Naavi.org

I recall my brief report of the Smart City Council’s program in Bangalore on 28th of July. The central theme of the program was “Surveillance”. However the focus was more on the technology implications rather than ethical or legal issues.

While discussing the issues of “Surveillance” through CCTV cameras the phenomenal increase in the need for storage capacities as well as the band width issues in moving the images collected from the CCTV cameras to the central processing station on a real time basis so as to be of use in real time decision making was also briefly discussed.

 At the same time, the futility of having a low resolution image which later turns out to be of no use in recognizing the persons whose images are captured particularly when the person has committed some crime was also highlighted. This is a problem which Police normally experience. (Other than in the cases where the Police report that the CCTV cameras intelligently stopped functioning exactly when the crime was about to be committed!).

The Smart City Council’s program stopped at creating a case for buying more high resolution cameras and enhancing bandwidth infrastructure and data storage facilities which are all good for the commercial development of the “Surveillance industry”. However, there was no attempt to discuss the possible use of “Appropriate Technology” that can improve the efficiency of the image collection system along with reducing the burden on the data transmission and storage infrastructure. Since there was no representation of a Citizen centric panel member in the discussion, this point did not come up for discussion.

I hope Smart City Council incorporates this discussion in their subsequent so called “Round Tables”, one of which is scheduled in Mumbai for August 4th.

In the meantime, I would like to discuss two specific use cases and solutions that need further discussion in the appropriate decision making fora.

They are

1. Use of Image enhancement Technologies to upgrade image quality
2. Use of smart strategies to get proper images useful for prevention of crimes in the ATM security scenario

This is not meant to be a technology paper and hence it may leave certain technical details uncovered.

Image Enhancement

The idea of using image enhancement technologies is to manage with a low resolution image at the time of capturing and transmission back into the control room but enhance its quality when required with the use of Video image enhancement software running on the back end systems.

The attempt is to use Video enhancement on real time basis so that where necessary quick decisons can be arrived at.

This may be even treated as a “Video Forensic” strategy to create a better video from which vehicle number plates are easily identified, face recognition is reliably achieved so that instructions can be transmitted to operational police or medical or other disaster management units to either rush to the trouble spots or try to intercept a criminal trying to get away.

Image enhancement technologies work on two levels. One is “Optical level” and the other is “Geometric level”.

In “Optical level Super Resolution Imaging Technique”, the limitations of the optical device arising due to the “Diffraction Properties” of light are sought to be corrected for getting an output which is more useful.

In the “Geometric Super Resolution Imaging Technique”, the pixalations are corrected by removing noise so that more details of the picture could get revealed.

Here is an example of a real time video enhancement that can be achieved through software which may use the combination of both the above techniques and apply it on multiple video frames to generate a more intelligible video than what the camera first generates.

The above is just an example of what can be done back in the Police Control room to make surveillance through CCTV cameras more effective when we are constrained to use low resolution cameras because the budgets donot permit. It will also not require huge enhancement of storage and data transmission capabilities.

Those interested can research more on the possibilities. If we can direct some of our research capabilities in IISc type of organizations, we can perhaps develop some of these software indigenously so that the cost of Smart City surveillance comes down significantly.

Smart ATM Security

The image enhancement techniques will work when the problem is really of the quality of image received. It cannot however address the other situations where the CCTV owner does not bother to check if the installed cameras are working or not.

Let’s leave out deliberate deletion of CCTV footage which I have already discussed in earlier articles as a Section 65 Offence and look at an instance where we can force the use of a device only if the CCTV footage is working.

I have proposed this strategy for the ATM security system where

a) Entry to the ATM is through a biometric lock which captures the finger print.

We May or may not  authenticate the person  in real time with the customer data base but store the data for some time for use when required.

b) Face recognition camera is fixed directly to the ATM so that any body who does not expose his face will not be able to carry out the transaction.

For this purpose, the ATM is operated with a lock which gets opened only when the face recognition camera transmits a proper image back to the server and a “Go Ahead” signal comes from the Bank’s server.

