Naavi.org

In an embarrassing revelation, an Indian security firm “Shadowmap” promoted by Yash Kadakia, has revealed that data about 1200 accounts of elected officials and staff and another 15,000 accounts of EU affairs professionals were disclosed on the web along with the encrypted passwords.

This is being highlighted here not because we are happy that the data has been exposed, but to indicate to politically motivated ethical hackers like “Elliot Alderson” or “Robert Baptiste” that instead of worrying about the data breach incidents in their own country, they are trying to spread false rumors of data breach in India whether in the Arogya Setu or Aadhaar.

If Indian hackers work with similar motivation as Mr Baptiste to defame foreign Governments, perhaps many other Governments EU can also be embarrassed. But I suppose Indian hackers are not largely interested in such unproductive attacks (Except perhaps on Pakistan!).

The entire world is grappling with data security and need to make Internet more trustworthy. I therefore urge that the talented hackers who call them “Ethical”, should help the community to defeat the dark web and criminals who operate therefrom, rather than going after defaming the Government officials who may not be as much talented.

An academic question that arises in this case is “Who is liable under GDPR for this breach?”

Since the EU parliament is headquartered in France, (or is it still Belgium? or Luxembourg?)  it has to come under the jurisdiction of the French Supervisory authority and Mr Baptiste should directly contact the supervisory authority of his country and question them. Technically however, the breach is attributed to whom so ever was responsible as a “Data Controller”. It could be some department of the EU Parliament like our own NIC being a part of the Government. Will it be considered as a separate entity and notice issued? … We will wait and see how committed is the EU Parliament for the cause of data protection.

Perhaps the Internet Freedom Foundation and other similar friends of  Baptiste should issue a notice to the EU Parliament committee to take action.

Naavi

P.S: Also see here:

In the next few weeks, Naavi would be conducting two virtual programs on Cyber Laws .

The coverage would be similar to what Cyber Law College covered during the offline programs with BMS Law College and St Joseph’s Law College some time back.

The first program would be exclusive for a group of IT and IS professionals. The second program would be open to all.

Watch out for the details.

Law Colleges who want to avail this opportunity may make use of bulk discounts which would be made available.

Naavi

Despite the efforts of our honourable Prime Minister to eliminate Black Money in India there is a formidable opposition which is fighting to defeat his efforts.

I draw the attention of the readers to a video containing the views of Dr Subramanya Swamy in this regard .

At the same time, I would like to point out that the biggest support to Black Money comes from the “Digital Black Money” in the form of Bitcoin. Unless we all realize that Bitcoin is the biggest villain and is trying to trap Mr Narendra Modi in a Chakra Vyuha like Abhimanyu was trapped during Kurukshetra. If others donot rush to the help of Mr Modi, he is likely to be defeated in his efforts because there are multiple entities who will surround him and shoot arrows from behind.

I therefore request Amit Shah, in particular as the Home Minister and Mrs Nirmala Sitharaman as the Finance Minister, Mr Ravishankar Prasad as both the Law Minister and the IT Minister, Mr Shaktikant Das as the RBI Governor and other erudite Ministers like Smrithi Irani, Piyush Goyal etc to realize that they cannot stand outside the Chakra Vyuh and ringing  their hands and pointing out to a Jayadratha/Saindhava to abdicate their responsibility to go to the aid of Mr Modi.

We also want the Baba Ramdev and Sadguru to assist Dr Subramanya Swamy who is fighting a lone battle himself, to express their solidarity to the “Remove Black Money from India” campaign and Mr Arnab Goswamy to lend his voice.

I have lost faith in the honourable Supreme Court to be of any assistance to control Black money because Bitcoin has been blessed by a three member bench of the Supreme Court. The CJI is oblivious to the damage the Supreme Court has done to the cause of eliminating black money through its judgement of March 4, 2020 on the Bitcoin exchange operations in India and would hide behind the technicalities of when he can order a review of a judgement to a larger bench and when he cannot. The truth is that either he has not appreciated the damage caused by the “Bollywood Judgement” or does not want to enter the battlefield and let the Country go to dogs.

We therefore want people to raise up and demand from Mr Modi himself why he has not opened his third eye on this issue.

I also warn the IT industry not to support Bitcoin because it is a product of technology. Recently, it is understood that Cognizant had to pay a huge ransom through bitcoins and will perhaps continue to pay more in the coming days. Several other companies have paid such ransom and will continue to pay in the future. Had we all fought for the elimination of the Bitcoin and Crypto Currencies, even if the hackers had succeeded in infecting Cognizant with a ransomware, they ought to have got their ransom in some legit currency system which could have been traced and recovered.

Bitcoin is therefore the main supporting pillar for Cyber Crimes. It is also the support for terror funding, illegal arms trade, illegal drugs trade and all that is evil in the dark web.

