Centre for Internet and Society

Workshop on Democratic Accountability in the Digital Age (Delhi, November 14-15)

sumandro — 2016-12-15T09:27:22Z

IT for Change, along with Centre for Internet and Society (CIS), Digital Empowerment Foundation (DEF), Mazdoor Kisan Shakti Sangathan (MKSS) and National Campaign for People’s Right to Information (NCPRI), is organising a two day workshop on ‘Democratic Accountability in the Digital Age’. The workshop will focus on evolving a comprehensive policy approach to data based governance and digital democracy, grounded in a rights and social justice framework. It will be held at the United Service Institution of India, Delhi, during November 14-15, 2016. The CIS team to participate in the workshop includes Sumandro Chattapadhyay (speaker), Amber Sinha (speaker), Vanya Rakesh (participant), and Himadri Chatterjee (participant).

The workshop aims to:

Discuss the institutional norms, rules and practices appropriate to the rise of ‘governance by networks’ and ‘rule by data’ that can guarantee democratic accountability and citizen participation, and
Articulate the steps to claim the civic-public value of digital technologies so that data and the new possibilities for networking are harnessed for a vibrant grassroots democracy.

We hope the workshop can create a civil society coalition that can build effective strategies for legal and policy reform to further participatory democracy in the digital age. On the first day, the workshop will set the context through knowledge sharing and thematic presentations and discussions. On the second day, we aim to concretize strategies for collective action to further democratic accountability in the digital age.

Workshop Agenda (PDF)

Background Note (ODT)

For more details visit https://cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15

Seminar on Understanding Financial Technology, Cashless India, and Forced Digitalisation (Delhi, January 24)

sumandro — 2017-01-23T13:17:19Z

The Centre for Financial Accountability is organising a seminar on "Understanding Financial Technology, Cashless India, and Forced Digitalisation" on Tuesday, January 24, at YWCA, Ashoka Road, New Delhi. Sumandro Chattapadhyay will participate in the seminar and speak on the emerging architecture of FinTech in India, as being developed and deployed by UIDAI and NPCI.

Cross-posted from Centre for Financial Accountability.

Programme Schedule

09.30 - Registration

10:00 - Introduction to the Seminar & Setting the Context

Madhuresh Kumar, National Alliance of People’s Movements

10:15–11:30 - Session 1 - Understanding the Political Context of FinTech

B P Mathur, Former Dy CAG

Prabir Purkayastha, Free Software Movement of India and Knowledge Commons

C P Chandrasekhar, Centre for Economic Studies and Planning, JNU

11:30-11:45 – Tea / Coffee break

11:45-13:15 - Session 2 - How will FinTech Impact the Poor, and Labour and Banking Sector?

Ashim Roy, New Trade Union of India

Nikhil Dey, Mazdoor Kisan Shakti Sangathan

Ravinder Gupta, General Secretary, State Bank of India Officers Association

13:15-14:00 – Lunch

14:00-15:30 - Session 3 - Understanding the Economic Context of FinTech

Indira Rajaraman, Former Director, RBI

Tony Joseph, Sr. Journalist

15:30-17:00 - Session 4 - Understanding the Architecture of FinTech: Linkages to Aadhaar, IndiaStack etc

Sumandro Chattapadhyay, the Centre for Internet and Society

Gopal Krishna, ToxicsWatch

17:00 – Tea

For more details visit https://cis-india.org/internet-governance/news/seminar-on-understanding-financial-technology-cashless-india-and-forced-digitalisation-delhi-jan-24-2017

"Will the Magic Number Deliver?" - Roundtable on Aadhaar at CSLG, JNU, April 26

sumandro — 2016-04-20T10:49:58Z

The Centre for the Study of Law and Governance (CSLG), Jawaharlal Nehru University (JNU), will organise a roundtable discussion on Tuesday, April 26, to discuss the Aadhaar project and Act. Along with Rajeev Chandrasekhar, Prasanna S, Apar Gupta, and Chirashree Dasgupta, Sumandro Chattapadhyay will be one of the discussants. It will take place in the CSLG Conference Room at 6 pm.

Discussion Note

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, was enacted by the Parliament on March 16. Thereafter it has been notified on March 26.

The Act empowers the UIDAI (Unique Identification Authority of India) to collect biometric and demographic information of residents to provide them with a unique number. This unique number is to be used for enumeration, identification and targeting of beneficiaries of government subsidies and services.

Since the creation of the UIDAI as an executive authority in 2009, this process of enumeration has been ongoing. Recently, it was announced that more than 100 crore residents have been given their aadhaar cards. Alongside, however, legal challenges have continued in the Supreme Court.

Given this context, this Roundatable Discussion will focus on the following set of questions (among others):

Can the Aadhaar Number enable better delivery of government subsidies and services?
How does the Act ensure data protection?
Is there a right to privacy in India? What are the implications in the context of Aadhaar?
Does the Act ensure public access to statutory remedies in case of violations?
Did the Aadhaar Bill fulfil the requirements of a money bill?

Discussion Format

Setting the Theme - Short Introduction to the Topic by Natasha Goyal

Speakers' comments, 15 minutes each, consecutive, no power points

Rajeev Chandrasekhar, Member of Parliament, Rajya Sabha
Sumandro Chattapadhyay, the Centre for Internet and Society
Prasanna S, Lawyer
Apar Gupta, Advocate, Delhi High Court
Dr. Chirashree Dasgupta, Centre for the Study of Law and Governance

Open Session (Moderated Q and A)

Followed by Tea

Directions to Venue

From JNU main gate, proceed straight until you get to a T-junction. Turn left. Continue until you reach a second T-junction. Turn right. Follow the road for just 0.7 km until you see a bus stop labelled “Paschimmabad.” About 50 m past the bus stop turn right at a sign that reads: “Centre for the Study of Law and Governance”. The CSLG building is on the right. The conference room is on the first floor.

Poster

For more details visit https://cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016

Digital native: The View from My Bubble

nishant — 2016-12-05T15:15:07Z

In the digital world, the privileged have the power to deny a devastating crisis for the poor.

The article was published by Indian Express on December 4, 2016.

For weeks now, my timeline on almost all social media feeds has been dominated by stories of demonetisation. Over the last few years, I have been spending time in countries where I, more or less, live a cashless life. Every transaction is enabled by a digital connection — my contactless debit card pays most of the bills for groceries, my phone works as an automatic wallet at my favourite stores, and the larger purchases are done online, through direct bank transfers. Most days, I leave home with such little cash that I would not even be able to buy a decent meal with it.

While the continent is different, this experience is not much different from my days spent in India. I don’t really remember the last time I made huge cash deposits or withdrawals, and the services that I am used to would almost all have facilitated digital transactions, ensuring a smooth continuation of my life except, perhaps, for renouncing the occasional binge on street food, and letting go of the habit of hailing an auto on a busy road.

Hence, like many people who live in the same privileged combination of class, urbanity, education and affordability, my initial reaction to this move was reflective and speculative. In an abstract manner, I was curious about what this means to the theory of value, what this would achieve in the long-term visions of the state, and wondering what the costs of currency re-introductions might be. The earlier debates with family and friends were all marked by this elitist inquiry into the nature of things, feasting our minds on economic and political conundrums, well aware that there is going to be no crisis on the horizon. The social media also reflected this filter bubble. We made pithy jokes and offered polarised opinions about whether or not this is going to achieve the whitening of black money, and what its long term effects on the economic future would be.

