Digital India Act-9 : Digital Media Disclaimer

One of the challenges that the Cyber World is facing is in maintaining the trust worthiness of the Internet content. In the coming days there will be increased use of ChatGPT tools by consumers and it is essential to retain the integrity of these applications to the extent possible by adopting appropriate regulatory oversight.

We have already discussed the need for “Accountability and Transparency” of AI algorithms which include a declaration of the owner of the algorithm in all the outputs. The main responsibility for this has to be taken up by the AI based service providers since the algorithm developers would be hiding behind and cannot be easily located. Hence AI based service providers would be held liable for any bias that may be inherent in the algorithm and it would be their responsibility to demand accountability from the AI developers.

Similarly, the Digital Media of the day which create the Internet content and is used as a training base by ChatGPT/Bard etc., needs to also show some accountability. It is well understood that “Hallucination Error” of AI is the responsibility of the Code developer but the “Bias” is created by the training data input. This is easily manipulated by creating an eco system of motivated news spread through the Internet either in the form of Digital Media, or Individual Blogs.

We are aware that Bitcoin authentication frauds can be committed by fraud syndicates taking over of majority of nodes. Similarly by controlling narrative in more than 50% of Internet content on a specific topic, it is possible to inject bias in the AI algorithms that pick up training data from Internet for reinforced learning. While it may be difficult or impossible to poison 50% of the web content, it is possible to create such biased mass of content in respect of a specific issue.

For example, it is possible to create a mass of content on “Adani” or “Khalistan” or “Islamic obligations” etc where more than 50% content may argue that “Adani” is a stock market manipulator, Khalistan is a popular freedom movement or etc. by pumping in articles of a specific nature in the training data/Internet data.

In all such cases, motivated actions of the interested groups cannot be countered by sufficient number of counter views. Hence it is inevitable that the output of AI algorithms like ChatGPT will eventually get corrupted. The corrupted outputs will in due course become the most accepted world view.

If ChatGPT was relied upon when Socrates said Earth is round while everybody else (other than ancient Indians) believed it to be flat, then science would have to struggle harder than it did to establish its credibility.

Currently, a large part of Digital Media is supported by motivated persons like George Soros who invest large sums of money to maintain a hoard of organizations and journalists to spread a prejudiced view have the capability of introducing bias into the ChatGPT4/5 or Bard.

I therefore advocate that as a part of the Intermediary responsibility in India, all Digital Media should be made to declare through a disclaimer the association with a funding agency whether it is George Soros or others.

Naavi had suggested in 2001, the service called “Lookalikes disclosure” (Visit lookalikes.in for more details) to meet the Domain Name disputes arising out of clash of domain names. Similarly a time has come to suggest that every website provide a disclosure “I am not associated with George Soros” or more generically “This website provides independent views and is not funded by vested interests” (Or some thing similar).

Such disclaimers should be considered as “Due Diligence”. Ideally every website expressing “Opinions” should declare its ownership and alignment if any to specific national, political, religious or racial interests.

Just as products are certified for country of origin, Vegetarian or not, etc, websites, blogs, Youtube channels etc can carry Trust Seals indicating their affiliation or neutrality which will be subject to review by the public.

Hope Meity considers this suggestion to be suitable included in the due diligence requirements of Digital Media.

Naavi

Refer:

George Soros vows to fight PM Modi and Nationalists: Here are some Indian ‘intellectuals’ and NGOs connected to him

Is George Soros trying to influence Karnataka elections through his proxies? Here is what a report says

How George Soros’ Propaganda Machine Has Corrupted The Media

Posted in Cyber Law | Leave a comment

Digital India Act 8: Regulatory Oversight on PlayStore/AppleStore

One of the objectives in regulating the Mobile App ecosystem is for the regulators to have a check on the Google and Apple Playstores. These Playstores are “Intermediaries” through which apps get downloaded and hence are liable under ITA 2000/8 for due diligence and ensuring a reasonable security against malicious apps.

At present Google/Apple will check the technical compatibility of the apps submitted for approval and implement the US laws of Privacy to the extent they can check. The legal compliance is not based on Indian law and cannot be expected to be perfect. As a result the permissions allowed can be misused. A continuous oversight may be difficult for these tech companies.

To strengthen this mobile app ecosystem, it is necessary for a secondary filter of “Compliance to Indian laws” by the apps available on the Playstores. This could be expected of Google/Apple as an Intermediary responsibility of due diligence under ITA 2000 but it is unlikely that these organizations could fulfil this responsibility satisfactorily.

It is therefore suggested that the Government of India encourage indigenous organizations to audit mobile apps and provide an assurance of compliance to Indian laws. Such organizations can be independent of the regulator so that the regulator does not get directly involved in the assurance. However, the regulator (Data Protection Board) may suggest a broad criteria for registration of such organisations (like the consent manager registration) and accredit them. They can be subject to peer monitoring where apps assured by one organization can be re-assessed by other organizations and a “Peer Evaluation” can be published.

