Header image alt text

Naavi.org

Building a Responsible Cyber Society…Since 1998

The “Certified Indian Data Protection Professional” introduced by Cyber Law College envisages that professional working in India need to have a an Indian perspective when dealing with Data protection requirements. Presently, Privacy and Data Protection professionals are so focused on international regulations that they forget that there are Indian laws as well which should actually get a priority if there is a conflict.

India has Information Technology Act 2000 since 17th October 2000 which was substantially upgraded in 2008 (effective from 27th October 2009). The Section 43A and Section 79 rules were notified on 11th April 2011. All these regulations had provisions on Data Protection. Now we have the DISHA 2018 (proposed) and IDPA 2018  (Proposed) which will define the health Sector Privacy law and General Privacy Law.

The International laws such as HIPAA and GDPR are also relevant to India since Indian companies do process information that falls under the jurisdiction of such laws and have to comply by their provisions.

However, there is a need for Indian Data Protection Professionals to understand that international laws operate along with local laws and it is the responsibility of the organization exposed to overlapping laws to ensure that the conflicts if any are managed properly.

Cyber Law College was historically the first dedicated online education venture in India and took upon itself a mission to create a “Cyber Law Awareness movement” which was fairly successful. Cyber Law College extended its educational activities to online platform using Apnacourse.com and added the HIPAA course to its fold. Recently it also added the GDPR course to the online package.

When the IDPPA 2018 (Which Justice Srikrishna committee is expected to release as a draft soon) and the DISHA 2018 (which is already into advanced stage of drafting), Cyber Law College will include it as additional education assets. When all these are integrated into one Certification program, the student would be able to get an integrated view of the entire process.

Though at present, India does not have a Banking sector specific law, there are RBI regulations that itself constitute a Banking sector specific law.

The Certified Indian Data Protection Professional course will therefore cover the following segments.

a) Information Technology Act 2000/8

b) HIPAA-HITECH Act

c) GDPR

d) DISHA 2018 (When introduced)

e) IDPA 2018 (When introduced)

f) Indian Digital Banking Regulations

g) Miscellaneous Relevant Legal Provisions which includes Indian Penal Code, Indian Evidence Act and also UK DPA etc.

Out of the  three courses currently hosted on apnacourse.com platform in the form of Certified Cyber Law Professional, Certified HIPAA Aware Professional and Certified GDPR Aware professional already cover a large part of the existing legal provisions that are relevant to an Indian Data Protection Professional.

Additionally, the “Privacy Knowledge Center” (www.privacy.ind.in), the GDPR Knowledge Center (www.gdpr.ind.in) along with naavi.org and ita2008.in provide substantial material for study by the students.

Cyber Law College therefore now proposes to launch an integrated Certification program which tests and certifies the knowledge of professionals in the Data Protection domain in India through an online examination which would be conducted at periodical intervals.

Like many other initiatives, this will be a pioneering introduction to the Indian Data Protection domain.

I hope in due course this certification will gain the recognition of the industry. I look forward to the support and cooperation of all my friends in the industry.

I also intend to offer this Certification program as a support to generate revenue that can be directly applied to the cause of Data Protection Professionals in India for which the modalities are being worked out and details would be made public in due course.

Suggestions if any are welcome.

Naavi

Print Friendly, PDF & Email

Cyber Law College has already been running three online video lessons based programs on Apnacourse.com namely

a) Certified Cyber Law Professional

b) Certified HIPAA Aware Professional

c) Certified GDPR Aware Professional

As and when Disha2018 and Indian Data Protection Act is passed, an additional program to cover the Indian Data Protection Laws will also be launched.

Combining all these regulations, Cyber Law College will be conducting an Integrated online test. On successful completion the participant will be issued a certificate “Certified Indian Data Protection Professional”.

More details will be announced shortly.

Naavi

June 21, 2018

Print Friendly, PDF & Email

At present date, Quantum Computing stands towards traditional computing like a horse did towards the Wright Brothers’ plane. The horse was much faster, but the plane could move in a tridimensional space. And we all know how the horse and the plane evolved since then, now don’t we?

Geordie Rose founder of D-Wave, 2015

To address this topic and then to place it within a context of potential leverage towards themes such as Artificial Intelligence, Secure Corporate Communications, Competitive Edge towards the marketplace as well as others … it is mandatory to start by clearly defining WHAT computing is and WHERE does Quantum Computing stand out.

So, Computing as we know it

A computer is a device that manipulates data by performing logical operations, hence computing is that precise “manipulation” action which allows data to combine and translate into added value information.

