Naavi.org

During the final days running upto the 2019 elections, Congress and its Lutyen’s media created a controversy about EVMs that engaged the attention of the whole country including the Supreme Court. But for the resolve of the two of the Election Commission members, Chandrababu Naidu and Congress would have succeeded in disrupting the election process. By not accepting the demand for the first counting of VVPAT slips, EC perhaps saved the day.

Supreme Court Set a wrong Precedent

But it must be placed on record that the honourable Supreme Court failed to uphold the integrity of the Election Commission by acceding to the request of the opposition for counting VVPATs in 5 machines per constituency.

It is not a question of what is the harm in such counting even if the result had to be delayed by 4 hours?

The net result of the Supreme Court agreeing to the count of 5 VVPATs instead of one was that VVPATs were given a presumptuous recognition as if they were “Voting Slips” similar to the ballot papers of the olden day manual voting. Had the scenario speculated by the undersigned  , there would have been a constitutional crisis. Supreme Court would have been solely responsible for creating such a crisis.

As long as the Supreme Court cannot rid itself of the influence of a few politically motivated senior counsels who can set the agenda for the Court, such incidents will keep recurring. The CJI is personally facing the wrath of such advocates and their supporting lobby in his personal case which has eroded the reputation of the Court itself.

Hence the Government, Election Commission and the Supreme Court has to jointly work for the restoration of the faith in the electoral system and ensure that politicians donot sully the image of the election process as it suits them.

I therefore call upon the Modi 2.0 government to take necessary action to restore the faith of the EVM system in particular and the election system in general

I recently heard from a famous astrologer that the Government may introduce “Online Voting” in this term. This demand has been there primarily for enabling the NRI voters and further to improve the voting percentages. There is definitely merit in the demand but it needs to be approached with caution.

The problems with our electoral system now include

a) The Electoral rolls are not upto date and hence there could be genuine omissions of voters who move out from one address to another and also because political parties actually introduce bogus voters to rig the elections. There are many rogue state governments who would indulge in such practices with the possible assistance of the local officers of the election commission much before the election heat is generated. We therefore need to find measures to sanitize the electoral rolls.

b) The EVMs are not amenable to the kind of manipulation that Mr Kejriwal or Kapil Sibal are complaining because there are over riding physical security measures that are difficult to manipulate. But it is still possible to capture booths and force voters to vote for a particular party or for one party to simply create votes in the names of the voters without the voter being present. When there are state Governments like West Bengal and Kashmir or Kerala who cannot be easily disciplined even with the central security forces, “Booth Capturing” cannot be easily eliminated. We need to find measures to prevent such booth capturing.

c) The confusion created by the Supreme Court regarding the counting of VVPATs as a confirmation of the EVM count itself needs to be resolved legally and technically. This aspect has been discussed several times by the undersigned (Refer articles here). The legal position needs to be re-iterated and clarified so that we end the opposition to EVM arguments once and for all.

To address all these issues, I request the Government to take the following actions.

1. Updation of Electoral Rolls

Consider updating the electoral rolls at every booth level through an online authentication process  through a three stage process.

First would be the self authentication by the voter himself for which he can provide appropriate KYC documents. The second would be by the EC officials. Upto this, the system would be similar to the present system.

The third (an addition to the current process) is by the other approved co-voters in the same constituency through a block chain method. The approval block chain in the third stage could fork if the voter’s entry is not approved by others. This should be recognized as a challenge and should be open to the voter producing necessary confirmation and also submitting himself to a penalty if his identity is proven to be wrong in a subsequent enquiry.

The three level approved voter’s list should be considered for further use as the official revision of the voter list.

The “Challenged Voter List” may be published separately by the EC from time to time so that the affected voters may take steps to get their names removed from the list if necessary.

Votes cast by those in the “Challenged Voter List” should be considered as “Provisional Votes” which may be recognized only during an election petition.

2.  Voting Surveillance

The present system of having Central forces in the booth is only having partial effect in ensuring fair polling. Since 100 % of the booths cannot be secured by the CRPF and the inability of polling officials to prevent lumpen elements taking over the process cannot be prevented, it is necessary that every voting booth has to be subject to an electronic surveillance through a CCTV which broadcasts the voting process to a public website which can be viewed by the voters.

