Tag: Digital India

A Holistic Approach to Personal Data Protection

Source: https://www.pexels.com/

After detailed deliberations, the Joint Committee of Parliament on the Personal Data Protection Bill has made several important recommendations, and a debate is currently raging in the country over some of those proposals.

The Committee’s recommendations need to be understood in the broader context of personal data protection and to support the growth of a robust innovation and data-driven digital economy.

The Committee has proposed to include a new clause to include non-personal data within the ambit of the Bill, since renamed as Data Protection Bill, 2021.

This has been done to take a holistic approach towards processing of data, both personal and non-personal, as with the advent of advanced technologies like artificial intelligence and sophisticated data analytics, it may not be too difficult in future to relate anonymised personal data (a form of non-personal data) to individuals.

However, the revised Bill only contains a provision for formulating rules regarding non-personal data at a later stage. Currently, it does not have any substantive provisions in this regard.

A key provision in the Bill to allow certain exemptions to the government data fiduciaries has generated a lot of discussion.

The exemptions under Section 35 of the Bill need to be on a case-to-case basis and only on the grounds of sovereignty and integrity of India, security, etc. which are within the ambit of reasonable restrictions under Article 19(2) of the Constitution.

Further, the reasons for exemptions have to be just, fair, reasonable and proportionate which are as per norms laid down by the Supreme Court in its 2017 privacy judgement in the Puttaswamy case.  

The exemptions under Section 12 are narrower and more specific for facilitating better delivery of government services, disaster management, dealing with epidemics and medical emergencies, etc.

Government entities are not exempted from their obligations as data fiduciaries and complying with the rights of data principals in general. There are adequate safeguards in the Bill to prevent any misuse of such exemptions, including oversight by the Data Protection Authority (DPA).    

Another recommendation that has generated much debate relates to making social media platforms liable for content hosted on their platforms from unverified accounts and making verification of accounts mandatory.  

However, this is only for those platforms that do not act as intermediaries eligible for safe harbour as per Section 79 of the Information Technology Act, 2000. This is only a recommendation that needs to be examined by the government later and is not part of the revised Bill.  

Concerns have also been raised over the compliance burden on startups and its impact on innovation.

To address this concern, the Bill places much greater emphasis on compliance by the significant data fiduciaries with additional obligations, such as periodic audits, appointment of data protection officers, etc. Startups and small businesses do not need to comply with these additional obligations as they would not be classified as significant data fiduciaries.

The Bill also provides for the creation of a sandbox to encourage innovation. Processing of personal data of foreign nationals is also exempted under the Bill.

Another key concern is regarding the provisions for data localisation.

Section 33 of the Bill makes it clear that sensitive personal data shall continue to be stored in India, while Section 34 allows its transfer outside India under certain conditions.

The EU GDPR places similar conditions on data transfer to only those countries which fulfil the ‘data adequacy’ norms.

These provisions will make it easier for Indian entities to attract more outsourcing business from abroad as India would fulfil these norms. Storage of sensitive personal data within India would support the growth of hyperscale data centres and an innovative data-driven economy.

Concerns have also been raised over another recommendation relating to norms for testing the integrity of hardware and software on devices.

This has been done to prevent any unauthorised data breaches through insertion of any untrusted hardware. This provision has been added within the scope of functions of the DPA under Section 49 and can be implemented only after the DPA formulates an appropriate code of practice in consultation with the relevant stakeholders.   

The concept of privacy has evolved from the Aristotelian concept of idios, meaning “one’s own” or “private”, in ancient times to its modern-day focus on informational privacy.

The Data Protection Bill, 2021 provides a holistic framework for addressing informational privacy that will also help greatly in the growth of a robust digital economy in India.

(The above article appeared in The Economic Times on January 9, 2022 and is available at: https://economictimes.indiatimes.com/tech/catalysts/ettech-opinion-a-holistic-approach-to-personal-data-protection/articleshow/88775228.cms?from=mdr. The views are personal.)

