China may be developing its own unbreakable encryption system through Quantum Computing

[P.S: This is in continuation of the previous articles “Is it the beginning of the Chinese domination of the globe?…Mr Modi to take note”. and China Working on achieving Quantum Supremacy. In the previous articles, we referred to some of the recent progresses made by China in the field of Quantum Computing and started our discussion on how this may impact the global political and military supremacy. We shall continue to discuss this concern in the current article with the disclaimer that I am only an ex-student of Quantum Physics at my post graduation level and I am presently working in the area of Cyber Law and Cyber Security and trying to flag my concerns. I welcome other experts to join the discussion and correct my perceptions as necessary…. Naavi]

The report “China’s quantum communication satellite achieves scientific goals” and “Chinese scientists break quantum computing world record” it has been indicated that China has successfully established the property of “Entanglement” between two “Entangled Quantum Units” physically separated at a distance of 1200 kms on earth and also an entanglement of 18 Qubits surpassing the previous record of 10.

Entanglement is a property of “Quantum Particles” where by two particles behave in tandem even when they are located in different locations in such a manner that if you change the spin status of one, the spin status of the other will automatically change.

Again in layman terms, if one Qubit in Bangalore is showing a status Zero and its entangled partner is in Mumbai and showing a status One, if we change the Bangalore Qubit status to One, the Mumbai Qubit status automatically changes to Zero even though they are not connected by wire or otherwise. It appears as if the “Entangled Particles” are connected through “Ether threads” (a term introduced by me for explanation) out of the ability of any known physical systems to perceive.

This means data in one place gets automatically replicated in another place (though it could be as anti particles) or it could be what scientific fiction calls as “Teleportation”.

It is envisaged that this property can be used in “Global Hack Proof Internet” and it appears to have been demonstrated in a video call established  between Beijing and Vienna through a multi station communication line based on quantum computing.

The principle is that if any attempt is made to change one end of the entangled pair, it will induce an automatic change in the other end and any unauthorized attempt will make it to collapse.

If these concepts materialize for practical use, China will be in possession of the most secure communication lines which establishes its supremacy militarily. At the same time the high speed of processing that quantum computers would enable would enable China to be able to break any ordinary encryption used in any commercial transactions or Banking or even Bitcoins.

Thus the Quantum supremacy will enable China to build its own secure systems and at the same time make every other system in the world completely vulnerable to attacks from them. Combine this scientific advance with the military vision of China, it will be a victor in any future Cyber war or even a conventional war where electronic controls play a major role. For example, China will be able to decrypt all nuclear commands of other countries and stop their attacks on China while it can launch its own attack without any opposition. Hence whether it is a cyber war or a conventional war, Quantum Computing supremacy would make China invincible.

It is in this context that India, US and Japan need to develop a deterrent mechanism by collaborating on the Quantum computing research.

Will Mr Modi take note?

Naavi

This is the third part of the series of three articles.

Links to all three parts:

1. Is it the beginning of the Chinese domination of the Globe?.. Mr Modi to take note

2. China Working on achieving Quantum Supremacy

3. China may be developing its own unbreakable encryption system through Quantum Computing

 

Print Friendly, PDF & Email
Posted in Cyber Law | Tagged , | Leave a comment

China Working on achieving Quantum Supremacy

[P.S: This is in continuation of the previous article “Is it the beginning of the Chinese domination of the globe?…Mr Modi to take note”In the previous article, we referred to some of the recent progresses made by China in the field of Quantum Computing and started our discussion on how this may impact the global political and military supremacy. We shall continue to discuss this concern in the current article with the disclaimer that I am only an ex-student of Quantum Physics at my post graduation level and I am presently working in the area of Cyber Law and Cyber Security and trying to flag my concerns. I welcome other experts to join the discussion and correct my perceptions as necessary…. Naavi]

In the era of Artificial intelligence, Big data, IoT and realtime computing to solve security and other functional issues speed in the essence of success. Quantum Computing therefore is considered as a tool to beat the best of the super computers in the market to achieve levels of fast processing that can only be imagined in scientific fictions as of today. When we first saw computers, they were of the size of big rooms. Now they sit in miniature form on our palms. The difference this made to the globe is for everyone to see and appreciate. Similarly, Quantum Computers of today may be laboratory models with huge coolers filling up a whole building while the chip itself may still fit into our palms. But in the coming years it is not unthinkable that palmsize computers may interact with the room size lab models of Quantum computing and enable the benefits of quantum computing to reach the levels of personal computers as we see today. Hence the current developments need to be keenly followed so that we in India donot miss the bus…. at least in the next trip.