Adoption of this system by app developers can be voluntary and it can be left to the users to bring consumer pressure on app developers to get this assurance. If more Indian app developers adopt this approach of getting “Certified” as compliant to the Indian Cyber Law (DIA and DPDP Act), they will carve out a special niche in the mobile app world which will add value to the app.

Since these apps are also certified by Google and Apple, the technical compatibility requirements would be taken care of by the Google/Apple and only legal compliance is taken care by this second factor authentication of the app.

To accommodate this scheme, it is recommended that the DIA may introduce a category of service providers designated as “Application Certifiers” which will be another category of intermediaries and work out regulatory advisory for their operations.

Naavi

Also Refer suggestions by Mrs Karnika Seth

Posted in Cyber Law | Leave a comment

DPDPB 2022 Proposal on Free Cross Border Transfer is against National Interests

In a statement which was attributed to the MOS Sri Rajeev Chandrashekar, Economic Times reported that there is a proposal to allow “Cros Border Data Flow by Default”.

Just like “Privacy By Default”, the proposal suggests “Free Data Transfer by Default”.

This proposal is fundamentally against national interests and needs to be opposed.

All of us agree that “Data is an asset of value”. It has value as raw data, as Corporate data, as personal data, as sensitive personal data, as critical personal data or even as anonymised non personal data. If these are transferrable by default it is like having a “Free Border”. Even if we declare that China and Pakistan are negative list countries, if we consider Singapore or Thailand as default transfer countries, what prevents a Chinese data buyer to target the picking up of Indian data from those countries?. How will we prevent Aadhar data or health data or Indian defence data, Scientific data etc not to be transferred freely to another country?

We had one such instance in the past when sensitive personal data of 500 million Indians were transferred by CIBIL to a US Company by change of share holding from Indian Banks to the TransUnion. This was done during the last days of Mr P Chidambaram as Finance Minister and not questioned by Mr Arun Jaitely. (Refer this article)

Any data of an Indian which is unclaimed is automatically a sovereign data. Hence all personal data are “Potential National Asset” and has to be preserved in the interest of the nation. If the data is a valuable picture or a crypto wallet number, it may have huge financial value which cannot be allowed to be transferred freely to foreign interests.

It is not surprising that Nasscom supports this view of “Free Data Transfer out of India” since for long Nasscom has been in favour of the BigTech and always thinks of the benefit to the foreign interests.

I also note some other experts such as Quantum Hub Consulting also holds views similar to Nasscom .

I also note Mr Rahul Sharma of “The Perspective” as well as Mr Vinayak Godse of DSCI seem to favour the thought of “Cross Border Personal Data Transfer by Default”.

I urge all these experts not to be swayed by the propaganda of media channels and think of what is good for the country. As long as we consider Data to be an asset of financial value, providing unregulated transfer outside India is against the economic interests of the country.

While we readily accept that EU can introduce Data Localization without calling it so and Adequacy principle without calling it a positive list, when India tries to bring in similar restrictions, there is an opposition. I donot see any logic in this. It appears more like a colonial mindset and letting foreign countries treat India as a whole as a “Data Colony”.

The earlier proposal spoke of “Data Protection Zone” like “Data Embassies”. (which was also attributed to Mr Rajeev Chandrashekar ). In this concept, each country could set up a Protected Data Processing zone to ensure that the personal data of their country when processed in India could be regulated as per their law.

We are aware that the European Nations like Portugal, France and later the East India Company started with similar permitted areas of operation and later extended to the occupation of India as a whole through deceit.

This could happen even in these Data Embassies if these embassies are not restricted to processing of personal data of their country citizens alone and not the data of Indian Citizens. This was however not intended in the proposal and hence it was hailed as an innovative measure.

The current proposition of free data transfer by default will hinder the national security since financial transactions of criminals and corrupt people will not be traceable by ED or the IT departments. MHA will not have trace of terror funding.

In view of the above, I consider that the proposal of “Free Cross Border Data Transfer by default” is anti national and has to be dropped immediately.

Otherwise opposition parties like TMC or Congress will tear into BJP in the Parliament and ensure that this Bill will be shelved once again…

Naavi

Posted in Cyber Law | Leave a comment

DPDPB2022: Negative List for Cross Border Data Transfer..Is it a bad idea?

In a widely circulated media report today, it is indicated that the Government will be following a cross border personal data transfer in DPDPB2022 by indicating a negative list of countries to which data may not be transferred, leaving a large number of countries to which data can be transferred freely.