Now that we know, however, that this state of emergency is going to last well into the end of this year, and as reports trickle in of the deprivation, exploitation and precariousness that destabilise lives and push them towards the precipice, I take a deep introspective breath. I don’t want to go into the discussions of the impact and measures of this move on lives that I do not live, and people who are so unlike me that I cannot even imagine what it means to live on the edge of a demonetised currency note. My opinions on this cannot be more informed or valid than the millions of voices that have flooded the social web with commentary, discussions and outright abusive fighting around the issue.

Instead, I want to reflect on what it means to consume a lived crisis, an embodied reality, a precarious condition through the mediated bubble of the digital web. For years now, activists have lamented that the web is an alienating medium. It allows people to become armchair clicktivists, removed from the reality of messy life and able to profess care, concern and commitment as long as it does not inconvenience or disrupt their everyday life. However, this has often been seen as a knee-jerk reaction to change, with enough evidence to prove that these technologies of connectivity also produce new collective forms of action, engendering trust, empathy, and care for people who are often made invisible in the systemic violence of everyday life. The debate is unresolved. However, the ways in which the demonetisation crisis — because it has officially become a crisis — is being consumed online, remotely, makes me wonder how the digital web allows a space for performance without experience, and articulation without politics.

Almost unanimously, the continued chatter of how the common man must bear some inconvenience for the greater good of our collective futures comes from people who embody the same privileges I do. From the comfort of their well-stocked kitchens and their insurances that would cover any health crises, these voices continue to parrot the idea that all that this means for anybody is just a bit of a hassle, but nothing to worry about.

In the growing face of evidence that the poor are being pushed to the limits of their downward precipitation, they continue to invoke the sacrifices that must be made towards making India great again. Every day, I hear them valiantly champion the Prime Minister for his authoritative decision, and defend the logistics that have failed to protect the economic survival of the silent sufferers in the favour of recovering untold wealth which might turn out to be mythical after all.

And, each time I read these reports, I wonder how the digital allows them, protects them, and produces a performative space from which they can speak, without any experience, about the lives of others, reducing their struggles to lifestyle logistics and ambulatory adjustments.

For more details visit https://cis-india.org/raw/indian-express-december-4-2016-nishant-shah-digital-native-the-view-from-my-bubble

Fake Narendra Modi apps aplenty, but it’s up to users to protect themselves

praskrishna — 2016-12-10T04:24:24Z

The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded.

The article was published by Indian Express on December 2, 2016. Pranesh Prakash was quoted. Also see Nandini Yadav's blog post in BGR on December 3, 2016.

The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded.

A “Narendra Modi” app, purportedly offered by the Government of India, caught the attention of Internet expert Pranesh Prakash on Thursday as the app developer was found to be using a Bangladesh-based web host and e-mail address. Suggesting that this could be the work of a con-artist, Prakash underlined that granting access to fake apps could lead to security breach. The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded. The original NaMo, however, only gets access to read, modify and delete the user’s media files. The “fake” app was downloaded more than 1 lakh times and has an average rating of 4.4 from over 2,000 reviews. A simple search on the play store throws up dozens of Narendra Modi apps, some even calling themselves fake apps. The original app was published by Narendramodi.in and Government Of India. But there are scores of other apps trying to imitate the original.

Pranesh, who is Policy Director at The Centre for Internet and Society, also questioned how users can differentiate between fake and genuine apps when even the official app was registered using a gmail address. While the Government of India Narendra Modi app has been published using info@narendramodi.press, the one by Narendramodi.in has been published using a simple Gmail app. He also highlighted how the play store was flooded with fake banking apps, with one such “SBI app” gaining full access to the user’s files. Incidentally, the fake Modi Ki Note app which has been in the limelight since the demonetisation on high value notes and issue of new ones itself has many duplicates.

In the last two days, the Congress and its vice-president Rahul Gandhi fell victim to hacking as their verified Twitter accounts were compromised. Profane content was shared from both accounts, targeting the Gandhi and his family. This lead to the Congress questioning Prime Minister Narendra Modi’s digital India push as security remains a huge concern.

For more details visit https://cis-india.org/internet-governance/news/indian-express-december-2-2016-fake-narendra-modi-apps-aplenty-but-it-is-up-to-users-to-protect-themselves

Comments on the Report of the Committee on Digital Payments (December 2016)

Sumandro Chattapadhyay and Amber Sinha — 2017-01-12T12:32:22Z

The Committee on Digital Payments constituted by the Ministry of Finance and chaired by Ratan P. Watal, Principal Advisor, NITI Aayog, submitted its report on the "Medium Term Recommendations to Strengthen Digital Payments Ecosystem" on December 09, 2016. The report was made public on December 27, and comments were sought from the general public. Here are the comments submitted by the Centre for Internet and Society.

1. Preliminary

1.1. This submission presents comments by the Centre for Internet and Society (“CIS”) [1] in response to the report of the Committee on Digital Payments, chaired by Mr. Ratan P. Watal, Principal Advisor, NITI Aayog, and constituted by the Ministry of Finance, Government of India (“the report”) [2].

2. The Centre for Internet and Society

2.1. The Centre for Internet and Society, CIS, is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, and cyber-security.

2.2. CIS is not an expert organisation in the domain of banking in general and payments in particular. Our expertise is in matters of internet and communication governance, data privacy and security, and technology regulation. We deeply appreciate and are most inspired by the Ministry of Finance’s decision to invite entities from both the sectors of finance and information technology. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved, especially the citizens and the users. CIS is thankful to the Ministry of Finance for this opportunity to provide a general response on the report.

3. Comments

3.1. CIS observes that the decision by the Government of India to withdraw the legal tender character of the old high denomination banknotes (that is, Rs. 500 Rs. 1,000 notes), declared on November 08, 2016 [3], have generated unprecedented data about the user base and transaction patterns of digital payments systems in India, when pushed to its extreme use due to the circumstances. The majority of this data is available with the National Payments Corporation of India and the Reserve Bank of India. CIS requests the authorities concerned to consider opening up this data for analysis and discussion by public at large and experts in particular, before any specific policy and regulatory decisions are taken towards advancing digital payments proliferation in India. This is a crucial opportunity for the Ministry of Finance to embrace (open) data-driven regulation and policy-making.

3.2. While the report makes a reference to the European General Data Protection Directive, it does not make a reference to any substantive provisions in the Directive which may be relevant to digital payments. Aside from the recommendation that privacy protections around the purpose limitation principle be relaxed to ensure that payment service providers be allowed to process data to improve fraud monitoring and anti-money laundering services, the report is silent on significant privacy and data protection concerns posed by digital payments services. CIS strongly warns that the existing data protection and security regulations under Information Technology (Reasonable security practices and procedures and sensitive personal data or information), Rules are woefully inadequate in their scope and application to effectively deal with potential privacy concerns posed by digital payments applications and services. Some key privacy issues that must be addressed either under a comprehensive data protection legislation or a sector specific financial regulation are listed below. The process of obtaining consent must be specific, informed and unambiguous and through a clear affirmative action by the data subject based upon a genuine choice provided along with an option to opt out at any stage. The data subjects should have clear and easily enforceable right to access and correct their data. Further, data subjects should have the right to restrict the usage of their data in circumstances such as inaccuracy of data, unlawful purpose and data no longer required in order to fulfill the original purpose.

3.3. The initial recommendation of the report is to “[m]ake regulation of payments independent from the function of central banking” (page 22). This involves a fundamental transformation of the payment and settlement system in India and its regulation. We submit that a decision regarding transformation of such scale and implications is taken after a more comprehensive policy discussion, especially involving a wider range of stakeholders. The report itself notes that “[d]igital payments also have the potential of becoming a gateway to other financial services such as credit facilities for small businesses and low-income households” (page 32). Thus, a clear functional, and hence regulatory, separation between the (digital) payments industry and the lending/borrowing industry may be either effective or desirable. Global experience tells us that digital transactions data, along with other alternative data, are fast becoming the basis of provision of financial and other services, by both banking and non-banking (payments) companies. We appeal to the Ministry of Finance to adopt a comprehensive and concerted approach to regulating, enabling competition, and upholding consumers’ rights in the banking sector at large.

