original link is here
Economic Times, August 29, 2017
Original link is here
The Supreme Court’s verdict affirming the fundamental right to privacy should not come as news to technology companies. The court merely codifies what should have been an article of faith for Internet platforms and businesses: the user’s space is private, into which companies, governments or non-state actors must first knock to enter.
The technical architecture of Aadhaar and its associated ecosystem, too, will now be tested before a legal standard determined by the court. But GoI should see this judgment for what it is: a silver lining. The verdict bears enough hints to suggest the court sees the merits in a biometrics-driven authentication platform.
In fact, Justice DY Chandrachud impresses upon the possibility of better governance through big data, highlighting that it could encourage “innovation and the spread of knowledge”, and prevent “the dissipation of social welfare benefits”. The court’s words should spur GoI to create a ‘privacy-compliant Aadhaar’.
But this requires systematic thinking on the part of its architects. The private sector, too, will have to put ‘data integrity’ and privacy at the core of their consumer offerings and engagement.
For starters, GoI must account for Aadhaar’s biggest shortcomings — its centralised design and proliferating linkages. A central data base creates a single, and often irreversible, point of failure. GoI must decentralise the Aadhaar database.
Second, Aadhaar must be a permission-based system with the freedom to opt-in or out, not just from the (unique identification (UID) database but from the many services linked to it. This must be a transparent, accessible and user-friendly process.
With a ‘privacy-compliant’ Aadhaar, GoI would not merely be adhering to the Supreme Court verdict, but also be on the verge of offering the world’s most unique governance ecosystem. Take Beijing’s efforts, for instance.
In 2015, the Chinese government unveiled a national project to digitise its large, manufacturing-intensive economy and to create a digital society. The ‘Internet-plus’ initiative aimed for the complete ‘informationisation’ of social and economic activity, and harvest the data collected to better provide public and private services to citizens.
China has no dearth of capital or ICT infrastructure. But the ‘Internet plus’ initiative has struggled to take off in any significant way. The project suffered from a fundamental flaw: Beijing believed by gathering information — from personally identifiable data to more complex patterns of user behaviour — the State would emerge as the arbiter of future economic growth, consumption patterns and, indeed, social or political agendas.
If a project like Aadhaar is to succeed, its underlying philosophy must be premised on two goals: first, to increase trust and confidence in India’s digital economy among its booming constituency of Internet users; and second, to ensure that innovations in digital platforms also result in increased access to economic and employment opportunities.
A privacy-compliant Aadhaar creates trust between the individual and the State, allowing the government to redefine its approach to delivering public services. The Aadhaar interface, that the Unified Payments Interface (UPI) and other innovations rely on, could well generate a ‘polysemic’ model of social security, where the same suite of applications cater to multiple needs such as digital authentication, cashless transfers, financial inclusion through a Universal Basic Income, skills development and health insurance.
But such governance models should not be based on a relationship of coercion or compulsion. It is heartening that India’s political class has embraced the court verdict.
A key reform missing in current debates about the UID platform is GoI’s accountability for its management. Aadhaar, to this end, should have a chief privacy officer who will be able to assess complaints, audit and investigate potential breaches of privacy with robust autonomy.
A privacy-compliant Aadhaar, with a bottom-of-the-pyramid financial architecture, would inspire confidence in other emerging markets to also adopt the platform, with Indian assistance. Companies and platforms must internalise that promise of black box commitments towards privacy and data-integrity may no longer suffice. These commitments must be articulated at the level of the board, and communicated to each user that engages with them. Overseers of data integrity must be appointed to engage with users and regulators in major localities.
The writer is Commissioner, Global Commission on the Stability of cyberspace
By Samir Saran & Arun Sukumar
Original link is here
External engagement is a factor of internal priorities. This has been an abiding tenet of India’s foreign policy. Which is why it’s puzzling that New Delhi’s policy towards China’s ‘Belt and Road Initiative’ (BRI) is out of touch with the reality of Chinese involvement in India’s own economy.
When the Pakistani daily, Dawn, revealed China’s plans to build Pakistan’s internet backbone via the China-Pakistan Economic Corridor (CPEC) last month (goo.gl/ttMtha), influential voices in India scoffed at Islamabad’s open invitation to Beijing to surveil its society. China is not only creating Pakistan’s fibre optic backbone but it is also developing its digital infrastructure for law and order ‘monitoring and control’.
