IRCTC Innovation Curbed out of ignorance and media Pressure

Posted on August 27, 2022 by Vijayashankar Na

IRCTC has many customer complaints and even the undersigned has pointed out several deficiencies in their services some times on this website itself. However this does not mean that we need to oppose whatever IRCTC does.

We therefore need to highlight that IRCTC has been unfairly targeted in the last one week and its attempt to consider “Data Monetization” was nipped in the bud.

It was not surprising that the Government which recently withdrew the Privacy Bill for irrational reasons perhaps under the pressure of vested interests wanted to put up a show that it has “Privacy Concerns” and pressurized IRCTC to withdraw the tender to find a consultant for exploring data monetization.

It was amusing that the reason given out for withdrawal was that the Privacy Bill had been withdrawn. IRCTC being under the Ministry of Railways and there is a common minister for Railways and IT meant that Mr Ashwini Vaishnaw did not  want the controversy to snow ball into a discussion on the irrational withdrawal of the Bill.

If the Government was really concerned about the Privacy, it would not have withdrawn the Bill in the first place. Even if it wanted to withdraw, it could have kept the bill hanging and replaced it with the new Bill in one shot so that the pressure for compliance on the industry would have kept up.

But the Ministry chose to withdraw the Bill with a promise that a new bill will be introduced which no body believes.

What IRCTC tried to do was to explore the possibility of generating revenue out of its data assets. Part of the tender (Project A) was for conducting a study on monetization possibilities. It was only the second part (Project B) which had the implementation of the project on BOT basis where there was a possibility of data being shared with the implementation partner.

A more logical approach could have been to defer Project B and continue with Project A only.

It is the duty of every data rich organization to know the value of its data assets and to generate revenue for its share holders. In the case of public sector organizations, the duty is to  protect a sovereign asset and ensure that the Government assets are harnessed for the benefit of the people of the country.

Today there are thousands of Public Sector organizations who have vacant lands, unused buildings and surplus manpower  all contributing to a national wastage of resources. In the same vein, the non-harnessing of data assets is also a criminal wastage of national resources. Harnessing of data does not mean infringing the privacy of individuals. It may involve use of non personal data or anonymized ( not de-identified) personal data.

We are all aware that the hackers target Government agencies for stealing data just like targeting the  Banking organizations for stealing money. The reason is that criminals know where the valuable data assets reside.

The Privacy activists who are today objecting to IRCTC efforts to study the monetization possibility include those agents of those commercial organizations who want exclusive rights to exploit citizen’s data for themselves and donot want the Government to make the money of the same assets.

The journalists who donot understand the intricacies simply use words such as “Selling of data” without understanding the difference of “Monetization” and “Selling”.  We have pointed out earlier that in the case of UIDAI tender for “Social Media Monitoring”, even the Supreme Court came out as an ignorant body and shot down a proposal for “Reputation Management” mistaking it for “Surveillance”.

The same Supreme Court or the Standing Committee of Parliament, Privacy Activists and the Journalists as well as the ED or CBI were no where to be seen when Naavi.org highlighted how CIBIL Data worth lacks of crores of rupees were transferred to the custody of a foreign company.

Where were these agencies when Naavi.org pointed out how NFTs and Crypto Currencies could be used for money laundering or how the JPC on PDPB went out of the way to recommend Ripple over SWIFT?

If these agencies had really understood how money laundering can occur with “Data Laundering” , they would have acted swiftly when NCLT declared Net4India insolvent despite over Rs 100 crores of data assets being in its possession or when Banks transferred their share holdings in CIBIL to Trans Union resulting in shift of 500 million sets of sensitive financial data of Indian Citizens which had been provided to CIBIL under trust as a financial agency with a responsibility to reduce NPAs in the country.

The IT Standing committee summoning IRCTC on the tender issue and IRCTC chickening out of the project indicates that these agencies have no appreciation of the value of data.

The study under Project A of the tender would have established a method of identifying the value of data and in the process would have opened the eyes of IRCTC that their present data protection efforts are not commensurate with the risks. This opportunity was lost with the complete withdrawal of the project.

If a custodian of a valuable asset thinks the value of the asset is Rs 100 where as it’s real value is Rs 1 crore then the effort on securing the asset would be that much more robust.  For this purpose every data driven organization must be aware of the value of data in its hands. Hence this exercise would have opened the eyes of the IRCTC management and that of the Government in general about how to discover value in Data. This would have ushered in a revolution in the Data Governance practices in the Government.

Now what has happened is that this “Value of Data” is known only to organizations like Face Book and Google and others lost an opportunity to understand the treasure that is hiding behind the walls of ignorance  in IRCTC and elsewhere.

I am reminded of an earlier incident when Google offered Mysore University free scanning and digitization of all ancient scripts in its library without realizing that sharing of the data with Google is like how the British looted the palm leaves from Tanjavoor temples when they left the country. I will now not be surprised if Google or Face Book associated Data Science companies approach IRCTC and offer a “Free Service” for “Data Re-organization” outside the need for a tender (since it is a free service) and get access to all these data.

We know that the Ministry of Finance is trying to privatize NPCI the same way CIBIL was sold out. Hence there is every possibility that a similar “Acquisition strategy” would be mounted by some interested Big Data Company to take over the data assets of IRCTC in a different manner.

I anticipate and forecast that there could be “Privatization” thoughts floated by the vested interests to assume control over IRCTC data assets through share acquisition. We note that Trans Union started as a 10% share holder in CIBIL for its data science expertise and raised its share holding from 10% to 92.1% through private share deals with the Indian Banks. Similarly some Big-Data Entity can get into IRCTC  with a minority share holding to help it improve its data related revenues and later quietly buy over the shares (In CIBIL issue, it was Trans Union ).

The same journalists who are now objecting to IRCTC tender which was a transparent way to find out the value of its data assets, will remain silent when such plundering of Indian national assets take place.

We must remember that even Mr Arnab Goswami ignored the CIBIL data loot and his competitors also did not spot the opportunity for breaking news. It is unlikely that they will now flag the possible ulterior motive in stopping the IRCTC data monetization project.

Naavi

Also refer:

“Supreme Court Slams UIDAI”.. Is it a fake news created by Economic times?

Regulation of Monetization of Data in NPDAI and IRCTC issue: Shape of Things to Come..13 (Monetization)

IRCTC Should not become another scam like CIBIL

Vidwat Sabha on IRCTC Issue

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.