DR: Edition #12
Dear Reader,
Over the last couple of weeks there were two big developments in the Indian tech space, that should be of interest for the world in general. The first, and the more well-known development, is Facebook’s $5.7 billion investment in Reliance Jio. This is Facebook’s first major investment in a telecom operator and much has been written about the possible implications of this deal. For one, there is the combined market power of Reliance Jio’s 370 million customers and Facebook’s 400 million (across all its products — Facebook, Instagram, and especially WhatsApp). How this combination will play out remains to be seen. Maybe Facebook products will be pre-loaded on Jio branded phones. Or perhaps Facebook’s products will be given preferential carriage on Jio’s networks.
The most likely scenario though, is a tie-up between JioMart, Jio’s e-commerce venture, and WhatsApp. Reports indicate that this platform has already begun being tested. WhatsApp as an avenue for e-commerce has the potential to completely transform the Indian digital landscape, because of its sheer reach and ubiquity. Facebook knows this, which is why it has been trying to push for WhatsApp Pay in India for the last few years, albeit unsuccessfully. Now, with the backing of Reliance’s political capital, WhatsApp Pay could finally see the light of day, that too just in time for JioMart to begin an aggressive campaign of expansion.
The second major development is the ongoing battle between an ethical hacker and the Government of India’s about security flaws in Aarogya Setu, the new government-backed COVID-19 contact tracing app. The hacker, who goes by the name ‘Elliot Alderson’ on Twitter, published a detailed report of the security flaws he discovered in the app. This is especially concerning given not only the fact that 90 million Indians now have downloaded the app, but also that it is being made increasingly mandatory for an ever-expanding number of Indian citizens, including government officers, employees in private sector companies, and even evacuees returning from other countries.
The app was already facing intense scrutiny for its possible negative implications on individual privacy, and Alderson’s findings have only added fuel to the fire. The good news is that the government was quick to take note of Alderson’s findings. The bad news is that it dismissed them almost immediately. It is very likely that the Aarogya Setu app will become a permanent feature of the Indian governance landscape, in which case the reluctance of the government to adequately answer security related issues or even provide the open source code of the app, is disconcerting.
So, What’s Been Happening?
#1. Get up to date: PDP bill
The Unacademy episode, along with the increasingly omnipresent Aarogya Setu app, raises many a question on data privacy in India. The IT Act clearly isn’t covering the wide range of concerns that users of the big bad web face today. That’s why the Personal Data Protection Bill (PDP) was tabled in 2019, in order to accommodate the vast challenges of India’s digital terrains. Yet, the PDP is currently being reviewed by a Standing Committee, whose report on it will only be released in the Monsoon Parliamentary Session. With the pandemic raging on (with some experts gloomily predicting that cases will peak in June-July), it’s unlikely, perhaps, that it’ll find much space for discussion or public attention then. But that doesn’t mean that we stop interrogating its reach, or how it might affect the multiple cultural specificities of India’s internet usage. MediaNama leads the pack with this excellent series on how the PDP will impact schools to matrimonial websites to housing societies to surveillance (read: healthcare?)
#2. As we may teach: Where does all the ed-tech data go?
This week Facebook-backed ed-tech platform Unacademy was hacked, with the data of its 22 million users compromised. But worry not, Unacademy has clarified that in fact only 11 million users’ data was compromised as that’s all the records it has. Phew! But the thing is, that’s still the email addresses, and user details of a staggering 11 million people put up for sale. While the platform is doing its best to tighten security (“Data security and privacy protection of our users is of utmost importance to us,” says co-founder Hemant Singh) the state of privacy controls for Indian ed-tech companies is a cause for concern — because they’re often dealing with the data of vulnerable minors. Now that the PDP’s future lies in the hands of a standing committee, data privacy for ed-tech, one of India’s fastest-growing tech sectors, needs to be strengthened and centred in privacy debates. Aparna Ramanujam writes for The Bastion on the worrying state of data privacy in Indian ed-tech firms.
+ Aparna Ramanujam, The Bastion
#3. COVID-19: Making a case for net neutrality
Speaking of holy matrimony, the Facebook-Jio deal is perhaps a match made in heaven for the two companies. Facebook potentially stands to benefit from Jio’s ample country-wide networks (as mentioned above) bringing back age-old debates on net neutrality that started with its plans to launch the ‘Free Basics’ service in India in 2016. What followed was a massive public movement against the service (which in a somewhat surreal turn of events was partially popularised by the now-defunct All India Bakchod) and the Telecom Regulatory Authority of India eventually blocking the rollout of the service. As the uncertainty of the deal looms on India’s digital horizon, Wired brings us a reminder from the US of just how important net neutrality is, especially in the times of a pandemic, when more people are online than ever.
#4. Aarogya Setu app now ‘mandatory’ in all workspaces: Govt
Although countries all over the globe have placed their faith in technological innovation in their fight against COVID-19, many have done so with restraint. Using minimal data and decentralized approaches seem to be key in efficient contact tracing while recognizing the social responsibility of the State to ensure data privacy. However, can the same be said about the Aarogya Setu app? The Central government has mandated “100 percent” usage of the application by all employees of public and private organisations in containment zones. What seems to be unclear is whether this applies to the residents of these areas as well. While other countries have adopted a voluntary approach to contact tracing apps, the Indian government seems to have taken the route less taken; given privacy concerns, could this, in fact, be the wrong route?
+ Aashish Aryan, Indian Express
#5. India’s digital response to COVID-19 risks inefficacy, exclusion and discrimination
While most concerns with Aatogya Setu are currently centred around privacy, Divij Joshi reminds us that the impact of surveillance surpasses data security and misuse. It is vital for us to acknowledge that these technologies are being adopted “within a highly fragmented socio-economic and political landscape, with the potential to exacerbate discrimination and state violence against marginalised groups as well as obscure and deepen failures within our public health and governance systems.” His extremely informative piece explores the shortcomings of rapid digital health technologies that stem from the absences of a robust digital health-information infrastructure, legal frameworks, and widespread internet services. By revisiting the swift intervention of tech during the Ebola crisis in West Africa, and how it lead “to error-prone and unhelpful policy recommendations”, Joshi asks us to learn from history and avoid making the same mistakes.
#6 Facial Recognition and the State
For the past few months, contact tracing applications seem to be the hot topic of discussion for all privacy enthusiasts. However, another striking issue may have fallen through the cracks during this pandemic, i.e, the National Automated Facial Recognition System (AFRS). Long story short, the National Crime Records Bureau (NCRB) has sought to revise its Requests for Proposals (RFP) of tender bids regarding the AFRS. The database of photographs is likely to be used to quickly identify criminals by collating existing data points from other sources. The use of this, arguably very powerful technology, in the absence of a robust data protection legal framework could be a step towards mass surveillance, even if that’s not the intent. The Internet Freedom Foundation (IFF) has written to the NCRB and the MHA, seeking a recall of the request for proposals and a halt to the tender process. Previously, IFF had called for a 3-year moratorium on facial recognition technologies by the state under its ongoing #ProjectPanoptic. Do check out their work!
Find us online
If you like what you see, please do follow us on Twitter, and Medium. Do subscribe to us at digitalrepublic.co.in
