Latest news with #RahulMatthan
Mint
5 days ago
- Automotive
- Mint
Rahul Matthan: Can driverless cars tame Indian traffic?
Next Story Rahul Matthan Autonomous vehicles are proving safer than those with humans behind their wheel. The chaos of Indian roads may make them freeze at first, but their safety promise could kick in once they swell in volume and come to dominate our streets. Without a human at the wheel, cars will no longer need to be built like rolling fortresses. Gift this article Each year, over a million people die in automobile accidents around the world. While this might seem like a high number in absolute terms, it has been trending downwards on a per capita basis from its peak in the mid-20th century. Each year, over a million people die in automobile accidents around the world. While this might seem like a high number in absolute terms, it has been trending downwards on a per capita basis from its peak in the mid-20th century. For the most part, this is because of the tremendous effort that manufacturers have put into making sure that their vehicles are safe. Since the vast majority of automobile accidents are on account of human error, today our cars come with airbags, crash harnesses, crumple zones and reinforced structures to give passengers the best chance of escaping unscathed. So much so that for more than half a century, our design efforts have been focused on protecting us from ourselves, rather than building more efficient transportation. All this has added to the weight of the car, forcing manufacturers to make their engines even more powerful, which has, in turn, further increased the vehicle's weight. What all this means is that, year after year, our streets are being filled with even more massive metal machines that are far heavier and more powerful than they need to be. There is an economic cost to all this. Since they are designed to meet crash standards, our cars today are far less aerodynamic than they could have been, and, as a result, consume far more fuel than they need to. Given the additional weight of their safety features and much larger engines, their tyres suffer far more wear-and-tear, which has increased maintenance costs all around. We know that it is technically possible to design cars up to ten times lighter without sacrificing speed or comfort. All we need to do is adopt a more aerodynamic design and a more lightweight frame—one that simply protects occupants from the elements and nothing more. This, however, is currently unthinkable because there is no way to ensure that light aerodynamic cars are safe. Also Read: Robotaxi battle royale: Uber's latest move should worry Tesla Since 95% of all accidents are caused by human error, surely the most effective way to reduce automobile fatalities would be to take humans out of the equation. A decade ago, this might have been idle speculation, but over the last ten years, autonomous vehicle rental companies like Waymo have been operating truly driverless vehicles on public streets in the US with much success. As a result, we now have evidence to show that such vehicles are far safer than those with human drivers behind the wheel. With reaction times 150 times faster than a human's, they cause 88% less property damage and 92% less bodily injury. There is no reason not to use them more widely. Without a human at the wheel, cars will no longer need to be built like rolling fortresses. They can be smaller, lighter and more aerodynamic without the overpowered engines we currently use to transport the safety features we can't do without. If we deploy them as shared fleets, a single vehicle will replace dozens of private cars, increasing utilization and dramatically cutting fuel use per passenger-kilometre covered. While this might seem like some futuristic fantasy, in some parts of the world it is already a reality. In August 2023, Waymo was running 10,000 paid rides a week. By mid-2025, that has grown to over 250,000. In under two years, cumulative trips grew from 1 million to over 10 million. The average Waymo cab now completes more daily trips than 99% of all human Uber drivers. We've seen this S-curve before—in smartphones, mobile data and digital payments with India's UPI—and we know that once it starts, it accelerates rapidly. Also Read: Hold tight, a global metro railway boom has only just begun If this is the future, India should not be left behind. But can we even hope to go down this path? It's all well and good for us to talk about fleets of autonomous vehicles in the well-ordered streets of San Francisco. It's another thing altogether to imagine something like this on India's chaotic streets. While this might, at first, seem like an insurmountable problem, traffic is a system and systems adapt. Autonomous vehicles follow the rules strictly. They don't jump signals, block intersections or squeeze through impossible gaps. If forced to deal with humans who do all that and more, they may be rendered immobile, unable to proceed in any direction, given the chaos that their sensors perceive. But as their share