The software is the set of instructions that convey what needs to be done with the data, while the hardware is the set of electronic and mechanical components over which the data operations take place according to the provided instructions.

While the core of our universe is the “subatomic world”, meaning the Quantum particles that make all the atoms’ basic components (Protons, Neutrons, and Electrons) the core of computing (as we, humans, have developed it) consists of two logical statuses, On and Off (1/ 0) and its “base element” is called the “bit”.

So, it is a binary system where the basic components (the bits) can univocally present a status of either “1” or “0”.

Mathematically, the human being has grouped this component in clusters of 8, called “bytes” and the logic behind those bytes is that from the bit to the far right towards the bit to the far left (of the 8), each would represent a base 2 exponential figure, meaning:

  • the bit further to the right is 2 elevated to 0, therefore representing number 1
  • the following to the left is 2 elevated to 1, therefore representing number 2
  • the one farthest to the right will be the 2 elevated to 7, therefore representing 64

 

Now, the core of our “modern” computers started by splitting the Byte into two segments of 4 bits each, from left to right the first 4 would represent a number under the form of a base 2 power, while the other 4 bits  would provide the information about which type of data was to the right: a number, a letter an instruction, other. This was called the ASCII table.

The evolution of computing led this initial context to grow both in terms of numbers of bits applied to deal with the information, as well as the speed at which those operations would take place.

From 8 bits in the mid-1990s we moved to 16, 32, 64 and so on while the speed raised from some megahertz to 1 gigahertz, then 2, 4 and it keeps evolving.

In 1965, Gordon Moore the co-founder of Fairchild Semiconductor and Intel, predicted (based on observation), that the number of transistors in a dense integrated circuit would double every two years for the following decade, therefore so would the computing capacity. In fact, the rate has been observed now for several decades, and that constitutes Moore’s Law.

Quantum Computing

Quantum computers are similar to “traditional” ones in the sense that they also use a binary system to characterize data, the difference lies in the fact that Quantum computers use one particular characteristic of subatomic particles (in specific the electrons), called the “Spin” to account for the status “0” or “1”.

The Spin is a rotational/vibration characteristic of subatomic particles that is “manageable” since it responds to magnetic fields, therefore, and in very, very simple wording, while in “traditional computers, humans control the bit status by applying or not power to a given bit; in Quantum Computers, we can affect the Status “Spin-up” which corresponds to “1” or “Spin Down” which corresponds to “0” by applying either variation to a magnetic field or a microwave focused pulse.

And what a difference this makes!

Once we move beyond the atomic world and start manipulating electrons one by one, very strange things take place.

Note: electrons are the particle of choice by two orders of reason, they are the “easiest” to extract from an atom and they behave and become photons once extracted, therefore, being able to transport information over distance as light wave particles.

Subatomic particles behave both as matter and waves, bearing the extraordinary characteristic of being able to represent both Spin-up and Spin Down status at the same given point in time.

Not to spend a couple of thousands of words describing in detail how this is possible and all the multidimensional implications that it represents (parallel universes and so on …), I will just advise you to take a look at Professor Richard Feynman lectures about Quantum Physics.

Now due to this specific characteristic of Quantum Computers (the Quantum particles), this is the point where any similarity between “traditional” computers and Quantum Computers ends.

Making the picture crystal clear, in a “traditional” computer to test all possible combinations within one set of just 4 bits so the one that applies to a given circumstance may be found, the machine goes about each of the following combinations one at a time.

Taking 16 different operations.

Now, since the Quantum computer’s bits (called Qubits) bear the capacity to represent both statuses at the same time, this process would merely require one single operation on a 4 Qubit Quantum computer!

If instead of “half a byte” (4 bits, like represented above), we speak of the latest generation software that deals with 128 bits, guess what? Analyzing all possible combinations amongst those 128 bits would require exactly one single operation on a 128 Qubit Quantum Computer!

I think that, by now, you are starting to get a picture of the involved potential, still let me give you a “hand” here; a 512 Qubit Quantum Computer would be able to analyze more data in one single operation than all the atoms that exist in the Universe.

And Quantum computing has a “Moore’s law” of its own, instead of the momentum being of doubling the processing capacity each two years, each new generation has proven to be 500 thousand times more powerful than the preceding one.

Going back to the analogy between the horse and the Wright Brothers’ plane, it’s like if they had given birth to the Lockheed SR 71 A Black Bird plane, which can fly at a speed of almost 2,200 miles per hour… now imagine what will happen a couple of generations into the future…

Constraints

Here are some constraints towards the establishment of real to the letter Quantum Computers:

  • The environment

As previously mentioned, the phenomena that allow Quantum computing to be such a powerful tool resides in the ability of subatomic particles to simultaneously represent several states; in Physics, this is called “superposition”.

