Naavi.org

The tragic news of an young person in Mumbai committing suicide following the game of Blue Whale Challenge is shocking to say the least.

When we learn that more than 130 persons have similarly committed suicide in Russia, we may take comfort that we have taken note of the danger of this “Game” early and possibly we can prevent any more deaths arising due to this menace.

For records “Blue Whale Challenge” is touted as a “Game” and people are enticed into downloading it through Chats on social media. It is not available for download in Google Play Store and hence it targets those people who are deep into Social Media chatting.

There is a view that victims may be chosen based on profiling of the victims from  their Face Book or other similar platforms.

The persons who download the game are given one task per day as a “Challenge” for 50 days culminating with the suicide. Every task need to be recorded as a video and sent to the game controller.

The Complete list of 50 tasks that the BlueWhale Challenge proposes as one task per day:

1. Carve with a razor “f57” on your hand, send a photo to the curator.
2. Wake up at 4.20 a.m. and watch psychedelic and scary videos that curator sends you.
3. Cut your arm with a razor along your veins, but not too deep, only 3 cuts, send a photo to the curator.
4. Draw a whale on a sheet of paper, send a photo to curator.
5. If you are ready to “become a whale”, carve “YES” on your leg. If not, cut yourself many times (punish yourself).
6. Task with a cipher.
7. Carve “f40” on your hand, send a photo to curator.
8. Type “#i_am_whale” in your VKontakte status.
9. You have to overcome your fear.
10. Wake up at 4:20 a.m. and go to a roof (the higher the better)
11. Carve a whale on your hand with a razor, send a photo to curator.
12. Watch psychedelic and horror videos all day.
13. Listen to music that “they” (curators) send you.
14. Cut your lip.
15. Poke your hand with a needle many times
16. Do something painful to yourself, make yourself sick.
17. Go to the highest roof you can find, stand on the edge for some time.
18. Go to a bridge, stand on the edge.
19. Climb up a crane or at least try to do it
20. The curator checks if you are trustworthy.
21. Have a talk “with a whale” (with another player like you or with a curator) in Skype.
22. Go to a roof and sit on the edge with your legs dangling.
23. Another task with a cipher.
24. Secret task.
25. Have a meeting with a “whale.”
26. The curator tells you the date of your death and you have to accept it.
27. Wake up at 4:20 a.m. and go to rails (visit any railroad that you can find).
28. Don’t talk to anyone all day.
29. Make a vow that “you’re a whale.”

30-49. Everyday you wake up at 4:20am, watch horror videos, listen to music that “they” send you, make 1 cut on your body per day, talk “to a whale.”

50. Jump off a high building. Take your life

It is clear that the game’s objective is to lead the target to his death. The series of steps and messaging creates a situation where the victim gets hypnotized and follows the suggestions scrupulously.

The person who has created the sick game, who has been arrested in Russia says that these people donot deserve to live and hence he is relieving the earth of “Useless lives”.

Obviously this creator himself is a psychologically deviant person. He is supposed to be a student of psychology, aged only 21 years and reported to have been a failure in his career.

Just as a dejected software professional turns into a malicious hacker, this person has turned himself into a psycho killer.

The victim is also perhaps a depressed individual who takes into online chatting in search of a friend to pour his feelings out.

The entire game is therefore not a typical cyber crime but a psychological problem of the society.

It cannot therefore be addressed as a Cyber Crime and remedy sought from the Cyber Crime police in Mumbai or elsewhere.

Blocking the Dark Web:

The remedy from the policing angle is how to block the “Dark Web” which if done, will protect people from not only this Blue Whale problem but many other Cyber Crimes.

For this purpose we need to create a separate Internet network like a “White Web” where only verified websites and servers are allowed to be accessed. Websites may be allowed to register themselves with the authorities for a “White Web Pass”. At the same time identified “Dark Web” needs to be blocked leaving a middle range of “Grey Web” as it is now.

The children may be allowed through their restricted device to access only the White Web, create some kind of alerts through the ISPs when notified devices access Grey web or try to access Dark web. This requires the ISPs to create a filter which the parents can activate for specific devices such as mobiles or laptops used by their minor children.

This solution will be opposed by the ISPs and many technology intoxicated persons who believe that it is their birth right to do whatever they want on the Internet.

Let’s therefore leave this for further debate on a different occasion and focus on what we can do even while the Blue Whale Challenge or any other game of this type is still accessible to vulnerable children.