of the traffic mix grows, the predictable behaviour of driverless vehicles will start shaping the behaviour of human drivers around them. Once self-driven vehicles are in the majority, it is the erratic human drivers who will be compelled to comply. While the transition to autonomous might be difficult for countries where a large proportion of the population already owns cars, this should not be a concern in India, where that number is less than 10%. Since so many of us rely on public transport, India's transition to autonomous vehicles can start there. Driverless metro trains are being tested. Many cities have dedicated bus lanes, and it should be possible to insinuate autonomous vehicles into those corridors with little disruption to normal traffic. As drivers and pedestrians get accustomed to them, we could add cars and other similar vehicles. For decades, we have purposely built our vehicles to save us from ourselves. Autonomous vehicles give us a chance to break that pattern, allowing us to redesign this mode of transport from the ground up: lighter vehicles, higher utilisation, less fuel, more order. In a country that imports most of its oil, that's not just good engineering. It's critical efficiency. The author is a partner at Trilegal and the author of 'The Third Way: India's Revolutionary Approach to Data Governance'. His X handle is @matthan. Topics You May Be Interested In Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
Mint
29-07-2025
- Mint
Newly proposed OTP rules: A case of regulatory overreach in telecom?
Next Story Rahul Matthan To curb OTP misuse, India's government has proposed changes in its Telecom Cyber Security Rules. While the intent is fine, it could make compliance difficult and expose users to other risks. We must weigh the likely benefits of a shift against its potential costs. In India, the most widely used additional form of authentication is the one-time password (OTP). Gift this article As transactions have grown increasingly digital, service providers rarely (if ever) come face-to-face with their customers. This means that without reliable means of authentication, they have no way to ensure that the products and services they sell actually end up in the hands of those who bought them. As transactions have grown increasingly digital, service providers rarely (if ever) come face-to-face with their customers. This means that without reliable means of authentication, they have no way to ensure that the products and services they sell actually end up in the hands of those who bought them. One way to address this would be to insist on multiple factors of authentication. In practical terms, this means that in addition to proving who you are in reference to 'something you know' (such as a PIN or a password), you would also be required to do so with reference to 'something you have' (such as a hardware token or a mobile device) or 'something you are' (such as a fingerprint or another biometric identifier). In India, the most widely used additional form of authentication is the one-time password (OTP), a number sequence sent to your mobile phone (since this is 'something you have') to validate that you are who you say you are. There are many reasons why these are preferred. OTPs are only valid for a single session, which means that an attacker who gains access to one will not be able to reuse it, and, since it has limited validity, has just a small window within which to misuse it. Today, OTPs are used for all sorts of purposes. Delivery boys insist on them before handing over a parcel and ride-hailing apps need one to start a ride. Given their widespread use (and perhaps because of it), malicious actors are going to extraordinary lengths to find ways to exploit them. Some register for services using old or recycled SIMs so that they can obtain OTPs to access the previous user's account. Others use OTP application programming interfaces (APIs) to flood users with OTPs, which can serve as a way to perpetrate denial-of-service attacks or mask other fraudulent activity. Last week, to curb some of these illicit uses, the Indian government proposed a set of changes to India's Telecom Cyber Security Rules. They intend to establish a government-run real-time platform that validates whether a mobile number is active, recently re-issued or swapped, and linked to the same subscriber profile recorded by the telecom company. This, the government hopes, will help prevent impersonation through SIM reuse, SIM swaps and spoofing. The Cyber Security Rules will apply to all organizations that use telecom identifiers to authenticate users or deliver services. For this purpose, it has created a new category of regulated entities called Telecommunication Identifier User Entities (TIUEs), defined in terms so broad that they cover over-the-top platforms, fintech firms, e-commerce service providers, edtech platforms and just about any entity that provides digital services. TIUEs have to follow the same cybersecurity protocols as other licensed operators, including risk assessment, incident reporting