Draft Intermediary Guidelines 2018… Public Comments invited

Posted on December 25, 2018 by 98410spice

The Government of India has released a draft Intermediary guidelines 2018 under Section 79 of Information Technology Act 2000 (ITA 2000/8) for public comments before January 15th. (Refer here).

The notification records  that a calling attention motion on “Misuse of Socal Media platforms and spreadig of fake News” was admitted in the Parliament (Rajya Sabha) in 2018 (Monsoon session) and the Hon’ble Minister for Electronics and IT, responding to the calling attention motion on 26/07/2018, made a detailed statement where he inter alia conveyed to the House the resolve of the Government to strengthen the legal framework and make the social media platforms accountable under the law.

The department (MeitY) has now prepared the draft Information Technology (Intermediary Guidelines) Rules 2018 to replace the rules notified in 2011.

Comments and suggestions can be sent to gccyberlaw@meity.gov.in, pkumar@meity.gov.in, and  dhawal@gov.in.

The Copy of the proposed guideline is available here.

As has been the trend of politics today, there has already been comments by many politicians that this is an attempt at the Government trying to take control of the social media as a part of the strategy to win elections etc.  It appears that the politicians are only exposing their ignorance of law and bias by making extreme comments which are misplaced.

These comments supported by some of the known biased journalists will be spreading disinformation to the extent possible. For the time being let us ignore these comments.

We will try to explain the changes and put out our views in this regard.

Naavi

New Intermediary Guidelines… Legitimate and Well within the rights of the Government: 
Proactive technology tools to identify violation..new intermediary rules: 
New Intermediary Guidelines.. Intermediaries need to have Indian Subsidiaries..: 
Intermediary Guidelines.. Who is and who is not an intermediary?: 
Draft Intermediary Guidelines 2018… Public Comments invited:
Copy of the guidelines: 

PS: As per the addendum released on 31/12/2018, the public comments released upto 15th January 2019 would be placed on the website on 18th January 2019 and a 10 day period upto 28th January 2019 would be allowed for receiving counter comments if any…. Group Cordinator, gccyberlaw@meity.gov.in

Posted in Cyber Law | 1 Comment

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?

Posted on December 23, 2018 by 98410spice

[This is in continuation of the previous article on the subject]

(P.S: These discussions are called the “Second Awakening” because though ITA 2000 came into existence on 17th October 2000, the stake holders and more particularly the IT industry never recognized that there was a law that required a closer look as part of their compliance requirements. It was only in April 2011 when the rules under Section 43A was notified, that the industry woke up to the existence of this law. This was the first awakening. Then everybody went to sleep once again. Today there is greater recognition of GDPR and the proposed PDPA than the currently prevailing ITA 2000/8. The current controversy which was politically motivated and arose out of a simple sub notification has suddenly created a flutter in the IT industry which I have called the Second Awakening.)

Background:

In the previous article, I referred to Section 69 of ITA 2000/8 which empowers a competent authority to authorize “Interception, Monitoring and Decryption” of electronic information through any computer source.

There was a notification of a rule titled “Information Technology (Procedure and
Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009″ on October 27, 2009.

A Controversy has now broken out after the Ministry of Home Affairs came up with a notification on 20th December 2018 stating that they are designating 10 agencies to carry out Interception, Monitoring and Decryption.

The notification has been wrongly interpreted by members in the political community as a move to create a Police State in India before the next general election and a challenge to Privacy. The controversy has gained traction because the professionals also were unaware of the law as it existed and what this notification actually meant and in their eagerness to support Privacy, the technical circles also went with the politicians in criticizing the MHA order as a draconian move to upstage the Puttaswamy judgement of Supreme Court on Privacy. Media as usual went with their TRP objective to create a fire where there was none. The legal activists are already preparing their petition to move the Supreme Court after the vacation to get the Section 69 of ITA 2000/8 squashed a-la Section 66A.

I completely disagree with the false narrative being created in this regard and tried to explain the legal position related to Section 69. The narrative has taken political over tones and most of the professionals are not comfortable in expressing their views if it opposes Rahul Gandhi’s Congress because they are afraid that if Congress comes to power ever, it could hold a grudge. On the other hand we know that Mr Modi and BJP is too soft and anything can be said against them.

