California Consumer Privacy Act of 2018 …to be effective from January 2020

Posted on June 30, 2018 by Vijayashankar Na

After the EU GDPR followed by UK DPA and German DPA, we now have California Consumer Privacy Act of 2018 which has been passed to take effect from January 2020. (See the copy of the text here)

Under the new law, California consumers will have the right to:

know all the data collected by a business and be able to transfer it twice annually for free.

— to opt out of having their personal information sold (but companies will then be able to charge those consumers higher fees).

— to delete their data.

— to tell a business it can’t sell their data.

— to know why the data is being collected.

— to be informed of what categories of data will be collected before it’s collected and to be informed of any changes to that.

— to be told the categories of third parties with whom their data is shared and the categories of third parties from whom their data was acquired.

— to have businesses get permission before selling any information of children under the age of 16.

Remedies
According to the law,

Any consumer whose nonencrypted or nonredacted personal information,  is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action for any of the following:

(A) To recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.
(B) Injunctive or declaratory relief.
(C) Any other relief the court deems proper.
 Exceptions

(a) The obligations imposed on businesses by this title shall not restrict a business’s ability to:

(1) Comply with federal, state, or local laws.
(2) Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
(3) Cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate federal, state, or local law.
(4) Exercise or defend legal claims.
(5) Collect, use, retain, sell, or disclose consumer information that is deidentified or in the aggregate consumer information.
(6) Collect or sell a consumer’s personal information if every aspect of that commercial conduct takes place wholly outside of California.
For purposes of this title, commercial conduct takes place wholly outside of California if the business collected that information while the consumer was outside of California, no part of the sale of the consumer’s personal information occurred in California, and no personal information collected while the consumer was in California is sold.
This paragraph shall not permit a business from storing, including on a device, personal information about a consumer when the consumer is in California and then collecting that personal information when the consumer and stored personal information is outside of California.
(b) The obligations imposed on businesses  shall not apply
where compliance by the business with the title would violate an evidentiary privilege under California law and shall not prevent a business from providing the personal information of a consumer to a person covered by an evidentiary privilege under California law as part of a privileged communication.
(c) This act shall not apply to protected or health information that is collected by a covered entity governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56 of Division 1)) or governed by the privacy, security, and breach notification rules issued by the federal Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Availability Act of 1996. For purposes of this subdivision, the definition of “medical information” in Section 56.05 shall apply and the definitions of “protected health information” and “covered entity” from the federal privacy rule shall apply.
(d) This title shall not apply to the sale of personal information to or from a consumer reporting agency if that information is to be reported in, or used to generate, a consumer report as defined by subdivision (d) of Section 1681a of Title 15 of the United States Code, and use of that information is limited by the federal Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.).
(e) This title shall not apply to personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (Public Law 106-102), and implementing regulations, if it is in conflict with that law.
(f) This title shall not apply to personal information collected, processed, sold, or disclosed pursuant to the Driver’s Privacy Protection Act of 1994 (18 U.S.C. Sec. 2721 et seq.), if it is in conflict with that act.
The Act will be explored in greater details in due course through this column.
Naavi
Posted in Cyber Law | Tagged , | Leave a comment

Is Private Sector ignoring Virtual Aadhaar ID ?

Posted on June 28, 2018 by Vijayashankar Na
circular

UIDAI Circular on Virtual Aadhaar ID

On 10th January 2018, UIDAI issued a circular outlining the details of its proposed Virtual Aadhaar ID system along with the introduction of the “Limited KYC” system that does not return the Aadhaar number and only provides an “agency specific” unique UID token to eliminate agencies storing Aadhaar number.

According to the system Aadhaar owners could go to UIDAI website and obtain a Virtual Aadhaar ID (VID) by providing the Real Aadhaar ID (RID) and responding to the OTP request. This would be a 16 digit random number which at the back end would be mapped to the real Aadhaar ID and its information. But this VID would be temporary and the user can use it once or for any limited time until he goes back to the UIDAI website and obtains a fresh VID. If the user wants to re-use the VID which he has earlier generated, he can “Retrieve” the VID.

The mobile number is of course the key to the security of the VID since the control is only through the OTP.

