A Suspected fraud in the names of Dr Jitendra Singh and the President of India… Who Cares?

Posted on August 10, 2018 by Vijayashankar Na

Last week, a whistle blower brought to my attention that a certain document was in circulation stating

a) An Organization by name Anti Corruption and Anti Crime wing of India operating from Delhi and Chennai for which Former Chief Justice R.M.Lodha has been appointed as the President.

b) A Letter purportedly signed by the President of India namely Shri Ram Nath Kovind has been produced. This is dated 11.05.2018

c) A letter purported to have been signed by Dr Jitendra Singh,  the MOS attached to PMO dated 10th May 2018 has also been enclosed confirming the appointment from 7th May 2018.

Considering some of the other documents that I came across with these two letters, I have a suspicion that both the above two letters are forged.

I have called for confirmation from the offices of both the President of India as well as the Minister and it appears that they have other priorities.

I am however concerned that these fake letters are accompanying a request for mobilization of a membership which indicates a potential all India financial scam.

Several years ago, I had pointed out a fraud in the name of a website www.cgtmse-govt.in and despite the efforts to alert the public many lost money. It was only when a complaint from a person who had lost Rs 26 lakhs in the scam was resolved by the Adjudicator of Chattisgarh that the fraud came to the notice of the public.

It would be better if the suspected fraud indicated in the name of the Anti Corruption and Anti Crime wing is investigated immediately and we know if it is genuine or fraudulent.

From the various documents that accompany the above two letters which I will release in due course, it is more or less confirmed in my mind that this is a fraudulent money raising scheme.

I wish the Cyber Crime police in Delhi, Mumbai and Chennai or CBI itself takes immediate notice of this report and initiate action.

If the investigators are interested, they can contact me for more information. In the meantime, I caution every member of the public who may receive requests for contribution to this activity to refrain from making any payment and wait for further clarifications that we may be able to provide in due course.

I was holding back this publication for nearly a week expecting that some action can be initiated by the investigators before the news is in public domain. But I think that no body is really interested or it will take a long time for the authorities to respond and hence I am publishing it here.

Naavi

Posted in Cyber Law | 1 Comment

We need to Protect Mr Modi from Drone Attacks

Posted on August 8, 2018 by Vijayashankar Na

The explosion of Drones during a military parade in Venezuela which was being addressed by the President Nicolas Maduro who recently won a closely contested election raises an alarm on the risks posed by Drones.

The “Quadcopters” as they are called with four rotors are capable of flying for over 20 minutes and operated from a mile away and cost less than $1000 online. Already militant groups of the ISIS have used such drones to drop mini bombs or crash into targetted structures. (refer here)

What the incident highlights is that a risk of this type can be expected to arise in India where there are terrorist groups supported by opposition political parties who are targeting to assassinate Mr Modi before the next Loksabha elections. For them these Drones are an easy tool.

We need to therefore flag this risk and take suitable corrective actions. The ball is in the court of technology experts and Information Security Experts in particular.

To start with, possession and flying of Drones must be subject to strict licensing process as stringent or more on Gun licensing.

Permissions must be restricted to the use of specific frequency of communication which could be monitored and blocked if required so that “Licensed drones are not used for attacks”.

This still leaves the “Unlicensed Drones” as a risk which need to be jammed and shot down like an alien aircraft if seen intruding into security zones. Perhaps we need to declare a radius of a mile around a suspected target as a “Risk Zone” and shoot down drones if they are seen flying around. Any operation of Drones for security purpose or for permitted surveillance or photography has to be strictly under a licensed bandwidth of communication and watched with hawk eyes.

The security of the Super  VIPs like Mr Modi (not to be extended to all Tom Dick and Harry VIPs) should include sharp shooters watching the skies who could bring down the drones beyond say 100 metres  from the VIP.

Probably this will mitigate the risk but does not eliminate attacks where chemical weapons may be used.

This means that Modi security should include availability of an oxygen mask which may be immediately deployed in case a drone explodes or shot down in the vicinity.

Will the Government of India take note and initiate necessary action?

Naavi

 

Posted in Cyber Law | Leave a comment

Data Privacy in the Indian Scenario

Posted on August 7, 2018 by Vijayashankar Na

Indian Academy of Data Protection Professionals is conducting a web based round table on Personal Data Protection Act 2018 to provide a preliminary exposure of the proposed law to its members.

This initiative is intended to be a movement of the Data Protection Professionals in India to create a body of themselves, for their empowerment through various activities.

The formal membership of the Academy is yet to be opened up.

On the occasion of this round table and to serve as a background material, Naavi is sharing a presentation made by him on 28th July 2018 at Chennai immediately after the official release of the draft of the Personal Data Protection Act 2018 on July 27, 2018 by Justice Srikrishna Committee in Delhi. (Copy of the presentation is available here)

Naavi

Posted in Cyber Law | Leave a comment

Web based Roundtable on Personal Data Protection Act 2018

Posted on August 6, 2018 by Vijayashankar Na

The Indian Academy of Data Protection Professionals (IADPP) will conduct a web based Roundtable discussion on 12th August 2018 at 8.00 PM.

The Roundtable will be lead by Naavi and will have participation from other invited professionals.

A Copy of the proposed Personal Data Protection Act 2018 (PDPA 2018) is available here

Those who are interested in participating in the discussions may contact Naavi through e-mail.

The link to the meeting would be sent by e-mail in due course. People can join even on mobile.

