Shambhu Singh, Joint Secretary, Ministry of Home Affairs, Government of India, tells Elets News Network (ENN) how individual as well as business data are always at the risk of being exposed and what measures should be initiated to guard the same
Over the last three years, we have been occupied with the subject of privacy and the vast world of eGovernance rather than the electronic world itself. Over the period of time, we have come to realise that even with government programmes and our actions in day to day life, we are being monitored or can be monitored from minute to minute.
The government has its various schemes like CCTNS, RSYB, DNA profiling, protective rights of women, privilege communications and brain mapping, and most of those are being implemented through ICT platform. An increased collection of citizen data by the government and the private sector has been raising the privacy concern.
Now, imagine a situation wherein somebody is after you and you are travelling. You pass through toll gate and swipe the card, your presence is recorded there. You make an ATM transaction and your presence is recorded there, too. So, if there is somebody keeping a watch on you, you can be under surveillance round the clock. Further, information is regularly collected, which is mandatory in nature. For example, data related to health, travel, taxes, religion, education, financial status, employment, disability, living situation, welfare status, citizenship status, marriage status, criminal record, etc — everything is being collected. So, how intrusive things can go in our lives on a daily basis is better left to imagination.
Global data flow today is no longer a file initiated by somebody 30 years ago through an individual action for a pointto- point transfer. Now, it is instant and the moment one starts a transaction, multiple data flows happen simultaneously — be it on the web, online social networking, search engines or cloud computing. Such ubiquitous data transfers over the internet and enhanced technology of data processing with direct involvement of individuals in trans-border data flows. While this exposes individuals to more privacy risks, it also challenges the businesses, as they collect the data of others, have their own data and are responsible for what they do with that. After all, information is the key as far as their businesses are concerned.
The private sector, on the other hand, uses personal data to create new demands, build relationships and generate revenue from their services. Individuals upload their data on the web in return for useful services at almost no cost, but of course at the risk of being exposed.
The majority of global cyberspace and communication networks are built using hardware and software solutions having proprietary closed source court. The realisation that the global networking infrastructure built up in the last couple of decades are porous and, more frighteningly, can even possibly be not under the control of the user and can be shut down remotely are possibilities which are now increasingly clear to the entire global cyber security establishment.
Now, if we think of the Snowden revelations and the surveillance activities carried out by the intelligence agencies for other nation-states, the information leak so far has revealed that the holier-than-thou western MNCs and their technologies have been leveraged for a competitive advantage through economic and diplomatic gains by the US intelligence apparatus. The dangers to national security as well as individual liberties from the Big Data stored on the server farms of the giant MNCs are but the tip of the iceberg. The issue is monitoring directly through intelligence agencies and indirectly through the multinational corporations controlled and/or paid by them. All of us perhaps know of many such examples. Now, this has added a new urgent dimension to the requirement of enumerating policies and enacting laws on privacy for individuals as well as approving the security of the nation vis-à-vis cyber attacks.
As of today, India does not have any comprehensive policy. The High Courts and Supreme Courts have in various cases taken a stand that the situation should be evaluated on case to case basis and then let the practical kind of policy take shape in its natural course. We don’t even have national policy on governing of the data which are being collected for utilisation and sharing of that data which impede the citizen’s private life. Currently, there is no overarching policy governing the collection of data and use of information by the government. This has left to ambiguity over who is allowed to collect data, what data can be collected, what are the rights of the individual and how the right to privacy will be protected.
The extent of personal information being held by various service providers and specially the enhanced potential for their conversions, i.e. digitisation, carries with it is a matter that raises issues about privacy. There are substantial justifications for the right to privacy, yet there are certain violations of privacy that as individuals we should be willing to suffer in order to maintain a proper balance between the right to privacy and the security. For citizens to accept and consent to certain forms of surveillance i.e. to say it’s a positive phase, the state should be accountable for its actions. It cannot be left with an unfettered discretion to determine why and where it carries surveillance on its citizens without some form of what you could say a legal responsibility.
We have come to realise that even with government programmes and our actions in day-to-day life, we can be monitored from minute to minute… An increased collection of citizen data has been raising the privacy concern
Now, in this chaste paradigm, the government and the civil society need to debate and build legal regimes and practices that are transparent and inspire trust. Our entire public cyber infrastructure is inherently insecure and open to snooping. We need to ensure our national security and provide an acceptability of privacy of our citizens that is differential, i.e. national critical ICT infrastructure is based on verifiable open source protocols, which are entirely under our control enabling government policies and legislations for promoting indigenous infrastructure, data storage of the Indian population under Indian National Jurisdiction. It is the need of the hour and herein lies the opportunity for Make in India.