“There isn’t anything inherent in this question of privacy, [and] what’s private and what’s not” argued Pranesh Prakash, co-founder of the Centre for Internet and Society, during the opening comments of MediaNama’s “Exploring User Verification” roundtable last Thursday.
The roundtable explored the future of anonymity and privacy in India, amidst broad government mandates to “verify” users online for security reasons, among others. For example, India’s telecom regulator recently floated the idea of a Truecaller-like caller ID system, where persons receiving a call will automatically know the name of the person making the call. This is reportedly being introduced to protect consumers from unknown or spam callers—but it makes anonymous calls impossible, raising privacy concerns for consumers.
Prakash added that notions of private information change with advances in technology and society.
“I remember leafing through telephone directories which listed names, addresses, phone numbers of people,” recalled Prakash. “At that point in time that was normal, there was no idea of that information being private. As we [society] change [with time], my mobile number becomes something that’s private. I don’t expect people to freely share my mobile number without asking me.”
MediaNama hosted this discussion with support from Meta and Truecaller. The Internet Freedom Foundation, CUTS International, Centre for Internet and Society, and the Centre for Communication Governance at the National Law University, Delhi, were MediaNama’s community partners for this event.
STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today!
Approach to enabling privacy has changed too: CUTS International’s Research Director Amol Kulkarni slightly disagreed with Prakash’s telephone directory example, noting that the Telecom Regulatory Authority of India (TRAI) had given people the option to not be listed in telephone directories for over two decades.
“Many users used to exercise this option and get their name removed,” rebutted Kulkarni. “So, there was always an opt-out mechanism [for data sharing] in the pre- or initial days of the Internet..Perhaps the default settings have changed [to “opting-in” for data sharing],” Kulkarni mused.
Expectations of privacy stem from how information is used: People may be uncomfortable with displaying their mobile number publicly nowadays because of how it’s used, suggested Renuka Sane, Associate Professor, National Institute of Public Finance and Policy.
“The mobile number is used for 20 different things as opposed to a landline and an address that got used in a directory,” Sane noted. “For any application of privacy, [be it] anonymity or disclosure, the question really is what is the impact of this? For what is this being used and what else can it be used and to whom are you disclosing this particular information? I think that’s where the discomfort comes from because individuals who are transacting on something should have the freedom to decide on both these aspects.”
Landlines and mobile phones don’t represent the same types of “private” information: Public policy professional Deepak Maheshwari added that there were fundamental differences between mobile numbers and the fixed line numbers listed in telephone directories. “With mobile, you’re typically calling a person, whereas with a fixed line, most of the time, it used to be a place. It could be a home or office. Of course, the name itself would be published in the directory, as Pranesh mentioned, but nevertheless, it used to be a place and not a person.” What’s more, India had around 27-30 million fixed line connections at its peak. Now, there are more than one billion mobile connections.
TRAI even considered developing a directory of these mobile numbers in 2004, recalled Maheshwari. “From what I recall, that consultation never went through because the Department of Telecom objected to it on the grounds of privacy,” Pahwa drily remarked. While we couldn’t find a source for that, in a 2005 paper by TRAI, service providers pointed out that “mobile customers would not be willing to include their names in the Directory because of privacy and other issues as this will abet unwanted telemarketing calls”.
Expectations of privacy depend on the ecosystem surrounding the information: “If we historically look back and think about security, there are three categories [of data]: private, public, and secret,” noted cybersecurity researcher and DeepStrat Co-Founder Anand Venkatnarayanan. “Secrets are usually something that you use when using a service for authentication or verification.” For example, the date of birth of a relative might be public information. But, when signing up for a bank, that same date of birth could become a secret question whose answer is used to identify you.
“So using something which you thought was private becomes problematic because it is also used as a secret in most of the places,” argued Venkatanarayan. “The expectations of privacy are extremely dependent not on a particular [tech] system, but on the ecosystem around that system.”
Protecting privacy is your own responsibility: A lone audience member differed on whose responsibility protecting privacy is. “As a society, we have to debate on how paranoid we can be,” they argued. “Privacy is your own domain. If I’m giving out my mobile number everywhere on public platforms, and then crying that my privacy is being compromised, then that’s contradictory. If you want privacy for your mobile number, keep it private.”
Anonymity and privacy are not necessarily the same concepts: Varun Sen Bahl, Public Policy Manager at NASSCOM, complicated the idea of anonymity and privacy being interchangeable concepts. “It helps to point out that anonymity and privacy are connected, but not necessarily the same right,” Bahl observed. “Another thing…is what anonymity can mean in the offline versus online contexts. One good offline definition of anonymity comes from David Kaye, when he says that it’s the condition of avoiding identification. So, if you bring this to an online context, that can mean different things. It can mean, for example, the condition to avoid being identified by direct or indirect identifiers. It can also mean the limited right to use pseudonyms. The third thing, that’s important here, is that I have an expectation where my anonymity is infringed upon that the infringement must be lawful, either because it’s based on consent, or because of the way it’s done through a legal regime.”
Rights are a product of their time: “We can go back and forth forever about the fact that in the offline world we didn’t have anonymity,” noted Lalit Panda, Senior Resident Fellow at Vidhi Centre for Legal Policy. “But the fact is that sometimes rights can exist at a particular point in time..[even if] they did not exist in the past. That’s because of the nature of the system that has arisen, an emergent system, we might call it. [The question may be] What do we want the Internet for and what do we see as common traits of the Internet?”
Part 2 of this series explores the human rights consequences of identification mandates online, and how they change the Internet’s “common traits”, as Panda puts it. Part 3 discusses how user verification impacts industries.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
Read more
- Does The Government’s Proposed Caller Identification System Violate People’s Privacy?
- Summary: TRAI Seeks Feedback On Issues Related To Implementation Of Caller Name Display
- Ashwini Vaishnaw On Draft Telecom Bill Regulating WhatsApp, Mandating KYC And Revealing Caller Identity
- TRAI considers caller name display based on KYC