Addressing the Psychological Issue

Since the creator was arrested some time in May, it appears that there were other “Administrators” who had taken over as “Mentors” and managing the victims such as the Mumbai boy. Hence mere arrest of one individual would not bring an end to the menace and we should be ready for more such games to hit the market as long as the sadist technologically savvy creators are out there in the wild.

These creators and the administrators are hard core psychos and we can do nothing to reform them. If they are caught, then they should be permanently put behind the bar or even eliminated with a death sentence.

In the meantime we can address what can we do to prevent our children from falling prey to this game.

The first task is to identify potential victims through our own social media profiling of children, supervision of their web activity, changes in behaviour etc. Part of this can be done by the parents and more can be done through whistlebowing by friends through the Schools.

The Schools should not only undertake awareness creation for Children and the Parents on the menace and try to mitigate the risk but also create a “Whistle blower” mechansim for friends to report any abnormal behaviour of their co-students and also create a “Internet Counsellor” to address the children’s problems.

Children are more cooperative with their schools and amenable to receiving suggestions from their teachers rather than from their parents. Hence the schools have a big role in ensuring that the Internet addiction risk of every kind is mitigated.

The Maharashtra CM has sought guidance from the Central Government on how to address the issue but it appears that the solution lies in the Maharashtra Government (and also other State Governments) to mandate the schools that all of them should mandatorily conduct

a) An awareness program for children within the next one week

b) An awareness program for parents within the next fortnight

c) Introduce a “Whistle Blower” scheme where students report to the authorities about any abnormal behaviour of other students.

d) Appoint a psychology expert as an “Internet Counsellor” to visit the school once in 15 days, to spend some time addressing the students and to meet any children who would like to seek guidance. He/She could also be the Ombudsman for the whistle blower program

e) Report to the compliance through the website of the School.

I hope some NGOs take up the responsibility to coordinate and guide the schools in this regard. The above set of requirements can be considered as “Compliance Requirement” for the school.

Caution: For those adventurers who will try to download the game and check what it is, I would like to caution that the program would come with a trojan which would steal data from your computer or mobile, would be impossible to un-install and could cause other problems related to identity theft including theft of Banking and other financial information related to the mobile owner.

Naavi

Refer:

Man behind Blue Whale suicide ‘game’ says he’s ‘cleansing society’

Beware! This Blue Whale online suicide challenge is scaring parents world over

The truth of ‘Blue Whale’ challenge: A game said to ‘brainwash’ teens into committing suicides

I recall my brief report of the Smart City Council’s program in Bangalore on 28th of July. The central theme of the program was “Surveillance”. However the focus was more on the technology implications rather than ethical or legal issues.

While discussing the issues of “Surveillance” through CCTV cameras the phenomenal increase in the need for storage capacities as well as the band width issues in moving the images collected from the CCTV cameras to the central processing station on a real time basis so as to be of use in real time decision making was also briefly discussed.

 At the same time, the futility of having a low resolution image which later turns out to be of no use in recognizing the persons whose images are captured particularly when the person has committed some crime was also highlighted. This is a problem which Police normally experience. (Other than in the cases where the Police report that the CCTV cameras intelligently stopped functioning exactly when the crime was about to be committed!).

The Smart City Council’s program stopped at creating a case for buying more high resolution cameras and enhancing bandwidth infrastructure and data storage facilities which are all good for the commercial development of the “Surveillance industry”. However, there was no attempt to discuss the possible use of “Appropriate Technology” that can improve the efficiency of the image collection system along with reducing the burden on the data transmission and storage infrastructure. Since there was no representation of a Citizen centric panel member in the discussion, this point did not come up for discussion.

I hope Smart City Council incorporates this discussion in their subsequent so called “Round Tables”, one of which is scheduled in Mumbai for August 4th.

In the meantime, I would like to discuss two specific use cases and solutions that need further discussion in the appropriate decision making fora.

They are

1. Use of Image enhancement Technologies to upgrade image quality
2. Use of smart strategies to get proper images useful for prevention of crimes in the ATM security scenario

This is not meant to be a technology paper and hence it may leave certain technical details uncovered.

Image Enhancement

The idea of using image enhancement technologies is to manage with a low resolution image at the time of capturing and transmission back into the control room but enhance its quality when required with the use of Video image enhancement software running on the back end systems.

The attempt is to use Video enhancement on real time basis so that where necessary quick decisons can be arrived at.