The above strategy (IPR with Naavi) is simple and inexpensive but no Bank has introduced it so far because they are either not “Smart” or because they donot want to spend that “Extra Rupee” for security.

When we are prepared to develop the so called “Smart Cities”, such simple “Smart Solutions” need to be tried out as a part of our “Smart City Policing” requirement.

At present I am not sure if Police are part of the initial planning of any Smart City. Most such projects are driven by the vendors and the politicians who look at how fat is the project cost. If the cost is lower, politician is often not interested. ( I can vouch for this from my personal experience in the past). Police are brought in only at a much later stage when the technical infrastructure is already firmed up and there is no scope for structural changes.

I wish a demand is made by the Police that they be made part of any planning to introduce high end technology into our Governance system because they are the people who have to carry the baton when things go wrong.

At the same time, in order to avoid some bad elements in the Police who are subservient to the political masters corrupting the system, there needs to be some checks and balances including taking the CCTV footage archive out of control of the operational people so that it cannot be manipulated on a selective basis.

These are matters of detailing which can be handled in Smart City Policing strategies when required.

In summary, I would like to state that Smart solutions using appropriate technologies are essential to ensure that available technologies are used efficiently while we do also strive to increase the technology boundaries itself with better cameras, more storage space etc.

I urge IISc to dedicate some research in this direction if they have not already done.

Naavi

For some time now I have been trying to reach out to Net4India for some of my services and I am finding that the Company seems to have gone silent on customer interactions.

I have observed technical glitches because of which repeated demands are being raised for renewal of domain names even after they have been renewed leading to double payments which we never know will be reversed.

It is possible that this is not a technical glitch but actually an attempt to defraud the customers.

If any domain name expires without being renewed because of the inefficiency or attempt to extract double payments on renewal, then Net4India will be liable for compensation arising out of loss of domain name and consequent denial of access.

As a Company responsible for such denial of access Net4India will be liable under Section 43 and 66 of ITA 2000/8 and its Directors and executives will be liable under Section 85.

I have personally tried to reach out to the Director and Senior officials of the Company but no one seems to respond. The Help desk number is not picked up the customer relations officer is not responding to e-mails.

Last but most significant is that the e-mail legal@net4.com remains unresponsive.

When the legal department does not respond to a charge of possible fraud, it means some thing is seriously wrong with the company.

Net4 India has a huge stake in customer records and thousands of Indian websites run on their domain name/E_mail services or hosted in their servers. Many of the Government websites are running on the server certificates issued by Net4india and probably even hosted on its servers.

Under such circumstances, if Net4India as a company goes down, there will be a serious Cyber Issue in the country.

I am placing this national Cyber Security concern in the public space so that if any person in Delhi has any personal contact with Net4India, they can try to get confirmation on my apprehension that the Company may be in the process of winding up its operations either in full or partly.

I also request TRAI and CERT-IN to look into the reasons why Net4India remains unresponsive and if the public interest is threatened.

Naavi

In the past we have highlighted the three dimensional approach to Information security which combines Technical, Legal and Behavioural science as the dimensions of Information Security.

Uni-Dimensional Approach

Information Security has often been approached as a “Uni-Dimensional” concept based on “Technology”. Under this concept, Information Security is often defined as “Preserving the Confidentiality, Integrity and Availability” of information. This is often referred to as the CIA principle.

Of late the Information Security community has extended this three component based technology approach to the fourth component of  “Authentication”.

This “Uni Dimensional” approach works on the end objective of “Protecting Data” and “Restoring it in the event of a loss”.

The approach therefore depends on the DRP-BCP principle where there is a good (if possible concurrent) back up of data which can be restored “Fully” within a short time. The Backing up process and the Recovery from Back up also needs to be “Verified” with hash check.

In these days when “Trojans” are programmed to activate themselves on pre-determined time and day, it is also necessary for the restoration from back up to be done as a “Clean Back up” ensuring that no dormant malware is present in the back up copy and using a clone copy for restoration if required.

