Data security

Despite the obvious pitfalls of the government’s ‘digital economy’ narrative, it is imperative to assess the nitty-gritty of this apparent shift towards a new techno-economic paradigm. On Tuesday, mobile chipset manufacturer Qualcomm made an interesting assertion. It said that no mobile payment application being used by consumers in India was completely secure. Truth be told, there is no such thing as a 100 per cent secure app. But what the company’s Senior Director for product management, S Choudhury said was that the lack of support for hardware-level encryption could allow for user login details and data to be stolen. “Most of the banking or wallet apps around the world don’t use hardware security,” Choudhury told the Press Trust of India. “They actually run completely in Android mode and [a] user’s password can be stolen,” he said, adding that a user did not know if a mobile banking app they were using was utilising hardware-based security or not. Following the demonetisation of Rs 500 and Rs 1000 notes on November 8, the Centre has been promoting and ‘incentivising’ the use of digital payment methods. Going by media reports, the narrative now is all about going cashless, while the fight against black money and the counterfeit currency have seemingly receded into the background. Some of the biggest beneficiaries of the government’s latest measure have been mobile payment apps such as Paytm and Freecharge. Industry professionals and security analysts have, however, closely scrutinised these digital payment companies and sought improvements to their security architecture, as mentioned above by the likes of Qualcomm. On November 24, Paytm discontinued its app-based point-of-sale feature for merchants one day after its launch on data security concerns. The feature was criticised for allowing customers to enter their card details on a merchant’s phone, allowing potential thefts of their data. Besides technical concerns, there are larger legislative issues that need to be urgently addressed as we seemingly enter a digital world. Given the recent incidents where an online group hacked the accounts of prominent individuals, the Ministry of Electronics and Information Technology has ordered an immediate audit of the financial sector. The Centre hopes to find ways by which it can strengthen the Information Technology Act and facilitate the formation of a team to tackle cyber crime.

Despite the glaring errors in the government’s recent demonetisation initiative, there are distinct advantages to the expansion of digital transactions in our economy. Until recently, the entire discourse on a cashless economy had focused on some fundamental structural concerns that require urgent redressal. India is predominantly a cash economy. It’s estimated that between 90 and 98 per cent of all transactions in India involve cash. Going one step further, approximately 92 per cent of the country’s workforce is in the unorganised sector and earn their wages in cash. Moreover, a mere 6 per cent of retailers accept debit cards or mobile payments. Despite the government’s initiative to bring vast swathes of the rural populace into the formal banking system through schemes like the Pradhan Mantri Jan Dhan Yojana, the proportion of those who remain unbanked is still substantial. In ore, however, critical issues regarding privacy, data security and the rights of customers have to be addressed. With some of the NDAther words, the lack of infrastructure to expand the ecosystem of digital payments remains a serious obstacle. Beyond concerns over devices and infrastructure government’s biggest reform initiatives, including the banking-for-all Jan Dhan Yojana, Aadhaar and Digital India, implemented on a 'grand scale', the government can no longer brush aside these issues. Along with China, Russia, Saudi Arabia, and South Korea, India is ranked among the top five nations most vulnerable to damaging cyber attacks, according to a recent book co-authored by data-mining experts from the University of Maryland (UMD) and Virginia Tech in the United States. Earlier this year, the Indian banking system suffered possibly its biggest data security breach in its history, leaving customers and their money at significant risk. Information related to 3.2 million debit cards from at least 19 commercial banks was leaked due to malware in ATM security systems. What’s worse, it reportedly took three months for the banks to discover the security breach. With the move to digital payments, these fears take greater precedence with citizens vulnerable to data misuse and without any rights to protect that information and data. In the past, the government has indeed ridden roughshod over privacy concerns in allowing the wider use of a citizen’s personal Aadhar data by private bodies under clause 57 of the Aadhar Bill. The opposition asked the government to drop the provision, but to no avail. With inadequate safeguards for data protection, among other concerns, the government has avoided critical and detailed questions. In response, concerned citizens have petitioned the Supreme Court, and the question of whether privacy is a fundamental right is now under review. Clearly, the current provisions enshrined under the IT Act are not enough, considering the limited scope provided for data protection and privacy-related requirements. This 14-year-old piece of legislation does not foresee a comprehensive legal framework for privacy and data security.

Without the Supreme Court’s intervention, the government can indeed begin the process to establishing a comprehensive data security framework, where the issue of privacy has to be assessed. In a recent column for Scroll.in, Rajeev Chandrasekhar, an independent Member of Parliament of the Rajya Sabha, asks: “What are the rights of those whose data is held with companies and government departments? Do we have the legal frameworks, resources and infrastructure in place to protect these rights? What are the immediate areas of intervention for the government?” These questions will have to addressed, whether the government likes it or not. As Chandrasekhar goes on to write: “With the push towards e-payments and making India a digital economy, the ramifications on citizens are significant. Most citizens do not know what kind of data is being collected by digital payment portals and apps. The transformation to a digital payments system will involve significant changes in consumer behaviour and habits.”