Topic : Data deprivation makes cyber crime difficult to tackle
Topic in Syllabus: General Studies Paper 3: Security Issues
In recent times, there have been many instances of the hard-earned money of Indians being taken out of bank accounts and charges loaded onto credit cards through online frauds. As a nation making a huge transition to a cashless economy, public faith in the digital system needs to be consistently reinforced.
What is data localization?
- Data localisation is the act of storing dataon any device physically present within the borders of a country.
- Requirements for local storage and processing of data are commonly referred to as ‘data localization’ or ‘data residency’ requirements. Data localization can broadly be defined as ‘any legal limitation on data moving globally and compelling it to remain locally.
- Localization policies can take a variety of forms. This could include a specific requirement to locally store copies of data, local content production requirements, or imposing conditions on cross border data transfers that in effect act as a localization mandate.
Need for data localization:
- The main intent behind data localisation is to protect the personal and financial informationof the country’s citizens and residents from foreign surveillance and give local governments and regulators the jurisdiction to call for the data when required.
- Data localisation is essential to national security.Storing of data locally is expected to help law-enforcement agencies to access information that is needed for the detection of a crime or to gather evidence.
- Where data is not localised, the agencies need to rely on mutual legal assistance treaties (MLATs)to obtain access, delaying investigations.
- On-shoring global data could also create domestic jobs and skills in data
- storage and analytics, as the Srikrishna report had pointed out.
- Start-up ecosystem:
- Another emerging casualty of such cybercrimes is the emerging “startup” ecosystem. We are beginning to see multiple cases where customers of genuine startups, unicorns and Indian businesses have been subjected to online fraud.
Impact of cyber crime:
- It shake people’s faith in digital systems.
- the scepticism vis-a-vis online transactions also hurts the potential of emerging companies, tomorrow’s successes which could help take India to the $5 trillion economy that the country aspires to.
Steps towards data localization in India.
- Since most search engines and social media platforms have no “permanent establishment” in India, law enforcement agencies have hit a wall on data access for the purpose of solving cybercrimes. This has often raised calls for complete data localization.
- The Srikrishna Commission recommended that data be stored in the country either directly or through mirror servers to serve law enforcement needs.
- The Reserve Bank of India imposed a hard data localisation mandate on payment systems providers to store payment systems data only in India.
- The draft e-commerce policy also has clauses on cross-border data transfer. For example, it suggests that if a global entity’s India subsidiary transfers Indian users’ data to its parent, the same cannot be transferred to a third party, even with the user’s consent.
- Draft Personal Data Protection Bill, 2018 has specific requirements on cross-border data storage.
- The Bill states that every fiduciary shall keep a ‘serving copy’ of all personal data in a server or data centre located in India.
- The central government may notify certain categories of personal data as exempt from this requirement on grounds of necessity or strategic interests of the State.
- The central government may also notify certain categories of personal data as ‘critical personal data’, which may be processed only in servers located in India.
- At the G20 summit 2019, India boycotted the Osaka Track on the digital economy.The Osaka Track pushed hard for the creation of laws which would allow data flows between countries and the removal of data localisation.
Concerns Regarding Data Localisation
- Physically locating all data within the territory of a state leads to a significant increase in the capacity of law enforcement agencies to access that information, and consequently surveillance of domestic residents.
- Localization becomes problematic in this context not just because the data will now be under the physical access of the state, but also due to the technical measures likely to be implemented to ensure that the data stays within a country’s boundaries.
- Checks and balances: There is the fact that citizens in countries with poor checks and balances often do not have any real or effective mechanisms to challenge state surveillance mechanisms.
- Additionally, domestic executive agencies will generally pose a greater threat to an individual than foreign agencies, due to the relative ease of applying coercive action within a state’s boundaries
- Fundamental rights: Localization could affect expression rights in a number of ways given that the Internet is built on the principle of easy transfer of information across borders. Localization may also permit greater censorship of domestic dissident or political voices and affect the extent to which Indian content is accessible abroad.
- Government perspective: With the growing usage of encryption techniques, localization in itself may not be a sufficient tool to achieve the desired level of access. As an example, consider the Apple-FBI imbroglio in the United States.
- Where the company refused government requests for help in decrypting data stored in a device in the government’s jurisdiction
- Economic cost: One of the main arguments against mandatory localization stems from the cost that it is likely to impose on businesses and consequently, their consumers and the economy as a whole.
- Widespread localization norms will mean that businesses and other users-both domestic and foreign-will no longer have the flexibility to choose the most cost-effective or task-specific location to store their data. These efficiency losses will ultimately be passed onto consumers in the form of higher costs of service.
- Taking into account factors like energy cost, international bandwidth, ease of doing business and taxation provisions, Cushman & Wakefield (2016) Data Center Risk Index score placed India at thirty sixth position, with a score of 47.84 (out of a highest score of 100)
- Oppositions from Global Internet Giants: Facebook’s Mark Zuckerberg recently expressed apprehension about nations wanting to store data locally. According to him, it gave rise to possibilities where authoritarian governments would have access to data for possible misuse.
- Opposition from US: The US Electronic Communications Privacy Act bars US-based service providers from disclosing electronic communications to law enforcement agencies of any country unless US legal requirements are met.
- The U.S. criticised India’s proposed norms on data localisation as ‘most discriminatory’ and ‘trade-distortive’.
- EU concerns:termed data localisation as unnecessary and potentially harmful as they would create unnecessary costs, difficulties and uncertainties that could hamper business and investments.
- The bilateral mechanism of the India-US Mutual Legal Assistance Treaty is a bit outdated and does not seem to work. The US Cloud (Clarifying Lawful Overseas Use of Data) Act, however, enables law enforcement authorities in India to request electronic content directly from US service providers under an executive agreement with the US government.
- India needs to work out a way to crack cyber frauds and crimes.
- legally-backed framework for a collaborative trigger mechanism that would bind all parties and enable law enforcers to act quickly and safeguard Indian citizens and businesses from a fast-growing menace.
- All the players involved, including banks, telecom companies, financial service providers, technology platforms, social media platforms, e-commerce companies and the government, need to play a responsible rolein ensuring innocent citizens do not undergo the trauma of suffering losses.
- The customer also has a responsibility to maintain basic cyber hygiene,which includes following practices and taking precautions to keep one’s sensitive information organized, safe and secure.
“Discuss how data deprivation is a challenge to tackle cyber crimes. Also comment whether data localisation will help in solving cyber crimes in India.”