While we can debate the security of the OTP, there is also a concern that the real risk in Aadhaar usage is when the biometric is given for authentication. There is no doubt that OTP is less safe than biometric for authentication purpose but from the point of the user, loss of biometric is a permanent loss while loss of OTP is a temporary loss. Loss of money due to fraudulent use of OTP may perhaps be recovered but the loss of biometric would permanently disable a person from many other services where he can be impersonated with the stolen biometric. At this point of time, it is not clear if UIDAI has any security measures for loss of biometric but let us now stick to our discussion on the OTP based VID  system.

It was directed by UIDAI that all agencies using Aadhaar authentication and e-KYC servies shall ensure that users can provide the 16 digit VID instead of the 12 digit real aadhaar ID.

For the Limited KYC system, all AUAs were categorized into two categories namely “Global AUAs” and “Local AUAs”. Once the VID system was introduced, only Global AUAs would have access to e-KYC and all others would have access only to limited KYC.

Global AUAs will alone be eligible to access Real Aadhaar IDs and Local AUAs will work only with VIDs. During the VID authentication process, UIDAI will return a unique number or “Token” which can be stored by the agency for its reference of the customer and his Aadhaar authentication. This token will be agency specific and will be the same for a given agency and a given aahdaar number. This will be a 72 character alphanumeric string meant only for system usage.

Subsequent authenitcation would be allowed for the agency using the token and hence without storing the Real Aadhaar ID, the agency can store the token number and use it for authentication whenever required.

Only Global AUAs are allowed to securely store the Aadhaar number and may be subjected to greater information security oversight by UIDAI.

In this circular, it was stated that the new system would come into force from 1st June 2018. However in subsequent reports, on the UIDAI website- RBI instructs Banks to tweak their systems by June 30 and UIDAI extends deadline to deploy virtual ID system  the deadline for implementation was extended by one month and this expires on June 30, 2018.

It would therefore be compulsory for all Aadhaar User agencies to be ready to use the VID system by 1st July 2018. It is reasonable to expect that UIDAI may stop authentication of Real Aadhaar IDs for “Local AUAs” from 1st July 2018.

To an independent observer like the undersigned, it appears that the private sector is not keen on introducing the system any time in the next few days or weeks probably because they donot think UIDAI is serious in its efforts. Even Banks may not be ready and may ignore the RBI directions in this regard by giving some excuse or other.

UIDAI has also not yet updated list of Global AUAs nor given any public information on what is the criteria under which the existing AUAs will be reclassified. It can be presumed that all existing AUAs will be considered as Local AUAs unless they are reclassified as Global AUAs for which they may have to enter into a fresh contract with UIDAI.

At present it is not clear if UIDAI has moved in the direction of this documentation for re-classification. Also it is not clear if Banks are ready for the new system by 1st July 2018. Hence we need to wait and see if UIDAI will again extend the deadline or show some seriousness in the introduction of the scheme.

It may be reiterated that if UIDAI does not show seriousness in implementing the new system, Government’s case in Supreme Court to retain Aadhaar linking to vital services would become weaker.

Unless UIDAI itself wants to sabotage Mr Modi’s drive against black money and benami property, UIDAI should force user agencies to switch over to the VID system promptly by 1st of July 2018 or within a short term extension of say another 7 days.

Will UIDAI clarify?

Naavi

Related Articles:

Three days to go for mandatory use of Virtual Aadhaar ID… Who is ready?

How Aadhaar security reaches a new dimension with Virtual Aadhaar ID

It is Y2K moment again in India, with Virtual Aadhaar ID

Aadhaar Authentication: How To Use Virtual ID (VID)

Virtual ID is Aadhaar 2.0, It Can be Changed Any Number of Times: UIDAI Chairman

Aadhaar Virtual ID “Unworkable”, Will Oppose Tooth-And-Nail: Petitioners

There’s no consensus over Aadhaar number or 16-digit virtual ID

Old Articles of naavi

Reasonable Security Practices For UID Project..in India..A Draft for Debate

The Unique ID Project.. What should be Unique?

The National ID Card Challenge for Nandan Nilekani.. Part I

The National ID Card Challenge for Nandan Nilekani.. Part II

Posted in Cyber Law | Tagged , , | Leave a comment

Three days to go for mandatory use of Virtual Aadhaar ID… Who is ready?

