China is not a democracy. It has long been clear that Beijing holds its businesses in a firm grip, runs a tech-enabled surveillance state, and thinks little of making a grab for what it desires. Suspicions that this attitude also applies to data have swelled over the past year, even as a clutch of Chinese apps zoomed past the 100 million mark in downloads on Indian smartphones. Our vulnerability of data exposure to an adversarial power has been a cause for alarm. On Tuesday, the government invoked its authority under Section 69A of the Information Technology Act and rules formulated in 2009 to ban mobile apps of Chinese origin. Data security was cited as the chief concern, with attention drawn to the risk of surreptitious transfers to foreign agencies of local information, which could be misused in ways that pose a threat to Indian sovereignty. While the ban has sent Beijing a signal of our resolve to defend our interests and take punitive action in the digital domain for its military hostility along the Line of Actual Control, it has also alerted multitudes of our citizens to the dangers of data misuse by shadowy operatives. Such awareness is good for the country.
Led by social media, app mania swept India so swiftly that few Indians seem to have pondered their privacy as they got busy with their touch screens. Anecdotal evidence suggests that the terms of usage remain a blind spot for most users, even of apps that act as data sponges. Some of these can develop profiles of individuals of such intimacy that espionage units would need to pry no further. If large volumes of data are subject to artificial intelligence tools, then a cross-section of an entire country could stand exposed. Since careless users of apps abound, even sensitive information could be revealed. TikTok, China’s most popular app in India, tends to bustle with frivolous video clips and juvenile antics, but the odd upload could give vital data away. The same could perhaps be said of CamScanner, a Chinese document-scanning app in widespread use. As India goes online, we need to be wary of digital intrusions. Hackers were bad enough. Apps could do us similar damage.
In the virtual world, however, such threats need not emanate from any particular country. Nor would blocking the apps of an adversary fully prevent data leakage. Withdrawal into a digital shell of local applications is no solution either, for it would only cut us off without acting as a sufficient safeguard. While there may be no foolproof response to the problem, we could yet empower citizens to shield themselves by way of a data protection law. There exists a draft bill on this that seeks to on-shore the storage of data to the extent possible, proposes a set of safety devices calibrated by the sensitivity and value of information, and envisages a central data authority that would guard our digital security. Given the current circumstances, it may be tempting to tweak the bill specifically against Chinese access to our data. All legislation, though, needs to be framed for long-term validity. The current bill appears to vest the proposed data authority with excessive power, while leaving individuals with too little to fend off violations of their privacy. It should be reworked to grant people explicit ownership—and thus legal control—of their personal data. It’s a fair bet that democratic defences that derive strength from popular awareness will do a better job of digital security.