Top

‘App-hazard’ transactions: nothing private about it!

It is prudent to have a debit card with a limited balance and daily transaction limit dedicated for online use.

Privacy may have become a fundamental right in India. Wittingly or unwittingly, the Supreme Court's direction in Justice K.Puttaswamy Vs Union of India on the right of citizens to be left alone, is breached in our everyday life in myriad ways.

Consider these cases. A lawyer had tweeted a complaint about a billing communication by a government telecom entity. After some back and forth, the telecom company claimed to have 'resolved' the issue and reported 'compliance' on the micro-blogging site, revealing the advocate's private, unlisted number. The recourse to 'report' a tweet seems like an exercise in futility. It is not even like an emergency action like blocking a lost debit or credit card. While this may not attract options such as "abusive or harmful" or being "disrespectful or offensive" or take on the form of "targetted harassment", doesn't it squarely fall under the category of "private information"? Evidently twitter does not view putting out the telephone number of its user a violation of its terms of use. If a person's unlisted telephone number being put out in the public domain is not construed as 'private information', what is its definition of 'private'? Vital statistics? Strangely enough, the Information Technology (IT) Act under Section 66E limits violation of privacy to only "private areas" of the human body. As a telecom operator has access to a customer's information and the number in question is private and unlisted, Section 72 of the IT Act may be remotely flagged for breach of confidentiality.

In the recent past, a few former colleagues of mine, had to lodge police complaints after their mobile numbers were tweeted by trolls, triggering a barrage of vituperative calls. I'm not sure if twitter took these cases as seriously as warranted. Ideally twitter, or any other site, should automatically remove such posts as soon as users complain. Contact information that users do not want to be made public most definitely cannot be a sine qua non for any platform.

The police too may be hamstrung by the lack of specific penal provisions. Threats following the disclosure of personal contact information can be dealt with under Sections 506 and 507 of the Indian Penal Code for criminal intimidation or criminal intimidation by an anonymous communication. In layman's parlance, publicising some one's personal contact information may be termed 'mischief' but if you go strictly by the defining section of the IPC, namely Section 425, it will be a stretch, unless it leads to, for instance, a fraudulent online transaction, in which case the ingredient of "diminishing the value" of property can be looped in.

It is prudent to have a debit card with a limited balance and daily transaction limit dedicated for online use. Much as I am averse to the use of credit cards, the longer time lag in the outflow of funds for transactions here gives a victim extra time to stop a fraudulent swipe.

Every single app that you download on your phone wants to play nosey parker. There is a demand by default to surrender your private information - photographs, videos, phone numbers, email Ids, passwords. They virtually get permission to access everything in your phone. A law student grew suspicious while making a mobile bill payment through a private telecom service provider's app. Even before she could read the One Time Password (OTP) generated by her bank, the app had accessed it and filled in the OTP and the transaction was complete!

You need to be aware that such 'permission' granted to apps need not be carte blanche but can be cherry picked. For instance, a photography app does not need access to your messages. Or a calculator app has no business to peep into your photographs. It's important that you tick icons that are directly relevant to the app. Not granting sweeping access to all your information will not make the app non-functional.

Messages contain high security OTPs meant for safe net banking. If this is compromised, who knows, your bank may wash its hands off, citing carelessness at your end. For that, read the long list of disclaimers you may have already signed! For those who face a similar experience like that of the law student, it would make sense to immediately deny permission to the app to access messages and to also change the net banking password.

If it's not the apps, there are routine business practices that flout your privacy. At even salons or departmental stores, the person at the billing counter first asks for your mobile number. You need to mention it slowly for him to enter it. Never mind if you are a lady and there are strangers standing behind you and within earshot. Can't an unscrupulous person make a note of it and use it to stalk or play pranks or commit some cyber crime?

There are fancy multi brand stores where the billing staff claim that a mobile number is mandatory to proceed with the billing, some couching their data mining with the carrot of reward points. You can refuse to part with your mobile number if you are not comfortable. If you choose to give it, it may help to scribble it or enter it on your phone and show it at the counter when asked.

Precaution and practicality may often work at cross purposes. But it's better to be paranoid than poorer!

(The writer is an
advocate at the Madras high court, columnist & author)

Next Story