and data security. In the event of misuse, the government will have the power to temporarily suspend the use of a given telecom identifier or suspend its use for the identification of customers/users or delivery of services. It could even permanently disconnect it. While the Centre's efforts at cracking down on OTP abuse are appreciable, I worry that the solution it has come up with exceeds its authority. The Telecommunications Act of 2023 applies to entities that provide telecom services or operate telecom networks and equipment. In creating a new category of regulated entities called TIUEs, its amendments extend the government's authority to just about any organization that uses telecom services as part of its business. This is far in excess of what the Act permits. Today, OTPs are used across a range of sectors. The Reserve Bank of India has permitted the use of Aadhaar-based OTPs for e-KYC and has authorized the use of OTPs for card-not-present transactions, UPI, net-banking, wallets and recurring e-mandates. The National Health Authority frequently uses OTPs for the creation of health IDs, consent management and access to health information. All the entities that use OTPs for these purposes are regulated by existing regulators and have to abide by a detailed set of obligations that set out how OTP authentication needs to be carried out. If these amendments to the cybersecurity rules come into force, they will additionally be forced to comply with the instructions of the telecom regulator. This will give rise to confusion and regulatory uncertainty, increase their burden of compliance and force businesses to implement measures that may be improperly aligned with the objectives of the different regulators they have to obey. Also Read: Vivek Kaul: Fast thinking is the great enabler of digital fraud There are also practical consequences of this approach that the government may not have fully thought through. Given how broadly it has been defined, tens of thousands of entities will likely qualify as TIUEs and will have to integrate their services with the mobile number validation (MNV) platform. This will create a centralized log of OTP usage, offering cross-sectoral intelligence on user behaviour of unprecedented magnitude. This will probably become a honeypot for cybersecurity attacks and data breaches that could put us all at risk. Regardless of the idea's intention, it will also likely be viewed as a form of surveillance that is neither proportionate nor warranted—and thus an instance of regulatory overreach. While OTP misuse is a problem, all we need to do is tighten SIM re-issuance procedures and mandate fraud reporting. Over-broad solutions can end up eroding the very trust they seek to preserve. The author is a partner at Trilegal and the author of 'The Third Way: India's Revolutionary Approach to Data Governance'. His X handle is @matthan. Topics You May Be Interested In Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
Mint
08-07-2025
- Health
- Mint
Rahul Matthan: Indian genes could save the world from rare diseases
Next Story Rahul Matthan India offers a treasure trove of genetic data for AI-enabled researchers to develop therapies neglected by commercial drug-makers for insufficient demand. India could take a global lead in this sphere, with a big role played by data from its many endogamous communities. India has over 350 endogamous communities. Gift this article In an episode of my podcast titled 'The Incurable Disease,' I told of how a husband and wife with no previous medical training or experience built a genetics laboratory in a bungalow in Bangalore so they could find a treatment for Duchenne's Muscular Dystrophy (DMD) to save their son. As much as this is a story of grit and perseverance, it also shows how far genetic technology has come and how affordable its innovations can now be. In an episode of my podcast titled 'The Incurable Disease,' I told of how a husband and wife with no previous medical training or experience built a genetics laboratory in a bungalow in Bangalore so they could find a treatment for Duchenne's Muscular Dystrophy (DMD) to save their son. As much as this is a story of grit and perseverance, it also shows how far genetic technology has come and how affordable its innovations can now be. Diseases like DMD are rare medical conditions. They affect a relatively small proportion of the general population. Yet, over 400 million people suffer from more than 7,000 known rare diseases today, with the Global South bearing the bulk of this burden. While there are treatments for many rare diseases, given the small size of the patient population, pharmaceutical companies cannot achieve the economies of scale needed to make them commercially available. In the 1980s, patient advocacy groups began to draw attention to this, pointing out that research and development (R&D) for rare disease drugs was being discouraged because it wasn't profitable. Since they were being consciously abandoned, they started being called 'orphan drugs.' Since most rare diseases are of