Securing Trust in India’s Digital Citizenship

January 22, 2018

Blog

Jai Rajaraman, Vice President and Global Head of Technology

User privacy has been at the forefront of debates over digital identity since their inception.  The case of Aadhaar, the Indian government’s digital identity solution, has attracted particular attention in recent months.  India’s Supreme Court ruled in August of last year that privacy is a fundamental right of Indian citizenship, reigniting legal and political debates over Aadhaar.  Aadhaar has not been deemed a breach of privacy in itself; the case hinged rather on the security and confidentiality of the personal data the system relies on, and to what use that data may be put.

As India pursues its aim to bring about a largely cashless society, digital identity verification will play an increasingly central role in daily life there.  What citizens buy, which publications they read, and where they travel will in time become a matter of record.  Should transit by rail, for instance, come to require one’s Aadhaar number, the state will hold details on every train journey a citizen makes as a matter of course. With subscription to mobile networks in India already requiring verification via Aadhaar, the state would soon be able to link the travel and call records of every individual in the country. These implications have prompted debates across Indian society over proper safeguards on how that data can be used and secured.

Public trust in the solution was not helped by a recent exposé by investigative journalists.  Earlier this month, Indian newspaper The Tribune reported that it had been able to gain access to private identity information belonging to Indian citizens enrolled in Aadhaar, by paying an official at the Unique Identification Authority of India (UIDAI) around $8.  The official in question also provided, for a further $5, software necessary to print Aadhaar cards on entering the Aadhaar number of any individual – effectively enabling the reporters to clone the digital identity of almost anyone in India.  Sanjay Jindal, Additional Director-General at the UIDAI Regional Centre in Chandigarh, has accepted that these events constitute “a major national security breach.”  The story appears not to end there: the lead reporter working on the report claims she has so far revealed only “the tip of the iceberg” and that there is “much more to come”.

Public confidence in the solution has therefore inevitably been called into question.  While the Indian government faces no easy task, in digitising personal identity in the world’s largest democracy, the bottom line is that consumer trust is vital to uptake and success. The mobile industry can help here.  Mobile network operators have a natural interest in ensuring the privacy of their customers – it is on this relationship of trust that much of their commercial success depends.  Where operators are in the driving seat of identity verification, they will naturally place privacy among their very highest priorities.  With their range of authentication assets, such as the SIM card, strong registration processes, and multiple fraud detection and mitigation processes, mobile operators are uniquely well-positioned to help governments design and operate identity solutions – rather than merely providing them with the architecture via which to run them.  And, as 2017 drew to a close, it had become increasingly clear that operators are collaborating to take the lead in digital identity worldwide, building their expertise in this vital component of connected commerce and civic life.

Operator-led identity solutions like Mobile Connect can offer a robust system of consent management: where for instance the present implementation of Aadhaar sees users merely receiving SMS notification when their data is accessed by an approved party, operators can offer a far more consumer-centric consent mechanism.  By matching users with something they have on their person as a matter of course (their mobile phone), in conjunction with something they know (a PIN), and/or something they are (a biometric scan), Mobile Connect’s design precludes data breaches of the kind exposed by The Tribune.

With rigorous transparency and granularity – for instance data availability on a per-transaction basis – operator-led solutions can act primarily as tools of the user, rather than simply a means of integrating that user into a system over which they have little recourse.  Once users are confident in their level of control over their own data, legal and political roadblocks to connected citizenship can be increasingly removed – and rises in living standards can be realised for millions.

Back

Strong Mobile Customer Authentication under PSD2: Comparisons and Cons The new PSD2 regulations will bring about major changes to the digital security landscape. Among the most significant of these will be the requirement to use strong customer auth...

Read more | See all Identity Resources

Mobile Connect for Cross-Border Digital Services: Lessons Learned from The GSMA has released the results of the Mobile Connect and eIDAS implementation pilot. The year-long collaboration brought together several public and private sector organisatio...

Read more | See all Identity Resources

Mobile Authentication: Capitalising on China’s Identity Market China Mobile have firmly established themselves in the digital identity market. The network operator’s identity service, Mobile Authentication, offers a range of authentication...

Read more | See all Identity Resources

Mobile Connect in the GSMA Innovation City @MWC18 Mobile Connect, the mobile industry’s identity solution, will be present at Mobile World Congress’ GSMA Innovation City where attendees will have the opportunity to e...

Read more | See all Identity Resources

Presentations from the Mobile Connect Summit Singapore The Mobile Connect Summit was a forum for all stakeholders engaged with digital identity and  addressed the status of Mobile Connect deployments both globally and in the Asian m...

Read more | See all Identity Resources

Mobile Connect Privacy Principles The Mobile Connect Privacy Principles are intended to guide the use of personal information in Mobile Connect branded services. Mobile Connect enables verified authentication, au...

Read more | See all Identity Resources

CAPS Report on Authentication and Mobile Payments to aid Implementatio With PSD2’s Regulatory Technical Standards now published, the broader financial ecosystem is moving closer towards full-scale implementation of the EU’s revised payment servi...

Read more | Visit Identity Blog

eIDAS Pilot Recommends Mobile Connect for Cross-Border Digital Service Having removed many of the barriers to European cross-border trade by way of the Single Market, the European Commission’s vision of a Digital Single Market aims to create secur...

Read more | Visit Identity Blog

MWC18: Operators Poised to make Unique Contribution to Securing Trust As the digital economy grows, and the Internet of Things expands, digital identity authentication will play an increasingly routine role in the lives of billions around the world...

Read more | Visit Identity Blog

Securing Trust in India’s Digital Citizenship Jai Rajaraman, Vice President and Global Head of Technology User privacy has been at the forefront of debates over digital identity since their inception.  The case of Aadhaar, ...

Read more | Visit Identity Blog

Digital Identity: What to Expect in 2018 2017 was a profoundly important year in digital identity.  The tide turned decisively against usernames and passwords, with more than 86% of consumers expressing doubts over the...

Read more | Visit Identity Blog

China Mobile Now Scales up GSMA Mobile Connect for Global Authenticati China Mobile have announced their intention to advance in the digital identity market Sihan Bo Chen, Head of Greater China, GSMA A steady rise in spam and fraudulent activity in ...

Read more | Visit Identity Blog

Mobile Connect at Mobile World Congress 2018 February 26, 2018 The GSMA’s Identity team will be present at this year’s Mobile World Congress 2018, where Mobile Connect, the mobile industry’s identity solution, will be showc...

Read more | See all Identity Events

MWC18 Seminar: Data Attributes as the New Digital Identity Currency February 26, 2018 During this seminar we will focus on how attributes are becoming the new digital identity currency and how cross border identity transactions will shape ecommerce. A number of di...

Read more | See all Identity Events

MWC18 Seminar: How are Identity Regulations Shaping the Digital World? February 27, 2018 The seminar will focus on how technology and digital services are increasingly facing new challenges and opportunities to keep pace with today’s digital transformation. During ...

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2018 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.