The CCTV picture of every voter should be recorded so that it can be challenged later in an election petition. It goes without saying that “Burqua” or “Helmet” may have to be removed during the voting process.

3. EVM modification

Every EVM must be modified to have a touch sensitive screen on top on which the ballot paper appears as an image. When the button is pressed on the screen, the status of the screen with the voting mark has to be captured as a screen image, hashed and the hash value printed in the VVPAT. While the VVPAT will continue to show the image of the party etc as is done now to satisfy the voter, the printing of the hash of the image containing the copy of the ballot paper after voting along with the time stamp will provide an electronic evidence of the ballot cast. This will provide legal validation of the VVPAT as a copy of the ballot paper.

It must however be clarified that as long as the electronic voting is recognized by the Peoples Representation Act, the voting gets completed when the electronic signal arising due to the pressing of the button by the voter as generated by the screen on the EVM is stored in the memory of the EVM. The binary imprint on the EVM’s memory is the etching of the ballot cast.

After the casting of the vote, generation of the VVPAT is an acknowledgement created as a secondary copy of the original binary noted ballot. There should be technically no mismatch between the votes recorded in the EVM and the counted number of VVPAT slips. If however they do arise, then the EVM count should be considered as the more reliable and legally recognized vote and discrepancy if any should be subject to a discussion in an election petition only. At the time of such election petition the both official may be required to provide a Section 65B certificate to the batch of VVPAT slips relevant for the challenge.

I request that the Modi Government in its second term takes up this issue seriously and take remedial action. The Election Commission itself may take up these suggestions and submit its recommendations to the Government. The Government should submit the same to the Supreme Court as a suo moto review so that the Supreme Court should also  record its views without hiding behind the arguments of motivated advocates during a PIL on a later date.

It is necessary that the Government, the Election Commission and the Supreme Court work as a single responsible team to bring credibility to our electoral system rather than each blaming the other. We need each of these three bodies to express “Vishwas” on the other. “Vishwas” of these three will bring in “Vishwas” for the citizens on the electoral process.

When GDPR came into effect on 25th May 2018, the most notable aspect of GDPR was the level of penalties for non compliance which could be as high as 4% of the global turnover of a company or Euro 20 million whichever is higher. This was the single most aspect of the regulation which shook up the industry all over the world including in India.

Now that one year has passed since GDPR became effective, we can review how this high penalty regime has worked in practice.

As per a report published at the end of February,  it is found that, in the first nine months, there were 206,326 cases reported under the new law from the supervisory authorities in the 31 countries in the European Economic Area. (Refer Report). The total fines imposed amounted to Euro 56 million.

About 65,000 were initiated on the basis of a data breach report by a data controller, while about 95,000 were complaints. Some 52 per cent of the overall cases have already been closed, with 1 per cent facing a challenge in national courts.There were some GDPR cases in progress, but that the past year had been mostly focused on legacy investigations, with fines handed to Uber, Facebook and Equifax. It may be noted that not all the fines were about data breaches. About half of the complaints related to the way subject access requests have been handled.

A list of penalties imposed by different Supervisory authorities is available  here.

During the last one year, German data protection authorities have issued 41 GDPR-related fines. Fines were levied for a variety of GDPR violations, such as inadequate technical and organizational security measures, non-compliance with information duties and sending unauthorized marketing e-mails.

Google was fined from France’s data regulator, citing a lack of transparency and consent in advertising personalization, including a pre-checked option to personalize ads.

In Denmark, a Taxi Company Taxa 4X35 was fined 12 M DKK because during a random audit, the company was found to have over 9M personal records the company had stored but did not need to and had failed to delete.

In the UK, the Information Commissioner’s Office (ICO) has dished out numerous six-figure fines but none have yet exceeded the £500,000 maximum penalty that was the maximum under the Data Protection Act 1998. The ICO slapped Facebook with the maximum possible fine of £500,000 for the social network’s role in the Cambridge Analytica scandal.

The Polish privacy regulator issued its first GDPR fine, penalizing an unnamed firm over £187,000 for scraping public data on individuals and reusing it commercially without notifying them.