The Chops and the Sticks
Just as the CPEC is BRI’s flagship project, the creation of information and communication technology (ICT) ecosystems is the most important element of BRI. In no other area will Beijing’s influence on BRI member states be more pronounced than in cyberspace. Because China can supply digital goods at extremely competitive prices.
India has stayed away from BRI to counter China’s influence on the region’s economies. This concern was eloquently articulated in 2015 by foreign secretary S Jaishankar, who suggested China was looking to “hard wire” norms of governance in Asia.
Digital spaces, in the absence of settled international regimes, are ripe for such hardwiring. Unfortunately, this concern is acute in India’s own digital economy.
Sample these statistics from the Kleiner Perkins Internet Trends 2017 report released on May 31. Four of the top-selling five smartphones in India today are Chinese: Lenovo, Oppo, Vivo and Xiaomi. Their collective market share grew from a modest 15 per cent in 2014 to an astonishing 52 per cent by the first quarter of 2017. More importantly, this growth came at the cost of Indian manufacturers, whose market share declined exactly in reverse, from 45 per cent to 15 per cent in three years.
The report also suggests UC Browser, developed by China’s internet giant Alibaba, has carved out a 50 per cent share of India’s mobile browser market. A 2015 ExIm bank report concluded that India is China’s largest “recipient of capital investment in electronics”. In 2013-14, China accounted for a staggering 58 per cent of all electronic imports to India.
So, one could argue that all roads from China’s digital economy lead to India. Given Beijing’s pervasive reach over India’s IT ecosystem, is it anyone’s case that BRI policies will not affect New Delhi?
The Indian response to China’s domination of its digital economy should not be to ban Chinese products and services. That would only halt the surge in internet penetration in India, and go against the grain of this government’s ‘Digital India’ and ‘Make in India’ initiatives. If anything, China’s technology giants must be invited to build capacity in India, whether in high-end manufacturing, data analytics abilities or through financing R&D in Indian universities. They must be encouraged to be honest interlocutors and to refrain from exploitative trade activities.
Fasten the Belt on the Road
From a strategic perspective, it must be ensured that China’s creeping influence over cyberspace rules does not pose a challenge for India. Indian players should not find themselves shut out by Chinese competition from the region’s digital economies, or at the very least, from their own.
Boycotting the Belt and Road Summit in Beijing last month was New Delhi’s political signal to Asian countries that it is willing to challenge China’s economic influence in the region.
This resistance cannot be premised on providing loans, products or services for the digital economy at par with China, not when India’s own market relies heavily on Chinese players.
It should, instead, be driven by a multilateral effort — led by India and other major economies like Japan, Singapore and South Korea — to set norms of governance for cyberspace in Asia. Such an effort would involve both a high-level understanding on the strategic and military uses of cyberspace, and dialogue between major industrial players on the technical standards and protocols to be adopted by them.
A rule-based ecosystem is the only way to prevent Chinese companies from dumping cheap devices in foreign markets, and gaming regulations to suit their products. But to incubate such an effort, India needs to articulate its own laws on data integrity, encryption, the access for law enforcement to electronic data, the Internet of Things and digital payments.
India’s most effective antidote to Chinese influence in Asia is the creation of an open domestic market, serving the ‘Digital India’ goals of inclusive and affordable connectivity, but secure and reliable enough that other jurisdictions can emulate as their own.
Without a baseline reference for the global standards it seeks to promote, India will also not be able to stem the influence of China in Asian markets.
Foreign policy is decisive in the pursuit of India’s strategic interests. But it is merely an extension of its domestic values and principles. A Digital India serves India’s interest when it is attractive to others and offers solutions others seek to embrace. India’s forceful show of intent by staying away from BRI must be backed by its own strategy to moderate China’s rise.
And that work begins at home.
(The writers are with the Observer Research Foundation, New Delhi)
The G20 must foster linkages between traditional financial institutions, first-generation Internet users and the informal sources of their livelihood
Livemint, May 3, 2017
Original link is here
Last month, Germany convened the first-ever G20 “digital ministers” meeting, indicating how the future of connected societies and economies is now firmly at the top of the global agenda. In the run- up to the ministerial meeting, a T20 task force comprising think tanks and academia, of which this author was co-chair, was constituted to offer recommendations that would strengthen digital economies and manage the “digitalization” of traditional sectors. A prominent concern outlined by this group related to the threat to global financial systems because of greater interconnectivity and the creation of novel, untested architectures to manage payment processes. No country is more affected by the weaknesses in digital payments systems, global and domestic, than India, which is tackling the twin challenge of Internet adoption and expansive digitalization.
