Naavi.org

On December 31, 2017, we posed a question to Mr Modi. ” Modi is yet to open his third eye on Bitcoin, the new alternative to Black Money…Will he wake up in 2018?”

Now that Mr Modi has the mandate for Modi 2.0, will he at least now open his eyes?… is the question we need to ask.

In October 2018, Nasscom chief said Bitcoin is illegal. In November 2018, we called upon the Supreme Court to declare Bitcoin as illegal..

But the Supreme Court has not so far displayed the courage to declare Bitcoin as illegal. It has hidden behind technicalities asking the RBI to give its views or the Government to give its views. It clearly appears that the Supreme Court is reluctant to say the obvious. We can speculate why.

We have written scores of articles on this site on how Bitcoin is a Currency of the Criminals and Terrorists, and  needs to be declared illegal and banned. We have discussed how legalizing Bitcoin will destroy the Indian economy, give China a handle to manipulate India. We have also highlighted that banning Bitcoin (along with other privately held Crypto currencies) is essential for choking the Dark Web. We have teased Mr Arun Jaitely and Mr Modi for not taking a decision. 

But the decision to ban Bitcoin is yet to come…

We have to now start questioning whether the Government has an understanding that “Bitcoin is the Black Money of the Digital World” and “Demonetization of physical currency was thwarted partly because of the availability of Crypto currencies” or there are any other reasons why there is a policy paralysis in this regard.

Now even before the Modi 2.0 takes over, I see the Bitcoin lobby at work. An article was circulated today under the title “Supreme Court Advocate suggests how to regulate Crypto in India”  . The article appears in bitcoin.com and it is easy to note the vested interest of the publisher. 

As per the article, some comments have been made in support of the continuation of the monster called Bitcoin and I would like to counter these points.

Comment 1 : “The right regulatory framework would ensure transparency, oversight and accountability”

Counter: Regulation pre-supposes recognition of Bitcoin as a currency. We cannot regulate some thing which is not recognized.

Under Indian law, Bitcoin is an electronic document and since it is not included in the schedule I of ITA 2000/8, it is not de-recognized as an electronic document  under Section 1(4).

But the use of Bitcoin as a “Currency” is ultra vires the RBI Act.

Any body referring to this electronic document as “Currency” exchanging it to Rupee or other currencies, using it to barter with other goods with the description of Bitcoin as a currency are violating the RBI Act.

Any promotion of Bitcoin as a “Currency” and a legal tender should also attract penalties under the law (IPC) for “Cheating” amongst other things. Any person assisting in the exploitation of the concept “Bit coin is a currency” and its promotion are liable for criminal conspiracy to cheat.

These penal provisions apply even to the publications and authors who are promoting the idea that Bitcoin is a legal tender.

Since the concept of “Bitcoin as a currency and legal tender” is ultra vires the Indian law, any regulation can only be to clarify and state that “Bitcoin is illegal”. There cannot be a regulation of narcotic drugs and  arms trade by people except to say that they are illegal. The same applies to Bitcoin.

This can be done by just adding an explanation in the Schedule I of ITA 2000/8. 

The MeiTy need not wait for July 23 when Supreme Court has to give its views on the case. It can act even now in under its administrative powers and get it ratified once the Parliament is convened. If the department has any other view, it is just an excuse.

Comment 2: “Explicit terms of functioning for such exchanges can regulate the kinds of virtual currencies that may be traded, the modes and methods of reporting, the restrictions on trading (including on valuation spurts etc.,) and also investor protection provisions can be incorporated,”

Counter: Since the commodity which is the subject matter of exchange is illegal, the exchange activity will also be illegal. No further discussions are warranted.

Comment 3: There is also debate on whether cryptocurrency can be banned at all. After all how would the government enforce it without infringing on the privacy of all. Any form of electronic device may be used to store crypto currency.

The defense of “Privacy” for illegal activity is untenable. Privacy is the right of a law abiding citizen and if there is any prima facie doubt that a person may be holding or trading in illegal currency, the argument of Privacy cannot save him. No Privacy law recognizes this right.