In Classical computing, computer Chips which process memory and instructions are built on “Transistors” which are at any point of time either “On” or “Off”. From this on-off state of the miniature transistors we interpret data using the binary language. Each bit represents one transistor which can be either representing a binary value of Zero or One.

We put eight transistors in a set and call it as a “Byte” and assign meanings to the status of each of these transistors in combination as letters, characters or numbers and use them to build data. Similarly, for routing electronic current for processing, we create gates that allow or stop the flow of current by designating a transistor into “Allow” or “Disallow” status. The number of such transistors required for representing data or a process execution determines the “Speed of Computing”. Higher the speed better will be the use of computers for real time applications.

(Check out this article for some more explanation)

With the development of Artificial Intelligence, any increase in the computing speed is considered an increased ability to conquer new grounds in information processing leading to economic and military progress.

In the “Quantum Computing”, the “Bits” of Classical computing which are transistors which can either be in a state of 0 or 1 at any point of time are replaced with Qubits. The Qubit is a sub atomic particle (Electron or nucleus of an atom) which can be in different “Spin States”. It may be spinning in one direction which could be designated as a Zero state and it could spin in opposite direction which can be called the One State. The same particle can be considered as not being in a “Certain” state at a point of time but at an “Uncertain State” where we can only measure the probability of it being in Zero state or One state.

Leaving the Physics behind the concept for another forum to worry about, for the Computer technologists, let me state that this possibility of a Qubit being in either a 0 or 1 at the same time is called “Super positioning” and in terms of data representation means that each Qubit can be used not for just representing either a zero or One as in the classical computing but both Zero and One at the same time. This increases the power of computing of a set of Qubits by a factor 2 to the power of n where n is the number of Qubits in the data representation set.

The fastest super computer in the world using classical computing is said to be Chinese super computer called Sunway TaihuLight with a rating of 93 petaflops per second (93 quadrillion floating point operations per second) and consists  (petaflop=million billion). The system has a memory build consisting of 40960 nodes with each node consisting of 32GB memory. The number of transistors used in this computer is  perhaps 10485.76 trillion (if my calculation is correct).

In the Quantum computing scenario, this speed is expected to be achieved by a system with about 50 Qubits. (See this article for a lucid explanation of computing speed in Quantum world) . Presently, it is reported that IBM and Intel are working on a 50 Qubit experimental computer and Google is trying to work on a project with 72 Qubit model.

The reports indicate that China has made substantial progress in practical terms in not only achieving supremacy in the classical computing scenario but also working on practical models of Quantum Computers particularly in the area of achieving higher levels of accuracy with the “Entangled Qubits”. We shall discuss the impact of “Entanglement” in the next article and now focus on the speed of computing achieved with building a Qubit based processor.

 

It is reported that Baidu, Alibaba and Tencent holdings are cometing in quantum computing research to gain a hold in the commercial development of the mother of all super computers based on Quantum computing principles.

We can presume that most of these researches are secretly driven and there is every possibility that US may have also progressed substantially in the field. But it is definitely a fact that China appears to be progressing fast and there is no reason to downplay the possibility that they may achieve a breakthrough ahead of others.

While as a part of the scientific community, I appreciate the work of the Chinese scientists, considering the political leadership of China, the developments need to be flagged in India as a concern. We therefore need to counter these measures with our own research activities both independently and also in collaboration with friendly countries such as US and Japan who may share similar concerns about the progress China is making. At this point of time, I donot trust EU countries since Islamic invasion of Europe and UK is in an advanced stage and within the next generation EU can be completely engulfed by Islam. Hence advanced scientific research knowledge is likely to be more misused in the EU countries than in India, US and Japan though even here we need to be on guard.

I hope IISC and similar scientific research organizations undertake suitable projects so that we can also make some progress towards achievement of computing supremacy through Quantum Computing.

This is the second part of the series of three articles. The first part is here.