The future of global financial systems is tied to the security of the digital networks that sustain them. A recent report by UK-based insurance company Hiscox suggests cyberattacks cost the global economy nearly $450 billion. Whether in platforms like the UN group of governmental experts on information security, or through traditional trade agreements, the international community has struggled to offer a collective response to threats faced by the digital economy. The G20 digital ministers meeting is, therefore, a step in the right direction to give this issue the political visibility it needs.
The meeting resulted in the creation of a working group on the digital economy to articulate rules of operation for businesses, governments and users transacting on the Internet. The larger mandate of this working group is the creation of a strategy for securing the global digital economy. India should contribute to the working group’s findings, as its digital economy is qualitatively and quantitatively different from those of the advanced industrialized nations.
The working group will have to address concerns around security, digital access and international trade. Cybersecurity, traditionally understood, has come to mean the integrity of platforms, digital networks and devices. But the G20 should assess whether cybersecurity is a business objective or a means towards the larger goal of promoting digital access and financial inclusion. Should it be the latter, any ecosystem design should ensure affordability and affordable security for users at the bottom of the pyramid. The working group should also articulate policies for the digital economy that can be emulated in developing countries outside the G20. And finally, the G20 is responsible for ensuring that digital supply chains are not fragmented in this era of “de-globalization”. This is a real threat, and as the recent communique from the G20 finance ministers’ meeting suggests, the group was unable to defend the virtues of an open trading system.
The availability of digital infrastructure is not the holy grail for emerging markets. Even if the last user in the developing world were to be provided affordable and uninterrupted Internet access—a challenge in itself—her digital consumption would ride on the skills available, cybersecurity awareness, and the level of inclusion offered by technological platforms developed in advanced economies. Scholars Urvashi Aneja and Vidisha Mishra at the Observer Research Foundation make the case for a G20-wide “digital skills upliftment strategy” that can improve labour participation and competitive capacities for women and marginalized communities.
Yet another concern that the working group should address is the impact of “digitalization” on traditional industrial sectors. Here too, India like others in the developing world, is in the cross hairs of pervasive automation and the use of “intelligent” technologies. Automation will affect manufacturing jobs, and economists like Ester Faia suggest that it poses a risk to the service sector as well. Faia’s analysis, submitted as a working paper to the T20 group, also shows that the financial services sector, considered a safe haven in times of economic transition, has a 90% probability of automation in certain countries. A services-driven economy like India, therefore, must manage this disruptive transition and potential loss of jobs effectively.
How the shift to automated supply chains will affect the country’s urban demographic is also a question worthy of the Indian policymakers’ attention. For instance, as industrial supply chains become digitized, highly skilled jobs have clustered around certain urban centres with a technological focus—San Francisco, Phoenix and Munich, to name a few. Similarly, traditional manufacturing centres like Detroit and Liverpool have seen jobs plummet because of automation. Unpredictable employment trends alongside the current problems of unplanned urbanization will challenge economies within and outside the G20. This in turn will give rise to new domestic political dynamics that may sometimes clash with the G20’s stated objective of promoting globalization.
How can the G20 manage the tailwinds of such disruptive automation and “digitalization”? Carl Frey of the Oxford Martin School suggests that this disruption should be countered by policies that enable urban mobility and create a wide social safety net, such as one for national relocation support. There are discussions in India and in Silicon Valley about providing a universal basic income to manage this new dynamic. But can conservative financial institutions that thrive on old notions of risk as it relates to lending and banking adapt to such policies? The G20, through national and transnational policies, has always engaged with the formal economy. Its best shot at managing disruptive digital forces may ironically lie in embracing the informal sector via technology. Digital platforms will allow governments to provide social benefits to constituencies that formal financial instruments have been traditionally blind to, provided the G20 fosters linkages between the trifecta of traditional financial institutions, first-generation Internet users and the informal sources of their livelihood.
Samir Saran is vice-president at the Observer Research Foundation and was co-chair of the T-20 task force on the digital economy.
18 April, 2017, Economic Times
Original link is here
Long at the margins of the telecom and internet revolutions, India is today moving towards pole position on data consumption. The recently released Boston Consulting Group-The Indus Entrepreneurs (BCG-TiE) report on India’s internet economy suggests the country is the ‘second highest’ in terms of mobile internet adoption, clocking at 391 million users.