Enforcement is the responsibility of the Government. Argument that it is difficult is not a valid excuse. Any form of electronic device can be used to commit phishing or online frauds. Can we therefore regularize Phishing?

Comment 4: Unless we hear something concrete from our finance department I don’t think it’s going to affect existing traders.”…”By closing out the banking route, the Indian government merely pushed the entire market into the cash system thereby making it more opaque and impossible to track or trace”

Counter: This is an admission that Bitcoin exchanges in India are continuing to do business even though it is prima facie evident that it is not legal. We even saw one company putting up a Bitcoin ATM in Bangalore to run a havala operation of exchanging rupees into Bitcoin. The Government needs to take deterrant penal action to curb such illegal activities continuing.

Comment 5: It is likely the bill will take some time to become law, even if the government decides to introduce the same in the Lok Sabha, and certainly not before the next supreme court hearing on the issue in July, which might provide some clarity on the issue.

Counter: It is clear that the Bitcoin lobby is counting on a favourable judgement from the Supreme Court. This gives room for the speculation that the Bitcoin lobby may try to fix the judges.

We need to specially watch out for any irrational judgement that may come out which may confirm this suspicion. 

People are watching and Supreme Court should recognize if it is coming either under duress from parts of the industry or under the influence of any illegal gratification or promise thereof.

Since the future of many political parties may be involved in the legalization of Bitcoin, the highest level of influence would be brought to bear on the Court and the Court has to treat this as a sensitive case and handle it with a commitment to the national interests.

Comment 6: many countries such as the U.S. have chosen to regulate crypto assets instead of banning them. With every change that USA has brought about, other countries including Singapore and Japan have followed suit,

Counter: We are aware that many countries have legalized drug trade or arms trade. It need not guide our movement to eliminate black money from the system.

If we need to remove black money, we need to remove it even from the digital space. We are not concerned with what other countries do.

In fact, it is my sincere desire that Mr Modi extends his fight against Black Money to the global scenario and takes up the issue of outlawing privately held Crypto currencies across the globe. A consortium of like minded countries need to be formed. This should help several countries in Africa and elsewhere where there is terrorism and insurgency which requires drug trade and arms trade to go unhindered.

Comment 7: India’s population and young demographic being a substantial part thereof is reason enough for the government to take a definitive stance, the advocate told the news outlet. “Else a large young risk intensive population may have already entered the crypto-asset market and may then be left adrift with no remedies or solutions.

Counter: Definitive stance…yes. But only to criminalize the holding and use of Bitcoins.

Otherwise the argument is similar to that of Mehbooba Mufti that “Stone Pelters of Kashmir are misguided youth only and should not be punished.

If the misguided youth or others have already committed a crime, there is no need to protect them with a favorable law now.

They can always be given an opportunity to declare their holdings, account for it, surrender it and then allow them to escape  criminal  penalties.

Comment 8: The National Association of Software and Services Companies (Nasscom), a nonprofit trade association of the Indian information technology and business process outsourcing industries, is among those that have urged the central bank to consider allowing crypto companies to participate in its regulatory sandbox. 

Counter: This is a misguiding statement. Nasscom chief has admitted that Bitcoin is illegal. There is no need for any experimentation in the sand box of regulations. This will be a strategy like the proverbial Arabian Camel in the tent.

Comment 9: Since cryptocoins and tokens are an important component of the blockchain technology, the draft regulations appear to exclude testing of smart contracts and other approved blockchain technology under the sandbox.

Counter: This is another fallacy being spread by the lobby. Block Chain technology as has been used in Bitcoin has no use in any regulated activity. The Private Blockchains are a technology which are a fancy name to some thing which is already known and is being used. Hence there is nothing to be gained by shielding Bitcoins under the garb of testing Block Chain technology. 