This Full, Verified and Clean back up process can solve the problem of data loss and if the BCP process is set to low RPO and RTO (Recovery point objective and Recovery Time Objective), the Uni dimensional information security approach of “Protecting the Data” can be reasonably satisfied.

The implementation of the Uni Dimensional technology based approach is through the Firewalls and IDS systems as well as the Access Control and Encryption kind of technology applications. Hashing and Digital Signature technologies are used to ensure integrity and authentication.

The ISO27001 and PCI DSS type of information security audits are normally considered as the final word on information security in this Uni-Dimensional approach.

Dual Dimensional Approach

The Uni-Dimensional approach essentially tries to protect the “Data” from being lost through unauthorized access or through other technical issues including malware attacks such as the ransomware.

However when the unauthorized access results in ex-filtration of data or compromise of confidentiality, mere restoration of lost data may not provide a relief to the information owner. When data held in trust by a company is compromised, then there is an issue of third party liabilities arising out of privacy protection laws or contractual obligations.

There could be also vicarious liabilities arising on the information owner due to the legal provisions such as under Section 79 or 85 of ITA 2000/8.  Essence of such legal provisions is that if an organization that collects information from the public suffers a data breach through external attacks or insider threats, if it cannot prove that it has observed “Due Diligence” and/or “Reasonable Security Practice”, the liabilities will crystallize on the organization and its executives.

Such liabilities (Section 43 read with Section 66, Section 43A, Section 72A, Section 65 and Section 67C) could result in bot civil liabilities and criminal liabilities.

Hence a DRP-BCP which results in restoration of data and continuity of business systems does not protect the information owner from either being liable to pay damages or even go to jail.

The Second dimension of information security therefore is the “Techno Legal Approach” which tries to protect the information owner from liabilities arising out of data breach incidents. Such protection arises from the organization being “ITA 2008 compliant” and also documenting its compliance process to be produced as its defense when the requirement arises.

Being able to protect one self from liabilities is the “Defensive Legal Remedy” (DLR) that companies may seek from its compliance activities under the Techno Legal Information Security approach.

Apart from being able to defend the company from liabilities, being compliant with cyber laws ensures that the company may be able to use the same law to recover damages from others (eg sub contractors and ultimate offenders who committed the crime) through invoking a litigation process. This is an “Offensive Legal Remedy” (OLR) that becomes available to the company which has suffered a data breach.

It is clear that no company can claim to be legally compliant under “Due Diligence” or “Reasonable Security Practice” if it has not implemented the technical security measures including obtaining certification of ISO 27001 or its equivalent.

However the technical security measures are considered “necessary but not sufficient” to provide the liability protection for the information security owner.

Thus the Dual Dimensional approach extends its scope from protecting the information along with the information security owner.

The Preservation of Confidentiality, Integrity and Availability of information still prevails along with Authentication which should be legally sustainable and “Non Repudiable”.

Undersigned believes that the management approach to information security could be prioritized based on the following hierarchial prioritization of the different components of Techno Legal Information Security.

The Third Dimension

Whether the approach is Uni-Dimensional or Dual Dimensional, the implementation always requires the support and complete willingness of the people. The technical aspects such as access control often fail because the users tend to be ignorant and negligent. Policies and procedures prescribed for legal compliance which may include sanctions also fail through ignorance and unwillingness to adhere to rules and regulations.

Information Security professionals do recognize the role of “People” in information security and try to address the “Social Engineering” attacks through appropriate awareness building exercises within their employee fold.

However, problem with “People” is that same persons behave differently at different points of time and different persons behave differently for the same stimuli. It is for this reason that the undersigned considers “Behavioural Aspects of people” as the third dimension of information Security and not merely the “people”.

“Ignorance” can be reduced by “Awareness” building which is through training of various types that are part of the information security practices.

However, Awareness Building is another “necessary but not sufficient” factor in information security implementation. Awareness needs to be converted into “Acceptance” and there after into “Commitment” if the information security controls are diligently to be followed by the people who are responsible for the implementation of information security.

