An Unprecedented Technical Revolution in Health Sector is in the offing in India…

Posted on July 27, 2018 by Vijayashankar Na

The Ayushman Bharat scheme also referred to as the Modi Care program is an ambitious welfare scheme which Mr Modi is implementing. Under this scheme it is expected that 1.5 lakh health and wellness centers offering  preventive and primary care would be operating ont he supply side and over 10 crore plus households would be provided a health insurance of Rs 5 lakhs per family.  The idea is to promote both the supply and demand side of health care service.

The ambitious plan which could transform the country in terms of public welfare is likely to also provide an unprecedented boost to the technology suppliers who specialize in the health care sector as the Government is unleashing a visionary digital framework usable by all stake holders in the Ayushman Bharat scheme in the form of the proposed “National Heath Stack” (NHS).

NHS is envisaged to be a holistic platform that supports multiple health verticals and integrates future IT solutions so that by 2022, digital health records of all citizens would be available on the platform.

It is clear that the challenge in terms of the sheer size of the required digital network along with the support features of connectivity, security etc would be providing an opportunity of unprecedented scale to the IT industry in India.

It is time for our businessmen to sit up and take notice of this development and start planning ahead for harnessing the opportunities that may be unleashed under NHS. It is expected that the grand announcement would be made about the roll out of the scheme on August 15 when Mr Modi makes his Independence Day speech which could be the last such occasion before the next election.

The occasion and opportunity is big enough to think that the 2019 Loksabha election could be actually a vote for and against Modi Care program.

While the political minds may keep scratching their heads on the pros and cons of NHS in the political environment, it is time for Cyber Security and Privacy Professionals should focus on the NHS document which has been placed for public comments for which the last date for submission is August 1, 2018.

In case you are yet to take a look at the document, kindly refer to ” National Health Stack Plan… This is the Digital Health Aadhaar Scheme…Available for Public Comment” and ensure that your comments if any is sent by e-mail to healthstackniti@gmail.com

Indian Academy of Data Protection Professionals (Proposed National Conglomerate of  Data Protection Professionals promoted by Naavi) is planning to conduct a Webinar on NHS on this Sunday, the 29th July 2018. Contact Naavi for details.

Naavi

Posted in Cyber Law | Tagged , , | Leave a comment

Offline verification of Aadhaar data.. Is it feasible?

Posted on July 26, 2018 by Vijayashankar Na

According to the Caravan report about the proposed new Data Protection Act /Privacy Protection Act which the Srikrishna Panel has tabled, a suggestion has been made for amendment of the Aadhaar Act to introduce what is called “Offline Authentication”.

A discussion has already ensured in the professional circles, how the “Offline” authentication can be done without a copy of the Aadhaar data being kept outside the CIDR and whether it will introduce new data breach risks.

However, I feel that just like the introduction of the Virtual Aadhaar ID which stepped up the security of the Aadhaar data by several notches and took the wind out of the anti-Aadhaar lobby, it is likely that this “Offline Authentication” system may also turn out to be a good practical suggestion that can ensure that Aadhaar system survives the critical scrutiny of the Supreme Court.

Just to think of one of the measures by which this system can be introduced, we can envisage that UIDAI may authorize “Identity Certification Agencies”.

This could be  part of the Digi Locker scheme and Digital Certificate Scheme run under the CCA. In such a scheme certain agencies may be licensed to make verification based on “Virtual Aadhaar ID” submitted by the Aadhaar user (Global KYC agents can perhaps use the real Aadhaar ID itself) and maintain a mirror identification data base of “Members of its service”.

These agencies could be be similar to the “Data Trusts” which Naavi had proposed earlier. Individuals could deposit their ID information with these agencies who may be private sector agencies who may have access to technology which they claim are better than that of UIDAI. Their data base may be maintained on the basis of their membership and the linked Virtual Aadhaar ID.

If there is any data breach at these “Trusted Intermediaries”, then UIDAI cannot be blamed. Also the loss can be recouped with the change of the Virtual Aadhaar ID.

Hence this move will both address the issue of insulating the CIDR from too much of access by public and also silence the critics by challenging them to be the secure repositories of the data if they are capable rather than blaming the Government all the time.

For the positively minded, this is an additional opportunity to create a business out of the need to secure personal data.

