Uber isn’t a threat to India’s national security. IAF, Navy withdrawing MoU is overreaction
- December 29, 2024
- Posted by: Lt Gen (Dr) Prakash Menon (Retd)
- Category: India
Armed Forces personnel are vulnerable to major threats in the digital age. But these threats must be evaluated based on the likely perpetrator and their motive.
The recent announcement by the Indian Air Force about signing an MoU with Uber to provide transport support services to IAF personnel and their families provoked a backlash from some cyber security guardians regarding data privacy. Earlier in 2023, the Indian Navy had signed a similar MoU with Uber. Reacting to these concerns, within a week, both Services, withdrew from the MoU. However, Uber’s use in an individual capacity can be expected to remain the same.
The MoU was attempted as an institutional welfare measure to improve transportation services facilities and leverage civil sector resources. However, since Uber is a foreign entity, the concerns raised on security and data privacy were weighted by the possibility of an external threat.
Loaded: 2.25%Fullscreen
In essence, the apprehensions relate to all multi-national corporations (MNCs) that provide service support in India, including Amazon, Google, and Zomato—companies whose app-based products are now staples for large sections of the population. All these apps require users to provide details such as name, mobile number, and email address. So, the plethora of MNCs operating in India already hold such information as part of their customer databases.
Also read: Only 24% Indian firms at ‘mature’ level of cybersecurity readiness, says tech giant Cisco
This Is NOT a Paywall
But you are crucial in ensuring that independent journalism thrives. Support us in delivering unbiased, in-depth stories that matter.
Overreaction of Armed Forces
The Indian Air Force and Indian Navy signing the MoU with Uber at an institutional level provides focused data relating to the Armed Forces personnel. Uber, therefore, will hold data that indicates the pattern of movements and also indicate the place of residence and work. Some would ask, “So what? How does it matter to national security?” Yes, it could, if foreign entities—especially intelligence agencies—are tracking individuals to carry out a hit or kidnapping. Such tracking can also be done by many other means like human or technical intelligence.
In any case, the entities seeking information through the Uber database have to gain authorised access from the app itself or hack their servers. Uber servers are not located in India and are spread across many countries. To address such risks, the government of India enacted the Digital Personal Data Protection Act in August 2023. The Act empowers the government to restrict the transfer of personal data by fiduciaries to foreign territories. However, with rules yet to be notified, the Act remains unimplemented. So, presently, there is no bar on transferring personal data abroad except in some particular sectors like finance and insurance.
In the Uber case, nothing is preventing it from transferring personal data to the US government. This possibility also applies to all MNCs operating in India. So, it would be impractical to expect that MNCs would not misuse the data whenever they want to. However, there is very little of a national security threat emanating from data that indicates the transportation pattern of individual persons of the Armed Forces. So, is the reaction by the IAF and IN to withdraw from the MoU an overreaction? I would reckon it is so.
MNCs are profit-oriented entities that operate in India primarily due to its large market. The government can decide which MNCs can operate in India and which cannot. It is primarily the state of geopolitical relations that shapes such decisions. India not permitting Huawei is a case in point. India’s relations with the US have strengthened over the past decade and unless relations turn sour, it is difficult to imagine the US government using Uber’s data to pose a national security threat to India, especially if the data relates to Indian Armed Forces personnel or their families.
Also read: Data sharing policies can’t be one size fits all. Crucial to address privacy, ownership
Uber would certainly be interested in utilising the database for commercial purposes, focusing on transportation patterns to gain profits. However, it is likely to be sensitive to India’s security concerns if and when they are raised. The case of X, Elon Musk’s social media platform, backing down from its fight with the Brazilian judiciary in August 2023, reveals that commercial interests are paramount for MNCs. Similarly, for India’s market size, Uber would be wary of losing access. This provides the government the power to enforce the Digital Personal Data Protection Act. Even without the rules being framed, there is no motive for Uber to use the data and pose a security threat.
What could be worrisome is the hacking of the Uber servers by inimical forces. Uber services have been hacked several times. While measures can be taken to strengthen security systems, such breaches cannot be avoided in the digital age. However, avoiding the use of MNC services over the perceived possibility of hacking would mean denying Indians the conveniences and benefits they confer.
Every person on the Internet is vulnerable to being manipulated. Apart from threats to critical infrastructure, social media and its utilisation by inimical forces, disinformation and misinformation are major threats in the digital age. Armed Forces personnel are also vulnerable. However, technical possibilities of threat must be evaluated based on the likely wielder and their motive. MNCs like Uber, providing transportation services through an MoU with IAF and IN, are neither likely to wield national security threats nor do they have the motive.
Lt Gen (Dr) Prakash Menon (retd) is Director, Strategic Studies Programme, Takshashila Institution; former military adviser, National Security Council Secretariat.