Awards are perceived as an endorsement and hence care is required before selection.

Recently, there has been a debate in the professional circles whether the multiple “Awards of Excellence” in Privacy and Security  won by AIRTEL is an endorsement of its Privacy and Security practices by the organization giving out the award. The awards were granted by DSCI which is part of the Ministry of Information Technology and sponsored by NASSCOM. (Refer our previous article for details)

It was a fact that the day after the awards were announced,  license of AIRTEL Payment Bank was suspended for a gross misuse of the Mobile_Aadhaar linking process to make profits. The accusation was that Airtel opened Payment Bank accounts for those who linked aadhaar to their mobile accounts and by another faulty system, the Gas subsidies payable to each of the 23 lakh such mobile subscribers were transferred to Airtel Payment Bank accounts. The Bank therefore got deposits of around Rs 47 crores without any efforts and expenditure to acquire customers. Airtel Payment Bank could have taken a consent for opening the account by a fine print mention some where in an un-digitally signed electronic consent form but most customers were not properly informed that the consent went beyond the linking of Aadhaar to the Mobile and opened new Bank accounts.

This was a deliberate action on the part of Airtel to cheat the public and make financial gain out of the act. In other words this was a fraud and betrayed lack of integrity of the organization. If Government of India is really concerned about “Privacy”, they should have launched prosecution of not only the Airtel Payment Bank but also Airtel. However, we know that Airtel has too much of a clout in Delhi and therefore no action would be taken. The award giving organization and the Jury failed to capture this aspect of the organization to which a “Special Jury Award” was being conferred.

While this issue was in public domain several days prior to the announcement of the award, it appeared that the awards were announced so that it could  influence UIDAI to soften its stand or atleast create a public perception that everything is hunky dory with Airtel. For records, Airtel Payment Bank’s CEO resigned so that MeitY can feel comfortable and not initiate any further action.

Airtel is a known serial offender which has been not only accused of customer billing frauds but also hacking into the mobile browsing of its customers.  We have discussed this in our earlier article “Airtel does a Maggi” where Airtel was accused of introducing a script into the browser used by mobile customers.

This  was also an incident that could be considered as a cyber crime in which the company could have been prosecuted but was not.

In the light of these known facts, it was a surprise that Airtel got three coveted awards from DSCI in its annual award ceremony. Obviously the question was whether  the system of selection of the Jury or the system by which the finalists were identified or the system by which Jury conflict was avoided was faulty.

It appears that DSCI based its assessment on the basis of applications submitted. No body doubts the ability of organizations like Airtel to put up a fantastic presentation that can floor anybody. Though the jury are expected to be intelligent and informed not to be swayed by presentations, they are also human and know that Airtel kind of companies are required as sponsors to many of the other activities of organizations like DSCI and has to be treated with respect. Hence without raising too many questions the presentations can be accepted as given and awards can be based on such self certifications.

One of the suggestions the undersigned put out was that the assessment should have been carried out based on monitoring the activity of an organization over a period and not based solely on the application.

For records, officials of DSCI maintain that “Award is not an Endorsement” and hence they should not be blamed for an awardee being underserving.  Yes we agree. But has any disclaimer been put up on the Certificate making such a statement? Will the awardee be prevented from using the award for its publicity?.  …….Probably not.

In fact every award is a recognition which the awardee should be able to use it for its publicity and as a motivation for further similar good work.  Otherwise the purpose of an award would be defeated.  At the same time, when an award is used in publicity, it will automatically be perceived as an endorsement. It is natural and cannot be avoided.

The award giving organization should therefore consider it as its responsibility to have a proper system of selection which is not amenable to manipulation.

I therefore suggest DSCI that for the coming year awards, make some changes to the system of selection.

They can announce the categories and eligibility criteria for different awards well in advance, receive advance applications and disclose the applications received it to public or atleast to the community of Privacy and Security professionals. Also the awards should be based on consistent performance over a period and not solely on the presentation made in an application.

In order to assess the performance and to enable monitoring of such activity, DSCI may create an “Opinion Drop Box” to which public/Privacy and Security professionals can drop their views from time to time, whenever  positive or negative events are noticed which can be taken into account by the jury.

This Opinion drop box can be activated along with the disclosure of the application information to bring about greater transparency to the system, at least for a period of one month before the finalists are presented to the Jury . This would prevent false claims being made by the applicants misleading the jury.

This would enhance the value of the awards , bring better acceptance and should make DSCI itself more respectable in the community. It will also help the Jury avoid mistakes which hurt their own personal reputation.

I am not expecting that these suggestions would be heeded by DSCI, but the suggestion of creating a monitoring mechanism over a period before an award is given is an idea which even other organizations can follow and hence using this award process as an example, I am putting it out. Hope it would be useful for other organizations.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.