Identical stories indicating a PR release have appeared in ET, INC42, BS, DH, Telenet, Beamstart, newsncr, shafaqna, cxo-today etc. Most of these articles appear to have originated from ET. It is surprising to see even Business Standard quoting an article from Economic Times. Normally publications like Business Standard publish news directly gathered by them and not repeat the article from their rival publication. But this time it has reproduced the entire article word for word and even acknowledged the source as ET. We are aware that ET has in the past is known to have published planted stories trying to create an opinion convenient to the large industries.

We donot know if this is one such planted story. We need to await the final version from the MeitY to understand if this is the correct version of the Government.

For the records, the Minister has been quoted to have stated as follows:

At one place it refers to the source as a “Top lawmaker” and in another place it quotes the name of “Rajeev Chandrashekar, MOS”.

As could be expected, the move has been welcome by Nasscom and some other experts who hail it as the right move to avoid disruption and improve the ease of doing business.

To me however, this move if it is true, appears to be a retrograde move that shows the colonial subjugative mindset of our Government that accepts the GDPR prescription of “No Transfer without Adequacy” but thinks that we should give a “By Default permission to transfer data”. I donot understand why we should not keep up the earlier version which indicated that there would be a “Whitelist” of countries to which data can be transferred.

“The centre is likely to notify a “negative list” of countries to which data pertaining to Indian users cannot be transferred, a top lawmaker told ET.

This change is being mooted in the upcoming draft of the Digital Personal Data Protection Bill (DPDPB), 2022.

As a result, cross border data flow will be enabled across all countries “by default” unless a nation is on the negative list, the minister of state for electronics and IT, Rajeev Chandrasekhar said.”

Placing any country in a “Negative List” is considered as an “International Sanction” and could be either opposed as a bad foreign policy or countered with reverse sanctions.

On the other hand, a “Positive List” would have enabled India to have an across the table negotiation on equal terms.

It was Mr Rajeev Chandrashekar himself who had told earlier that they would create “Data Trust Zones”. That was a very innovative thought. The current proposal is a dilution of the Cross Border Transfer restrictions and is against the policy that could have encouraged more data storage business in India.

I wish the report in ET is not true. It could be a manipulated report of some remark made by the Minister.

Naavi

Posted in Cyber Law | Leave a comment

Chat GPT: Destroying the Trust in Internet

When Internet was first introduced with the World Wide Web, the world was excited. We all thought that an “Information Super Highway” has been created and it will bring the Encyclopedia Britannica into my desktop. No doubt this happened and for some time, www and information available under GUI was the backbone of many of us converting the information available into more useful niche level knowledge. Most of the time in such exercises, the www was feeding some information which we humans interpreted, gave new meanings and developed into a value added information. Naavi.org creating “Cyber Jurisprudence” is one of the examples of this.

The only thing we were worried at that time was the presence of “Viruses” that would bloat and make the hard disk crash unless they are removed. We were worried that some anti virus software companies may be deliberately creating such viruses to boost their sales. The Internet thrived and e-Commerce gained popularity. With this all our financial transactions got trapped in the Internet world and gave scope for “Virus” to become a “Trojan” and a malware that could commit financial crimes.

At that time one of the suggestions, I used to talk about was to keep the physical Banks separate from Internet and create new E-Banking channels under the laws of E Commerce instead of the laws of Banking. I advocated that Banks should open Internet Banking accounts separate from the physical Banking accounts so that the risks could be contained. But technology enthusiasts did not agree. They combined Internet Banking into physical Banking and all Interent Risks became Risks in Banking transactions for every body. The scope for Anti-Virus or Anti-Malware expanded. These risks are now reflecting in the form of Phishing, Ransomware etc.

Further the development of Social Media made e-mail based interactions much more exciting and brought in real time discussions into our society. We all got addicted and started become part of the “Peer-to-Peer Media”. We started believing Twitter to be more reliable than the news papers or the TV.

As a result of these developments, we have successfully replaced the trusted systems of news in the society, trusted systems of financial transactions and made us all dependent on the Internet based services which are fraught with greater risks.

Any attempt at increasing the security in terms of “Encryption” soon created it’s own monster such as the Crypto Currency which started destroying the economic system and funding cyber crimes and Cyber Terrorism.

The use of “Bots” in messaging services destroyed the reliability of Twitter as a source of user generated news since it became the purveyor of fake news and created a manipulated media.

But all these problems seem to be insignificant when we consider the latest threat that is hitting us namely the “ChatGPT”.

Chat GPT has become a craze but it is likely to become one of the biggest menaces of the society soon.

US seems to be going crazy with the adoption of ChatGPT to replace jobs and to generate content for the web which itself is the feedstock for further training of the new versions of the ChatGPT. ChatGPT will be trained on its own outputs and if its output is inefficient or wrong, it will only get re-inforced and future outputs will become more and more inefficient, unrustworthy. The US courts seem to believe that Judiciary can use ChatGPT to write judgements and US Bar Council may think that robots can become lawyers in the Court.