It is therefore time for the Critics of Aadhaar to accept the challenge thrown at them by the Srikrishna panel and find solutions to make offline Aadhaar authentication feasible without the fear of personal data breach.

Naavi

Posted in Cyber Law | 2 Comments

Another leak of the Srikrishna Committee Report on Data Protection

Posted on July 26, 2018 by Vijayashankar Na

Even while the Srikrishna Panel has expressed dissatisfaction at TRAI coming up with its own Privacy Protection regulation and a consequential need for revision by the Panel of its draft, Caravan has released a report about a draft copy of the proposed act containing 15 chapters which it has gained access to and released some of its views.

The Caravan article is here

Also see: Economic Times

This article  focusses on  some suggestions reported to have been made by the committee on Aadhaar Act and RTI Act.

It would be appropriate for us to wait for the official release of the draft to make serious comments.

However for the sake of records we can recount the remarks of Caravan.

  1. It is said that the draft proposes amendment to Aadhaar act and an “Offline Verification” for Aadhaar.
  2. It is also said that the RTI Act is also proposed to be amended with the need for the following three conditions to be fullfilled for the release of Personal data(a) the personal data relates to a function, action or any other activity of the public authority in which transparency is required to be maintained having regard to larger public interest in the accountability of the working of the public authority;(b) if such disclosure is necessary to achieve the object of transparency referred to in clause (a); and

    (c) any harm likely to be caused to data principal by the disclosure is outweighed by the interest of the citizen in obtaining such personal data having regard to the object of transparency referred to in clause (a).

We shall wait for further information to come forth instead of speculating on the above measures as there are more fundamental aspects of the law which may need attention rather than these peripheral issues.

Naavi

Posted in Cyber Law | Tagged , , | 2 Comments

Ethical E- Expression Consortium

Posted on July 25, 2018 by Vijayashankar Na

The media has been reporting many incidences of lynchings in India apparently caused by spread of rumours through the WhatsApp messaging system. Some of these may be “Fake” news and some may even be “Genuine” information which has evoked violent reactions due to the emotional content of the messages.

There was also a recent confusion created by news report that “Forwarding of a Message is equivalent to endorsing of a message”, arising due to a wrong interpretation of a Court decision.

In the light of the above, there have been some indications that WhatsApp itself may be introducing some changes into its system such as “Restricting forwards” or “Flagging a Forward” etc.  Such measures are welcome.

However, the solution to the problem may not lie in merely restricting the forwards to five or indicating that a “forward is actually a forward”.

It is clear from the developments that many of the lynchings that occurred in recent days had a political over tone meant to discredit the current regime and build up a narrative for the forthcoming elections. Media which is biased in favour of the opposition is hand in glove with building of such a narrative. Hence in many instances, the forwarding of a message or publishing of a message is only an “Excuse” for a “Crime already contemplated”.

Since in many cases, the investigations are also biased, truth might not have come out.

While WhatsApp or Bolo may try to find their own methods to improve reliability of messages it is necessary for persons using different means of expression on the Electronic media to ensure that they follow certain ethical principles.

While every person who originates a message can take care at his personal level to be ethical and avoid deliberate false messages, we cannot rule out the need for forwarding of messages of doubtful veracity either to check if it is true or to fore-warn if there is a potential risk if the message is ignored. Hence some “Conditional Forwarding” should be possible without attracting the wrath of the law.

Flagging a forward as “Forwarded as Received, Authenticity not Checked or Guaranteed” could be a good disclaimer that can protect a person in law.

But over and above this, I propose that a voluntary “Ethical E  Expression Consortium” (EEE Consortium) be formed which provide a “Virtual Editor” service to the individual publishers. The members should be able to load their expressions which may be blog articles or twitter messages or Facebook posts into the forum repository in the form of a link and let some body else review the comment and suggest their removal if it is necessary. The authors may either post their message and then seek a review or wait for a while before publishing their messages so that some reviewer can alert them if they are going overboard.

This would be a self regulation for bloggers before the Government comes up with its own regulation which all of us may later criticise as “An Assault on Free Expression”.

Naavi

 

Posted in Cyber Law | Leave a comment

Will TDSAT hold its hearings through Video conferencing?

