Naavi.org

Naavi has been warning the immature technology experts that there is a tendency with some to get intoxicated with the technology power they appear to have.

Some of them use their knowledge and skill to be security specialists and ensure that IT is safe for the community. They are the Information Security specialists and “Ethical Hackers” who know their boundaries and live within it.

Some become “Black hat hackers” and exploit the society. Thy make money, support the deep web and Bitcoin and essentially serve their selfish interest cheating others.

There is a third category of people who are not criminals by their inherent intention but donot know the limits under which they need to live. They become “hactivists” and try to challenge the authority for causes that they think is good but may not be really so.

These persons may be often dragged into indiscretion because of their ego and a desire to show off their capability without minding the consequence. Their intentions may be not bad  but the path they chose is to challenge the law of the land in a manner which can land them in trouble and kill their career. They live on the mercy of the Police and reluctance of the law enforcement to waste their resources on a maverick software professional.

Many of the adolescents who do wheeling on the city roads belong to this category. These technology intoxicated script writers/hactivists are similar. They need to be disciplined by appropriate action by the Police.

One such professional was reported by Naavi.org long time back regarding the IRCTC hacking. That software professional was then working in Satyam Computers, Hyderabad and developed a script that could enable anybody to cheat the IRCTC Tatkal booking system. He gave the script free on his blog. When I pointed out the possibility of his action being considered as a crime, and with a little nudge from a member of the press, he removed the script and went silent. He must have escaped a possible danger to his career by realizing his mistake in time and correcting it. Several years later this software re-surfaced in the hands of the Jamtara type criminals and IRCTC took up the complaint and got many agents and the software distributor arrested and punished.

It appears that one more such person has now surfaced in Bengaluru according to this report in buzzfeednews.com  

The article names the person as “Jay” a software engineer in Bangalore and the story is credited to a reporter by name Pranav Dixit identified with the email ID pranav.dixit @buzzfeed.com. It is obvious that “Jay” is not the real name of the software professional who is hiding his identity like a criminal who is afraid of the law.

Jay has admitted that he has hacked into the app and made it always show “Green”. He is thereby admitting that he is cheating his employer who has made it mandatory to allow Jay to get back to work and will perhaps cheat the law enforcement also and become a “Rogue Covid Spreading Virus in the society”. I am sure some of his friends would have already borrowed the hack and turned their phones also into green. This clan of a new generation of Tablighis will start spreading Covid in their enthusiasm to show off their technology power.

This newsbuzz reporter Mr Pranav Dixit is now the contact who is aware of the identity of this law breaker and may be many more similar persons and I request the police in Bengaluru to investigate and locate this hacker and bring him to book.

Naavi

Reference Articles

IRCTC hacking.. What Next?

IRCTC fraud is an exhibition of Technology Intoxication

Yet another IRCTC Fraud unearthed

Developer? or Virus Writer?

Hacking may be your passion… Are you making it a gate pass to Jail?

Last week, a sensation was created in Delhi when some alleged conversations in Instagram chat  group consisting of boys of a school. It was alleged that the group had discussed a possible gang raping of one of their classmates. The matter came to light when the victim girl appeared to disclose the conversation through Twitter.

Though the girl  herself was a member of a similar chat group “Girls Locker Room”, she was hailed as a bold whistle blower and people naturally were disgusted with the behavior of young students in the capital and the moral degradation of our schools.

Delhi police booked a case and arrested the Admin of the “Bois Locker Room” group. It also identified about 20  other accused and started investigations. Cyber law experts started discussing under what sections of ITA 2000 the erring boys should be punished. There were also TV debates on the issue.

Two days later, vulgar conversations in another group called the Girls locker room were released in the public. This indicated that there was something shady in the way both boys and girls behaved and showed the “Delhi Culture” in its poorest light. Parents of these boys and girls should have felt like committing suicide for the shameless behaviour of their wards.

