Professional Documents
Culture Documents
Cyber Security: Data Deprivation Makes Cyber Crime Difficult To Tackle
Cyber Security: Data Deprivation Makes Cyber Crime Difficult To Tackle
In recent times, there have been many instances of the hard-earned money of Indians
being taken out of bank accounts and charges loaded onto credit cards through online
frauds
1. We are making a huge transition to a cashless economy. So, public faith in the
digital system needs to be consistently reinforced.
2. Cybercrimes affect the emerging “startup” ecosystem. Customers of genuine
startups and Indian businesses have been subjected to online fraud.
3. The skepticism on online transactions also hurts the potential of emerging
companies that could take India to the $5 trillion economies that the country
aspires to.
Data localization
Since most search engines and social media platforms have no “permanent
establishment” in India, law enforcement agencies have hit a wall on data access for
the purpose of solving cybercrimes.
This has often raised calls for complete data localization, which could have been
avoided had a collaborative mechanism for data access, based on agreed criteria,
been put in place.
The Sri Krishna Commission recommended that data be stored in the country
either directly or through mirror servers to serve law enforcement needs.
I. Data localization
The IT Ministry’s Bill on data protection
Worldwide, the data flow debate at the World Trade Organisation (WTO) and G20.
Background
Data Localization
Along with a RBI directive to payment companies to localize financial data, the
Ministry of Commerce’s draft e-commerce policy is currently in public consultation.
The IT Ministry has drafted a data protection law
In some cases, they restrict what type of data these companies can collect.
In others, it requires only a copy of the data to be in the country.
By requiring a copy of the data to be stored in India (data mirroring), the
government hopes to have more direct control over these companies, including the
option to levy more taxes on them.
1. This, in turn, may backfire on India’s own young start-ups that are attempting
global growth, or on larger firms that process foreign data in India.
2. Even if the data is stored in the country, the encryption may still remain out of
the reach of national agencies due to company’s privacy concerns.
3. The Cyber Security Report 2017 reported that businesses in India were most at
risk to cyber security attacks. Thus, a mandatory border control provision by data
localisation may not be the solution to avoiding security breach incidents.
4. Huge costs are involved to fulfil data localisation requirements.
The reason that Indian law enforcement relies on an outdated Mutual Legal
Assistance Treaty (MLAT) process to obtain data stored by U.S. companies is because
the U.S. law effectively bars these companies from disclosing user data to foreign law
enforcement authorities
Technology companies are allowed to share data such as content of an email or
message only upon receiving a federal warrant from U.S. authorities
This scenario will not change even after technology companies relocate Indian
data to India
Localisation can provide data only for crimes that have been committed in India,
where both the perpetrator and victim are situated in India
Prevalent concerns around transnational terrorism, cyber-crimes and money
laundering will often involve individuals and accounts that are not Indian, and
therefore will not be stored in India. For investigations into such crimes, Indian law
enforcement will have to continue relying on cooperative models like the MLAT
process.
A principle titled “Data Free Flow with Trust” (DFFT) — supported by US, Japan,
and Australia — is expected to be a significant talking point at the upcoming G20
summit.
1. No strong data protection law – questions of privacy and security are unlikely
to be addressed.
2. Bilateral Treaties are better – aimed at addressing specific issues might be a
more prudent approach.
3. Definition of critical Data –The Sri Krishna committee report had classified
personal data pertaining to finances, health, biometric and genetic data, religious
and political beliefs, among others, as sensitive personal data.
4. A single agency – It had envisaged a data protection agency which would list
out further categories of sensitive personal data. But it is debatable whether a
single agency is best suited to draw up this list.In Canada, any data may be
sensitive based on the context — sector-specific regulators might be better at
identifying which data is sensitive.
CENTRAL WELFARE
DATABASE OF CITIZENS
pensions, census data, e-
marriage national national
sample agricultur
e market
data, UPI
Why such centralized database?