This may be even treated as a “Video Forensic” strategy to create a better video from which vehicle number plates are easily identified, face recognition is reliably achieved so that instructions can be transmitted to operational police or medical or other disaster management units to either rush to the trouble spots or try to intercept a criminal trying to get away.

Image enhancement technologies work on two levels. One is “Optical level” and the other is “Geometric level”.

In “Optical level Super Resolution Imaging Technique”, the limitations of the optical device arising due to the “Diffraction Properties” of light are sought to be corrected for getting an output which is more useful.

In the “Geometric Super Resolution Imaging Technique”, the pixalations are corrected by removing noise so that more details of the picture could get revealed.

Here is an example of a real time video enhancement that can be achieved through software which may use the combination of both the above techniques and apply it on multiple video frames to generate a more intelligible video than what the camera first generates.

The above is just an example of what can be done back in the Police Control room to make surveillance through CCTV cameras more effective when we are constrained to use low resolution cameras because the budgets donot permit. It will also not require huge enhancement of storage and data transmission capabilities.

Those interested can research more on the possibilities. If we can direct some of our research capabilities in IISc type of organizations, we can perhaps develop some of these software indigenously so that the cost of Smart City surveillance comes down significantly.

Smart ATM Security

The image enhancement techniques will work when the problem is really of the quality of image received. It cannot however address the other situations where the CCTV owner does not bother to check if the installed cameras are working or not.

Let’s leave out deliberate deletion of CCTV footage which I have already discussed in earlier articles as a Section 65 Offence and look at an instance where we can force the use of a device only if the CCTV footage is working.

I have proposed this strategy for the ATM security system where

a) Entry to the ATM is through a biometric lock which captures the finger print.

We May or may not  authenticate the person  in real time with the customer data base but store the data for some time for use when required.

b) Face recognition camera is fixed directly to the ATM so that any body who does not expose his face will not be able to carry out the transaction.

For this purpose, the ATM is operated with a lock which gets opened only when the face recognition camera transmits a proper image back to the server and a “Go Ahead” signal comes from the Bank’s server.

The above strategy (IPR with Naavi) is simple and inexpensive but no Bank has introduced it so far because they are either not “Smart” or because they donot want to spend that “Extra Rupee” for security.

When we are prepared to develop the so called “Smart Cities”, such simple “Smart Solutions” need to be tried out as a part of our “Smart City Policing” requirement.

At present I am not sure if Police are part of the initial planning of any Smart City. Most such projects are driven by the vendors and the politicians who look at how fat is the project cost. If the cost is lower, politician is often not interested. ( I can vouch for this from my personal experience in the past). Police are brought in only at a much later stage when the technical infrastructure is already firmed up and there is no scope for structural changes.

I wish a demand is made by the Police that they be made part of any planning to introduce high end technology into our Governance system because they are the people who have to carry the baton when things go wrong.

At the same time, in order to avoid some bad elements in the Police who are subservient to the political masters corrupting the system, there needs to be some checks and balances including taking the CCTV footage archive out of control of the operational people so that it cannot be manipulated on a selective basis.

These are matters of detailing which can be handled in Smart City Policing strategies when required.

In summary, I would like to state that Smart solutions using appropriate technologies are essential to ensure that available technologies are used efficiently while we do also strive to increase the technology boundaries itself with better cameras, more storage space etc.

I urge IISc to dedicate some research in this direction if they have not already done.

Naavi

For some time now I have been trying to reach out to Net4India for some of my services and I am finding that the Company seems to have gone silent on customer interactions.

I have observed technical glitches because of which repeated demands are being raised for renewal of domain names even after they have been renewed leading to double payments which we never know will be reversed.

It is possible that this is not a technical glitch but actually an attempt to defraud the customers.

If any domain name expires without being renewed because of the inefficiency or attempt to extract double payments on renewal, then Net4India will be liable for compensation arising out of loss of domain name and consequent denial of access.

As a Company responsible for such denial of access Net4India will be liable under Section 43 and 66 of ITA 2000/8 and its Directors and executives will be liable under Section 85.

I have personally tried to reach out to the Director and Senior officials of the Company but no one seems to respond. The Help desk number is not picked up the customer relations officer is not responding to e-mails.

Last but most significant is that the e-mail legal@net4.com remains unresponsive.

When the legal department does not respond to a charge of possible fraud, it means some thing is seriously wrong with the company.