Posted on June 27, 2018 by Vijayashankar Na

In January this year, UIDAI had announced the introduction of the “Virtual Aadhaar ID” scheme to increase the security of the Aadhaar usage eco system.

The introduction stumped the Anti-Aadhaar lobby who were roaring before the Supreme Court when the hearing against Adhaar’s linking to Bank accounts commenced. In our article “It is Y2K moment again in India, with Virtual Aadhaar ID” and “How Aadhaar security reaches a new dimension with Virtual Aadhaar ID” we had highlighted the expected features of the system and why it was a master stroke of UIDAI which frustrated all the arguments against Aadhaar Security mounted under the “Privacy” considerations.

Now the Aadhaar hearing is over but the judgement is reserved. Also the Indian Privacy/Data Protection Act is yet to be finalized.

The UIDAI move of using Virtual ID as a means of authentication where by the Aadhaar user need to reveal only the virtual ID to a service provider for KYC and not the original aadhaar ID ensured that there could be no leakage of an Aadhaar linked information from the user side. At best the demographic data attached to a Virtual ID could be leaked. But since the aadhaar user can change the Virtual ID any time, the demographic data linked to Virtual Aadhaar Id is delinked from the real Aadhaar ID.

UIDAI had in its January circular indicated that service providers should make arrangements for incorporating the use of 16 digit Virtual Aadhaar Id in place of the 12 digit real Aadhaar Id whenever a service request for authentication is sent by them to the CIDR. This was supposed to be tried out between the period March to June period. UIDAI promptly started the issue of Virtual Aadhaar IDs on its website.

The trial period for testing the Virtual Aadhaar ID is coming to an end on June 30, 2018 and according to the UIDAI’s original announcement, they should stop authentication on the basis of real Aadhaar Ids from 1st July 2018.

However, if we look around, I have not yet come  across a single user institution that has implemented the acceptance of Virtual Aadhaar ID instead of the real Aadhaar ID. When I broached this subject amongst many experts in a recent seminar and also checked with one of the Banks, I found that many of the experts were also unaware of the Virtual Aadhaar system and completely blind to the possibility that the Aahaar KYC can come to a grinding halt from 1st July 2018 if they are not ready with the changed authentication API.

It is unfortunate that UIDAI also has not made any efforts to remind the public or the service providers that from 1st July 2018, the AUA/KUAs and their sub agents should be asking only the Virtual Aadhaar ID from the public and not the real Aadhaar ID.

UIDAI has not even put up a prominent “What is New” or a Blurb on “Virtual Aadhaar ID” on its website. It is an effort to search for the link if any body is interested.

As a result of this complete apathy shown by UIDAI, it is doubtful if any of the users are actually ready to switch over from the current 12 digit data filed of the real Aadhaar ID to the 16 digit data field of the Virtual Aadhaar ID.

Even if in the next two days some can push in the new API into their websites and mobile Apps, it is not clear if they would have done enough testing to avoid glitches in the authentication.

We need to watch out how UIDAI reacts to the industry completely ignoring its fiat. Will it take it lying down? or extend the time and try to push the users  until they introduce the new system?

It appears that UIDAI has no alternative but to extend the data of mandatory implementation of the Virtual ID system. But if they donot show seriousness, Supreme Court may consider that the system is only an eyewash and UIDAI is not serious. At least for this sake, UIDAI in the next 24 hours should come up with a warning that the authentication system may stop accepting the real Aadhaar ID from 1st July 2018.

As a via media, UIDAI may extend the time by charging a penal fees for the service user organizations (not the public) for every authentication based on real ID after 1st July 2018.

Looking forward to a response from UIDAI.

Naavi

Also view: moneycontrol.com

Posted in Cyber Law | Tagged , , | 1 Comment

Certified Indian Data Protection Professional.. Made for India

Posted on June 21, 2018 by Vijayashankar Na

The “Certified Indian Data Protection Professional” introduced by Cyber Law College envisages that professional working in India need to have a an Indian perspective when dealing with Data protection requirements. Presently, Privacy and Data Protection professionals are so focused on international regulations that they forget that there are Indian laws as well which should actually get a priority if there is a conflict.

