Making do with a mere watchdog : The Tribune India

Join Whatsapp Channel

Making do with a mere watchdog

Indian Police Service

Making do with a mere watchdog

Data protection laws have been unable to stem the abuse of power resulting from the leak of personal data. Photo: AFP



Amandeep Singh Kapoor
Indian Police Service                     

Perhaps no time is more opportune than the present for security agencies to raise the flag. Justice B.N. Shrikrishna is seeking the views of stakeholders on a law for data protection and exceptions thereof. This process is enmeshed in the matrix of the recent decision of the Supreme Court validating the right of privacy of citizens, and also the stance of cyber-ecosystem visible during the recent push for net neutrality. This has made waters turbulent for agencies involved in balancing security with access.

A government white paper explicitly recognises that the power of the data controller has increased vis-à-vis the individual because of processing of personal data. Data protection regulations are meant to protect individuals from the abuse of power resulting from the processing of their personal data. Law enforcement agencies must be taken in the loop to avoid a mismatch in real time.

To put things in perspective; data leaks from data controllers can cause “ransomware” incidents —seeking ransom by keeping valuable information captive. This can result in chaotic losses to the victim. A recent survey by a data advisory firm found that 70 per cent of Indian mobile apps don’t take explicit consent during installation and rampantly share data with third parties.

Also there is the problem of objectionable content at a time when virtual private networks hide the user’s name and credentials, and is largely posted on servers installed outside India. There are mobile applications that allot virtual numbers or allow the use of dark web or onion routers, which are a delight for hackers and organised criminals. Hence, it is not possible to contact the user posting objectionable content. Also data processors, especially telecom service providers, have cloned multiple SIMs using Aadhaar copies of earlier customers. The police has encountered examples of extreme omissions in cases of kidnapping for ransom. Telecom operators have denied or delayed information such as IP address (which they are mandated to provide in a timely and pre-defined manner) leading to the killing of the hostage. So there is need to plug such acts of omission.

  This brings forth the question of contours of a regulatory mechanism. The sine-qua-non of secure, vibrant and democratic cyberspace should be a robust, enforcement architecture. It should be overarching on both cyberspace (where personal data is shared and hence the playing field of data controllers and data protection authorities) and telecom sector, which in India is an internet service provider. 

The problem is there is no overarching regulator in this crucial space. A symptom of this syndrome is that two wings of the government — the ministry and the regulator — are simultaneously issuing stakeholder’s consultation process on the same issue.  

Contrast this with a similarly crucial service sector of the aviation industry and observe its legal teeth: The Director General of Civil Aviation (DGCA) is an overarching regulator administer responsible for the security of both air and ground handling through the Bureau of Civil Aviation security (BCAS). It administers the Aircraft Act, 1934, and rules with clear liability fixed in crisp penalties (even jail terms are substantial, along with first time fines). Very logically, there is a penalty for the abetment of offences and even attempted offences. If this is impressive, consider this: the DGCA periodically issues aeronautical information circulars & civil aviation requirements and the failure to comply with these circulars is punishable with imprisonment of six months and fine. 

In cyberspace, where Moore’s Law operates (broadly the processing speed doubles every two years), similar power needs to be vested even in the pen of regulator which issues statutory regulations before the new technology makes the old one redundant. This body should be having real teeth — a hound rather than a mere watchdog.

In an era where data is the new oil, it is time we realise that its spilling would be even more catastrophic than oil spills of blue waters. If cyberspace was a stage in space-time where servers and waves come together to create magic, then the greenroom is agog with activity. The air is expectant with a power-packed “act”. Hoping a secure cyber commons is delivered.

(The views are personal)

Top News

'When government changes...': Rahul Gandhi after Rs 1,800 crore fresh I-T notice to Congress

'When government changes...': Rahul Gandhi after Rs 1,800 crore fresh I-T notice to Congress

The Congress leader accuses the BJP of indulging in ‘tax ter...

Chief Judicial Magistrate's court in UP's Banda orders judicial inquiry into death of gangster-politician Mukhtar Ansari

UP court orders judicial probe into gangster-politician Mukhtar Ansari’s death, seeks report in a month

Ghazipur MP Afzal Ansari on Tuesday alleged that his brother...

‘Heart attack or poisoning’: The life and times of Mukhtar Ansari—crime and politics

‘Heart attack or poisoning’: The life and times of Mukhtar Ansari—crime and politics

Eastern parts of Uttar Pradesh are among the poorest regions...

CBI files chargesheet against 20 institutes, 105 individuals in Himachal Pradesh multi-crore scholarship scam

CBI files chargesheet against 20 institutes, 105 individuals in Himachal Pradesh multi-crore scholarship scam

22 educational institutions were on CBI radar in the scholar...


Cities

View All