It appears that during this year perhaps many more of the complaints may be further followed up.

It remains to be seen if the fines would result in better compliance in the coming years.

One view in the industry is that despite the media coverage on huge fines, the big companies seem to have actually grown their business in the post GDPR era while the smaller companies unable to manage the cost of compliance have lost their market share.

The counter productivity of high penalty regime has been identified even by HHS for HIPAA implementation which has recently reduced some penalty aspects under HIPAA-HITECH Act.

This is an important observation that we in India need to keep in mind when we implement PDPA in India. The draft E Commerce policy issued by the Government in February 2019 had indicated that small companies need to benefit from the policy and even suggested that MNCs need to share data in public interest with Indian companies.

The DPA should keep this public good objective in mind and  ensure that the high levels of fine and the criminal penalties under PDPA are not applied indiscriminately on SMEs.

For this purpose, it may be proposed in the Bill that a differential rate of penalty may be applicable based on the nature of the organization and more specifically if it is incorporated in India and owned and managed by Indian entrepreneurs.

The objective of the data protection legislation is not to enable the DPA or the Supervisory authorities to make undue profits out of the fines but to be able to make the industry take the regulation a little more seriously than they would otherwise take. I suppose this would not be lost sight of when the Indian PDPA is taken up for passing int he Parliament as an Act.

Naavi

Under HIPAA-HITECH Act, penalties for violation of the Privacy rules were pegged at a maximum of US Dollars 1.5 million per type of violation. The caps would apply to violations of each specific HIPAA requirement or prohibition in a given year, not to all HIPAA violations in a given year.

For example, if a covered entity violated more than one HIPAA requirement or prohibition, the cap could be multiplied by the number of different HIPAA provisions violated.

Now, as per a recent order, HHS has changed the rules related to the application of maximum penalties. It will no longer be $1.5 million per violation per year. It would be different for different types of violations.

Until further notice by the HHS, annual caps on penalties for a violation of a HIPAA requirement or prohibition will range from $25,000 for an unknowing HIPAA violation; $100,000 for a HIPAA violation due to reasonable cause but not due to willful neglect; $250,000 for willful neglect corrected within 30 days; and $1.5 million for willful neglect not corrected within 30 days.

Naavi

On December 31, 2017, we posed a question to Mr Modi. ” Modi is yet to open his third eye on Bitcoin, the new alternative to Black Money…Will he wake up in 2018?”

Now that Mr Modi has the mandate for Modi 2.0, will he at least now open his eyes?… is the question we need to ask.

In October 2018, Nasscom chief said Bitcoin is illegal. In November 2018, we called upon the Supreme Court to declare Bitcoin as illegal..

But the Supreme Court has not so far displayed the courage to declare Bitcoin as illegal. It has hidden behind technicalities asking the RBI to give its views or the Government to give its views. It clearly appears that the Supreme Court is reluctant to say the obvious. We can speculate why.

We have written scores of articles on this site on how Bitcoin is a Currency of the Criminals and Terrorists, and  needs to be declared illegal and banned. We have discussed how legalizing Bitcoin will destroy the Indian economy, give China a handle to manipulate India. We have also highlighted that banning Bitcoin (along with other privately held Crypto currencies) is essential for choking the Dark Web. We have teased Mr Arun Jaitely and Mr Modi for not taking a decision. 

But the decision to ban Bitcoin is yet to come…

We have to now start questioning whether the Government has an understanding that “Bitcoin is the Black Money of the Digital World” and “Demonetization of physical currency was thwarted partly because of the availability of Crypto currencies” or there are any other reasons why there is a policy paralysis in this regard.

Now even before the Modi 2.0 takes over, I see the Bitcoin lobby at work. An article was circulated today under the title “Supreme Court Advocate suggests how to regulate Crypto in India”  . The article appears in bitcoin.com and it is easy to note the vested interest of the publisher. 

As per the article, some comments have been made in support of the continuation of the monster called Bitcoin and I would like to counter these points.

Comment 1 : “The right regulatory framework would ensure transparency, oversight and accountability”

Counter: Regulation pre-supposes recognition of Bitcoin as a currency. We cannot regulate some thing which is not recognized.