Readers of this blog who think I am expressing political views may excuse me since it is difficult to remain silent when Rahul Gandhi, Asaduddin Owasi, Omar Abdulla, Anand Sharma or Gulam Nabhi Azad etc start interpreting Section 69 of ITA 2000 and the regulations there under to create a fake narrative for their political gain. Kindly leave the political comments and focus on what I would like to say on the law as it appears to me.

I pointed out in my previous article that  section 69 of ITA 2000/8 gave certain powers but they were within the exceptions under Article 21 of the Constitution, (Refer: Academike)

According to the Article 21, no person shall be deprived of his liberty “Except according to a procedure established by law”.

It is the duty of the Government to define what is the procedure to be followed if this exception has to be exercised. Not providing such procedure would tantamount to “Dereliction of Duty”.

Privacy is admittedly not an “Absolute Right” and is subject to reasonable restrictions .

Section 69 is an attempt to define the “Due Legal Process” and incorporates adherence to the reasonable restrictions principles.

Hence Section 69 is well within the powers of the Government (remember, it was passed by the UPA Government).

Having enacted Section 69 with effect from 27th October 2009, it was incumbent on the Government to expand the provisions of the section into a more detailed rules which was also promptly done by the UPA Government with its notification of October 27, 2009.

What does the Notification of 2009 contain?

This notification has 25 different clauses. The clause headings are reproduced below.

  1. Short title and Commencement
  2. Definitions
  3. Direction for interception or monitoring or decryption of any information
  4. Authorization of agency of Government
  5. Issue of decryption direction by competent authority
  6. Interception or monitoring or decryption of information by a state beyond its jurisdiction
  7. Contents for direction
  8. Competent authority to consider alternative means in acquiring information
  9. Direction of interception or monitoring or decryption of any specific information
  10. Direction to specify the name and designation of the officer to whom information to be disclosed
  11. Period within which the direction shall remain in force
  12. Authorized agency to designate nodal officer
  13. Intermediary to provide facilities, etc
  14. Intermediary to designate officers to receive and handle
  15. Acknowledgement of instruction
  16. Maintenance of records by designated officer
  17. Decryption key holder to disclose decryption key or provide decryption assistance
  18. Submission of the list of interception or monitoring or decryption of information
  19. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information
  20. Intermediary to ensure effective check in handling  matter of interception or monitoring or decryption of information
  21. Responsibility of Intermediary
  22. Review of directions of competent authority
  23. Destruction of records of interception or monitoring or decryption of information.
  24. Prohibition of interception or monitoring or decryption of information without authorization
  25. Prohibition of disclosure of intercepted or monitored, decrypted information.

Even without going into the details of these 25 clauses, I suppose the professional critics of the MHA notification will realize that this notification does address all the concerns that the critics have raised from the Privacy perspective.

The MHA order was made under rule (4) above which stated

 Authorisation of agency of Government.— The competent authority may
authorise an agency of the Government to intercept, monitor or decrypt information
generated, transmitted received or stored in any computer resource for the purpose
specified in sub-section (1) of section 69 of the Act.

So far no such agency had been designated and therefore the Competent authority had a wide power to designate any public or private body for the purpose of exercising its rights albeit the other restrictions.

By designating 10 agencies now, the Government has curtailed the powers of the Competent authority significantly.

Who is the Competent Authority?

According to rule 1(d), Competent authority means (i) the secretary in the Ministry of Home Affairs in case of the Central Government and (ii) the Secretary of the Home Department in case of the State Government or a Union Territory as the case may be.

The jurisdiction of the state authority lies within the State and where interception etc is required in a different state, the state authority has to work through the MHA.

Is there a proper Over view

The Competent authority has to issue a written order and name the person to whom the information has to be disclosed, containing the reason for the necessary action. This has to be forwarded also to a review committee within 7 days. The order itself lapses in 90 days unless extended and can be extended to a maximum of 6 months.

The Review committee is the Review Committee constituted under rule 419A of Indian Telegraph Rules 1951 and should meet once in two months.