Net4 India has a huge stake in customer records and thousands of Indian websites run on their domain name/E_mail services or hosted in their servers. Many of the Government websites are running on the server certificates issued by Net4india and probably even hosted on its servers.

Under such circumstances, if Net4India as a company goes down, there will be a serious Cyber Issue in the country.

I am placing this national Cyber Security concern in the public space so that if any person in Delhi has any personal contact with Net4India, they can try to get confirmation on my apprehension that the Company may be in the process of winding up its operations either in full or partly.

I also request TRAI and CERT-IN to look into the reasons why Net4India remains unresponsive and if the public interest is threatened.

Naavi

In the past we have highlighted the three dimensional approach to Information security which combines Technical, Legal and Behavioural science as the dimensions of Information Security.

Uni-Dimensional Approach

Information Security has often been approached as a “Uni-Dimensional” concept based on “Technology”. Under this concept, Information Security is often defined as “Preserving the Confidentiality, Integrity and Availability” of information. This is often referred to as the CIA principle.

Of late the Information Security community has extended this three component based technology approach to the fourth component of  “Authentication”.

This “Uni Dimensional” approach works on the end objective of “Protecting Data” and “Restoring it in the event of a loss”.

The approach therefore depends on the DRP-BCP principle where there is a good (if possible concurrent) back up of data which can be restored “Fully” within a short time. The Backing up process and the Recovery from Back up also needs to be “Verified” with hash check.

In these days when “Trojans” are programmed to activate themselves on pre-determined time and day, it is also necessary for the restoration from back up to be done as a “Clean Back up” ensuring that no dormant malware is present in the back up copy and using a clone copy for restoration if required.

This Full, Verified and Clean back up process can solve the problem of data loss and if the BCP process is set to low RPO and RTO (Recovery point objective and Recovery Time Objective), the Uni dimensional information security approach of “Protecting the Data” can be reasonably satisfied.

The implementation of the Uni Dimensional technology based approach is through the Firewalls and IDS systems as well as the Access Control and Encryption kind of technology applications. Hashing and Digital Signature technologies are used to ensure integrity and authentication.

The ISO27001 and PCI DSS type of information security audits are normally considered as the final word on information security in this Uni-Dimensional approach.

Dual Dimensional Approach

The Uni-Dimensional approach essentially tries to protect the “Data” from being lost through unauthorized access or through other technical issues including malware attacks such as the ransomware.

However when the unauthorized access results in ex-filtration of data or compromise of confidentiality, mere restoration of lost data may not provide a relief to the information owner. When data held in trust by a company is compromised, then there is an issue of third party liabilities arising out of privacy protection laws or contractual obligations.

There could be also vicarious liabilities arising on the information owner due to the legal provisions such as under Section 79 or 85 of ITA 2000/8.  Essence of such legal provisions is that if an organization that collects information from the public suffers a data breach through external attacks or insider threats, if it cannot prove that it has observed “Due Diligence” and/or “Reasonable Security Practice”, the liabilities will crystallize on the organization and its executives.

Such liabilities (Section 43 read with Section 66, Section 43A, Section 72A, Section 65 and Section 67C) could result in bot civil liabilities and criminal liabilities.

Hence a DRP-BCP which results in restoration of data and continuity of business systems does not protect the information owner from either being liable to pay damages or even go to jail.

The Second dimension of information security therefore is the “Techno Legal Approach” which tries to protect the information owner from liabilities arising out of data breach incidents. Such protection arises from the organization being “ITA 2008 compliant” and also documenting its compliance process to be produced as its defense when the requirement arises.

Being able to protect one self from liabilities is the “Defensive Legal Remedy” (DLR) that companies may seek from its compliance activities under the Techno Legal Information Security approach.

Apart from being able to defend the company from liabilities, being compliant with cyber laws ensures that the company may be able to use the same law to recover damages from others (eg sub contractors and ultimate offenders who committed the crime) through invoking a litigation process. This is an “Offensive Legal Remedy” (OLR) that becomes available to the company which has suffered a data breach.

It is clear that no company can claim to be legally compliant under “Due Diligence” or “Reasonable Security Practice” if it has not implemented the technical security measures including obtaining certification of ISO 27001 or its equivalent.

However the technical security measures are considered “necessary but not sufficient” to provide the liability protection for the information security owner.

Thus the Dual Dimensional approach extends its scope from protecting the information along with the information security owner.