Now, opposite let’s say to Quartz, which is used in modern day clocks because its molecules present a constant vibratory rate that allows high precision at a wide range of environmental conditions from pressure to temperature, humidity, luminosity and so on …, superposition only happens if no external factors are “exciting” the subatomic particles, meaning the subatomic particles only behave like that before having been exposed to any external factor.

It would be enough to have a Quantum Computer Chip hit by sun light to render it inefficient.

Therefore, a Quantum Computer is basically composed of one chip the size of a finger nail and a support cooling and isolation shell the size of an SUV that ensures the required “sterile” and isolated operational environment, and it costs around $ 25 million.

  • Algorithms

Writing algorithms for Quantum Computers requires the ability of thinking and taking into account the laws of Quantum Mechanics, therefore not the task for a common developer.

Peter Shor, from MIT, has developed one Quantum Algorithm (the “Factoring algorithm”) that led the Intel community to the verge of a nervous breakdown by rendering most encryption keys ineffective. Basically, while the most powerful standard computer would take hundreds of years of continuous processing to get there, if tomorrow any of us would have the chance of bringing home a Quantum Computer with the Factoring Algorithm embedded in a software piece, we could break any RSA encryption in a matter of seconds, making all the bank accounts or electronic transactions that we could “look at” absolutely transparent.

Lov Kumar Grover Ph.D. at Stanford and currently working at the Bell Laboratories developed a Database Query Quantum Algorithm that bears the uniqueness of being able to get the right information over a vast unstructured database over a few seconds. Like finding a needle in a colossal haystack within a few seconds.

  • Particle manipulation

The existing current Quantum Computers are technically only partial quantum, since they are able to use strings of electrons and not yet each electron individually. However, a Laboratory experiment in Australia’s South Wales University has recently been able to do so, therefore, maybe the next generation of Quantum Computers will.

Potential

All of this is something that is being developed “as we speak”.

In 2011 the development stage of Quantum Computers allowed the tremendous accomplishment of calculating in one single operation the expression 3*5=15. Yes, just that …

Now back then (in 2011), Dr. Michio Kaku, who is one of the brightest minds of our era, stated in an interview that it was not clear by when would we have the first operational and useful Quantum Computers.

Four years after, in 2015, D-Wave (a Canadian company that produces Quantum Computers), after having developed a Quantum Computer for Lockheed Martin (the company that amongst many other military assets produced the F-22 Raptor fighter jet), produced another one which resources are being shared by Google, NASA and USRA to perform calculations that normal computers (no matter how powerful they are), are not capable of accomplishing within a reasonable time frame (meaning less than 100 years working non-stop).

This last machine is being used (since 2015) for the purpose of:

  • Artificial Intelligence investigation and development
  • Development of new drugs
  • Autonomous machine navigation
  • Climate change modeling and predictions
  • Traffic control optimization
  • Linguistics

 

Building a Quantum Computer doesn’t mean a faster computer, yet a computer that is fundamentally different than a standard computer.

Doctor Dario Gil, Head of IBM Research

We are flabbergasted by the number of things standard computers are capable of solving and how fast they do it, yet there are several things they are either not capable of solving or it would take them so much time that it would bring us no benefit.

Can’t think of any?

Well, here are some:

M=p*q – If someone gives you a given number M which is the product of two unknown very large prime numbers (p and q) and asks you to find them, although there are only two prime numbers that meet the requirement this is extremely hard to accomplish and would require several sequential divisions by prime numbers until you get there. It is in fact so difficult that it is used as the basis for RSA encryption, remember from above?

By the way, the D-Wave machines are not yet at the maturity point which allows dealing with such extremely complex problems.

Highly advanced alloy leagues – molecules for when electron orbits overlap and while dealing with well-known simple elements, like Hydrogen and Oxygen it is very easy to determine the outcome of such combination H2O or water, if we use highly complex elements while attempting to create new materials, that requires tremendous computing power and trial and errors, because those molecular bonds depend on Quantum Mechanics.

The simplest example can mean 2 to the power of 80 combinations in need of being calculated to reach the solution that leads to a stable molecule, which would take years on a standard computer but just minutes in the current state of Quantum Computing capacity.

The most recent D-Wave computer was successfully used in 2016 by a joint team composed of participants from Google, Harvard University, Lawrence Berkeley National Laboratories, Tufts University, UCS Santa Barbara and University College of London to simulate a Hydrogen molecule. This opens the door for the accurate simulation of complex molecules which may result in exponentially faster achievements with much fewer expenditure achievements in the fields of medicine and new materials.