India has Information Technology Act 2000 since 17th October 2000 which was substantially upgraded in 2008 (effective from 27th October 2009). The Section 43A and Section 79 rules were notified on 11th April 2011. All these regulations had provisions on Data Protection. Now we have the DISHA 2018 (proposed) and IDPA 2018  (Proposed) which will define the health Sector Privacy law and General Privacy Law.

The International laws such as HIPAA and GDPR are also relevant to India since Indian companies do process information that falls under the jurisdiction of such laws and have to comply by their provisions.

However, there is a need for Indian Data Protection Professionals to understand that international laws operate along with local laws and it is the responsibility of the organization exposed to overlapping laws to ensure that the conflicts if any are managed properly.

Cyber Law College was historically the first dedicated online education venture in India and took upon itself a mission to create a “Cyber Law Awareness movement” which was fairly successful. Cyber Law College extended its educational activities to online platform using Apnacourse.com and added the HIPAA course to its fold. Recently it also added the GDPR course to the online package.

When the IDPPA 2018 (Which Justice Srikrishna committee is expected to release as a draft soon) and the DISHA 2018 (which is already into advanced stage of drafting), Cyber Law College will include it as additional education assets. When all these are integrated into one Certification program, the student would be able to get an integrated view of the entire process.

Though at present, India does not have a Banking sector specific law, there are RBI regulations that itself constitute a Banking sector specific law.

The Certified Indian Data Protection Professional course will therefore cover the following segments.

a) Information Technology Act 2000/8

b) HIPAA-HITECH Act

c) GDPR

d) DISHA 2018 (When introduced)

e) IDPA 2018 (When introduced)

f) Indian Digital Banking Regulations

g) Miscellaneous Relevant Legal Provisions which includes Indian Penal Code, Indian Evidence Act and also UK DPA etc.

Out of the  three courses currently hosted on apnacourse.com platform in the form of Certified Cyber Law Professional, Certified HIPAA Aware Professional and Certified GDPR professional already cover a large part of the existing legal provisions that are relevant to an Indian Data Protection Professional.

Additionally, the “Privacy Knowledge Center” (www.privacy.ind.in), the GDPR Knowledge Center (www.gdpr.ind.in) along with naavi.org and ita2008.in provide substantial material for study by the students.

Cyber Law College therefore now proposes to launch an integrated Certification program which tests and certifies the knowledge of professionals in the Data Protection domain in India through an online examination which would be conducted at periodical intervals.

Like many other initiatives, this will be a pioneering introduction to the Indian Data Protection domain.

I hope in due course this certification will gain the recognition of the industry. I look forward to the support and cooperation of all my friends in the industry.

I also intend to offer this Certification program as a support to generate revenue that can be directly applied to the cause of Data Protection Professionals in India for which the modalities are being worked out and details would be made public in due course.

Suggestions if any are welcome.

Naavi

Posted in Cyber Law | Tagged , , , , , | 1 Comment

“Certified Indian Data Protection Professional” …from Cyber Law College

Posted on June 21, 2018 by Vijayashankar Na

Cyber Law College has already been running three online video lessons based programs on Apnacourse.com namely

a) Certified Cyber Law Professional

b) Certified HIPAA Aware Professional

c) Certified GDPR Aware Professional

As and when Disha2018 and Indian Data Protection Act is passed, an additional program to cover the Indian Data Protection Laws will also be launched.

Combining all these regulations, Cyber Law College will be conducting an Integrated online test. On successful completion the participant will be issued a certificate “Certified Indian Data Protection Professional”.

More details will be announced shortly.

Naavi

June 21, 2018

Posted in Cyber Law | 4 Comments

The Vast and Far Reaching Applications of Quantum Computing

Posted on June 20, 2018 by Vijayashankar Na

At present date, Quantum Computing stands towards traditional computing like a horse did towards the Wright Brothers’ plane. The horse was much faster, but the plane could move in a tridimensional space. And we all know how the horse and the plane evolved since then, now don’t we?

Geordie Rose founder of D-Wave, 2015

To address this topic and then to place it within a context of potential leverage towards themes such as Artificial Intelligence, Secure Corporate Communications, Competitive Edge towards the marketplace as well as others … it is mandatory to start by clearly defining WHAT computing is and WHERE does Quantum Computing stand out.

