Open Letter To The Governor Of RBI : Reserve Bank Of India
Respected Sir,
This RTI is in respect of the RBI’s latest regulation which has made mandatory for all the payment operators to store all their data in India within six months. The guideline was issued to make the user data less vulnerable to hacking and hence to create more safety of the same. As a media company we have certain questions regarding this.
-
How will RBI ensure that the servers hosted in data-centers in India will have 99.99% uptime as offered and maintained by international data-centers, keeping the internet situation & conditions in mind?
The efficiency of data centers located outside India is not hidden in anyway. India has main data centers located in Delhi or Mumbai. Also these data centers face many challenges ranging from as minute as lack of awareness to as humongous as lack of data regulation. All the government websites which are being developed and maintained by NIC have their data stored in Delhi. Needless to say that these websites are low traffic websites and whenever these face high traffic, they go for a downtime. Now as per your newly released guideline when the major payment operators will get their data centers in India, don’t you think that it will hamper their growth? For these big payment operators to store data in India will prove a bane.
-
How does hackers hack the data from the servers?
The next issue which comes into play is to for data theft to occur the hackers do not need physical access to the servers. This shows that the person who had made the statement to prove the new regulation and that it will create more safety of users’ data seems to be totally unrelated from the technological background. This issue highlights the level of knowledge of team working in the RBI. Also this is like a widespread epidemic issue where the income of genuine public is being wasted on such kind of ignorant people. Employees in RBI who pass such guidelines show that they are not only of technically unsound mind but also they are not at all receptive towards the problem involved in this.
-
What are your feedback and reviews about several websites of Indian departments hosted in Indian data-centers like CBSE, Ministry of Corporate Affairs and several others Indian government department & ministries websites which are 98% down all round the year?
Above all, due to large traffic and data-usage, these servers are hosted in data-center with large bandwidth and network support data-centers. The data centers in India are highly incapable to provide with such high bandwidth. According to a study if the server of Google goes down even for 2 minutes, it will cause a revenue loss to Google in billions. Such level of revenue loss will hamper the economic growth. Not only this, has the government has not laid any compensation procedure in this regard? NO. Who will make good the losses incurred in transferring the data centers to India from outside locations? The downtime of servers will affect these operators adversely. Can you name some data-centers in India where there are streamline network access?
-
What surety RBI will provide against data-theft and hacking/cyber security once all the servers are transferred to India?
Going to talk about the safety and unfettered access which the apex bank wants to create to promote safety, we have a list of data leaks of the government department which gave a shock to the country when they came in limelight. I am sure the team who has proposed this regulation must be well aware of such data leaks. The UIADI data leak where the data of public collected in form of Aadhar was available in the market at a low price of 500/-. It took just Rs 500, paid through a e-wallet, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. The government who boasts about the safety of Aadhar data has once again failed miserably to protect the data stored in the data centers here. Please answer how will you ensure the data safety of the websites in India where as we have recently seen that websites of our Ministry of Defence was also hacked by the hackers. The Ministry of Defence who serves the nation as the prime body for maintaining peace and security, data leak of such a department poses high threats not only to national security but to overall workings of the nation. How does RBI ensure that there would be no data-theft in Data-centers in India?
-
Do you think physical locations of servers will have any impact on data-theft and safety?
Coming to the people who are working in the RBI, to whom salary, pension, allowances, perks are being paid out of the taxes paid by the public with their hard earned money, they are totally uneducated, idle and utterly foolish to carve such regulations. Are we paying taxes to feed such people who are not even aware of the provisions in transferring the data centers? We ask you to provide us the details of the technological knowledge of such people who are unaware about the workings behind data theft. We recommend you to get intelligent people on board who do some productive work and they research on alarming issues in the nation.
-
What are your feedbacks and reviews on several high-profile websites deformed and hacked including recent defence ministry website? They were hosted in India but were also hacked?
If we talk about the government websites and their modus operandi, we will come to know how faulty this newly passed regulation is. The website for CBSE, MCA whose server are all hosted in Indian data centers have very low receptive speed. The internet system in India is so poor that these websites are almost 18 hours out of access/reach/down due to poor internet connectivity. If we ask such big and heavy traffic receiving sites to operate their data centers in India, it will lead to hefty losses to such businesses which will be left uncompensated by the government. Not even in data-centers, if you call any customer support service of any Indian government department like IRDA, the only thing we hear from them is that their server is down. But this issue is not thought about the illiterate officers working in the apex bank who talk about creating nuisance by issuing such baseless and useless regulations. In such pathetic conditions where most of our network bandwidth is of absolute poor quality how do you ensure that by transferring these servers to India will remain available to the users?
