By Ranjeet Rane
Why enforce, when you can enable and engage instead?
In my previous post I had proposed the idea of “Store in India” by using a four layered model, also while presenting the concept of a “Data Ecosystem” in the same post; I had discussed Data Sovereignty and Lawful Interception as the two layers around which the policy discourse of the data ecosystem is currently focused on. To evolve into a more holistic approach the policy discourse needs to take into consideration two more factors, namely “Data Intermediaries” and “User Privacy”.
Data Intermediaries are those body corporates that aid in the transmission, storage, and third party access of your data. Data Intermediaries find mention in the Indian IT Act 2008 and subsequent Rules as the sole custodians of user generated data. These intermediaries comprise of the entire spectrum of service providers including telecom operators, ISPs, cloud based services, Over the Top (OTT) applications and even Cyber cafes. They form the back bone of the physical infrastructure needed to sustain the data ecosystem.
It would be apt to mention that the National Cyber Security Policy 2013 categorically lists the need to engage in a PPP model to strengthen the cyber infrastructure in the country. While the policy awaits implementation in letter and spirit, contradictory examples of the Government using this proposed partnership to further its interests towards tapping into public communication networks can be stated. One such example is the announcement by Microsoft to terminate certain services of its Skype application in coming weeks.
While the business dynamics behind this decision are debatable, it is clear that the insistence of the Government to gain access to Skype calls in a bid to monitor anti-national groups has been one of the main reasons for the termination of this service in India. By creating and aiding the implementation of an ambiguous policy framework the government has prevented efficient utilisation of such services by the end user.
Further the nature and scope of these services (and the involved service providers) is undergoing a change as well. WhatsApp (and other messaging applications) which are being used by Law enforcement agencies to strengthen their traditional informant networks are also under the scanner for spreading defamatory and communally sensitive content. These services have a dual nature of application and present day policy structure is focused on blocking these instead of utilising the last mile connectivity options provided by these services. Policy makers need to accept this duality and encourage the integration of these in main stream communication channels across all levels.
While OTT applications are riding the popularity wave across multiple technology platforms, the ownership patterns of most of these applications are not transparent. Ownership of data nested at any geographical location will be difficult to establish as this sector undergoes its consolidation cycle in the near future. Indian authorities continue to ignore these trends in the Data Ecosystem and are stuck with the “Local Server” rhetoric. They however, have no answer to the legal, technical and logistical challenges that such demands brings to fore. Coercion and arm twisting as seen in the case of Blackberry servers may not always work. These intermediaries need to be engaged on multiple platforms and be enabled to “Store in India” than arm twisted into it
The last layer and the core of this model is that of “User Privacy” concerns in the data ecosystem. The realisation that ‘User’ is the keystone species of the data ecosystem is of utmost importance here. Data based services have been chosen by end users to serve specific purposes. If the present policies make it difficult for users to avail of these services, they will move on to the next option, which might not be based on data enabled networks.
Recently a report released by the Internet and Mobile Association of India states that by December 2014, India will overtake the US as the second largest Internet users’ base in the world. The numbers point to a staggering 302 million users. A very large percentage of this growth will be driven by the ‘mobile’ platforms. Google and Twitter have already put their weight behind these numbers.
This user base is reason that the Data Ecosystem exists. By interfering with user patterns, market regulators and policy makers may indirectly sound the death kneels for this ecosystem. A recent attempt of which was seen when the Telecom Regulatory Authority of India (TRAI) conducted a round table on the possibility of Over the Top (OTT) applications paying spectrum usage charges to telecom service providers.
It is ironic that while on one hand the Government announces initiatives for a “Digital India”, on the other hand it tries to shape end user choices through market regulation. The policy makers need to propose a mix of measures, including but not limited to tax incentives, long term policy clarity, accountable methods of lawful interception, affordable local sourcing of hardware and other technology components and aggressively promoting the use of these data enabled services to further the cause of citizen service delivery. Microsoft is already tapping into the Indian market; it claims that local data centers will benefit organizations in the country adopting its technologies, by providing them with data sovereignty, lower latency and geo redundancy.
While the Narendra Modi led Government is pulling all stops to draw global focus to the potential to “Make in India” it is time that they also roll out a policy document that addresses the evolving nature of the Data Ecosystem in a long term perspective. The market has recognised the potential to “Store in India”; it is now time for the policy makers to resonate with an enabling environment for the same.
This is the second of a two part post. Read the first post here.
Ranjeet Rane is a research assistant on cyber-security at the Takshashila Institution.