A look back at the important developments in the technology policy space in 2016 and what to look forward to in 2017.
2016 began on a positive note, with media write ups and events organized to commemorate the International Data Privacy day in the last week of January. Awareness about data privacy principles is essential in an era where we are generating large volumes of ‘identifier’ type of data that can be used to identify a person, or entity in a digital ecosystem. As governance-driven digitization (Aadhaar, digital lockers, direct account transfers) fueled large-scale sensitive data collection and storage, citizens were left at the mercy of the Information Technology Act that has limited scope to penalize government agencies for breach of data privacy. 2017 will be a crucial year for data privacy advocates with the Supreme Court expected to give its verdict on whether Right to Privacy should be a fundamental right.
The month of March saw the passing of the Aadhar Bill that racked up a controversy over its introduction as a money bill. The bill, while defining a subsidy as any form of aid, support, grant, subvention, or appropriation, in cash or kind, to an individual or a group of individuals provided by the central government, mandated that the beneficiary furnish or enroll for an Aadhaar number while seeking benefits. However, it also provided the option to offer alternate and viable means of identification for delivery of the subsidy or service by the government, if an Aadhaar number is not assigned to an individual. The Supreme Court had already reprimanded the government over possible misuse of citizen information and the lessons learnt were reflected in the various clauses of the bill. The bill had provisions against government agencies disclosing citizen’s identity information in the public domain and interestingly, these penal provisions apply for offences committed outside India by any person, irrespective of his nationality.
The Geospatial Information Regulation Bill (2016) was put up for public consultation and the discourse around the draft had spanned across the wide spectrum of skepticism that such a regulation will stifle ‘innovation’, to panic that it will land citizens in jail for geo-tagging selfies. The Minister of State for Home Affairs justified it stating that national security considerations must not be compromised. The stated objective of the bill was to regulate the acquisition, dissemination, publication and distribution of geospatial information of India which is likely to affect the security, sovereignty and integrity of India and matters connected with these. While the need to regulate the use of geospatial services so that they are not misused is undeniable, the bill in its draft form was vaguely worded and left a lot of scope for institutional misuse. It is hoped that the process of public consultation will show some good results as it did in the in case of the access-neutrality debate last year.
The Telecom Regulatory Authority of India (TRAI) rolled out a new consultation paper, titled ‘Consultation Paper on Free Data’. This paper was third in the series of consultation papers that TRAI had rolled out since April last year with the intention to find a workable solution to the issue of increasing internet access in the country while preventing the throttling of content that is accessible through some platforms controlled by telecom service providers (TSPs), aka the ‘Net Neutrality’ issue. This paper reiterated the understanding that allowing TSPs to act as gate-keepers and regulators of content on their platforms is not the way forward for the growth of internet in India. In its entirety, the idea of ‘Free Data’ appeared to present data as a Public Good, a good that one individual can consume without reducing its availability to another individual and from which no one is excluded. Economists refer to public goods as “non-rivalrous” and “non-excludable”. Through this consultation TRAI seemed to be looking for a model that will allow first time internet users to access all content across all platforms, for Free. This ‘Free Data’ focused growth model for internet in India is a risky preposition as it entails behavioral changes that will be hard to reverse once they morph into a benefit-seeking mindset.
While policy analysts were still deciphering the ‘Free Data’ paper, TRAI rolled out another paper ‘Net Neutrality’. This paper was an attempt to address the proverbial elephant in the room after more than two years and numerous rounds of public consultations. TRAI brought clarity to the Net Neutrality debate by defining it as “the need for all TSPs to treat all Internet traffic on an equal basis, without regard to the type, origin, or destination of the content or the means of its transmission.” They also acknowledged the fact that adherence to this basic principle is a prerequisite to ensure that Internet in India maintains its open and non-discriminatory character.
Mid way into the year, TRAI also came out with a paper on ‘Cloud Computing’. This one covered everything from growth of cloud services in India, interoperability of data among various cloud platforms, quality of service, security of data on the cloud, government initiatives (or intervention) to promote implementation of cloud services and most importantly the legal and regulatory framework for cloud services in India. It spoke at length about the need to adopt the principle of ‘Data Sovereignty’ that is loosely defined as sovereign ownership of data within a country’s geographical boundaries. One of the positive mentions in the paper is that of a proposed ‘Right to Privacy Bill’ that the government plans to bring in order to give Indian citizens an entitlement-based safeguard over the privacy of their data. Will this lead to a legal/regulatory framework conducive to the growth of India’s data infrastructure or does it end up coercing multinational companies looking to tap into the tremendous growth of cloud services in India to set up physical data centers here is the thing to watch for in coming days.
