wordpress blog stats
Connect with us

Hi, what are you looking for?

Draft Telecom Bill 2022: Does KYC for telecom and online services violate privacy and anonymity? #NAMA

We discussed how far the KYC requirements of the Telecom Bill 2022 managed to stop spam and frauds, and the impact on users’ free speech and privacy

Key takeaways:

  • Question the government’s intent to conduct KYC and the manner of its gradation.
  • How KYC will function in specific cases like accessing CBDC
  • Test whether KYC passes the test of proportionality
  • Allow for the right to anonymity and anonymous speech
  • Highlight the need for a data protection law before such measures are taken

MediaNama organised a discussion on the draft Telecommunications Bill 2022, on October 18, 2022. The experts attending the event at the India Habitat Centre gave excellent insights and recommendations about the Bill. You can watch the video of the event here.

Among other things, participants discussed the mandatory KYC identification imposed on platforms that will compel every user to identify themselves on the internet. Speakers talked about how this call for KYC despite pre-existing provisions in other laws arguably infringe basic rights of privacy and free speech and do not withstand the argument of proportionality. Here’s the detailed account of the conversation:


FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.


Privacy issues around KYC

One speaker argued that unequivocal identification from every level of service creates more data than the government may necessarily need. Already, some amount of KYC is required for a phone connection. The speaker argued that such measures that restricts data to like one service provider are satisfactory. He said that asking every entity downstream thereafter to continue with KYC goes against some fundamental principles that data protection laws generally talk about.

Advertisement. Scroll to continue reading.

Illustrating the issue, Aastha, a financial services lawyer at Ikigai Law, said, “In some cases it makes sense when we talk about crypto currency transactions and anonymity. When we talk about financial services, it makes sense. But when I talk about buying goods from Amazon or messaging, do you really need to conduct my KYC before I do that, I find that absurd.”

Recommendation:

  • Ask the government: why it needs a telecom service provider, whoever is covered under the definition, to conduct KYC and how will that KYC be graded?
  • Ask whether it will be equivalent to the KYC that a financial service provider does under the KYC master durations that RBI prescribed or will it be like just collecting just OTP-based KYC?
  • This gradation will likely defer based on the type of telecom services provided.

KYC allows greater government access: Participants talked about the data localization requirement and regulations for the collection of any sensitive personal data. One speaker voiced concern that WhatsApp and other organisations are made to collect KYC data then store it within India. She said the Telecom Bill allows the government the power to intercept messages, take possession of telecom infrastructure.

“Effectively, our private data is under a greater threat of privacy from the government itself. It’s easier for the government to take and intercept KYC data from the organizations because it’s being stored locally,” she said.

Earlier, Estonia had tried to ID everyone on the internet for every service. As it turned out, Russia later hacked into their data.

Recommendation:

  • As argued during the Puttaswamy case, the government has to prove proportionality in the action. As a speaker explained, it cannot treat everybody as a potential criminal.

KYC, a threat to anonymity

One speaker pointed out how the Indian government has a very one-dimensional perspective on anonymity and which contributes to cyber security and national security risks. Anonymity gives a person certain protections especially vulnerable users, representatives from minority groups.

Advertisement. Scroll to continue reading.

“The idea is that they can selectively disclose parts of their identity to platforms, services, and other users when they interact with one another because of disclosure of any element of identity can bring value, but also carries a certain element of risk,” he said.

One speaker observed that the Ministry had argued for KYC to “help prevent spam and prevent scams.” However, if telecom is a space where everyone is already “KYCed” why aren’t scams and spam being prevent, he asked.

Speakers talked about earlier incidents like how Korea in 2007-08 passed a law with a real name requirement for websites and bloggers. The Korean Court later struck down this law. Similarly, Facebook also had a real name policy which failed.

“The stated objective is that of preventing cyber fraud and the ills of anonymity. If you are saying, okay let’s exclude the KYC requirement for OTTs from here, where they’re going to cram it up into is in the Digital India Act. So this is probably the first sort of move that’s being done. So we have to be careful of what we are proposing and what we are holding back on,” said one speaker.