While experts were still discussing whether the offence comes under Section 67 or 67A or 67B of ITA 2000/8 or under any sections of IPC etc., a shocking news came today that the case was built on a fake message created by the victim girl herself. She had created a fake chat account in the name of a boy called “Siddarth”, and created a fake chat between “Siddarth” and the “Girl” and posted the screen shots in the Boys Locker room group as if Siddarth was suggesting gang raping of the girl. Perhaps the girl wanted to know if others would react in favour of the suggestion. Perhaps she would have felt a psychological satisfaction if  many boys in the group had agreed. It is un-imaginable to understand the level of perversion exhibited by this girl. It is perhaps a sin to give her protection of identity under Privacy.

Any sensible person will fail to accept the sort of mental state these girls and boys have  displayed and will  feel depressed on seeing the state of our society.

Now, leaving aside the discussions on morality, we can focus on understanding what kind of crime that the girl has committed and how ITA 2000 will deal with it.

Firstly, the girl impersonated herself as “Siddartha” with the purpose of cheating many other boys and bringing bad reputation to the group Bois Locker room (Over and above whatever dirty reputation it might have had) and consequently got the admin of that group arrested and defamed. She was actually luring them into an offence that would have destroyed them even if they had shown any inclination to carry out the attack.

She has also created a false screen shot which amounts to creating a false electronic  document for the purpose of cheating. There is conspiracy and unauthorized activities akin to hacking.

In the background are the indecent and obscene language used in the chats which fall under Section 67 of ITA 2000. It will fall under Section 67A if there are pictures of any sexual acts, and under Section 67B if pictures involve minors. Correspondingly the imprisonment term under ITA 2000/8 itself would be 3 or 5 or 7 years. If they had carried out the assault, they could have faced death penalty if they were not considered for juvenile amnesty.

Now the Police have to decide whether they should file a fresh FIR on the girl and charge her with all the above charges under ITA 2000/8 and for creating a false evidence to implicate another in a serious crime, under IPC. Though a conspiracy to self inflict a rape may not be a valid offence, the conspiracy to trap the boys into an attempt of committing a heinous crime would be recognized. The conspiracy would therefore have led to a serious charge on the girl equivalent to a conspiracy to commit a gang rape on some body else.

Assuming that all the students would be from influential families there would be pressure on the Police to drop all the cases and forget the incident. If it is done, it would be a tragedy.

While reading about this crime, I am reminded of the murder committed in Bengaluru several years back by a girl who conspired to get the boy to whom she was engaged murdered by using her boy friends. That case was solved by an analysis of the SMS messages that the girl continued to send while she took the victim on a friendly stroll on a lonely road a few days before the marriage. Her friend attacked the boy with rods and murdered him while the girl stood around and supervised the murder. Perhaps the Delhi Girl would in her future years could challenge this Bengaluru girl  for gaining notoriety which led to even a movie to be made on her.

Press has obviously not revealed the identity of the erring boys and the girls under the guise of “Privacy” of “Juveniles”. But one wonders if it is not a case where these juveniles are a danger to the society and should be rusticated from the schools. Perhaps their identity also should be made public  so that others will take care not to befriend them by mistake.

It is a matter which will be discussed for a long time as an instructive case.

Before we end, I would also like to highlight that here is a lesson for the bench of the Supreme Court which gave its verdict on the Shafi Mohammed case  which we have been criticizing in strong terms. As per the principle established in the judgement,  the view of the Supreme Court was that if the screen shots of the Snapchat or Instagram is produced as evidence, it may not require a Section 65B certificate.

Because of this interpretation of the Court, any false evidence filed by the girl would have been admitted without a Section 65B certificate and the trial would have commenced on the boys, if the Police had not unearthed the conspiracy for which we should appreciate them.

In such cases, if a Section 65B certificate is submitted, at least some body would take the responsibility for the electronic document produced for evidence and probably he would have captured the inconsistencies that were later found by the Police. Fortunately, this judgement in the Shafi Mohammed case has now gone for a review to a larger bench and hopefully would be shelved, restoring the principles of the P V Anvar Vs P K Basheer case.

