Naavi.org

Pegasus as a surveillance tool is known for some time. It is also known that “Intelligence” is a part of every Government’s activity not only in India but elsewhere.

Amnesty International and the news agencies like Wire.com have no credibility to be given serious attention to when they bring out any report against the Indian Government. They are part of the Cyber warfare that we have to tolerate just like the terrorist attacks we need to tolerate from time to time.

According to the latest report, Amnesty International says that the list of phone numbers were “Potential Targets” and they never claimed they were actually targeted. If some body claims that X was in the list of surveillance target and X was targeted because he was anti Government activist, it does not explain why Y was in the target list though he was a pro Government person and why Z was not in the target list though he was a rabid anti India activist.

When a Virus spreads, it spreads through various means and not all virus attacks are targeted attacks. While NSO may claim that Pegasus infection is controlled and it can be used only by authorized Government agencies, there is a possibility that hackers may have a way of stealing the infection code from one authorized entity and use it in another context.

The above screenshot shows that pegasus is a name used for other malware also.  It is possible that we may confuse another clone malware that other private hackers may also be using to what our politicians are referring to. (P.S: Please donot download any software from the site referred since it may infect your computer.)

Pegasus of NSO costs a few crores of Rupees and the Company claims that it will be sold only to Government agencies after some verification. But it is possible that it can be bought by some Government which can leak it to hackers. There are many Governments including the Pakistan and China Governments who may posses this software and may use it against India.

We therefore need to take the controversy with a pinch of salt and consider it as a passing strategy to disturb the Indian Parliament so that the Government function is diverted.

Though there is a Privacy issue involved, the facts are insufficient to conclude that the Government was involved in surveillance on a wide scale as is alleged by the politicians. If there was selective surveillance of some, it has to be weighed with the security concerns and the legitimate right of the Government to gather intelligence.

In responding to the controversy, Mrs Meenakshi Lekhi, the Chair person of the JPC on PDPB2019 has stated that the controversy is a ploy to delay the passage of the Bill.

Though the Bill by itself may not prevent such incidents in the future, if the Data Protection Authority is in place, the fight which is presently going on in the Parliament would shift to the office of the DPA and the Government would be left to do its work. At least for this, let us hope that the Bill will be introduced in its final form during this week.

Naavi

Also Refer:

Is the Pegasus technology good or evil….Business Today article

Amazon blocks NSO linked accounts

TransUnion is a well known company in India. This company silently acquired 92% of the shares of CIBIL which was earlier held by many Banks in CIBIL.

The mystery of this acquisition in which a company owned by several public sector banks by a US based private sector company is a matter of case study. No Sucheta Dalal nor Subramanya Swamy got wind of this acquisition and press and media including Mr Arnab Goswami were in the dark.

In the process, TransUnion CIBIL became the controller of sensitive personal data of 1000 million Indians. The sensitive data consisted of demographic data, financial data and profiling data leading to personal credit rating. The personal credit rating is used by many Fintech companies for automated decision making for decisions on lending, fixing of limits on credit cards etc.

The value of such data which continues to grow and bring in revenue to TransUnion CIBIL is worth exploring.

If we take the dark web value index 2021 as a base these data sets are valued not less than $25 per data set to perhaps even $200 and over. Unfortunately the share holders of these Banks (SBI, Union Bank, IOB, etc) represented in the  diagram showing the share holding pattern in 2001,  never came to know of this lucrative buy out and the watch dog SEBI perhaps also missed its duty to ensure that the minority share holders got their dues. All this perhaps was technically well executed within the law since the only organization which was in the know of the things at that time was the RBI and the Finance Ministry during the last days of P Chidambaram and the early days of Arun Jaitely.

Now an interesting case has come to light in USA where a class action suit filed against the Company for damages of around $40 million has reached the Supreme Court.  The suit was prompted by an incident when a dealer of Nissan automobile was checked for his credit rating using TransUnion in which the report noted that the name of the dealer appeared to partially match two names included in the Federal Government list of people barred from conducting business in US because of national security concerns.

The report had wrongly identified the dealer with some terrorist names ( A similar incident had once identified a major fraud in a Bangladesh Central Bank in the SWIFT system). 8184 others had joined with the dealer and launched a class action suit against TransUnion out of which similar data of 1853 had been released by TransUnion earlier.  Indirectly these 1853 persons were flagged as terror suspects.

A lower court had determined a $40 million damage which was on appeal at the Supreme Court.  The Supreme Court (in a 5-4 ruling) appears to be considering lowering of the damage since not all 8185 of the participants of the class action suit had suffered the real damage like the 1853 persons.

See the full judgement here

The final decision of the Supreme Court will determine the “Value of Damage” caused by a wrong profiling of a data subject. It would be interesting for us to watch the final outcome.

This case could provide a guidance to valuation of damage caused by a wrongful handling of personal data profiling and disclosure and could be a precedence that we may all refer from time to time.

Naavi

Also Refer:

amisuccess.in

CBI Enquiry is required for finding the truth behind TransUnion taking over CIBIL

Is TransUnion-CIBIL guilty of Accessing Critical Personal Data through surreptitious means?

Data is making news in India and elsewhere for various reasons. In India discussion is going on on Personal Data Protection Bill 2019 (PDPB2019) on whether the Bill will introduced in the Parliament in the monsoon session or not.

Dogecoin co-founder has created a global stir stating that Crypto Currencies like Bitcoin are a “Scam”.

