 Welcome to the ITU studio in Geneva, where I'm very pleased to be joining the studio today by Dr. Sharma, who is the chairman of the Telecommunication Regulatory Authority of India. Dr. Sharma, great to see you. Welcome to the studio. Thank you very much. Now, I'd like to start off by talking a little bit about ADHAR. Perhaps you could tell us what ADHAR is. I notice that some people are still not certain what it is in the meeting that's going on here at the moment. The Fiji Security Clinic, which is why we're here. What are the, perhaps you could also tell us also what the security features are that preserve confidentiality, integrity and non-repudiation of digital financial services, transactions of consumers in India. But let's start off by introducing Adhar and telling us a little bit about it. ADHAR actually is a digital identity platform, which India created about, you know, nine years back. And now about 1.2 billion Indians have got this number. ADHAR literally means platform or foundation. And this is actually an identity, which is a foundational identity, which means it can be plugged into any domain. So any domain, whether it is financial, you know, transactions or it is getting a telecom sim or it's getting a subsidized food grain, every domain requires to authenticate your identity. So ADHAR, while it gives identity, it also provides a service, which is called authentication service, to people who are doing transactions at the point of transactions. So now we have scaled up to such an extent that in one year, we have got about 8 billion authentication transactions, which means every ADHAR holder is, you know, authenticating on an average about seven and eight times a year, which is basically to get telephone connections or to get subsidized rations or to get direct benefit transfers or subsidies into their accounts. So various kinds of applications are riding on top of ADHAR. One important application which is riding is financial inclusion. And obviously by its very nature, all this infrastructure has got to be secure and robust. So there are certain principles which we had incorporated in the design of ADHAR, which essentially make it secure, which is we collected minimal information, which is every time you authenticate, then you get informed on your mobile and your email that you have authenticated. So if somebody else is trying to authenticate on your behalf, then, you know, you can always complain that somebody is doing so there could be an alert put in because of the information. We also, ADHAR does not know what for you are authenticating. So ADHAR's authentication is purpose agnostic. So these are some of the features which are built into ADHAR which preserve the confidentiality, which preserve, you know, which is basically consent and notice to the participant and authentication and which actually keeps a minimal kind of, you know, federated database in some sense that we only keep the logs of authentication. We don't know the purpose of the authentication and we don't know what transaction was conducted and therefore it is a federated data structure which again ensures confidentiality and privacy. You mentioned digital financial inclusion. How many people are still not registered with ADHAR? No, as I said, 1.2 billion. We have a 1.3 billion population. So everybody is registered. Every adult in India 96%, 97% have got ADHAR. So that's not, inclusion is not an issue in terms of getting ADHAR. Now, inclusion in terms of financial services is another important thing and there ADHAR has played a key role in terms of the fact that you can open a bank account using ADHAR's electronic KYC which means you don't have to present any papers. You authenticate yourself and you are able to open a bank account. And that is why India, actually, there is a Prime Minister's program to open bank accounts called Janathan. Now, there India opened about 300 million bank accounts in a matter of four or five months using the ADHAR's electronic KYC infrastructure. So essentially, ADHAR becomes a tool to access various systems, number one. And number two, then we built applications where I can transfer money to you using your ADHAR identification or using your virtual payment ID. So we built a lot of products. So Unified Payment Interface is a set of protocols which India has built, which is hugely scalable. Imagine on UPI, we are transacting 1 billion transactions a month, 1.2 billion to be more precise a month and we are transacting more than 25 billion dollars a month on that. So it's hugely scalable and it is all for free. So basically, there is no transfer charge. I can transfer money and I don't need to disclose my bank account to you. I can just provide you my virtual payment address which can be just like my bank name at the rate ICICI.com or whatever. This is the kind of level of confidentiality and the robustness which it has brought about. Stunning. I mean, there was a Supreme Court ruling, I understand, regarding the privacy concerns about ADHAR. Perhaps you could just briefly give us a brief overview of the security features that have been introduced recently to address these concerns. Yes. I think the Supreme Court ruling in fact validated the fact which ADHAR people were saying that it does not create any surveillance infrastructure. It does not violate any users' privacy. So first of all, the Supreme Court declared that the privacy is a fundamental right and then it set out to examine as to whether ADHAR violates that particular right or not. And it came to the conclusion that it does not violate. So first of all, ADHAR has validated the fact that ADHAR