ChatBots will therefore rule the web world and it will be difficult to distinguish real data from ChatGPT created data.

Today there is an article in The register titled “AI-generated art can be copyrighted, says Us officials -with a catch” . According to this article, US authorities may recognize “Copyright” if content is created by humans using Chat GPT. Considering the skill in asking questions to ChatGPT, it appears that the US authorities are willing to recognize “Dependent Creativity” as copyrightable. In this respect ChatGPT will be considered just like any other tool such as the Word or Power Point that helps in creating literary work with automatic formatting, spelling corrections etc. This view will be contested but soon the supporters of ChatGPT will over ride any counter views and provide acceptability to ChatGPT as a tool that can be used to create Copyrightable works.

The fact that these developments are creating existential threats to the human race is being forgotten in the excitement over this “Innovation”. Just as in the early days of Bitcoin, all of us were so enamored by the technology behind Bitcoins that except for the crazy persons like the undersigned the world was bowled over by Bitcoins and let it become a Frankenstein monster. Today regulators are struggling to reign in the adverse impact of Private Crypto currencies and its ability to corrupt the decision makers and the Judiciary. Indian Supreme Court itself supported Bitcoin at one point of time and if it was not for the RBI with its current generation of policy makers, Bitcoin would have become part of our economic system by now since the bureaucracy politicians and Judiciary had already been compromised to different extent.

A similar situation is now developing in the ChatGPT and AI area. The regulators are hesitating to control the technological innovation and we are sinking deeper and deeper into a hole with each passing day and are likely to reach a stage of no return soon.

I have already flagged this existential threat of Chat GPT going rogue in my earlier articles highlighting the Kevin Roose interview. Now there is another example of how ChatGPT is misbehaving and already showing signs of rogue behaviour. I want everyone to study the following article in The Register

A detailed study of this article would reveal that the questions I have been raising on why did “Sydney” respond the way it did to Kevin Roose are also questions which others in the world are raising. The author of the above article Alexander Hanff has highlighted the fact that ChatGPT declared him dead and invented evidence to substantiate it’s reply. In the Kevin Roose case we rationalized the rogue behaviour as a mischievous behaviour of a creative ChatBot hallucinating in finding the continuity of the conversation. But the Alexandar Haff conversation reflects the “Malevolent nature” which is a revelation of a criminal mind inside ChatGPT.

How did the benign program develop a criminal mind is for the technologists to explain. But for the observers of the AI world who have a balanced view of the need for technological innovation to be balanced with the mitigation of risks to the society, (Let us call these AI-baiters as the AI-Heavy water), the behaviour exhibited by the ChatGPT current version is threatening enough to raise alarm.

The alarm is that we are already getting late in introducing the AI regulation. We need to regulate the development of AI similar to the way we control the Fission and Fusion reactors for energy production in reactors rather than the uncontrolled fission/Fusion in the bombs.

I have been suggesting that we should start our regulations in India by interpreting ITA 2000 in a specific manner introducing accountability for the developers of Chat GPT type of AI tools and make them respsonsible as Intermediaries for any adverse effect created by their tools.

In the meantime, some of the consultants such as Mrs Karnika Seth has developed a full fledged draft law for AI regulation itself. I am providing a link to the draft law which can be discussed separately.

The development of a draft law indicates that if the Government wants to start acting on AI regulation, they can take off quickly. Hope this would be done as soon as possible.

Naavi

Posted in Cyber Law | Leave a comment

Digital India Act-7: Data Monetization

While the DPDPB 2022 was under formulation, Naavi.org had discussed certain desired changes in the law which are available at the following link;

https://www.naavi.org/shape_of_things_to_come/

Amongst the several things discussed, we had discussed some aspects of the new DIA during September 2022. At that time, there was a possibility that there could have been a single Act for both Personal Data and Non Personal Data Protection/Governance. In particular, we refer to the following articles.

Regulation of Monetization of Data in NPDAI and IRCTC issue: Shape of Things to Come..13 (Monetization)

Digital India Act-4: Online gaming

How NFTs can be used for “Wash Trading”

Digital India Act…Discussions-3: Is Blockchain covered under the ITA 2000?…

Digital India Act…Discussions-2: When a Metaverse Avatar abuses another avatar…

Whenever Law feels tougher, Criminals Squeal.. Shape of Things to Come-Digital India Act-1

We may now observe that the new version of the law also refers to a coverage on Monetization .

We need to see how the DPDPB2022 be integrated to the concept of Monetization. Hopefully “Anonymised Personal Data” will be available for monetization under DIA along with non personal data. Some of the suggestions of the Kris Gopalakrishna report on monetization of non personal data may also be included in this Act.

Naavi

Posted in Cyber Law | Leave a comment