Naavi.org

Our honorable Minister of IT Mr Ravi Shankar Prasad has stated that India will create a Global bench mark with its Data Protection Act which is being drafted now.

While we welcome the goal set by the Minister, it is time to discuss how India should approach creating the Global Bench Mark. The proposed Act will be based on the report of the Justice Srikrishna Committee which will actually draft the contours of the Act to which the Government will just add some structure.

Since Justice Srikrishna comes from the judicial background and we are fresh with the 9 member Supreme Court bench decision that “Privacy is a Fundamental Right”, it would be reasonable to speculate that the proposed “Data Protection Act” will operationalize the “Informational Privacy” as discussed in the judgement.

After the judgement, there is already a discussion on whether mobile information is subject to Privacy and whether Police can seize mobiles etc. There is therefore an apprehension that if the law is not properly drafted, there would be serious hindrance on the capability of Police in particular to carry out investigations. Criminals and Suspects will quickly jump to Courts and bring stay and by the time Police are able to get the stay vacated, the electronic evidence might have been irrevocably erased.

The proposed act will note that “Privacy” is equivalent to “Right to Control personal Information in data form” and hence protection of Personal information is the objective of the Data Protection Act.

Will the Act therefore focus only on protecting “Data that contains the personal information”? or will it extend its scope to all types of data including those which constitute say Copyright, Domain Names, Patents?, Will it also extend to corporate information such as financial data, marketing data or HR data? Will it also extend to log records? telephone conversations? …are all matters that this act will perhaps try to address.

This means that the Act should define what is “Data that has to be protected”? and then proceed to classify them into “personal” and “sensitive personal”, “other” etc.

The Act needs to also define who owns “Data” and whether “Data” is a property? and how the Data can be used by who soever owns?

When Data gets aggregated, value gets added and there is always a question whether this value addition belongs to the data subject or the data processor or the data controller who actually instructs the data processor to process the data in a particular manner. Under the Copyright law, the data base administrator gets the copyright on the aggregation part and therefore it recognizes different property rights between the raw data supplier who is the data subject and the entity which adds value which is the data processor or any other entity that uses the raw data .

If Copyright law recognizes copyright on data base creator, then similar principle has to be used in the data protection law also recognizing that the nature of property changes from the data subject to the data processor.

Once we recognize that “Data” is a “Commodity” and different values can be ascribed to it in different stages of its life time, we need to recognize it as a property which can also be traded.

Recently a store in London was reported to be accepting “Personal Data” as payment in exchange for goods. 

The “Data Dollar Store” appears to value the data you present and allow you to trade them. In a way it is a “barter” system . From the initial reports, it appears they may accept some photographs etc as “Personal Data with value”.

Of course if you offer “Digital Money”, perhaps they may not refuse since this also is “Data”… but the concept is interesting particularly for people who can create valuable personal data instances.

Coming back to our discussion on Data Protection Act, there are some practical problems that the authors of the law will encounter. Since the Supreme Court has not really defined “Privacy” but went on a wild discussion on what one eats or where one travels etc is all “Privacy”, the Zomatos and Make My Trips will be dealing with “Privacy Sensitive Information”. If therefore Government makes any law that tells how such companies need to collect information and deal with it, such a law may be questioned as a violation of a Fundamental Right not being saved by the exceptions of national security etc.

We realize that if we take this extreme view, then there can be no e-commerce without some form of personal data being shared with the service provider. Currently, accepted privacy principle is that one can collect personal information as long as it is necessary to provide the service offered and a “Consent” is provided by the data subject in the form of a “Deemed Contract”. The only discussion is on the quality of disclosure and ethics of the collector in collecting only the minimal required information and using it only for the purpose it is required.

But can the Government make a law stating that “The Fundamental Right of Privacy can be infringed by any individual if he has taken a consent in the form of undigitally signed web/mobile based acceptance forming a deemed contract in which the data subject’s rights are agreed to be infringed”. Will it be a “Contract for a consideration that is legally untenable”?

If we take a stand that this is a globally accepted principle and there is nothing wrong in the data subject entering into a contract with another person saying that he can make use of the personal data and he is not pressing his fundamental right, then we are automatically accepting that “Data is a commodity that can be transferred for consideration”.

Will Justice Srikrishna committee be having sufficient courage to say that “Personal Data” is a “Property of the Data Subject” and he can sell it for a price which includes agreement to use the services offered by a service provider?. If they do, then Government will not have any problem with its Aadhaar per-se or mandatory linking of Aadhaar with PAN or mobile number etc.

But If they do, they may be standing against the spirit of the 9 member Supreme Court judgement.

If the Srikrishna committee hesitates and continues to carry over the uncertainty on the definition of Privacy from the Judgement to the committee’s findings, the problem gets transferred to the Meity in drafting the law.

The Government can simply define the law as a “Law to protect the Confidentiality, Integrity and Availability” of Information and make it more as Cyber Security law than anything else. It will of course create the office of the Data Commissioner. It  may also introduce licensing of data processing and other regulations and in the process may make the life of E Commerce entities such as the Zomatos and Make My Trips miserable.

In the end, the law will be an extension of ITA 2008 and will not add much to the domain of “Privacy Protection”.

In all probability, this is what is going to happen and we will continue to keep worrying about the definition of Privacy and  without understanding its nature try to protect it in data form.