I donot believe that all that I have written above is not known to the gentlemen mentioned above who govern our country and regulate our monetary system. They are either conniving with this Bitcoin system or shameless cowards.

Mr Narendra Modi, Mr Amit Shah… Mr Shaktikant Das, Honourable Justice Bobde…. Are you listening?.. Bitcoin is the funding source which will eventually kill India if you donot wake up from your slumber.

Naavi

The Bitcoin industry is gloating with the cryptocurrency platforms seeing nearly three times new users in the last two weeks.  (Refer this article in ET).

The industry should thank the judgement of the following three Gentlemen Judges, the honourable V. Ramasubramanian, Aniriddha Bose and Rohinton Fali Nariman for this happy state of affairs.

Their judgement of 4th march 2020 was a masterful art in the writing of judgements and a text book for Law students. It chastised RBI for drafting a circular banning the Bank’s support to Bitcoin exchanges as a “Disproportional Exercise of available powers” and quashed it. It was a demonstration of the commitment to the principles of good Governance of regulatory authorities and would be making all regulators more responsible in future while exercising any powers given to them under the law.

The Bitcoin industry should also thank the Ministry of Finance, the RBI and the Ministry of Home Affairs who have not so far moved to challenge the judgement.

The Bitcoin industry should also thank the Corona Virus which has given an excuse to Mr Amit Shah, Nirmala Sitharaman and the RBI Governor to take it easy to let the Financial Corona virus called Bitcoin to spread itself far and wide in India.

I suggest that the Bitcoin industry take steps to thank all these gentleman for enabling them  help convert the hard earned savings of so many of Indians which were lying in Banks into the form of an anonymous wealth called Bitcoins so that they can escape the tyranny of the tax department in India.

Naavi

Some times back, I have tried to place before the readers of this blog who are mainly followers of Cyber Law, Information Security and Data Protection some thoughts on the impact of Quantum Computing on Cyber Laws through a series of articles. (indicated at the end of this article).

The essence of the discussions so far presented here is that Quantum Computing changes the way we process data today in classical computing.

In Classical computing, a data holding element can assume the state of Zero or One and will be stable in that state unless it is changed. A combination of such data states read together is what we call as “Data” and give it a meaning as text, sound or picture etc.

In Quantum computing, the data holding element is not a miniaturized transistor or a charged area of a magnetic surface. Instead the data holding element is a sub atomic particle such as an electron or a nucleus. For the time being we shall simply call this as “Qubits” (Quantum bits).  In Quantum computing, processing is carried out in an unstable Qubit state where a Qubits may exist in either a zero or one state and it’s state can only be measured in probabilistic terms.

For certain application, the probabilistic processing is good enough and in certain applications, the Qubits may have to be held in a stable state for a short period when processing happens in a near absolute zero temperature environment so that processing can proceed.

In the last article on this subject in this blog, I highlighted the research which one of my classmates is pursuing in US, on a new kind of sub atomic particles called “Majorana Fermions” which takes the thinking to a level even more minute than the electrons.

Fermions are a class of particles which have a spin state equal to half instead of zero or plus one or minus one. (If you are interested in Physics, explore here)

Majorana Fermions are a class of particles different from the common system of particles called Deric fermions. Deric fermions exist in two states “Particle” and “Anti Particle” with a positive and negative charge (Example Electron and positron).  The Majorana Fermions are like the proverbial Ardha Nareeshwara and they are both particles and anti particles themselves. (Beyond this let us not confuse ourselves at this point of time).

These particles called Majorana Fermions whose existence has now been proved, are expected to be the building blocks of the new Qubits replacing the “Phosphorous Nuclei” which is being used now in construction of Quantum Computers. While the present versions of Qubits are now in the labs and expected to be commercially available in the year around 2030, the Qubits built with Majorana Fermions are expected to reach commercial exploitation beyond 2040.

There is no doubt that the issues raised by this development are issues of the future like the “Global Warming” etc..But in law, they will strike earlier because the “Uncertainty” of data states which these developments represent will render the evidentiary aspects of data suspect in the Courts of law.

Fortunately, the Indian system of admissibility of electronic evidence under Section 65B of Indian Evidence Act is constructed in such a way that electronic evidence created and processed out of the Quantum Computing system whether they are using Qubits created out of nucliei or Deric fermions or Majorana fermions.

Despite the practical difficulty of processing with Qubits, it enables computer processing to be done at a speed which makes all the current security related encryption vulnerable for brute force attacks. This is the biggest disruption that we may see to the classical computer system and the Information security technology. In simple words the use of  crypto systems with RSA or ECC algorithms may no longer be considered as “reliable”.

All our security assumptions including the “Reasonable Security” that we consider as adequate  legal obligation now needs to be revised now.

