Securing Trust in India’s Digital Citizenship

January 22, 2018

Blog

Jai Rajaraman, Vice President and Global Head of Technology

User privacy has been at the forefront of debates over digital identity since their inception.  The case of Aadhaar, the Indian government’s digital identity solution, has attracted particular attention in recent months.  India’s Supreme Court ruled in August of last year that privacy is a fundamental right of Indian citizenship, reigniting legal and political debates over Aadhaar.  Aadhaar has not been deemed a breach of privacy in itself; the case hinged rather on the security and confidentiality of the personal data the system relies on, and to what use that data may be put.

As India pursues its aim to bring about a largely cashless society, digital identity verification will play an increasingly central role in daily life there.  What citizens buy, which publications they read, and where they travel will in time become a matter of record.  Should transit by rail, for instance, come to require one’s Aadhaar number, the state will hold details on every train journey a citizen makes as a matter of course. With subscription to mobile networks in India already requiring verification via Aadhaar, the state would soon be able to link the travel and call records of every individual in the country. These implications have prompted debates across Indian society over proper safeguards on how that data can be used and secured.

Public trust in the solution was not helped by a recent exposé by investigative journalists.  Earlier this month, Indian newspaper The Tribune reported that it had been able to gain access to private identity information belonging to Indian citizens enrolled in Aadhaar, by paying an official at the Unique Identification Authority of India (UIDAI) around $8.  The official in question also provided, for a further $5, software necessary to print Aadhaar cards on entering the Aadhaar number of any individual – effectively enabling the reporters to clone the digital identity of almost anyone in India.  Sanjay Jindal, Additional Director-General at the UIDAI Regional Centre in Chandigarh, has accepted that these events constitute “a major national security breach.”  The story appears not to end there: the lead reporter working on the report claims she has so far revealed only “the tip of the iceberg” and that there is “much more to come”.

Public confidence in the solution has therefore inevitably been called into question.  While the Indian government faces no easy task, in digitising personal identity in the world’s largest democracy, the bottom line is that consumer trust is vital to uptake and success. The mobile industry can help here.  Mobile network operators have a natural interest in ensuring the privacy of their customers – it is on this relationship of trust that much of their commercial success depends.  Where operators are in the driving seat of identity verification, they will naturally place privacy among their very highest priorities.  With their range of authentication assets, such as the SIM card, strong registration processes, and multiple fraud detection and mitigation processes, mobile operators are uniquely well-positioned to help governments design and operate identity solutions – rather than merely providing them with the architecture via which to run them.  And, as 2017 drew to a close, it had become increasingly clear that operators are collaborating to take the lead in digital identity worldwide, building their expertise in this vital component of connected commerce and civic life.

Operator-led identity solutions like Mobile Connect can offer a robust system of consent management: where for instance the present implementation of Aadhaar sees users merely receiving SMS notification when their data is accessed by an approved party, operators can offer a far more consumer-centric consent mechanism.  By matching users with something they have on their person as a matter of course (their mobile phone), in conjunction with something they know (a PIN), and/or something they are (a biometric scan), Mobile Connect’s design precludes data breaches of the kind exposed by The Tribune.

With rigorous transparency and granularity – for instance data availability on a per-transaction basis – operator-led solutions can act primarily as tools of the user, rather than simply a means of integrating that user into a system over which they have little recourse.  Once users are confident in their level of control over their own data, legal and political roadblocks to connected citizenship can be increasingly removed – and rises in living standards can be realised for millions.

Back

Turkcell: Taking the next step in Identity with Mobile Connect Turkcell are now leveraging Mobile Connect to actively develop services they believe will be the basis of a new revenue stream. In this case study find out what steps Turkcell ar...

Read more | See all Identity Resources

Mobile Connect live use cases The Mobile Connect live use cases are a list of examples of how the identity solution has been deployed with various services.  Each use case harnesses one or more Mobile Connec...

Read more | See all Identity Resources

Digital Identity: Realising Smart Cities As we look further ahead to the mid-century, intelligent public services will move beyond the mechanical: two decades from now, increasingly complex and sensitive aspects of our ...

Read more | See all Identity Resources

Industry Seminar Presentations from MWC18: Regulations and Attributes   Download presentations from the Mobile World Congress identity seminars Watch on-demand seminar videos from the Mobile World Congress identity seminars Security and Privac...

Read more | See all Identity Resources

Strong Mobile Customer Authentication under PSD2: Comparisons and Cons The new PSD2 regulations will bring about major changes to the digital security landscape. Among the most significant of these will be the requirement to use strong customer auth...

Read more | See all Identity Resources

Mobile Connect for Cross-Border Digital Services: Lessons Learned from The GSMA has released the results of the Mobile Connect and eIDAS implementation pilot. The year-long collaboration brought together several public and private sector organisatio...

Read more | See all Identity Resources

Mobile Connect Helping to Secure Online Commerce in India India’s economy is becoming increasingly mobile-centric. 39 million smartphones were sold on the subcontinent in Q3 2017 alone – up 20% on the previous year – and almost 70...

Read more | Visit Identity Blog

Industry Seminar Presentations from MWC18: Regulations and Attributes   Download presentations from the Mobile World Congress identity seminars Watch on-demand seminar videos from the Mobile World Congress identity seminars Security and Privac...

Read more | Visit Identity Blog

Digital Identity Demonstrates its Crucial Role in Transforming Healthc Across the world, healthcare continues to be one of the biggest sources of public expenditure. As such, there is increasing pressure to find more efficient means of delivery. Dig...

Read more | Visit Identity Blog

Identity Now Key to Statecraft Say Experts One of the chief concerns of those in the identity ecosystem is the formulation of policy befitting for the emerging digital age. With the recent completion of PSD2 and successiv...

Read more | Visit Identity Blog

Mobile Network Operators to Provide Key Piece in Identity Puzzle As digital services grow in number and sophistication, consumers have whetted their appetite for those which provide unrivalled everyday convenience. As businesses harness the va...

Read more | Visit Identity Blog

CAPS Report on Authentication and Mobile Payments to aid Implementatio With PSD2’s Regulatory Technical Standards now published, the broader financial ecosystem is moving closer towards full-scale implementation of the EU’s revised payment servi...

Read more | Visit Identity Blog

Mobile 360 Series – Privacy and Security May 30, 2018 Mobile 360 Series – Privacy & Security is a two-day event that explores the importance of security for Mobile Network Operators and the wider digital ecosystem. Attendees w...

Read more | See all Identity Events

Mobile Connect at Mobile World Congress Shanghai 2018 June 27, 2018 The GSMA’s Identity team will be present at this year’s Mobile World Congress Shanghai 2018, where Mobile Connect, the mobile industry’s identity service, will be showcased...

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2018 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.