Counter 10: Payments Council of India (PCI), the payments industry lobby group, has also urged the RBI to include cryptocurrency businesses in its regulatory sandbox, according to the Economic Times. Naveen Surya, chairman emeritus of PCI, believes that “Since there is no outright ban on cryptocurrency technology, it should form part of the sandbox,”

Counter: The article quotes the Chairman Emeritus of PCI. I look forward to the view of  the current management of NPCI.

I will be raising this issue both with the NPCI and PMO to confirm the view of NPCI. If there is any support for Bitcoin, I will not have the hesitation to call that it is wrong.

Counter 11: India should really look clinically at formulating simple regulations to meet its unique socio-economic milieu and lend support for developing the technology.

Counter: All the fancy words only mean a support for the Criminals to run their domain with a currency which cannot be traced by the legacy Governments. This currency supports the Dark Web, the exchange of Crime ware, collection of ransom in ransomware attacks. It can be and is perhaps is being used for paying terrorist sympathizers in India including the political parties by our enemies across the border.

What Needs to be done

Hence there is no need to show any mercy on the Bitcoin. It must be banned. Any person holding the Bitcoin should be considered as “Attempting to commit a money laundering offence” and booked accordingly. A small window may be given for voluntary disclosure when the crypto currency balances are surrendered for confiscation to the Government in convertible legacy currency and such persons can be exempted from criminal punishments. 

I list the “Banning of Crypto Currencies” (Privately managed) as the unfinished agenda of Modi 1.0 and urge Mr Modi, Mr Amit Shah and whoever becomes the  Ministers of Home, Finance, Law and IT to take appropriate steps to ban Bitcoins forthwith. 

I will forward this article to my MP besides the officials of NPCI and the PMO and seek their comments. If NPCI does not counter what is stated in the article, it can be presumed that they endorse the view mentioned…..Let us put their commitment to remove Black Money to test.

I am sure that this article will not be liked by many of my friends. I have explained elaborately in my previous article  of exactly this possibility and given my reasons why I still express such a view in the interest of the nation. 

I hope a majority would share my view. What matters however is…

Will Modi 2.0 share the same view?

Naavi

There is a big relief for people like us that Mr Modi is back. The relief is more because the alternative was a sure recipe for disaster.

But we the people of India are not content with the relief. We look forward to accelerated positive developments that can take our country forward. During the last few months of Modi 1.0, it appeared that Mr Modi was getting exhausted. Afterall the vicious campaign of the opposition was taking its effect on his self confidence. As a result the Government slowed down on many fronts during the last quarter of the 2018 and upto now.

The Tukde Tukde Gang led by advocates who were only interested in disrupting the society was well supported by the highest Court of the land and led the country into a “Temporary Policy Paralysis”.

This created a fear that if Mr Modi did not come back, the country would be destroyed by the opposition politicians supported by  PIL advocates who could make the Supreme Court dance to its tune. Now with the renewed support of 353+1 members of the Loksabha, Modi 2.0 is stronger than ever before and hence there is a temporary feeling of relief that the worst is over.

But has Mr Modi himself  recovered from his exhaustion and retained his vigour for an immediate return to fighting against the anti national forces or has been softened with the bombardment of the opposition over the last year, needs to be watched. 

During the last few months, I am aware that my professional image  was a little dented by my open expression of support to Mr Modi to the extent that in the social media, I was branded by trolls as Modi Bhakt. 

But in the interest of the nation, it was felt necessary for professionals like me to take a position openly and oppose the pseudo-seculars spread all over unmindful of the criticism that may come through. It is possible that this could have also adversely affected some of my professional work as well. 

Now it appears that the difficult period is over and the Indian electorate has silently brought Mr Modi back to power with a higher majority than before. Presently, we are waiting for the next step of cabinet formation and subsequently  the roll out of the Modi 2.0 promise.

Like the Justice Srikrishna concept of “Data Fiduciary”,  where we can expect the Data Controller to do more than what is contained in the consent because he is a trustee, Mr Modi is the “Citizen’s Aspiration Fiduciary”. What this means is that irrespective of what is stated in the manifesto etc, we the citizens expect that Mr Modi will act in such a manner that the Indian Citizen will benefit by his Governance in every aspect. The world is dynamic and hence the aspirations of people may also undergo a change.