Naavi

Links to all three parts:

1. Is it the beginning of the Chinese domination of the Globe?.. Mr Modi to take note

2. China Working on achieving Quantum Supremacy

3. China may be developing its own unbreakable encryption system through Quantum Computing

Print Friendly, PDF & Email
Posted in Cyber Law | Tagged | Leave a comment

Is it the beginning of the Chinese domination of the Globe?.. Mr Modi to take note

It is known that China has made substantial progress in the field of Industry which is threatening other countries including India and US. Unfortunately, unlike Japan, scientific progress in China is discomforting to the rest of the world since China is not friendly with most of the countries in the world and wants to have a military domination over other countries. It is also too friendly with rogue nations like North Korea and Pakistan and makes other countries nervous. It is for this reason that both US and India is worried on the trade front about the Chinese domination.

Now reports are emanating on the Internet that  China has made some outstanding progress in the field of Quantum Computing. On the face of it, this is a matter on which the Chinese scientists are to be congratulated. But seen in the context of the Chinese desire to dominate the world on the political front, the development appears to be ominous.

Quantum Computing is set to re-define the global economy and who ever takes leadership in this sphere, is likely to rule the world in future. Hence the recent developments reported here needs to be taken note of by both the scientific community in India such as IISC, as well as the intelligence agencies in PMO and political pundits like Dr Subramanya Swamy.

The first report that comes to my concerned notice is the article “Chinese Scientists Set New Quantum Computing Record”.

The second report that comes to my notice is the article “China’s Quantum communication satellite achieves scientific goals”

Let’s briefly state in layman’s terms what these developments seem to indicate.

Quantum Computing differs from Classical Computing because of two specific properties of  atomic and sub atomic properties that have come to light under the domain of “Quantum Physics”. One is called “Super positioning” and the other is called “Entanglement”. These concepts make Quantum computing vastly powerful in terms of “Speed of Processing” as well as “Security to make or break the encryption systems”.

A leadership in Quantum computing is therefore a firm foot in leading the globe economically, politically and in military terms. Neither India nor US nor Japan will be able to stand upto China if it establishes firm leadership in Quantum Computing.

I therefore request Mr Narendra Modi to take the lead in calling for a summit with US and Japan only on the aspect of Quantum Computing and its implications on Global leadership and chart out a plan of action to ensure that China does not become a greater problem that what it already is for India today.

I will elaborate more on these developments within my limited understanding as a person who studied Quantum Physics when it was in its infancy and later turned to the field of Cyber Law and Cyber Security. I call upon other experts in Quantum Physics and Quantum Computing to put their heads together and deliberate on the concerns expressed in this series of articles.

PS: This is the first of the series of 3 articles which will be published here and I request readers to read all the three and give their comments.

Naavi

This is the first part of the series of three articles. 

Links to all three parts:

1. Is it the beginning of the Chinese domination of the Globe?.. Mr Modi to take note

2. China Working on achieving Quantum Supremacy

3. China may be developing its own unbreakable encryption system through Quantum Computing

Print Friendly, PDF & Email
Posted in Cyber Law | Tagged , , , , , , | 1 Comment

Interpreting “Personal Data” and “Business Contact Data” under GDPR

Imagine you have constructed a house and let Mr X live there and use the address for his activities for which you have authorized him to.

Does the house belong to you or Mr X?

When Mr X’s authorization to use the house ends, can he keep the house to himself? Can he ask you to demolish the house?, Can he take away the things in the house… both what he himself had bought while he was in service and what you had given him for use? or what you and him together created?

This is precisely the status of a Business E Mail Address that an employer gives to its employee and he uses it for his employment related communication which is called the “Business Contacat Address”.

Now GDPR has a set of prescriptions that apply to Personal Information that is identifiable with a living person. It is interesting therefore to discuss if the “Business Contact Data” is “Personal Information” and is subject to GDPR compliance.

GDPR uses certain terms a bit carelessly creating confusion on the interpretation of some terms. The “PII or Personally Identified Information” is one such term which needs to be distinguished with “PI or Personal Information” but GDPR gives room to interpret the two words as not much different though they should be considered different.

There is no doubt that Business Contact data is “Personally Identifiable” and hence some interpret it as “Personal Information” to be subjected to the regulations.

But if we look at the basic objective of GDPR as defined in Article 1, it is clear that the regulation is meant to protect the personal information of a EU data subject since it is considered important for Privacy Right protection.

But under Article 4(1), “Personal data” is defined as  “any information relating to an identified or identifiable natural person”.