genetic origin, they can be treated using genetic and gene-editing science. Ever since the Human Genome Project was completed in 2003, the cost of genomic sequencing has fallen dramatically. From the approximately $2.7 billion that it took at that time to sequence the first human genome, it now costs less than $100. This has made it possible for us to develop treatments for genetic diseases at a relatively affordable cost. Since that podcast episode, I've come across several other examples of frugal genetic innovation in India. The Centre for Stem Cell Research at the Christian Medical College, Vellore, has successfully used 'lentiviral vectors' to treat patients suffering from Haemophilia-A, and India's first clinical trial for sickle cell disease (SCD) using indigenous technology could become the first Crispr-based corrective therapy for the disease. Each of these treatments costs much less than their Western counterparts; India's Crispr-based cure for SCD costs between $25,000 and $100,000 per patient versus about $2.2 million in the West. This demonstrates that India not only has the technical ability to find treatments, it can do so affordably. This, in large part, is because of how India's regulatory framework has evolved in support of these initiatives, with the Indian Council of Medical Research guidelines for cell and gene therapies providing clear pathways for innovation. The National Policy for Rare Diseases, announced in 2021, provides further support to this ecosystem by offering financial aid and establishing centres of excellence. In addition, various state subsidies and manufacturing initiatives for critical components like delivery vectors and stem cells have contributed to cost reductions. Also Read: Genetic studies: Let's cast a wider DNA net While developed countries in the West have advanced R&D capabilities, they lack genetic diversity in disease models. As a result, they struggle to find suitable cohorts of patients suffering from rare diseases. This has hindered the design of clinical trials as well as the timely treatment of patients, particularly in the case of early-onset diseases. India, on the other hand, has over 350 endogamous communities. As a result, the country has a high rate of consanguinity. This has resulted in a high prevalence of recessive gene mutations in the population, presenting unique opportunities for genetic discovery and insights into disease biology. Given that Indian scientists have demonstrated their ability to develop commercially viable treatments for rare genetic disorders, India can play an important role in using interventional genomics to find cost-effective cures for rare diseases. This, according to a recent article in The CRISPR Journal, is an opportunity to establish a first-of-its-kind North-South collaboration that could offer lasting solutions to the problem of rare diseases in a way that benefits everyone. The article proposes the establishment of a platform that will 'bridge scientific, clinical, and economic gaps" and, in the process, leverage India's genetic diversity to offer a shared opportunity for therapeutic innovation. Also Read: Gene editing: Is humanity ready to rewrite the book of life? The first step in this direction would be the creation of comprehensive data infrastructure to capture clinical, genomic and bio-sample data from rare disease patients in India. With this in place, we can deploy an analysis engine powered by AI to enable clinical trial matching and advanced analytics for gene discovery and disease biology insights using the best technologies from the Global North. The resulting platform should be able to quickly analyse Crispr drug candidates and optimally guide delivery systems and dosage calibrations in subsequent preclinical research and clinical trials. It would also establish the quality standards and safety data needed to manufacture specialized biological components, ensuring that they meet the same rigorous standards as any regulated therapeutic solution. The platform approach will position India as an equal partner in the creation of a future in which medical treatment is personalizable, precise and, above all, widely accessible. It would also transform India's endogamous communities, once characterized by their genetic risk, into co-inventors of cures that the world still lacks. The author is a partner at Trilegal and the author of 'The Third Way: India's Revolutionary Approach to Data Governance'. His X handle is @matthan. Topics You May Be Interested In Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
Mint
24-06-2025
- Business
- Mint
Rahul Matthan: How age tokens to get past age gates favour free speech