As a Citizen’s Aspiration Fiduciary, we expect Mr Modi to keep doing things that are good for the citizens of India as we go forward. Hence we need to keep presenting our thoughts and ideas to the Government and Naavi.org will continue to do this in the domain of Data Protection, Cyber Laws, Information Security and related areas.

I thought I should wait to comment on the agenda for Modi 2.0,  until the cabinet formation is over, but some media elements appear to have already got their act together and started their campaign. In the Cyber Crime domain we know that whenever technology moves, it is the criminals who first make use of the new developments and the security professionals need to catch up.

Similarly, those who were opposed to many of the policies of Mr Modi in the earlier regime are the first off the block to start lobbying in the new regime even before it is formally in place. I already see planted stories and comments in the media/social media on certain  policy aspects as well as on who should be in the cabinet and what should be the portfolio allocations.

Therefore we also need to jump in and not allow the narrative to be one sided. As followers of this blog have recognized in my last post on the EVM, I have a tendency some times to express my views in advance to pre-empt the counter view point gaining ground. May be some of my apprehensions are therefore considered as speculations but I feel it is better to err on the safer side and start the counter discussions before it is too late.

I have been drawn into the political discussions since around the days of emergency in 1975. Though these were suppressed during my career as a Banker in the public sector, it obviously came back when I was free from employment obligations. 

People who have followed my other site www.aifon.org.in are aware that I have followed the electoral politics from time to time and expressed support for Modi and his predecessors in BJP.   Though I consider that Mr Modi is the best thing to happen to Indian politics as predicted by Nostradamus,  I will  continue to be the Chowkidar whether or not the prefix is still with my Twitter Handle or not.

In pursuance of this national responsibility within the chosen professional domain, I will try to highlight some of the policy decisions that I consider as needing special attention of Modi 2.0 government. In this series we will discuss the need for Bitcoin Ban, the PDPA Bill, the Intermediary Guidelines etc.  though it may be slightly uncomfortable to some of the professionals. 

This is a disclosure before I publish some of my view points on the unfinished agenda.

Naavi

Dark web is an aberration in the world of technology.It is a tragedy that Dark Web has spoiled the beauty of a concept called Internet.  Most security people talk of the impossibility of regulating the dark web. But just because a bad thing is difficult to remove, civil society cannot remain a mute spectator.

Naavi discusses the world of Dark Web for the India Legal magazine in this article.

Read the article here. ...Article titled Mafioso of the wired world

Naavi

Today is 25th May 2019, an year after the GDPR came into effect. During this one year, Indian Companies and the professionals in the Data Protection domain have discussed the impact of GDPR in great detail.

When we started the year, GDPR in principle was known for two years but the companies had not taken any action for their implementation. There was an expectation that the date could be extended. But when it dawned on the industry that no extension of date was in the offing, there was panic alround.

Indian companies were pushed to a higher level of panic by their US vendors who, because of their general concern arising out of the huge stakes involved demanded compliance from the Indian Data Processing contractors without fulfilling their own responsibilities as the Data Controllers.

It has taken a full year for this panic to subside. Now Indian Companies are aware that in most cases they are not Data Controllers. They are Data Processors and from a different legal jurisdiction. Their liabilities therefore are confined to the contract with the vendors from US or EU who are the data controllers and have to clearly indicate what “Privacy By Design” means in the specific context of the data processing contract between the two.

Indian Companies have also now realized that EU does not have direct jurisdiction on the Indian Companies who donot have offices in EU countries. Their liabilities arise only out of the indemnity contracts they might have signed.

In many cases, Indian Companies had engaged the sub contractors who were actually discharging functions of “Data Controller” where as the Indian company which was the principal in the contract was himself only a Data Processor to another Data Controller who appeared to be only a customer of the Indian Data Processor.

