Licensing OTT Apps— Does it make any sense?
If you don’t drive with your names printed on your car’s dashboard, then why should you be asked to advertise your name each time you call?
For the last few months, the GOI has been debating the new telecom bill. The bill has many important provisions, and the one that has caused maximum concern is the GOI’s intent to bring the OTT communication apps under some kind of licensing framework. This has led to huge public debate — leading to the apprehension, that doing so will increase the costs of companies running such applications, and will lead to more serious problems. The purpose of this note is to drill down in-depth on what benefits (if any) can get realized from such an action, and what are its pitfalls. But before we analyze these in detail, let's start from the basics.
Can GoI License OTT apps?
The simple answer to this question is yes. Within India, the Central Government has the exclusive privilege of establishing, maintaining, and working telegraphs. The GoI also has the power to grant a license on such conditions and in consideration of such payments as it thinks fit, to any person to establish, maintain or work a telegraph within any part of India (Indian Telegraph Act 1885). Please notice the word “work”. This means that the GoI’s exclusive privilege also extends to using the telegraph system (telecom network) and sending messages across them.
Hence, everything under the sun that anyone does on the telecom network in India can be licensed. This includes the OTT application as well. And for doing so the GoI does not need to take cover of a new act.
Should it License?
The answer to the question emanates from what objectives the GoI is trying to achieve through the process of licensing. And in order for us to understand that we have to dive into the fundamentals. This will allow us insight into the true perspective of the problem and whether licensing will be able to help us with the intended resolution. Hence digging deeper into how OTT works and how it is different from a normal telecom service will help us unlock this conundrum or at least let us see through the logic of what actually makes sense and whether it is in the larger interest of the stakeholders.
How OTT Works?
All OTT communication apps run on top of the data services offered by telecom operators (hence the name OTT). This data connects us to the internet — enabling us (the users) to experience all kinds of applications, including OTT. Note, these OTT applications run on the principle of “best effort”, this means that they (OTT providers) cannot control the underlay network (hosted by the telecom operators). In other words, they are totally dependent on telecom operators from the point of view of coverage, quality, and capacity.
Hence, the uses of the OTT applications are like surfers riding waves on the open sea. As the waves rise (data speeds increase) they (OTT) become more capable, and as the waves fall (data speeds decrease) the experience becomes patchy and might even collapse.
How are users Identified?
Now for any communication service to work it needs to uniquely identify the users (who intend to communicate). The telecom operators do so through a numbering scheme (10-digit number). These numbers are assigned by the DoT (Department of Telecom) to the individual operators. As the number of subscribers grows, more such number blocks get assigned by DoT.
But, OTT applications identify their users primarily through IP addresses. These IP addresses are dynamically assigned by the telecom operator to the users when they log into the operator’s data networks. Since the IP addresses change dynamically, the OTT app providers need something more tangible and unique to lock on. Hence, they map the user's telephone number or email address to the IP address (assigned dynamically). This is similar to the telecom operator mapping the device IMEI numbers to the uniquely assigned telephone number of the users. Just like the IP address, the IMEI numbers change as the user changes his handset.
What is the Problem?
Now given this background, let's discuss the problem that GoI might be trying to solve by bringing the OTT communication applications under the framework of licensing. The problem is mainly of “impersonation”. All OTT communication apps give the users the empowerment to change their profile — display name, and picture at will. Hence, if an OTT user calls another user using fake credentials then it is difficult for the user on the other side to verify the authenticity of the caller (or the text sender). This lays out the foundation of possible fraud.
Hence, to prevent such an occurrence, GoI might want all user's identities to get biometrically verified by the OTT operator and only those credentials should be allowed to get displayed which emanate from the process of biometric verification.
What are the Challenges?
GoI’s intent looks very novel and important. But the real issue lies with the practical challenges that we all will face while implementing such a solution (biometric verification). But before we dig deeper into the problem let's understand that the verification process can only work when the Aadhaar details are shared with the OTT app providers so that they can tap into the system and extract our credentials. Now, the real question is — are we comfortable sharing our Aadhaar details with all OTT communication app providers? Who will decide, who to be excluded, and on what basis? There are so many of them — WhatsApp, signal, telegram, and other less-known providers, and on top of this, some might be of Chinese origin. Secondly, how do we ensure that these shared details are not going to get leaked or misused, just like the Covin App? Thirdly, what will happen to those who do not have an Aadhaar number assigned yet? Are we going to exclude them from the system? Fourthly, how do we plan to deal with OTT communication apps that use identifiers other than mobile numbers (like email IDs), like Skype, Google Hangout, etc? Finally, what if a user for genuine reasons wants to remain anonymous? He/She will not be able to initiate any call without getting his identity revealed. This can have some serious consequences, especially for young girls and women who would not like their identity to get revealed to prevent it from getting misused.
Conclusion
As technology progresses we will end up encountering such problems that we might not have experienced in the past. That doesn’t mean that we lose our sleep and start to regulate everything under the sun without analyzing the gains with prospective losses. For example, cars have become ubiquitous these days, and so are the incidents of rash driving, accidents, and hit-and-run cases. In order to encourage drivers to behave responsibly on the road, the regulator does not force the owners (of vehicles) to imprint their names and address on the dashboard of the car for all to see. Do they? If a law gets broken, they catch him through their registration numbers. Similarly, why can the same strategy be used in the case of OTT communication apps? In case the law is broken there will be tonnes of metadata (like IP addresses, mobile numbers, email IDs etc) that can be used to trace the culprit. No? Should this not work equally well when the mobile numbers are already biometrically verified by the telecom operators on top of which these OTT apps run? What is the point of duplicating this exercise when the risk of misuse is so high?
(No conflict of interest, view are personal)