India’s digital economy is expected to double its value to $250 billion, and contribute to 7.5% of the GDP in three years. The projected data consumption per average user: 7-10 GB a month by 2020. Contrast this to the findings of the 2016 Ericsson Mobility Report that suggested data usage in India is slated to increase five-fold by 2021, rising to 1.4 GB per active smartphone. The five to seven times difference in projected data consumption between the 2016 Ericsson and the 2017 BCG-TiE one can be attributed to a disruptive intervention and a data-hungry consumer.
Jio, Reliance Industries Ltd’s technology startup, provided that disruptive intervention. It is perhaps the most influential driver behind the new numbers, which are, however, only the tip of the iceberg. There are deeper transformations that await the digital sector.
Three such transformations will prompt traditional telecom companies to compete and create new revenue streams that can’t rely on connectivity alone:
* The Death of Voice: Telecom companies should acknowledge the reality that traditional voice-based communication is now a market utility, not a luxury. ‘Voice-based’ communication companies will be pressed to invest in new infrastructure and ecosystems that meet the demand for videos and data-driven apps.
In practice, this means investing in infrastructure, and a new cadre of experts who can not only build platforms but respond agilely to disruptive innovation. Unless they can create this new technology ecosystem, they will perish.
* An Internet of People: Unprecedented data connectivity in the hands of half-a-billion (and growing) Indians will create an ‘Internet of People’, with each user signifying multiple opportunities to generate value for the platform economy. GoI’s flagship Digital India programme is, perhaps, the biggest public sector effort in the world to create such an ecosystem.
The ‘Internet of People’, in turn, gives rise to a major challenge: will the innovations for Indians be created and hosted in India? Or will the biggest platforms all be based abroad, leaving little room for the Indian platform economy to grow? As custodians of data, Indian businesses should build capacities for Big Data analytics, create tailored services and products for local consumers in local languages and, in the process, generate employment, unleash entrepreneurial spirits, and catalyse technology-driven social transformation. So, the individual is the biggest driver of India’s platform economy.
Policies for the Platform Economy: As India moves to a $10 trillion GDP by the early 2030s, the fuel of choice will be ‘bits and bytes’. If data is indeed the new oil, how is India prepared to secure this valued commodity? Regulatory questions around cyber security and data protection, as these relate to civilian networks in India, remain woefully unaddressed.
Policy debates in this space have been ‘principle-heavy’, seeking a golden median for regulation — say, for encryption or net neutrality — that can be emulated nationally. Instead, digital economy regulation should be ‘function-heavy’, prescribing rules of conduct for businesses and governments based on the end uses that data is deployed for.
The three-way contract between the user, service provider and app provider will determine questions like: who shares access to data? Can service providers innovate as nimbly as small startups providing applications on their platforms? How should applications be priced? And should this be reflected in data tariffs?
Jio is only one example of the disruption that is set to reverberate across the digital sector in India. That a company like Reliance can bring its considerable resources to bear on a digital enterprise definitely sets Jio apart from others. But the reality is that its digital infrastructure will generate little to no value for Jio, its nearest competitor or the next entrant into this sector. Innovation at the top, at the level of the platform, will expand the digital economy pie in India.
Already, Jio has emerged as a big contributor to Facebook’s latest quarterly revenues from Asia. How can Indian platforms avail the same benefits? It is crucial that India’s businesses, entrepreneurs and regulators train their sights on the application of data, rather than the tubes that deliver them to consumers.
The writer is vice-president, Observer Research Foundation. He has worked with Reliance Industries Ltd since 1994
The velocity of digitisation and technology adoption must necessitate a response different from what was the norm in the ‘public sector era’
by Samir Saran and Vivan Sharan, Live Mint, Jan 26, 2017
Original link is here
A wider adoption of digital payments will invariably change the dimensions of risks, crime and security as well. Photo: Pradeep Gaur/Mint
Even as incessant political bickering is polarizing opinion on demonetisation, India is making a significant transition to a digital payments ecosystem. This project endeavours to breach the urban-rural divide, geographical exclusions of the real world, and income criteria that privileged only a few with access to certain private and public services. This new digital payments ecosystem is brutal in its attempt to alter the way India transacts, trades and is taxed.