Traceability vs Privacy: The Real Issue is of Collective Security

Source: weforum.org

Societies have long realised the need to provide collective security for all to ensure sustainable development and prosperity. Providing collective security involved imposing some form of social control to regulate individual and group behaviour through gathering information about individuals. In the modern information age, a good government can ensure collective security through efficient use of information for law enforcement without necessarily encroaching upon individual privacy.  

Countries around the world have enacted laws to ensure that such information could be collected easily through various sources to help in achieving the wider societal goal of collective security. The US enacted the Stored Communications Act (SCA) in 1986 to require the internet service providers (ISPs) to provide content and metadata on stored emails to the government agencies under certain conditions. As this law soon became outdated due to rapid technological advances, the US passed the Communication Assistance for Law Enforcement Act (CALEA) that required the telecom companies to redesign their networks to facilitate wiretapping by the government agencies. Later, in 2005, it was expanded to cover ISPs and services like Skype, etc.   

UK and Australia have gone even further in enacting laws that require device makers and software developers to provide access to encrypted data. The Investigative Powers Act 2016 and the Investigatory Powers Regulations 2018 in the UK provide sweeping powers to the intelligence and law enforcement agencies to carry out both targeted and bulk interception of internet communications and hack into devices to access data. The Telecommunications Assistance and Access Act 2018 of Australia gives broad powers to the government agencies to require communication service providers (CSPs) to decrypt any communication.

The raging debate in India over the ‘traceability’ provision in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 must be understood in the context of the need for ensuring collective security as a social good. The rules require the significant social media intermediaries to identify the first originator of a message in India for investigation of grave offences relating to the sovereignty and integrity of the country, crimes against women and children, etc. that are punishable with a minimum prison term of 5 years.

Critics have claimed that this provision would seriously undermine privacy and force the intermediaries to break the end-to-end encryption. However, the rules make it very clear that what is required to be provided by the intermediaries is only the metadata about the first originator of the offending message, and not its contents.  The message itself needs to be provided by the law enforcement agencies to the intermediaries. There is no attempt to make them break any encryption. With such safeguards built into the rules, the provision cannot be termed as harming privacy. In fact, the rules place much less onerous obligations on the intermediaries for sharing information compared to what several other countries have mandated, as noted earlier.

The law and the evolving jurisprudence in this domain in India have provided strong safeguards for ensuring freedom of expression and privacy. The upcoming Personal Data Protection Bill aims to further enhance this legal framework for protection of personal data and online privacy subject to reasonable checks in the interest of collective and national security. John Locke, a famous 17th century philosopher and the “Father of Liberalism”, argued in his Second Treatise of Civil Government that individuals needed a strong government to be able to exercise their individual rights and liberties.  

There need not necessarily be a trade-off between privacy and collective security. Collective security is just as essential to make people feel safe and allow them to enjoy their privacy protections to function effectively as individuals.  The new IT Rules seek to achieve that larger social good.

(The above article appeared in The Economic Times on 10th October 2021. It is available at: https://economictimes.indiatimes.com/tech/catalysts/traceability-vs-privacy-the-real-issue-is-of-collective-security/articleshow/86721078.cms?from=mdr. The views are personal.)

India In The Global Cyber Security Market

Introduction

The cyberspace, comprising ICT networks, computer systems and mobile networks and devices connected to the Internet, is by its very nature borderless. A country’s cyberspace is an integral part of the global cyberspace. The increasing penetration of Internet, particularly in developing countries, is leading to exponential growth in cyberspace. The rapid growth in the ownership of smart mobile devices (mobile phones and tablets) that can access the Internet has added to the increasing expansion of cyberspace in the country.

