Need silver linings? NPCI responds to our representation. It is investigating the Truecaller "Breach"

NPCI writes back indicated two specific steps to counter the Truecaller breach. First it had stopped on boarding new Truecaller users on the UPI Platform. Second the matter is under investigation and we will be informed after diligence is completed in all matters.

07 August, 2019
1 min read

On 30.07.2019, media reports and various user complaints brought to light an issue that caused the automatic registration of unified payments interface (UPI) based IDs of Truecaller users without their knowledge and consent. We wrote to NPCI indicating concern and suggesting immediate and intermediate action (read more).

NPCI wrote back to us in less than 48 hours agreeing with the contents of our representation. It also indicated two specific steps. First it had stopped on boarding new Truecaller users on the UPI Platform. Second the matter is under investigation and we will be informed after diligence is completed in all matters. We will keep urging for public disclosure that will have multiple benefits. It will help inform impacted users, improve processes in technology companies and further greater trust in the UPI ecosystem.

But also, let us step back for a moment. This is not only about Truecaller. It is about user consent more widely. The privacy, safety and security of users of the UPI interface. While for a complete remedy we need a data protection law (which India does not have yet) that is user centric (like the Indian Privacy Code); we appreciate and commend the actions being taken by NPCI within its mandate and urge it do more.

Limited to the UPI ecosystem, in our representation we made three specific suggestions on the basis of inputs and tweets from Srikanth Lakshmanan (@logic), Anand Venkatanarayanan (@iam_anandv), Srinivas Kodali (@digitaldutta) and Abhay Rana (@captn3m0). We continue to urge the NPCI to walk towards them and are hopeful that our wide community of supporters encourage them to do so as well.

Links to important documents

  • Response by NPCI dated August 6, 2019 (link).
  • True (caller) or False (caller)? We ask NPCI to answer this question (link).
  • Representation to the NPCI dated 1.08.2019  (link)

IFF promises to brighten up the darkness of digital dystopias! One small LED bulb at a time. We need you to donate to keep our lights on! Become a IFF member right now.

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
No place for tech: How digital interventions in NREGA are undermining rural social security

Mandatory digital ‘solutions’ introduced in the NREGA scheme by union and state governments, like Aadhaar-based payments, mobile monitoring apps, facial authentication and surveillance tools, are impinging on workers’ statutory rights and poking holes in the rural social security net.

8 min read

2
Into IT Standing Committee’s review of action taken by MeitY following its recommendations on citizen data security and privacy

This post breaks down the 55th report of the Standing Committee on Communications and IT, in which the Committee assesses the extent to which its recommendations on citizen data security and privacy were accepted and acted upon by the Ministry of Electronics and IT.

11 min read

3
Statement: Reportedly, IT Ministry looks to block Proton Mail on request of Tamil Nadu

Reportedly, the E2EE email service Proton Mail has received communication from MeitY regarding a potential block under S.69-A IT Act, at the request of the TN police over a hoax bomb threat sent to private schools in Chennai. 

1 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!