The Review committee consists of  the Cabinet Secretary (Chairman) and the Secretary legal affairs and Department of Telecommunications in respect of the Central Government and the Chief Secretary (Chairman) and  the law secretary and another secretary other than the Home Secretary).

Under rule 24, any person who violates any of the provisions of this order is liable for punishment.

I interpret this as an authorization to not only launch Section 43 and 66 proceedings in case of “Unauthorized access or disclosure”.

This also provides for judicial overview in case there is any violation of the order.

Destruction of Records

Under Rule 16, the designated officer has to maintain proper records of compliance. But the monitored information need to be destroyed after 6 months according to the rule 23.

I have in the past indicated my view that if the information becomes an evidence of a crime, the record may be deemed as evidence and needs to be preserved.

The rule 25 prohibits disclosure of information monitored except as per the order.

Judicial Challenge is not even worth Admission

Thus we can see that there is enough checks and balances built into the rule to satisfy any legal requirements  and therefore if this order is challenges in the Court and if the Court is aware of the legal provisions, then the challenge should be not even admitted.

Misinterpretation that the Agencies have been given power

We need to recognize that the MHA order does not provide any powers to the agencies to conduct their own investigations. Such an impression if created is wrong.

The only authority that can order the interception is the Secretary Home. The agencies are those through which such information can be collected by the competent authority.

Any person including the agency itself if it requires monitoring, has to approach the Competent authority, get a written order and proceed.

There are of course certain emergency powers where monitoring can be started before the authority issues a written order and they are dealt with separately under Rule 3 as emergency powers.

I request all my professional friends to go through the above and let me know if any further doubts remain in their mind that the perception being circulated in the media is blatantly false and malicious.

Naavi

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?
The Second Awakening… What is Section 69?
Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening
Agencies empowered under Sec 69. No Need to raise a false alarm

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9

Posted in Cyber Law | Tagged , , | 1 Comment

The Second Awakening… What is Section 69?

Posted on December 23, 2018 by 98410spice

[This is a continuation of the earlier articles on the subject]

Section 69 along with 69A and 69B was introduced in ITA 2000 with the amendments passed in December 2008 by the then UPA Government. Though the passage was without any discussion, there was a standing committee which deliberated the amendment bill for over 2 years before the bill was introduced in its final form and passed.

Sections 69, 69A,and 69B along with 70B gave powers to different officials of the Government for the purpose of interception, blocking and collecting data from intermediaries and other IT users and to implement the Cyber Security.

These sections provided “Legal Empowerment” to enable discharge of the normal Governance functions which was necessary and also permitted under the Constitution.

The Politics behind the Criticism

Most people in the media are commenting on the MHA circular without reading the Section and the relevant regulation. They are politicians like Rahul Gandhi who deserve to be ignored or  media anchors who are arrogant and think they know everything or professionals who are passionate about the concept of Privacy and distrust the Government.

It is disappointing that some of the well informed professionals in the security arena  are also joining the bandwagon of critics and giving support to the false accusations of the Corrupt Congress politicians.

Their concerns may be genuine but in the present context, their stand is only helping the corrupt politicians and not the cause of either Privacy or Governance. I am therefore vocal about my views though some may think that it represents political support to the current regime.

These professional critics should realize that during the UPA regime there were not only thousands of snooping orders (as revealed by the RTI which is in the news) but there were many more without record.

Misuse of power is an issue that is to be handled separately and not mixed up with the current issue of whether the MHA order is an intention of the current Government to create a Police State, Create an Emergency situation etc as Rahul Gandhi, Owasi or Omar Abdulla or Gulam Nabhi Azad complain.

It is necessary that professionals who are trying to apolitical and avoiding recognition of the politics behind the current outrage realize that they are only deceiving themselves. My intention is to open the eyes of such professional critics so that they donot become pawns in the hands of the politicians to create a narrative which is false and malicious.

MHA Order does not give Snooping Powers to any agency

To start with let us recount that the current MHA order is within the powers conferred under section 69(1) of ITA 2000/8.

It is therefore incorrect and malicious to read this as if it is an order authorizing the 10 agencies to conduct a roving monitoring of the activities of the citizens as is being presented by the ill informed media and the opposition politicians.

The order only designates the agencies that may be called “authorized” to carry out the orders if any from the “Competent authority”.