But the fact that evidences can be faked and false cases lodged is a matter to be noted and the Police and lower judiciary has to be very careful in coming to premature decisions where the evidence is not properly produced.

Naavi

I would like to draw the attention of the critics of Aarogya Setu as expressed in the article that appeared today in TOI under the title, “Transparency and respect for Privacy are essential…to build trust which is totally absent from Aarogya Setu process”

The author expresses the opinion that “Contact Tracing” apps are invasive and if insecurity in the app is not fixed, we may be helping snooping and hacking. The author advocates that the source code of the app should be made public and its use should not be made mandatory. The author praises the Apple-Alphabet partnership to restrict sharing of location data and calls it a “Privacy respecting” and “Secure” measure.

The collection of location data and limited scope of liability and accountability is what the author considers as endangering the “Safety of millions at risk”.

The first correction we need to make to this statement is that the app collects only minimal information about the person who downloads it and gives him an option to declare his health status. He can very well declare himself as healthy. If and when he is diagnozed as infected, then his status would be suggested to be changed. If the person does not change, he would be liable for giving a false information which could endanger others.

The potential to endanger the community with false information therefore lies with the individual and not the Government. As regards the “Location information”, I suppose the author who represents the Software Freedom Law Center is aware that Google does track your location through your Google map usage openly and perhaps covertly through the in built location detection mechanism. The activists however trust Google but not the Indian Government because these commercial organizations do fund many NGOs to lobby for them, while the Indian Government ignores them.

Now we come to the question of “Leakage of Information”.  The app certainly collects the mobile number which is the most significant personal identity collected. Name, gender, age, profession, countries visited in last 30 days are details which the data principal himself submits. At this point of time these are not verified though the Government can track the mobile number and find out in whose name the SIM is registered. If it is a prepaid SIM, even this data is not very reliable.

Hence the “Location Data” if tracked is a “Pseudonymous personal data”. It is only when the person encounters an employment situation or undergoes a test in a hospital, the question of whether the name as declared in the App and the real identity that can be picked from say the Aadhaar card comes into the open.

We donot know if the Government wants to take any action for such “Voluntary impersonation”. If necessary the activists may ask the Government about the intended punishment for such impersonation. Such impersonation does not affect the person coming into contact with others in a mall etc since the app can still track the mobile to whom so ever it may belong to. If an employer has made it mandatory that installation of the app is mandatory to come back to work, then the person has to register the app in his name in which he has the employment and cannot impersonate himself.

So it is unlikely that we can prove that the impersonation itself caused any harm and hence the legal liability may not be enforceable except as an “Attempt” to mislead others.

As regards the making of the App “Open Source”, I donot trust the activists to make any responsible use of the open sourced code to come up with any suggestions on improving what they call as security weaknesses in the App. I rather would suspect that they would be hiring unethical hackers to hack into the app and create problems for the Government.

As regards the mandatory status of the App, we must appreciate that there is a right even for the people who interact with a suspected infectious person whom these privacy activists are trying to protect from revealing his status. This right of safety supercedes the right of privacy of the app owner.

The Supreme Court is also well aware that the “Freedom to stretch ones arms stops at the tip of the nose of the person standing next to him”. Hence the claim of the legal flaws related to Aarogya Setu app if brought before the Supreme Court would get a fair dealing unless the activists can fix the decision by any nefarious arguments.

It can however be agreed that the if the Government had been more careful, it could have avoided the confrontation with the activists. Just as they let the opposition to mislead the public with the CAA, they are now allowing the privacy activists mislead the community into believing that a great calamity would occur if they register themselves for the Aarogya Setu app.

