Securing Personal Identities: Trust & Digital Privacy In India

Jaikishan Rajaraman, VP & Global Head - Technology, GSMAJaikishan’s main responsibilities centre around the development & deployment of inter-operable solutions for new services and technologies within the GSM community and the wider mobile ecosystem.

Ever since the creation of digital identities and the ability for individuals to take their personas online the privacy of users has been the number one concern. In August last year, India’s Supreme Court ruled that Indian citizens have a fundamental right to privacy. As a result, Aadhaar, the Indian government’s digital identity solution, has come under particular scrutiny, both legally and politically, in recent months. It’s important to note that Aadhaar has not been deemed a breach of privacy in itself. Its critics are concerned about the security and confidentiality of the personal data the system relies on, and how this data may be used elsewhere.

In India’s pursuit of a cashless society, digital identity verification is becoming increasingly important in everyday life. However a result of this is that everything citizens do online, from publications they read and where they travel, to items they purchase, will be accessible by the authorities. For example, if taking a train requires a person’s Aadhaar number, the state will have access to details on every journey they make. In addition, buying a SIM card for access to a mobile phone network already requires verification via Aadhaar, implying that the state can potentially see every call that is made, between who and how long. Naturally, these implications have prompted debates across Indian society over proper safeguards on
how that data should be used and secured.

The level of trust in Aadhaar has not been helped by The Tribune’s expose on the system. Earlier this month, investigative journalists at the paper found that they been able to gain access to private identity information belonging to Indian citizens enrolled in Aadhaar. To do so wasn’t hard: they just paid $8 to an official at the Unique Identification Authority of India (UIDAI). For a further $5, the official also gave access to the software necessary to print Aadhaar cards enabling the reporters to clone the digital identity of almost anyone in India. The story doesn’t end there the lead reporter working on the report claims she has so far revealed only ‘the tip of the iceberg’ and that there is ‘much more to come’.

As a result, public confidence in the system has been shaken. With the Indian government’s aim to digitize the personal identity of everyone in the world’s largest democracy, consumer trust is vital to uptake and success. The state needs to find a solution to make everyone feel their personal data is properly protected. This is where the mobile industry can help. Mobile network operators have a natural interest in ensuring the privacy of their customers – it is on this relationship of trust that much of their commercial success depends. As a result, when operators are responsible for verifying identities, privacy is one of their top priorities.

In addition, mobile network operators have a wide range of tools to help with verification. From the SIM card and strong registration processes to multiple fraud detection and mitigation processes, mobile operators are uniquely positioned to help governments design and operate identity solutions. And, as 2017 drew to a close, it was becoming increasingly clear that operators are starting to collaborate to take the lead in digital identity worldwide, building their expertise in this vital component of connected commerce and civic life. Operatorled, comprehensive identity solutions like Mobile Connect can offer a robust system of consent management. For example, while currently, Aadhaar users just receive a simple text message when their data is accessed, operators can offer more information and realtime updates through apps.

Operators can match users with some thing they have in their pocket: a mobile phone. A mobile, in conjunction with a PIN or biometric scan precludes data breaches of the kind exposed by The Tribune. With rigorous transparency and granularity, operator led solutions can act primarily as tools of the user giving them control and access to their information. It is providing this confidence that will enable citizens to feel safe when using their digital identities. In turn, legal and political roadblocks to connected citizenship can be removed and the benefits realized for millions.