Doosra, a privacy-focused anti-spam app, helped Indians share a disposable secondary mobile number at public places like supermarkets, restaurants or wherever people are uncomfortable in sharing their number to stop spam. Doosra blocks all calls by default, and only allows whitelisted numbers using the settings in their app giving people control.
The service has been disrupted over the last few months and the firm announced they are unsure when the services will be available again with the Department of Telecom stopping their licence.
Doosra has been unable to provide services to its customers since early December as DoT instructed its Telecom Partner to put services on hold. With their talks failing with the Department of Telecom, Doosra's founder Aditya Vuchi issued a statement offering refunds to customers with no future scope of the regulators likely to resume its services. Doosra has been trying to request number portability for their users who have shared their numbers for services like online services, banking apps etc.
Note from Doosra CEO Aditya Vuchi on their website
The discussions that Doosra's team had with the regulators is unknown, but its CEO Aditya Vuchi has been updating its users over the last few months on the outcomes of deliberations with the regulators at DoT.
Doosra allowed people to use disposable phone numbers to be shared where they didn't trust their data being protected. It allowed people to link random numbers to their personal data creating noise in the system. Any advertiser who wants to contact you would be now blocked by default.
The Advertising industry created mechanisms to target specific consumers using their mobile numbers. One can issue ads over networks like Google Ads which will only reach a set of people whose phone numbers are available to the advertiser. While this allows advertisers to reach specific customers, customers have adapted to invasive data collection by the ad industry using tools like ad blockers. Doosra was providing a similar solution in the telecommunications space.
Companies like Exotel and Ozonetel offer telephony solutions to marketing and e-commerce firms like Uber, Amazon, Swiggy where their service agents can contact people without disclosing the phone numbers of their customers. This is a safety mechanism that has emerged after phone numbers of customers were used to harass them or to target them for fraud by mischievous agents.
Virtual Network Operators provide services to call centres, e-commerce firms to bridge customers and service agents while protecting identity of both end users. Leveraging on this process innovation Doosra offers the same service that large e-commerce companies use to its customers to protect their privacy. Doosra had a Virtual Network Operator Licence to operate this service.
Similar to Virtual Private Network (VPN) services, Doosra offered a Virtual Private Number for anyone who wanted to use a disposable number. Doosra made a business innovation which allowed it to give control to users to block spam. It did this by integrating a technology layer on top of traditional telecommunications services. Providing privacy to users requires this integration at code level.
VPN services offer anonymity allowing you to browse the internet by masking your IP address. Due to the availability of encryption, all the information being sent or received over VPNs is largely invisible to even security agencies. Unlike VPNs or equivalent networks like Tor which offer anonymity, Doosra doesn't offer anonymity.
Doosra by doing KYC of its users has details of all its users and by regulation is required to share these details to regulators and security agencies when required. As Doosra is dependent on other telecom service providers (TSP) for the phone numbers, the TSP directly provides access to all calls, SMS and internet data to security agencies by default without Doosra's role.
Doosra and its founders have been clear that privacy and secrecy are different and they aren't offering secret communications. Doosra provided only a mechanism to block spam by leveraging phone numbers that were disposable. So Doosra was offering privacy to the user with exceptions that allows security agencies to do their work. The Doosra manifesto expressed their beliefs in privacy as a fundamental right.
People often confuse privacy with secrecy or anonymity. India's fundamental right to privacy judgement while offering privacy to citizens, allows exceptions for national security requirements. Privacy offers control to users allowing them to take control over their digital activity. This control in the Indian context is limited to how Indians can participate in a data economy and digital society; this doesn't extend to all scenarios where the nation state has powers to conduct lawful surveillance.
Unlike the internet where the foundation has been with anonymity, Digital India's foundation is based on the identity layer - Aadhaar. India's regulatory paradigm forces identity layers at every digital transaction. Even for VPNs, the regulations from CERT-IN required VPN firms to do KYC and store logs of customer activity. This regulation of linking identity to digital activity forced VPN firms to exit the Indian market.
The shutdown of Doosra shows us how hard it is for Indians to exercise their fundamental right to privacy even in the limited capacity with the state having a backdoor access to all telecom connections. India's laws and regulations do not value citizen's rights in the interest of national security. While the state enforces identity for security, it is ignoring to provide privacy at any stage thinking it harms India's national security.
India's Telecommunications laws and regulations continue to adopt the colonial approach in regulating the industry. The primary aim of telecom regulation is revenue extraction and security of state. The interests of the security state overrule economic interests often. Doosra's case looks like this scenario too, with it having a VNO licence to operate. The Government of India through its regulation makes it hard for any privacy protections to emerge while maximising the interests of the security state.
TRAI in the past has carried out a public consultation to protect privacy of telecom users under RS Sharma, but it did not yield any outcomes with the Ministry of Electronics and Information Technology taking point on the data protection bill. With this incident of Doosra services being shut down, the question of privacy in India's telecommunications services comes back to the forefront.
The problem of telecom spam is a major issue that TRAI has been struggling to address. Its experiments like the TRAI DND app even forced Apple to design new APIs for TRAI to regulate spam on iPhones. TRAI's anti-spam experimentations have consistently failed, forcing users to install apps like TrueCaller and Doosra to solve this issue themselves. TRAI has now taken a stance to display every individual’s KYC details as part of phone caller notifications.
For the Doosra team, further options like approaching the Telecom Tribunal and litigation against the regulators exist. It is unlikely there will be a favourable judgement and Doosra's team hasn't updated the users on what kind of legal options they explored. But for privacy to be made part of Digital India's solutions, it needs to be embedded in the code, software architecture while these systems are being built. There is no ecosystem or place for these technical discussions where it is ensured regulations are being rightly encoded into systems.
Under the new Indian Telecommunications Act, the Department of Telecom has provisions to create regulatory sandboxes to experiment new Telecom technologies. Startups that work on solutions like LiFi, 6G are ideally required to work with DoT to ensure these technologies are deployed after safety testing and regulations. When it comes to privacy, the state is not providing these mechanisms and is not even ready to engage.