Elsewhere organizations like FDPPI are shouting that Value of Data has to be visible in the Balance sheets.

On the horizon lurks the proposed “Non Personal Data Governance Act” in India which may define a new business called “Data Business” and enable even manufacturing companies to come up with a “Data Monetization Plan” to boost their revenue.

The manufacturing industry on the other hand is trying to transform their production system to “Industry 4.0” framework where data drives production. 3D printing has the potential to change the entire manufacturing sector.

Quantum computing says that Data can simultaneously exist in different forms (Super positioning) and can be twisted from remote location (entanglement) to change data values raising questions on the information security technology as is prevalent today.

In the midst of all these discussions, Business is pursuing the question of how to leverage data in making better business decisions. This is the thrust to creating “Data Driven Organizations”. Most of the IT Companies consider this “Digital Transformation” as the future of their business marketing profile.

In this context, Techmedia plus is organizing a webinar during the CXO Tech Summit 2021 on “Building a data-driven organization” to discuss the trends and challenges in building a data-driven organization.

While “Data” is a key driver of business in all IT Companies, the role of data in manufacturing sector leading to Industry 4.0 scenario requires an in depth debate. With India proposing to get into a legal regime for monetizing Non Personal Data, there is a need to ensure that an awareness is built in the industry on how to leverage data for better decision making in the business. The restrictions on the use of Personal Data places a premium on technologies like “Anonymization” that converts personal data to “Non Personal Data” so that the Data Analytics industry can harness the benefits of data. At the same time with increasing cyber threats, “Security” continues to be a concern for data availability, data reliability and data confidentiality.

One of the reasons that corporates are unable to allocate sufficient attention to data management for business is that the top managers of a company donot have a clear visibility of the value of data which is in their custody. Only when hackers remind them from time to time with ransomware attacks, do corporates realize that they have millions of dollars worth data in their custody. It is therefore time that we try to bring better visibility to data as an asset in the hands of a company. It is notable that FDPPI (Foundation of Data Protection Professionals in India) which is often referred to as the “Dada of Data Protection in India” has taken steps to suggest that bringing data value into balance sheets is one of the suggested controls in the PDPSI (Personal Data Protection Standard of India) framework for evaluation of PDP-CMS (Personal Data Protection Compliance Management System) system and calculation of the DTS (Data Trust Score).

Naavi is slated to speak to Data Valuers in Bangalore on Saturday on data valuation and lead a panel discussion on building a data driven organization in the CXO summit 2021 on August 18, 2021.

Look forward to interesting discussions with experts in the industry on both topics.

Naavi

Naavi.org ahs been running a sustained campaign advocating a ban on Crypto Currencies (Privately created and managed, like Bitcoin) in India. Time and again it has been pointed out that

1.Cryto currencies are the currencies of the criminals and cyber crimes can be brought down if Crypto currencies are banned

2.Crypto currencies represent “Digital Black Money” and Modi’s Demonetization and elimination of Black money will be meaningless without banning of Crypto currencies

3.India can take a global leadership stance by banning Crypto currencies and campaigning for other countries to do the same.

4. Mining of Cryptos is a huge burden on the electrical consumption in the country and is unproductive

5. Release of Cryptos into the legit monetary system will create a tsunami in inflation

6.Legitimization of Cryptos will help China and Pakistan to meddle with Indian economy and money supply.

7.Legitimization of Cryptos will assist funding of terrorists and Naxalites in India

So far there is no support from a large section of bureaucrats on the proposal. Despite RBI trying to place a ban, the Finance Ministry is stalling the idea. The Supreme Court gave a strange decision based on technicalities that was meant to support delay in the banning of cryptos.

Now I bring to the attention of the Supreme Court as well as the Ministry of Finance and Ministry of Electronics and IT that the co-founder of Dogecoin with a market capitalization of over $24 billion has released a series of tweets reproduced below which needs to be taken note of by Mr Rajiv Chandrashekar and Mr  Ashwini Vaishnav who have assumed charge as ministers in the Meity.

Refer article here

Do we need a better endorsement for banning of Crypto currencies in India?

Naavi

The Monsoon session of the Parliament is expected to take place between July 19th and August 13. Some information on the bills likely to be discussed have appeared in the media

It does not appear that the two key bills which were scheduled to be lead by the MeitY, namely the  Personal Data Protection Bill 2019 and the Banning of the Crypto Currency Bill may not be discussed in this session also.

We may ignore the reasons that are appearing in the press about the Chairman of JPC becoming a minister or that the Crypto bill still needs fine tuning. These are excuses to defer the passage of the bills since there are powerful lobbies which donot want these bills to be passed.

Data driven companies want more time to complete their data laundering business and Criminals want as much time as possible to convert their black money into crypto currencies.

It requires strong willed politicians and bureaucrats to push the bill. Mr R S Prasad made a statement that he would push the passage of PDPB 2019 which cost him the minister ship itself.  The Crypto bill is in the hands of Mrs Nirmala Sitharaman who wants to avoid upsetting the powerful lobbies who want the digital black money to be available for all their nefarious activities.

We hope that there will not be  another major data catastrophe and a ransom ware attack on a Government body to make the Government realize how important are these two legislations.

Naavi

We congratulate the team at Root64 which in association with the420.in has created a centralized online database of Nodal Officers /Contacts of various intermediaries and service providers.

You can find any Nodal Officer connect through this search engine under the following link.

Find Nodal Officers

We congratulate Mr Amit Dubey, the Chief mentor of Root64 foundation.

Naavi