This document “Preparing Enterprises for the Quantum Computing Cyber Security Threats” from Cloud Security Allianceis an excellent reading material to understand the likely developments in this field. The document is so well written that it does not require any further explanation from my side.

I am aware that the developments discussed here are out of the normal orbit of a Cyber Law or an Information Security or a  Data Security professional. It may also be more relevant beyond our life time and has been provided as a point of record here assuming that Naavi.org will survive beyond our life time. However I am bringing it up here so that young professionals in the age group of 25-30 who are working in the field of Cryptography can start looking at researching in this area so that by the time they turn 60, they will be global thinkers of repute and can take India ahead in cyber security to match the Chinese and US security specialists.

In particular, I invite  our educational institutions such as Manasa Gangothri and more particularly the Physics department or the IISC to take the lead in initiating some research on building Qubits with the sub atomic particles so that we may not be lost out of the race to build the secure computers of the next generation.

Before I end, I want to reiterate that Cyber Laws and more particularly the Computer processing and Data are all concepts which have originated from the branch of science called “Physics” and people like the undersigned who graduated with a study of Physics and are now roaming the field of Law and Computer science can claim to be relevant in this domain as “Computer Science theoreticians”.

Naavi

Earlier articles:

Quantum Cmputing takes a step further: may 10, 2020

Quantum computing and Emerging Cyber Law Challenges… Are we ready? : March 10, 2018

Section 65B in the Quantum Computing Scenario: March 16, 2018

Theory of Dynamic Personal Data: March 31, 2018

In the wornderland of Quantum Cyber Law, Physics is part of the Law specialization: April 3, 2018

The Vast and Far Reaching Applications of Quantum Computing- June 20, 2018

China working on achieving Quantum Supremacy: July 5, 2018

China may be developing its own unbreakable encryption system through Quantum Computing: July 5 2018

Is it the beginning of the Chinese domination of the Globe?…Mr Modi to take note: July 5, 2018

10000 years=200 seconds in Sycamore Processor: October 24, 2019

The High Court of Gujarat in the election petition 3/2018 (Ashwinbhai Kamsubhai Rathod Vs Bhailalbhai Kalubhai Pandav and others) had an occasion to appreciate the CCTV footage as evidence.

This was a case where the petitioner had lost the election by a narrow margin which was less than the number of rejected postal ballot votes. The petitioner contested that the had asked for a recount which was refused and the returning officer had not followed proper procedure.

He had submitted the CCTV footage which showed that a form (supposed to be the request for recount) which was handed over to the returning officer. These facts as to the content of the electronic evidence came for discussion in the trial and the CCTV footage was relied upon for establishing these facts.

The CCTV footage however was not supported by Section 65B certificate and the defendant had relied upon Shafi Mohammed judgement . The respondent had rejected the reliance on Shafi Mohammed judgement and had cited (under para 19.1) the following:

19.1 It is submitted that the CCTV footage and DVD (Exh.56, 57 and 110) can not be taken into  consideration. It is submitted that those documents are the electronic documents and the requirement of Section 65B of the Indian Evidence Act would come in play, which is not fulfilled in the present case. It is submitted that, the decision of the Supreme Court of India in the case of Shafhi Mohammad Vs. State of Himachal Pradesh reported in (2018) 2 SCC 801 as relied by the petitioner, is not a good law on the question of admissibility of the electronic document, but the correct law on that point can be traced in the decision of the Supreme Court of India in the case of Anvar P.V. Vs. P.K.Basheer reported in (2014) 10 SCC 473. It is further submitted that, by the subsequent order of the Supreme Court of India (dated 26.07.2019) recorded on Civil Appeal Nos.20825 & 20826 of 2017 and cognate matters, the said issue is referred to the Larger Bench of the Supreme Court. The following authorities are relied on behalf of the respondent No.2 to contend that, it is the decision of the Supreme Court of India in the case of Anvar P.V. Vs. P.K. Basheer reported in (2014) 10 SCC 473 which should be followed and not the decision in the case of Shafhi Mohammad Vs. State of Himachal Pradesh reported in (2018) 2 SCC 801 as relied by the petitioner. In support of this argument, reliance is placed on the following decisions of the Supreme Court of India.

(i) Anvar P.V. vs. P.K. Basheer, reported in (2014) 10 SCC 473.
(ii) Shafhi Mohammad vs. State of H.P., reported in (ii) (2018) 2 SCC 801 & (2018) 5 SCC 311.
(iii) Vikram Singh @ Vicky Walia vs. State of Punjab, reported in (2017) 8 SCC 518.
(iv) Ramanbhai Ashabhai Patel vs. Dabhi Ajitkumar Fulsinji, reported in (iv) AIR 1965 SC 669.
(v) Vashist Narain Sharma vs. Dev Chandra, reported in (v) AIR 1954 SC 513.
(vi) P. Ramachandra Rao vs. State of Karnataka,  reported in (vi) 2002(2)GLH 518.
(vii) Rattiram vs. State of Madhya Pradesh, reported in (vii) (2012) 4 SCC 516.
(viii) Pradip Buragohain vs. Pranati Phukan, reported in (viii) (2010) 11 SCC 108.