Posted on July 22, 2018 by Vijayashankar Na

Telecom Disputes and Settlement Appellate Tribunal (TDSAT) is a body created initially for settling the disputes in the Telecom sector. However the Finance Bill  2017 has changed the character of TDSAT by merging the Cyber Appellate Tribunal (CyAT) which was set up under ITA 2000 to hear appeals from the Adjudicating officers all over India and the CCA.

TDSAT was set up under TRAI Act 1997 (as amended) and exercises both original and appellate jurisdiction. CyAT on the other hand exercised only an appellate jurisdiction and not original jurisdiction.

TDSAT does not seem to have issued separate rules for handling Cases transferred from CyAT and probably it may do so some time in future. In the meantime the existing law and the rules regarding TDSAT may be considered as continuing.

In CyAT, the appeal filing fees was Rs 2000/- and no fees was fixed for miscellaneous applications. TDSAT presently prescribes a fee of Rs 5000/- for the petitions and Rs 1000/- for Miscellaneous applications. CyAT required 6 copies of petitions to be submitted while in TDSAT, 5 copies may be sufficient but one additional copy is required to be given to the counter party.

TDSAT procedures include a specific “Mediation Procedure” which may be referred to the mediation center of the tribunal. The Mediation Center charges a nominal fee of Rs 1000/-. The fees of the Mediator and the Office expenses are borne by TDSAT. This is definitely a huge advantage for the small petitioners.

Naavi.org had raised two other points in its previous article which we would like to re-iterate.

First is the possibility of TDSAT holding its hearings outside Delhi in cities like Bangalore, or Chennai or Mumbai or any other place where the petitioners are located.

Second was the possibility of using online interactions through Video conferencing. If this is acceptable, the first requirement of holding sittings outside Delhi may not be that important.

The online hearings can also be extended to the Mediation process so that the need for travel of the petitioners and respondents to Delhi can be reduced.

Naavi.org has already drawn attention to the fact that it is ready to provide the services of ODRGLOBAL.IN where a facility is already available for conducting online arbitration supported by evidentiary capture of proceedings under Section 65B of Indian Evidence Act. ( More details are available at www.odrglobal.in). TDSAT may either use this facility itself or create a similar facility for its own use. If this suggestion is accepted, there would be a revolutionary change in the way justice is rendered to the petitioners.

Naavi would be happy to provide any assistance to TDSAT in implementing such technology innovations if required.

We look forward to how TDSAT approaches its new responsibilities for the cases transferred from CyAT.

Naavi

 

Posted in Cyber Law | Tagged | Leave a comment

Will TDSAT render justice to Cyber Crime Victims?… I seek some answers

Posted on July 21, 2018 by Vijayashankar Na

Cyber Crime victims in India have been waiting for a long time for the re-activation of Cyber Appellate Tribunal (CYAT) which became dysfunctional on 30th June 2011 during the UPA II regime and never came back to life even after the NDA Government under Mr Modi came to take charge.

Despite the push given to Digital India by Mr Modi and repeated reminders from activists like the undersigned, the Government and the Chief Justice of India who ever was in charge during this time could not find a replacement for Mr Rajesh Tandon who superannuated while he was the Chairman of CyAT. What was surprising was that during part of this time when CyAT was dysfunctional, there was a retired High Court judge namely Justice Krishnan, who was appointed as a member of the CyAT but was not designated as the Chair person though he was eligible.

Mr Gulshan Rai who has been in the forefront of CERT for a long time and later moved onto the PMO was the person in charge of CyAT as an administrator and despite being in the PMO, could not impress upon Mr Modi to re-activate the CyAT.

In the Finance Bill of 2017, Mr Arun Jaitely gave another body blow to the CyAT by abolishing the CYAT and merging it with the TDSAT. It was like the proverb, which states Don’t Cut off your nose if you cannot cure cold, but that was precisely what Mr Jaitely did as a Finance Minister.

As a result of this apathy of the Government of India, the CyAT which was closed on 30th June 2011 with many pending petitions of Cyber Crime victims who had lost lakhs of rupees and believed that there will be justice at the end of their struggle, remained in operative until the beginning of this month.

It has taken a full 7 years for the system to be re-activated. I am sad that no body in the Government least of all the Law Minister and IT minister Mr Ravi Shankar Prasad took this issue seriously.

