KOMN commuter data could be misused, say critics

Even as proponents of the Kochi Open Mobility Network (KOMN), which was launched here on Friday evening under the aegis of the Kochi Metropolitan Transport Authority (KMTA), say that the network’s data protection has been assured and that its specifications and ownership will be handed over to the KMTA after six months, critics say grey areas abound and that it needed comprehensive political vetting.

After identity, finance, health, education and agriculture, it could be an attempt to garner data on transport and commerce. The transport-related data could ultimately end up being used for “digital colonisation”, more so since a commuter’s identity and travelling pattern will be known, says Anivar Aravind, a public interest technologist and digital rights’ activist based in Bengaluru.

“I wonder on what basis the government and the KMTA roped in stakeholders that have a history of technological and civil rights violations. The “surveillance app” will help garner information on traffic-data, which could be shared with start-ups that are in their ecosystem. No proper stakeholder consultations were done prior to finalising the initiative that will begin as a traffic project and could end up in e-commerce,” says he.

The KOMN’s proponents say that this is contrary to facts, since the network has a data-protection and security-audit certificate. The conclusion in the audit certificate issued by a Kolkata-based firm, a copy of which was made available to The Hindu, says “Application is free from OWASP Top 10 (any other known) vulnerabilities with exceptions and is safe till any changes.” The annexure ends with a list of five recommendations.

Official sources say the ‘beckn’ protocol, which the KMTA intends to bank on, is just a set of open standards and specifications that is publicly available and it is for inter-operable digital commerce transactions.

“The trademark of the ‘beckn’ brand is to avoid misuse of the brand mark. The trademark classes which the beckn brand mark is registered also include class 9 that mentions Privacy Protection and class 42 that mentions Interoperability Protocol. It requires harmonious reading of all classes to understand how the beckn brand is registered, to avoid any misuse of the brand mark beckn. There are no standards related to surveillance in beckn,” they add.

KMTA stakeholders say that beckn is like Linux or Android, may be more open to public, but less critical. “It is similar to alphabets — anyone can learn them to write and speak. Beckn will extend its support for the first six months, following which it will hand over the server to the KMTA,” they add.

But detractors say that there is every possibility of select apps being promoted. “The minimum that the KMTA’s technology partners should have done is helped the agency ready a website and also help promote AuSa app of autorickshaws. These remain unaddressed. The KMTA remains sans a website, which is crucial to get suggestions from members of the public, nine months since it was inaugurated,” they say.

Mr. Aravind says the beckn protocol is not like Linux or Android which come with a lot of protection to end users. End users were not consulted in the case of the transit-data sharing protocol in Kochi, he says.

Our code of editorial values

This article is closed for comments.
Please Email the Editor

Printable version | Sep 28, 2021 7:25:24 PM | https://www.thehindu.com/news/cities/Kochi/komn-commuter-data-could-be-misused-say-critics/article35497191.ece

Next Story