Commentary
ASEAN needs to determine how to balance perpetuating the benefits of technology cooperation with China while mitigating the risks of getting caught in the crosshairs of U.S.-China gamesmanship.
Elina Noor
{
"authors": [
"Ananth Padmanabhan"
],
"type": "other",
"centerAffiliationAll": "dc",
"centers": [
"Carnegie Endowment for International Peace",
"Carnegie India"
],
"collections": [],
"englishNewsletterAll": "",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie India",
"programAffiliation": "SAP",
"programs": [
"South Asia"
],
"projects": [],
"regions": [
"South Asia",
"India"
],
"topics": [
"Technology",
"Economy"
]
}
Source: Getty
Other
India Needs a Stronger Cybersecurity Framework
It is important that start-ups start thinking about cybersecurity from the time they begin developing a structural design for their company, and not in later stages.
Published on Dec 7, 2017
Source: Livemint
Regulators need to become enablers for the broader start-up and tech ecosystem and develop more light-touch regulations to enable innovation, according to Ananth Padmanabhan, tech and policy fellow at Carnegie India, a think tank, which is hosting the Global Technology Summit on 7 and 8 December in Bengaluru.
The summit will include sessions and discussions touching on a variety of topics, including the use of technology for governance, digitizing public services and creating regulations around new-age digital systems.
In an interview, Padmanabhan spoke about the challenge of developing light-touch regulations, how public-private partnerships are required for the benefit of the start-up ecosystem and the need to create awareness around cybersecurity issues. India needs a stronger cybersecurity framework, he said. Edited excerpts:
Many start-ups in the past have run into legal troubles with state authorities. Do you think centralization of certain laws like transport and road regulations can fix costly legal battles between aggregators and state departments?
Centralization of laws and regulations is not a fix. Centralization ensures that instead of multiple laws and regulations for each aggregator like an AirBnB, Cabs, you may have one law.
But if that law itself raises the compliance cost, it is really of not great purpose. So, I think the real challenge is developing light-touch regulations is the way forward for tech start-ups.
Even if we end up creating uniform regulations for each industry aggregator, we are solving only one part of the story, and the real challenge is equipping the regulatory institutions better with resources, training regulators to think more light-touch rather than developing fully regulated systems, especially for emerging technologies.
What does the Supreme Court’s recent Right to Privacy ruling means for regulators like the Reserve Bank of India (RBI) and Telecom Regulatory Authority of India (Trai)?
RBI is already disaggregating high value transactions from lower value daily transactions. And this was actually the approach in the early days, when the wallet industry was first evolving. But in the last 8-9 months, it (RBI) has become more of a watchdog in some ways for wallets.
The Watal Committee report, have put out some ideas like interoperability for wallets, and full-KYC compliance for mobile wallets that deal with only low-value transactions.
The way I look at it, it is better to leave a good part of this to the market to decide. There are also other things that regulators should step into and become enablers for the ecosystem. For example, grievance redressal. The second thing is a strong cybersecurity framework.
Do you think public-private partnerships can help tech start-ups?
I think private-public partnerships are always a great idea. But sometimes we make a policy decision and that policy decision is totally aligned to picking a technology winner rather than leaving it to the consumer or the market forces. Clearly, picking a technology winner over the other, like what’s happening with the UPI (Unified Payments Interface) isn’t working. Even though NPCI (National Payments Corporation of India) is batting for interoperability for its UPI system, there has always been somebody who is innovating outside this system and would like to sort of get out of that ecosystem and find a different answer. So we should allow different solutions to co-exist and not close loop them.
Should data protection and privacy regulations be created sector wise, or centrally developed at a trade level like in the US?
On the security front, there was an initial push to create the CERT-In (Indian Computer Emergency Response Team). That is the first sectorial push in bringing about cybersecurity regulations for each sector by creating an emergency response body for each sector. I think this is basically creating one more layer, and that layer will anyway have to report to the main CERT.
It may not by itself be problematic. But we have to be very careful, that you don’t end up creating more levels of authority and interfere with actual outcomes that bring about security in that sector.
How can start-ups be more self-compliant at a time when cybersecurity risks are on the rise?
I think we need a lot of awareness around cybersecurity issues. Because in many ways that is the first step. Awareness is also the reason behind our Carnegie event tomorrow (Thursday). Because you see in many instances, technologists don’t get the policy implications of what they do. Because most start-ups spend time in hitting growth targets and raising more funds to keep their company afloat.
It is even in your best interest to actually be engaged consistently with the policy implication of what you are doing, since we are no longer in the early stages of Internet adoption.
The government has largely been trying to play catch up with cybersecurity risks, today that’s not the situation anymore. So it is important that start-ups start thinking about cybersecurity from the time you start developing a structural design for the company/business, and not in later stages.
Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
More Work from Carnegie China
- ASEAN-China Digital Cooperation: Deeper but Clear-Eyed Engagement
- How China’s Growth Model Determines Its Climate PerformanceCommentary
Rather than climate ambitions, compatibility with investment and exports is why China supports both green and high-emission technologies.
Mathias Larsen
- What’s New about Involution?Commentary
“Involution” is a new word for an old problem, and without a very different set of policies to rein it in, it is a problem that is likely to persist.
Michael Pettis
- The Chinese Investment Riddle: What Cities RevealCommentary
While China's investment story seems contradictory from the outside, the real answers to Beijing's high-quality growth ambitions are hiding in plain sight across the nation's cities.
Yuhan Zhang
- Using China’s Central Government Balance Sheet to “Clean up” Local Government Debt Is a Bad IdeaCommentary
China's stimulus addiction cannot go on forever. Beijing still has policy space to clean up the country's massive debt issue, but time is running short.
Michael Pettis