I suppose some of this role clarification might have occurred by this time and people are aware who is the Data Controller, who is the Joint Data Controller, who is the Data Processor and who is a a sub contractor and who is the Data Recipient.

Secondly, initially there was also confusion on what is the data that is subject to GDPR. Many of the companies did not have a mechanism to identify data of EU Citizens in respect of their activities in EU or identifying the activity in the EU region that they were profiling. The classification of stake holding data was therefore a difficult hurdle to pass through.

I hope companies have made some progress in this direction by now.

Once the roles are clarified and the stake holding data is identified, the companies have the technical wherewithal to implement compliance measures such as “Pseudonymization”, “Encryption”, “Access Control” and other measures that would be required for compliance.

This part of the compliance was perhaps the easier aspect since some tools were available and more could be acquired and created.

The last hurdle was the creation of the organizational culture that is conducive to the compliance. Typically, in the initial days, the hype was sufficient to make every employee aware that GDPR is big, there will be huge penalties etc.

But this awareness does not automatically convert itself into a compliance culture. Further the enthusiasm is likely to wane as the days go by.

Hence at the end of the first year, what Indian companies need to review is whether the employees are sufficiently tuned to the compliance culture.

This should be the task before every Indian Company exposed to the GDPR risk in this coming year.

As regards the Indian Companies, the coming year would be even more complicated from the point of view  of Privacy Compliance. With the return of Mr Modi as the PM, the unfinished jobs of the previous regime will move forward without much of a hurdle. One of the tasks that remained unfinished in the previous regime was the passage of the Personal Data Protection Act .

We can now expect that the formalities of the Bill being reintroduced and perhaps taken up by a Standing Committee for finalization, in the very first session of the Parliament is very high. I expect that the Data Protection Authority would be set up in the next 6 months and things will start rolling fast.

Indian Companies therefore need to incorporate the Indian PDPA compliance into their GDPR compliance plan at the earliest. Otherwise they will have to face a restructuring exercise a little while later.

Naavi’s initiatives for the coming year

Naavi has tried to make the industry realize that the time for action is now…before the PDPA becomes the law.

The FDPPI (Foundation of Data Protection Professionals in India) was formed by Naavi and his friends to address this issue of spreading the relevant knowledge and create a knowledgeable, skilled ethical eco system for data protection in India.

Now in 2019, FDPPI is likely to develop as the main representative of the Data Protection Industry in India and undertake activities that will enable the smooth implementation of PDPA of which GDPR would be a part.

Naavi on his own is in the process of developing the PDPSI (Personal Data Protection Standard of India” which will be incorporating the best global industry standards within the framework of the Indian Data Protection compliance requirements.

Further, Cyber Law College, which is the education wing of Naavi will start operating a new division on Data Protection education and training.

Ujvala Consultants Pvt Ltd, which is the consultancy wing of Naavi will focus on developing the Data Protection related consultancy with greater vigour.

During 2018, Naavi was working on a system of pseudonymization and anonymization for which a provisional patent had also been applied. Now Naavi intends to integrate it as a part of the PDPSI implementation structure and throw the idea open for implementation.

In the meantime, Naavi.org along with the Privacy Education Center (www.privacy.ind.in) and other associate websites will continue to spread knowledge through the web.

Coming months are therefore appearing to be exciting as we look forward to a new Government, new initiatives and a new hope.

Naavi

We have time and again stated what we think is the correct legal position as regards the controversy raised by the opposition regarding the VVPATs.

The Supreme Court could have avoided the current problem by ruling in the first place that the VVPAT is only an acknowledgement and it has no legal significance or precedence over the electronic click made by the voter. However, the Supreme Court did not factor in the nefarious motive of the opposition to disrupt the counting process using the VVPAT as an excuse.

Now the opposition has raked up an issue that VVPATs should first be counted and tallied before the counting the electronic votes recorded in the EVM is undertaken. Mr Chandrababu Naidu has also revealed their intention that if there is any mismatch, the counting should be stopped.  It is therefore clear that the objective of the opposition is to stop counting and create a constitutional crisis.