3.4. The report recognises “banking as an activity is separate from payments, which is more of a technology business” (page 154). Contemporary banking and payment businesses are both are primarily technology businesses where information technology particularly is deployed intimately to extract, process, and drive asset management decisions using financial transaction data. Further, with payment businesses (such as, pre-paid instruments) offering return on deposited money via other means (such as, cashbacks), and potentially competing and/or collaborating with established banks to use financial transaction data to drive lending decisions, including but not limited to micro-loans, it appears unproductive to create a separation between banking as an activity and payments as an activity merely in terms of the respective technology intensity of these sectors. CIS firmly recommends that regulation of these financial services and activities be undertaken in a technology-agnostic manner, and similar regulatory regimes be deployed on those entities offering similar services irrespective of their technology intensity or choice.

3.5. The report highlights two major shortcomings of the current regulatory regime for payments. Firstly “the law does not impose any obligation on the regulator to promote competition and innovation in the payments market” (page 153). It appears to us that the regulator’s role should not be to promote market expansion and innovation but to ensure and oversee competition. We believe that the current regulator should focus on regulating the existing market, and the work of the expansion of the digital payments market in particular and the digital financial services market in general be carried out by another government agency, as it creates conflict of interest for the regulator otherwise. Secondly, the report mentions that Payment and Settlement Systems Act does not “focus the regulatory attention on the need for consumer protection in digital payments” and then it notes that a “provision was inserted to protect funds collected from customers” in 2015 (page 153). This indicates that the regulator already has the responsibility to ensure consumer protection in digital payments. The purview and modalities of how this function of course needs discussion and changes with the growth in digital payments.

3.6. The report identifies the high cost of cash as a key reason for the government’s policy push towards digital payments. Further, it mentions that a “sample survey conducted in 2014 across urban and rural neighbourhoods in Delhi and Meerut, shows that despite being keenly aware of the costs associated with transacting in cash, most consumers see three main benefits of cash, viz. freedom of negotiations, faster settlements, and ensuring exact payments” (page 30). It further notes that “[d]igital payments have significant dependencies upon power and telecommunications infrastructure. Therefore, the roll out of robust and user friendly digital payments solutions to unelectrified areas/areas without telecommunications network coverage, remains a challenge.” CIS much appreciates the discussion of the barriers to universal adoption and rollout of digital payments in the report, and appeals to the Ministry of Finance to undertake a more comprehensive study of the key investments required by the Government of India to ensure that digital payments become ubiquitously viable as well as satisfy the demands of a vast range of consumers that India has. The estimates about investment required to create a robust digital payment infrastructure, cited in the report, provide a great basis for undertaking studies such as these.

3.7. CIS is very encouraged to see the report highlighting that “[w]ith the rising number of users of digital payment services, it is absolutely necessary to develop consumer confidence on digital payments. Therefore, it is essential to have legislative safeguards to protect such consumers in-built into the primary law.” We second this recommendation and would like to add further that financial transaction data is governed under a common data protection and privacy regime, without making any differences between data collected by banking and non-banking entities.

3.8. We are, however, very discouraged to see the overtly incorrect use of the word “Open Access” in this report in the context of a payment system disallowing service when the client wants to transact money with a specific entity [4]. This is not an uncommon anti-competitive measure adopted by various platform players and services providers so as to disallow users from using competing products (such as, not allowing competing apps in the app store controlled by one software company). The term “Open Access” is not only the appropriate word to describe the negation of such anti-competitive behaviour, its usage in this context undermines its accepted meaning and creates confusion regarding the recommendation being proposed by the report. The closest analogy to the recommendation of the report would perhaps be with the principle of “network neutrality” that stands for the network provider not discriminating between data packets being processed by them, either in terms of price or speed.

3.9. A major recommendation by the report involves creation of “a fund from savings generated from cash-less transactions … by the Central Government,” which will use “the trinity of JAM (Jan Dhan, Adhaar, Mobile) [to] link financial inclusion with social protection, contributing to improved Social and Financial Security and Inclusion of vulnerable groups/ communities” (page 160-161). This amounts to making Aadhaar a mandatory ID for financial inclusion of citizens, especially the marginal and vulnerable ones, and is in direct contradiction to the government’s statements regarding the optional nature of the Aadhaar ID, as well as the orders by the Supreme Court on this topic.

3.10. The report recommends that “Aadhaar should be made the primary identification for KYC with the option of using other IDs for people who have not yet obtained Aadhaar” (page 163) and further that “Aadhaar eKYC and eSign should be a replacement for paper based, costly, and shared central KYC registries” (page 162). Not only these measures would imply making Aadhaar a mandatory ID for undertaking any legal activity in the country, they assume that the UIDAI has verified and audited the personal documents submitted by Aadhaar number holders during enrollment. A mandate for replacement of the paper-based central KYC agencies will only remove a much needed redundancy in the the identity verification infrastructure of the government.

3.11. The report suggests that “[t]ransactions which are permitted in cash without KYC should also be permitted on prepaid wallets without KYC” (page 164-165). This seems to negate the reality that physical verification of a person remains one of the most authoritative identity verification process for a natural person, apart from DNA testing perhaps. Thus, establishing full equivalency of procedure between a presence-less transaction and one involving a physically present person making the payment will only amount to removal of relatively greater security precautions for the former, and will lead to possibilities of fraud.

3.12. In continuation with the previous point, the report recommends promotion of “Aadhaar based KYC where PAN has not been obtained” and making of “quoting Aadhaar compulsory in income tax return for natural persons” (page 163). Both these measures imply a replacement of the PAN by Aadhaar in the long term, and a sharp reduction in growth of new PAN holders in the short term. We appeal for this recommendation to be reconsidered as integration of all functionally separate national critical information infrastructures (such as PAN and Aadhaar) into a single unified and centralised system (such as Aadhaar) engenders massive national and personal security threats.

3.13. The report suggest the establishment of “a ranking and reward framework” to recognise and encourage for the best performing state/district/agency in the proliferation of digital payments. It appears to us that creation of such a framework will only lead to making of an environment of competition among these entities concerned, which apart from its benefits may also have its costs. For example, the incentivisation of quick rollout of digital payment avenues by state government and various government agencies may lead to implementation without sufficient planning, coordination with stakeholders, and precautions regarding data security and privacy. The provision of central support for digital payments should be carried out in an environment of cooperation and not competition.

3.14. CIS welcomes the recommendation by the report to generate greater awareness about cost of cash, including by ensuring that “large merchants including government agencies should account and disclose the cost of cash collection and cash payments incurred by them periodically” (page 164). It, however, is not clear to whom such periodic disclosures should be made. We would like to add here that the awareness building must simultaneously focus on making public how different entities shoulder these costs. Further, for reasons of comparison and evidence-driven policy making, it is necessary that data for equivalent variables are also made open for digital payments - the total and disaggregate cost, and what proportion of these costs are shouldered by which entities.