Naavi

Also see: Exposing the IMAGINARY Aarogya Setu security issues raised by Elliot Alderson @fs0c131y

It is interesting to note that Pakistan is coming out with the Personal Data Protection Act 2020 of its own and is challenging India to change the name of its Bill as otherwise we will have PDPA 2020 of Pakistan and PDPA 2020 of India.

We welcome the initiative from Pakistan which has also given us a renewed reason to drop our complacency and the fear of the ever present Lutyen media backed Nay-sayers and get the Personal Data Protection Bill 2019 finalized. If we let Pakistan to pass their bill ahead of us, it will be a huge embarrassment for India in the international scene.

Hope the JPC lead by Mrs Meenakshi Lekhi realizes that we cannot lose this battle to Pakistan and the JPC has to ensure that we pass our law before Pakistan.

I therefore request Mrs Lekhi to call for a virtual JPC meeting immediately and proceed with the finalization of the Bill.

If we wait endlessly, there will be more hurdles created by the creative Internet Freedom fighters who will set up the IT committee lead by Sashi Tharoor to counter the JPC and further delay the passage of the Bill.

If we had passed the Bill by this time we could have effectively countered many of the objections raised regarding the Arogya Setu app since there would have been a legal backing for the Government for collection and processing of the Covid 19 data without affecting the privacy rights. This will now be coming up for question in the Kerala High Court and the Central Government will be cutting a sorry figure for defending why it could not pass the Act for so long.

Naavi

Link to the Pakistan Personal Data Protection Bill 2020

We have earlier discussed certain concepts of “Quantum Computing” at this site and its impact on Cyber Laws of Evidence, Encryption security and Data Protection. I give below the links to those articles for a quick review:

Quantum computing and Emerging Cyber Law Challenges… Are we ready? : March 10, 2018

Section 65B in the Quantum Computing Scenario: March 16, 2018

Theory of Dynamic Personal Data: March 31, 2018

In the wornderland of Quantum Cyber Law, Physics is part of the Law specialization: April 3, 2018

The Vast and Far Reaching Applications of Quantum Computing- June 20, 2018

China working on achieving Quantum Supremacy: July 5, 2018

China may be developing its own unbreakable encryption system through Quantum Computing: July 5 2018

Is it the beginning of the Chinese domination of the Globe?…Mr Modi to take note: July 5, 2018

10000 years=200 seconds in Sycamore Processor: October 24, 2019

Now I was delighted to see that one of my classmates in MSc, Physics at Manasa Gangotri, Mysore (1973 batch) has achieved significant breakthrough in the research field of Quantum Physics working in the MIT, USA. I want to share his story to the audience here as a tribute to his achievements.

I am reproducing the article which had appeared in the “Star of Mysore” on May 4

He is the second of my old friends who appears to have achieved global recognition for contribution in his field. The other proud classmate from my High School days was Colonel Gopal Kaushik who had a key role in the Indian nuclear test at Pokhran in May 1998.

I am proud to have the association of these two gentlemen and salute them for their achievements.

New Discovery By Kodagu-Born Dr. Jagadeesh Moodera And Team At MIT

It boggles the mind when told that a subatomic particle exists simultaneously at two different spots.  One location could be on your table and the other on the surface of Jupiter!

English Physicist Paul Dirac theoretically proved way back in 1930s that fundamental particles known as fermions should have a counterpart somewhere in the universe with an opposite charge – known as anti-particle.

Complicated. Difficult to fathom. I fail to comprehend.  Based on this theory it is theoretically possible to have ‘teleportation’ that are portrayed in science fiction movies and books.

Coorg-born Physicist Dr. Jagadeesh S. Moodera has been a scientist at Massachusetts Institute of Technology (MIT) since 1981. He has several path-breaking research papers to his credit. My wife and I had the good fortune of a guided tour of his laboratory at MIT during our visit to Boston to attend the Kodava Convention-2019, in September last year.

Dr. Jagadeesh explained the intricacies of the experiments that he and his team were involved in.   It was fascinating to see a huge setup with myriad tubes, probes, cables and instruments in order to create a 100% vacuum in a space of about 2 cubic centimetres.

