Google, Apple Are About to Face India's Security Demandsby
Nation wants phones, tablets to work with biometric database
Apple, Google and other companies are expected to push back
India’s relationship with the global tech industry has become increasingly fraught. This year alone, the government has banned Facebook’s free web service and declined to exempt Apple from local sourcing rules and open its own stores. Now India could force companies to use technology cooked up in a government-funded lab.
The initiative is part of a national biometric identity program called Aadhaar (Hindi for foundation). Millions of Indians use fingerprint and iris-scan authentication to access a range of public and private services that now includes banking. Failure to join the effort could limit the tech industry’s access to a vast and growing market, but companies like Apple and Google are expected to resist opening up their phones and operating systems to the Indian registration, encryption and security technology.
“There will be lots of pushing and shoving by the technology companies,” says Neeraj Aggarwal, managing director of the Boston Consulting Group in India. “It will be a battle of ecosystems, and companies will do their best to hold on to their own.”
A few weeks ago, government officials invited executives from Apple Inc., Microsoft Corp., Samsung Electronics Co. and Alphabet Inc.’s Google to a meeting to discuss embedding Aadhaar encryption into their technology. None of the companies will comment on what transpired at the gathering -- and Apple didn’t show up at all.
Ajay Bhushan Pandey, who runs the Unique Identification Authority of India and convened the meeting, says the industry representatives listened politely and were non-committal. But Pandey says he was frank about the government’s position, telling his visitors: “Go to your headquarters and work this out so that we can have Aadhaar-registered devices.”
India’s biometric identity program is something of a path breaker. While the Federal Bureau of Investigation and U.S. VISIT visa program use similar technology to respectively track criminals and foreign visitors, no other country has taken the concept as far as India.
In September of 2010, it began collecting citizens’ biometric and demographic data, storing them in a centralized database and issuing a unique 12-digit ID number to every man, woman and child. Aadhaar is the world’s largest such program; as of April this year more than one billion people had signed up, or about 83 percent of the population.
Designed in part to help thwart criminals who siphon off billions of dollars in welfare payments each year, Aadhaar helps authenticate millions of poor citizens so the government can send money in lieu of food, fuel and fertilizer subsidies, as well as pension and guaranteed work payments directly to their bank accounts electronically.
Civil liberties and citizens’ groups say the program violates Indians’ privacy; others warn that Aadhaar’s servers could be hacked and compromise national security. But the government is moving ahead and in recent weeks has rolled out a digital payments infrastructure built on top of the program. The idea is to bring financial services to a nation where millions have never set foot inside a bank, let alone opened an account.
As India’s billion-user Aadhaar jigsaw fits into place, the government plans to ramp up and add a host of other services including education and health care.
“We are doing 5 million authentications daily, and with Aadhaar-compliant devices that number will grow exponentially,” Pandey says. “There is a solid business case for technology companies to enable Aadhaar services.”
Indians would still log into their smartphones using the manufacturer’s biometric authentication -- typically a fingerprint or iris scan. But once they access Aadhaar using the government’s encryption, the likes of Apple and Google would lose the ability to track users online, forfeiting the ability to mine that data to sell ads or other products and services. (Indian law, by the way, bars the government from collecting or using customer data.)
Tech companies will probably also object to allowing the government to install its authentication software on their gadgets for fear of security breaches and hacking attacks. Apple has strenuously resisted the U.S. government’s demands to build a back door into its operating system so law enforcement can track the movements of terrorists and criminals. “There should be clarity and provisions about security,” says Amresh Nandan, a research director at Gartner Inc.
On the other hand, foreign tech companies could be at a competitive disadvantage if they don’t go along because Indian companies like Flipkart, Paytm and Snapdeal are already making their digital payments and services compatible with Aadhaar. “Once the Aadhaar system grows to scale, technology companies will find it tricky to prevent people from using it,” Aggarwal says.
Samsung is the only global device-maker currently making an Aadhaar-friendly device, a tablet that’s reportedly selling well. Microsoft is said to be working with the government to link Skype with the Aadhaar database so the video calling service can be used to make authenticated calls. Fresh from battles with Washington over encryption, Apple, Google and other U.S. tech companies are less likely to compromise without a fight.
For now, Indian authorities are asking politely. That could change. Earlier this year New Delhi mandated that, starting in 2017, all mobile phones sold in India must have a panic button women can push when attacked. Nandan Nilekani, who co-founded the leading tech services firm Infosys Ltd. and helped create the national authentication program, says the government could do exactly the same with Aadhaar.