3.15. The report acknowledges that “[t]oday, most merchants do not accept digital payments” and it goes on to recommend “that the Government should seize the initiative and require all government agencies and merchants where contracts are awarded by the government to provide at-least one suitable digital payment option to its consumers and vendors” (page 165). This requirement for offering digital payment option will only introduce an additional economic barrier for merchants bidding for government contracts. We appeal to the Ministry of Finance to reconsider this approach of raising the costs of non-digital payments to incentivise proliferation of digital payments, and instead lower the existing economic and other barriers to digital payments that keep the merchants away. The adoption of digital payments must not lead to increasing costs for merchants and end-users, but must decrease the same instead.

3.16. As the report was submitted on December 09, 2016, and was made public only on December 27, 2016, it would have been much appreciated if at least a month-long window was provided to study and comment on the report, instead of fifteen days. This is especially crucial as the recently implemented demonetisation and the subsequent banking and fiscal policy decisions taken by the government have rapidly transformed the state and dynamics of the payments system landscape in India in general, and digital payments in particular.

Endnotes

[1] See: http://cis-india.org/.

[2] See: http://finmin.nic.in/reports/Note-watal-report.pdf and http://finmin.nic.in/reports/watal_report271216.pdf.

[3] See: http://finmin.nic.in/cancellation_high_denomination_notes.pdf.

[4] Open Access refers to “free and unrestricted online availability” of scientific and non-scientific literature. See: http://www.budapestopenaccessinitiative.org/read.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016

The Dangers Of Aadhaar-Based Payments That No One Is Talking About

praskrishna — 2017-01-17T14:39:53Z

Less than three months ago, India’s banking sector was hit by a data breach which compromised 32 lakh debit cards and led to fraudulent transactions worth Rs 1.3 crore.

The article by Mayank Jain was published by Bloomberg on January 17, 2017. Sunil Abraham was quoted.

The incident started a debate around security of payment systems. But the debate had just about begun when the government’s demonetisation decision dragged attention away from it. Now as the dust settles and as the government starts to push newer means of digital payments, the focus is back on the security of systems being seen as an alternative to cash.

One such system is Aadhaar-based payments which could potentially allow citizens to pay anytime anywhere with the tap of a finger.

In theory, it sounds simple.

The Aadhaar-based payment system runs on the existing Aadhaar infrastructure through which a person’s biometrics are used to authenticate the user. Once authenticated, the user can transfer funds directly from one bank account to another without going through a mobile wallet or a card.

The payment system requires a smartphone, a working internet connection and a biometric authentication device with the merchant. The customer needn’t have a card or a phone as long as he or she has an Aadhaar-seeded bank account.

National Payments Corporation of India has developed this payments infrastructure over the existing Aadhaar-Enabled Payments System, the railroad on which the public distribution system has been functioning for years now.

Amitabh Kant, chief executive officer of the government policy think tank NITI Aayog said, earlier this month, that all cards and point-of-sale machines will become redundant in the country in the next two-and-a-half years as Aadhaar-based payments become popular.

A Double-Edged Sword

While payments authenticated by biometrics sound like a good idea in a country where less than one in three people actually own a smartphone, there are fears that integrating biometrics with digital payments could prove to be a security headache.

The first part of the problem is that Aadhaar, while effective, is not a fool-proof method of authentication and identification failures are not uncommon. Building a payment system atop the Aadhaar system will simply transfer some of these vulnerabilities.

The possibility of transaction failures due to a biometric mismatch are real, admitted a former high-ranking official from the Unique Identification Authority of India (UIDAI) who spoke to BloombergQuint on the condition of anonymity.

Officially, the false reject rate – rejection of a biometric when it’s actually correct – is set at a maximum of 2 percent for devices that get certified from the UIDAI. On the ground, however, failure rates vary widely, said the official quoted above.

According to the official statistics on UIDAI, more than 16 lakh Aadhaar-authentication requests failed in the past week. The type of errors encountered ranged from the biometric data not matching the database to demographic details not checking out.

The failure rates on Aadhaar Enabled Payment System for interbank transactions (which is a part of all Aadhaar authentication requests) were found to be as high as 60 percent by the Watal Committee on digital payments which published its report in December.

Additionally, newer security threats may also emerge if the scope of Aadhaar is widened. These include identity theft if a person’s biometrics are compromised from the payment system, phishing attempts, and the difficulty in revoking access once biometric information is compromised.

Biometrics aren’t an exact science, the official quoted above said, while adding that possible glitches have to be weighed against the benefits of offering a widely accessible non-cash mode of payment to citizens.

How Easy Is It To Beat The System?

Sunil Abraham, executive director of Bangalore based research organisation Center for Internet and Society (CIS) said that one way to assess how secure a system is to understand the cost and effort that goes into breaching it.

In the case of Aadhaar-based payment systems, the costs may not be high.

“There’s the gummy finger method which essentially requires some Fevicol or gum to duplicate someone’s fingerprint which can be enough to transact on someone’s behalf without them being there,” said Abraham in a phone conversation with BloombergQuint. “An average person can’t clone a smart card. Just fevicol and glue can help you make a gummy finger. The biometric lobby will say that advanced scanners defeat the gummy finger attack but more advanced scanners are also more expensive.”

Also, using more sensitive devices could push up the instance of false rejection of transactions, said Abraham.

There are other concerns. Like the fact that devices used for Aadhaar identification could store personal information, which, in turn, could be susceptible to a breach.

There are five main components in an Aadhaar app transaction – the customer, the vendor, the app, the back-end validation software, and the Aadhaar system itself. There are also two main external concerns – the security of the data at rest on the phone and the security of the data in transit. At all seven points, the customer’s data is vulnerable to attack.
Bhairav Acharya, Program Fellow, New America

Acharya, who works at a U.S.-based think tank called New America and focuses on cyber-law, said the key concern is that Aadhaar data can be stolen and misused.

“The app and validation software are insecure, the Aadhaar system itself is insecure, the network infrastructure is insecure, and the laws are inadequate.”

The biometric data collected on the authentication device at a merchant location can potentially be stored on the device as well as the smartphone of a merchant for a long time. Abraham added that there is a possibility that non-certified devices will enter the market, which can store data and use it in the future to do fraudulent transactions.

The concerns over potential misuse of biometric data by private agencies has also been highlighted by the Supreme Court of India. Earlier this month, the apex court refused to expedite the hearing on a petition regarding Aadhaar being utilised for multiple use cases by private companies. It, however, observed that private agencies collecting biometric data “is not a great idea”.

Deficient Privacy Laws

Apar Gupta, a Delhi-based lawyer working on cyber security, says that the lack of strong privacy protecting provisions is another concern that should be kept in mind while moving towards an Aadhaar-based payment system.

“The data stays for a long time with the stakeholders in the system. The requesting agency can keep it for seven years and the UIDAI can store it for five years. There are insufficient safeguards and there’s an absence of privacy law and an independent privacy regulator,” he said.

Acharya agreed.

India does not have the necessary laws to deal with a decentralised, biometrically-authenticated, mobile payments system, according to Acharya.

“Moreover, current laws and policies regarding the Aadhaar project, particularly the centralised database, are inadequate from the point of view of data security and end-user privacy,” he said.

Abraham of CIS said the issue is wider than Aadhaar. The problem is the lack of a strong data security law.

We only have a minimal data security law under the Section 43A of the Information and Technology Act which only applies to the private sector. There’s no law that applies to the government. Even 43A has not been applied consistently. There’s no place for you to go and complain if your identity has been compromised.
Sunil Abraham, Executive Director, Centre for Internet & Society

Gupta noted that, in the event of an identity threat, avenues of recourse are also limited. He said the best option is an appeal in the civil court, which is a long drawn out process.

In final analysis, according to Abraham, credit and debit cards are easier to secure as access can be revoked quickly.

“The trouble with biometrics is that the chain of trust is harder to establish because too many people can get access to biometrics and then you need to devise these convoluted solutions like hardware secure zones,” Abraham said.