A wider adoption of digital payments will invariably change the dimensions of risks, crime and security as well. If pickpockets were a common menace some decades ago, cybercriminals may dominate conversations in the days ahead as they eye digital and online transactions. While the “pickpocket” had to select a relatively “fat target” to make the effort and risk worthwhile, the cyber thief will have a low-risk environment (lack of forensic capabilities, human capacities and attribution challenges) and an expansive reach of technology that will make even “petty pickings” attractive. And although cybercrime will affect us all, it will harm the poor disproportionately. It could ravage the small savings of many, deprive them of their meagre means and, most importantly, result in erosion of trust in the financial ecosystem currently being built. It is, therefore, important that the government pay heed to small fraud.
An early warning of this was provided by the frisson of panic that followed the cautionary message from the newly launched Bharat Interface for Money application (BHIM app) on 4 January 2017: “Users please beware: Decline all unknown payment requests you may get! We will work on an update, which will allow you to report spam.” This response is inefficient and leaves the ecosystem vulnerable to malicious intent.
Governments around the world and here in India must respond to this new dimension, where “petty cash is big money” and digital pickpockets pose a range of threats to individuals, institutions and economic stability itself. Most governments have left themselves with little time to create the requisite mitigation capabilities. The velocity of digitization and technology adoption must necessitate a response from policymakers different from what was the norm in the “public sector era”, where Centrally controlled banks and enterprises offered a modicum of stability, privacy, and security (with less efficiency). To achieve this, a comprehensive approach for securing the digital ecosystem must be devised and some actions must be taken immediately.
First, there are a multiplicity of stakeholders operating networks and tools that pose varying degrees of risk. This, in turn, demands differentiated security responses. These include the Reserve Bank of India (RBI)-run National Electronic Funds Transfer (Neft) and Real Time Gross Settlement (RTGS), the National Payment Corporation of India’s (NPCI’s) Immediate Payment Service (IMPS) on which the Unified Payments Interface (UPI) currently operates, traditional card networks, mobile payments solutions, various banking apps. In a report released in December 2016, the Union ministry of finance’s committee on digital payments suggested a hierarchical approach based on the level of “systemic risk” posed by different tools and networks. This must form the design basis going forward.
Second, while industry is consulted by expert committees such as the one referenced above, an inclusive multi-stakeholder consultative process must become the norm for policymaking itself, to avoid arbitrariness. This can be done by instituting multi-stakeholder consultations that are transparent and inclusive. This is the model India has agreed is best suited to govern the Internet internationally, and it’s time to adopt consonant processes at home.
Third, while the “mobile” is being hailed as a replacement for physical wallets as well as a proof of identity through its widespread use in second-factor authentication of digital payments, government and users should be circumspect about the risks involved. For instance, there is evidence to suggest that distributed denial-of-service (DDoS) attacks—in which a multitude of compromised systems attack a single target, causing denial of service for users of the targeted system—are increasingly targeting the applications layer rather than the network layer of the Internet. In layman terms this means a sophisticated mode of cybercrime is being unleashed on unsuspecting users of mobile applications and popular software.
Mature hardware-based solutions, such as tamper-proof Universal Integrated Circuit Cards and Embedded Secure Elements, are being tested against the latest forms of cyberattack. Software-based solutions such as Host Card Emulation are also relatively secure but require upgrades through the cloud, placing large data demands on the user and testing the service capabilities of the issuer.
Globally payment solutions that have been able to integrate hardware- and software-based security exist, but domestic mobile payments providers are relying largely on software-based security solutions. And while the Indian government’s Computer Emergency Response Team, RBI and NPCI are undertaking security audits of payment solutions, it is important that users be given standardized information to make informed choices, particularly when the digital adoption drive is at its height.
Lastly, it may be useful for the government to think of the digital payments ecosystem, now anchored by the NPCI, as analogous to the Internet. And much like the Internet, the National Financial Switch (the infrastructure backbone of all Indian ATMs, operated by the NPCI) must acquire robust redundancies offered by private-sector partnerships in order not to be a vulnerable single point of failure—which can potentially be compromised by self-styled “legions” of hackers. The NPCI should be managed through multi-stakeholder groups that can help with standard-setting, and can ensure that the payments ecosystem serves the common citizen, making even a small transaction online.
Samir Saran and Vivan Sharan are, respectively, vice-president at the Observer Research Foundation and founding partner at the Koan Advisory Group.