Saturday, February 5, 2011

Mobile Banking In India Is Risky

The idea of mobile banking in India is not new and rather it is one of the most progressive and promising initiative. However, like all other projects and initiatives of India, even mobile banking is not free from troubles.

The present banking and other technology related legal frameworks are not conducive for mobile banking in India. We do not have a well developed e-governance infrastructure in India. Similarly, on the front of e-commerce as well, India is not much successful.

However, the most troublesome legal hurdle is a weak and cyber criminal’s friendly cyber law of India. The information technology act, 2000 (IT Act, 2000) is the sole cyber law of India that does not carry any sort of deterrent effect. While implementing mobile banking in India, sound legal framework is required for banking and cyber law related issues.

There are no limits to the troubles when institutions like national payments corporation of India (NPCI) and unique identification authority of India (UIDAI) join their hands. Both Aadhar project and UIDAI are unconstitutional as they go against the very scheme of Indian constitution. Further, they are also not supported by any legal framework and are executive hegemony by hijacking the constitution.

NPCI has decided to use unconstitutional and illegal UID numbers for allowing customers to do financial transactions using their mobile phone. It may be used to open an account, make a cash deposit or a withdrawal. NPCI would use the UID number along with the customer's thumb impression for offering this service.

Surprisingly, this is proposed immediately after the reserve bank of India (RBI) has asked the banks to consider the report of one of its working group dealing with cyber frauds and cyber crimes. This initiative seems to be going against the core recommendations of that report.

Presently, banks are not performing due diligence as per the requirements of cyber law of India. Let us hope the RBI would make this initiative of NPCI /UIDAI more users friendly and safe.

Should India Use Cloud Computing?

Cloud computing is a profitable business model, especially in India. This is the reason why it has been literally imposed upon Indian netizens without telling them of the dangers of the same.

India has a weak cyber law, ineffective cyber security and lack of privacy, data protection and data security laws. In other words, cloud computing is a perfect breading ground for cyber criminals of India and word over.

Lack of regulatory and security support has discouraged a dominant majority of CEOs in India to use cloud computing for their business. Add to these woes the incidences of frequent leakage of sensitive information in India as well as growing unaccountable e-surveillance in India.

Imagine a situation where the cloud computing service providers have nothing to loose by intentional or unintentional leakage of sensitive information. They cannot be challenges in a court of law as they would not be violating any law.

Further, if the security agencies are accessing that information, even without a court warrant, these cloud computing service providers would be more than happy to oblige them.

India must first establish proper legal frameworks for privacy, data security, data protection, lawful interceptions and effective cyber laws. Equally important is a law on information security that is missing in India.

Till these laws are in place, cloud computing is a risky and undesirable model in India.

Blackberry May Get A New Deadline In India

The time limit to provide encryption keys of enterprise services of Blackberry has already expired. Research in motion (RIM), the company managing Blackberry services, is still maintaining that it has no control over the encryption keys residing at the sets of users.

However, Indian government is not accepting this argument of Blackberry and is still asking for the keys. Since the deadline is already over, it is obvious that Blackberry would get another breath of life in India.

Meanwhile, Telecom Secretary R. Chandrasekhar said the access to corporate emails sought by India's security agencies is not specific to RIM. However, the government has not sent any requests seeking access to any other companies, he said. Of course, he is hinting towards encrypted Gmail and Skype services.

This deadlock is not going to be solved very soon. However, government of India has forgotten a more important issue associated with this exercise. It is very easy to get information in plain text in real time but it is an altogether different game when it comes to decrypting a highly encrypted message.

Encryption is not limited to Blackberry services alone. There are many great free encryption software that Indian security agencies would never be able to defeat. This is so because Indian security agencies are taking the easy route rather than developing good and effective cyber forensics capabilities.