Considering the futility of such an exercise, I would like the Government to accept that given the wide definition of “Privacy Right” as ascribed by the Supreme Court, it is not possible to make a law that protects the unknown and omnipresent. 

Instead, the Government may focus on how the Citizens can be compensated when a “Data Breach” occurs and go onto define “Data Breach” and its consequences.

The definition of “Data” can apply to any information in electronic form and “Breach” is defined as any action which is a violation of a contractual agreement.

If we take this approach we need not define what is “Data that is Personal Information”, “Data that is Sensitive personal information” and “Data that is neither a personal information or a sensitive personal information.”.

If the  Supreme Court can use a strategy to define the “Privacy Right” without defining “Privacy”, Government may be able to create a “Data Protection Law” without treading on the difficulty of defining “Data which is Personal information that forms part of the Privacy Rights”.

The existing law in ITA 2000/8 and the rules there under, are sufficient to carry on the market activities since it already provides a definition of personal Information as well as Sensitive personal information in addition to the larger set called “Data”.

The new law can state that any person can enter into a contract with his data as a commodity and bring the data protection requirements under the Indian Contract Act read along with ITA 2000/8.

The new law can also enable and empower any business that may be set up to buy, sell, process or exchange data under a contractual agreement with the data subject or a personal data custodian to whom the data subject has transferred his personal data.

This will define the “Data Trading” concept and provide clarity to companies in Data Analytics and Big Data activities. It will also prevent the IoT industry from being stumped with the new Privacy debate since any information collected by the IoT device is likely to be considered as “Personal Data”. Though IoT data is linked to the device ID, along with the purchase and installation information, it is linked to the personal data of the owner and his location and hence will become a part of the “Privacy Right”. The CCTV captures will also be legally protected if a person walks into a mall and is being photographed by the CCTV system in exchange of the benefit of walking through the premises.

Additionally innovative companies may set up business to de-identify a data set and create value there on before they are actually sold for a profit which they can share with the data subject at the time of re-identification.

Some company may also set up a “Regulated Anonymity” system where it will absorb the identity and provide a proxy ID to the user with which he can do all transactions on the internet. The business can even run an  “Identity Gateway” where the identity such as Aadhaar or PAN etc can be pseudonomized without adversely affecting any service or security requirements of the Government while at the same time protecting the critical identity data from unknown threats.

It is to be recognized however that these intermediaries are still vulnerable to an Equifax type of attack on their systems which could compromise the customer data if they donot implement appropriate security measures.

In such a eco-system, the so called “Data Protection Law” may change its objective from “Protecting Data” to “Protecting the Citizens from  the consequences of a Data Breach” where Data breach is defined as an unauthorized data access in contravention of the data sharing contract.

Such consequences will of course expand on what ITA 2008 now says as “Intermediary Responsibilities”, “Civil Liabilities” and “Cyber Crimes” but with a better implementation mechanism.

The new law can additionally define a system of “Leasing of Personal Data” different from “Selling of Personal Data” to meet temporary requirements. This would automatically incorporate a right some where nearing the “Right to Data Erasure” as referred to in GDPR since data leased cannot be used beyond the lease period. It will automatically terminate the rights of the data processor and shift the onus on him to get the contract renewed much better than the current “Opt-In” system.

The new law can also talk of “Fundamental Duties” of a citizen as a “Data Subject” and uphold his fundamental rights to decide how he can use his personal data including monetizing the personal data as if it is a property that belongs to him. If there after a challenge is mounted on the law in the Supreme Court and it  has to take objection to this law, they have to object to the provision that defines the fundamental duty and fundamental right of a citizen to deal with his own data property. Hence the law may be protected against a legal challenge.

In this context, it would be better to call this law not as “Data Protection Law of India” but as “Data Breach Protection Law of India”.

Naavi

The Equifax Data Breach in USA is considered one of the most severe data breach of all times. For records, it is said that the largest data breach in terms of records compromised was Yahoo data breach with 1 billion compromises and the next was MySpace data breach involving 360 million accounts. But the nature of data that has been compromised in Equifax incident makes it the most severe in terms of the consequences.

Equifax has admitted a breach to the extent of 143 million accounts of US citizens and there could be more in UK and Canada. It is therefore the third biggest in terms of data breach numbers and could climb higher.

Equifax is a credit rating company and holds records of not only its direct customers but also other members of the public who might have never directly interacted with and given consent for sharing any of their personal or sensitive personal information. The 143 million number may reflect its client base and actual data breach in terms of numbers could be far higher.

The type of information that Equifax held in respect of different persons could vary from personal information such as Name birth dates, addresses, Social Security Numbers, Driving license numbers etc. Being a credit monitoring company, Equifax collected vast amount of financial information from consumers without their knowledge. Associated information such as the Credit card data is also suspected to have been compromised in thousands of cases.

In the light of the information available in public we can look at what lessons we can draw in India from this data breach.

CIBIL is under similar Risk

The Indian equivalent of Equifax is “CIBIL” and similar agencies like Experian India, Credit mantri. According to Bankbazaar.com, equifax also operates in India. We should brace ourselves for a similar breach in India where the sensitive information with CIBIL may one day be breached.