does not violate, the SC has validated that ADHAR does not violate privacy number one. Number two, we have also for those people who are a little, you know, kind of concerned about their ADHAR number being disclosed. There have been a number of new innovations which have been put in place. One is called virtual identity, which means you don't, for authentication, you don't disclose your ADHAR number. You are provided a 16 digit random number again. You can use that and the backend ADHAR can, you know, sort of discern it as to what ADHAR number it is and it can authenticate to you. So the entity with whom you are authenticating does not get hold of your ADHAR number. So virtual identity is one particular innovation which has been done. You can lock your authentication. You know, you can say, I'm not going to authenticate. I don't need authentication for the time being. So you can lock your biometrics, which means that nobody else can allow, can try to authenticate on your behalf. And when you require, you can unlock them for the purpose, for the period of the window for which you are doing authentication and again lock them. So this locking and unlocking of biometrics and ADHAR number is another feature which has been introduced. Then of course in the ADHAR Act, there is a provision which says that if somebody tries to spoof somebody's ADHAR number, somebody tries to impersonate, there are penalties, you know, so it's legally, you know, protected in some sense that you, it provides legal protection to somebody who is trying to hack or somebody who is trying to do some mischief on that. So I think there are a number of steps which have been taken to ensure that we introduce more and more robustness and security features in ADHAR. Talking about security, security and data privacy are going to play obviously a key role in winning consumer confidence and catalyzing the adoption of fintech for financial inclusion. I wanted to ask you, would you agree with this statement and what's your perspective on this? Absolutely, security, data security is very important, data privacy is very important. And unless, see, I always say there are three Cs which are required for a customer to kind of, you know, do transactions. One is confidence, you know, he must be confident that, you know, once he's doing transactions, he's actually not going to lose money by some, you know, mechanism. Second is cost. India is an extremely cost sensitive market. So if the transaction is going to cost money, then I'll not do transactions. So the second is, second C is cost and third C is convenience. If it is very convenient for me, then I'll do the transaction. So cost, convenient and confidence, these three Cs are important. And what you are saying exactly is the same thing that, you know, it's very important. If we want to do a large scale digital transformation, including the banking transactions, then we need to ensure that we preserve the integrity of these transactions by ensuring people that they can do, you know, digital transactions with confidence and with convenience and with minimal cost. You're here at the Fiji security clinic here, which is one event that's happening in a calendar, a series of events here about financial inclusion, this financial inclusion global initiative by ITU and various other partners. I wanted to ask you, what are you hoping to take away from this particular event? Actually, I have attended the morning sessions today and I found that there are a lot of issues in the security part. And I wanted to understand that what are the major, you know, vulnerabilities which systems are facing and as a telecom regulator, what the telcos will have to, what kind of security features telcos have to build in order to ensure to their clients and ultimately the banks are their clients, you know, the people who are doing financial transactions are their clients. How can they ensure that the clients are safe and secure? So, I think it has been very useful thus far and I hope to participate tomorrow also in this and ensure, you know, probably the takeaway for me will be to a little bit more awareness because I am not a technology expert. I am a telecom regulator, a public policy person and therefore it is, for me from a technology perspective it is important to understand as to what the vulnerabilities and what the problems are and how we can, from a policy perspective, from a regulatory perspective, how we can solve them. I was going to ask you, lastly, as a regulator in this fast-moving landscape, how do regulators stay ahead of the game? Absolutely. I mean, this is also a very important question because what is happening is that we have been, you know, used to regulating physical objects. Nowadays, you have everything virtual. So, from a physical world to a digital and virtual world is a big transformation and therefore regulators are actually finding it sometimes very hard to grapple with this new reality and therefore it is important for them to have the expertise and knowledge and get the best out of all those experts to remain ahead of the curve. Also, another part I would say is that technology should not be the main way of regulating. Technology can be a tool to regulate, but I think regulation must be based largely on principles and once you have these principles based regulation, then in that case the role of technology and the danger of being obsolete reduces to a very large extent. Dr. Sharma, thank you so much for joining us in the studio today. Pleasure to see you again as usual and we hope to catch up with you again in the very near future. Thank you very much. Thank you.