“So the advantage of going with a smart card is that it can be easily re-secured, but with biometrics, once I compromise it, it’s lifelong.”

For more details visit https://cis-india.org/internet-governance/news/bloomberg-mayank-jain-january-17-2017-dangers-of-aadhaar-based-payments-that-no-one-is-talking-about

EVMs: How transparent is the Indian election process?

praskrishna — 2017-03-17T01:57:19Z

Electronic Voting Machines (EVMs) have become a bone of contention after the results of the Assembly elections in five states were declared last Saturday and the BSP president Mayawati alleged tampering. The Congress party and the Aam Aadmi Party (AAP) have called for a probe into her allegation. Social media too is abuzz with messages and videos showing how the machines can be allegedly manipulated to sway the votes in favour of a particular candidate.

The article by Smriti Sharma Vasudeva was published in the Statesman on March 14, 2017. Pranesh Prakash was quoted.

Overnight, several videos on Whatsapp have surfaced wherein people can be seen explaining the "mechanism" on how to alter the votes polled for a candidate in another candidate's favour. Several similar posts and articles are doing the rounds on Facebook.

BBC added fuel to the fire when it shared a 2010 article on how 'US "Scientists" hack India Electronic Machines' . The article details how scientists at a US university say they have developed a technique to hack into Indian electronic voting machines. While the article was posted on the BBC website a day after the election results were declared, it drew considerable flak from users on Facebook who criticised the website for its 'irresponsible' act of sharing an article with a "click bait" headline just to grab eyeballs.

Amid all this frenzy, the Election Commission of India has issued statements clarifying how the entire process is transparent and fool proof and tampering with the EVMs is a far-fetched thing given the checks and balances in place. For instance, the EVMs undergo the process of randomisation wherein which machine will go to which constituency and to which booth is not known to anyone till the last moment. Similarly, before the polling starts, mock polling takes place in the presence of representatives of all the political parties and then each of these machines are tested and a satisfactory report is generated and only after that polling begins.

However, all these checks and balances still do not ensure a fool proof system if experts are to be believed.

Pranesh Prakash, Policy Director for The Centre for Internet and Society, a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives, said: "The Electronic Voting Machines used in India are the simplest, with no large operating system requirements and are not networked. Thus, from a software design perspective, these are really good and the chances of these being tampered with are bleaker. However it doesn't mean these are fool proof. Most of the developed countries do not trust these machines and these are definitely not secure enough for democratic elections.

"While there are many advantages of using EVMs in the electoral process over the traditional ballot papers, still there are many ways in which one can tamper with these machines without any technical ingenuity. The best way is to make use of the EVMs and ensure that the Voter Verified Paper Audit Trail (VVPAT) are effectively utilised to make it an overall effective system".

Recently, the Supreme Court had mandated that VVPAT machines should be used in all the polls and thus the Election Commission had installed VVPAT machines in several constituencies. However, not sure of the efficacy of this system, the Election Commission had itself raised apprehensions regarding performance of the paper-trail machine, which gives a receipt to the voter, verifying the vote went in favour of the candidate against whose name the button was pressed on the electronic voting machine.a

For more details visit https://cis-india.org/internet-governance/news/the-statesman-smriti-sharma-vasudeva-march-14-2017-evms-how-transparent-is-the-indian-election-process

Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill?

Pooja Saxena — 2016-04-24T14:15:06Z

In this infographic, we highlight the matters dealt with in the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, and consider if these can be objects of a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Sumandro Chattapadhyay and Amber Sinha.

Download the infographic: PDF and JPG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/can-matters-dealt-with-in-aadhaar-act-be-objects-of-money-bill

The Aadhaar Act is Not a Money Bill

Amber Sinha — 2016-04-25T10:51:37Z

While the authority of the Lok Sabha Speaker is final and binding, Jairam Ramesh’s writ petition may allow the Supreme Court to question an incorrect application of substantive principles. This article by Amber Sinha was published by The Wire on April 24, 2016.

Originally published by The Wire on April 24, 2016.

Since its introduction as a money bill in the Lok Sabha in the first week of March [1], the Aadhaar (Targeted delivery of Financial and other subsidies, benefits and services) Bill, 2016 has been embroiled in controversy. The Lok Sabha rejected the five recommendations of the Rajya Sabha and adopted the bill on March 16 and only presidential assent was required for it become to become valid law. However, former Union Minister Jairam Ramesh filed a writ petition contesting the decision to treat the Aadhaar Bill as a money bill. The petition is due to be heard before the Supreme Court on April 25, and should the court decide to entertain the petition, it could have far-reaching implications for the Aadhaar project and the manner in which money bills are passed by the Parliament.

There are three broad categories of bills (all legislations or Acts are known as ‘bills’ till they are passed by the Parliament) that the Parliament can pass. The first kind, Constitution Amendment Bills, are those that seek to amend a provision in the Constitution of India. The second are financial bills which contain provisions on matters of taxation and expenditure. Money bills are a subset of the financial bills which contain provisions only related to taxation, financial obligations of the government, expenditure from or receipt to the Consolidated Fund of India and any matters incidental to the above. The third category is of ordinary bills which includes all other bills. The process for the enactment of all these bills is different. Money bills are peculiar in that they can only be introduced in the Lok Sabha where it can be passed by simple majority. Following this, it is transmitted to the Rajya Sabha. The Rajya Sabha’s powers are restricted to giving recommendations on the Bill and sending it back to the Lok Sabha, which the Lok Sabha is under no obligation to accept. The decision to introduce the Aadhaar Bill as a money bill has been widely seen as an attempt to circumvent the Rajya Sabha where the ruling party is in a minority.

Article 110 (1) of the Constitution defines a money bill as one containing provisions only regarding the matters enumerated or any matters incidental to them. These are a) imposition, regulation and abolition of any tax, b) borrowing or other financial obligations of the Government of India, c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, d) appropriation of money out of CFI, e) expenditure charged on the CFI or f) receipt or custody or audit of money into CFI or public account of India. Article 110 is modelled on Section 1(2) of the (UK) Parliament Act, 1911 which also defines the money bills as those only dealing with certain enumerated matters. The use of the word “only” was brought up by Ghanshyam Singh Gupta during the Constituent Assembly Debates. He pointed out that the use of the word “only” limits the scope of money bills to only those legislations which did not deal with other matters. His amendment to delete the word “only” was rejected clearly establishing the intent of the framers of the Constitution to keep the ambit of money bills extremely narrow.

While the Aadhaar Bill does make references to benefits, subsidies and services funded by the Consolidated Fund of India (CFI), even a cursory reading of the bill reveals its main objectives as creating a right to obtain a unique identification number and providing for a statutory apparatus to regulate the entire process. The mere fact of establishing the Aadhaar number as the identification mechanism for benefits and subsidies funded by the CFI does not give it the character of a money bill. The bill merely speaks of facilitating access to unspecified subsidies and benefits rather than their creation and provision being the primary object of the legislation. Erskine May’s seminal textbook, ‘Parliamentary Practice” is instructive in this respect and makes it clear that a legislation which simply makes a charge on the Consolidated Fund does not becomes a money bill if otherwise its character is not that of one.

