Chairman of the Telecom Regulatory Authority of India (TRAI) R S Sharma underlines the need for a data protection legislation, insists “encrypted” Aadhaar cannot be hacked, says monitoring apps is not within TRAI’s domain, and blames inadequate investment and overloaded networks for increase in call drops
Pranav Mukul: There is a big debate on around data protection and privacy. How long will it take for a data protection regime to be in place?
In today’s world, data protection and data privacy are extremely important. (In 2010), then UIDAI chairman Nandan Nilekani wrote to then prime minister Manmohan Singh saying that while Aadhaar has done everything it can to ensure that there is privacy of data, there is a need for a larger data protection law in this country.
He also enclosed a model data protection legislation based on laws from around the world for the then prime minister’s reference. Thereafter, a DoPT (Department of Personnel and Training) committee deliberated on the issue and the deliberation has continued. Recently, the Justice B N Srikrishna committee was set up…
Since I became TRAI Chairman, we have also realised that a huge amount of data is generated in the telecom sector. Smart phones generate a large amount of meta data — it tracks your physical movement, whom you are talking to etc. So it is necessary to know where is the ownership, who controls the data, what are the parties in the ecosystem and what should be their responsibility etc. We have brought out a consultation paper titled, ‘Ownership, data privacy and data security in the telecom space’. It is in its final stages. We will publish the recommendations and then hand them to the government.
Pranav Mukul: You mentioned that Nandan Nilekani wrote to Manmohan Singh in 2010…
Aadhaar per say doesn’t create a data privacy issue. Aadhaar is a random 12-digit number and just by looking at it one cannot figure out who it belongs to.
Second, the information collected by Aadhaar is minimal. It is only sufficient to establish identity — not more, not less… And Aadhaar does not collect any information about your transactions.
For example, if you are conducting a bank transaction or opening a bank account, the bank does the authentication with Aadhaar and the Aadhaar responds only with a ‘yes’ or ‘no’, or with a digital KYC. But the Aadhaar system does not know for what purpose this information is being collected and so it has absolutely no information on the transactions.
Also, the Aadhaar information is offline. So there is no question of hacking. The only information you get online are the templates, such as some fingerprint features. You can create features out of a fingerprint but you cannot create a fingerprint out of those features. It is like somebody draws a cartoon and if you know the person, you can say it is this man’s cartoon, but from a cartoon you cannot draw the image of the person.
When Aadhaar enrolment takes place, the image is encrypted by the time it leaves the device capturing the image. The image is encrypted with 2048-bit encryption. It is so strong that a personal computer will take 15 billion years to find the information.
The fact of the matter is that Aadhaar is a token-less identity. In the sense that we don’t issue any smart card or intelligent documents. We have made it very easy for people to download the card and print it. There is no concept of original Aadhaar card. Aadhaar is a number and not a card. We have done away with the whole concept of a card.
Coomi Kapoor: There are a lot of elderly people whose fingerprints are disappearing, and when they try to use their Aadhaar for authentication at a bank or for a mobile connection, the fingerprints don’t match. How did you not think of this?
There have been13.6 billion Aadhaar authentications in the past one year. In the Supreme Court, the UIDAI (Unique Identification Authority of India) has said that 97 per cent authentications have been successful. Aadhaar doesn’t guarantee that the authentication will work in 100 per cent of the cases because authentication failure can occur due to multiple reasons. One, network failure…
Second, Aadhaar has two modes of authentication, one is fingerprint, and the other is iris. The iris authentication device costs Rs 2,000 and at some places, the authentication might fail. We need to find an alternative for such places. The UIDAI keeps working on new mechanisms.
We have many labourers whose fingerprints can’t be identified. What’s the percentage of these people? Only 3 per cent.
When you retire from government service, every year, you have to go to the bank in the month of November to say that ‘I am alive’. Now, any person living in any part of the country can authenticate biometrically and show that he is alive. We created ‘Jeevan Praman’ and now 40 lakh pensioners are authenticating their details sitting at home. Now, is this a problem or a solution?
Aadhaar has been of huge help to the people who are, let’s say, poor. One of the reasons why Aadhaar was started was to ensure uniqueness. We did a lot of experiments, and included the iris authentication because fingerprints create only 95 per cent accuracy. With iris, your accuracy goes to 99.976 per cent.
Ravish Tiwari: You mentioned that 3 per cent people couldn’t get their authentications done. In the Indian context, that is 30 million people.
These 30 million people have got an Aadhaar number. Everybody need not authenticate himself or herself. We are saying those who are not able to authenticate, it is the responsibility of the service providing agency to come up with a mechanism to help them do so. Tell me one technology in the world, especially in the public policy space, which works in 100 per cent of the cases.
There is a problem of 30 per cent leakage in the PDS system. We want to plug that. No technology can give 100 per cent results. That, however, does not mean that we should not adopt the technology. It means we should adopt it and find means to solve the problem. There is no better technology in the world today than this… it ensures uniqueness and authenticates a person.
Rishi Raj: At a time when people freely share their personal details on platforms such as Facebook, how do you ensure data privacy?
For me data privacy means that a person has control over his or her own data. If I want to voluntarily disclose data, it is of my own free volition. If somebody else is taking that data and using that data without my permission, then I have lost control on that. Therefore the first issue is clarifying who owns the data. Ownership of data is extremely important.