In India credit rating agencies initially started with CRISIL and CARE which focussed on rating of Corporate securities and Fixed Deposits of NBFCs. CRISIL and CARE learnt their trade by experimenting their credit rating systems against the NBFC industry in India and can be historically held accountable for  one of the worst financial disasters in India with the failure of CRB capital Markets and subsequent developments that caused an upheaval in the NBFC market.

The undersigned was one of the early proponents of personal credit rating mechanism but at that time, only First Leasing Ltd headed by Mr Farouk Irani was speaking of Personal Credit rating. It is a tragedy that today Mr Farouk Irani is in deep trouble and under ED investigation but the fact that he was one of the early thought leaders in the field of Personal Credit Rating in India has to be acknowledged. The undersigned was however trying to convince the Shriram Group with a wide spread presence in the personal lending sector through their “Chit Funds” to enter the field of Personal Credit Rating but could not succeed. After nearly 15 years, we are now into the era of the foreign Credit rating agencies including Equifax.

There are a few of this new generation agencies which profess to make credit assessments through social media activities of individuals and in the process collect large volumes of personal data. CIBIL is a little more civilized since it directly collects data from the Banks and lenders under the RBI patronage and hence need not scan the social media for information. The accuracy of data with CIBIL is debatable but it is perhaps still a good reference point for most lenders.

Going by the history of how Indian Credit rating agencies have developed,  it is not unrealistic to expect that CIBIL data is today accessible through hundreds of service providers and not all of them will be as secure as they should be and hence the possibility of data breach from Indian credit rating agencies is very much possible. Just as Aadhaar data was easily accessible through many e-hospital portals, CIBIL data is accessible through many Apps and portals which can be compromised by hackers to extract sensitive data. Hence a repeat of Equifax incident in India with CIBIL can be expected. It will at least be a “Risk” that CIBIL needs to patch.

One of the mistakes that we are making in India is to create an integrated frame of data reference through Aadhaar and PAN as well as UPI and GST. These strategies have resulted in a single interface which if breached can expose a billion data sets. Had the data been distributed some on aadhaar number, some on PAN number and some on Bank account numbers etc, then breaches would have been contained in individual silos. Government in a bid to manage the information, has used a strategy to integrate all sensitive data using a single user ID such as Aadhaar instead of silently working behind the scenes to integrate the data bases in the back end.

This wrong strategy has created a higher risk and a greater incentive for hackers

Privacy Risk back in debate

The Equifax data breach has indicated that in such cases, the sensitive personal information gets leaked from agencies which were never given a consent to collect such information in the first place. In the context of the debate on “Privacy is a Fundamental Right” it is a moot point how CIBIL’s activities may be questioned in the coming days in India.

Inadequacy of Cyber Insurance

The Equifax incident also throws up the inadequacy of Cyber Insurance for such organizations since the cost of the breach such as providing notices to 143 million persons, providing free credit monitoring to persons who have lost credit card information and suffered consequences of identity theft with the compromise of social security numbers etc will run to a billion of dollars as against the US $ 100-150 million dollar insurance that the company now holds.

Insider Trading possibility

The share prices of the company has come down by 14% after the incident and one need not be surprised if the company folds up and goes bankrupt. It is interesting to note that some of the executives of the Company are reported to have sold large chunks of shares just before the breach which indicates a possible insider trading. This could also indicate internal dissensions that could have led to the breach though for records Equifax attributes the breach to some vulnerabilities in the “Open source Struts Software distributed by the non profit Apache Software Foundation”.

We all know that in all cases of data breach there is a gap between the recognition of data breach within the Company and its confirmation and disclosure. If the company is a listed company, during this period many persons within the company will have sensitive corporate information that has not been reported to the stock exchange and hence constitutes a breach of stock market obligations.

At the same time if the executives start trading on the stock markets, it will constitute insider trading.

It is therefore essential that under the Information Security policy, a listed company should mandate that no member of the internal team who is aware of the breach shall trade the shares in the market.

Equifax Response

It is also interesting to note how Equifax has responded to the incident through their website which is an indication to Indian Companies who often flounder when faced with major PR disasters.

Equifax.com now redirects to the personal section where a prominent mention has been made

on the incident and a redirection is provided to a new site equifaxsecurity2017.com

In this website full details of the developments are provided and this forms a public disclosure of the breach incident. It also provides for checking the potential impact against a social security number.

At this point of time we are not aware how Equifax is addressing the possible breach of persons who are outside USA. It is also now known if their data has also been breached.

The equifax breach affecting the social security numbers through a user organization is exactly what we in India have faced and will continue to face regarding the breach of Aadhaar data in India.

The reality is that when you allow data to be used by a number of users (Data really exists for this purpose and this cannot be avoided) and they can also store the data extracted from a central source, we cannot always ensure that the security cannot be breached at the user’s end where the data from the central source is stored. Most of the time The leaked data cannot be distinguished as to the source of the leak and hence the central data base has to face the public spat.

Since the media persons donot understand the intricacies of data usage, they always blame wrong persons for the breach and Police tend to follow the media trial. In the process citizens always get incomplete and inaccurate information of the incident and its impact.

Data Protection Act

The problem with the Aadhaar data base in India is that it is linked to the biometrics and hence once the data is leaked, the privacy value of the data is lost for ever. Even in the USA, with the leak of the social security numbers associated with the equifax set of data,  when used with other biometric data bases could mean permanent loss of Privacy for all the affected victims.