Recommendation:

  • The Government of India must nuance the idea of anonymity over the internet from both a risk perspective and understand that there are certain individual and community based rights associated with that concept.
  • Use specific examples like Central Bank Digital Currency (CBDC). Ask the government how Bills like the Telecom Bill ensure anonymity in such cases. How will conducting KYC for each and everything, solve/ interact with conflicts like ensuring anonymity when accessing CBDC?
  • Be mindful that the proposal to remove KYC requirement for OTT from this Bill will likely redirect it to the Digital India Act.

“A push towards making all digital services verify people’s identity will sort of curtail that right, in a thoroughly like disproportionate manner and that needs to be evaluated in my mind,” said a speaker.

An observation in favour of KYC: One speaker pointed out that in 2008-09, telecom operators were told that they have to give any new SIM card against another, or any government identification. While there was a lot of resistance due to the added load, bomb hoax calls went from an average of 250 to 300 calls a year in pre-2008 times to single digit calls by 2011.

Advertisement. Scroll to continue reading.

“So just for all the other concerns and privacy, there was a great customer convenience. The times you’ve hung out in the airport because there was a bomb hoax call because somebody from somewhere just picked up a phone and did it. There is a little bit of a counterpoint that one must keep in mind,” he said.

Focus on making KYC effective first: One speaker pointed out that fraudsters have figured out ways to beat systems such as biometric scanning etc. To deal with this, the Department of Telecommunications is using ASTR, a facial recognition system where all the photographs that go on your Customer Acquisition Form for telecom are scanned first. People who’ve got more than their authorized share of numbers are gotten rid of. Recently, such a police exercise was reported in Nuh, Haryana.

“So we get these cases that have been brought to our notice. These are actually challenges that the government is trying to fix because of late, particularly in COVID times, the amount of financial frauds actually that have gone up are significant and have made the government sit up. So what would be good is to suggest how to improve the KYC rather than make it more effective,” he said.

KYC and right to free speech

One speaker argued that KYC in this context is also grounds for challenge using Anuradha Basin principles where you can try to argue that this would become a disproportionate restriction on the right to carry out your business or even communicate. He argued that the ability to communicate itself also can be part of the right of freedom of expression as can right to be anonymous.

Do we have a right to be anonymous? Speaking about basic rights, one legal expert agreed that people do have a right to anonymous speech but it is subject to national security, public order arguments, etc. However, even in case of exceptions, the government has to prove proportionality for the action implemented.

Advertisement. Scroll to continue reading.

Discussing KYC regulation without PDPB is putting cart before the horse

Speaking on regulatory overlap, one speaker pointed out that that there is scope for regulatory arbitrage which again is not good for governments, consumers or industry players. This is because India still has not “settled on the shape and format of its data protection law.”

“And in this bill, I think we will end up hard coding a lot of things that have implications on how that can be framed and whether we can frame a strongly type,” she said.

Recommendation:

  • Decide principles before we decide exceptions. In terms of framing regulation, you set a baseline and then you figure out what you carve out.

KYC and Jurisdiction

One speaker wondered whether the degree of KYC would differ based on the kind of service provided. She pointed out this would mean talking about the fragmentation of the internet, and slicing and dicing of services provided on the internet with differential regulation.

“For instance, for someone who’s shopping on an e-commerce website versus someone who’s watching content versus someone who’s quote unquote communicating interpersonally, are there differential degrees of KYC required and that question then kind of applies to across the bill itself, right? Are there differential degrees of regulation required and then if the answer to that is yes, are we principally accepting a future where there is fragmentation of the internet effectively, and that’s kind of where we’re going,” she said.

Advertisement. Scroll to continue reading.

Recommendation:

The Bill has no policy and does not explain what kind of norm should be followed for a particular sort of service that requires KYC. Even the civil liabilities have been completely given off to the government so they can, describe what a civil liability is, the definition part of it, and the compensation and penalty part of it. This needs to be addressed.


This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read:

Written By

I'm interested in the shaping and strengthening of rights in the digital space. I cover cybersecurity, platform regulation, gig worker economy. In my free time, I'm either binge-watching an anime or off on a hike.

Free Reads

News

"Without Google’s abuse of its dominant position, the media companies would have received significantly higher revenues from advertising and paid lower fees for ad...

News

Speaking to Medianama, founders of the concerned companies alleged Google was the one not in compliance with the Indian competition regulator's antitrust order.

News

According to reports, farmers have also informed that their phones are being put on surveillance, and that they are being notified by the police...

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