Secondly, if you are using my data, then you must give me a notice and tell me that you are using my data for this purpose. Every time you want to use my data for anything, you must provide me a notice and I must know. If consent is required, you must take my consent. This is very, very important.
In the telecom space, we are identifying who owns the data. Who does my GPS data belong to? Who does my call log belong to? I think if we can be clear on the concept of ‘ownership’ and be clear about the privacy and security standards of data, we will sort out the problems.
Rishi Ranjan Kala: Some 3.5 lakh people in India have been directly or indirectly impacted by the Facebook-Cambridge Analytica data breach scandal. Also, 90 per cent people access Facebook through their mobile networks. What is TRAI doing about this?
When people download apps, whatever arrangements they get into, whatever data they publish, that’s not really our domain. The Internet is also not our domain as of now. So, we are regulating what we are expected to regulate.
Shruti Dhapola: The problem of call drops seems to be growing.
In 2015, we brought out a regulation which said that if you have a call drop, you compensate the customer by putting Re 1 in his account. The regulation was challenged in the Delhi High Court, which upheld it, but it fell through in the Supreme Court. (But) we realised we can’t abdicate our responsibility… So, we did three things: one is we brought out a new norm for quality of service. The previous norm was that if the call drop percentage is limited to 2 per cent, the telecom service providers are doing fine. This average actually hid a few things. One, suppose in an under-served area the call drop percentage is 10, but since the overall call-drop percentage in the region would be 2 per cent, it was considered fine. So, we brought out a new regulation and said that we will have tower-wise evaluation done. This new norm became effective from October 1, 2017. We have got the data for the first three months, and we have issued showcause notices to service providers who have not met the norms.
Secondly, we have increased the drive-test limit to five days (where someone in a moving vehicle tests the network quality during the drive). Earlier it was done for a day. Typically, we used to cover about 120 to 130 km in a day, now we cover over 500 km in a day… We have extended these drive tests to a number of tier-2 and tier-3 cities.
Thirdly, we have requested the Department of Telecommunications to make some amendments in the TRAI Act, because we cannot levy penalties on service providers. If they violate any of our directives, all we can do is go to the chief judicial magistrate’s court and file a criminal case. Now, this violation is not a criminal offence. It should be tackled through a financial penalty.
Fourthly, we brought out a portal where you can see tower-wise call-drop percentage.
Ravish Tiwari: Is the problem of call drops a technology challenge or is it because our telecom operators have not added infrastructure and there has been no capacity augmentation?
There are multiple factors that are responsible for this situation. One of it certainly is inadequate investments. We have 1.2 billion connections, with 11 billion minutes of talk-time being used every day. So the networks are overloaded.
Also, multiple technologies exist now. So, if I am a 4G user and you are a 2G user and if I call you, then it’s a step-down or a step-up (depending on who is calling whom). So, this multiplicity of technologies is also one of the reasons for the disruptions. We are hoping that operators will put in more investments, and then we can finetune and maintain their networks.
Pranav Mukul: What is your view on the financial stress on the telecom sector? Most of the telecom players continue to battle it, and many of the smaller players have shut their businesses down. Is it ideal to have only three-four big operators in a country as huge as ours?
I wouldn’t want to pontificate on that issue… Let’s understand that we are not a financial institution, we don’t run this business. We have given recommendations to the government over a number of issues which will go a long way in improving the financial health of the industry. Some of the recommendations are financial in nature, and a few of them have been accepted by the government.
Anil Sasi: There has been a lot of debate around TRAI’s new formula to identify predatory pricing norms which was introduced on February 16. The definition of significant market power (SMP) was changed to give price flexibility only to operators with less than 30 per cent of the market share. There have been questions over whether this is your domain or should it have been left to the Competition Commission of India (CCI). Several players have also called the norms biased. How do you respond to those charges?
I don’t want to refute or accept those charges. Tariff is a part of TRAI’s domain, and that is why we are expected to make rules relating to tariff . The SMP and predatory pricing have been defined in the context of tariff only. That’s one part. There is no doubt that this falls within our domain.
Tariff has been under forbearance since 2003-2004; it has been 14-15 years. However, there are three boundaries for that forbearance. These are boundaries of transparency, non-discrimination and non-predation. These boundaries have existed since 2003. And so we too have held that tariffs are under forbearance but they have to be transparent, non-discriminatory and non-predatory.
In January 2017, we all assembled — telecom service providers and TRAI — and we said, let us start a new system in which we identify major issues on which we should conduct consultations during the calendar year. The telecom service providers unanimously said that one of the seven issues that we have identified was principles of tariff assessment.
We started the consultations way back in February 2017. We took inputs from every stakeholder and in the tariff order that was brought out on February 5, we said that we have operationalised the tariff assessment system.
Essentially, we defined transparency. Transparency means that tariff should be calculated in a manner that it is understandable to the common person. Similarly, we specified what non-discrimination means. It means that you cannot discriminate between customers of the same class.
The third principle is the principle of non-predation, which means that you cannot have a predatory issue. What is predation? We decided that predation can only be done — we took this from the CCI Act — by significant market power. And the SMP is the one who has more than 30 per cent of the market share.