So, Computing as we know it

A computer is a device that manipulates data by performing logical operations, hence computing is that precise “manipulation” action which allows data to combine and translate into added value information.

The software is the set of instructions that convey what needs to be done with the data, while the hardware is the set of electronic and mechanical components over which the data operations take place according to the provided instructions.

While the core of our universe is the “subatomic world”, meaning the Quantum particles that make all the atoms’ basic components (Protons, Neutrons, and Electrons) the core of computing (as we, humans, have developed it) consists of two logical statuses, On and Off (1/ 0) and its “base element” is called the “bit”.

So, it is a binary system where the basic components (the bits) can univocally present a status of either “1” or “0”.

Mathematically, the human being has grouped this component in clusters of 8, called “bytes” and the logic behind those bytes is that from the bit to the far right towards the bit to the far left (of the 8), each would represent a base 2 exponential figure, meaning:

  • the bit further to the right is 2 elevated to 0, therefore representing number 1
  • the following to the left is 2 elevated to 1, therefore representing number 2
  • the one farthest to the right will be the 2 elevated to 7, therefore representing 64

 

Now, the core of our “modern” computers started by splitting the Byte into two segments of 4 bits each, from left to right the first 4 would represent a number under the form of a base 2 power, while the other 4 bits  would provide the information about which type of data was to the right: a number, a letter an instruction, other. This was called the ASCII table.

The evolution of computing led this initial context to grow both in terms of numbers of bits applied to deal with the information, as well as the speed at which those operations would take place.

From 8 bits in the mid-1990s we moved to 16, 32, 64 and so on while the speed raised from some megahertz to 1 gigahertz, then 2, 4 and it keeps evolving.

In 1965, Gordon Moore the co-founder of Fairchild Semiconductor and Intel, predicted (based on observation), that the number of transistors in a dense integrated circuit would double every two years for the following decade, therefore so would the computing capacity. In fact, the rate has been observed now for several decades, and that constitutes Moore’s Law.

Quantum Computing

Quantum computers are similar to “traditional” ones in the sense that they also use a binary system to characterize data, the difference lies in the fact that Quantum computers use one particular characteristic of subatomic particles (in specific the electrons), called the “Spin” to account for the status “0” or “1”.

The Spin is a rotational/vibration characteristic of subatomic particles that is “manageable” since it responds to magnetic fields, therefore, and in very, very simple wording, while in “traditional computers, humans control the bit status by applying or not power to a given bit; in Quantum Computers, we can affect the Status “Spin-up” which corresponds to “1” or “Spin Down” which corresponds to “0” by applying either variation to a magnetic field or a microwave focused pulse.

And what a difference this makes!

Once we move beyond the atomic world and start manipulating electrons one by one, very strange things take place.

Note: electrons are the particle of choice by two orders of reason, they are the “easiest” to extract from an atom and they behave and become photons once extracted, therefore, being able to transport information over distance as light wave particles.

Subatomic particles behave both as matter and waves, bearing the extraordinary characteristic of being able to represent both Spin-up and Spin Down status at the same given point in time.

Not to spend a couple of thousands of words describing in detail how this is possible and all the multidimensional implications that it represents (parallel universes and so on …), I will just advise you to take a look at Professor Richard Feynman lectures about Quantum Physics.

Now due to this specific characteristic of Quantum Computers (the Quantum particles), this is the point where any similarity between “traditional” computers and Quantum Computers ends.

Making the picture crystal clear, in a “traditional” computer to test all possible combinations within one set of just 4 bits so the one that applies to a given circumstance may be found, the machine goes about each of the following combinations one at a time.

Taking 16 different operations.

Now, since the Quantum computer’s bits (called Qubits) bear the capacity to represent both statuses at the same time, this process would merely require one single operation on a 4 Qubit Quantum computer!

If instead of “half a byte” (4 bits, like represented above), we speak of the latest generation software that deals with 128 bits, guess what? Analyzing all possible combinations amongst those 128 bits would require exactly one single operation on a 128 Qubit Quantum Computer!

I think that, by now, you are starting to get a picture of the involved potential, still let me give you a “hand” here; a 512 Qubit Quantum Computer would be able to analyze more data in one single operation than all the atoms that exist in the Universe.