The exponential expansion in the global cyberspace has raised very pertinent questions about its security. The success of the global Internet system can be chiefly attributed to its relative openness and low entry barriers. However, these very same factors are also partly responsible for the grave threats to the cyberspace in the forms of cyber espionage, cyber warfare, cyber terrorism and cyber crime (IDSA, 2012). As nations spend heavily on creating the necessary ICT infrastructure to bring more citizens online to derive benefits from social and economic development opportunities that the Internet provides, cyberspace is expected to face greater threats in the future. Cyber security has consequently acquired much greater importance today than in the recent past. Several incidents of cyber crime across the world have led to heightened awareness about ensuring cyber security. What are the opportunities and challenges that this scenario is likely to throw up domestically and globally? How can countries like India address the challenges and benefit from the opportunities in the domestic and the global cyber security market?  In this article, I attempt to answer these central questions.

The rest of the paper proceeds as follows. First, I discuss the main features of the global cyberspace briefly. Then I discuss the main vulnerabilities of the global cyberspace and how they pose a threat to its security. Next, I discuss the organizational and coordination challenges for cyber security. Then, I discuss the opportunities and challenges for the country in the domestic space for cyber security and then I present the opportunities and challenges for India in the global cyber security market. Finally, I conclude. 

The Global Cyberspace

To appreciate the opportunities and challenges in the global cyber security market, it is necessary to understand its size and nature in all its ramifications.  As per the latest estimates, the number of Internet users in the world has risen to over 2.7 billion in 2013 corresponding to nearly 40% of the world’s population (ITU (1), 2013). The active mobile broadband subscriptions stood at 2.1 billion in 2013. Globally, 750 million households, comprising 41% of the total, are connected to the Internet. The expansion of the Internet is projected to be on an unprecedented scale in the future with the advent of the Internet of Things (IoT) and the IPv6 protocol that would make possible virtually unlimited IP addresses.

Similarly, the expansion of the Internet is taking place at an exponential rate in India as well. The total percentage of individuals using the Internet in India has grown from a mere 3.95% in 2007 to 12.58% in 2012 (ITU (2), 2013). The total number of Internet users in the country is estimated at 164.8 million as on March 31, 2013 (TRAI, 2013). Out of these, 143.2 million users accessed the Internet through mobile devices.

Vulnerabilities of Cyberspace

As noted before, by its very nature, the global cyberspace is borderless and cannot be isolated to national or regional boundaries. One of the fundamental concerns on cyber security arise from the fact that the core Internet protocols are insecure and the expansion of Internet is taking place on the same insecure systems. The global explosion in mobile based Internet usage is increasing the vulnerability of the cyberspace.  As the Internet has become central to the social, economic and political life of citizens and nations, countries are investing heavily in establishing information and communications technology (ICT) infrastructure to bring more and more citizens online. Thus, protection of the critical ICT infrastructure has emerged as another major challenge in addition to securing the communications and transactions conducted over the Internet. 

The vulnerability of the cyberspace is already being exploited by both state and non-state actors (Marmon, 2011). The attacks in the cyberspace can be mounted by potential adversaries intending to inflict damage at social, economic or commercial interests. They can also be targeted at achieving political or military objectives. They are often aimed at weakening or crippling the critical ICT infrastructure of the adversary to cause denial of access to information and networks or to render them non-functional. In 2007, there were massive cyber attacks on Estonia aimed at disabling the websites of government ministries, political parties, newspapers, banks, and companies. The attackers, suspected to be from a major country with involvement of state actors, employed sophisticated cyber warfare techniques to disable Estonia’s critical ICT networks and e-government infrastructure (Traynor, 2007).

The nature of cyberspace makes it very difficult to identify the perpetrators of these attacks and makes it especially attractive for enemies who do not want to be engaged in conventional conflicts. There is no contact or physical action across the border and the attacking party can completely deny any involvement. The attacked party may not even be sure as to when and how to react. Both the state and non-state actors have developed capabilities to engage in cyber attacks for prolonged periods without being identified.