Speakers:

1. Applicability: Nagendra of T Consultants
2. Data Subject’s (Data Principal’s)  Rights: P.B Vishwanath of Wipro

3. Data Localization: Rakesh Goyal of Sysman.in
4.Role of DPOs: Harish of Hanvik Infosec

5. . Data Controller (Data Fiduciary) Responsibilities: Lalit Kalra of EY
6. Civil and Criminal Penalties: Naavi

Naavi

 

Posted in Cyber Law | 2 Comments

Let’s steer clear of the “Sagarika Syndrome”

Posted on July 29, 2018 by Vijayashankar Na

A couple of weeks back, Niti Aayog published a document outlining “National health Stack” which was the proposed digital platform architecture to support the Ayushman Bharat program of the Government which is trying to provide a “Social health Security” to the masses.

The NHS outlined a program where there would be a central repository of health care beneficiaries, the service providers, the health data of millions of participants etc.

There is no doubt that the “Storage and Processing of Health Data” which is considered  as “Sensitive Personal Data” both under ITA 2008 and PDPA 2018 (proposed) is a proposition which should be flagged for Data Theft Risk. Globally, health data of individuals are targeted by hackers and the best of Companies in advanced countries have not been able to prevent the data breach.

It is also true that when valuable asset is all located or is accessible through a single gateway, it enhances the risk by increasing the reward for the hackers.

However, the benefits of IT can only be harnessed when data is aggregated, analyzed and used with appropriate technology tools. This is true as much for the GST scheme as for the Ayushman Bharat program.

The role of experts in the industry is to flag the risks and suggest remedies. It is to be appreciated  that in this spirit of seeking public opinion, Niti Aayog has placed the NHS information in the public domain and sought comments.

Instead of providing constructive suggestions, some journalists however prefer to pass derogatory comments to run down the program before it is launched and this tendency is what I have called the “Sagarika Syndrome”, named after the famed journalist Sagarika Ghosh, (wife of Rajdeep Sardesai) whose Twitter account is a wonderful disposition of how we can speak negatively about anything this Government does or proposes to if the Government is led by a person called Narendra Modi.

I donot think Sagarika is aware of NHS but I came across an article by another gentleman called Praneet Jha (Not aware if he is related to the other famed talker Sanjay Jha) headlined “National Health Stack: An Architecture of Doom for Public, Data For Private Profit” published in a website newsclick.in which reflects exactly this journalistic syndrome of running down every program with a biased view.

I would like to however place my counter views through these columns.

In my opinion NHS is a well intentioned program which is perhaps bigger than the Aadhaar program and would be creating a huge opportunity for the IT industry. The Security concerns are genuine and since we are now looking at the plan, it is possible to build security into the systems at this stage itself and it is the responsibility of all of us to contribute towards this.

The author has quoted one incident in Indiana where a patient missed insurance coverage because the system rejected her identity and uses it as a peg to state that NHS will lead to such instances in India. Technology failures and false positives or negatives are “Errors” which need to be addressed and cannot be eliminated. We can build mechanisms to circumvent this through grievance redressal mechanisms which NHS can  address.

The security of the data is proposed to be taken care of through encryption and authentication of access. Yes there could be failures and negligence of the service providers which could leak sensitive data. But this would be the responsibility of the service providers and after the PDPA 2018 coming into being, service providers need to be careful. We cannot blame the NHS which is only a technology backbone.

The scheme envisages a “Trusted Data Fiduciary”, “Smart Contracts”, “Block Chain technology”, “Federated Personal health record” etc which are all innovative concepts.

I wish critics look at the proposal positively and offer their suggestions rather than criticise for criticism sake.

Let’s us propose health criticisms with constructive suggestions and avoid blind criticisms.

Naavi

 

Posted in Cyber Law | Tagged | Leave a comment

Personal Data Protection Act…2.. RTI Act amended

Posted on July 27, 2018 by Vijayashankar Na

The much awaited Data Protection Act of India has finally come to the open with a copy of the draft now being available. This appears as a text of the Bill and needs to be passed by the Parliament, approved by the President and notified in the Gazette before it becomes a law. This is part of a series of articles on the new Bill which when it becomes an Act will bring several changes to the Privacy and Data Protection scenario in India.

[This is the second of a series of articles that will be published on this topic…Naavi]

Presently the Section 8(1)(j) of Right to Information Act 2005 stated as follows:

 “information which relates to personal information the disclosure of which has not relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information: Provided that the information, which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.”

Now this has been replaced with :

“information which relates to personal data which is likely to cause harm to a data principal, where such harm outweighs the public interest in accessing such information having due regard to the common good of promoting transparency and accountability in the functioning of the public authority;

Provided, disclosure of information under this clause shall be notwithstanding anything contained in the Personal Data Protection Act, 2018;

Provided further, that the information, which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.

Explanation. —For the purpose of this section, the terms „personal data‟, „data principal‟, and „harm‟ shall have the meaning assigned to these terms in the Personal Data Protection Act, 2018.”

The change is consequential. However it requires an interpretation of “likely to cause harm” if disclosed and that such harm outweighs the public interest.

This means that before any personal information is disclosed the Information officer should quantify and document the “Likely hood of harm” and “Public Interest” before arriving at a decision to allow or disallow the release of the information.

Naavi

A Copy of the Proposed Bill is available here (67 pages)

A more detailed Report of the Srikrishna Committee is available here (213 pages)

Posted in Cyber Law | Tagged , | Leave a comment