If we look at the basic objective of GDPR along with the example of the rented premises given above, it is clear that GDPR should not interpret the Business Contact Data as “Personal Information” since it is a virtual property that belongs to the employer and not the employee. Being a property of a company, created and used for the use of the Company’s business, it does make sense in considering that Business Contact data such as the E-Mail of an employee as Personal Data.

I hope this would be acceptable to a majority of the companies though some consultants may have  hesitation in accepting this interpretation.

Perhaps over time, this concept will get some clarity in the minds of the users and it would be accepted that Business Contact Data used by B2B business entities remain outside the GDPR.

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Tagged , , | Leave a comment

Virtual Aadhaar ID: More breathing time for laggards

UIDAI announced the Virtual Aadhaar ID system in January and made it available from 1st March 2018 giving time upto 30th June 2018 for AUAs/KUAs to tweak their systems. Then it extended the time upto the end of June. (Refer: Is Private Sector ignoring Virtual Aadhaar ID ?)

Now we understand that UIDAI has provided further breathing time to the User agencies who have so far made no attempt to introduce the new system. According to the UIDAI plans, the current system of KYC where the eKYC provider collects the Real Aadhaar ID (RID), and makes a query through an API whereby all the demographic data attached to the ID is pulled down into a form at the eKUA’s end will be restricted to only those agencies which will be called “Global AUAs”. Others would be allowed “Limited KYC”.

The agencies who are presently AUAs and are not upgraded to Global AUAs would be called “Local AUAs” and would not be permitted to make queries based on RIDs. Instead, they need to implement a new API where a 16 digit input namely the “Virtual Aadhaar ID” (VID) would be taken from the Aadhaar user with or without biometric for KYC purpose. Before providing such a number, the user should have gone to the UIDAI website and generated this 16 digit VID by providing the RID and responding to the OTP.

The Local AUA would get the response from the UIDAI by referring to the CIDR on the back end and return a “Token number” for the authentication which would be stored by the Local AUA as a reference for the verification.

Implementation of this required that UIDAI had to reclassify the registered AUAs and AUAs to implement the new API. The front end of all agencies which used Aadhaar had to be modified to take the input of the 16 digit VID instead of the 12 digit RID. (Refer It is Y2K moment again in India, with Virtual Aadhaar ID).

However despite some prodding, no such change was visible in the industry. No warnings came forth from UIDAI and UIDAI did not even post noticeable warnings on its website.

Now according to the TOI report which  surfaced late yesterday night, a statement has been made by somebody in UIDAI which is not yet appearing in the press releases on UIDAI website even today morning, the deadline for implementation of VID has been extended upto August 31st 2018. The report mentions a “Release” and we can presume that UIDAI will post it on their website by tomorrow.

According to the report,

  1. Banks will be designated as Global AUAs but the telecom authorities and others including e-sign companies would be designated as Local AUAs.
  2. Time is provided upto August 31 for implementation. However from 1st July 2018, a charge of Rs 0.20 will be made on each authentication as a disincentive. This will be a provisional charge which may be waived if the migration is completed before August 1.
  3. If the VID system is not implemented by August 31, UIDAI will be free to terminate the AUA license or impose higher financial disincentives.

Let’s hope that for whatever it is worth, VID system would be in place after August 1, 2018. It will at least avoid further leakage of Aadhaar numbers along with the associated data from the user end as it has happened in the past.

UIDAI has also stated that there would be further improvements in the form of new authentication methods. The “Face Recognition” is also expected to be introduced by August 1, 2018 and could add more security to the system where Global AUAs undertake authentication based on RIDs.

The OTP insecurity will still remain but we need to think of alternatives to OTPs to overcome this problem.

Need for Awareness Creation

The CEO of UIDAI Mr Ajay Bhushan Pandey is quoted as stating that a number of AUAs have tested the new API in their usage environment though no migration has happened. However this could just be a gracious statement meant to boost the morale of the AUAs since it appeared that the industry just did not care and had no intention to adopt to the change. Most of them are perhaps waiting for Supreme Court to scrap the Aadhaar system and hence donot want to make changes at this stage.

I recently had an encounter with a Bank and the officials had no clue of either the biometric lock system or the proposed VID system. If the Bank had sent a circular, perhaps they would have known. This vindicates our observation that even Banks have so far taken no steps to keep their employees aware of the changes that are occurring in the Aadhaar system.

There is a serious concern in some sections of the experts that the VID system will not be used by the users since it is too cumbersome for the less educated users.