Organizational and Coordination Challenges in Cyber Security

There are some additional features of critical ICT infrastructure and cyberspace that merit discussion here. Cyber infrastructure is largely owned and operated by the private sector. However, ensuring cyber security involves a multi-agency and multi-layered effort involving both state and private agencies. This poses a significant organizational and coordination challenge for the agencies dealing with cyber security.

At an organizational level, cyber security is not merely a technological issue, but a management issue as well. This encompasses enterprise risk management and involves human, process reengineering, change management, legal, network and security aspects. While the private agencies are responsible for securing their individual pieces of the infrastructure, the seamless flow and exchange of information and inter-linkages amongst the networks make it essential to coordinate the entire effort through an integrated command and control entity that is accountable for cyber security. The roles and responsibilities of all the parties need to be clearly specified. There is a need for governments to establish the appropriate policy mechanisms and legal structures. While security investments made by the private industry take care of their individual corporate needs, they might fall short of the requirements to secure a national network-wide infrastructure. Thus, a pure market-based approach to ensure cyber security may not work. A key challenge in this regard is to provide for the additional investments that might be required to secure the cyberspace and the critical ICT infrastructure for the country. This might come from incentives provided to the industry to generate collective action in a well planned approach to secure the critical ICT infrastructure.

Lack of capacity at the executive and policy making levels within organizations is another major challenge in ensuring cyber security. There is a need for a focused approach to build capacities to deal with security incidents, deploy latest technological solutions, provide adequate training to all the relevant levels of employees and deal with process transformation and change management required to achieve this goal.

Opportunities and Challenges in the Domestic Market for Cyber Security

Before we discuss the opportunities and challenges for India in the global cyber security market, it is relevant to discuss the cyber security scenario and the emerging opportunities and challenges within the country and how the government and the industry can meet them and benefit from the opportunities. As India develops its ICT infrastructure in an effort to bring more and more of its citizens online through projects such as the National Optical Fibre Network (NOFN) and makes greater efforts to provide public services electronically through its e-governance projects, the risks for cyber security in the country are going to be much higher in future. It would also make the entire ICT infrastructure and cyber assets in the country far more vulnerable to cyber attacks from both state and non-state actors from countries inimical to India. Are we geared to meet these challenges?

The government has recently taken several steps to ensure greater focus on these issues within the country. It has recently notified the National Cyber Security Policy 2013 (DeitY, 2013) with the goal of addressing the cyber security domain comprehensively from a national perspective. The main goal of the policy is to make the cyberspace secure and resilient for citizens, businesses, and the government. The policy envisages the establishment of national and sectoral mechanisms to ensure cyber security through the creation of a National Critical Information Infrastructure Protection Centre (NCIIPC).  Computer Emergency Response Team (CERT-In) shall act as the nodal agency for coordination of all cyber security and crisis management efforts. It will also act as the nodal organization for coordination and operationalization of sectoral CERTs in specific domains in the country.

Though efforts are being made to create an effective policy framework to deal with cyber security in the country, there are areas where significant challenges lie in ensuring cyber security. I would like to mention e-governance as a specific case in point here. The country has put in place a separate core ICT infrastructure for e-governance consisting of state wide area networks (SWANs) and state data centres (SDCs) in each state and union territory. Common Service Centres (CSCs), run by private village level entrepreneurs (VLEs), act as the front end for delivery of these services in rural areas. Currently, over 100,000 CSCs are operational across the country. Recently, mobile governance has been implemented to bring all government services on the mobile platform. The National e-Governance Plan is the flagship programme in e-governance consisting of 31 Mission Mode Projects (MMPs) spanning across a large number of government ministries and departments both at the national and state levels. During the last seven years of its implementation, NeGP has achieved good success with 23 out of the 31 projects delivering services electronically to the citizens and businesses.

Though NeGP has succeeded well, ensuring cyber security has been a big challenge as it involves protecting critical ICT infrastructure such as SWANs, SDCs and the applications of various departments running on them. Though scheme specific guidelines have been issued and several states have made significant efforts to protect their cyber assets, there is a need for a comprehensive policy on cyber security in e-governance and ensuring uniformity in its implementation across the country. Application level security is another important domain where greater efforts are required to ensure security.

