By Manindra Agrawal *
Professor, CSE Department, IIT Kanpur
Recently, the ban imposed by Government of India on 59 mobile phone apps has generated a lot of debate. Some have argued that such a ban goes against the spirit of openness and also does not achieve much, others have supported the ban based on security and privacy issues. Looking at the big picture, it is evident that digital technologies have entered into almost all domains of our lives, and the current pandemic has accelerated its adaptation. While this has considerably simplified the life of citizens from all strata, it has come at the cost of privacy and security. This trade-off – between ease of use and access on one hand and security and privacy on the other – needs very careful handling. In general, societies are willing to compromise with security and privacy as long as it does not lead to major consequences (e.g., revealing one’s location is acceptable, but not losing money from bank).
One major example of this trade-off was the Aadhar case in Supreme Court. In its ruling, the Court said that while right to privacy is fundamental, some compromises are permitted if one wants to access services, thus permitting use of Aadhar authentication for all Government services. More generally, if any new technology does not cause any additional reduction in security and privacy, it is deemed to be fine (the same is the case with Aadhar, and a challenge thrown by a former secretary to show how his privacy is additionally compromised be revelation of his Aadhar number led to a lot of noise on social media but little substance).
Before adaptation of new technology, therefore, it needs to be evaluated on the above criteria: does it cause any additional reduction is security and privacy? Such an evaluation is almost always imprecise due to complexities of associated hardware and computer software. Hence, answers to following questions have an important bearing on the evaluation: Is the source code of the computer program available? How trustworthy are places where the hardware and software are developed? Where are the servers located that store the data of the users?
Ideally, one would want to use only technologies for which answers to above questions are satisfactory. However, it is not always possible. For example, the source code of Windows operating system is not available and yet it is widely used on computers (Microsoft, the owner of the software, has recently addressed the security concerns partially by making the source code available at government level). Nevertheless, as a large country, India must strive to ensure that all the software and hardware that its citizens use is preferably made within the country. If that is not feasible, then it is from a friendly country, who will have fewer reasons to cause a security and privacy breach than a hostile country.
Viewed in above context, the recent bans are well justified. A number of these apps are known to cause privacy breaches (TikTok for example), their source code is not available, their data server are outside India in many cases, and they are developed in a country hostile to India. Given the expertise available within the country, it is not going to be difficult to develop good substitutes to these apps.
In fact, there is a strong need to go beyond and carefully evaluate all the software and hardware being imported into the country and avoid using any coming from countries that have a poor track record in protecting security and privacy of users, as well as strongly encourage development indigenously. Recently sanctioned seventeen Technology Innovation Hubs for development and deployment of technologies for cyberphysical systems by Department of Science and Technology are a good step in this direction. Hopefully, Indian academia, industry, and government will join hands to ensure that these Hubs produce indigenous technologies that cater to the needs of citizens and at the same time do not cause any degradation of their security and privacy.
*Source: PIB Blog authored by Manindra Agrawal
Professor, CSE Department, IIT Kanpur