Since law attributes the automated actions of a system to the “Person who caused the system to behave in the particular manner”, the software creator or the owner of the system who takes over the software/system along with its default configurations become the human elements who are responsible for the actions of the automated systems. But the software developers may not foresee the vulnerabilities nor feel the effect of the vulnerabilities since they successfully pass on the liabilities to the user. Law hurts the user of a software and the intermediary who provides the platform for the software. It does not touch the software developer who developed and released a defective software with vulnerabilities. Though the software developer may later identify the bugs and send “Patches”, the liability on “Zero Day Liabilities” still remains with the software user which is an unfair burden to some body who has paid for the software.

Some software developers have the ethical attitude to at least run “Bug Bounty” programs which acknowledges the limitations of the testing process before release of the software but tries to provide some cover to the crowd sourcing of testing process. But since Bug Bounty programs are not mandatory, most software developers release untested defective software and start counting cash before the product is patched for basic defects.

“Security By Design” and “Secure Coding Practice”  is known to most software professionals but they still ignore. This is a serious issue that the software industry has not been able to tackle effectively.

This attitude to ignore security issues is more a result of the “Attitude” of the software professionals rather than a function of “Ignorance”.  There are issues arising out of “Technology Intoxication” and some times a deviant mindset such as the “Cyber Offendo Mania” (an Obsessive compulsion to commit an offence).

In the Cyber Crime scenario, attitude of users to “Blindly Trust” the software and an urge to “Be the first to test a new introduction” often makes people invite compromise of identity and opening up doors of opportunity for attacks.

The attackers are also emboldened through the “Anonymity” and “Asymmetric advantage” that the he may use for planning and executing the attacks while the security professionals are constrained by the uncertainty and unpredictability of the nature or source of the next attack.

The attackers are also persons who are “Technologically intoxicated” and hence are prone to irrational decisions besides calculated motivated attacks.

The behavioural aspects of unknown attackers is not amendable to be mended except by creating a “Deterrence” through well publicized exploits of police in busting criminal rackets. However we can try to mitigate the risks of insider attacks by trying to modify the behavioural traits of people who work for an organization.

For this purpose, we need to be able to identify “Deviant Minds” and put in place strategies to mitigate the risks through counselling, advanced training etc.

Addressing the “Mitigation of Information Security Risks arising out of Behavioural Traits of employees” is a subject which is far removed from the skill sets that an information security professional is normally endowed with. Management/HR professionals may posses such skills but technical experts have skills which may be diametrically opposite to the requirements of observing and reacting to psychological infirmities of the subordinates.

This area is still in a developing stage and Psychological and Sociological experts need to research in the area of Information security challenges arising out of behavioral traits of people.

Naavi tries to incorporate principles of Behavioural Science solutions such as ego-gram mapping and script mapping of Eric Berne and identifies the requirements as part of his “Pentagon Theory of Information Security Motivation”. Under this theory, it is considered that Information Security motivation is bound by Five parameters namely Awareness,Acceptance,Availability, Mandate and Inspiration arranged as the boundary walls forming a pentagon rather than the hierarchial pyramid model of motivation used by Dr Maslow in his theory of motivation.

There are several issues of this theory which needs further examination by Techno Legal Behavioural Science Experts who are the Information Security professionals of the coming era.

The Plus One Dimension

Naavi has been discussing the three dimensional approach to Information Assurance for several years now and hence it is not new. The information security professionals in general have already moved from the Uni-dimensional approach to the dual dimensional approach. The hurdle to absorb and assimilate the third dimension will take some more time and will require managerial acumen to be imbibed by the CISOs. It will take its time and we need to wait for this maturity to be reached.

In the meantime it has become necessary to point out to another dimension which is relevant for the current scenario.

While the earlier approach covers protection of data and the protection of the data owner, there is also a need to consider whether it is the responsibility of the information security community to grow out from being selfish and always looking inwards to being more responsible to the community they serve by being a little more outward looking.

In this approach, it is necessary for the Information Security to consider if there is any risk for the eco-system caused by the information security failure and whether some thing can be done to protect the eco-system.