The Preservation of Confidentiality, Integrity and Availability of information still prevails along with Authentication which should be legally sustainable and “Non Repudiable”.

Undersigned believes that the management approach to information security could be prioritized based on the following hierarchial prioritization of the different components of Techno Legal Information Security.

The Third Dimension

Whether the approach is Uni-Dimensional or Dual Dimensional, the implementation always requires the support and complete willingness of the people. The technical aspects such as access control often fail because the users tend to be ignorant and negligent. Policies and procedures prescribed for legal compliance which may include sanctions also fail through ignorance and unwillingness to adhere to rules and regulations.

Information Security professionals do recognize the role of “People” in information security and try to address the “Social Engineering” attacks through appropriate awareness building exercises within their employee fold.

However, problem with “People” is that same persons behave differently at different points of time and different persons behave differently for the same stimuli. It is for this reason that the undersigned considers “Behavioural Aspects of people” as the third dimension of information Security and not merely the “people”.

“Ignorance” can be reduced by “Awareness” building which is through training of various types that are part of the information security practices.

However, Awareness Building is another “necessary but not sufficient” factor in information security implementation. Awareness needs to be converted into “Acceptance” and there after into “Commitment” if the information security controls are diligently to be followed by the people who are responsible for the implementation of information security.

Since law attributes the automated actions of a system to the “Person who caused the system to behave in the particular manner”, the software creator or the owner of the system who takes over the software/system along with its default configurations become the human elements who are responsible for the actions of the automated systems. But the software developers may not foresee the vulnerabilities nor feel the effect of the vulnerabilities since they successfully pass on the liabilities to the user. Law hurts the user of a software and the intermediary who provides the platform for the software. It does not touch the software developer who developed and released a defective software with vulnerabilities. Though the software developer may later identify the bugs and send “Patches”, the liability on “Zero Day Liabilities” still remains with the software user which is an unfair burden to some body who has paid for the software.

Some software developers have the ethical attitude to at least run “Bug Bounty” programs which acknowledges the limitations of the testing process before release of the software but tries to provide some cover to the crowd sourcing of testing process. But since Bug Bounty programs are not mandatory, most software developers release untested defective software and start counting cash before the product is patched for basic defects.

“Security By Design” and “Secure Coding Practice”  is known to most software professionals but they still ignore. This is a serious issue that the software industry has not been able to tackle effectively.

This attitude to ignore security issues is more a result of the “Attitude” of the software professionals rather than a function of “Ignorance”.  There are issues arising out of “Technology Intoxication” and some times a deviant mindset such as the “Cyber Offendo Mania” (an Obsessive compulsion to commit an offence).

In the Cyber Crime scenario, attitude of users to “Blindly Trust” the software and an urge to “Be the first to test a new introduction” often makes people invite compromise of identity and opening up doors of opportunity for attacks.

The attackers are also emboldened through the “Anonymity” and “Asymmetric advantage” that the he may use for planning and executing the attacks while the security professionals are constrained by the uncertainty and unpredictability of the nature or source of the next attack.

The attackers are also persons who are “Technologically intoxicated” and hence are prone to irrational decisions besides calculated motivated attacks.

The behavioural aspects of unknown attackers is not amendable to be mended except by creating a “Deterrence” through well publicized exploits of police in busting criminal rackets. However we can try to mitigate the risks of insider attacks by trying to modify the behavioural traits of people who work for an organization.

For this purpose, we need to be able to identify “Deviant Minds” and put in place strategies to mitigate the risks through counselling, advanced training etc.

Addressing the “Mitigation of Information Security Risks arising out of Behavioural Traits of employees” is a subject which is far removed from the skill sets that an information security professional is normally endowed with. Management/HR professionals may posses such skills but technical experts have skills which may be diametrically opposite to the requirements of observing and reacting to psychological infirmities of the subordinates.

This area is still in a developing stage and Psychological and Sociological experts need to research in the area of Information security challenges arising out of behavioral traits of people.

Naavi tries to incorporate principles of Behavioural Science solutions such as ego-gram mapping and script mapping of Eric Berne and identifies the requirements as part of his “Pentagon Theory of Information Security Motivation”. Under this theory, it is considered that Information Security motivation is bound by Five parameters namely Awareness,Acceptance,Availability, Mandate and Inspiration arranged as the boundary walls forming a pentagon rather than the hierarchial pyramid model of motivation used by Dr Maslow in his theory of motivation.

