Identitiy management and protection in Indian fin-tech
Last updated: December 3, 2019
After financial reformations - I call it intrutions, induced by Indian government give high momentum to Fin-Tech industry. India is a unique multicultural society who trusts governments and corporates most.This literary comparison’s focus is on fin-tech platforms and their effects on end users' privacy.
I conducted a study find out authentication and authorization methods employed on different classes of Fin-Tech platforms in India and their effects on end users, How data is harvested, and How the governing state and other private institutions benefiting.
I made an assumption that Aadhaar based authentication and authorization employed are scary, seeding aadhaar is unconstitutional, AePS is a nightmare. Next is promisory notes are the safest method of payment. Another hypothesis is, Gnu taler is most practical, libre, privacy ensuring financial platform exists.
Think of this
Demonitisation and other financial reformations are leading India a cashless economy. The transformation is made through adoption of Fin-Tech platforms and solutions notably PayTm and Google Tez. The financial transformation achieved through forceful seeding of Unique Identity Number - Aadhaar number in banking sector. Forceful Aadhaar seeding introduced some benifits for the governments and a little for the countrymen while the privacy was at limbo. Since management and protection in such fin-tech platform is core of this analysis, privacy policies and their impacts on common users are discussed. As internet penitration increased, end users benifited from competing platforms.
Indian Fin-Tech state
Indian fin-tech is emerging as introduction of Aadhaar and unbelievable enrolments. Many tech giants have introduced their infrastructure. It helped international firms like Google, Samsung, Whatsapp, Paytm etc and native players like Airtel etc. It also helped an Vishal Sekhar of PayTm an entry to the forbes welthiests' list. Indian legistations have not identified the requiem even after its emergence. There is no space for fin-tech in nations' legislation. NASSCOM, Indian technocrats guild, predicts 300 percentage of growth for Indian Fin-Tech on this year.
A requiem for Privacy
Several authors have proposed privacy design frameworks for specific domains. An often-cited 1890 conceptualization of privacy is the “right to be let alone” popularized by Warren and Brandeis. They were the first scholars to recognize that a right to privacy had evolved in the 19th century to embrace not only physical privacy—a concept embedded in most European legal systems since the middle ages but also a potential “injury of the feelings,” which could, for example, result from the public disclosure of embarrassing private facts. Altman and Westin were referring to nonelectronic environments, where privacy intrusion was typically based on fresh information, referring to one particular person only, and stemming from traceable human sources. Today, in contrast, details about an indivi- dual’s activities are typically stored over a longer period of time and available from multiple electronic sources. Privacy breaches can therefore also occur indirectly. For example, customer segmentation, a practice where companies divide their potential customers into groups that share similar characteristics, can lead to an exclusion of people from services based on potentially distorted judgments. From a privacy perspective, user devices should be fully control- lable by the people who own them. Data should not flow in and out of them without their owners being able to intervene. Additionally, devices should respect their own- ers’ physical privacy, interrupting them only when needed and at appropriate times. When building a new system from scratchtypically can make architectural choices on two dimensions: network centricity and identifiability of data. “Network centricity” is the degree to which a user’s system relies on a network infrastructure to provide a service, as well as the degree of control a network operator can exercise over a client’s operations. More network centricity means potentially less privacy for clients. “Identifiability” can be defined as the degree to which data can be directly attributed to an individual. Personal data can be entered into a system anonymously (e.g., e-voting) or by identifying oneself (e.g., when conducting online banking transactions). Naturally, anonymous transactions imply a higher degree of privacy for the data provider.
NB: I am writing the rest. Will update this ASAP.
It was a great experience to present. Before that day, I was disasterous in-front of a group of people with a mic. This time, I was very confident to present. One faculty was pro-aadhaar.
I’ve pushed my slides to gitlab. Please make suggestions via PR.