The scenario discussed above presents big opportunities for the government and the industry to address cyber security comprehensively. As the government moves forward to put a policy framework in place, the IT industry can develop appropriate technological solutions to address the cyber security requirements of the core ICT infrastructure and applications. Massive opportunities for the industry are also opening up in sectors such as defence and telecom where the needs for cyber security are more critical.

Opportunities and Challenges in Global Cyber Security

Protecting the cyberspace and the critical ICT infrastructure have emerged as major challenges globally due to the factors discussed above. The Internet has emerged as the central feature affecting the lives of billions globally through e-commerce, banking, travel, e-government, email, etc. With the emergence of smart technologies, a host of utility services such as water supply networks, electricity distribution, etc. are critically dependent on ICT networks. Electronic systems and communications play a key role in the operation of equipment in the defence sector.

What are the opportunities and challenges that such a situation presents before nations like India? To analyse these aspects, it is important to understand the key trends in emerging technologies and how they impact the security scenario in cyber space. In the following paragraphs, I discuss seven such key trends and explain how they present challenges and opportunities for the Indian industry globally.

The most important phenomenon that is driving the expansion in the usage of Internet worldwide is mobility. The advent of mobile devices has brought unprecedented numbers of users online and has consequently increased the risks associated with cyberspace as many of the mobile and tablet users may be first time users of Internet and may not be skilled enough to understand these risks. Expansion in the usage of smart phones and tablets has also brought into focus the security of the operating systems and the applications that run on them. As the usage expands, so will the attempts by hackers to break into these devices and steal sensitive personal and corporate information. While this poses challenges for the device manufacturers and OS developers, it presents great opportunities for the Indian firms working in the mobility domain. As India is known for its prowess in software development, developing security solutions and secure applications for the mobile world is an unprecedented opportunity globally that is just waiting to be grabbed.  

The second most important technology trend that is driving the ICT industry is the emergence of the cloud platform. While this phenomenon started emerging a few years ago, it is only now that it is maturing and the cloud based solutions are being deployed across a number of domains in business, industry and government. Ensuring proper security of applications and data on the cloud is a major challenge and its entire implications are still not clear. Even a few cloud failures can result in massive breaches in security and devastating loss of data for the users. As the cloud encompasses the entire gamut of infrastructure, platform, and software as services, developing security solutions for this platform presents the Indian industry with an outstanding opportunity globally. A related segment which also presents great opportunities is data centre operations and management. Another related phenomenon is the emergence of security as a service on the cloud. This is another space that offers good opportunities for Indian firms.

The third important trend that has emerged recently is that of use of multi-factor authentication to improve security. Just a simple password is not enough to ensure access to a host of applications and services in areas such as banking, insurance, financial transactions, government services etc. In India, already Aadhaar based biometric authentication has emerged as a new mechanism to authenticate the identity of users. This presents an excellent opportunity for the Indian industry to develop applications in this domain and address the security concerns.

The fourth trend that is causing significant impact on cyber security globally is the continuous morphing of hacker groups and individuals to maintain their anonymity. This poses serious challenges for the organizations and government agencies trying to secure cyber space as the attacks cannot be attributed to any specific entity. However, this situation also presents very good opportunities for the Indian industry to continuously evolve technologies that can help in unmasking the identity of these anonymous attackers. Active cooperation amongst government agencies and organizations internationally are required to achieve the desired objectives in this area. Efforts in this direction by agencies such as the United Nations are already going on and the issue of global cyber security is likely to come up at the 68th session of the UN General Assembly in September 2013 (United Nations, 2013).    