There are several issues of this theory which needs further examination by Techno Legal Behavioural Science Experts who are the Information Security professionals of the coming era.

The Plus One Dimension

Naavi has been discussing the three dimensional approach to Information Assurance for several years now and hence it is not new. The information security professionals in general have already moved from the Uni-dimensional approach to the dual dimensional approach. The hurdle to absorb and assimilate the third dimension will take some more time and will require managerial acumen to be imbibed by the CISOs. It will take its time and we need to wait for this maturity to be reached.

In the meantime it has become necessary to point out to another dimension which is relevant for the current scenario.

While the earlier approach covers protection of data and the protection of the data owner, there is also a need to consider whether it is the responsibility of the information security community to grow out from being selfish and always looking inwards to being more responsible to the community they serve by being a little more outward looking.

In this approach, it is necessary for the Information Security to consider if there is any risk for the eco-system caused by the information security failure and whether some thing can be done to protect the eco-system.

One example that comes to the mind is the discussions we are now having on “Bitcoin”. There are many information security professionals who endorse Bitcoin because they like the “Block Chain technology”. Some are even thinking as if Block Chain technology is a “Information Security Tool” since it can be used to “Build trust from out of an Untrusted resource”.

However, if Bitcoin is an “Anonymous” and “Unregulated” currency that can replace the legal tender of a country, the impact that it may leave on inflation, Black money creation, Terrorist funding etc needs to be taken into account. If these negative concerns outweigh the positive aspects of the technology, we should be prepared to reject the innovation. This is like the “Risk Absorption Capacity” of the society that needs to be kept in mind at the time of chosing risk mitigation strategies. If a certain risk is beyond the risk appetite of an organziation, such risk needs to be eliminated by avoiding the risk rather than trying to mitigate it through other measures.

The rush to implement Aadhar Based Payment Systems could be another innovation that we need to check under this Plus-one dimension. “Regulated Anonymity” vs “Absolute Privacy Protection as a Fundamental Right” could be another example that we need to check under this concept.

This concern for society and incorporating the “Social Cost Benefit” to our equation of information risk management is the “Plus One” dimension that I would advocate for the industry of information security professionals to consider.

Even the Cyber Insurance professionals should consider this as a necessity since the aggregated risks arising out of such damage to the society makes re-insurance more expensive.

This Plus-One dimension opens up a discussion on Technology innovators who tend to introduce  “Irresponsible Innovation” that can cause “Disruption” which may actually lead to destruction of the society.  Some of the Cybertariat issues that I have discussed earlier actually stem from the fact that technology innovators often blinded by their “Technology Intoxication” ignore the debilitating effect of what they do on the society of which they are also a part. This is the “Bhasmasura Syndrome”(Call it Frankenstien Monster if you like) which I espoused in an earlier article.

We as a community of Cybertariats including the software developers, information security professionals, management professionals, Cyber law professionals, Psychology/Sociology professionals etc should all start debating on the need to recognize and factor in “Social Cost” to technological innovations so that progress does not come at the cost of the society.

Naavi

IEEE had organized a one day symposium at IISC, Bangalore on 29th July 2017 to discuss various issues that confront Netizens (Cybertariat). During this symposium, issues such as Cyber Crimes and Information Security was discussed.

There was also a focus on “Ethics for Cybertariats” as a concern for the society. Dr Gopal of Anna University, Chennai and Dr Srinivas of ECE department IISc, Bangalore took the lead in organizing the symposium. Mr Pavan Duggal, and the undersigned were among the speakers who shared their experience to the audience drawn mostly from academic circles.

I am separately sharing the brief of the presentation made in this symposium. In the meantime however, I would like to share an article that I had contributed to one of the publications of International Review of Information Ethics (IRIE). 

This article has become more relevant today after Mr Donald Trump took over as President of United States.

LAG Neutrality Challenges and Solutions

The growth of Cybertariats as a new class of workers who represent an integration of the Cyber Society work with existence in Physical space has opened up new challenges in the management of the work force.

The key concerns or issues are those which  arise in the world of Cybertariats  because of the  “LAG neutrality” namely the “Location Neutrality”, “Age Neutrality” and “Gender Neutrality” of a Cybertariat worker.

Impact of Location Neutrality

The first and foremost issue regarding the rise of Cybertariat workforce is the impact on the local employment and the issues arising therefrom.