Next Story Rahul Matthan In the US, keeping children safe from exposure to harmful stuff online has run into a free-speech muddle. But in India, we have the digital infrastructure needed to reliably ensure that kids aren't exposed to content meant for adults. India could leverage Aadhaar to generate zero-knowledge tokens of proof that verify a user's age without revealing any other personal information. Gift this article In September 2022, California governor Gavin Newsom signed the Age-Appropriate Design Code Act (CAADCA) into law, introducing a new legislative framework to protect children online. The law required businesses whose services were likely to be accessed by minors to conduct 'data protection impact assessments' before launching new features. These assessments had to evaluate whether platforms could expose children to 'harmful or potentially harmful materials" and mandate mitigation strategies for any risks identified. In September 2022, California governor Gavin Newsom signed the Age-Appropriate Design Code Act (CAADCA) into law, introducing a new legislative framework to protect children online. The law required businesses whose services were likely to be accessed by minors to conduct 'data protection impact assessments' before launching new features. These assessments had to evaluate whether platforms could expose children to 'harmful or potentially harmful materials" and mandate mitigation strategies for any risks identified. NetChoice, a tech industry trade group, immediately sued California Attorney General Rob Bonta, arguing that the law violated the US First Amendment and other constitutional provisions. A district court issued a preliminary injunction in September 2023, which was subsequently broadened on 13 March 2025. Also Read: Aadhaar-based age tokens can solve a privacy problem The court's decision was based on the finding that the law violated the constitutional guarantee of free speech by compelling businesses to 'opine on and mitigate the risk that children may be exposed to harmful or potentially harmful materials online." This, the court held, essentially forced platforms to make editorial judgments about speech content, which was not permitted under the near-absolute right to speech available under the US Constitution. A closer look at the court's reasoning suggests that the problem is not just that the CAADCA restricted free speech. Since there is no reliable way in the US to distinguish children from adults online, platforms that are under pressure to deny children access end up restricting what adult users can access. Without a clear mechanism to accurately identify which of their users is a child, platforms know that if they under-restrict access, they risk non-compliance with the law. As a result, most will choose to over-restrict, preventing adults from uploading or accessing content that they have a constitutional right to see and share. The situation in India is somewhat different. While the Indian Constitution also grants citizens the right to freedom of speech and expression, it is subject to 'reasonable restrictions." As a result, when the state insists that intermediaries ought to police harmful content, courts rarely interfere, even if this means that these platforms have to exercise the sort of 'editorial' judgement over content that US courts have struck down as unconstitutional. That said, India has something that the US lacks: digital infrastructure that offers an elegant solution to the age verification problem that has resulted in US companies over-compensating in order to comply. This means that even though Indian courts may not interfere with laws that require online intermediaries to take editorial decisions on content, Indian platforms are better equipped than their American counterparts to strike an appropriate balance while moderating content. Also Read: Rahul Matthan: Don't let data privacy safeguards work against us In an earlier article, I had described how India could leverage Aadhaar to generate zero-knowledge tokens of proof that verify a user's age without revealing any other personal information. I had discussed this solution in the context of India's Digital Personal Data Protection (DPDP) Act of 2023, which imposes strict age-based restrictions on the processing of personal data by requiring verifiable parental consent before any such data of a child can be processed. That idea has now been incorporated into the draft DPDP rules, which expressly contemplate the use of 'virtual tokens mapped to identity and age." If we can apply the same technological solution to content moderation, it should be possible for Indian intermediaries to avoid the overreach problem that has plagued content regulation in the US. If platforms can accurately determine which of their users are children and which are adults, they will be able to narrowly tailor content restrictions so that these apply only to those below the permitted age. This will mean that children attempting to access age-inappropriate material can be redirected away from such content without affecting the ability of adults to access it. This will enable platforms to uphold the fundamental right to freedom of speech and expression while also ensuring that reasonable restrictions can be applied with surgical precision. As a result, even though India has narrower constitutional protections for speech than the US has, it is capable of striking a far better balance when protecting