Logistics optimization – Logistic systems are some of the most complex days to day contexts that humans face which have a tremendous financial impact on the global economy. Let’s consider the example of DHL, this international corporation’s Core Business is based on getting a given physical asset from geography A to geography B within a time frame that its clients are expecting when hiring them. To accomplish that, the company has several “back to back” running services contracts with logistic operators, besides having its own fleet of planes, boats, and cars. Nevertheless, having the entire system optimized even under perfect conditions, where no strikes or natural disasters happen is hard enough because a one-minute delay at reaching a given traffic light may impact the 1-day delay in delivering the asset across the Globe. Quantum computing will allow, through data input from live monitoring sensors across the Globe, to constantly optimize routes and available cargo space, in a way that could easily represent a 600% profit increase over current operational standards or a significant price reduction towards clients, while assuring accurate and optimized delivery timings.

Predicting the future – ever watched “The Minority Report” with Tom Cruise? In the movie, although through a different process, computation was able to show what had over 90% probability to happen concerning potential crimes. Dealing with a complex scenario, the likes of an international crisis, it is “merely” a matter of computing power which can deal with an exponentially larger range of influencing co-factors that may affect the result. A standard computer would take years to reach the most probable outcome of such crisis, long after the crisis had been “naturally” solved, yet a Quantum Computer can show the top 5 most probable outcomes within a matter of minutes, therefore becoming a priceless decision support tool.

 

Artificial Intelligence – to begin with, let’s define Intelligence as the ability to acquire new knowledge and change one’s opinion based on such new information. Now The contribution of Quantum Computing to the potential of AI once again pertains speed and this time around “speed of thought”. How powerful would it be a “mind” that could analyze a complex scenario (like the above-mentioned logistics nightmare of a DHL alike company) and promptly decide which course of action to take and where to improve things in terms of processes by assessing that some established workflow is no longer suitable?

The problem would then be, having AIs making decisions and replacing them with new ones at a rate that humans had no time to understand the underlying motives, hence no saying in the approval/ disapproval of such strategic actions.

Safer communications – Quantum Cryptography, what is it?

We have seen that a Quantum Computer has the power to crack our state of the art current encryption pillars, but if it has the power to crack it, it has the power to create something better.

The problem of what we now can reach as methods of encrypting messages is that all of them depend on pre established keys, either unique or combinations of public and private keys and those keys are difficult to crack but only because of the methodology within reach of standard computers.

Now, Quantum Encryption cleverly exploits the initial problem of dealing with particles that behave like a wave until there is an attempt to observe them when they immediately behave like a particle.

Photons, if paired or entangled using the appropriate language, will each maintain their relative spin regardless of space or time, so four pairs of photons that transport each a status “01” conveyed by their spin, creating, therefore, a qubyte that is represented by “01010101” or any other combination for that matter, will maintain this “information” unaltered for as long as they are not “excited” and any attempt to read the code will immediately destroy it.

This bears the power of effectively creating unbreakable, full proof secure messaging.

P.S: This is a guest post published at the request of  Karl Crisostomo of tenfold.com and has reference to our earlier article titled “Section 65B interpretation in the Quantum Computing Scenario”

Naavi

 

 

Print Friendly, PDF & Email

The New Data Protection Law may be ready for debate

Posted by Vijayashankar Na on June 19, 2018
Posted in Cyber Law  | Tagged With: , | 1 Comment

The announcement that justice B N Srikrishna may be assigned the work of an enquiry to Chanda Kochchar-Videocon loan issue, it was clear that his work in formulating the base draft of the Indian Data Protection Act was completed.

Now some preliminary information on what this law may hold has been revealed in the article in the print.in.

Some of the salient features mentioned there in is

a) The law will be prospective and not retrospective

b) Time would be provided to the industry for implementation of compliance unlike previous laws in India

c) There will be cognizable offences recognized for intentional or rechless behaviour

d) Penalties on companies may be provided for with the protection of “Due Diligence” concept

e) There would be a “Data Ombudsman” who will adjudicate on the “Data Erasure” requests.

f) There would be an appellate authority after ombudsman with further appeal to Supreme Court

g) Consent would be explicit in respect of critical data

h) Critical data  may be required to be stored in India

i) A Data Protection Authority would be set up and may handle registrations of data processors and grievance handling.

This is some preliminary information available. We shall wait for the full draft to be made public for further comments.

