While the artificial intelligence-powered, real-time network solution for spam detection launched by Bharti Airtel last week comes as a huge relief to its subscribers, experts say that the company needs to put in place more safeguards to ensure that privacy issues are not compromised.
To begin with, the way Airtel checks spam calls or messages is by analysing the usage pattern of the caller — frequency, call duration, etc. Implicit in the process is that it monitoring the call data records of subscribers.
Though the company said it only tracks calls but does not listen to the content, analysts said a transparent process should be put in place to monitor this. In the absence of strong safeguards, which is independently audited from time to time, there’s a risk of violation of customer privacy.
Mislabelling legitimate calls as spam and risks of other AI hallucinations are some of the other areas which could pose challenges. “Airtel’s AI-powered spam detection is a promising and much-needed step forward, but it is crucial that we find effective solutions for minimising false positives. Mislabelling legitimate calls — whether from businesses or individuals — can disrupt important communication and erode trust in the system,” said Dhruv Garg, partner at Indian Governance and Policy Project and a tech lawyer.
“Access controls and user consent should form the bedrock of such tech to ensure there is no overreach or violation of privacy,” he added.
Rakesh Maheshwari, former senior director and group coordinator cyberlaws and data governance at the electronics and IT ministry said, “While the solution is in the larger interest of user safety, the company should be transparent in their broad methodology and the basis of decision making, etc.”
According to Maheshwari, such transparency can be maintained through a trust and safety section or be communicated through the privacy policy and terms and conditions on its website.
Asked about the implication of the solution with respect to the data protection Act, Maheshwari said this should not violate the principles broadly. Both the government and telecom operators have been coordinating on blocking fraudulent numbers based on complaints received through the Sanchar Saathi portal.
However, there should be full transparency between the service provider and the subscribers, he said.
Once the data protection Act is implemented, firms need to inform subscribers the purpose of collecting any data, apart from seeking consent.
Gangesh Varma, principal associate at Saraf and Partners, echoed Maheshwari’s view for the need of a regulatory oversight. “Airtel’s tech solution to check spam calls largely does not violate users’ privacy. But to ensure that the data are not used for any other purpose, it should put in place a mechanism for an independent audit,” he said.
Varma flagged risks like false positives of the AI system regarding which users may complain. Further, he said, it will be advisable for Airtel to inform users and maintain transparency.
Kamesh Shekar, senior programme manager, privacy, data governance and AI at The Dialogue, said, “Digital Personal Data Protection Act equips users to know the purpose of data collection from the data fiduciaries. Therefore, as a first step, there is a need for a consent mechanism”.
Amol Kulkarni, director, research at Consumer Unity and Trust Society (CUTS), said, “Effectiveness against new ways to defraud remains to be seen. Also, concerns exists on how the data are collected, saved, stored, used and if a user is being tracked.”
Russell A Stamets, partner at Circle of Counsels, too, flagged the possibility of privacy issues with the solution. “Neither Airtel, nor ordinary users can accurately predict how this will work. There is no way the Airtel product can function as they describe it without violating customer privacy.”
Analysts said a better way forward would be the government or the Telecom Regulatory Authority of India (Trai) putting in place uniform standards for checking such spams.