Under the present circumstances all around the world where “Privacy” is linked to “Personal Information” stored by millions of intermediaries and the possibility of large scale data breaches, it is futile to believe that “Right to Privacy as Right to control how the personal information in data form is to be used” really exists.

The Government of India is now trying to form a “Data Protection Act” and the Minister aims at meeting global standards of data protection in India through this Act. But if the global standards of data protection is indicated by what happened in Equifax, it is clear that we are chasing  a dream that cannot be fulfilled.

It is better that both the Government and the Supreme Court realizes that “Data Protection” is a good faith, best effort and the focus cannot be on “Data has to be protected in such a manner that it cannot be breached”.

On the other hand if we focus on “Data Trading” as a concept and declare “Data as a Property” which the individuals can trade, at least we will not be misleading the public that “Data Protection” and “Privacy Protection through Data Protection” can be implemented in India to the extent they believe it should be.

Once this concept of “Data Trading” is accepted in law, we may be able to legitimize “Data Pseudonomization” as a business proposition and the concept of “Regulated Anonymity” can actually be put in practice.

At present, the Srikrishna Panel on data protection is unlikely to be considering any such proposal and hence the Data Protection Act which will follow may miss an opportunity to pursue realistic data protection regime in India.

In our opinion, there is no practical use in simply repeating the words

“Privacy is a Fundamental Right and Personal Data Protection is a constitutional obligation of the Government” which should be translated into a Data Protection Law”

Instead of beating round the bush we must accept that Data cannot be protected for ever and we need to plan the data protection act with a declaration in the preamble that

“Data Protection is a journey in which the goal will never be reached and hence the law aims at providing only a framework for responsible data sharing with the consent of the data subjects and providing for legal remedies for breach”.

The law may therefore in effect not be a “Data Protection Act” but a “Data Breach Act” or “Data Breach Protection Act” whatever may the title assigned. It should incorporate all the lessons that Equifax teaches us along with other similar experiences.

Any other expectation is hypocrisy.

Naavi

Related Articles:

Reuters-Sept 8:

Indian Credit Rating Agencies

Equifax is in India

What Equifax says on September 8

As we wake up today to the news that two boys in Bangalore were detected to have been playing Blue whale challenge “game”, the threat seems to be spreading fast. Bangalore is reported to be the sixth city in the world to have searched most for Blue Whale on the Google.

Some have suggested that the increased media attention on Blue whale is actually making more people take up the game. However today’s incident indicates that friends in a school observed and reported to their teachers about the two boys suspected to have been playing the game and the matter then has been reported to the Police and further action has been taken.

This clearly indicates that “Awareness” has actually saved these two persons from proceeding further and vindicates the strategy of containing the damage suggested in the earlier article…. The Blue Whale Challenge.. Where is the Effective Action Point for Control? 

Can Courts find a solution?

Following the many reported incidents, there has been a tendency to file PIL in Courts and seeking a judicial remedy to the problem. Even the Central Government has swung into action issuing instructions to Google and Face Book to block access to Blue Whale Challenge game. A lot has been written about how parents, schools and Internet intermediaries need to do etc.

I have also previously discussed the nature of the threat in the article… The Psychology behind Blue Whale Challenge which Claims one life in India… which may also be referred to now.

We must understand that Blue Whale Challenge threat is not like a typical Cyber Security threat which can be addressed by traditional Information Security solutions such as “Firewalls” and “Anti Virus”.

This is a threat that arises out of “Internet/Mobile Addiction” in the first place and “Blind Faith in Virtual Content” in the second place.

Unless we address these two sub threats, we will not be able to make progress in mitigating the risk of Blue Whale. There is no doubt that all stake holders namely the Parents, School, the Intermediaries and the Government have a role in addressing this issue but it is necessary for all of us to appreciate the root causes before jumping into solutions.

De-addiction to Internet/Gaming/Mobile

The first task in mitigating the Bluewhale challenge is trying to address the “De-addiction” requirement of a subject from adverse effect of addiction to Internet or Gaming or Mobile. Gaming addiction is more dangerous than Internet addiction and Mobile Gaming addiction is even more dangerous.

Identification of “Addictive Behavioural Pattern” can be done by the parents since they have an opportunity to observe the children’s behaviour to some extent. However, we must also recognize that in  most homes today, children enjoy a high level of privacy and it is not possible for parents to always be aware of what their children are doing. In fact, many parents would be happy if children leave them free to watch TV serials and lock themselves up in their study rooms. Some parents are too busy with their official work including attending to calls at odd hours etc and cannot spare time to watch and interact with children.

We also understand that the case in Madurai as well as two cases in Bangalore are of children in the age group of 18 and 19 who are actually “Adults”. Our Supreme Court feels that “Privacy” is a fundamental right and therefore if any Parent tries to intrude into the Privacy of the Children’s mobile, then they need to face challenges from their children that their privacy is being intruded.

There are some technical solutions which are essentially spywares that the parents can install in the children’s mobiles and they would be tempted to do so. However, this is not recommended and is considered counter productive.

Blue Whale is a game which starts with a compromise of the device and the Curator takes full control of the mobile from the very beginning. Hence even if the child does not identify the spyware presence, the Curator would find out and may warn the child that the Parent is spying on them and also use it as a tool to prove that “Parents are not to be trusted”.

