original link is here
Economic Times, August 29, 2017
Original link is here
The Supreme Court’s verdict affirming the fundamental right to privacy should not come as news to technology companies. The court merely codifies what should have been an article of faith for Internet platforms and businesses: the user’s space is private, into which companies, governments or non-state actors must first knock to enter.
The technical architecture of Aadhaar and its associated ecosystem, too, will now be tested before a legal standard determined by the court. But GoI should see this judgment for what it is: a silver lining. The verdict bears enough hints to suggest the court sees the merits in a biometrics-driven authentication platform.
In fact, Justice DY Chandrachud impresses upon the possibility of better governance through big data, highlighting that it could encourage “innovation and the spread of knowledge”, and prevent “the dissipation of social welfare benefits”. The court’s words should spur GoI to create a ‘privacy-compliant Aadhaar’.
But this requires systematic thinking on the part of its architects. The private sector, too, will have to put ‘data integrity’ and privacy at the core of their consumer offerings and engagement.
For starters, GoI must account for Aadhaar’s biggest shortcomings — its centralised design and proliferating linkages. A central data base creates a single, and often irreversible, point of failure. GoI must decentralise the Aadhaar database.
Second, Aadhaar must be a permission-based system with the freedom to opt-in or out, not just from the (unique identification (UID) database but from the many services linked to it. This must be a transparent, accessible and user-friendly process.
With a ‘privacy-compliant’ Aadhaar, GoI would not merely be adhering to the Supreme Court verdict, but also be on the verge of offering the world’s most unique governance ecosystem. Take Beijing’s efforts, for instance.
In 2015, the Chinese government unveiled a national project to digitise its large, manufacturing-intensive economy and to create a digital society. The ‘Internet-plus’ initiative aimed for the complete ‘informationisation’ of social and economic activity, and harvest the data collected to better provide public and private services to citizens.
China has no dearth of capital or ICT infrastructure. But the ‘Internet plus’ initiative has struggled to take off in any significant way. The project suffered from a fundamental flaw: Beijing believed by gathering information — from personally identifiable data to more complex patterns of user behaviour — the State would emerge as the arbiter of future economic growth, consumption patterns and, indeed, social or political agendas.
If a project like Aadhaar is to succeed, its underlying philosophy must be premised on two goals: first, to increase trust and confidence in India’s digital economy among its booming constituency of Internet users; and second, to ensure that innovations in digital platforms also result in increased access to economic and employment opportunities.
A privacy-compliant Aadhaar creates trust between the individual and the State, allowing the government to redefine its approach to delivering public services. The Aadhaar interface, that the Unified Payments Interface (UPI) and other innovations rely on, could well generate a ‘polysemic’ model of social security, where the same suite of applications cater to multiple needs such as digital authentication, cashless transfers, financial inclusion through a Universal Basic Income, skills development and health insurance.
But such governance models should not be based on a relationship of coercion or compulsion. It is heartening that India’s political class has embraced the court verdict.
A key reform missing in current debates about the UID platform is GoI’s accountability for its management. Aadhaar, to this end, should have a chief privacy officer who will be able to assess complaints, audit and investigate potential breaches of privacy with robust autonomy.
A privacy-compliant Aadhaar, with a bottom-of-the-pyramid financial architecture, would inspire confidence in other emerging markets to also adopt the platform, with Indian assistance. Companies and platforms must internalise that promise of black box commitments towards privacy and data-integrity may no longer suffice. These commitments must be articulated at the level of the board, and communicated to each user that engages with them. Overseers of data integrity must be appointed to engage with users and regulators in major localities.
The writer is Commissioner, Global Commission on the Stability of cyberspace
The G20 must foster linkages between traditional financial institutions, first-generation Internet users and the informal sources of their livelihood
Livemint, May 3, 2017
Original link is here
Last month, Germany convened the first-ever G20 “digital ministers” meeting, indicating how the future of connected societies and economies is now firmly at the top of the global agenda. In the run- up to the ministerial meeting, a T20 task force comprising think tanks and academia, of which this author was co-chair, was constituted to offer recommendations that would strengthen digital economies and manage the “digitalization” of traditional sectors. A prominent concern outlined by this group related to the threat to global financial systems because of greater interconnectivity and the creation of novel, untested architectures to manage payment processes. No country is more affected by the weaknesses in digital payments systems, global and domestic, than India, which is tackling the twin challenge of Internet adoption and expansive digitalization.
The future of global financial systems is tied to the security of the digital networks that sustain them. A recent report by UK-based insurance company Hiscox suggests cyberattacks cost the global economy nearly $450 billion. Whether in platforms like the UN group of governmental experts on information security, or through traditional trade agreements, the international community has struggled to offer a collective response to threats faced by the digital economy. The G20 digital ministers meeting is, therefore, a step in the right direction to give this issue the political visibility it needs.