Under Indian law, Bitcoin is an electronic document and since it is not included in the schedule I of ITA 2000/8, it is not de-recognized as an electronic document  under Section 1(4).

But the use of Bitcoin as a “Currency” is ultra vires the RBI Act.

Any body referring to this electronic document as “Currency” exchanging it to Rupee or other currencies, using it to barter with other goods with the description of Bitcoin as a currency are violating the RBI Act.

Any promotion of Bitcoin as a “Currency” and a legal tender should also attract penalties under the law (IPC) for “Cheating” amongst other things. Any person assisting in the exploitation of the concept “Bit coin is a currency” and its promotion are liable for criminal conspiracy to cheat.

These penal provisions apply even to the publications and authors who are promoting the idea that Bitcoin is a legal tender.

Since the concept of “Bitcoin as a currency and legal tender” is ultra vires the Indian law, any regulation can only be to clarify and state that “Bitcoin is illegal”. There cannot be a regulation of narcotic drugs and  arms trade by people except to say that they are illegal. The same applies to Bitcoin.

This can be done by just adding an explanation in the Schedule I of ITA 2000/8. 

The MeiTy need not wait for July 23 when Supreme Court has to give its views on the case. It can act even now in under its administrative powers and get it ratified once the Parliament is convened. If the department has any other view, it is just an excuse.

Comment 2: “Explicit terms of functioning for such exchanges can regulate the kinds of virtual currencies that may be traded, the modes and methods of reporting, the restrictions on trading (including on valuation spurts etc.,) and also investor protection provisions can be incorporated,”

Counter: Since the commodity which is the subject matter of exchange is illegal, the exchange activity will also be illegal. No further discussions are warranted.

Comment 3: There is also debate on whether cryptocurrency can be banned at all. After all how would the government enforce it without infringing on the privacy of all. Any form of electronic device may be used to store crypto currency.

The defense of “Privacy” for illegal activity is untenable. Privacy is the right of a law abiding citizen and if there is any prima facie doubt that a person may be holding or trading in illegal currency, the argument of Privacy cannot save him. No Privacy law recognizes this right.

Enforcement is the responsibility of the Government. Argument that it is difficult is not a valid excuse. Any form of electronic device can be used to commit phishing or online frauds. Can we therefore regularize Phishing?

Comment 4: Unless we hear something concrete from our finance department I don’t think it’s going to affect existing traders.”…”By closing out the banking route, the Indian government merely pushed the entire market into the cash system thereby making it more opaque and impossible to track or trace”

Counter: This is an admission that Bitcoin exchanges in India are continuing to do business even though it is prima facie evident that it is not legal. We even saw one company putting up a Bitcoin ATM in Bangalore to run a havala operation of exchanging rupees into Bitcoin. The Government needs to take deterrant penal action to curb such illegal activities continuing.

Comment 5: It is likely the bill will take some time to become law, even if the government decides to introduce the same in the Lok Sabha, and certainly not before the next supreme court hearing on the issue in July, which might provide some clarity on the issue.

Counter: It is clear that the Bitcoin lobby is counting on a favourable judgement from the Supreme Court. This gives room for the speculation that the Bitcoin lobby may try to fix the judges.

We need to specially watch out for any irrational judgement that may come out which may confirm this suspicion. 

People are watching and Supreme Court should recognize if it is coming either under duress from parts of the industry or under the influence of any illegal gratification or promise thereof.

Since the future of many political parties may be involved in the legalization of Bitcoin, the highest level of influence would be brought to bear on the Court and the Court has to treat this as a sensitive case and handle it with a commitment to the national interests.

Comment 6: many countries such as the U.S. have chosen to regulate crypto assets instead of banning them. With every change that USA has brought about, other countries including Singapore and Japan have followed suit,

Counter: We are aware that many countries have legalized drug trade or arms trade. It need not guide our movement to eliminate black money from the system.

If we need to remove black money, we need to remove it even from the digital space. We are not concerned with what other countries do.

In fact, it is my sincere desire that Mr Modi extends his fight against Black Money to the global scenario and takes up the issue of outlawing privately held Crypto currencies across the globe. A consortium of like minded countries need to be formed. This should help several countries in Africa and elsewhere where there is terrorism and insurgency which requires drug trade and arms trade to go unhindered.