One example that comes to the mind is the discussions we are now having on “Bitcoin”. There are many information security professionals who endorse Bitcoin because they like the “Block Chain technology”. Some are even thinking as if Block Chain technology is a “Information Security Tool” since it can be used to “Build trust from out of an Untrusted resource”.

However, if Bitcoin is an “Anonymous” and “Unregulated” currency that can replace the legal tender of a country, the impact that it may leave on inflation, Black money creation, Terrorist funding etc needs to be taken into account. If these negative concerns outweigh the positive aspects of the technology, we should be prepared to reject the innovation. This is like the “Risk Absorption Capacity” of the society that needs to be kept in mind at the time of chosing risk mitigation strategies. If a certain risk is beyond the risk appetite of an organziation, such risk needs to be eliminated by avoiding the risk rather than trying to mitigate it through other measures.

The rush to implement Aadhar Based Payment Systems could be another innovation that we need to check under this Plus-one dimension. “Regulated Anonymity” vs “Absolute Privacy Protection as a Fundamental Right” could be another example that we need to check under this concept.

This concern for society and incorporating the “Social Cost Benefit” to our equation of information risk management is the “Plus One” dimension that I would advocate for the industry of information security professionals to consider.

Even the Cyber Insurance professionals should consider this as a necessity since the aggregated risks arising out of such damage to the society makes re-insurance more expensive.

This Plus-One dimension opens up a discussion on Technology innovators who tend to introduce  “Irresponsible Innovation” that can cause “Disruption” which may actually lead to destruction of the society.  Some of the Cybertariat issues that I have discussed earlier actually stem from the fact that technology innovators often blinded by their “Technology Intoxication” ignore the debilitating effect of what they do on the society of which they are also a part. This is the “Bhasmasura Syndrome”(Call it Frankenstien Monster if you like) which I espoused in an earlier article.

We as a community of Cybertariats including the software developers, information security professionals, management professionals, Cyber law professionals, Psychology/Sociology professionals etc should all start debating on the need to recognize and factor in “Social Cost” to technological innovations so that progress does not come at the cost of the society.

Naavi

IEEE had organized a one day symposium at IISC, Bangalore on 29th July 2017 to discuss various issues that confront Netizens (Cybertariat). During this symposium, issues such as Cyber Crimes and Information Security was discussed.

There was also a focus on “Ethics for Cybertariats” as a concern for the society. Dr Gopal of Anna University, Chennai and Dr Srinivas of ECE department IISc, Bangalore took the lead in organizing the symposium. Mr Pavan Duggal, and the undersigned were among the speakers who shared their experience to the audience drawn mostly from academic circles.

I am separately sharing the brief of the presentation made in this symposium. In the meantime however, I would like to share an article that I had contributed to one of the publications of International Review of Information Ethics (IRIE). 

This article has become more relevant today after Mr Donald Trump took over as President of United States.

LAG Neutrality Challenges and Solutions

The growth of Cybertariats as a new class of workers who represent an integration of the Cyber Society work with existence in Physical space has opened up new challenges in the management of the work force.

The key concerns or issues are those which  arise in the world of Cybertariats  because of the  “LAG neutrality” namely the “Location Neutrality”, “Age Neutrality” and “Gender Neutrality” of a Cybertariat worker.

Impact of Location Neutrality

The first and foremost issue regarding the rise of Cybertariat workforce is the impact on the local employment and the issues arising therefrom.

The Cybertariat workforce is location independent since they can work from anywhere and anytime and still are virtually present in the workplace. The industry loves them because they can hire them by shopping economically  across the globe and also fire them without as much of an impact as it creates when they fire the  physical workforce. The industry can keep only the “Work Goal” as the criteria for maintaining the Cybertariat work force and free themselves from other distracting aspects of human management.

The Cyberetariat workforce essentially works on a Virtual identity. In  many instances the real identity may not matter at all. Most commercial workforce which are distant from the national security domains donot need either an identified work force nor a permanent workforce. They can be hired and fired like a “Job Worker”.