And Quantum computing has a “Moore’s law” of its own, instead of the momentum being of doubling the processing capacity each two years, each new generation has proven to be 500 thousand times more powerful than the preceding one.

Going back to the analogy between the horse and the Wright Brothers’ plane, it’s like if they had given birth to the Lockheed SR 71 A Black Bird plane, which can fly at a speed of almost 2,200 miles per hour… now imagine what will happen a couple of generations into the future…

Constraints

Here are some constraints towards the establishment of real to the letter Quantum Computers:

  • The environment

As previously mentioned, the phenomena that allow Quantum computing to be such a powerful tool resides in the ability of subatomic particles to simultaneously represent several states; in Physics, this is called “superposition”.

Now, opposite let’s say to Quartz, which is used in modern day clocks because its molecules present a constant vibratory rate that allows high precision at a wide range of environmental conditions from pressure to temperature, humidity, luminosity and so on …, superposition only happens if no external factors are “exciting” the subatomic particles, meaning the subatomic particles only behave like that before having been exposed to any external factor.

It would be enough to have a Quantum Computer Chip hit by sun light to render it inefficient.

Therefore, a Quantum Computer is basically composed of one chip the size of a finger nail and a support cooling and isolation shell the size of an SUV that ensures the required “sterile” and isolated operational environment, and it costs around $ 25 million.

  • Algorithms

Writing algorithms for Quantum Computers requires the ability of thinking and taking into account the laws of Quantum Mechanics, therefore not the task for a common developer.

Peter Shor, from MIT, has developed one Quantum Algorithm (the “Factoring algorithm”) that led the Intel community to the verge of a nervous breakdown by rendering most encryption keys ineffective. Basically, while the most powerful standard computer would take hundreds of years of continuous processing to get there, if tomorrow any of us would have the chance of bringing home a Quantum Computer with the Factoring Algorithm embedded in a software piece, we could break any RSA encryption in a matter of seconds, making all the bank accounts or electronic transactions that we could “look at” absolutely transparent.

Lov Kumar Grover Ph.D. at Stanford and currently working at the Bell Laboratories developed a Database Query Quantum Algorithm that bears the uniqueness of being able to get the right information over a vast unstructured database over a few seconds. Like finding a needle in a colossal haystack within a few seconds.

  • Particle manipulation

The existing current Quantum Computers are technically only partial quantum, since they are able to use strings of electrons and not yet each electron individually. However, a Laboratory experiment in Australia’s South Wales University has recently been able to do so, therefore, maybe the next generation of Quantum Computers will.

Potential

All of this is something that is being developed “as we speak”.

In 2011 the development stage of Quantum Computers allowed the tremendous accomplishment of calculating in one single operation the expression 3*5=15. Yes, just that …

Now back then (in 2011), Dr. Michio Kaku, who is one of the brightest minds of our era, stated in an interview that it was not clear by when would we have the first operational and useful Quantum Computers.

Four years after, in 2015, D-Wave (a Canadian company that produces Quantum Computers), after having developed a Quantum Computer for Lockheed Martin (the company that amongst many other military assets produced the F-22 Raptor fighter jet), produced another one which resources are being shared by Google, NASA and USRA to perform calculations that normal computers (no matter how powerful they are), are not capable of accomplishing within a reasonable time frame (meaning less than 100 years working non-stop).

This last machine is being used (since 2015) for the purpose of:

  • Artificial Intelligence investigation and development
  • Development of new drugs
  • Autonomous machine navigation
  • Climate change modeling and predictions
  • Traffic control optimization
  • Linguistics

 

Building a Quantum Computer doesn’t mean a faster computer, yet a computer that is fundamentally different than a standard computer.

Doctor Dario Gil, Head of IBM Research

We are flabbergasted by the number of things standard computers are capable of solving and how fast they do it, yet there are several things they are either not capable of solving or it would take them so much time that it would bring us no benefit.

Can’t think of any?

Well, here are some:

M=p*q – If someone gives you a given number M which is the product of two unknown very large prime numbers (p and q) and asks you to find them, although there are only two prime numbers that meet the requirement this is extremely hard to accomplish and would require several sequential divisions by prime numbers until you get there. It is in fact so difficult that it is used as the basis for RSA encryption, remember from above?