Even Courts are today confused as to how to deal with a complaint about any content in the mobile and whether its access would be a violation of Privacy.

I would like to state that since “Privacy” is still a right that can be over ridden for interests such as “Security” and also “A person who is psychologically under the control of the curator..or suspected to be so” can be considered as “Mentally not in control of himself”, Parents or Teachers who try to find out the contents of a mobile of the Child for checking on the Bluewhale threat cannot be said to be infringing on the Privacy.

Schools may display a notice to this effect in their premises, confiscate and check the mobiles of students if need be and if this is objected to and challenged in a Court we should fight until a 11 member Supreme Court bench clarifies the limitations of the right to privacy.

Legally speaking, if the mobile has been purchased by the parent and he/she hands over the mobile to the child with a specific indication that it is on lease to him/her and the parent retains the right to observe and monitor the use of the device including inspection of the content, no Court should be able to interfere on Privacy grounds even if the child is an “Adult”.

Despite this support of the parental rights to spy on the children’s mobile habits, I would like to make it clear that I do not recommend it from the point of view of maintaining the harmonious relationship between the parent and child.

Hence I consider that the Parents role would be only to identify the “Addiction Behaviour”. There are three important parameters for this which I have highlighted earlier namely

a) Immersive tendencies... forgetting the time when on mobile

b) Substitution tendencies... replacing physical activities with mobile activities

c) Irritable tendencies…. getting angry when brought out of the mobile world

If it is confirmed that the child addictive, expert help need to be sought for counselling for which the School is in a better position to administer.

At the Schools, apart from building awareness, there is a need to

a) Make an Internet Counsellor available for consultation

b) Initiate a whistle blowing program so that friends can identify the Bluewhale hooked children and report it to the management.

If Courts and Government wants to provide direction, they should focus on mandating the appointment of Internet Counsellors who are child psychology specialists with an understanding of Internet and game addiction problems.

“Internet De-addiction” and “Game-De-addiction” programs should be a focussed activity in Schools to mitigate the Bluewhale challenge risk.

Breaking the Blind Faith

The next mitigation effort is to break the blind faith that the addicted persons exhibits on anything which is on the Internet.

We often train small children going to school that “they should not trust strangers”.  This has been mostly successful and children are today conditions to distrust strangers.

Now we need to reinforce this instruction and make children understand that they should not trust strangers on the Internet who come as “Friends” in Face Book or Whats App or SnapChat.

I consider that this is the single most important thing we need to do in the wake of the Bluewhale havoc.

Unfortunately we all have contributed to the conditioning of the Children into thinking that “Google” or “Wikipedia” is the “Most Trusted information source” on anything on earth. Most times this is true.

But we are already aware that if a pop up appears stating “Your Computer is Infected”,  we now know that we should not trust this.

Also, if we get an e-mail “Your Mobile/E Mail has won 1 Million US dollar prize”, we know we need to ignore.

When we receive an e-mail from a Bank stating that “You need to update your security information” or a phone call stating “Your Credit Card needs to be replaced” or “Bonus is payable to you on your insurance Policy” or “Income tax refund is due to you…” , “I am in London and have lost my passport..please send me money urgently“, “I am a Nigerian Prince and want your help to stash away a few billion dollars”…etc…etc we know not to believe it.

Similarly, if some body comes on line and says “I am your friend”, we should let our Children suspect if this is a genuine “Friend” or a “criminal in the garb of a friend”.

We know how the 13 year old Megan Meir was cheated by a mother of a classmate who impersonated as a 16 year old ” Cute Boy” eventually leading to the suicide of the girl.

We also know how a software professional in Canada was fooled by a middle aged lady in Coimbatore into believing that he was chatting with a beautiful young girl ready to marry him but being kept under house confinement by her parents and extracted over Rs 3 lakh worth gifts from him.

We also know how a Gujarat Ambuja Cements Executive committed a fraud of over 2 crores making a person in Dubai believe that he is actually a “She” who had fallen in love with the victim,  committed suicide since he rejected her and Police are on the look out for him to be arrested…etc

Today it is our responsibility to teach our young children that Internet is full of such “Impersonation” and “Cheating through Impersonation” and  when some body appears on Facebook chat and says, you seem to be depressed, you can chat with me as a well wisher….we need to be on our guard.

We need to condition our young brains that when we interact on the Internet with strangers, we donot even know if he is a man or a woman, boy or girl, a pedophile or a scamster and hence we need to distrust him from the go.

Internet has so many good things and we the Parents and Schools are ourselves responsible for introducing the addictive tendencies in our children.

Very early in the life of a toddler, parents start showing Mobile and playing you tube videos of Nursery rhymes as the child keeps staring at the wonderful video that plays with colour and sound. A little later we enjoy our children playing games on the mobile trying to shoot down bad people or strike down an opponent with a Taekwando kick. Through out the growing period of the child in the pre-schooling days and later, the child is observing that his parents are always on the mobile …may be for official business… of for WhatsApp chatting… and looks at a Mobile as a “Toy of the Grown Up”.

When the child moves to the school, teachers say… Go to Internet and find out from Wikipedia…. Baiju advertisement says… learn through your mobile… Friends say if you want o know the meaning of a word, check with Google…and not dictionary… and so on.

