India orders smartphone makers to preload state-owned cyber safety app
reuters.com868 points by jmsflknr 2 days ago
868 points by jmsflknr 2 days ago
I'm shocked by people and state using the crutch of cyber crime or scams to push a totalitarian solution to a problem that is better solved by improved education and targeted campaigns against common security pitfalls.
I abhor any decision that robs even a grain of my individual freedom.
> I'm shocked
India is currently run by a nationalist regime headed by the so called "butcher of Gujarat"[1], there isn't much that would shock me wrt to that lot's totalitarian tendencies.
[1] https://en.wikipedia.org/wiki/Public_image_of_Narendra_Modi
Mate, this isn't even remotely "nationalist". This stuff is being pushed across the world. Digital ID? The only people really desperate for it are our rulers.
How so? In Sweden we have digital ID and it's great! Super practical and I struggle to think of how it would be used to spy on citizens, given that it has the same legal protections as banks have regarding your account transactions etc.
Like sure you could in theory see every document I've ever signed if you have a warrant for BankID servers, but you could probably glean most of that if you had a warrant for the banks servers anyway, so it's not really a new capability.
It's not really that a digital ID can be used to spy on people (governments can already do this to a pretty large degree without needing spyware). It's that it's a permission system that can be instantly updated and centrally managed by people that have legal authority to spy on you.
If your digital ID is controlled centrally by the government (the guys that are watching most things you do already), and you need your digital ID to do most commercial interactions (banking, buying things, travel, etc), it means the government can revoke your ability to do any of those commercial interactions (or even other things that aren't strictly commercial, think "travel papers" for driving out of state).
And it doesn't even have to be in response to criminal actions. You too too many trips this year? Well, you've used up your CO2 budget as a citizen, have fun not buying CO2-intensive food (meat). Said something racist online? Well we certainly can't let a person like you buy a car now, can we?
And yes, things like credit cards and credit scores are centrally managed to a degree, and Visa/Mastercard can deny transactions for somewhat-arbitrary reasons (they're actually fairly legally limited in how they can do this, it's not totally arbitrary). But these things are not tied into every aspect of your life (your bank doesn't necessarily know how many miles you've driven this year), whereas states can (or can invent the legal authority to) tie a digital ID into everything.
> If your digital ID is controlled centrally by the government (the guys that are watching most things you do already), and you need your digital ID to do most commercial interactions (banking, buying things, travel, etc), it means the government can revoke your ability to do any of those commercial interactions (or even other things that aren't strictly commercial, think "travel papers" for driving out of state).
The government can already do this today in the US, they can put your ID on a fly denylist, your passport on a "always go to secondary screening list" (ask anyone who's ever been to Iran on vacation and then decided to travel to the US) and your license plate on a wanted list.
The USA will probably get a lite version. The PRC already has the most severe version. The EU will introduce something severe and pretend otherwise. (And the UK will copy them while pretending not to.)
Actually Visa and MasterCard used their position to influence on business like Steam or Pornhub.
I completely agree with your main point, but the state supervised CO2 budget strikes me as a bad example; I see no real way to prevent companies and citizens from "externalizing costs" in the form of environmental damage except by regulation that restricts (historically, we did not get rid of leaded gas by gentle admonishment either).
But my digital ID is in addition of my physical one, it's not a replacement.
It provides convenience, and the only thing I'd lose of it was hypothetically revoked(the government has no such powers, and are unlikely to gain them, more on that later) is that convenience.
The reason the government is unlikely to gain those powers is that it would require a change in the grundlag, and such changed has to be approved twice, and there has to be an election between the two approvals.
> It's that it's a permission system that can be instantly updated and centrally managed by people that have legal authority to spy on you.
How is it a permission system? It's a way to prove your identity safely, online. No proposal/implementation that I'm aware of (maybe outside of China, but I'm not familiar enough) that actually conditionally does so based on preconditions and blocks you from actions. It would probably be actively illegal to do so in multiple countries.
> But these things are not tied into every aspect of your life (your bank doesn't necessarily know how many miles you've driven this year)
I mean, that's not true. LexisNexis is the company many car vendors send your driving data to, to be bought by insurance companies to do adaptive pricing. Banks don't necessarily need that data, but if they did, they could buy it too.
Which is why it's better if it's the government - there can be laws, regulations, pressure, judicial reviews to ensure that only legitimate uses are fine, and no such discrimination is legal. Take a look at credit scores in the US - they're run by private for profit companies, sold to whoever wants them, so credit scores have become a genuine barrier to employment, housing, etc. If this were managed by a state entity (like in France, Banque de France stores all loan data, and when someone wants to give you a loan, they check with them what your current debts are, and if you have defaulted on any recently; that's the only data they can get and use), there could be strong controls on who accesses the data and uses it for what.
> How is it a permission system? It's a way to prove your identity safely, online.
Can someone revoke your ability to prove your identity? To pick an example, say, the far right wins an election and decides that trans people need to go back to their birth genders, and revokes the validity for the identifiers of anyone that has transitioned.
This has already happened without digital ID ?
Sounds like a wonderful argument for centralizing it and making it a single button that a bureaucrat has to push.