Position Papers & Whitepapers

    • DSCI-NASSCOM inputs on MeitY ‘Security of Prepaid Payment Instrument Rules 2017- Draft’

      Ministry of Electronics and Information Technology (MeitY) recently released the draft rules with the objective of enhancing Security of Prepaid Payment Instruments (PPIs) and sought comments and suggestions from the stakeholders to finalize the draft.

      Read More
    • NASSCOM-DSCI Response on TRAI Consultation on M2M Communications

      The Internet of Things or M2M ecosystem poses unique security challenges as the Internet grows steadily and rapidly. It is widely acknowledged that IoT will be disrupting various Industries like healthcare, agriculture, smart city etc. TRAI/DOT should consider establishing an enabling environment to experiment with different security architectures, including proactive systems for self-defence, both at network and device level. The DoT along with CDAC should continue to focus on standards to drive security in M2M configurations.

      Read More
    • Position Paper on Building an Ecosystem for Cyber Security and Data Protection in India (Published in 'Ethics and Policy of Biometrics', Springer)

      Governments across the globe are gearing up through policy enactments and necessary investments to fight the menace of rising cybercrimes. These policies and investments also assure citizens of their privacy rights in the cyber space. India, with its high growth rate, is rapidly integrating itself with Internet Economy, where transactions are predominantly carried out electronically. The ecosystem for cyber security and data protection necessitates a strong legal framework, proactive government initiatives, active involvement of, and contribution by the industry and effective law enforcement mechanism. This paper discusses how India is responding to cyber security and data protection challenges, and how a new ecosystem is underway in recent years.

      Read More
    • DSCI Response to EU - Future of Data Protection

      DSCI submitted its consultation on the Future of Data Protection by contributing to the Questionnaire for Stakeholders Consultation on 1 July 2010 on the revision of EU Data Protection Directive 95/46.

      Read More
    • Comments on the Proposed Draft Bill on the National Identification Authority of India

      The Unique Identification Authority of India (UIDAI) invited public comments on the draft National Identification Authority of India Bill, 2010. The Bill provides for the establishment of a National Identification Authority of India (NIAI) for the purpose of issuing identification numbers to individuals residing in India and to certain other classes of individuals and manner of authentication of such individuals to facilitate access to benefits and services to such individuals to which they are entitled and for matters connected therewith or incidental thereto. DSCI submitted its comments on the proposed draft Bill on the National Identification Authority of India.

      Read More
    • Legal Framework for Data Protection and Security and Privacy Norms

      The first workshop on Legal Framework for Privacy, Data Protection and Security happened on 21 July 2010. Representatives from MHA, Cert-IN, IBA, UIDAI legal and DSCI attended the workshop and expressed their views. The workshop has been organized to elicit views of the practitioners in the field and also the civil society organizations regarding proposed legislation. Data Security Council of India presented its view in the consultation paper submitted to the Department of Personnel and Training (DoPT).

      Read More
    • Policy Paper on Privacy in India for Project RISE

      The paper discusses the importance of privacy in the indian environment. It covers various aspects of privacy in the digital age during data collection or due to the impact of globalization or with the rise of social networking. All these have an impact on information sharing and this mammoth information and its analysis may lead to privacy concerns. The paper further discusses on how the Indian economy is transforming to e-Economy and how privacy impacts new age transactions and service deliveries, and finally provides policy recommendations to various stakeholders of the Indian economy, which includes, the Government of India, e-Governance projects, the Civil Society, Law Enforcement Agencies, Industry Regulatory Bodies, Industry Bodies and the Outsourcing Industry.

      Read More
    • Privacy in India

      The paper discusses the importance of privacy in indian environement. It covers various aspects of Privacy in the Digital Age during Data Collection or due to Impact of Globalization or with the use of Social Networking. All these have an impact during Information sharing and this Mammoth Information and its analysis may lead to Privacy Concerns. The paper further discusses on how an Indian Economy is transforming to E-economy and how does Privacy impacts in the New Age Transactions and Service Deliveries.

       

      Read More
    • Data Protection - Security and Privacy

      Privacy protection will grow in importance as people use more and more online applications for banking, e-commerce, and e-governance everywhere, including in India. This is because any privacy breaches resulting in data loss may compromise large number of records. This amounts to identity theft, since data stolen can be used for committing frauds, including financial frauds.

      Read More
    • Position Paper on Security and Privacy Challenges in UIDAI project

      A key necessity of the UID system is to reduce/eliminate duplicate identity in order to improve the efficiency of the service delivery of various government initiatives. UIDAI has chosen biometrics feature set as the primary method to check for duplicate identity. Identity and authentication are distinct components of the steps necessary to use a secure system. Identity without authentication lacks proof; authentication without identity invalidates auditing and eliminates multi-user capability. The paper examines the security and privacy challenges in the project.

      Read More
    • Security & Privacy Challenges In UIDAI

      The UID authority will only issue a unique identifier - a randomized number – that will only identify a person with his attributes that will include biometric information (Fingerprints, IRIS, Face). It is clear that only the biometric information will be unique to an individual, and will be used for de-duplication process. While name, photograph, address etc of a person may not be entirely private, since these can be obtained from various sources, it is the biometric information which is unique to an individual that is claimed to be highly confidential and personal, even though we have pointed to evidence contrary to this.

      Read More