With all these behavioural traits exhibited around us the child grows up picking up the addiction along with the blind faith on the contents on the way.

Just as a child who growing up seeing people all around him smoking, drinking and partying getting addicted to such habits, a child growing up in an environment where every body including his teachers look to Internet for guidance makes him believe that what is said on the virtual world is “Truth”. If “Siri” says traffic is heavy on a road and you need to take diversion, the child is conditioned to believe it. If somebody says he/she is actually Siri and chatting with him/her on the Facebook to relieve of his depression and parental neglect, it is natural that he will believe and go behind this “Virtual Fake Siri” like going behind the pied piper.

Thus “Mobile Addiction” and “Blind Faith in virtual content” is what we have taught our youngsters. The Curators of Blue Whale are now exploiting this “Conditioned Mind” and using “Cyber Hypnotism” to take control of the vulnerable kids.

Cyber Hypnotism

“Hypnotism” requires a “Communication” between the hypnotizer and the subject. In a physical world, we try to make the subject relax and listen intently to our suggestions until he falls into a trans, establishes a private communication network with the hypnotizer and starts taking suggestions directly into his sub-concious mind. The hypnotizer is also able to leave “Post hypnotic suggestions” which could change the attitude and behaviour of subjects even after they come out of trans.

Now look at the medium of Internet and the face book chat. The subject is all alone, staring at the computer screen ready to listen (through ear phones some times) intently and without disturbance to the voice coming from the other side or see the words and picures appearing on the screen. For a seasoned hypnotizer, this is an ideal condition under which he can get the subject into a trans at a snap of his fingers. The role of “Horror movies” used by Bluewhale curators is a way of softening up the subject so that he starts losing his self confidence and moves from a depressed state to depressed cum fearful state in which suggestions are accepted readily.

If there is any resistance, the hacker will use the information he has got on the subject which he has gathered by planting a trojan and through his research on face book status etc., to make the subject believe…. “I Know everything about you and your dear ones around you… I Can harm them if I want…just like what you have seen in horror movies…”.

If the subject is already depressed, the curator may reinforce the depressed feeling… you are right to be depressed…continue…be more depressed…until you feel that you donot deserve to live…

There is one belief under which all hypnotists work. It was that under hypnosis you cannot over ride certain basic attitudinal beliefs since the natural resistance mechanism will come to defend the individual. For example, you cannot make an ordinary person to commit a murder when he is a trans. The Blue Whale is challenging this basic principle since it is successful in driving the subject to even committing suicide.

We need to either give up this myth or find a new logic on the conditions under which a hypnotic subject may be made to work against his fundamental beliefs.

We may remember that the last act of “Suicide” for a subject who completely believes that he is a life not worth living, is actually a feeling of “Success”. He is perhaps made to believe that though I have failed all through my life, I am recording at least one successful act in life of jumping down this high building and taking away my life.

Possibly, the conventional “Anti hypnotic resistance” is over come because of this “Feeling of Success”.

Under psychological analysis, it is difficult not to appreciate the ingenuity of the Game and it is no wonder it was created by a psychology student. Just as Technologists are enamored by the Bitcoin and Block Chain, psychologists and hypnotic practitioners may get enamored by the game as it teaches them how to mesmerize and hypnotize through the Cyber Medium without the need to dangle a pendulum before a subject relaxing in an easy chair in a room with a dull read light.

We should not therefore fall into a false sense of security by the Government asking for non existent links to the games to be removed. If at all Google or Facebook has to be of help, they should be able to use “Artificial Intelligence” to  pre-identify vulnerable victims and monitor their chats. If successful they may be able to identify “Suggested hyper links in Chat conversations” and filter them against known darkweb addresses, horror movies etc.

If Courts want to be of help, they can first direct Schools to put in place an infrastructure for identifying potential victims and administering counselling.

Schools Calling the Police is not necessarily a nice thing as Police are not equipped to handle the psychological issues of children and in fact make children feel more afraid and guilty with a feeling of shame.

If Courts and the Government can persuade Facebook and Google to monitor Chats to identify potential victims, they can do so. But herein comes the catch… Are they going to be guilty of “Privacy Invasion”?

We need to ask the Nine honourable Judges who passed the dictum “Privacy is a Fundamental Right” to let us know if monitoring the chats of vulnerable children would be allowed?… by the Parents?…by the Teachers?….By the Police?…..By the Intermediaries?….By the Government?…

…..perhaps we need an 11 member Supreme Court bench to decide on this.

We can also look at some technical solutions at ISP level where ISPs may be allowed to run filters against specific devices..termed “Restricted Access” where Parents will be allowed to restrict access to Internet or Gaming on a selective basis in their children’s mobiles because they own the device and the internet subscription.

Here again, the Supreme Court may come down and say we are depriving some other fundamental right such as  “Freedom of Speech”, “Freedom to go anywhere on the cyber space”, “Freedom to browse through dark net”, “Freedom to play any game we want”, “Freedom to chose our entertainment source” etc….

The decisions in the case of both Section 66A and Privacy shows that we need our Judiciary to understand how good things like “Rights” have to be peppered with “Responsibilities” and “Duties”. It is not enough if Indian Judiciary is appreciated in foreign press as “Most Mature to uphold democratic principles”. It has to also understand that all Rights come with the need to manage the security of the environment. This applies as much to freedom of speech of Kashmiri Militants as the use of technology by psychopaths like the creators of Blue Whale.

