Policy Review Presentation By : Surat Pyari and Amba Kak
Issue - 1 Are there any challenges being faced in making payments for access to Wi-Fi hotspots? Please elaborate and suggest a payment arrangement which will offer frictionless and secured payment for the access of Wi-Fi services.
A solution in search of a problem? The solution: “single payments and authentication platform” “Universal Payment Interface (UPI) of the National Payments Corporation of India (NPCI).” “eKYC through Aadhaar”
The problems Need for interoperability between users/payments “Concept of public Wi-Fi will have real meaning when any entity is able to share its data with another user – who could perhaps be its neighbour or a casual visitor - and the former is suitably compensated for this sharing. This compensation could be in the form of money credited on a payment platform or credit in terms of minutes and or data download, which s/he can use in some other Wi-Fi network. Such an arrangement is feasible if the individual users are registered on a common platform wherein they are authenticated and the record of their payment and credit etc. are maintained. ”
Mobility of payment solution “there is no centralised mechanism for payment across networks, making it a cumbersome process for a user to pay for the usage of each hotspot as s/he moves from one place to another” EVIDENCE Mumbai Ozone, Varanasi – less than 10% migrate to paid models “During the survey on slow off-take of data usage through public Wi-Fi, consumers informed (b) even if you buy voucher and there is balance of data, it cannot be used on some other hotspot and this effectively makes data costlier to them.” [smell test?]
. Digital divide “Available modes of payment cater only to a very small section of population who have access to electronic modes of payment.” Data security “Online transactions on public networks risk the theft of financial information of the user.” Foreigners and tourists being unable to log-on (OTP)
Why UPI/NPCI? TRAI’s view 1. A number of banks have already been registered in this system 2. Offers a safe payment option to make payments through the user's bank account, without in any way exposing the bank account. It is therefore possible for ISPs to register on this platform pursuant to which users can avail the services of ISPs by linking the payment to their bank accounts.
Problem-Solution mismatch? UPI’s only value add over other payment solutions: link to UID (authentication layer) Authentication/Payments: Why link? Evidence from Europe suggests to the contrary. Tailor-made security rationale for public Wi-Fi Fear of over-regulation in a dynamic payments market Is there a strong business case beyond convenience in payments? Free public Wi-Fi: Delhi government’s proposal
In 2005, the so-called Legge Pisanu (the Pisanu law, named after the then interior minister Giuseppe Pisanu) stipulated that anyone willing to offer public internet connections had to ask for government authorisation first, identify would-be users through their IDs, and then store and treat users' personal data in accordance with privacy laws. The legislation was approved in the wake of the 7 July London bombings when public opinion was very sensitive to measures that could be labelled as being 'anti-terrorism'. The Legge Pisanu "basically prevented a rapid and vast spread of wi-fi in Italy without giving any benefit in return, in terms of fighting terrorism", Sacco said.
Problem 2 Is there a need to adopt a hub-based model along the lines suggested by the WBA, where a central third party AAA (Authentication, Authorization and Accounting) hub will facilitate interconnection, authentication and payments? Who should own and control the hub? Should the hub operator be subject to any regulations to ensure service standards, data protection, etc?
ASSOCHAM’s Response In our opinion, the concept of Common Hub should not be used for the purpose of Authentication. The Hub Based model is complex and cumbersome as it would require connectivity with all TSPs offering Wi-Fi services in India. Moreover, TSPs would hesitate to connect their network with a third party with a view to protect the integrity of their network and payment wallet. The authentication of the subscriber is the responsibility of the service provider who owns the customer and outsourcing of these activities should be done keeping in mind the potential threat faced from the perspective of national security.
CIS view "A central third party AAA (Authentication, Authorization and Accounting) hub" is antithetical to the foundational ethos of the Internet. Any attempt to foist that on Indian citizens will lead to a slowing down of wireless broadband adoption.” From a cyber-security perspective this can only lead to large-scale and irreversible disasters and on the contrary policy measures should be taken to prevent centralization. For Indian cyberspace to be a resilient and free market, competition amongst both commercial and noncommercial players must be enabled for Authentication, Authorization and Accounting. Source - CIS Submission to TRAI Consultation on Proliferation of Broadband through Public WiFi Networks. By Sunil Abraham, Sharath Chandra Ram, Vidushi Marda, and Thejaswi Melarkode on 28/08/2016
Mojolab (Community Wi-Fi solutions) More centralization should certainly not be encouraged as it slows down adoption if the central agency has to be approached by each provider and is particularly detrimental to smaller providers. Instead each network should be allowed to manage its own authentication and work out partner agreements with other networks to facilitate roaming between partner networks. This way smaller operators can partner with larger ones or amongst themselves to extend connectivity, rather than needing to go to a central authority for each agreement. Payment between operators should be left out of the purview of wifi regulation as it falls in the category of electronic payments which is independently being dealt with by different laws (RBI/SEBI) For authentication, a distributed model is needed. Multiple aggregation services should be encouraged to syndicate authentication and user data between networks rather than maintaining one central system.