Following are the glitches that we have observed in this regulation which is a problem creator, adding to the misery of the payment operators.
-
Inefficient data centers in India
-
Mode of hacking does not need physical access to the servers
-
Extremely poor quality of internet in India
-
No guarantee of safety and unfettered access in time of data leak of highly sensitive government departments
-
Inefficient and incapable team working in RBI
-
Faulty Modus operandi of government websites
If this new regulation is genuinely made to protect the data and to ensure safety and not to provide some personal advantage, then the bank must see the following disruption which will be caused-
Talking about the inconvenience which this guideline will cause to the persons who are operating business with millions of turnovers is mentioned below
-
The data centers enter with a contract regarding the payment. All the service providers pay a lump sum amount for this contract. The duration of contracts with the data centers is for long term. The payment so made is non refundable. This will lead to huge amount paid as advance to these giant data centers going in vain. Again who will be responsible for this? Will you or your officials be liable for the losses?
-
The regulation which mandates the data to be stored in India will lead to incur huge amount in transferring the data centers to India. Why a business whose turnover is entirely based on its website and the traffic which it attracts will opt for this? Are the payment operators fool who will create a downtime in their servers due to this transfer?
-
The central bank said that, “in order to have unfettered access to all payment data for supervisory purposes”, it has been decided that all such operators will ensure that data related to payment systems operated by them are stored only inside the country within a period of six months. To bring to your light, the data hackers do not need tangibility to hack the data. Please polish your knowledge regarding this. Data theft can happen from any corner of the world be it India, China or Pakistan. So no payment operator will agree to transfer their data centers to such highly ineffective ones only to fulfill the whimsical orders passed by your bank.
Even this regulation has seen discontent from the other government officials. Niti Aayog CEO Amitabh Kant has said that the “Decision to set up data centers in the country (India) cannot be mandatory and it will be not be conducive for the eco-system.” Kant said, while releasing the IAMAI’s Make In India report on incentivizing data center infrastructure in India, that he will “initiate a dialogue with departments like IT, Telecom and Energy to create the best possible infrastructure for data centers.” This again comes to highlight the fact that the current data centers lack infrastructure and are not efficient enough to handle such humungous data of big payment operators.
The guideline so issued seems to create havoc in the industry based on many practical issues. Whereas, the regulation so passed fails to give the logic and a reasonable justification regarding its practical implementation. It has once again given a proof of the kind of team that goes behind the working of an apex bank of India. Guidelines like these shows that the people employed in the apex bank are not only technologically behind but they lack the competence to evaluate the issues attached to this regulation. The regulation is only created to pester the people with such major affects. This is a mere way by the government officials to harass the people and not to benefit them.
Here we summarize the list of questions which are created in the minds of general public and also the operators, and whose answers we demand from the team on URGENT BASIS
-
How does RBI ensure that there would be no data-theft in Data-centers in India?
-
Does RBI understand what data-theft is and how this is done?
-
How RBI will ensure safety of the websites in India where as we have recently seen that websites of our Ministry of Defence was also hacked by the hackers?
-
What surety RBI will provide against data-theft and hacking/cyber security once all the servers are transferred to India?
-
Do you think keeping servers in India will prevent websites from being hacked?
-
Do you think keeping servers in India will prevent data-theft from the servers?
-
How does hackers hack the data from the servers?
-
Do you think servers needs physical safety to prevent hacking and data-theft?
-
Do you think physical locations of servers will have any impact on data-theft and safety?
-
Do you think hackers go to data-centers at night and copy the data from servers in pen-drives?
-
How will RBI compensate the companies during the downtime taken in transferring the servers from other countries to India?
-
What are your feedback and reviews about several websites of Indian departments hosted in Indian data-centers like
CBSE, Ministry of Corporate Affairs and several others Indian government department & ministries websites which are 98% down all round the year? -
How will RBI ensure that the servers hosted in data-centers in India will have 99.99% uptime as offered and maintained by international data-centers, keeping the internet situation & conditions in mind?