What makes an economic sense for the businessmen to hire Cybertariat workers instead of the physical workers, creates a serious ethical issue of whether industries can be oblivious of the social impact of local job losses to technology workers from another place.

The frequent references of Obama and now Donald Trump to Bengaluru IT industry as a threat to US economy stems from the fact that, for a Chicago company, the remote Bengaluru worker may be more efficient and more economical than a comparable worker sitting in Chicago. While this does affect the employment potential in the physical space of Chicago, the profitability and global competitiveness of the US Company which opts to use a Cybertariat Bengalurian instead of the US based Chicago resident, improves.

Whether the trade-off of possible local un-employment with more profit generation for the company/country is beneficial or not is an economic decision. However, this also raises the ethical issue of whether it is the responsibility of the industry to share its prosperity with the local community by providing a stable employment scenario to the community so that the community lives in harmony.

In the recent days, concerns to the Cybertariat hiring are arising because of the “Security Issues”. Any cyber work involves handling of data which is personal and some times also sensitive. The security of such data is therefore a concern for “Privacy” as a part of the democratic tradition and also as a means of preventing Cyber Crimes.

A standing example of how “Privacy” and “Security” concerns affect the Cybertariat workforce is evident in the fact that after the increasing number of data theft reports from USA, the flourishing “Home Based Medical Transcription Industry” in India seems to be withering away.

A workable solution towards balancing better economic sense with softening of the local sentiments is to be worked through a “Corporate Social Program” which makes it obligatory for the Cybertariat employer to contribute to the development of alternate employment opportunities for the local workforce.

If for example, the cities of Bengaluru and Chicago enter into a Cybertariat Workforce Treaty, they can ensure that Obama need not introduce a “Bengaluru Tax” nor Trump needs to put an embargo on “Export of Data” to Bengaluru but negotiate a reverse flow of benefits from Bengaluru to Chicago either in the form of cyber related work at a different level or even through import of say manufactured goods from Chicago to Bengaluru.

Age Neutrality Impact

As compared to the Location Neutrality, the Age Neutrality raises an issue of whether “Earning Potential” of an individual needs to be “Retired” after a person attains a particular age. In a society where “Old Age Security” is important with raising life span and decreasing family support at old age, it is some times cruel to retire an otherwise able and efficient worker just because his age certificate indicates that he has crossed a certain age.

Cybertariat workforce are free from this obligation of “Retirement” both because they work on short term assignments as well as with a focus on work output rather than other considerations.

The Cybertariat employers however have not yet fully exploited the potential of “Age Neutrality” of workforce as we still see them going with the normal recruitment norms applicable for the physical world. They therefore look at providing “Work From Home” option to persons who love to drive to their office rather than being confined to within their homes in front of their parents. On the otherhand, a middle aged person who loves to work from home and also attend to some obligations associated with staying at home would love the work from home concept more than driving down to work. Work from home for such middle aged and seniors would be a blessing and they would provide better output per unit of investment to the hirer.

Again this age neutrality could raise an ethical issue of the obligation of industry to support the younger generation who is looking for a “Primary Source of Income” for earning a livelyhood rather than providing additional revenue as a supplementary income to a middle aged or senior worker who already have enough savings for his basic necessities .

Balancing the requirements of the young society with the senior society is therefore an obligation that the Cybertariat industry needs to manage.

Again, the solution lies in generating specific alternate avenues of employment which the younger generation consider it an enjoyable occupation in replacement of the not so enjoyable nine to five office job  which can be split into two or three slots and filled up by multiple senior persons working from home.

Gender Neutrality Impact

The third key aspect of Cybertariat workforce is the fact that the concept of “Good Looking”, “Male or Female” has no relevance to the work.

In certain types of work, “Voice” could be a factor of employment but with some voice changing software available in the market, real time voice changing could be a technically and commercially feasible option to be used by Cybertariat workers to completely negate the advantages or disadvantages of the gender of a Cybertariat worker even when the work involves a voice interaction.