The judgement accepted this contention and clearly rejected the precedence  of the Shafi Mohammed judgement by the following words. (Para: 50.1)

“it is the correct proposition of law, and the decision of the Supreme Court of India in the case of Shafhi Mohammad Vs. State of Himachal Pradesh (Supra), as relied by the petitioner, should not be taken into consideration as it is not a good law. This argument of the learned senior advocate for the respondent No.2 is accepted.”

The Court however went on to accept the electronic evidence on two other grounds. Firstly the Court had allowed the CCTV footage to be shown to the Court. Secondly, it also relied  on the oral evidence of one of the witnesses based on the electronic evidence. (Para 50.2.2, 50.3.1 etc).

It is our considered view that the honourable Court erred on these two considerations.

Effect of the Judge viewing an Electronic Evidence as his own Experience 

When the Court allows the CCTV footage to be played in the Court and on the basis of which it is admitted as evidence without the mandatory Section 65B certificate, the Judge is himself taking on the role of the Section 65B Certifier stating to the effect that

“What I saw on the computer monitor

(which is organized by the Court, which uses some operating system, some configuration, some application etc, and which interprets the stream of binaries in the electronic container marked as a ‘DVD-exhibit no.xxx’ )

is a true fact of an event that the DVD capture represents.

I also accept that this is the binary stream originally captured by the CCTV camera

(when it scanned the scenery and recorded the pixel status on an imaginary screen in the form of binary notations which the video converter is now showing as black,white or grey pixels on the screen in the Court’s computer which all of us are seeing as one person handing over a form to another person etc.”

The honourable Judge taking this stand has put himself in the capacity of a witness and vitiated the quality of the judgement by giving the judgement based on his own witness.

Oral Evidence as to Electronic Document

Secondly, under para 50.3.3 and others it is indicated that the Returning officer who gave evidence on the witness box orally requested the Court to play the CCTV and appears to have also relied upon the electronic evidence of the CCTV footage. This is contrary to Section 22A of the Indian Evidence Act.

Section 22A states:

“Oral admissions as to the contents of electronic records are not relevant unless the genuineness of the electronic record produced is in question”.

What this implies is that when the issue is “What is contained in the record” and not “Whether the record is genuine or not”, oral statement is not to be considered acceptable. Hence  deciding whether a form was given or not, whether it was returned or not, whether that form was a request for recounting or not are interpretations of the content and the returning officer providing oral evidence on the same was not correct.

In view of the above, the CCTV footage ought not to have been admitted as evidence.

The Court however had the right to use any other evidence to arrive at the fact whether the procedure followed by the returning officer was correct or not and whether the petition had to be upheld or rejected. We have no view on this.

What Could have been done

In such cases the Court could have permitted Section 65B certificate to be produced even at the time of the trial and then taken it in as evidence as a Section 65B certified copy. Such certification could have been provided by whomsoever is in the custody of the DVD at the election commission.

If the original DVD is one which is before the Court and is certified as such without any certification of the contents of the DVD, the Court could have accepted the “DVD” as a container of the potential evidence and marked it as such. It could have then asked some observer (which could have been a Section 79A certified Digital Evidence Examiner) to view the content, and provide a Section 65B certified copy of the relevant content say… “CCTV footage of date ….., time …. to ….”.

This extract could have been copied onto another media and the Secton 65B certificate could have been provided with a Digital Signature. Alternatively, the hash value of the media could have been reproduced in the print copy of the Section 65B report where a reference is made to the container and the said electronic document with perhaps some screen shots at the beginning, end and key parts of the video.

This is the procedure followed by CEAC in certifying CCTV footages and is the Standard Operating procedure in such cases.

This was also the procedure followed by the AMM Court of Egmore, Chennai in the case of “Trisha Defamation” way back in 2004, where despite a CD being available with the Court as evidence, the magistrate requested an external person (Undersigned) to produce the Section 65B certified copy of the content so that it can admit it as evidence.

This was a commendable decision of the Magistrate showing his foresight and correct interpretation of the law, though it did not get into the records because (as I am informed by concerned persons) the case was subsequently withdrawn before the full trial.

The judgement of the Gujarat High Court matter will now go to the Supreme Court and we can await the decision of the Supreme Court and its comments if any on the above points, which are of interest to us irrespective of who wins the election battle.

(P.S: These are the personal views of the author and comments and disagreements are welcome. Readers may also note that the Supreme Court has granted a stay on the verdict)

Naavi