Comment 7: India’s population and young demographic being a substantial part thereof is reason enough for the government to take a definitive stance, the advocate told the news outlet. “Else a large young risk intensive population may have already entered the crypto-asset market and may then be left adrift with no remedies or solutions.

Counter: Definitive stance…yes. But only to criminalize the holding and use of Bitcoins.

Otherwise the argument is similar to that of Mehbooba Mufti that “Stone Pelters of Kashmir are misguided youth only and should not be punished.

If the misguided youth or others have already committed a crime, there is no need to protect them with a favorable law now.

They can always be given an opportunity to declare their holdings, account for it, surrender it and then allow them to escape  criminal  penalties.

Comment 8: The National Association of Software and Services Companies (Nasscom), a nonprofit trade association of the Indian information technology and business process outsourcing industries, is among those that have urged the central bank to consider allowing crypto companies to participate in its regulatory sandbox. 

Counter: This is a misguiding statement. Nasscom chief has admitted that Bitcoin is illegal. There is no need for any experimentation in the sand box of regulations. This will be a strategy like the proverbial Arabian Camel in the tent.

Comment 9: Since cryptocoins and tokens are an important component of the blockchain technology, the draft regulations appear to exclude testing of smart contracts and other approved blockchain technology under the sandbox.

Counter: This is another fallacy being spread by the lobby. Block Chain technology as has been used in Bitcoin has no use in any regulated activity. The Private Blockchains are a technology which are a fancy name to some thing which is already known and is being used. Hence there is nothing to be gained by shielding Bitcoins under the garb of testing Block Chain technology. 

Counter 10: Payments Council of India (PCI), the payments industry lobby group, has also urged the RBI to include cryptocurrency businesses in its regulatory sandbox, according to the Economic Times. Naveen Surya, chairman emeritus of PCI, believes that “Since there is no outright ban on cryptocurrency technology, it should form part of the sandbox,”

Counter: The article quotes the Chairman Emeritus of PCI. I look forward to the view of  the current management of NPCI.

I will be raising this issue both with the NPCI and PMO to confirm the view of NPCI. If there is any support for Bitcoin, I will not have the hesitation to call that it is wrong.

Counter 11: India should really look clinically at formulating simple regulations to meet its unique socio-economic milieu and lend support for developing the technology.

Counter: All the fancy words only mean a support for the Criminals to run their domain with a currency which cannot be traced by the legacy Governments. This currency supports the Dark Web, the exchange of Crime ware, collection of ransom in ransomware attacks. It can be and is perhaps is being used for paying terrorist sympathizers in India including the political parties by our enemies across the border.

What Needs to be done

Hence there is no need to show any mercy on the Bitcoin. It must be banned. Any person holding the Bitcoin should be considered as “Attempting to commit a money laundering offence” and booked accordingly. A small window may be given for voluntary disclosure when the crypto currency balances are surrendered for confiscation to the Government in convertible legacy currency and such persons can be exempted from criminal punishments. 

I list the “Banning of Crypto Currencies” (Privately managed) as the unfinished agenda of Modi 1.0 and urge Mr Modi, Mr Amit Shah and whoever becomes the  Ministers of Home, Finance, Law and IT to take appropriate steps to ban Bitcoins forthwith. 

I will forward this article to my MP besides the officials of NPCI and the PMO and seek their comments. If NPCI does not counter what is stated in the article, it can be presumed that they endorse the view mentioned…..Let us put their commitment to remove Black Money to test.

I am sure that this article will not be liked by many of my friends. I have explained elaborately in my previous article  of exactly this possibility and given my reasons why I still express such a view in the interest of the nation. 

I hope a majority would share my view. What matters however is…

Will Modi 2.0 share the same view?

Naavi

There is a big relief for people like us that Mr Modi is back. The relief is more because the alternative was a sure recipe for disaster.

But we the people of India are not content with the relief. We look forward to accelerated positive developments that can take our country forward. During the last few months of Modi 1.0, it appeared that Mr Modi was getting exhausted. Afterall the vicious campaign of the opposition was taking its effect on his self confidence. As a result the Government slowed down on many fronts during the last quarter of the 2018 and upto now.