children from harmful content. Since we have a technological infrastructure that offers a simple, low-friction solution to age verification, Indian platforms are able to build solutions that can target content more effectively than is possible in the US. Content moderation is a global challenge. Every country needs to strike a balance between over-moderation and children's exposure to harm that is appropriate in its own unique context. Given the volume and velocity at which content is generated online, no country will be able to do this effectively unless it puts in place an effective age-verification mechanism. India's age-token solution represents a remarkable inversion of the way in which content moderation is currently conceptualized. It offers an answer that not only preserves privacy, but ensures that content restrictions can be devised to apply only to those in need of protection. Sometimes, solutions lie not in the laws we enact, but in the infrastructure we erect. The author is a partner at Trilegal and the author of 'The Third Way: India's Revolutionary Approach to Data Governance'. His X handle is @matthan. Topics You May Be Interested In Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
Mint
11-06-2025
- Mint
Data protection: A privacy shield shouldn't end up as a barrier
The internet's interface with users has been jostled over all the way from its early days of web browsers to today's handy mobile apps. Now tools of artificial intelligence (AI) have entered the fray, just as India's online privacy law is about to kick in. Together, they could alter the dynamics of internet usage. First, consider the rise of AI chatbots since the launch of OpenAI's ChatGPT in late 2022. According to Mary Seeker's report on AI trends cited by Plain Facts in Mint, India has more users of ChatGPT's mobile app than any other country; April data shows that we account for 13.5% of this chatbot's global user base, with the US share of 8.9% placing its home market second. The concept has clearly caught on, which explains why search engines like Google and Bing now offer similar AI features. Some seekers of information have begun to see AI generated snapshots as sufficient, which means they often do not visit source websites even when chatbots present them a set of links. This suggests significant tolerance of AI's hallucinatory risks. Also Read: Rahul Matthan: Don't let data privacy safeguards work against us Meanwhile, all 'data fiduciaries' that operate in India, such as sites that ask for our identity and other details, may soon have to meet new user-consent norms under the Digital Personal Data Protection Act of 2023 (once final rules are notified). Not only must they obtain our explicit opt-in consent for each purpose they plan to use our data for—be it to set the site right for us, pool our files in for a meta-data analysis, aim personalized ads at us, or whatever—they must also let us flip past choices and delete data accordingly. If the mandatory protocols for all this prove too clunky, they could get in the way of website access just as AI begins to impact web traffic. To be sure, India's privacy law offers a valuable shield against the misuse of our personal data. The battle for this law was hard-fought, and while it's imperfect, it serves as a vital piece of armoury. Its rules need to be implemented without ado. Also Read: The agentic AI revolution isn't the future, it's already here The worry lies elsewhere—in user behaviour. Although online privacy has been a rallying cry, users of apps and sites are reluctant to scroll through 'terms and conditions' when it's so much easier to click blindly on an 'I agree' box and proceed. In part, the privacy law is designed to solve this problem of signing away rights without realizing what it might imply. Yet, while the law clearly aims to ensure that users know exactly what they are getting into, whether they'll view point-by-point consent tick-boxes as a hurdle is yet to be tested. Also Read: Mint Quick Edit | India's new privacy rules: A mixed bag This assumes salience in the context of behavioural patterns that place a premium on speed. Web users who want to find out something fast, for example, are often content to consult a chatbot and save time on a deeper delve. If visiting a new site involves a consent rigmarole, even more web traffic may flock towards chatbots and stay there. Conceivably, this trend may concentrate power in a handful of AI market leaders that own a popular interface. It's not just about information. Versatile tools of Agentic AI offering to execute odd tasks for us could come next to impact websites driven by interactivity. While it is unclear if AI bots could fill up online consent forms on our behalf (via, say, a digital power-of-attorney device), it's clear that any such concentration of power would pose antitrust risks. To resist AI dominance, sundry websites must keep users engaged directly. And to that end, they will need to keep their privacy protocols as user-friendly as possible. A shield should not end up as a barrier.
