Pramod Varma, the chief architect and technology adviser for ID project Aadhaar, is also an adviser to the Goods and Services Tax Network (GSTN), the company that has built the technology to enable the rollout of the new tax. A quintessential technocrat, Varma wears several hats: he is CTO, EkStep, a not-for-profit creating a tech-enabled platform to improve literacy; adviser to the National Payments Corporation of India; and architect, IndiaStack, a set of APIs aimed at leveraging Aadhaar, India’s ambitious citizen ID project, to solve the country’s real world problems. Varma is also on the boards of several technology startups.
FactorDaily caught up with Varma to understand the technology behind the GST regime, the power of data, and India’s data privacy law. Edited excerpts: Q: We are going from a data poor country to a data-rich country. On the personal side it is Aadhaar and on the business side it is GST Networks which is enabling data richness. What are the ramifications GST specifically has for the future of data and its use in India? A: One of the unfortunate things that happened in the United States or the developed western society is the concentration of data with one or two companies or the government. No one else benefits out of that. I am hoping the data laws that India is creating is not just about data protection, but also about data empowerment. Law should ensure it “empowers” individuals or SMEs and ensure “right to access” one’s data. If it is only about protection, we will end up with black boxes of data sources! It is useless. Instead, individuals and SMEs should be able to “build their digital assets” through accessing their data resulting from digital participation.
Law should ensure it “empowers” individuals or SMEs and ensure “right to access” one’s data. If it is only about protection, we will end up with black boxes of data sources
Aggregate data is hugely valuable in this age of big data and machine learning. The use of that data will remain “locked” within the entity keeping the data. Even if they protect it from theft etc, they will still use the data and insights derived from it. That’s what companies like Facebook and Google are doing. Billions of dollars are at stake there for them.
I sometimes fear that we have so much of public discourse on data protection that we will have a protection law and not an empowerment law. If any entity holds any data against yours or my identity, it must be clearly said that it is co-owned. That means, by one’s right to access their own data, these entities should give machine readable data back to users which people can use it to get access to various services. So, the footprints that you leave behind will become useful to you.
Also read: Turning the debate on India’s data protection laws
The discourse should not be against digitisation, because we can’t go back to the dark ages, you know. Then you shouldn’t have internet, you shouldn’t have mobile phones. Point is, can India leapfrog in data regime with both protection and empowerment given equal weightage? That is a powerful way of empowering people to participate in digital system, behave well, and earn digital assets!
I sometimes fear that we have so much of public discourse on data protection that we will have a protection law and not an empowerment law
If SMEs and companies cannot take advantage of their own GST data, machine readable and digitally signed for higher trust, for getting better lending rates or invoice discounting and manage their cash flow, we would have created just a tax filing system which is necessary but not sufficient.
GST will be a very powerful system and enable positive incentives if the overarching data empowerment factor comes in. Otherwise GST may become a one-sided tax payment system. I am hopeful India will get it right. Q: Haven’t countries like China made use of that system? Because Alibaba… the commerce data was available. Credit systems were developed. A: Not for the people in terms of using their data outside Alibaba ecosystem. Where is Alibaba or Amazon giving back the data? Even most of our banks do not give us digitally signed machine readable data, instead they give PDF or unsigned Excel sheet that no other entity trusts. By the way, some have started doing it which is great. EU is getting their PSD2 (revised payment service directive) implementation soon which will force banks to provide data. So, companies like Alibaba or Amazon or Facebook or Google are surely using the data to provide further services “within their closed system” and keep the users locked in. Q: As an adviser to the GSTN, what are some of the technology issues that you had to address? A: The concept of the tax system as an ‘Open API-based platform’ is the biggest thing that we were able to bring to this system. From the tax department perspective, a portal is sufficient. Go to the portal and file taxes, no? Upload your excel or pdf and you’re done. The tax system is a just a vertical closed solution, right? And we were saying no. The platform you are building has to be open for further innovation and empowerment of taxpayers. While a portal is needed, it needs to be built on its own APIs.
Now, the GSTN has a “tax payer” authentication API, as a derivative of the tax filing system! You can do a KYC on a company with nothing to do with tax! Let’s say you want to give a loan to a company, or you want to sign up as a petrol bunk merchant or something. Today, how do you do KYC? It’s enormously costly, pretty much paper based and low trust. How do you know the people representing the company is indeed authenticated? Today, everyone takes all the paperwork and redoes all these checks, which is avoidable repeated cost. With the GSTN API, you can do this because you already have a GSTN ID and people who are signatories of the company have their IDs are attached so you can actually authenticate a company.
The GSTN system is expected to handle 3-4 billion invoices every month each having 100 to 200 line items. Unlike Aadhaar, GST is going to be a big bang rollout and not a gradual one
The second big influence we could bring in is build vs buy. Generally in any large system like this there is this question. Should we just buy a system and customise? Here at the GSTN, we said we will build because anyway you won’t get what you want (if you buy). And you have some heavily customised product that you have no control over because you don’t have the source code or the intellectual property. How can you build a national, critical infrastructure where control of the IP and source code is not with you? So we said, it has to be built and it has to be built using open source.