Across the world, government agencies struggled to come to terms with new forms of technology used to encrypt end user data. Countries like Brazil tried to ban the use of WhatsApp, when they were not able to hand over end user data to law enforcement agencies. The FBI-Apple confrontation, where Apple was asked by the FBI to help in decrypting the phone of a terror convict, added fuel to the fire. Back home, we were still recovering from the public fiasco of the draft Encryption policy released by Department of Electronics and Information Technology (DEITY) in September 2015 when WhatsApp announced its plans for end-to-end encryption of communication between users. Due to the absence of a law that explicitly states the standard of encryption that can be used by different applications, encryption of messages on WhatsApp continues to be legal as of now. The DEITY has already come out with a new draft encryption policy, this one focusing on standards and processes instead of products and snooping requirements of law enforcement agencies.
Autonomous cars were probably the most disruptive technology of 2016. While a Singaporean start up beat Uber in the race to roll out the first ‘autonomous’ taxi service, Uber caught up by running trials in a much larger area in Pittsburg. While Google was expected to pioneer this technology, they seem to have become laggards now with firms opting for a retro-fit approach of loading autonomous tech on existing cars than entirely designing a new one like Google did. This technology has not had a smooth sailing with regulators across the globe. Back home, the public discourse around this technology was skeptical and critics pointed out that we have patchy mobile networks, inaccurate GPS integrations, lack of funding for disruptive tech, trust issues between drivers and riders as well as unruly traffic conditions that may not let autonomous vehicles to work in India. Those backing the tech argue that India could be the ideal testing ground for this technology and that data from navigating on Indian roads could exponentially improve driving algorithms. With the Minister for Road Transport coming out in support of Hyperloop trials on the Pune-Mumbai Expressway, we might actually see driverless taxis in India in 2017!
This year the services of websites like Twitter, Facebook, Netflix, Airbnb, Reddit and The New York Times went down when a distributed denial of service (DDoS) attack shut down internet infrastructure provider Dyn. Investigation into the attack revealed that it was engineered by a botnet (a temporary network of ‘dumb’ devices controlled by a malicious code) created using the Mirai bot. Mirai is a program that helps attackers to search for devices over the internet that are using ‘default’ passwords, the attackers then gains access to these devices for their own bidding and uses them to send repeated requests to a target website/service provider leading it to eventually crash due to overload. This and similar attacks highlight the need to adopt a ‘Security in Design’ approach in IoT devices. It would also mean that existing data collection and privacy policies are fine-tuned and end users are given more control over what information to share, with whom to share and a clear knowledge of recipients of this information. The Indian government has recently come out with a Machine to Machine (M2M) Communication policy that looks to address security and standardization issues across IoT devices. As more Indian startup firms venture into the hardware space using platforms like Amazon’s Alexa, it would be interesting to watch how policies shape up in this space.
Demonetisation and the Digital Economy
Just a day before Donald Trump was elected as the President of the United States of America, Indian Prime Minister Narendra Modi announced the withdrawal of currency notes of INR 500 & 1000. The stated objective of the move soon shifted to promoting of cash-less economy using digital payments. The nudge to adopt digital methods exposed two glaring issues, first was the lack of awareness among the general populace about securing carrying out digital transactions and the second was the lack of internet connectivity in rural areas. Securing the digital economy will need collaboration between companies, customers, and the government to ensure that fraudulent transactions do not act as a deterrent for those embracing these means. The larger challenge of internet connectivity cannot be solved overnight. As a recent survey conducted by ICT think-tank LIRNEasia and IIT-Delhi points out, the penetration of internet services in rural areas lacks the demand side push that is needed for success of programs like BharatNet. Over the next year we will get to know if the need to be part of a digital economy pushed the demand for internet services in rural India. However, it is surprising that the Unified Payments Interface (UPI) that was launched by the National Payments Corporation of India (NPCI) earlier this year has not been able to fill the void left by withdrawal of cash from our economy.
‘Challenging’ would be the one word to describe the relation between technology and policy/regulation in 2016. Policy makers were seen playing catch up with disruptive technology globally and traditional paradigms of protecting national security were challenged to protect individual freedom of speech and privacy. In India, programs like Digital India and Smart Cities received backing of political and administrative machinery but setting up of public Wi-Fi that could power these initiatives did not see the light of the day this year. Although the NITI Aayog endorsed the use of white spectrum, VSAT or Very Small Aperture Terminal technology and the Google Loon project, to increase internet penetration in remote areas, none of these were granted approvals due to bureaucratic quagmires.
2017 will undoubtedly see many such technology disruptions as startup firms across the globe as well as in India harness the tremendous potential of machine learning and artificial intelligence to come out with technology that may relieve us of mundane tasks and make a strong case for measures like universal basic income. Exciting times ahead!
(The author leads the digital policy team at The Dialogue, an online policy analysis portal. Views expressed are personal.)