In countries like India, we are still struggling with concepts such as “Gender based Reservation” and “Gender Based Discrimination” in workforce policies. Rise of Cybertariat workforce kills the concept of such gender based discrimination and brings in an equality between the male and female workforce. It eases the obligations of the employer such as extending leave to employees beyond certain limits only on gender based considerations and generally helps in improving the productivity of the entire workforce.

Again the advantage that the Gender Neutrality provides to the Cybertariat employer also provides a challenge to the ethical obligations that the society may like to pursue in providing employment based on the gender of the employee.

While the gender neutrality may reduce the preference that the society now provides to women in the form of easy working hours and longer maternity leave etc., Cybertariat workers simply donot care about working hours and maternity leave since they can work as long as their health permits and be beneficial to both themselves and the employer.

In summary we may observe that there are several ethical issues that arise out of the rise of Cybertariat work force. But these provide several economic benefits to the employer and the disadvantages are often a reflection of our expectations created because of our experience with the workspace in the physical world. As we get used to the Cybertariat work space, we can certainly find a balance between the economic advantages and ethical challenges and perhaps achieve a better harmony and benefit to the society on the whole. Managing the transition without being bogged down by the old principles of what is an ideal work space is however a necessity to harness the benefits of Cybertariat work culture.

Naavi

Smart City Council India, conducted an event in Bangalore on 28th July 2017 in which a report on  “Role of Surveillance in Securing Cities” was released. The program was sponsored by Western Digital Technologies one of the leading commercial stake holders in the business of selling storage devices and CCTV devices.

Several prominent persons from mainly government agencies in Bangalore participated in the program which was titled as a “Round Table” but turned out to be a sort of seminar on smart city surveillance issues. Some interesting aspects of surveillance came out of the discussion. Mr Gaurav Gupta, the Principle Secretary IT, Government of Karnataka also was briefly present and addressed the gathering.

Mr Kwaja Saifuddin, senior Sales Director-South Asia of Western Digital highlighted the growing demand for data storage arising out of the explosion of CCTV devices that are part of the “Surveillance” in cities both because the number of CCTVs is on the increase but also the required quality of imaging has been increasing.

The need for Smart City surveillance strategies to be “Citizen Centric” was highlighted by Mr R.Srikumar, former Vigilance Commissioner (CVC) and DGP of Karnataka and founder of www.indiancst.in

A panel of experts consisting of Mr Srinivas Reddy, Director, Karnataka State Natural Disaster Monitoring, B.N.S.Reddy, Director, Security and Vigilance, KSRTC and Professor T.Shankar, IISc and moderated by Mr Sanjay Sahay, ADGP, Karnataka shared specific experiences and issues arising out of the surveillance. The panel underscored that surveillance does not end with CCTV cameras alone and there is an important role for “Sensors” in the smart city management. Discussions were informative.

The report on “Role of Surveillance in Securing Cities” indicated that the global video surveillance industry is expected to grow at a CAGR of 11.87% to reach a total market size of US$ 48.69 billion by 2021. The current market in India was placed at $952.95 million and projected to grow at CAGR of 13% between 2016 and 2022.

Shift towards IP surveillance, lack of standardization broadly characterized the Indian Surveillance Market according to the report. Report urged that Governments should focus context specific needs and should invest in highest resolution cameras, best quality analytical tools and highest capacity storage.

Unfortunately the event did not provide much scope for discussion and hence it ended up being a one way presentation that highlighted that there is a tremendous scope for the industry surrounding CCTV cameras.

The “Round Table” failed to discuss the security issues such as the Denial of Service Attacks that could be launched by botnets created out of the CCTV cameras or failure of sensors in critical activities or the privacy issues involved in surveillance. The limitation of time could be one of the plausible excuses for leaving out discussions important to the community.

However, being a sponsored event, the lack of interest in highlighting unpleasant issues of surveillance could also be the reason.

When an event is titled “Round Table” and several Government officials and Police officials are invited for the event, it was disappointing that the event failed to make a whole some discussion of the “Surveillance” though as a special guest Mr Srikumar did point out the need for “Smart City Governance to be Citizen centric”.