The Cybertariat workforce is location independent since they can work from anywhere and anytime and still are virtually present in the workplace. The industry loves them because they can hire them by shopping economically  across the globe and also fire them without as much of an impact as it creates when they fire the  physical workforce. The industry can keep only the “Work Goal” as the criteria for maintaining the Cybertariat work force and free themselves from other distracting aspects of human management.

The Cyberetariat workforce essentially works on a Virtual identity. In  many instances the real identity may not matter at all. Most commercial workforce which are distant from the national security domains donot need either an identified work force nor a permanent workforce. They can be hired and fired like a “Job Worker”.

What makes an economic sense for the businessmen to hire Cybertariat workers instead of the physical workers, creates a serious ethical issue of whether industries can be oblivious of the social impact of local job losses to technology workers from another place.

The frequent references of Obama and now Donald Trump to Bengaluru IT industry as a threat to US economy stems from the fact that, for a Chicago company, the remote Bengaluru worker may be more efficient and more economical than a comparable worker sitting in Chicago. While this does affect the employment potential in the physical space of Chicago, the profitability and global competitiveness of the US Company which opts to use a Cybertariat Bengalurian instead of the US based Chicago resident, improves.

Whether the trade-off of possible local un-employment with more profit generation for the company/country is beneficial or not is an economic decision. However, this also raises the ethical issue of whether it is the responsibility of the industry to share its prosperity with the local community by providing a stable employment scenario to the community so that the community lives in harmony.

In the recent days, concerns to the Cybertariat hiring are arising because of the “Security Issues”. Any cyber work involves handling of data which is personal and some times also sensitive. The security of such data is therefore a concern for “Privacy” as a part of the democratic tradition and also as a means of preventing Cyber Crimes.

A standing example of how “Privacy” and “Security” concerns affect the Cybertariat workforce is evident in the fact that after the increasing number of data theft reports from USA, the flourishing “Home Based Medical Transcription Industry” in India seems to be withering away.

A workable solution towards balancing better economic sense with softening of the local sentiments is to be worked through a “Corporate Social Program” which makes it obligatory for the Cybertariat employer to contribute to the development of alternate employment opportunities for the local workforce.

If for example, the cities of Bengaluru and Chicago enter into a Cybertariat Workforce Treaty, they can ensure that Obama need not introduce a “Bengaluru Tax” nor Trump needs to put an embargo on “Export of Data” to Bengaluru but negotiate a reverse flow of benefits from Bengaluru to Chicago either in the form of cyber related work at a different level or even through import of say manufactured goods from Chicago to Bengaluru.

Age Neutrality Impact

As compared to the Location Neutrality, the Age Neutrality raises an issue of whether “Earning Potential” of an individual needs to be “Retired” after a person attains a particular age. In a society where “Old Age Security” is important with raising life span and decreasing family support at old age, it is some times cruel to retire an otherwise able and efficient worker just because his age certificate indicates that he has crossed a certain age.

Cybertariat workforce are free from this obligation of “Retirement” both because they work on short term assignments as well as with a focus on work output rather than other considerations.

The Cybertariat employers however have not yet fully exploited the potential of “Age Neutrality” of workforce as we still see them going with the normal recruitment norms applicable for the physical world. They therefore look at providing “Work From Home” option to persons who love to drive to their office rather than being confined to within their homes in front of their parents. On the otherhand, a middle aged person who loves to work from home and also attend to some obligations associated with staying at home would love the work from home concept more than driving down to work. Work from home for such middle aged and seniors would be a blessing and they would provide better output per unit of investment to the hirer.

Again this age neutrality could raise an ethical issue of the obligation of industry to support the younger generation who is looking for a “Primary Source of Income” for earning a livelyhood rather than providing additional revenue as a supplementary income to a middle aged or senior worker who already have enough savings for his basic necessities .

Balancing the requirements of the young society with the senior society is therefore an obligation that the Cybertariat industry needs to manage.

Again, the solution lies in generating specific alternate avenues of employment which the younger generation consider it an enjoyable occupation in replacement of the not so enjoyable nine to five office job  which can be split into two or three slots and filled up by multiple senior persons working from home.

Gender Neutrality Impact

The third key aspect of Cybertariat workforce is the fact that the concept of “Good Looking”, “Male or Female” has no relevance to the work.

In certain types of work, “Voice” could be a factor of employment but with some voice changing software available in the market, real time voice changing could be a technically and commercially feasible option to be used by Cybertariat workers to completely negate the advantages or disadvantages of the gender of a Cybertariat worker even when the work involves a voice interaction.