The third one was about using open source to build. So it was also very much debated. When we put out the RFP saying open source be used, there were enough complaints! Thankfully we had a good strong committee. In addition, MeitY policy already articulates this clearly. Q: How are APIs going to help? A: It’s a fundamental belief. People like us who build digital infrastructure believe that a solution in a box is never possible in a large diverse country like ours. We cannot have one guy saying that I know the solution, here’s my app, and it solves all the world’s healthcare problems or education problems. We must always take an infrastructure building view especially when building public goods. Open APIs are fundamental for creating well encapsulated building blocks that others can use to further build specific solutions.
The GSTN has done the right thing in building APIs first and then building portal which works off the same APIs. Ecosystem partners who are building products for SMEs etc can also get access to these APIs and allow end users to use their app
In the case of GST, how can we expect one portal will serve the needs of very large companies as well as small SMEs? That too with different language skills, different technology needs, etc. The GSTN has done the right thing in building APIs first and then building portal which works off the same APIs. Ecosystem partners who are building products for SMEs etc can also get access to these APIs and allow end users to use their app. For example, if one small SME is using MS Word to create invoices, it should be as easy for them to upload those invoices right from MS Office to the GSTN. Tax filing should be integral part of doing business and not as a painful, costly extra process.
It is also based on the belief that you can never build an app that fits all. For a small SME sitting in a small town in Tamil Nadu may need a much simpler app on her mobile in Tamil. How can you say the same portal should also work for a large company having millions of invoices? It is unfair to expect government to build many apps. While there is a common portal to get started, we must let entrepreneurs build specific solutions to meet the needs of people. Q: If you look at India right now, there’s this whole digital revolution that’s happening. How do see this playing out and data tying into this? A: Again, I just want to say keep it simple. It’s not confusing. Do we have a choice not to digitise? In my opinion, whether we like it or not, internet and mobile phones and digital platforms are here to stay. When this happens, there is an explosion at which digital footprints are created, every interaction is creating a digital footprint. Unfortunately if we do not design the systems and laws correctly, this data will stay very concentrated with few entities. That should never happen. I think India has the golden opportunity to fix that upfront. Q: The technology sophistication of Aadhaar and GST is enterprise class. What are the main features? A: Within the Aadhaar system, 600 million plus authentications are done every month now. A billion plus people are already in the database. The GSTN system is expected to handle three-four billion invoices every month each having 100 to 200 line items. Unlike Aadhaar, GST is going to be a big bang rollout and not a gradual one.
For such scale and national critical systems, reliability of the system is very important. It’s about having a failure resilience within all components of the system. Most important, it’s about the re-factorability of the system. That means, knowing that you will not get everything right in the beginning, how do you constantly re-factor so that years later you still have an evolving system. You don’t want an ageing system. You want a system that can easily adapt and evolve.
Most important, it’s about the re-factorability of the system. That means, knowing that you will not get everything right in the beginning, how do you constantly re-factor so that years later you still have an evolving system
When you say enterprise class, for me, it’s about reliability, well designed security, resilience to failure knowing failure happens, and most importantly re-factorability. Then there are the obvious must have features such as scalability, traceability etc. Q: In your opinion, what are the constituents of digital india? Not the government program called Digital India, but what are the constituents of India as a digital nation? What are the blocks? A: I think, there are primarily three parts to it. One is the physical infrastructure, the connectivity. All that falls into that bucket. National fibre network, telcos expanding 4G network, TRAI’s initiative on public WiFi, etc. are all part of that.
The second one is a software stack that will allow a billion people and millions of companies to digitally interact seamlessly with low cost and high trust. So the real question about India Stack was not about anything else. It was about creating shared infrastructure on which inclusive services can easily be built in a cost effective fashion. These days, with India Stack, a bank or MFI can now effectively offer their services to much wider use base without high cost. Otherwise, everybody has to build their own vertical stack, right? Does anyone write a web server anymore? I wrote a web server in 1995. It’s stupid to write a web server these days. Why? Because of commoditisation of infrastructure layers.
Also read: To pay or not to pay GST, mull bloggers, app developers. There’s no escaping it, say experts
What is commoditisation really? Creating shared infrastructure. So that you and I don’t have to write a database or web server anymore. We have to do it at scale. So,the digital software stack is a shared infrastructure that allows very easy assemblage or solutioning. People who build solutions can assemble something much faster and cheaper today than 10 years ago.
The third part of Digital India is digital literacy. That’s huge and necessary for a country like India. It’s about literacy, awareness, behaviour, thinking what’s right and what’s wrong. Physical society evolved over centuries. But, we don’t have centuries unfortunately, with the digital world. It’s happening in a decade. I am afraid there is no simple answer but to constantly evolve!
FactorDaily’s journalism is produced by some of the best brains in the story-telling business. If you like our body of work – deep reportage, domain specialist write-ups, data stories, podcasts and the like – consider supporting the FactorDaily journey.