By the way, the D-Wave machines are not yet at the maturity point which allows dealing with such extremely complex problems.

Highly advanced alloy leagues – molecules for when electron orbits overlap and while dealing with well-known simple elements, like Hydrogen and Oxygen it is very easy to determine the outcome of such combination H2O or water, if we use highly complex elements while attempting to create new materials, that requires tremendous computing power and trial and errors, because those molecular bonds depend on Quantum Mechanics.

The simplest example can mean 2 to the power of 80 combinations in need of being calculated to reach the solution that leads to a stable molecule, which would take years on a standard computer but just minutes in the current state of Quantum Computing capacity.

The most recent D-Wave computer was successfully used in 2016 by a joint team composed of participants from Google, Harvard University, Lawrence Berkeley National Laboratories, Tufts University, UCS Santa Barbara and University College of London to simulate a Hydrogen molecule. This opens the door for the accurate simulation of complex molecules which may result in exponentially faster achievements with much fewer expenditure achievements in the fields of medicine and new materials.

Logistics optimization – Logistic systems are some of the most complex days to day contexts that humans face which have a tremendous financial impact on the global economy. Let’s consider the example of DHL, this international corporation’s Core Business is based on getting a given physical asset from geography A to geography B within a time frame that its clients are expecting when hiring them. To accomplish that, the company has several “back to back” running services contracts with logistic operators, besides having its own fleet of planes, boats, and cars. Nevertheless, having the entire system optimized even under perfect conditions, where no strikes or natural disasters happen is hard enough because a one-minute delay at reaching a given traffic light may impact the 1-day delay in delivering the asset across the Globe. Quantum computing will allow, through data input from live monitoring sensors across the Globe, to constantly optimize routes and available cargo space, in a way that could easily represent a 600% profit increase over current operational standards or a significant price reduction towards clients, while assuring accurate and optimized delivery timings.

Predicting the future – ever watched “The Minority Report” with Tom Cruise? In the movie, although through a different process, computation was able to show what had over 90% probability to happen concerning potential crimes. Dealing with a complex scenario, the likes of an international crisis, it is “merely” a matter of computing power which can deal with an exponentially larger range of influencing co-factors that may affect the result. A standard computer would take years to reach the most probable outcome of such crisis, long after the crisis had been “naturally” solved, yet a Quantum Computer can show the top 5 most probable outcomes within a matter of minutes, therefore becoming a priceless decision support tool.

 

Artificial Intelligence – to begin with, let’s define Intelligence as the ability to acquire new knowledge and change one’s opinion based on such new information. Now The contribution of Quantum Computing to the potential of AI once again pertains speed and this time around “speed of thought”. How powerful would it be a “mind” that could analyze a complex scenario (like the above-mentioned logistics nightmare of a DHL alike company) and promptly decide which course of action to take and where to improve things in terms of processes by assessing that some established workflow is no longer suitable?

The problem would then be, having AIs making decisions and replacing them with new ones at a rate that humans had no time to understand the underlying motives, hence no saying in the approval/ disapproval of such strategic actions.

Safer communications – Quantum Cryptography, what is it?

We have seen that a Quantum Computer has the power to crack our state of the art current encryption pillars, but if it has the power to crack it, it has the power to create something better.

The problem of what we now can reach as methods of encrypting messages is that all of them depend on pre established keys, either unique or combinations of public and private keys and those keys are difficult to crack but only because of the methodology within reach of standard computers.

Now, Quantum Encryption cleverly exploits the initial problem of dealing with particles that behave like a wave until there is an attempt to observe them when they immediately behave like a particle.

Photons, if paired or entangled using the appropriate language, will each maintain their relative spin regardless of space or time, so four pairs of photons that transport each a status “01” conveyed by their spin, creating, therefore, a qubyte that is represented by “01010101” or any other combination for that matter, will maintain this “information” unaltered for as long as they are not “excited” and any attempt to read the code will immediately destroy it.

This bears the power of effectively creating unbreakable, full proof secure messaging.

P.S: This is a guest post published at the request of  Karl Crisostomo of tenfold.com and has reference to our earlier article titled “Section 65B interpretation in the Quantum Computing Scenario”

Naavi

 

 

Posted in Cyber Law | Tagged , , | Leave a comment