PDT Achary, former secretary general of the Lok Sabha, has expressed concern about the use of Money Bills as a means to circumvent the Rajya Sabha. He has written here [2] and here [3], on what constitutes a money bill and how the attempts to pass off financial bills like the Aadhaar Bill as money bills could erode the supervisory role Rajya Sabha is supposed to play. This is especially true in the case of a legislation like the Aadhaar Bill which has far reaching implications for individual privacy as it governs the identification system conceptualised to provide a unique and lifelong identity to residents of India dealing with both the analog and digital machinery of the state and by virtue of Section 57 of any private entities. Already over 1 billion people have been enrolled under this identification scheme, and the project has been a subject of much debate and a petition before the Supreme Court. The project has been portrayed as both the last hope for a welfare state and surveillance infrastructure. Regardless of which of the two ends of spectrum one leans towards, it is undeniable that the law governing the Aadhaar project deserved a proper debate in the Parliament. Even those who are strong proponents of the project must accept the decision to pass it off as a money bill undermines the importance of democratic processes and is a travesty on the Constitution and a blatant abrogation of the constitutional duties of the speaker.

The petition by Jairam Ramesh would hinge largely on the powers of the judiciary to question the decision of the Speaker of the Lok Sabha. Article 110 (3) is very clear in pronouncing the authority of the Speaker as final and binding. Additionally, Article 122 prohibits the courts from questioning the validity of any proceedings in Parliament on the ground of any alleged irregularity of procedure. The powers of privilege that Parliamentarians enjoy are integral to the principle of separation of powers. However, the courts may be able to make a fine distinction between inquiring into procedural irregularity which is prohibited by the Constitution; and questioning an incorrect application of substantive principles, which I would argue, is the case with the Speaker decision.

References

[1] See: http://thewire.in/2016/03/07/arun-jaitley-introduces-money-bill-on-aadhar-in-lok-sabha-24115/.

[2] See: http://indianexpress.com/article/opinion/columns/show-me-the-money-4/.

[3] See: http://www.thehindu.com/opinion/lead/circumventing-the-rajya-sabha/article7531467.ece.

For more details visit https://cis-india.org/internet-governance/blog/the-aadhaar-act-is-not-a-money-bill

Can the Aadhaar Act 2016 be Classified as a Money Bill?

Pooja Saxena — 2016-04-25T13:48:41Z

In this infographic, we show if the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, can be classified as a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Amber Sinha and Sumandro Chattapadhyay.

Download the infographic: PDF and JPG.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/can-the-aadhaar-act-2016-be-classified-as-a-money-bill

Digital India - Now to Work

Shyam Ponappa — 2015-11-10T03:18:15Z

There's a buzz about Digital India again with an Indian PM finally reaching Silicon Valley. So are we close to broadband taking off, or is this just more hype?

The article was published in the Business Standard on October 1, 2015 and mirrored in Organizing India Blogspot on October 2, 2015.

The announcements are certainly promising. For instance, that Indian Railways will provide Wi-Fi services at 500 railway stations over the next few years. Google's support tendered by CEO Sundar Pichai offers new hope that this will happen. Other promising announcements include Microsoft CEO Satya Nadella's announcement of cloud-based services from India, and connectivity at the village level through TV White Space (unused broadcast spectrum), and Qualcomm CEO Paul Jacob's $150-million fund for start-ups in India.

There have been announcements like these before. For instance, the Railways announced Wi-Fi projects for years, with modest achievements. For details, see "A history of Wi-Fi and Indian Railways from 2006 to Infinity (maybe)". [See http://www.medianama.com/2015/02/223-a-history-of-wi-fi-and-indian-railways-from-2006-to-infinity-maybe/, Riddhi Mukherjee, February 27, 2015].

What's troubling is that in terms of ground realities, except for TV White Space for broadband, there's little evidence of a systematic approach to problems besetting communications, and changes in policies to solve them. Everyone seems carried away, and this is as true of most of the media and the commentariat as it is of the politicians. But informed, systematic efforts at solutions are absolutely essential to achieve these aspirations.

Take the ingenuous comparisons of Silicon Valley with Bengaluru, with the latter being described as "nearly there". Such election rhetoric from former US Senator and Secretary of State John Kerry is one thing, but our savvy media folk should know better. People who visit Silicon Valley from India, or those who are based there and occasionally visit India, can't be blind to the stark differences. One is a place where the basics related to living and functioning effectively actually work well; the other isn't. One has potholed streets with garbage, decrepit or nonexistent sanitation, and chronic power cuts; the other doesn't. It's as simple as that.

This leads to another observation that's tossed off too easily, about less need for government. Blithe statements that government needs to be reduced, or to get out of the way and let the private sector function, are often made with apparently little understanding of what governments do before getting out of the way. Those essential services in Silicon Valley and elsewhere that function seamlessly and are taken for granted? That's what governments can do. In other words, that is government's responsibility: to provide, apart from security and law and order, the infrastructure services and organisation of communities, markets and financial systems that enable citizens to function effectively and live well. Yes, markets are indeed planned and structured in order to function well.

The data on broadband at the end of 2014 in the Broadband Report 2015 by the ITU and Unesco suggest that India is not doing too well compared with its developing neighbours in Asia (see chart at http://www.broadbandcommission.org/ documents/reports/bb-annualreport2015.pdf). Our leadership and government need to confront this reality, and apply themselves to reforms to improve conditions. Broadband subscriptions as a percentage of our population trail most countries, and the percentage of individuals using the Internet is at the bottom of the pack, with Myanmar, Bangladesh, Pakistan and Nepal.

To make Digital India a reality, here's what the government needs to do:

Trials using TV White Space (TVWS, or unused broadcast spectrum) for broadband are finally under way, after years of struggle to get them going. If they work out, policies must be framed quickly for this spectrum to be bundled with fibre backbones such as BharatNet (the erstwhile National Optic Fibre network), and licensed service providers given access at reasonable cost.
Policies need to be formulated with government and operators working together, instead of as adversaries. This will increase the probability of success, as the private sector can be convinced of and contribute to practicable methods that they accept.
Policies for sharing spectrum can be extended to other under-used spectrum held by the government and Defence (secondary sharing, as in the USA), and to networks as well. This will facilitate broad, contiguous spectrum bands that are essential to support rising data usage that is affordable. Policies must also enable authorised operators to access all networks, fostering competition while increasing revenue potential and reducing costs. The data on broadband at the end of 2014 in the Broadband Report 2015 by the ITU and Unesco suggest that India is not doing too well compared with its developing neighbours in Asia. Our leadership and government need to confront this reality, and apply themselves to reforms to improve conditions.
The TVWS devices are manufactured by relatively small companies abroad with the exception of Huawei, which acquired Neul, one of the pioneers in the UK. Indian innovators can produce such devices locally, but only if they have a supportive ecosystem. That means sufficient continuing orders to create revenues for sustainable profits and cash flows. In a market like India, such orders need government support until new policies are in place and the demand is established. Once that happens, private enterprises can compete.

For instance, a chip designer start-up in Bangalore with designs for TV and broadband cards using TV White Space has had to scramble to manufacture complete products to bring their prototypes to market. Without sustained buying, they'll languish like other device manufacturers overseas, with episodic sales to narrow markets. That's because developing economies are likely to be bigger markets for these devices than developed economies, but only after policies allow deployment; secondly, there's insufficient support in developed markets. The irony will be if Indian innovators can get only offshore prospects like Huawei as partners or investors.
Unremitting government effort in the systematic development of basic infrastructure services (at the primary level, besides communications, there's power, transportation, water and sanitation, basic health and education; at the secondary level: communities, markets and financial systems) will round out the potential for India as a producer economy as well as a large and growing market.

This is the work that now needs to get done: accept the reality of our infrastructure deficiencies, change our spectrum and network sharing policies, plan step-by-step, and execute for results.

