Zero stars: On the Sanchar Saathi app

Context & The Gist

The increasing prevalence of cybercrimes, particularly those exploiting vulnerabilities in SIM card and device authentication, has prompted the Department of Telecommunications to issue directives regarding SIM binding and the mandatory pre-installation of the Sanchar Saathi app on new smartphones. The article argues that while addressing cybercrime is crucial, mandating the Sanchar Saathi app is a disproportionate response that raises significant privacy concerns and risks state surveillance.

Key Arguments & Nuances

• Cybercrime Vulnerabilities: Cybercriminals exploit loopholes like functional accounts after SIM removal and spoofed IMEI numbers to perpetrate fraud, particularly government impersonation scams.
• SIM Binding Directive: The directive to disable accounts upon SIM removal is presented as a necessary security patch, albeit potentially inconvenient for messaging app users.
• Sanchar Saathi App Concerns: The mandatory pre-installation and accessibility of the Sanchar Saathi app are criticized as potentially intrusive, granting it excessive access to device features and raising fears of state surveillance.
• Proportionality & Privacy: The article contends that the directive fails the proportionality test established in the K.S. Puttaswamy judgment, as less intrusive alternatives for device verification already exist.
• Past Precedents: Concerns are amplified by the government’s past use of surveillance tools like Pegasus, fueling anxieties about potential misuse of the app.

UPSC Syllabus Relevance

• GS Paper II: Governance - Issues related to privacy, data security, and the role of the state in regulating technology.
• GS Paper III: Science and Technology - Developments in cybersecurity, digital infrastructure, and the ethical implications of technological advancements.
• GS Paper IV: Ethics - The balance between security and individual liberties, and the ethical considerations of state surveillance.

Prelims Data Bank

• K.S. Puttaswamy (2017): Landmark Supreme Court judgment declaring the right to privacy a fundamental right under Article 21 of the Constitution.
• Article 21: Right to Life and Personal Liberty – encompasses the right to privacy.
• Pegasus: Spyware developed by the NSO Group, used for targeted surveillance of journalists, activists, and political opponents.
• IMEI (International Mobile Equipment Identity): A unique 15-digit number used to identify mobile devices.

Mains Critical Analysis

The Sanchar Saathi app directive presents a classic dilemma between national security and individual privacy. While the government’s intent to curb cybercrime is legitimate, the chosen approach raises serious concerns about proportionality and the potential for function creep – the expansion of the app’s functionalities beyond its stated purpose. The directive’s insistence on non-disability of the app is particularly alarming, suggesting a permanent surveillance mechanism rather than a temporary verification tool.

PESTLE Analysis

• Political: The directive reflects a growing trend of governments seeking greater control over digital spaces in the name of security.
• Economic: Potential costs for manufacturers to comply with the directive and potential impact on smartphone sales if consumers resist the app.
• Social: Erosion of trust between citizens and the government due to privacy concerns.
• Technological: The app’s reliance on intrusive access to device features raises questions about its security vulnerabilities.
• Legal: The directive’s legality may be challenged based on the K.S. Puttaswamy judgment and the principles of data protection.
• Environmental: No direct environmental impact.

Value Addition

• Justice Srikrishna Committee (2018): Recommended a comprehensive data protection framework for India, emphasizing the need for informed consent and data minimization.
• Digital Personal Data Protection Act, 2023: India’s new data protection law, which aims to safeguard the privacy of individuals’ digital data.
• Quote: “The right to privacy is not absolute, but it is fundamental.” – Justice K.S. Puttaswamy

The Way Forward

• Immediate Measure: Re-evaluate the directive, prioritizing less intrusive methods of device verification, such as strengthening existing web portals, SMS-based checks, and USSD codes.
• Long-term Reform: Develop a robust data protection framework that balances national security with individual privacy, ensuring transparency, accountability, and independent oversight of surveillance activities.