The fifth trend that is impacting the cyber security scenario is the increasing involvement of state actors in cyber war aimed at crippling the information and communication infrastructure of their targeted countries and crippling their social, economic, government and military activities. There is enough evidence of involvement of state actors in several recent incidents of cyber attacks (Marmon, 2011). Stuxnet is a case in point (Vijayan, 2012). This situation has emerged as a serious challenge for countries like India which are surrounded by several inimical neighbours. However, this also presents the country with a big opportunity to develop solutions to secure its ICT infrastructure and cyber assets.

The sixth emerging trend that will have a significant bearing on cyber security is the related issue of ensuring privacy and confidentiality of information pertaining to individuals and businesses. One of the motivations for cyber attacks is to gain access to or steal information that has commercial value or that helps the attackers to commit fraud with that information. To ensure privacy, effective laws and regulations need to be put in place to ensure what data can be used and shared and for what purpose. It also has bearings on where the data can be stored in servers. This is already a major concern in some domains such as healthcare, where privacy and security concerns about hosting and sharing health data are very significant. As India is the world leader in IT services outsourcing business, this offers a big opportunity for the Indian government to put in place effective policies to assure the international community that the country respects the concerns on privacy and confidentiality of data. The Indian industry should exploit this opportunity in a big way to get a bigger share of the worldwide market in IT and IT enabled services.

Lastly, there are greater efforts being made now internationally at multilateral level to address the global concerns on cyber security. Recently, the international Group of Governmental Experts, representing 15 countries including India, has submitted a report to the United Nations secretary general on enhancing cyber security globally (United Nations, 2013). International cooperation in cyber security presents great opportunities for India to spearhead and lead the efforts to build global consensus around the approaches to address the issues. It would also open up tremendous opportunities for the Indian industry to develop and showcase its capabilities to offer technical solutions to deal with the threats.

Conclusion

Cyber security has emerged as one of the most important concerns internationally due to the enormous damage that cyber attacks can cause to the core ICT infrastructure and information assets that are central to the social, economic and political life of nations, citizens, and businesses. As the attackers can disguise themselves easily and their real identities are very difficult to ascertain, it is even more incumbent upon the stakeholders involved to take urgent measures to ensure cyber security. While India has recently taken a number of steps to enhance the security of its vital ICT infrastructure and cyber assets at the national level, specific domains such as e-governance, telecom, defence, etc. need specific strategies to deal with cyber security more comprehensively. Globally, a number of countries are grappling with similar issues and are stepping up efforts to enhance cyber security within their territories. Efforts are also on at multilateral level, such as the UN, to deal with the issue comprehensively and formulate strategies that can succeed in addressing the concerns globally. As India is known worldwide for its IT prowess, this scenario presents great opportunities for the country to lead the efforts internationally to build consensus around approaches to address cyber security globally. It also presents tremendous opportunities for the Indian IT industry to develop technical solutions to deal with the threats and secure the ICT infrastructure and the cyber assets both in the domestic space as well as internationally.

References

  1. DeitY. (2013).  National Cyber Security Policy. Department of Electronics and Information Technology (DeitY). Accessed August 25, 2013 from: http://deity.gov.in/sites/upload_files/dit/files/National%20Cyber%20Security%20Policy%20%281%29.pdf
  2. IDSA. (2012). India’s Cyber Security Challenge. IDSA Task Force Report. Institute for Defence Studies and Analysis (IDSA). March 2012.  Accessed August 9 from: http://idsa.in/system/files/book_indiacybersecurity.pdf.
  3. ITU (1). (2013). The World in 2013. ICT Facts and Figures. International Telecommunications Union. Accessed September 18 from: http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2013.pdf.
  4. ITU (2). (2013). Statistics. Time Series by Country. Percentage of individuals using the Internet. International Telecommunications Union. Accessed September 18 from: http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx.
  5. Marmon, W. (2011). Main Cyber Threats Now Coming From Governments as “State Actors”. European Affairs. November 2011. Accessed September 15, 2013 from: http://www.europeaninstitute.org/EA-November-2011/main-cyber-threats-now-coming-from-governments-as-state-actors.html
  6. TRAI. (2013). The Indian Telecom Services Performance Indicators, January – March 2013. Telecom Regulatory Authority of India (TRAI). Accessed August 25 from: : http://www.trai.gov.in/WriteReadData/WhatsNew/Documents/Indicator%20Reports%20-01082013.pdf.
  7. Traynor, I. (2007). Russia accused of unleashing cyber war to disable Estonia.  The Guardian. 17 May 2007. Accessed September 17 from: http://www.theguardian.com/world/2007/may/17/topstories3.russia.   
  8. United Nations. (2013). Developments in the Field of Information and Telecommunications in the Context of International Security. Accessed September 16, 2013 from: http://www.un.org/disarmament/topics/informationsecurity/.