For more details visit https://cis-india.org/telecom/blog/business-standard-october-1-2015-shyam-ponappa-digital-india-now-to-work

Notes for India as the digital trade juggernaut rolls on

basu — 2022-02-09T15:04:36Z

Sitting out trade negotiations could result in the country losing out on opportunities to shape the rules.

The article by Arindrajit Basu was published in the Hindu on February 8, 2022

Despite the cancellation of the Twelfth Ministerial Conference (MC12) of the World Trade Organization (WTO) late last year (scheduled date, November 30, 2021-December 3, 2021) due to COVID-19, digital trade negotiations continue their ambitious march forward. On December 14, Australia, Japan, and Singapore, co-convenors of the plurilateral Joint Statement Initiative (JSI) on e-commerce, welcomed the ‘substantial progress’ made at the talks over the past three years and stated that they expected a convergence on more issues by the end of 2022.

Holding out

But therein lies the rub: even though JSI members account for over 90% of global trade, and the initiative welcomes newer entrants, over half of WTO members (largely from the developing world) continue to opt out of these negotiations. They fear being arm-twisted into accepting global rules that could etiolate domestic policymaking and economic growth. India and South Africa have led the resistance and been the JSI’s most vocal critics. India has thus far resisted pressures from the developed world to jump onto the JSI bandwagon, largely through coherent legal argumentation against the JSI and a long-term developmental vision. Yet, given the increasingly fragmented global trading landscape and the rising importance of the global digital economy, can India tailor its engagement with the WTO to better accommodate its economic and geopolitical interests?

Global rules on digital trade

The WTO emerged in a largely analogue world in 1994. It was only at the Second Ministerial Conference (1998) that members agreed on core rules for e-commerce regulation. A temporary moratorium was imposed on customs duties relating to the electronic transmission of goods and services. This moratorium has been renewed continuously, to consistent opposition from India and South Africa. They argue that the moratorium imposes significant costs on developing countries as they are unable to benefit from the revenue customs duties would bring.

The members also agreed to set up a work programme on e-commerce across four issue areas at the General Council: goods, services, intellectual property, and development. Frustrated by a lack of progress in the two decades that followed, 70 members brokered the JSI in December 2017 to initiate exploratory work on the trade-related aspects of e-commerce. Several countries, including developing countries, signed up in 2019 despite holding contrary views to most JSI members on key issues. Surprise entrants, China and Indonesia, argued that they sought to shape the rules from within the initiative rather than sitting on the sidelines.

India and South Africa have rightly pointed out that the JSI contravenes the WTO’s consensus-based framework, where every member has a voice and vote regardless of economic standing. Unlike the General Council Work Programme, which India and South Africa have attempted to revitalise in the past year, the JSI does not include all WTO members. For the process to be legally valid, the initiative must either build consensus or negotiate a plurilateral agreement outside the aegis of the WTO.

India and South Africa’s positioning strikes a chord at the heart of the global trading regime: how to balance the sovereign right of states to shape domestic policy with international obligations that would enable them to reap the benefits of a global trading system.

A contested regime

There are several issues upon which the developed and developing worlds disagree. One such issue concerns international rules relating to the free flow of data across borders. Several countries, both within and outside the JSI, have imposed data localisation mandates that compel corporations to store and process data within territorial borders. This is a key policy priority for India. Several payment card companies, including Mastercard and American Express, were prohibited from issuing new cards for failure to comply with a 2018 financial data localisation directive from the Reserve Bank of India. The Joint Parliamentary Committee (JPC) on data protection has recommended stringent localisation measures for sensitive personal data and critical personal data in India’s data protection legislation. However, for nations and industries in the developed world looking to access new digital markets, these restrictions impose unnecessary compliance costs, thus arguably hampering innovation and supposedly amounting to unfair protectionism.

There is a similar disagreement regarding domestic laws that mandate the disclosure of source codes. Developed countries believe that this hampers innovation, whereas developing countries believe it is essential for algorithmic transparency and fairness — which was another key recommendation of the JPC report in December 2021.

India’s choices

India’s global position is reinforced through narrative building by political and industrial leaders alike. Data sovereignty is championed as a means of resisting ‘data colonialism’, the exploitative economic practices and intensive lobbying of Silicon Valley companies. Policymaking for India’s digital economy is at a critical juncture. Surveillance reform, personal data protection, algorithmic governance, and non-personal data regulation must be galvanised through evidenced insights,and work for individuals, communities, and aspiring local businesses — not just established larger players.

Hastily signing trading obligations could reduce the space available to frame appropriate policy. But sitting out trade negotiations will mean that the digital trade juggernaut will continue unchecked, through mega-regional trading agreements such as the Regional Comprehensive Economic Partnership (RCEP) and the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP). India could risk becoming an unwitting standard-taker in an already fragmented trading regime and lose out on opportunities to shape these rules instead.

Alternatives exist; negotiations need not mean compromise. For example, exceptions to digital trade rules, such as ‘legitimate public policy objective’ or ‘essential security interests’, could be negotiated to preserve policymaking where needed while still acquiescing to the larger agreement. Further, any outcome need not be an all-or-nothing arrangement. Taking a cue from the Digital Economy Partnership Agreement (DEPA) between Singapore, Chile, and New Zealand, India can push for a framework where countries can pick and choose modules with which they wish to comply. These combinations can be amassed incrementally as emerging economies such as India work through domestic regulations.

Despite its failings, the WTO plays a critical role in global governance and is vital to India’s strategic interests. Negotiating without surrendering domestic policy-making holds the key to India’s digital future.

Arindrajit Basu is Research Lead at the Centre for Internet and Society, India. The views expressed are personal. The author would like to thank The Clean Copy for edits on a draft of this article.

For more details visit https://cis-india.org/internet-governance/blog/the-hindu-arindrajit-basu-february-8-2022-notes-for-india-as-the-digital-trade-juggernaut-rolls-on

Breakthroughs Needed For Digital India

Shyam Ponappa — 2016-05-04T02:34:19Z

It's time the government accepts that current policies are not enough to bring about Digital India.

The article originally published in the Business Standard on April 6, 2016 was also mirrored on Organizing India BlogSpot on April 7, 2016.

It helps to remind oneself of the scale of Digital India, its magnitude and sweep: to provide e-governance and other e-services everywhere, including 250,000 gram panchayats serving another 400,000 villages. That includes all the backbone and aggregation networks, and institutional processes to get there. The links indigitalindia.gov.in, such as http://www.bbnl.nic.in/, illustrate what's involved - and because many users are from households, the demand is for even more extensive networks.

The menu of services through Internet access is ambitious, and includes government services, health care, education, market information, financial services and so on. But it's the lack of basic access, of the "pipes" and "plumbing" for connectivity, that's the first, most difficult, yet essential step. Until this aspect is in place, getting results in areas such as efficient delivery of electricity, e-governance - including subsidies, education and skills, health care, manufacturing, and so on - is very much more difficult.

These services make up a robust wishlist, although their commercial underpinnings have yet to be designed and spelt out. As regards delivery, significant policy developments were reported last week. The Telecom Commission approved the operation of virtual network operators, allowing for operators who don't own networks or spectrum. They also recommended lowering spectrum usage charges from five per cent to three per cent of Adjusted Gross Revenues, while the exception of one per cent for Broadband Wireless Access spectrum continues. The bad news was in the Budget for 2016: service tax of 14.5 per cent on spectrum acquisitions, including through auctions.

But these are simply not enough. It's time the government accepts that Digital India is too distant, and they'd better formulate corrective measures. For example, even after 10 years with some success in setting up Common Services Centres (CSCs) in parts of the country, there doesn't seem to be a replicable template with sufficient momentum for ubiquitous connectivity. Worse, urban services remain constrained by too little spectrum that costs too much, with many impediments to augmenting capacity.

