Two days ago, my computer prompted me for the password of my Apple ID to update software I had purchased earlier from the App Store. It was not a fun moment when it rejected my password and told me my ID had been locked for security reasons. I was further not amused when after being prompted to reset my password through a link, the website reported that no such Apple ID existed in their database. Without my Apple ID, my apple devices are as good as a lock without a key. Who owns my Apple ID and all the purchases I had made with it in the Apple Store? Do I now have any rights over the digital assets I purchased from Apple as Apple declares me an unknown entity? Without rights over the purchased software, music, and books, is my Apple worth the money I paid for it? Encryption, or using algorithms to code your digital assets so no one can read them, is usually asserted as the catch-all for security issues. Apple, like most others, stores Apple Ids in encrypted form. This has not prevented 12 million Apple Ids to have been hacked in 2012, thanks to the very apps that run on Apple machines. In digital India, the loss of your Aadhaar may mean not only the loss of your digital assets with the government: your passport, driver’s license, and certificates, but also your virtual existence. Thankfully, I don’t have an Aadhaar number, however, I have no way of knowing if the UIDAI generated one without telling me when I renewed my passport. I might be in for a rude shock some day if using this Aadhaar number all my digital assets are stolen. I may not even be worth my biometric.
Thanks to the digital assets they build, Facebook, Twitter, WhatsApp and Aadhaar may decide who owns your digital assets. More importantly, they may expose who owns you. The bank that boasts of apps to store your real assets digitally, may one day fail to recognise you in their database. It’s not going to be a high point of your life to assert your right to your digital assets. Banks insisting on linking Aadhaar to your bank account despite the Supreme Court’s directives to the contrary is a sure way to test your relationship with lady luck. Who is the custodian of your digital assets? Do you have a strategy to de-risk and protect yourself from modern messiahs promising the wonders of the digital age? Is it really worth the risk to have your smartphone run your life?
By designing an API to expose IDs and encouraging developers to use it, Apple has ensured that there are literally thousands of databases linking IDs to sensitive user information on the net. A leak from any one of these — or worse, a large-scale de-anonymisation — inevitably has serious consequences, leading to users losing their digital assets. 68% of apps silently send Apple’s IDs to servers on the Internet. This is often accompanied by information on how, when and where the device is used. Users have no way to stop their device from offering their Apple ID, telling who their data is being sent to, or even telling that it’s happening at all. Android users are no safer, leaving their information just as exposed after downloading apps from the Playstore. The UIDAI has been designing APIs to expose IDs and encouraging developers to use it to build apps around it — particularly, financial apps and payment systems that transfer money from one Aadhaar number to another. With the Aadhaar numbers being widely copied and distributed across the country, there is no way to tell where your Aadhaar number was used by whom through what API, exposing your digital assets to be completely siphoned off. Like most of us, the government neither knows of nor has an inventory of its digital assets. Certifying or appostiling digital assets is unheard of. Whether it is survey of maps of India, passports, birth certificates or even Aadhaar numbers, the government knows no way to certify, verify and audit its digital assets.
As a technology fix, the babus in the Department of Electronics and Information Technology (calling themselves DEITY) decided to invoke Section 84A of the IT Act that allows them to specify the modes or methods of encryption. Instead, they came up with a rulebook for users of technology requiring the storage of encrypted data in text form for at least 90 days to enable any government officer to inspect. Even stranger, and refusing to walk their talk, the draft rules were deleted from public view when there was an outcry on social media and replaced by an addendum clarifying some apps like WhatsApp would be exempted from this requirement. Now even the addendum has been deleted in much less than 90 days.
Trust in the administration to unleash a Digital India may prove to be misplaced. The “DEITY” has failed to even create and maintain a database of the government’s digital assets. It has no policy or programmes to authenticate, certify or audit digital assets. Even what is now their programme, the Aadhaar is neither certified nor authenticated. In fact it is nothing more than a random number assigned to random data submitted by private parties. At best their solutions are mere technology fixes addressing only symptoms, whether it is the use of Aadhaar or the smart city initiatives. Stranger than fiction is the constant push to destroy net neutrality. Equally inexplicable is the move to make cities smart through apps which have no understanding of urban dynamics and rely on fixes that have failed for 68 years of urbanisation in India. Clearly, those driving the dream of Digital India for the Prime Minister need to understand the design of resilient systems and the dynamics of social change. For in the global marketplace, there are other interests at play than the interest of India and Indians. PM Modi took a bold decision when he replaced the Planning Commission of India. He now needs to reconfigure the Indian Administrative Service as the Indian Public Service. There must be the opportunity to involve every Indian for at least five years of their life in nation building. Prime Minister Modi will hopefully take the opportunity to make it the government of the people with minimum government. The PM must replace the Digital Gods with the people of the country to ensure swarajya and surajya.
Anupam Saraph is a Professor, Future Designer, former governance and IT adviser to former Goa Chief Minister Manohar Parrikar and the Global Agenda Councils of the World Economic Forum.