Hopefully Smart City Council corrects this imbalance in their next event or call it an “Industry interaction on Business opportunities in Video surveillance” instead of a “Round table”.

(P.S: This is only a report on the event. Will present some of my views on surveillance separately)

Naavi

Bitcoin is now at cross roads. Which direction it may take globally is not clear. Indian regulators should consider themselves fortunate that they have not yet committed themselves to issuing of their guidelines despite pressure from different directions.

Currently the Bitcoin price has fallen from around Rs 210000/- to around Rs 162000/-.

One of the respected investors Mr Howard Marks has stated 

“In my view, digital currencies are nothing but an unfounded fad (or perhaps even a pyramid scheme), based on a willingness to ascribe value to something that has little or none beyond what people will pay for it,”

Simultaneously, a Bitcon laundering ring has been busted and a Russian (Alexander Vinnick)  has been arrested in Greece for being a suspected master mind behind a $4 Billion bitcoin laundering ring.

In the midst of these developments, the Bitcoin Improvement Proposal which was a proposal to make some code changes because the block chain storage capacity was getting congested. Over 93.8% of the Bitcoin nodes supported a modification of the code which will be implemented from 1st August 2017.

This will mean that a majority of the current nodes will upgrade themselves to the new protocol. However some will not. This will create two block chain forks to come into existence. The new block is referred to as “Bitcoin Cash”.

The creation of a new forked block chain which is referred to as a “Hard Fork” will mean that those who donot update to the new protocol will continue to be working on the old Blockchain fork. This could also create some transactions which may continue as a second version of the Bitcoin and there could be two market rates in the exchange. To avoid problems holders may sell out their bitcoin holdings and convert them into other AltCoins as soon as possible. However many Bitcoin holders have been defrauded recently in their transactions and hence there is lot of confusion in the holders about what action to take  while the conversion of Bitcoin to Bitcoin+Bitcoin Cash may happen on August 1st. Probably they need to rely on their exchanges to give out a solution. But it is clear that many may face problems and we will have lot of complaints surfacing after August 1st from those investors who were risking their hard earned money in Bitcoin as an investment proposition.

In the meantime there is another news item today that Karnataka Government is separately considering issuing some guidelines on Crypto Currencies. (Refer report here).

It is stated that the Government will host a seminar towards the end of August to discuss the issue with stake holders.

According to the minister  “”The seminar will give a perspective on whether Bitcoin should be used as a digital currency or as a securities or commodities”. He also said  “We will also see whether the platform of blockchain, which boosts efficiency in government administrations, can be used. Based on the inputs we receive from the stakeholders, we may consider a policy.”

In the past there have been several instances when Karnataka Government has taken decisions on Cyber Law which are ultra vires the Information Technology Act 2000.

Legislation on Crypto Currency is not in the domain of the State laws and hence it would be better if the State Government refrains from doing anything which is ultra vires the powers of the State Government at the behest of the Bitcoin Exchanges.

I would like to caution the Government that giving any kind of acceptance space to Bitcoin is harmful to the society. I am aware that many technologists are strongly supporting Bitcoins as well as the Block Chain technology. In my opinion this is representative of their myopic view that technology and innovation are welcome unmindful of its adverse impact on the society. If the Government falls prey to the PR efforts of the Bitcoin Exchanges, they will be damaging the economic framework and destroy the society.

This tendency to adopt measures which look attractive at first glance but could lead to self destruction is what I call  “Bhasmasure Syndrome” of creating a monster and later running to save our skin. People who advocate “Disruption” through “Innovation” should remember that disruption is welcome as long as there is no destruction. Otherwise it will be like the legendary story of Lord Eshwara giving a boon to Bhasmasura that if he places his hands on the head of any person, he would be burnt…. only to find that he wants to test it on Lord Eshwara himself.

I hope Karnataka Government does not invite problem by creating a Bhasmasura called Bitcoins.

Naavi