The only upshot of this whole saga seems to be an increased awareness (though a small bit) in general public about importance of privacy in the digital world. Most of the media outlets (both English and regional language newspapers) provided a prominent coverage of this news.
It was Apple's pushback that lead to the DoT backing down [0], but they will most likely either try to push this again if they are able to assuage Apple (eg. drop the $38B anti-trust bill [1]), or will potentially adopt China- and Vietnam-style data sovereignty regulations.
English speaking urban Indians are loud on English media but ultimately don't matter for political decisions because they can't actually flip an LA or LS election. You need to either be a significant voting bloc or a major economic bloc to become a veto player in any country.
Do people have rights around the world, to not use a smartphone or the internet to access critical services/commerce? Shouldn't that be a thing if not?
In a country with dozens government supplied IDs, Aadhaar has been a godsend for the common man. It's one card to open a bank account, buy a SIM card, apply for a loan, enter an airport, or whatever.
I held out for many years due to privacy reasons. In the end, I changed my mind - its just immensely useful to the general public.
You just demonstrated first hand the point made by GP. When the supreme court ordered the Govt to cease making Aadhaar mandatory, they just responded by adding so much friction to daily life without Aadhaar that most people, including privacy conscious folks like you just gave in.
I may have yielded, but that happened with the acknowledgement that it's not entirely a bad thing. Other IDs have varying levels of validity and authenticity; today I am of the opinion that countries like India shouldn't waste money and time on these. In fact, I'd say ditch the PAN card as well.
If Aadhaar makes it easier for people living near poverty to get say bank accounts, it'd trump the reservations I have. That's what made UPI possible - just about everyone today has UPI, even people begging for money sometimes have a QR code handy (at least here in Bangalore).
The friction already existed long before supreme court orders. No two departments agreed upon what ID they would need for doing the work. It could be rationcard, PAN, passport, driving license etc. Some organizations asked for more than one ID just in case. India just has too many IDs and it is asked for too many use cases.
Aadhar made it easier than before. It is really a quality of life improvement.
The main issue is government requiring IDs even when it is not usually needed in other countries. Mostly in the name of security. This is the root cause. Aadhar is just the symptom.
However Aadhar does enable deeper breaches into privacy due to its unified nature and the way it is validated through government owned infrastructure. There is full tracking possible on all the services that the residents used.
If Aadhar was a self sovereign ID, then having a single ID is definitely a good thing. It keeps privacy intact while usable where needed.
My point wasn't that no id was required before Aadhaar. It's that any id from a range of acceptable ids like passports, ration card, drivers license worked.
Post Aadhaar, even though all of those IDs are still legal and acceptable under law, the govt has added so much friction on the non Aadhaar path that in practice those IDs are unusable.
> It's that any id from a range of acceptable ids like passports, ration card, drivers license worked.
In reality different IDs were accepted at different departments and there was no consensus. It was really a pain. If someone took ration card as valid, others wanted another ID. In some states it was even worse.
It is true that the government has indirectly made Aadhar mandatory, contrary to the spirit of supreme court order.
Hmm, could you previously open a bank account, buy a SIM card, apply for a loan, or enter an airport without any of those cards? If so, I think it's plausible that the government responded by adding friction to daily life in a way that promoted Aadhaar. If not, they didn't.
My point wasn't that no id was required before Aadhaar. It's that any id from a range of acceptable ids like passports, ration card, drivers license worked.
Post Aadhaar, even though all of those IDs are still legal and acceptable under law, the govt has added so much friction on the non Aadhaar path that in practice those IDs are unusable.
Congratulations! Your data is already sold out for Rs. 40 in black market! Also, why do you need aadhar to enter airport?
Now, the morons in charge are making it mandatory to book a gas cylinder as well. It’s like once a blind suddenly starts seeing, he wants to capture everything.
I think this point is bit orthogonal. The current outrage was largely because the app has to be pre-loaded and there wasn't an option to disable or uninstall it.
In the later incarnations, if this is an app which you need to access government services that is less of an issue, though I'm not advocating that this is completely fine. There are already apps like these CoWin (during Covid time), or Digiyatra (despite some of the privacy concerns around it [1]) which many are using. I hope if at all this app gets introduced (in the form you mention) there are larger discussions about permissions and the data access the app would need,and it can be disabled, uninstalled.
If this means what I think it does, it's good news... But unfortunately, I've a nasty feeling that this will be attempted again and again until it sticks.
We shouldn't call it "cyber safety" as that is a loaded phrase here. Obviously other considerations were part of it.
Yeah, I'm with sateesh in a sibling comment in that this is a win for the digital citizenry's awareness, but I also agree with you that when the EU caves in everyone else will follow.