The Tukde Tukde Gang led by advocates who were only interested in disrupting the society was well supported by the highest Court of the land and led the country into a “Temporary Policy Paralysis”.

This created a fear that if Mr Modi did not come back, the country would be destroyed by the opposition politicians supported by  PIL advocates who could make the Supreme Court dance to its tune. Now with the renewed support of 353+1 members of the Loksabha, Modi 2.0 is stronger than ever before and hence there is a temporary feeling of relief that the worst is over.

But has Mr Modi himself  recovered from his exhaustion and retained his vigour for an immediate return to fighting against the anti national forces or has been softened with the bombardment of the opposition over the last year, needs to be watched. 

During the last few months, I am aware that my professional image  was a little dented by my open expression of support to Mr Modi to the extent that in the social media, I was branded by trolls as Modi Bhakt. 

But in the interest of the nation, it was felt necessary for professionals like me to take a position openly and oppose the pseudo-seculars spread all over unmindful of the criticism that may come through. It is possible that this could have also adversely affected some of my professional work as well. 

Now it appears that the difficult period is over and the Indian electorate has silently brought Mr Modi back to power with a higher majority than before. Presently, we are waiting for the next step of cabinet formation and subsequently  the roll out of the Modi 2.0 promise.

Like the Justice Srikrishna concept of “Data Fiduciary”,  where we can expect the Data Controller to do more than what is contained in the consent because he is a trustee, Mr Modi is the “Citizen’s Aspiration Fiduciary”. What this means is that irrespective of what is stated in the manifesto etc, we the citizens expect that Mr Modi will act in such a manner that the Indian Citizen will benefit by his Governance in every aspect. The world is dynamic and hence the aspirations of people may also undergo a change.

As a Citizen’s Aspiration Fiduciary, we expect Mr Modi to keep doing things that are good for the citizens of India as we go forward. Hence we need to keep presenting our thoughts and ideas to the Government and Naavi.org will continue to do this in the domain of Data Protection, Cyber Laws, Information Security and related areas.

I thought I should wait to comment on the agenda for Modi 2.0,  until the cabinet formation is over, but some media elements appear to have already got their act together and started their campaign. In the Cyber Crime domain we know that whenever technology moves, it is the criminals who first make use of the new developments and the security professionals need to catch up.

Similarly, those who were opposed to many of the policies of Mr Modi in the earlier regime are the first off the block to start lobbying in the new regime even before it is formally in place. I already see planted stories and comments in the media/social media on certain  policy aspects as well as on who should be in the cabinet and what should be the portfolio allocations.

Therefore we also need to jump in and not allow the narrative to be one sided. As followers of this blog have recognized in my last post on the EVM, I have a tendency some times to express my views in advance to pre-empt the counter view point gaining ground. May be some of my apprehensions are therefore considered as speculations but I feel it is better to err on the safer side and start the counter discussions before it is too late.

I have been drawn into the political discussions since around the days of emergency in 1975. Though these were suppressed during my career as a Banker in the public sector, it obviously came back when I was free from employment obligations. 

People who have followed my other site www.aifon.org.in are aware that I have followed the electoral politics from time to time and expressed support for Modi and his predecessors in BJP.   Though I consider that Mr Modi is the best thing to happen to Indian politics as predicted by Nostradamus,  I will  continue to be the Chowkidar whether or not the prefix is still with my Twitter Handle or not.

In pursuance of this national responsibility within the chosen professional domain, I will try to highlight some of the policy decisions that I consider as needing special attention of Modi 2.0 government. In this series we will discuss the need for Bitcoin Ban, the PDPA Bill, the Intermediary Guidelines etc.  though it may be slightly uncomfortable to some of the professionals. 

This is a disclosure before I publish some of my view points on the unfinished agenda.

Naavi

Dark web is an aberration in the world of technology.It is a tragedy that Dark Web has spoiled the beauty of a concept called Internet.  Most security people talk of the impossibility of regulating the dark web. But just because a bad thing is difficult to remove, civil society cannot remain a mute spectator.

Naavi discusses the world of Dark Web for the India Legal magazine in this article.

Read the article here. ...Article titled Mafioso of the wired world

Naavi