This is actually restricting the powers of the Competent authority preventing it from using any agency other than these designated agencies.

These agencies cannot independently start any monitoring activity because they are not the “Competent Authority” and their powers are restricted to a “Specified Order”.

Competent authority can only issue such orders if

“it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence,”

subject to the provisions of sub-section (2),

for reasons to be recorded in writing,

by order,..”

Sub section (2) above refers to the Procedure and Safeguards which were later notified under the “Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 which was notified on 27th October 2009.

In order to understand the legislative intent of Section 69, it is necessary to also look at Sub section (3) and (4) of Section 69 which states as under.

(3) The subscriber or intermediary or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub section (1), extend all facilities and technical assistance to –

(a) provide access to or secure access to the computer resource,, generating, transmitting, receiving or storing such information; or

(b) intercept or monitor or decrypt the information, as the case may be; or

(c) provide information stored in computer resource.

(4)The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with an imprisonment for a term which may extend to seven years and shall also be liable to fine.

The legislative intent of this section was to ensure that Intermediaries and persons in charge of the IT systems cooperate with the agency entrusted with the security obligations when called upon to do so.

The competent authority was obliged to use this provision only when there was a situation where the “Exceptions to the Privacy” was permitted under the Constitution and not otherwise. It was also obliged to have a written order for the purpose and use only designated agencies for the purpose.

It is therefore wrong to consider that this section is ultra vires the constitution whether before or after the Puttaswamy judgement.

Don’t Let the Supreme Court to be mislead again

I suppose that even the Government agencies need to realize the intent of the section and ensure that mischievous advocates donot mislead the Supreme Court with PIL s just as they did in the case of Section 66A of ITA 2000.

The Supreme Court is not infalliable and may be swayed by the popular public sentiment and can give wrong decisions in such cases.

This has to be prevented by the professionals who should be prepared to identify the nature of the section and the inbuilt safeguards in the section followed by the notification which we shall discuss in the follow up article.

Misuse of Law and Powers

Arguing that safeguards may be there in the law but it will not be followed is not an argument that can be countered. Yes every law can be misused. This is the element of distrust I mentioned earlier. We inherently distrust the Government and its officials who can be corrupted. But the solution is to make them honest and not distrust all of them for all the time.

I personally distrust the opposition politicians  and officials under the UPA rgime hundred times more than the BJP under Mr Modi and officials in the Modi regime. I am therefore willing to place the trust in the current regime and consider that this MHA order was a routine order.

Why Now Argument

Opposition politicians seem to think that this Government should stop Governing and hand over the decision making to the opposition because they believe that they will win the next election.

Hence, every decision is linked to the forthcoming election and objected to.

I would like to say that the notification of 2009 had required these agencies to be notified even on October 27, 2009. It was better late than never. It was  difficult to understand certain parts of the order such as “Nodal Officers” without the notification of these agencies for implementation. This uncertainty has been prevailing all along. In the absence of this notification, it was a fair interpretation that the competent authority under the law could designate any agency (public or private) and hence every IT company and Government department should designate a compliance officer or a nodal officer to carry out the directions.

The MHA order serves the purpose of providing a clarity that only these agencies need to be involved in the implementation of Section 69.

I donot know how this sudden realization came upon the MHA. Only insiders can explain how this idea originated.

But I would like to believe that after the recent Supreme Court judgement, there could have been a discussion on what is the “Procedure for Interception” which does not violate the Puttaswamy judgement and the concerns of the Privacy activists. At that time, the department has realized that the procedure is defined under the rules under Section 69 but there is a lacuna that specific agencies have not been formally notified.

Hence MHA could have tried to regularize the lacuna and come up with the clarificatory notification restricting the powers of the competent authority only to these 10 agencies.

….To Be Continued

Naavi

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?
The Second Awakening… What is Section 69?
Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening
Agencies empowered under Sec 69. No Need to raise a false alarm

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9

Posted in Cyber Law | Tagged , , , | 1 Comment

Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening

Posted on December 22, 2018 by 98410spice

[This is a continuation of the previous article]

Yesterday was a day when ignorance and politics took over the debate on the new MHA guidelines under Section 69 of ITA 2000. As expected, the Congress politicians opened the debate in the Parliament with the “Jupiter Escape Velocity” fame expert commented that “India is being converted into a Police State”. Several other politicians such as Sitaram Yechury, Asaduddin Owaisi, Omar Abdulla joined the line of political experts who declared that there is a need for Supreme Court to take a hard look. Towards the end of the day Congress appeared to pull back when they realized that Section 69 in its present form was actually passed into law by the Congress Government itself.

