Sanchar Saathi App: A Controversial Directive
The Indian government's directive to preload the Sanchar Saathi app on new smartphones was met with significant backlash and subsequently withdrawn. This directive intersected two major concerns: the rising threat of cyber fraud and identity theft, and the increasing state access to personal data through difficult-to-audit tools.
Government's Justification and Concerns
- Purpose of the App: The government presented the Sanchar Saathi app as a solution to combat scams involving spoofed devices and anonymous accounts.
- Surveillance Concerns: Preloading the app with privileged access on millions of devices raised concerns about increased surveillance capabilities.
- Installation Issues: The app was to be installed with privileged status, giving it broad access to device functions such as phone, SMS, and location.
Backlash and Withdrawal
- On December 3, the directive was withdrawn due to overwhelming opposition from civil society groups, political leaders, and digital rights activists.
- The Hindu's editorial highlighted that the directive would fail the test of proportionality as per the K.S. Puttaswamy (2017) Supreme Court judgment.
Existing Systems and Alternatives
- India already has a telecom spam and fraud reporting system, including the TRAI ‘DND’ app and the short code 1909.
- The Sanchar Saathi and CEIR portals support IMEI verification and blocking through SMS and web interfaces.
Risks of a Privileged App
- Such an app could become an attractive target for misuse by both state agencies and criminal actors.
- Cybersecurity research shows that attackers can exploit widely deployed system components.
Focus on Education and User Behavior
The directive's cancellation underscores the importance of focusing on user behavior change and education rather than intrusive technological solutions.
- Changing user behavior is more effective than compromising digital integrity.
- Evidence from Global South countries supports a focus on education to reduce fraud.
Global Examples
- In the Philippines, the central bank's digital literacy program focuses on cyber-security and public trust in digital finance.
- In Brazil, SaferNet and Anatel run helplines and education portals for safer telecom service use.
Conclusion and Recommendations
- The focus should shift from "what's there to hide?" to "what's there to see?" alongside improving digital literacy.
- A well-rounded approach involves obligations on firms to detect fraud, effective user reporting mechanisms, and a public education program on digital risks.
- Sanchar Saathi should remain as a set of portals and opt-in services, contributing positively to user safety.
For future success, the government should focus on strengthening existing systems, enhancing public awareness, and treating citizens as partners in cybersecurity.