Under the circumstances as an observer of the Cyber Crime and related scenario, I anticipate the following developments tomorrow which will all be aimed at confusing the Election Commission and harassing them to yield to the demands of the opposition.

1. At the time VVPATs are taken up for counting, first there will be a call for tallying the machine number, the number of votes etc recorded in the form given to the polling agents by the poll booth officials.
2. When these are done, there could be one or more booth agents who would have changed the form which was in their hands for some times now and claim that the information given to them at the booth and what is now being shown do not tally. Hence there will be a claim that the machines have been switched or the votes have been tampered with.
3. If the discussion goes past this and counting is done, then the polling agents who will be present at the counting of the physical slips will say that some slips were wrongly dropped into BJP box and it has to be recounted again and again. They may also ensure that one or two slips are stolen and destroyed. They may even hide it inside their inner clothes like the drug peddlers or even eat up one or two of the slips. The EC would not be able to forcibly check the agents physically like the ED or the Police and a ruckus will be created that there is a difference in the count and hence the counting should be stopped forthwith.
4. There may be demonstrations and physical violence outside.
5. There will be an urgent mention at the Supreme Court for a stay.

I therefore request that the EC and the Government of the day responsible for the law enforcement in each counting centers which include those under the control of Opposition ruled states like West Bengal and Andhra Pradesh to ensure that the counting process is not interrupted.

It may be necessary for the Central Forces to be in charge of all counting centers to manage the law and order situation.

At the back of all this, I reiterate that the VVPATs are only acknowledgement slips and the vote of the voter is recorded electronically in the EVM and if there is any discrepancy, the EVM count should be considered as valid.  Further litigation if any should be after the candidate is declared elected and an election petition is filed.

Any other approach will be unfair and also illegal.

Naavi

[PS: Happy that the above concern did not materialize. EC refusing to agree for the VVPATs to be counted first was helpful. Also Mr Chandrababu Naidu losing badly in AP and Mamata being jolted in WB further defused the opposition. Overall, we are relieved that the Tukde Tukde gang was defeated and nationalist forces marched to a grand victory……Naavi, 23rd May 2019]

The opposition parties aggrieved by the exit poll results are raking up an issue with the EC regarding what needs to be done when there is a mismatch between the VVPAT counting and the EVM records.

The Supreme Court which did not have the appropriate vision to take a view on this when the matter was before it just ruled that in 5 booths in every constituency, VVPAT has to be counted. This means that about 8000 VVPAT slips may be counted in every booth. If there is a counting error then there could be a difference of one or two vote numbers with the EVM count. This may be insignificant but is enough for the political parties to cry that there is some thing wrong with the EVMs and the election should be repeated with ballots.

The EC has internal dissensions which may actually complicate the issue.

I therefore provide here what I think is a legal position to be taken into account.

The Indian Elections have adopted the EVM system for which there is sufficient legal backing. As per this, election is conducted by the voter expressing his choice by pressing the button on the EVM. The process of voting is therefore completed when the button is pressed. The count of this is in the EVM. There ends the election process.

The VVPAT is a system that provides an acknowledgement to the voter. The acknowledgements are preserved for verification in case of large scale malpractice as evidence. But the VVPAT slips are not votes. They are secondary confirmation to the electronic signal generated by the depression of the voting button.

The VVPAT is generated not by a voter’s action but by the action of the EVM after the vote is recorded. Hence it is a subsequent event.

Hence if there is a mismatch between the EVM count and the VVPAT, the EVM count should prevail. In case there appears to be a large scale malfunctioning where the difference is statistically significant, then the matter becomes an issue of the post poll legal challenge. What is a “Significant” difference for a 1600 or so votes is what a statistician can determine. In my view it could be some where like 2% or about 30 votes.

I hope the EC and the Courts will consider this view when they have to consider the objections.

Naavi