Though some sane voices did emerge from the Cyber Law experts, later in the day, the media as usual continued to bombard the sensational angle as if India has over night become a Police State. The young anchors talking like experts in Cyber Law referred to the Puttaswamy judgement and declared that Privacy is under threat.

In the professional arena, some sense prevailed except for a few Privacy passionate enthusiasts expressed their anguish that the law can be misused.

Behind the criticisms that prevailed all across the media it was evident that many of the commentators were realizing for the first time that there was a section called Section 69 in ITA 2008 and it provided for certain powers for interception etc.

The situation was similar to the moment in 2011 when after the passage of the rules under Section 43A, the IT professionals suddenly came to realize the existence of ITA 2000/8 which became a law on 17th October 2000 with the important amendments of 2008 becoming effective from 27th October 2009.

Perhaps this second awakening is good for the society since we need to understand and appreciate the nature of ITA 2000/8 which is an important legislation of the “Digital Society”. So far everybody was talking of “Digital India”, “Digital Disruption”, “Innovation” etc with complete abandonment of an awareness of the background law.

This debate on “Snooping” however absurd it is, will perhaps result in at least some of the politicians and professionals developing a better understanding.

In the discussions that ensued yesterday, following points have been raised.

  1. Timing: Why did the Government come up with this notification? Does it have anything to do with the forthcoming elections?
  2. Privacy: Does this notification affect the principles of Privacy as a Fundamental Right?
  3. Surveillance: Does this notification mean that the named 10 agencies will start snooping on 1 billion people from tomorrow?
  4. Oversight: Does such powers require a judicial oversight?
  5. Prior Debate: Was a public debate required before this notification was released?

Naavi had highlighted the sweeping powers that sections 69,69A and 69B provided to the state when the amendments were passed in 2008. Unfortunately, at that time no body took notice.

Then on 27th October 2009, the notification called “Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 was published. These guidelines had some ambiguities.  This notification has in fact cleared some aspects of this notification which were difficult to interpret because of the inherent ambiguities. The MHA notification has therefore come as a relief as it sets dome doubts to rest.

I anticipate that the controversy on Section 69 would not die down. The next level of action would be when people like Prashant Bhushan, Indira Jaiswal and others would raise the issue in the Supreme Court.

The Supreme Court is known to be vulnerable to succumb to media hype as it did in the case of Section 66A judgement and partially in the case of the Aadhaar judgement and arrive at incorrect interpretations. Hence we need to place on record our views so that the false propagandists donot hijack the debate.

We shall therefore explain the Section 69, the notification of October 27, 2009 and also answer some of the questions raised above in a series of articles that will follow.

We hope this will clarify the uncertainty that may prevail in the minds of the public. This is only an academic explanation of what ITA 2000/8 for those who want to debate the law.

This may not however satisfy the Politicians who want to any way blame the Government because they feel that they have a friendly media which will make any lie uttered 1000 times look like truth. We have to leave them revel in their imaginary world.

...To Be continued

Naavi

Reference:

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?
The Second Awakening… What is Section 69?
Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening
Agencies empowered under Sec 69. No Need to raise a false alarm

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9

Some media reports: The Wire : Arun Jaitely : Rahul Gandhi: Owaisi :  Experts

Posted in Cyber Law | Tagged , | 1 Comment

Agencies empowered under Sec 69. No Need to raise a false alarm

Posted on December 21, 2018 by 98410spice

 The uninformed media is at work since morning commenting on the MHA Order notifying additional agencies empowering use of powers under Section 69 of ITA 2000/8.

Refer notification here:

According to the notification, 10 agencies such as the IB, ED, CBI etc are notified as authorized agencies.