Naavi

Print Friendly, PDF & Email

Apna Course introduces an online course on GDPR

Posted by Vijayashankar Na on June 19, 2018
Posted in Cyber Law  | No Comments yet, please leave one

The online training company www.apnacourse.com has introduced a course on GDPR. The course consists of video lectures contributed by the undersigned.

The Course has a focus on GDPR application to the Indian Community.

The Course is entirely operated and marketed by apnacourse.com.

The course is presently priced at Rs 9000/-. Those who can afford to take the course may kindly try out the course.

Any feedback would be welcome.

Cyber Law College will be providing the Certification for all those who take the program after its own evaluation. The details of the Certification are under finalization.

The link to the course is available here.

 

Naavi

 

Print Friendly, PDF & Email

The Dilemma of WhatsApp Ticks

Posted by Vijayashankar Na on June 18, 2018
Posted in Cyber Law  | Tagged With: , | 1 Comment

The Mumbai High Court recently gave an order in which it has expressed its view that when a notice is served through WhatsApp and a “Blue tick” appears against the message in the sender’s phone, it can be accepted as a legally valid delivery for notices. (Refer  report.)

Justice Patel delivering his views stated

“For the purposes of service of Notice under Order XXI Rule 22, I will accept this. I do so because the icon indicators clearly show that not only was the message and its attachment delivered to the Respondent’s number but that both were opened,”

(Refer Copy of Order)

This is not the first time that WhatsApp has been used to deliver a Court notice. This was first used in India in the Haryana Tribunal of Ashok Khemka (See details : Notice through WhatsApp… Mr Khemka’s order)

The Mumbai High Court has used its authority to define a Court procedure and perhaps the litigant is happy. Many other professionals  have also welcomed the move and held it as “Progressive”.

I am not fully aware of the compulsions felt by the Court in this order but would like to point out a word of caution  and call this as a decision that the Court may regret at some point of time in future.

It must be remembered that ITA 2000/8 defines the legal aspects of “Sending”, “Receiving”, “Acknowledging” of electronic messages along with the “Evidentiary Requirements under Section 65B of Indian Evidence Act applicable to electronic documents.

The ruling of the Mumbai High Court appears to have ignored the provisions of ITA 2000/8 and the advocates of  petitioner have conveniently not brought the legal provisions to the attention of the Court. Since the defendant was anyway not represented, the Court went ahead with its ruling without any objection having been raised.

The “WhatsApp” message sent as visible on the sender’s mobile is an electronic document which is recognized under ITA 2000/8. However, it is an electronic document and is available as admissible evidence only if it is certified under Section 65B of IEA. The Court was therefore wrong in enclosing an uncertified print out to its order which it says as a means of “Abundant caution”. It is not clear who took the print out and whether the Judge himself is certifying that it is a valid Computer Output under Section 65B of IEA and becomes a witness.

Secondly, according to Sections 11,12 and 13 of ITA 2000/8, the message (if certified under Section 65B of IEA) may be considered as a message sent from the given mobile which belonged to an authorized officer of the claimant as indicated in the order. This was perhaps sent on 6/6/2018 or later, more probably on 8/6/2018 at around 5.31 PM. There is a blue  double tick to indicate that it could have perhaps been received by the recipient at 5.34 PM.

However, Sections 11,12 and 13 of ITA 2000/8 do not support considering that the message along with the notice (in PDF attachment without hash value) has been received by the respondent whose physical address is available as Flat No 104… etc.

It is not known if a Registered Acknowledgement Due notice had also been sent through Indian Postal Authorities or it has been excused.

Hence the Court has gone under the presumption that the mobile number indicated by the petitioner is in fact the mobile number of the person named in the notice and that the double blue tick indicates that it has been “Delivered” to the recipient. The conclusion that it has been delivered is based on what the claimant must have told the Court and not on the basis of any other evidence submitted.

Since the message itself is not Section 65B certified, it is quite possible to argue that it is not admissible under Section 65B  of IEA though it can still be rectified with a certificate now. But if the message has been deleted in the meantime, then the evidence may not be available for rectification and re-production

Now that a Court has given some kind of a legitimacy to WhatsApp, as a “Courier” and an undigitally signed double tick mark on an automated message as the “Signed Confirmation of the courier”, it appears that a claim will be made on other cases also by advocates or senders of message that he has sent a message and even without the acknowledgement from the recipient, it should be deemed to have been seen because of some extraneous reasons. This could create some issues in future and the Court may have to admit that it was over eager to be seen as techno savvy in producing this order.

We need to wait and see if this presumption would lead to misuse of the trust placed by the Court on the WhatsApp system.

Naavi

Print Friendly, PDF & Email