Vijayan, J. (2012). Government role in Stuxnet could increase attcks against US firms. Computerworld. June 2012. Accessed September 19, 2013 from: http://www.computerworld.com/s/article/9227696/Government_role_in_Stuxnet_could_increase_attacks_against_U.S._firms?pageNumber=1

(The above article was published in Seminar, October 2013. It is available at: http://www.india-seminar.com/2013/650/650_rajendra_kumar.htm).

Foundation for a Future India: Digital India

India today ranks amongst the largest economies of the world and has become the fastest growing large economy. However, it is still a lower middle income country in terms of per capita income with substantially high levels of poverty and deprivation and significant regional imbalances in development. The vision of a future India must aim at holistic development in all sectors of the economy and society so that overall human development and quality of life is improved in the country.

Can technology led transformation lay the foundation of a future India?  In this article, I examine this central question with reference to the recently launched Digital India programme of the Government of India that aims at transforming the country into a digitally empowered society and knowledge economy. The programme weaves together a large number of ideas and thoughts into a single, comprehensive vision so that each of them is seen as part of a larger goal. The focus of Digital India is on being transformative – to realize IT (Indian Talent) + IT (Information Technology) = IT (India Tomorrow) and on making technology central to enabling change.

This futuristic vision of the programme is centred on three key areas, namely, digital infrastructure as a utility to every citizen, governance and services on demand and digital empowerment of citizens. The idea is to transform the entire ecosystem of public services through the use of information and communication technologies (ICT) and build holistic capabilities across a wide range of sectors, e.g., ICT infrastructure, e-governance, software services and delivery platforms, electronics manufacturing, Internet of Things (IoT), IT skills and job creation, etc. The focus is on making ICT as a key driver for transforming every sector of the economy and society. In order to achieve this futuristic vision for a developed India, Digital India focuses on several key developmental strategies. These include promoting investments through improving ‘ease of doing business’, encouraging entrepreneurship across various sectors through leveraging IT, capacity building and creation of jobs in the IT sector, providing easy access to public services anytime from anywhere, promoting financial inclusion through mobile banking and micro ATMs, promoting literacy through e-books and other digital contents, faster services and dissemination of information to promote growth in diverse sectors such as agriculture, education and healthcare, and encouraging more participation from women in various sectors of the economy and society. 

In order to lay the foundation for future India, Digital India has identified nine key pillars of growth areas. These include broadband highways, universal access to mobile connectivity, public internet access programme, reforming government through technology, electronic delivery of services, information for all, electronics manufacturing, IT for jobs and early harvest programmes. The pillars provide a number of specific targets and activities within those growth areas so that the concerned sectors can benefit from IT enablement.  The figure 1 below depicts the nine pillars of the programme.

Figure 1: The nine pillars of the Digital India Programme

The first pillar on broadband highways aims at expanding high-speed connectivity to all 250,000 village panchayats in the country and ensuring high-speed internet access for all.  It also aims at creating a National Information Infrastructure to provide cloud infrastructure and next generation network services to connect all government institutions and service delivery centres up to the village level.

