Recently, some unknown entities hacked into the WhatsApp messages of several dozen individuals across several countries using a software called Pegasus. The supposedly safe and encrypted messages that we send are apparently not as secure as we were given to believe. The servers are all in the US and Facebook, which owns WhatsApp, surely knows much more than it is revealing. Indian Law, Justice, Communications and IT Minister Ravi Shankar Prasad has demanded that Facebook share data on this massive breach of security. But so far, there is little indication that Facebook is willing to do so.
In this context, the recent “Cloud” agreement, a first-of-its-kind pact between the US and the UK to allow law enforcement agencies in the two countries to access data quickly from technology companies, such as Facebook, in criminal investigations, is welcome. According to the US Justice Department, this agreement will “dramatically speed up investigations by removing legal barriers to timely and effective collection of electronic evidence.” “Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with twenty-first century threats,” US Attorney General William Barr said in a statement.
While I completely agree with this sentiment, I hope the US, where most of the tech companies have their servers, will extend this facility to other countries, such as India, as well. But it's unlikely that it will, given that data is the new gold.
That is why I think India is on the right track - demanding that Indian data be stored in India. Companies such as Facebook, Amazon, MasterCard and other mostly US companies are unhappy about this. They point to the huge additional costs they will have to incur to set up large and secure data storage facilities in India saying this will make their operations in India financially unviable. This point is valid, but only up to a point.
Half a billion Indians use smartphones and the dozens of apps that come embedded in them as well as the ones they download. Their usage data is analysed by data scientists employed by these app companies to draw conclusions about consumer behaviour, which can be monetised in multiple ways. Such databases, of often hundreds of million people, are goldmines. India's universal health insurance scheme Ayushman Bharat, for example, will soon have data on various ailments afflicting Indians. With a target size of 500 million users, this database can be spliced by data scientists in multiple ways to come up with medicines and medical solutions for various sections of the Indian population. In the hands of pharma and medical device companies, this data analysis can become a source of huge competitive advantage.
Thus, there is an overweening need to handle this data responsibly. And ensuring data security and privacy is a big part of his responsibility. India has been at the forefront of the global campaign to create a responsible environment for data collection, storage, management and processing. Any organisation, person or machine that handles data has the obligation to handle it responsibly.
The way out is to find a middle ground. Obviously, no company or country wants to give up its monopoly over data without a good fight. But India, as one of the largest generators of data, has the legal right and the moral authority to be among the rule makers rather than remain a passive rule taker on data.