In countries like India, we are still struggling with concepts such as “Gender based Reservation” and “Gender Based Discrimination” in workforce policies. Rise of Cybertariat workforce kills the concept of such gender based discrimination and brings in an equality between the male and female workforce. It eases the obligations of the employer such as extending leave to employees beyond certain limits only on gender based considerations and generally helps in improving the productivity of the entire workforce.

Again the advantage that the Gender Neutrality provides to the Cybertariat employer also provides a challenge to the ethical obligations that the society may like to pursue in providing employment based on the gender of the employee.

While the gender neutrality may reduce the preference that the society now provides to women in the form of easy working hours and longer maternity leave etc., Cybertariat workers simply donot care about working hours and maternity leave since they can work as long as their health permits and be beneficial to both themselves and the employer.

In summary we may observe that there are several ethical issues that arise out of the rise of Cybertariat work force. But these provide several economic benefits to the employer and the disadvantages are often a reflection of our expectations created because of our experience with the workspace in the physical world. As we get used to the Cybertariat work space, we can certainly find a balance between the economic advantages and ethical challenges and perhaps achieve a better harmony and benefit to the society on the whole. Managing the transition without being bogged down by the old principles of what is an ideal work space is however a necessity to harness the benefits of Cybertariat work culture.

Naavi

Smart City Council India, conducted an event in Bangalore on 28th July 2017 in which a report on  “Role of Surveillance in Securing Cities” was released. The program was sponsored by Western Digital Technologies one of the leading commercial stake holders in the business of selling storage devices and CCTV devices.

Several prominent persons from mainly government agencies in Bangalore participated in the program which was titled as a “Round Table” but turned out to be a sort of seminar on smart city surveillance issues. Some interesting aspects of surveillance came out of the discussion. Mr Gaurav Gupta, the Principle Secretary IT, Government of Karnataka also was briefly present and addressed the gathering.

Mr Kwaja Saifuddin, senior Sales Director-South Asia of Western Digital highlighted the growing demand for data storage arising out of the explosion of CCTV devices that are part of the “Surveillance” in cities both because the number of CCTVs is on the increase but also the required quality of imaging has been increasing.

The need for Smart City surveillance strategies to be “Citizen Centric” was highlighted by Mr R.Srikumar, former Vigilance Commissioner (CVC) and DGP of Karnataka and founder of www.indiancst.in

A panel of experts consisting of Mr Srinivas Reddy, Director, Karnataka State Natural Disaster Monitoring, B.N.S.Reddy, Director, Security and Vigilance, KSRTC and Professor T.Shankar, IISc and moderated by Mr Sanjay Sahay, ADGP, Karnataka shared specific experiences and issues arising out of the surveillance. The panel underscored that surveillance does not end with CCTV cameras alone and there is an important role for “Sensors” in the smart city management. Discussions were informative.

The report on “Role of Surveillance in Securing Cities” indicated that the global video surveillance industry is expected to grow at a CAGR of 11.87% to reach a total market size of US$ 48.69 billion by 2021. The current market in India was placed at $952.95 million and projected to grow at CAGR of 13% between 2016 and 2022.

Shift towards IP surveillance, lack of standardization broadly characterized the Indian Surveillance Market according to the report. Report urged that Governments should focus context specific needs and should invest in highest resolution cameras, best quality analytical tools and highest capacity storage.

Unfortunately the event did not provide much scope for discussion and hence it ended up being a one way presentation that highlighted that there is a tremendous scope for the industry surrounding CCTV cameras.

The “Round Table” failed to discuss the security issues such as the Denial of Service Attacks that could be launched by botnets created out of the CCTV cameras or failure of sensors in critical activities or the privacy issues involved in surveillance. The limitation of time could be one of the plausible excuses for leaving out discussions important to the community.

However, being a sponsored event, the lack of interest in highlighting unpleasant issues of surveillance could also be the reason.

When an event is titled “Round Table” and several Government officials and Police officials are invited for the event, it was disappointing that the event failed to make a whole some discussion of the “Surveillance” though as a special guest Mr Srikumar did point out the need for “Smart City Governance to be Citizen centric”.

Hopefully Smart City Council corrects this imbalance in their next event or call it an “Industry interaction on Business opportunities in Video surveillance” instead of a “Round table”.

(P.S: This is only a report on the event. Will present some of my views on surveillance separately)

Naavi