DPI Design Principle #5: Privacy

The last pillar of India’s DPI (Digital Public Infrastructure) is privacy. We take that to mean control over who knows what, whether that info can be shared with others, for how long it can be retained etc. Yes, privacy is all those things.

 

But India’s DEPA takes it a lot further, explains Rahul Matthan in The Third Way. It actively seeks to ensure portability (Unlike those private corporations which deliberately have data is in non-standard formats to prevent interoperability). Even better, DEPA has “been designed to support requests for specific items of data”. An example helps. When we apply for say a visa, the issuing country really only wants to know if we earn enough (salary month on month). But the bank statement exposes every transaction. The DEPA framework allows you to select only salary credits be shown and everything else blacked out.

 

The next issue with privacy is consent, i.e., explicit permission of the individual. In theory, the solution lies in seeking explicit consent for each usage of the data. In practice, companies put a 100 page terms and conditions one-time which users can neither read nor understand but have to sign if they want to use the service. DEPA enforces the usage of consent templates whereby the requestor of the data must declare the intended use of the data. These consent templates are standardized by the regulators, different ones for finance v/s health v/s education etc. The intended use declaration then maps to a specified time period for which the data can be used or stored. After that, it must be deleted. Can companies violate this? Sure. But if caught, they face criminal charges or penalties, so that serves as a deterrent to storing data “just in case”. A lot of these ideas are implemented via the software itself, the protocol, rather than relying on individual actors to do the right thing. And since the government owns those central, base softwares, it can roll out those changes one shot, not needing each individual party to make changes or do upgrades.

 

The system has been designed to keep every actor in the equation “blind” by design, i.e., they can only know and access what they need, not everything else that goes on behind the scenes. This drawing explains that with an example: 


In the above pic, the Consent Manager can connect the various parties (lender, borrower, bank) but cannot view the data shared by the bank to the lender. Conversely, the bank doesn’t know the identity of the potential lender to whom the data was sent. And none of these transactions can happen without explicit authorization (via OTP) by the borrower herself.

“No one of them has complete information about the transaction.”

Comments

Post a Comment

Popular posts from this blog

Nazis and the Physics Connection

When the Nazi government seized power, they started removing Jews from more and more positions, including the civil services, and the science departments of Germany. Those physicists who saw the writing on the wall fled to either UK (like Schrodinger) or the US (like Einstein), writes Adam Becker in What is Real?   The great physicist, Enrico Fermi, wasn’t a Jew. But when Mussolini aligned with Hitler, Fermi came under suspicion since his wife was a Jew. To make matters problematic, Mussolini’s new laws had made it illegal to take “more than pocket change” out of Italy. Neils Bohr broke an unwritten rule of the Nobel and told Fermi that he (Fermi) was in the running for the Nobel that year. Perhaps Fermi, should he win, could consider escaping from Stockholm with the prize money to start a new life? Fermi agreed, but it was touch and go – his wife’s passport had been confiscated, which meant she couldn’t come to Stockholm. Fermi managed to pull a few strings to get her passport...
Read more

Chess is too Boring

“Chess has problems at the grandmaster level...They're not getting a great game”, wrote Christian Donlan . Amen to that: Anand and his challenger, Magnus Carlsen drew their first game in just 16 moves. It gets worse: games between the top 20 end in draws 60% of the time. And Donlan adds that “games often end in resignation when an actual victory starts to loom on the distant horizon.” That often means that the average player (or fan) often has no clue why one guy won (since he can’t see that far ahead)! Then there’s all that memorization (of openings, of end games and everything in between). All that memorization is sort of against the spirit of the game, says Zachary Burns, “We want it to be a game of creativity and positional play.” Many have tried to change the rules of the game in the past for these exact reasons, including Bobby Fischer with his Chess960 variant. More recently, David Sirlin tried to make things interesting via his variant, Chess 2. So what are his c...
Read more

The Thrill of the Chase

So many people complain about the difficulty in making decisions while shopping. Do you buy Brand X that gives 20% extra free? Or Brand Y that has 10% off? Or Brand Z that gives something else free with it? Do you buy that flat screen TV today or wait for the sale at Diwali? Now since the customer is king, shouldn’t companies be simplifying pricing choices? Like maybe offering consistently low prices all the time? Not so fast, as the US store, JC Penney discovered to its cost. Turns out that while people do complain about pricing choices, they are irrational. Also, they enjoy the thrill of the chase. Huh? The word “sale” acts like a siren call for many people: it lures them in to make that purchase. Consistently low prices don’t do the same. Besides, if a competitor lowers their prices just one time of the year, and Poof! Suddenly that low price claim becomes suspect in shoppers’ eyes. Then there are those sites that offer coupons: have lunch at Restaurant A on Wedne...
Read more