Naavi

Related Articles:

Incident in Madurai ::Incident in Pondicherry

What Parents can do:: What schools can do :: What Facebook etc can do

What is Bluewhale?

P.S: Here is an interesting photograph where if you keep your eyes half closed, you see a smiling girl. If you open your eyes wide open, you see a devil like face. It depicts Blue whale game and other addictive games appropriately. Let’s look at Blue Whale challenge with our eyes wide open.

It is time to directly call the attention of our honourable Finance Minister Mr Arun Jaitely on what his department is upto as regards the Bitcoin issue…. Hence this open letter…

Dear Honourable Finance Minister Mr Arun Jaitely,

I have time and again brought to the attention of the Government through this website that legitimizing Bitcoin is a harakiri as far as our financial system is concerned.

Bitcoin is a currency of the criminals and currency of terrorists. It is completely anonymous and a haven for black money parking. Bitcoin is linked to many other similar crypto coins and funds in these cryptocoins is easily fungible. China is one of the biggest holders of Bitcoins.  

If Bitcoin is legitimized all Black money will be converted into Bitcoins, your Banking system will see an evaporation of the deposit base and the stone pelters of Kashmir and Naxalites will be able to use it for distribution of money within the country without your PAN Linked Aadhaar system breathing down their neck. China will be able to destabilize India by playing with the Bitcoin supply into India.

I donot think you require anything more to appreciate that Bitcoin is a poison which should be kept away from India.

The Finance Ministry’s committee which has collected public opinion on this matter is yet to publish its findings.

At this time, I am alarmed to observe the following two advertisements/news report reported from  Economic Times.

Dear Sir, these press note/advertisements indicate that some body in your department has already given a green signal to some US based firm and also a Bangalore based Bitcoin player that the Government will shortly announce legitimization of Bitcoins in India.

I have already pointed out that every member of the Ministry’s task force should have given a declaration before they sat in the committee that they did not have any holding of Bitcoins since I suspected that the Bitcoin vested interests would try to corrupt the members.

Unfortunately the Government did not listen to this advise and now if a decision in favour of Bitcoin is announced by the Committee, the fact that these advertisements indicate a selective leaking of the information to some business interests would be sufficient prima facie evidence to indicate that there must have been a compromise in your department.

Being the top member of the Modi Government and a prominent member of the demonetization drive, it will be ironic if under your leadership Bitcoin is regularized in India. This will completely annul the efforts of Mr Modi to remove black money in India and Mr Amit Shah will not be able to face the electorate with an honest face.

Even Mr Mohan Bhagavat of RSS would have to admit that India is surrendering to corrupt forces in the form of Bitcoins and soon other things such as Drug Trade, Arms Trade etc would also be leigitimized.

I would also be surprised if Supreme Court does not come down heavily on your Government much to the delight of your friends Mr Rahul Gandhi and Sitaram Yechury.

Do you want to allow this surrender to the opposition and abdication of your responsibilities as Finance Minister?

Most of the people around you are trying to fool you with an argument that “If Bitcoin Exchanges follow a KYC process and perhaps link Bitcoin trading to Aadhaar”, every thing will be fine. Some of the Bankers have also perhaps spoken to you and impressed upon you that “Block Chain Technology” is great and must be encouraged in the Banking system. Some would have even told you to impose a “GST at 28%” on Bitcoin trade so that Government would get more revenue and you can spend it on increasing the salaries and perks of all the MPs and splurge.

I consider you to be an intelligent person and hope you would not fall for such false propaganda. Nor do I consider you to be influenced by the vested interests in any other manner.

But at this point of time, I am not convinced that you are appreciating the enormity of the mistake you are committing which will eventually cost BJP your 2019 elections.

If by any chance you want to make use of this Block Chain technology and Crypto Currency, I have other ideas which you can explore namely,

a) RBI to introduce a Crypto Rupee using the same technology but having 100% identification of the Bitcoin holder from mining to its transactions including splitting.

b) BJP may introduce a “Party Crypto Currency” to fund its election expenses which is not convertible to any legacy currency but can be used in exchange of services only by BJP party members. ( More about this can be discussed outside the blog since Congress and Mamata Bannerjee may be eager to try out this suggestion if they spot the potential).

Any further delay in not announcing an immediate ban on Bitcoins and all other Crypto Coins would be deemed as a tacit support to the Bitcoin lobby and a perception that BJP has been corrupted with Bitcoins.

I look forward to your immediate action to prove that BJP has not given up its fight on Black Money and that your department has not been bought out by the Bitcoin lobby.

I am sure that some body will soon file a PIL in Supreme Court if the Government continues to “Remain in Observation Mode” as to what to do with Bitcoins and BJP will be losing face.

I am aware that you may not like what has been written here. But the objective is to make you realize what a monumental blunder you are likely to make and I as an ardent supporter of your party and Mr Modi would consider it a tragedy if you donot come down heavily on Bitcoin without further delay.

Regards

Naavi

P.S: I appeal to the Readers to send a copy of this letter to their known contacts in the Government so that it reaches the ears of people like Mr Jaitely, Mr Modi, Mr Amit Shah and Mr Mohan Bhagavat and others.