The second pillar on universal access to mobile connectivity aims at expanding mobile connectivity across the entire length and breadth of the country by covering all the over 55,000 uncovered villages. The third pillar on public internet access programme aims at universalizing internet access through an expanded network of 2,50,000 common service centres, one in every panchayat. The 1,50,000 post offices are also proposed to be converted into multi-service centres.

The next two pillars on e-governance aim at holistic transformation of governance and delivery of public services through the use of ICT. Comprehensive government process reengineering (GPR) would be made mandatory in every domain before deployment of ICT to improve delivery of services. Use of common platforms such as online authentication through Aadhaar, Mobile Seva for mobile phone based delivery of services, Digital Locker for online storage and sharing of government issued documents, online and mobile payment gateway, adherence to uniform standards and guidelines across multiple applications and databases and single sign-on mechanism for seamless navigation and access to services across multiple government portals would be encouraged to ensure integration of services and their interoperability. The recently approved e-Kranti or the National e-Governance Plan (NeGP) 2.0 framework has expanded the number of Mission Mode Projects (MMPs) in e-governance from 31 to 44 and covers every possible domain providing citizen and business-centric services. This plan covers all central government departments and all states and Union Territories (UTs). To enable the implementation of these e-governance projects using common platforms and to ensure interoperability and integration of services, the Government of India has already approved a slew of policies that include policies on adoption of open source software, open Application Programming Interfaces (APIs), e-mail, use of IT resources, collaborative application development and application development and re-engineering guidelines. Ensuring cyber security is a vital part of the entire strategy. Futuristic technologies such as Internet of Things (IoT) would also be mainstreamed in the relevant sectors in future. Use of social media, mobile, cloud platform and analytics form the key components of the overall strategy.

The sixth pillar on information on all aims at facilitating open and easy access to information for all and pro-active engagement with citizens through social media. The government’s open data platform (data.gov.in) has the vision of sharing all publicly available government data through a single portal that can be used by the developer community to develop apps for various purposes. MyGov.in platform engages with citizens to obtain their inputs and ideas on various governance issues.

The seventh pillar on electronics manufacturing has set a very ambitious target of net zero imports in the electronics sector by 2020. It is estimated that the total size of the electronics sector in the country would be worth around US$ 400 billion by 2020. In the absence of any policy interventions, India would need to import almost US$ 300 billion worth of electronic goods and components by 2020. In order to encourage domestic manufacturing in this sector, a range of measures has been announced by the government. These include subsidies on investment and elimination of cost disadvantages through rationalization of the duty structure to promote domestic manufacturing. The focus areas in this sector are fabs, fab-less design, set top boxes, mobiles, consumer and medical electronics, smart energy meters, smart cards, etc. There is also a huge emphasis on producing highly skilled personnel in this sector through schemes such as scholarships for students for Ph.D. programmes at premier institutions.

The pillar on IT for jobs aims at training 1 crore youth from smaller towns and villages in the IT sector over the next five years. Business Process Outsourcing (BPO) enterprises would be set up in the north-eastern states to facilitate IT enabled growth in these areas. There is also emphasis on training at least 5 lakh rural workers by the telecom service providers (TSPs) to cater to their own needs in expanding access to telecommunication and broadband services in these areas. 

The last pillar on early harvest programmes aims at early implementation of projects in selected areas so that benefits could be realized quickly. These include setting up an IT platform for messages to be sent to people, providing wi-fi facilities in universities, biometric attendance in offices, ensuring secure email infrastructure within government, providing public wi-fi hotspots, converting all school books to be e-Books, a national portal for lost and found children and an SMS based weather information and disaster alert system. Many of these initiatives have already been made operational.    Digital India is a visionary programme that lays a solid foundation for a futuristic India driven by technology-led transformation. However, there is a need for concerted efforts by all the stakeholders to ensure that all the components of the programme are implemented holistically so that the intended benefits can be realized and the overall vision of the programme achieved.

(The above article originally appeared in ICT Connect, Magazine of ICT Academy of Tamil Nadu, March 2016, 6-8.