Part of the experiment was conducted in this small space which was absolutely contamination free.  There was another setup equally complicated where a space was created for the experiment which was free of any kind of vibration – not even that created by the traffic in the streets distance away, or footsteps of students in the nearby corridors.  In addition, this space is cooled to -273 degree centigrade (that’s as close as one could get to -273.15 degree centigrade which is absolute zero).   The experiments were conducted under these ideal conditions and usually between 10 pm and 6 am when chances of vibration were the least.

The experiment Dr. Jagadeesh and his colleagues have been working on since 2012 was to discover what Italian Theoretical Physicist Eltore Majorana, extending on Paul Dirac’s theory, had postulated in 1937 that there should be some subatomic particles that are indistinguishable from their anti-particle.

Scientists have been looking for these particles named Majorana fermions. Many theories have emerged over the years.  Theoretical Physicists at MIT and elsewhere predicted that Majorana fermions may exist on solids such as gold under certain conditions.   Dr. Jagadeesh and his team were on a mission to discover the existence of the elusive Majorana fermion.

The experiment, extremely complicated, needed many long hours in the laboratory.  Dr. Jagadeesh explained how the delicate research was carried out at nano-particle level and observed through Scanning Tunneling Microscope (STM).  STM is capable of ‘feeling’ the presence of atoms and molecules.  3mm x 3mm was the size of the surface on which the experiment was carried out, consisting of nano-wires of gold, grown on superconducting material: Vanadium.

MIT News dated 10th April 2020 has announced the successful sighting of the mysterious Majorana fermion by Dr. Jagadeesh Moodera and team. This is a major breakthrough.   In Dr. Jagadeesh’s words ‘We have shown they are there, and stable, and easily scalable.’  Please visit webpage: http://news.mit.edu/2020/first-majorana-fermion-metal-quantum-computing-0410

The finding that Majorana fermions are scalable and could be made into qubits (individual computational units) is spectacular.  These qubits could be used to build the most powerful and error free quantum computers. This will be a step closer to the phenomenon known as Singularity, which predicts that by the year 2042 AD there will be computers that will have computing power of all the human brains put together!

Once Singularity is achieved, humans need not invent anything further.  Solutions to the most complex problems will be arrived at within seconds.  If we had these computers today, a remedy for the current Covid-19 would have been found in a jiffy!

Dr. Jagadeesh’s wife Dr. Geetha Berera is a senior lecturer in MIT and we had an opportunity to visit her laboratory as well.  The couple are totally dedicated to academics and research. Every year they visit Coorg and conduct a Quiz programme for school students.  They are in the process of starting a school in Coorg under their organisation – CREATE Gurukula Trust – focusing on encouraging young minds in research activities.  Meritorious students at Coorg Institute of Technology (CIT) are recipients of annual scholarships and awards instituted by Dr. Jagadeesh and Dr. Geetha. Dr. Jagadeesh and Dr. Geetha are eminent role models for young Kodavas to emulate.

After FDPPI completed the two certification programs for Data Protection Professionals (CDPP-I),  with a program of 18 hours of online teaching, Cyber Law College of Naavi has completed one more crash course of 12 hours for about 45 participants mainly from the Elite CISO group of Delhi.

Presently another batch of around 40 persons from Elite CISO are undergoing another crash course program for 12 hours.

While Naavi is conducting these sessions and Cyber Law College is providing the participation certificates, these participants are also eligible to move further on to take up the Certification examination of FDPPI and get certified if they are interested in the certifications.

Naavi/Cyber Law College/FDPPI acknowledge the enthusiasm of the members of the Delhi chapter of Elite CISOS and more particularly Mr Vikas Arora in making this spread of knowledge possible.

Creating wide awareness of the Personal Data Protection legislation as it is emerging in India now is essential to ensure an early adoption of the act when it finally becomes a law.

Naavi