountability, transparency and service delivery when combined with other information often in the public domain — such as demographic data and geo-located crime statistics. But in a country like Sri Lanka it can lead to a far more restrictive, censorious and pervasive monitoring of movements, transactions and communications.
And there’s the difficult dilemma. Post-war, Sri Lanka urgently needs to exploit big data to become more people-centric and responsive by transforming its antiquated governance mechanisms. However, any such initiative will fall in the shadow of the MoD and other intelligence arms of government.
Faces behind the data
I keep wondering about the policeman who came to see me. Did he understand the implications of his request? Did he try to resist his superiors himself? How, if at all, did he reconcile his role as a policeman with his rights as a citizen?
These questions pose a central challenge for civil society in post-war Sri Lanka and similar settings: to convince fellow citizens that data in the public domain can strengthen democracy post-war — but also alert them to the fact that no matter how benevolent data systems seem, any platform that hordes information without meaningful accountability or oversight endangers peace and courts violent conflict.
Simple measures can help meet that challenge. Compelling data driven journalism initiatives that use big data to interrogate social and political issues can help flag trends and patterns around governance. And civil society can use big data to strengthen its own research and advocacy, without relying on anecdotal evidence alone.
Civic education, for one, can alert people to both the benefits and dangers of big data. Global institutions like the UN have a role in this, and through big data they could even improve their effectiveness.
Importantly, these conversations need to put a human face to big data — to treat the datasets not as de-personalised information seen in the aggregate but as vast collections of individuals, who all have rights. If we lose sight of this, big data risks becoming a tool of and for the worst of us, when it should give life to and strengthen a more democratic future.
Sanjana Hattotuwa is a Sri Lankan human rights activist, TED fellow and founder of Groundviews, a citizen-journalism initiative. He can be contacted at [email protected] or via @groundviews.
This article is part of the Spotlight on Data for development.
References One on one with the Defense Secretary (Daily Mirror 28 February 2010)
 Information and power – citizens.lk (Indi Samarajiva, Blog 15 January 2009)
 The Unique ID System for Sri Lanka (ICTA, 2013)
 Big data, big impact: new possibilities for international development (World Economic Forum, 2012)