Ever since the demonetization, the pace of technology adoption in India by common people particularly for financial transactions, is on the increase. The UPI system supported by the multi banking platform such as the BHIM has brought digital payments within the reach of every common person holding a mobile. JIO now has announced that it will be releasing LTE enabled feature phones at Rs 999/- and along with its data offers, will further ensure that the mobile penetration will reach deeper and deeper into the lower strata of our society.
It is a matter of pride that India is progressing in the use of digital communication and adopting it even for E Governance, E Commerce and E Banking.
But some times I feel as if it is a kind of joy which a parent feels when their young child who has just learnt to ride a cycle wants to go out into the streets on his cycle. It is a joy to recognize that the child has grown up but it is a joy that is peppered with a concern on what risks the child would face on the streets. Some parents would be so overwhelmed by the concern that they would never allow the child the permission to go out. But some may try to facilitate the child to go out on the streets and also try to manage the risks that may arise in the process.
A wise parent is not paranoid about the risks nor would ignore the risks. He/she may advise the child about the risks to the extent necessary but to the extent to scare him/her off of his/her enthusiasm to go out cycling on the streets.
Cyber Security professionals today are in this dilemma….
….Should we support and encourage the Government and the people to go ahead and adopt to technology? ..ignoring the risks?.. or
……Should we put our foot down and block the technology adoption?.
May be we should also consider the third option…
…….Should we act like a wise parent who takes such steps as to enable “Safe Cycling on the Streets for the Newbie”?
Naavi.org has been confronted with this difficult choices from time to time in its quest for “Building a Responsible Cyber Society” which is the motto with which the undersigned embarked on his journey into spreading the message of Cyber Law around 1999 using the internet as the media.
At times we have been highly critical about the unplanned developments that are pushed through by commercial interests and even blamed the Government agencies and RBI for their inability to moderate the introduction of technology. But more often we have always ended with the thought that technology is welcome but its adverse impact needs to be recognized and citizens need to be protected. It is under this thought that we have always focussed on “Cyber Law Compliance” on the one hand and “Cyber Insurance” on the other hand.
The next wave of cyber security risk would be unleashed with the Aadhaar Enabled Payment Systems which on the face of it looks incredibly attractive but at the same time opens up a huge level of risks for the user as well as the intermediary organizations.
In the light of this development, we would like to flag the possibility of Cyber Fraud risks that may arise from the “Stored Biometric Replay Attack” that can be used to authorize fraudulent payments which could put the public in a direct war path with the authorities particularly the Banks and RBI.
UIDAI has protected itself through legislation to avoid liabilities but the intermediary Banks will be exposed to the risks of vicarious liability under ITA 2008 and the limited liability principles under the RBI guidelines.
The Banks are of course trying to persuade RBI not to confirm the “Limited Liability Principle” (Check RBI Circular of August 11, 2016). If RBI yields and Prime Minister Mr Modi and Finance Minsiter Mr Arun Jaitely continue to ignore our repeated reminders , the Banks will successfully push the liability for frauds on the public.
Public will then turn their anger against the rapid technology adoption without corresponding initiation of security measures. Mr Modi should remember how his demonetization policy was opposed more for the bad implementation rather than the policy itself .
We therefore urge all the three stake holders namely the Cyber Fraud victims, the Banks and the Government to take appropriate actions in their respective spheres of activity to ensure that the Cyber Risks particularly in the digital payment eco system is managed effectively.
We need to therefore urge all these stakeholders to find out ways and means of “Secure Technology Adoption” and not be drawn into technology adoption because it is the “fashion of the day”.
The principles discussed above in the context of Banking and Digital Payment system are even more relevant when we take into consideration the Internet of Things, Digital Medical devices/implants, Driver less Cars, Smart Cities etc.
In this context, we would like to present for academic discussion the “Theory of Secure Technology Adoption” . The dimensions of this theory will be explained in greater detail in the subsequent post/s.