And I'm sure in the end it will cave in. The "they" have a clear plan supported by infinitely more patience and resources than the "us" can muster, and the von der Leyen presidency has shown clear signs of direction towards more control, less privacy (by weakening the GDPR), and less of the good kind of regulation in industry.
As an EU citizen, I'm very unhappy with the Union's recent direction.
But, at least for now, hooray for the temporary victory on the Indian front!
This was never going anywhere and if the Indian government thought it could get away with effectively installing spyware, then they were just self indulgent.
Bugging communication devices has long been a government / law enforcement tactic, mostly enabled by telcos via ITU, which since its inception has been a willing collaborator.
Looks like the complaining and protesting on Twitter helped, even if was serious, and some just memes. Somethings to note-
1. Most Indian bureaucracy is clueless about tech things, and just goes by whatever somebody who sounds like techy enough is selling them. Which in this case I'm guessing is a data mining company/lobby.
2. The information derived can be used for various purposes. Plotting election trends, economics, spotting general trends pro/against politics and other nefarious causes. etc.
3. Spying.
4. Using information to go after political opponents.
5. Demographic targeting, which in Indian context almost always means a pogrom against groups, which other groups don't like.
6. Selling data to commercial entities for better targeting, or even social engineering buying choices etc.
There could be many others. But its kind of nice that it was taken back. Having said this, it will be pushed again at some point when people are busy with a crisis and this will be sold as a fix.
The only upshot of this whole saga seems to be an increased awareness (though a small bit) in general public about importance of privacy in the digital world. Most of the media outlets (both English and regional language newspapers) provided a prominent coverage of this news.
Will the increased awareness change anything though? After Snowden, nothing seemed to have changed, it just seems to be getting worse.
Most likely, Indian government will try again
It was Apple's pushback that lead to the DoT backing down [0], but they will most likely either try to push this again if they are able to assuage Apple (eg. drop the $38B anti-trust bill [1]), or will potentially adopt China- and Vietnam-style data sovereignty regulations.
English speaking urban Indians are loud on English media but ultimately don't matter for political decisions because they can't actually flip an LA or LS election. You need to either be a significant voting bloc or a major economic bloc to become a veto player in any country.
[0] - https://www.reuters.com/sustainability/boards-policy-regulat...
[1] - https://www.reuters.com/sustainability/boards-policy-regulat...
Do people have rights around the world, to not use a smartphone or the internet to access critical services/commerce? Shouldn't that be a thing if not?
Canadian government must provide services for blind and deaf people via Teletype or something, so at least state services are covered.
The question is what makes service critical. Is Expedia or Uber critical?
They ll make it mandatory to access critical services at a later point. Tax payments, utility enrollments stuff like that.
That is how they ramped up enrollment in Aadhaar UID.
In a country with dozens government supplied IDs, Aadhaar has been a godsend for the common man. It's one card to open a bank account, buy a SIM card, apply for a loan, enter an airport, or whatever.
I held out for many years due to privacy reasons. In the end, I changed my mind - its just immensely useful to the general public.
You just demonstrated first hand the point made by GP. When the supreme court ordered the Govt to cease making Aadhaar mandatory, they just responded by adding so much friction to daily life without Aadhaar that most people, including privacy conscious folks like you just gave in.
I may have yielded, but that happened with the acknowledgement that it's not entirely a bad thing. Other IDs have varying levels of validity and authenticity; today I am of the opinion that countries like India shouldn't waste money and time on these. In fact, I'd say ditch the PAN card as well.
If Aadhaar makes it easier for people living near poverty to get say bank accounts, it'd trump the reservations I have. That's what made UPI possible - just about everyone today has UPI, even people begging for money sometimes have a QR code handy (at least here in Bangalore).
The friction already existed long before supreme court orders. No two departments agreed upon what ID they would need for doing the work. It could be rationcard, PAN, passport, driving license etc. Some organizations asked for more than one ID just in case. India just has too many IDs and it is asked for too many use cases.
Aadhar made it easier than before. It is really a quality of life improvement.
The main issue is government requiring IDs even when it is not usually needed in other countries. Mostly in the name of security. This is the root cause. Aadhar is just the symptom.
However Aadhar does enable deeper breaches into privacy due to its unified nature and the way it is validated through government owned infrastructure. There is full tracking possible on all the services that the residents used.
If Aadhar was a self sovereign ID, then having a single ID is definitely a good thing. It keeps privacy intact while usable where needed.
My point wasn't that no id was required before Aadhaar. It's that any id from a range of acceptable ids like passports, ration card, drivers license worked.
Post Aadhaar, even though all of those IDs are still legal and acceptable under law, the govt has added so much friction on the non Aadhaar path that in practice those IDs are unusable.