The meeting resulted in the creation of a working group on the digital economy to articulate rules of operation for businesses, governments and users transacting on the Internet. The larger mandate of this working group is the creation of a strategy for securing the global digital economy. India should contribute to the working group’s findings, as its digital economy is qualitatively and quantitatively different from those of the advanced industrialized nations.
The working group will have to address concerns around security, digital access and international trade. Cybersecurity, traditionally understood, has come to mean the integrity of platforms, digital networks and devices. But the G20 should assess whether cybersecurity is a business objective or a means towards the larger goal of promoting digital access and financial inclusion. Should it be the latter, any ecosystem design should ensure affordability and affordable security for users at the bottom of the pyramid. The working group should also articulate policies for the digital economy that can be emulated in developing countries outside the G20. And finally, the G20 is responsible for ensuring that digital supply chains are not fragmented in this era of “de-globalization”. This is a real threat, and as the recent communique from the G20 finance ministers’ meeting suggests, the group was unable to defend the virtues of an open trading system.
The availability of digital infrastructure is not the holy grail for emerging markets. Even if the last user in the developing world were to be provided affordable and uninterrupted Internet access—a challenge in itself—her digital consumption would ride on the skills available, cybersecurity awareness, and the level of inclusion offered by technological platforms developed in advanced economies. Scholars Urvashi Aneja and Vidisha Mishra at the Observer Research Foundation make the case for a G20-wide “digital skills upliftment strategy” that can improve labour participation and competitive capacities for women and marginalized communities.
Yet another concern that the working group should address is the impact of “digitalization” on traditional industrial sectors. Here too, India like others in the developing world, is in the cross hairs of pervasive automation and the use of “intelligent” technologies. Automation will affect manufacturing jobs, and economists like Ester Faia suggest that it poses a risk to the service sector as well. Faia’s analysis, submitted as a working paper to the T20 group, also shows that the financial services sector, considered a safe haven in times of economic transition, has a 90% probability of automation in certain countries. A services-driven economy like India, therefore, must manage this disruptive transition and potential loss of jobs effectively.
How the shift to automated supply chains will affect the country’s urban demographic is also a question worthy of the Indian policymakers’ attention. For instance, as industrial supply chains become digitized, highly skilled jobs have clustered around certain urban centres with a technological focus—San Francisco, Phoenix and Munich, to name a few. Similarly, traditional manufacturing centres like Detroit and Liverpool have seen jobs plummet because of automation. Unpredictable employment trends alongside the current problems of unplanned urbanization will challenge economies within and outside the G20. This in turn will give rise to new domestic political dynamics that may sometimes clash with the G20’s stated objective of promoting globalization.
How can the G20 manage the tailwinds of such disruptive automation and “digitalization”? Carl Frey of the Oxford Martin School suggests that this disruption should be countered by policies that enable urban mobility and create a wide social safety net, such as one for national relocation support. There are discussions in India and in Silicon Valley about providing a universal basic income to manage this new dynamic. But can conservative financial institutions that thrive on old notions of risk as it relates to lending and banking adapt to such policies? The G20, through national and transnational policies, has always engaged with the formal economy. Its best shot at managing disruptive digital forces may ironically lie in embracing the informal sector via technology. Digital platforms will allow governments to provide social benefits to constituencies that formal financial instruments have been traditionally blind to, provided the G20 fosters linkages between the trifecta of traditional financial institutions, first-generation Internet users and the informal sources of their livelihood.
Samir Saran is vice-president at the Observer Research Foundation and was co-chair of the T-20 task force on the digital economy.
18 April, 2017, Economic Times
Original link is here
Long at the margins of the telecom and internet revolutions, India is today moving towards pole position on data consumption. The recently released Boston Consulting Group-The Indus Entrepreneurs (BCG-TiE) report on India’s internet economy suggests the country is the ‘second highest’ in terms of mobile internet adoption, clocking at 391 million users.
India’s digital economy is expected to double its value to $250 billion, and contribute to 7.5% of the GDP in three years. The projected data consumption per average user: 7-10 GB a month by 2020. Contrast this to the findings of the 2016 Ericsson Mobility Report that suggested data usage in India is slated to increase five-fold by 2021, rising to 1.4 GB per active smartphone. The five to seven times difference in projected data consumption between the 2016 Ericsson and the 2017 BCG-TiE one can be attributed to a disruptive intervention and a data-hungry consumer.
Jio, Reliance Industries Ltd’s technology startup, provided that disruptive intervention. It is perhaps the most influential driver behind the new numbers, which are, however, only the tip of the iceberg. There are deeper transformations that await the digital sector.
