Securing Trust in India’s Digital Citizenship

January 22, 2018

Blog

Jai Rajaraman, Vice President and Global Head of Technology

User privacy has been at the forefront of debates over digital identity since their inception.  The case of Aadhaar, the Indian government’s digital identity solution, has attracted particular attention in recent months.  India’s Supreme Court ruled in August of last year that privacy is a fundamental right of Indian citizenship, reigniting legal and political debates over Aadhaar.  Aadhaar has not been deemed a breach of privacy in itself; the case hinged rather on the security and confidentiality of the personal data the system relies on, and to what use that data may be put.

As India pursues its aim to bring about a largely cashless society, digital identity verification will play an increasingly central role in daily life there.  What citizens buy, which publications they read, and where they travel will in time become a matter of record.  Should transit by rail, for instance, come to require one’s Aadhaar number, the state will hold details on every train journey a citizen makes as a matter of course. With subscription to mobile networks in India already requiring verification via Aadhaar, the state would soon be able to link the travel and call records of every individual in the country. These implications have prompted debates across Indian society over proper safeguards on how that data can be used and secured.

Public trust in the solution was not helped by a recent exposé by investigative journalists.  Earlier this month, Indian newspaper The Tribune reported that it had been able to gain access to private identity information belonging to Indian citizens enrolled in Aadhaar, by paying an official at the Unique Identification Authority of India (UIDAI) around $8.  The official in question also provided, for a further $5, software necessary to print Aadhaar cards on entering the Aadhaar number of any individual – effectively enabling the reporters to clone the digital identity of almost anyone in India.  Sanjay Jindal, Additional Director-General at the UIDAI Regional Centre in Chandigarh, has accepted that these events constitute “a major national security breach.”  The story appears not to end there: the lead reporter working on the report claims she has so far revealed only “the tip of the iceberg” and that there is “much more to come”.

Public confidence in the solution has therefore inevitably been called into question.  While the Indian government faces no easy task, in digitising personal identity in the world’s largest democracy, the bottom line is that consumer trust is vital to uptake and success. The mobile industry can help here.  Mobile network operators have a natural interest in ensuring the privacy of their customers – it is on this relationship of trust that much of their commercial success depends.  Where operators are in the driving seat of identity verification, they will naturally place privacy among their very highest priorities.  With their range of authentication assets, such as the SIM card, strong registration processes, and multiple fraud detection and mitigation processes, mobile operators are uniquely well-positioned to help governments design and operate identity solutions – rather than merely providing them with the architecture via which to run them.  And, as 2017 drew to a close, it had become increasingly clear that operators are collaborating to take the lead in digital identity worldwide, building their expertise in this vital component of connected commerce and civic life.

Operator-led identity solutions like Mobile Connect can offer a robust system of consent management: where for instance the present implementation of Aadhaar sees users merely receiving SMS notification when their data is accessed by an approved party, operators can offer a far more consumer-centric consent mechanism.  By matching users with something they have on their person as a matter of course (their mobile phone), in conjunction with something they know (a PIN), and/or something they are (a biometric scan), Mobile Connect’s design precludes data breaches of the kind exposed by The Tribune.

With rigorous transparency and granularity – for instance data availability on a per-transaction basis – operator-led solutions can act primarily as tools of the user, rather than simply a means of integrating that user into a system over which they have little recourse.  Once users are confident in their level of control over their own data, legal and political roadblocks to connected citizenship can be increasingly removed – and rises in living standards can be realised for millions.

Back

Presentation: Identity Hangout Delivering Identity Services The first Identity Hangout: Delivering Identity Services on 5 December explored the value and commercial scalability of mobile-based identity services. The online event was targ...

Read more | See all Identity Resources

Presentations from M360 Series – Russia & CIS The 2018 GSMA Mobile 360 Series – Russia & CIS was a regionally-focused event drawing on global case studies for senior-level leaders from government & regulatory bodi...

Read more | See all Identity Resources

Presentations: Delivering Commercial Success Through Identity Services The GSMA Identity recently partnered with Turkcell to co-host an event in Istanbul which explored Turkey’s journey towards becoming the first Mobile Connect commercially su...

Read more | See all Identity Resources

Mobile Connect Workshop Presentations at MWCA Identity Seminar The seminar Mobile Connect Seminar: Reducing Fraud through Secure Authentication and ID Verification Services, brought together h wider mobile ecosystem aiming to prevent fraud b...

Read more | See all Identity Resources

Mobile Connect Workshop Presentation at Mobile 360 Digital Societies i The Mobile Connect workshop: Delivering commercial success through identity services attendees had the opportunity to learn the value and commercial scalability of mobile-based ...

Read more | See all Identity Resources

Distributed Ledger Technology, Blockchains and Identity: A Regulatory This paper provides an overview of the relevant regulations for the use of distributed ledger technologies (DLT) and blockchains for digital identity. Digital identity is the bas...

Read more | See all Identity Resources

News Flash: Business Leaders Flag Internet Security Fears Three-quarters of C-Suite execs say consumer data is too easily compromised online Consumers can’t trust the safety of their online identities, as too much of their personal da...

Read more | Visit Identity Blog

News Flash: Microsoft Explores Eliminating “Inverse Privacy” Reports claim software giant is seeking to increase users’ control over personal data Microsoft is working on giving people greater insights into the private data collected abo...

Read more | Visit Identity Blog

News Flash: Identity Fraud “at a Tipping Point” Symposium speakers highlight hackers’ ability to easily create synthetic identities The vast amount of personally identifiable information available on the Internet is making i...

Read more | Visit Identity Blog

News Flash: Digital Identity to Change Direction In 2019, there will be a shift from trying to digitise identity to creating digital identities underpinned by relationships, according to David Birch, a leading financial service...

Read more | Visit Identity Blog

News Flash: Taiwan Targets 2020 for Digital ID Government says digital ID cards will enable online access to 80% of public services The government of Taiwan is planning to roll out a digital identification system in 2020, acc...

Read more | Visit Identity Blog

Top 3 Digital Identity Trends for 2019: the Curtain Closes for the Hum   2019 will see the consolidation of multi-factor authentication As users have grown increasingly weary of creating endless online profiles (86% report abandoning purchases ...

Read more | Visit Identity Blog

Identity at MWC19 Barcelona February 25, 2019 Discover the latest innovations, market developments and business strategies in digital identity at MWC19 Barcelona. More details to follow. Register for MWC19 Barcelona...

Read more | See all Identity Events

Identity at MWC19 Barcelona February 25, 2019 Identity is the bedrock on which all digital services depend and as such is central to this year’s Mobile World Congress. We invite you to join our events in Barcelona to h...

Read more | See all Identity Events

MWC19 Seminar – Mobile Connect: The Rise of Digital Identity February 25, 2019 This seminar will focus on the consolidation and growth of Mobile Connect as a successful identity service offered by the mobile operators around the globe. The seminar will c...

Read more | See all Identity Events

MWC19 Seminar – The Future of Digital Identity: From Revolutiona February 26, 2019 It’s been a tempestuous year in digital identity with major breaches hitting the press on an almost weekly basis. This seminar will look at some of the latest research in use...

Read more | See all Identity Events

Identity Hangout March 20, 2019 Join the second Identity Hangout to hear what’s new on the identity space. The GSMA Identity team will be joined by an expert to talk about this as well as discussing the r...

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2019 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.