Until now according to the earlier notification G.S.R. 780 (E) dated 27th October 2009, for such orders the competent authority was the “Secretary of Ministry of Home Affairs” in the Central and State Governments. No other agency had been named for execution of the action envisaged.

The Competent authority was empowered to authorize an agency of the Government for the purpose. The process for authorization was detailed in the notification. What the MHA has now done is to exercise these powers to notify the agencies which can exercise the powers.

The powers are as per restrictions inherent in Section 69 (1) and are well within the constitutional provisions.

For immediate reference we quote the section 69(1).

“Where the central Government or a State Government or any of its officer specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information transmitted received or stored through any computer resource”

It is prudent for responsible citizens to recognize that the powers are to be exercised under a process and are well within the provisions of Constitution and refrain from making a hue and cry about a routine notification.

Such powers of India has been there since long under Telegraph Act itself and is also present world over including USA and UK. The powers are essential for Governance and does not preclude action against people who misuse.

Section 69 itself contains an inbuilt provision for preventing misuse which may be invoked if concerned citizens have any issues.

Under Section 69(2), the law provides that the

“Procedure and safeguards subject to which such interception or monitoring or decryption may be carried out shall be such as may be prescribed”.

In the event the procedures and safeguards are not followed even by a Government official, it would tantamount to “Unauthorized Access” and could be considered as an offence under Section 66 of ITA 2000/8 which has a punishment of upto 3 years.

Those who are today throwing tantrums on the TV and those members of the media who are raising the bogey of Privacy, Constitutional rights etc are either not adequately informed or are as usual raising a bogey to criticize the Government.

I will not be surprised if politicians raise ruckus in the Parliament and some activists also go to Supreme Court against the order.

Let’s understand the law as it is and respond without raising a needless false alarm.

Naavi

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?
The Second Awakening… What is Section 69?
Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening
Agencies empowered under Sec 69. No Need to raise a false alarm

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9

Posted in Cyber Law | Tagged , , | 1 Comment

Securing the world against Rogue Robos

Posted on December 20, 2018 by 98410spice

Several Movies have captured the ugly face of Technology.  Most of the time this is because technologists intoxicated with the power of technology often create monsters without knowing the consequences. With the growth of Artificial Intelligence and humanoid robots, the dangers are increasing everyday and we need to respond to this alarming situation.

A Scary incident has now been reported from a Lab in Japan. The incident reportedly occurred in August 2017 and a whistle blower has revealed it now. In this incident 29 humans were killed in a lab producing autonomous war robots. The four soldier robots went rogue and started shooting the humans. Out of these three were dis assembled physically by the workers while the fourth was smarter and was searching the satellite data base on how to re-arm itself.

Ultimately this also might have been dismantled but the fact remains that the dangerous phase of AI is now before us and if we continue to act intoxicated and donot learn from our mistakes, we are creating  robot monsters which will destroy the humanity.

But some of the videos in the link Six scary things about AI raise concern about the capacity of the robots to think on their own and also express views about conflicts with the human race make everyone sit up and take notice of the possibility that the movie kind of situation may become a reality too soon for comfort. We may not be able to find a Rajnikant in real life to save us from the damages that rogue robots may create.

It is time that the international community takes some corrective action to ensure that “Artificial Intelligence Does not over ride the “Isaac Asimov Principles of  Ethical Robotics“.

Japan was instrumental to the first atomic bomb being dropped and now it appears that it can be the source of the next great tragedy on the planet.

Imagine what could be the consequences of terrorists either acquiring these “Autonomous Military Robots” or hacking into some of them. If we donot have a security solution for such incidents, it is better we donot create these monsters.

Earlier Incidents

From January 25, 1979 when an accident at the Ford Factory claimed the first human life by a Robot to the reported death of 29 persons in a Japanese lab by a “Rogue Robot Soldier” being manufactured, there have been several accidents where Robots have claimed human lives.

Some of them are captured here.