Three such transformations will prompt traditional telecom companies to compete and create new revenue streams that can’t rely on connectivity alone:
* The Death of Voice: Telecom companies should acknowledge the reality that traditional voice-based communication is now a market utility, not a luxury. ‘Voice-based’ communication companies will be pressed to invest in new infrastructure and ecosystems that meet the demand for videos and data-driven apps.
In practice, this means investing in infrastructure, and a new cadre of experts who can not only build platforms but respond agilely to disruptive innovation. Unless they can create this new technology ecosystem, they will perish.
* An Internet of People: Unprecedented data connectivity in the hands of half-a-billion (and growing) Indians will create an ‘Internet of People’, with each user signifying multiple opportunities to generate value for the platform economy. GoI’s flagship Digital India programme is, perhaps, the biggest public sector effort in the world to create such an ecosystem.
The ‘Internet of People’, in turn, gives rise to a major challenge: will the innovations for Indians be created and hosted in India? Or will the biggest platforms all be based abroad, leaving little room for the Indian platform economy to grow? As custodians of data, Indian businesses should build capacities for Big Data analytics, create tailored services and products for local consumers in local languages and, in the process, generate employment, unleash entrepreneurial spirits, and catalyse technology-driven social transformation. So, the individual is the biggest driver of India’s platform economy.
Policies for the Platform Economy: As India moves to a $10 trillion GDP by the early 2030s, the fuel of choice will be ‘bits and bytes’. If data is indeed the new oil, how is India prepared to secure this valued commodity? Regulatory questions around cyber security and data protection, as these relate to civilian networks in India, remain woefully unaddressed.
Policy debates in this space have been ‘principle-heavy’, seeking a golden median for regulation — say, for encryption or net neutrality — that can be emulated nationally. Instead, digital economy regulation should be ‘function-heavy’, prescribing rules of conduct for businesses and governments based on the end uses that data is deployed for.
The three-way contract between the user, service provider and app provider will determine questions like: who shares access to data? Can service providers innovate as nimbly as small startups providing applications on their platforms? How should applications be priced? And should this be reflected in data tariffs?
Jio is only one example of the disruption that is set to reverberate across the digital sector in India. That a company like Reliance can bring its considerable resources to bear on a digital enterprise definitely sets Jio apart from others. But the reality is that its digital infrastructure will generate little to no value for Jio, its nearest competitor or the next entrant into this sector. Innovation at the top, at the level of the platform, will expand the digital economy pie in India.
Already, Jio has emerged as a big contributor to Facebook’s latest quarterly revenues from Asia. How can Indian platforms avail the same benefits? It is crucial that India’s businesses, entrepreneurs and regulators train their sights on the application of data, rather than the tubes that deliver them to consumers.
The writer is vice-president, Observer Research Foundation. He has worked with Reliance Industries Ltd since 1994
While the state continues to exercise its regulatory capacity over digital spaces — a task it will likely keep in the coming years — the internet has magnified the rights and responsibilities of the private sector and end users across the world.
The interaction between states, non-state actors and transnational corporations necessitates the creation of a regime complex that clearly outlines their respective roles. This paper is a first step in that direction, articulating norms that may serve as the baseline for legal and political agreements on cyberspace. Inter-governmental gatherings like the UN Group of Government Experts have largely focused their efforts on the security of networks and ICTs. Multistakeholder organisations and platforms like the Internet Governance Forum, the Internet Corporation for Assigned Names and Numbers, and the Internet Engineering Task Force, have begun to re-orient their mandate, with a view to make their governance more inclusive and accountable.
The set of seven norms and their corollaries identified in this paper may inform the functioning of both intergovernmental and multistakeholder processes. This document also attempts to chart the role of the private sector in digital governance. The end user today is valuable to internet companies, since the data collected from consumers directly contributes to the creation of revenues. If user data is the basis of wealth generation, internet giants have a responsibility to invest in the user by offering local content and innovative technologies that are contextual. This is particularly true in the case of emerging economies and developing countries, where internet businesses should tailor to the unique needs of the next billion users.
This paper argues that effective internet governance requires shifting the locus of digital debates from the Atlantic to the Asia-Pacific and bringing in new voices and views of a new constituency of stakeholders. Similarly, all stakeholders must work towards building the capacity of growing digital economies and first-generation internet users. Efforts to fragment digital spaces by creating alternative “internets” must be avoided. Just as regimes that curtail the freedoms of internet users are undesirable, actions that raise the cost of local innovation and increase barriers to the unrestricted flow of technology, and thereby quality of access, should also be discouraged. These norms are a work in progress, and the author reserves the right to refine them through continued consultations with stakeholders across the spectrum.