During this time there were a few cases like

  • a) The Case of ICICI Bank vs S.Umashankar in which ICICI Bank had been ordered by the Adjudicator of Tamil Nadu to pay compensation to the Cyber Crime victim, which had been heard extensively over a period of more than an year, arguments were completed, written arguments were also submitted and the CyAT had posted the case for judgement three days past the expected date on which the Judge was supposed to retire.

  • b) The Cases of Gunashekar and Vijaykumar Vs PNB in which PNB was jumping from Adjudicator of TN to CyAT and CyAT to Madras High Court and playing one authority against the other only to delay the case as long as possible until it got stuck at CyAT.

  • c) The cases of Gujarat Petosynthese Ltd and Mr Rajendra Prasad against Axis Bank and ICICI Bank respectively where the Adjudicator of Karnataka had dismissed the petitions holding that the word “Person” used in Section 43 of ITA 2000 does not include a “Company”.

Out of the above litigants, is is sad to note that one of the complainants has already expired. Others are now 7 years older and soon we will have a situation where the Court will call for a hearing only for the legal heirs to attend.

I would like everybody involved in these disputes including the Banks who consider their fraudulent customers more valuable than victim customers and use all their financial might to frustrate the complainants and the advocates who spend more effort in seeking adjournments rather than getting into presenting their fair views to think who is responsible for the delay in the delivery of justice.

They should expect that  the dis-satisfied souls of deceased Cyber Crime victims will hover around these Courts for justice until justice is delivered. Unfortunately our politicians are worried only about Farmer Deaths and not Cyber Crime Victim’s death. Even Mr Modi knows only about the “Fasal Vima Yojana” and not “Cyber Crime Insurance”.

Despite RBI mandating Cyber crime insurance way back in June 2001 and advising Banks to absorb the legal risks in such cases, Banks led by the insensitive fraud tolerant CMDs have failed to take action. Now RBI has also advised that there should be “Zero Liability” in certain cases but Banks hardly recognize the authority of RBI and ignore all such customer friendly directions.

Finally now the TDSAT has started calling up pending applications and trying to take stock of the cases. This is a silver lining but could be a silver lining which may recede fast into the background if TDSAT does not take some procedural steps to ease the process of justice delivery.

TDSAT is used to hearing petitions of big companies like the Vodofone, Reliance or Aircel and hearing arguments from the likes of Kapil Sibal or Gopal Subramaniam. They will now have to come down to earth and look at cases in which the dispute is in a few lakhs or even thousands and the victims cannot afford to engage lawyers of repute in the Supreme Court and would prefer to argue the cases themselves.

Is TDSAT prepared to re-orient itself to be able to do justice to this relatively poor victims? … I am looking for an answer.

CyAT had a simple procedure and  a nominal fee. Will TDSAT follow the same principle?…. I am looking for an answer

CyAT was prepared to travel and hold hearing in Chennai twice during its tenure… Will TDSAT hold hearing in South India so that the expense of travel compounded by adjournments does not kill the cyber crime victims a second time?….. I am looking for an answer

CyAt was prepared before it went out of action to conduct proceedings over Video Conferencing though it did not materialise. (Mumbai Adjudicator held one hearing over video conferencing for a Nagpur case and showed it was feasible). Will TDSAT be prepared to hold such online hearings so that Cyber Crime victims need not travel to Delhi everytime?... I am looking for an answer

Naavi.org promises that if TDSAT wants to use the online dispute resolution platform of odrglobal.in, it will offer such service if required, free of cost without any obligations. (ODRGLOBAL is an online platform that is compliant with ITA 2000/8, Indian Arbitration and Mediation Act and also the proposed UN model law on ODR). Will TDSAT agree to use the platform for the benefit of the Cyber Crime victims?.….. I am looking for an answer

I wish that this message reaches those who matter in the Government of India and the TDSAT and I will get answers to all the above questions. These are not questions raised by an activist alone but by the hundreds of Cyber Crime victims.

All my friends who receive this message are requested to kindly forward this to the relevant persons so that a serious attempt is made to correct the damage inflicted on the Cyber Crime victims of India over the last 7 years in the CyAT being held in a non functional state.

Naavi

  • Disclaimer: There is no political agenda in the above statements though I have expressed my complete dissatisfaction with the officials and ministers under the current Government. My views should not be misunderstood. For the records, I am a supporter of Mr Narendra Modi and his policies.
Posted in Cyber Law | Tagged , , , , | 1 Comment