  1. 25th January 1979: Robert Williams killed in the Ford Factory at Flat Rock, Michigan. This was dubbed as an accident since the worker ignored a safety measure and accidentally switched on the machine while trying to repair it. (Refer here).
  2.  May 7, 2016: Joshua Brown killed in a self driving car accident when his Tesla failed to distinguish a Tractor trailer in front from the sorrounding bright sky and drove under the 18 wheel trailer and crashed. This was clearly a failure of the software and caused by the negligence of the developer and deficiency of testing.
  3. 2007: Nine South African Soldiers were killed and another 14 wounded after an anti aircraft weapon (Oerlikon GDF-005) started shooting by itself. It could be termed as a techno mechanical failure where the gun jammed and exploded before going berserk and firing 250 rounds. Software failure was not ruled out.
  4. July 7, 2016: Police in Dallas used a robot to kill a dangerous killer who had killed several persons and hiding in a building by attaching a grenade to a robo and sending it to the garage where he was hiding and exploding it. The person killed was Micah Johnson but the use of the “Bomb Detecting Robot” to execute the human was perhaps a justified action of the police under the circumstances. (P.S: It would be interesting to know how the pseudo human rights activists and the Indian Judiciary would react if such action is taken in Kashmir by the Military)
  5. 9th December 1981: An accident at Kawasaki heavy industries killed Kenji Uranda, a 37 year old man who was trapped by the working arm of the robot when it was being repaired. (Refer here). This also can be identified as an accident caused by the negligence of the worker.
  6. 2015: A man was reportedly killed in Baunatal, Germany in the Volkswagen plant when he was grabbed by a robot and pinned against some metal sheets causing injuries to which he succumbed later. It was again classified as an accident caused by human error.
  7.  March 2017: A lady, 57 year old Wanda Holbrook  was killed by a robot at Ventra lonia Mains Plant in Michigan where she worked as a maintenance specialist. In this incident a robot picked up a trailer part and dropped it on her skull. (Refer here). This could be a planned murder because there were unexplained multiple faulty maneuvers it carried out resulting in the death.
  8. 2009: 40 year old Anna Vital was killed by a robot at Golden State Foods in California, when a robo grabbed the worker like a box it was supposed to handle and crushed her to death while she went near it to correct an error….another accident by human negligence.
  9. 2015: 24 year old Ramji Lal working in a SKH Metals factory in Manesa India was stabbed to death by a robot. He had tried to correct the position of a metal piece which had been lifted by the robot when the moving arm hit him. The case was wrongly recorded as a case of electrocution and not as a “Death caused by a robot” perhaps to avoid the payment of compensation. (Refer here)
  10.  June 2016: Regina Elsea, a 20 year old was killed by a robot at Ajin USA, a South Korean owned plant in Alabama while trying to repai a faulty robot. Several safety violations  by the unit to maximize profits were revealed during the enquiry.
  11. July 2017: There was also an incident of a Robot suicide (Refer here) when a security robot in Washington drowned itself in a pond but the incident could be considered as an Accidental fall”.
  12.  May 2018:  The Uber Car accident (Refer here) can be also added to the above list. In this incident Uber had deactivated the emergency braking system and relied on the human driver to act. The obstruction was detected 6 secs before the accident and the emergency brakes could have been deployed about 1.3 secs before the crash had it been active. But in this case the human driver was not alerted in time to act. (Refer here). This was both a technical error and human negligence.

It is estimated that prior to the current incident. over 61 deaths and injuries have been caused by industrial robots (Refer here).

Isaac Asimov laws

The legendary scientific fiction writer Isaac Asimov had in 1942 itself laid out three laws of robotics which was a guidance to be followed by all programmers. While some of the cases referred to above are clearly accidents, it is clear that there are errors caused by faulty programming in many of these cases.

The three laws which he wrote were as follows:

  1. First Law – A robot may not injure a human being or, through inaction, allow a human being to come to harm.
  2. Second Law – A robot must obey the orders given it by human beings except where such orders would conflict with the First Law.
  3. Third Law – A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws

When Asimov wrote his fiction, I am not sure if he could visualize the full impact of the “Artificial Intelligence” as we find today and the nature of the society that abounds in financial greed and religious fanaticism. The current scenario appears far more dangerous than what Asimov could have envisioned.

It is time therefore for the Information Security Community to start thinking of the safeguards that we need to build to ensure that AI is not used indiscriminately by unethical and negligent software workers.

Naavi

Also Refer: Six scary things about AI

Posted in Cyber Law | Tagged , , , | Leave a comment