1. Online = Offline + more
The protection of rights over the internet requires mechanisms that are unique, contextual and transformative. Rights on the internet should not be limited to those offline, and must build on the edifice of free speech and expression that already exists. Similarly, current regulatory frameworks must evolve in response to the digital medium. Just as traditional broadcasting regulations have become inadequate to regulate online speech, outmoded censorship laws often constrain free expression and impose a chilling effect. Contemporary conversations on privacy must reflect the need to protect sensitive data, while acknowledging its importance for technological innovations that benefit local communities.
NORM: Realising the transformative potential of the internet requires progressive online freedoms that move beyond rights granted offline.
COROLLARY: Real-world regulations must not constrain the advancement of technology; rather, they must evolve in response.
2. Let data flow
Affordable, universal and high-quality access to the internet is among the top policy prerogatives of governments today. Access will require substantial investments in the form of local data centres, internet exchanges and last-mile connectivity. As net exporters of data, developing countries represent a robust market for internet companies. For their digital economies to expand — thereby increasing the share of the global pie — the free flow of trans-boundary data must be coupled with the unrestricted flow of technology. Custodians of data should orient their research and development towards local solutions, and foster domestic entrepreneurship. Data flows, however, should respect the sovereign imperative of law enforcement and security.
NORM: The global free flow of information must necessarily lead to universal access to the internet in emerging economies that is affordable and qualitatively rich.
COROLLARY: Free flow of data must be complemented by free flow of technology that is tailored for local innovative solutions.
3. Living in an encrypted world
Governments around the world are locked in debate with industry bodies and civil society for the right to access encrypted communications. Backdoors and forced localisation of data, however, can decrease the overall standard of security in the market, curtail free speech, and violate the integrity of data. Governments should welcome technological developments that incorporate security by design, with a view to preserve the integrity and stability of digital networks.
NORM: Encryption must be the norm.
COROLLARY: Decryption of data must be subject to rigorous standards of judicial review.
4. The responsibility to inspect?
States are faced with increasingly dangerous and sophisticated threats from state and non-state actors in cyberspace. The technological and legal capacity for dealing with these threats is often disparate, caused in part by lack of access to proper forensic, investigative and prosecutorial tools. It is the sovereign function of a state to protect its own citizens and infrastructure from such threats, without undue interference or intervention in its affairs. The interconnected nature of the internet demands that governments and businesses across geographies cooperate towards norms of cooperation that mitigate the risk of conflict.
NORM: The responsibility of states to protect cyberspace is a sovereign function, commensurate to their capacity.
COROLLARY: The collective responsibility for protecting cyberspace requires global investments for building capacity in developing countries.
5. Strengthening the base
The ubiquity of low-end smartphones, the growth of affordable data networks in emerging economies, and the relative lack of awareness of cyber vulnerabilities among users leave networks and individuals vulnerable to exploitative practices. Enhancing cyber hygiene among internet users in emerging economies can help substantially decrease the vulnerability of the global digital space as a whole.
NORM: Cyber security must account for, and address technology limitations of the end user at the bottom of the pyramid.
COROLLARY: Local communities must be at the forefront of articulating policy solutions for cyber security.
6. Three rules for internet governance
Despite attempts to decentralise and diffuse the management of global internet governance institutions, there are inadequacies in revised accountability mechanisms. The locus of internet governance must shift from big transnational corporations to start-ups, medium and small local enterprises, from governments to multistakeholder communities, and from trans-Atlantic conversations to Asia-centric debates.
NORM: Multistakeholderism should be institutionalised by accounting for diversity in gender, geography and sectors.
COROLLARY: International internet governance must undertake three transitions and accommodate new stakeholders:
- States → Communities.
- Trans-national corporations → Small & Medium Enterprises and Startups.
- Atlantic → Asia and Africa
7. Against the Splinternet
The Domain Name System (DNS) represents a stable and contiguous platform of unique identifiers, comprising numbers and names. Attempts to fragment the internet by creating an “alternative” system or through interference in the functioning of the “root” should weigh its potential impact on internet users, businesses and governments. Just as technical efforts to create a parallel DNS should be discouraged, trade regimes around the digital economy should consider the effect of fragmenting the internet into differential pricing regimes. Affordable and universal internet access can be realised by removing policy barriers to the creation and strengthening of ICT infrastructure.
NORM: The internet should remain unfragmented.
COROLLARY: Differential trade regimes should not raise the cost of doing business in the digital economy nor impede low-cost connectivity to users in Asia and Africa.
- “Digital globalization: The new era of global flows” McKinsey Global Institute, February 2016, http://www.mckinsey.com/business-functions/digital-mckinsey/ourinsights/digital-globalization-the-new-era-of-global-flows