Consider factors affecting execution and delivery.

First, there's the telecommunications industry in its current beleaguered state. Its constituents have their backs to the wall for various reasons:

Low revenues and high costs.
Constrained access because of shortages - of networks; or of the means to build them, such as inexpensive rights-of-way, where laying fibre is feasible and viable; and where that isn't, shortage of inexpensive spectrum, and other cost-impediments such as local government charges for towers.
Below-par services for current demand.
Loads of debt, much of it incurred to pay for spectrum.
Banks with little appetite for further lending to this sector, and
Uncertain market sentiment.

For local manufacturers, the competition from global vendors is formidable if not overwhelming, given their advantages of ready access to capital, tax breaks, state sponsorship, established products and markets, and relationships. Access to spectrum will enable development and testing of devices, which is very difficult under present circumstances, but local manufacturing also needs entire ecosystems.

For the government, there's an overriding imperative for revenue collection. The motivation is an unrelenting need for (legitimate) expenditure on infrastructure, governance, and basic welfare in a developing economy. This is compounded by execution on a massive scale that also involves changes in user behaviour, for instance, village institutions like CSCs that have yet to take root. Another level of complexity is because two-thirds of users are from non-urban areas requiring extensive wireless broadband, untested for rural delivery except for satellite television.

With the public and media suspicious of government and industry, resolving these aspects is more difficult because of their skepticism and opposition. There's a disinclination to evaluate policies objectively because of recent scams. It is increasingly obvious that plugging away at legacy plans with their failure rate won't do, and more effective ways must be framed to achieve connectivity. For solutions acceptable to the government, to service providers, and the public, essential criteria are transparency and fairness. Next, the approach must be practicable, yield reasonable government revenues, and have reasonable profit potential. All these elements are required for sustainable initiatives. Every step has to be thought through, with all government departments working together (another big ask) and with industry, from the basic strands: connective links, sustainable equipment at reasonable cost, and revenue streams (whether from user payments or partly from subsidies) for services and content to more than cover those costs.

For more details visit https://cis-india.org/telecom/blog/business-standard-april-6-2016-shyam-ponappa-breakthroughs-needed-for-digital-india

Digital India Needs These Policy Changes

Shyam Ponappa — 2016-10-02T10:09:17Z

Appropriate policies will increase connectivity much more than spectrum auctions.

The article originally published in the Business Standard on August 31, 2016 was mirrored in Organizing India Blogspot on September 1, 2016.

There's a "List of 10 Things" for realising India's potential that Prime Minister Narendra Modi received as the chief minister of Gujarat from Jim O'Neill, the originator of the "BRIC" concept. Many items on that list are greatly facilitated by information and communications technology (ICT): effective governance; primary, secondary, and tertiary education; improved infrastructure; and sustainable approaches that minimise negative environmental impact. While there's agreement on ICT's importance for India, there's difficulty getting it in place to best effect. This is because policy changes are needed to make Digital India a reality. These are the kinds of decisions that will turn the rhetoric about connectivity into reality.

Some changes are relatively easy, such as enabling 60 GHz Wi-Fi, while others require more effort, as explained below. These include better terms for satellite communications, enabling broadband on the 500-600 MHz bands, and spectrum and network sharing.

In our land of such range and contradictions, so much needs improvement that everything clamours for immediate attention. Attempts to address them all together are misplaced, however, because achieving results requires goal orientation, prioritisation and systematic action, to direct a convergent investment of time, effort and capital. Also, projects must be done with the realisation that the acid test is end-to-end delivery, even if it is initially to a small segment of the market. Only then can the rest of the iceberg be addressed: consistent, ongoing operation and maintenance, and scaling up. Think of the years of effort, capital and human resources invested without that first delivery in the National Optic Fibre Network. While defining objectives appropriately and setting priorities are difficult, both are imperative.

A recent report on The Networked Society City Index for 2016 by Ericsson reaffirms ICT's critical role in productivity and living standards.1 The report also shows that better-developed cities are on more sustainable paths to the goal of the desirable triple bottom line (TBL) of social, economic and environmental betterment. ICT facilitates not only sustainable development of cities and often their surroundings, but extends through the networked society far beyond their geographical environs. Even our metros need attention, with Mumbai and Delhi ranking at 36 and 38 out of 41.

The Wireless Imperative

Efforts at setting up Digital India have to contend with the reality that most non-urban communications have to be wireless, as does a significant proportion of urban access. This is because the cost and practical difficulties in laying and maintaining fibre everywhere is far greater than building wireless networks. The accompanying chart, showing the spread of broadband in India at the end of March 2016, illustrates this point.

The clusters are around major cities, with broadband penetration in Delhi/NCR highest at 58.2 per cent. Except along their major connecting links, the spaces between clusters are more difficult to connect and aggregate, as habitations are not densely clustered. Also, potential revenues are generally lower in less dense areas. Such areas urgently need lower-cost wireless coverage.

Policy Changes Required - from Easy to Difficult

Of the many constraints to building more accessible ICT in India, a major set lies within the control of government and stakeholders, provided they act together and are not adversarial about policies governing access technologies:

There are unused frequencies in the 60 GHz band for which inexpensive equipment is available abroad with a capacity of several gigabits. Press reports years ago mentioned the de-licensing of this band in India. Last November, the Telecom Regulatory Authority of India (TRAI) recommended de-licensing Wi-Fi use, and light licensing backhaul with minimal charges. Yet, this asset is wasted because there's no policy permitting its use. It costs nothing to de-license in line with global norms. Apart from additional Wi-Fi capacity, service providers could use it for backhaul from small cells. Revenues are likely to rise, and the government would collect increased taxes. Domestic manufacturers could possibly develop products for what should be a huge market.
Another proven technology is satellite communications. This is priced too high in India, as explained in "Satellite communications can drive the broadband revolution", Business Standard, 23 April 2016.2 Satcom tariffs are apparently nearly 300 times higher than in the US, while private sector applications for manufacturing satellites are languishing. Also, there is considerable potential for manufacturing associated equipment, such as VSATs, end-user terminals, and so on.
A third area is unused or underutilised government spectrum. The most-useful and least-controversial, except for turf considerations, is unused broadcast spectrum in the sub-700 MHz bands. Government departments, namely, the department of telecommunications (DoT), the Ministry of Information and Broadcasting (I&B), the Department of Electronics and Information Technology (DeITY), and the Trai, could coordinate their approach, so that I&B and Doordarshan retain the spectrum, while allowing common access to shared spectrum and infrastructure for paid use by service providers. Doordarshan could increase its reach by providing programming and content over these links.
These frequencies would be most effective in extending rural broadband, because of the distances that could be covered inexpensively. There is an issue with equipment, as there are no large, established markets anywhere yet for TV White Space devices, and there is insufficient support for local manufacturing even with Indian intellectual property rights. In fact, we have a Catch-22 situation here: such devices are likely to have massive deployment in India, but we don't have policies that allow these frequencies for broadband. The irony is that developers who manufacture prototypes in India have no access to spectrum even for testing their products, and will have to rely on markets abroad for testing as well as sales.

Other Frequencies

Rules restricting usage of other frequencies could also be amended through a coordinated process. The result could be policies that treat spectrum usage as part of a shared infrastructure solution for Digital India. Using a shared access for payment approach with secondary sharing, primary holders of spectrum can retain usage rights, while government revenues accrue from swathes of spectrum that now remain unused, and holders of spectrum earn from common access.

For more details visit https://cis-india.org/telecom/blog/business-standard-september-1-2016-shyam-ponappa-digital-india-needs-these-policy-changes