The need for education of the masses on the use of Aadhaar is therefore indicated more than ever before since we need to not only tell people why Aadhaar authentication is used but also how to generate VIDs and keep changing the VIDs from time to time.

mAadhaar needs to be upgraded

I suppose mAadhaar application should itself provide an option to generate VID, which it has not done so far. Alternatively mAadhaar download itself should be enabled on VID basis atleast as an option. UIDAI has to show the way for others by implementing the 16 digit input option of VID on mAadhaar immediately along with a provision to change it. The resulting VID can be shared by the users with the Local AUAs as and when necessary without going to the web.

Technical Glitches to be corrected

In one of my recent encounters, I found that UIDAI website could not complete biometric unlocking on chrome browser on my Android phone and I had to download the Mozilla mobile browser to complete it on the mobile at the Bank where the KYC was being done. The Bank’s system which was rejecting the finger prints did not provide a proper error statement indicating that the error was because of the biometric lock and it was only after repeated failures that I was able to figure out the cause and unlock it through the Mozilla browser.

These technical glitches need to be set right by UIDAI as otherwise there will be complaints on denial of basic rights of citizens due to denial of service at the Aadhaar end.

Looking forward to further developments and official information from UIDAI on the extension of time and other issues mentioned above

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Tagged , , , | Leave a comment

California Consumer Privacy Act of 2018 …to be effective from January 2020

After the EU GDPR followed by UK DPA and German DPA, we now have California Consumer Privacy Act of 2018 which has been passed to take effect from January 2020. (See the copy of the text here)

Under the new law, California consumers will have the right to:

know all the data collected by a business and be able to transfer it twice annually for free.

— to opt out of having their personal information sold (but companies will then be able to charge those consumers higher fees).

— to delete their data.

— to tell a business it can’t sell their data.

— to know why the data is being collected.

— to be informed of what categories of data will be collected before it’s collected and to be informed of any changes to that.

— to be told the categories of third parties with whom their data is shared and the categories of third parties from whom their data was acquired.

— to have businesses get permission before selling any information of children under the age of 16.

Remedies
According to the law,

Any consumer whose nonencrypted or nonredacted personal information,  is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action for any of the following:

(A) To recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.
(B) Injunctive or declaratory relief.
(C) Any other relief the court deems proper.
 Exceptions

(a) The obligations imposed on businesses by this title shall not restrict a business’s ability to:

(1) Comply with federal, state, or local laws.
(2) Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
(3) Cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate federal, state, or local law.
(4) Exercise or defend legal claims.
(5) Collect, use, retain, sell, or disclose consumer information that is deidentified or in the aggregate consumer information.
(6) Collect or sell a consumer’s personal information if every aspect of that commercial conduct takes place wholly outside of California.
For purposes of this title, commercial conduct takes place wholly outside of California if the business collected that information while the consumer was outside of California, no part of the sale of the consumer’s personal information occurred in California, and no personal information collected while the consumer was in California is sold.
This paragraph shall not permit a business from storing, including on a device, personal information about a consumer when the consumer is in California and then collecting that personal information when the consumer and stored personal information is outside of California.
(b) The obligations imposed on businesses  shall not apply
where compliance by the business with the title would violate an evidentiary privilege under California law and shall not prevent a business from providing the personal information of a consumer to a person covered by an evidentiary privilege under California law as part of a privileged communication.
(c) This act shall not apply to protected or health information that is collected by a covered entity governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56 of Division 1)) or governed by the privacy, security, and breach notification rules issued by the federal Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Availability Act of 1996. For purposes of this subdivision, the definition of “medical information” in Section 56.05 shall apply and the definitions of “protected health information” and “covered entity” from the federal privacy rule shall apply.
(d) This title shall not apply to the sale of personal information to or from a consumer reporting agency if that information is to be reported in, or used to generate, a consumer report as defined by subdivision (d) of Section 1681a of Title 15 of the United States Code, and use of that information is limited by the federal Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.).
(e) This title shall not apply to personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (Public Law 106-102), and implementing regulations, if it is in conflict with that law.
(f) This title shall not apply to personal information collected, processed, sold, or disclosed pursuant to the Driver’s Privacy Protection Act of 1994 (18 U.S.C. Sec. 2721 et seq.), if it is in conflict with that act.
The Act will be explored in greater details in due course through this column.
Naavi
Print Friendly, PDF & Email
Posted in Cyber Law | Tagged , | Leave a comment