> It's that any id from a range of acceptable ids like passports, ration card, drivers license worked.
In reality different IDs were accepted at different departments and there was no consensus. It was really a pain. If someone took ration card as valid, others wanted another ID. In some states it was even worse.
It is true that the government has indirectly made Aadhar mandatory, contrary to the spirit of supreme court order.
Hmm, could you previously open a bank account, buy a SIM card, apply for a loan, or enter an airport without any of those cards? If so, I think it's plausible that the government responded by adding friction to daily life in a way that promoted Aadhaar. If not, they didn't.
My point wasn't that no id was required before Aadhaar. It's that any id from a range of acceptable ids like passports, ration card, drivers license worked.
Post Aadhaar, even though all of those IDs are still legal and acceptable under law, the govt has added so much friction on the non Aadhaar path that in practice those IDs are unusable.
Oh, I see. I misunderstood you. Thank you for explaining.
Congratulations! Your data is already sold out for Rs. 40 in black market! Also, why do you need aadhar to enter airport?
Now, the morons in charge are making it mandatory to book a gas cylinder as well. It’s like once a blind suddenly starts seeing, he wants to capture everything.
I think this point is bit orthogonal. The current outrage was largely because the app has to be pre-loaded and there wasn't an option to disable or uninstall it.
In the later incarnations, if this is an app which you need to access government services that is less of an issue, though I'm not advocating that this is completely fine. There are already apps like these CoWin (during Covid time), or Digiyatra (despite some of the privacy concerns around it [1]) which many are using. I hope if at all this app gets introduced (in the form you mention) there are larger discussions about permissions and the data access the app would need,and it can be disabled, uninstalled.
1. https://internetfreedom.in/digiyatra-who-owns-your-data/
Agreed on all points.
I don't view these apps as net negative for a country like India which is helped immensely by digitization.
My comment was just pointing out that governments have a way to get you install the app if they really need to.
Exactly! Politics as usual in India.
If this means what I think it does, it's good news... But unfortunately, I've a nasty feeling that this will be attempted again and again until it sticks.
We shouldn't call it "cyber safety" as that is a loaded phrase here. Obviously other considerations were part of it.
They'll wait for UK/AU/EU to enforce one first.
Like with the chat control in the EU now, the foot is already blocking the door
Yeah, I'm with sateesh in a sibling comment in that this is a win for the digital citizenry's awareness, but I also agree with you that when the EU caves in everyone else will follow.
And I'm sure in the end it will cave in. The "they" have a clear plan supported by infinitely more patience and resources than the "us" can muster, and the von der Leyen presidency has shown clear signs of direction towards more control, less privacy (by weakening the GDPR), and less of the good kind of regulation in industry.
As an EU citizen, I'm very unhappy with the Union's recent direction.
But, at least for now, hooray for the temporary victory on the Indian front!
The app itself seems to be a reinvention of https://www.gsma.com/solutions-and-impact/connectivity-for-g... which is good I suppose, but why not use the original registry?
previously: https://news.ycombinator.com/item?id=46104193
This was never going anywhere and if the Indian government thought it could get away with effectively installing spyware, then they were just self indulgent.
Bugging communication devices has long been a government / law enforcement tactic, mostly enabled by telcos via ITU, which since its inception has been a willing collaborator.
Ex A: Ind x ITU, https://cis-india.org/internet-governance/blog/india-itu-res...
Ex B: China x ITU, https://datatracker.ietf.org/liaison/1677/
I've not been following this closely, but reading the headlines each day....is the timeline roughly -
India: Every phone must install a cyber safety app
Apple: No
India: OK, nevermind
?
Looks like the complaining and protesting on Twitter helped, even if was serious, and some just memes. Somethings to note-
1. Most Indian bureaucracy is clueless about tech things, and just goes by whatever somebody who sounds like techy enough is selling them. Which in this case I'm guessing is a data mining company/lobby.
2. The information derived can be used for various purposes. Plotting election trends, economics, spotting general trends pro/against politics and other nefarious causes. etc.
3. Spying.
4. Using information to go after political opponents.
5. Demographic targeting, which in Indian context almost always means a pogrom against groups, which other groups don't like.
6. Selling data to commercial entities for better targeting, or even social engineering buying choices etc.
There could be many others. But its kind of nice that it was taken back. Having said this, it will be pushed again at some point when people are busy with a crisis and this will be sold as a fix.
I believe Apple's resistance to this notion played a role.
Gov release: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&re... (https://news.ycombinator.com/item?id=46132822)
https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&re...
Read between the lines?
> Given Sanchar Saathi’s increasing acceptance, Government has decided not to make the pre- installation mandatory for mobile manufacturers.
outrage works
Outrage works when the party in government doesn't have an outright majority in parliament.