If it is also distributed to the media, we will know how honest are the Republic and Times Now when it comes to fighting commercial interests of Bitcoin players.

On the occasion of the “Teacher’s Day” today, it is appropriate to spare a few thoughts on the role of “Teaching” in the Digital Era.

“Teaching” essentially involves “Knowledge Transfer” and it may happen either within the four walls of what we call a “School” or “College” or through any other interaction. Today, web is naturally one of the greatest “Knowledge Transfer Medium” with “Google” as one of the prominent tools of knowledge transfer.

In order to retain its status as a respected teacher, being  the “Most Accessed Search Engine”, Google needs to ensure that it’s revenue objectives donot cloud its performance.

Advertising as a Diversion

One of the areas where Google’s weakness comes through is in it’s “Advertising policies on the Search results”. The top of the search page ads  confuse the public with advertisements misleading the search engine users.

For example, if I do a “Full Site Search” from the Google tool on Naavi.org with the key word “OPPO”, the top results are all advertisements from OPPO where as my specific article on “Oppo taking over Police Stations in India” does not come up, though it does come up in the other search engine I use on the website.

“Google Site Search” therefore misleads visitors to the site with wrong results and fails as an honest “Teacher”.

I have in the past even pointed out many ads from Google Ad server which are linked to Pornographic websites (Mostly on the mobile) showing again a failure to filter such ads. “Poisoned Search Results” were once a very prominent means of injecting viruses though it has been controlled significantly at present.

Though the Search Engine is making its efforts to improve its performance and perhaps is still the best search engine by a large margin, just as a “Teacher” never stops learning and improving, Google should continue to improve it’s performance by not letting its revenue objectives cloud its performance.

Having worked in the Advertising industry myself, I am not against Google generating revenue out of advertisements but there is a difference between presenting advertisements in the side columns or even on the top with a distinctive format rather than making it look like an “Advertorial”.

I hope this “Ethics” of advertising is not forgotten by Google in the days to come…. so that we can salute Google as one of the best Teachers of the Netizens on the Teacher’s day.

Naavi.org as a Teacher

While reflecting on the activities of naavi.org, it seems that Naavi.org has been critical of many organizations both in the private sector and the public sector on specific occasions. In all such occasions, it is essential for visitors to remember that we may be trying to make a particular point though some times we may not be efficient in putting things across diplomatically. Some times the titles could be deliberately made provocative, taking the liberty of journalistic freedom. I hope those who feel hurt will look at things in the right perspective and excuse me if I have made any mistake.

One of the principles I have tried to maintain in such cases is to provide an opportunity to the organization criticized to use the same platform to post a counter. In fact way back in December 2001, this principle was espoused as a recommended strategy to counter rogue sites such as dalitstan.org. The principle also applies to other sites including naavi.org.

This suggestion may go counter to “Right to Erase” but needs to be examined by others in greater detail when we see complaints about mouthshut.com or glassdoor.com.

Similarly Naavi.org has been advocating “Regulated Anonymity” as a solution to resolving the fight between Privacy and Security which is counter to the principle of “Anonymity” which is so dear to many.

Naavi.org as a teacher therefore has several contrarian views to express and has always invited visitors to respond even with counter views if any. Though in many cases, we have invited responses from different Government agencies (a search with the key word “respond” indicates the innumerable such occasions), most of the Government agencies prefer to remain silent in the wake of criticisms. Private Sector either remains silent or some times shoots out a notice but very few take criticisms positively.

Just as old teachers some time say… “I scolded you when you were a student and see what a good citizen you have now become?”… perhaps in times to come some of the organizations which we have criticized may acknowledge that the criticisms were well meant. It could be in the case of Bitcoins or Cyber Insurance or Bank frauds or Police mistakes or even mistakes by Judiciary. May be the content of this site will be available for back reference to check if this reflection becomes true.

Such acknowledgements will bring true satisfaction to any teacher and also to Naavi.org and would be the compensation for all the efforts we are making today.

Regards to Dr S. Radhakrishnan for having enabled us to reflect on our “Teaching activities of the year…

Naavi

In continuation of our earlier discussions I am posting here some photographs :

As we can observe, all Police stations in Ramanagara sport the OPPO brand so prominently that it appears that the Police Station belongs to OPPO. In the case of the Women’s Police Station, even the word “Ramanagara” is absent.

We can also observe that in the case of the Town police station, there is also an earlier Airtel sponsored board which at least relatively shows more prominence to the Police Station.

There is no doubt that any marketing manager would be happy to have their brand displayed so prominently across different police stations which create a hugely positive impression in the minds of people who also see OPPO brand name across many of the mobile shops in Ramanagara. Even simple hoardings in prominent places in Ramanagara should cost lakhs of rupees per year on the high way at least. Association with Police is completely misleading as if OPPO belongs to Government.

This is plain cheating and not marketing.

Obviously the decision has been taken by some body who either does not understand marketing or has been suitably impressed by the marketing manager of OPPO.

When people are fighting against Chinese military aggression and dumping of its products, this OPPO invasion is unacceptable.

I wish suitable action is taken to remove all sponsor names in the Police Station name boards including Airtel boards which are also found in Bangalore.

I urge the High Court of Karnataka to suo moto take up the issue and take action or some PIL advocate take up the cause.

Naavi