Naavi.org

The claim of Saurabh Chaudhary that EVMs can be tampered and the demo he ran in the Delhi Assembly is a fraud on the Indian public.

Mr Chaudhary brought his own EVM lookalike which had a self introduced code which could render it to function in a particular way. He used this to demonstrate that EVMs can be tampered with.

If this logic can be applied to any demo, I can bring a Mobile or Computer with pre-inserted virus and say that all computers behaves in a particular manner. If this argument has to be extended then we need to also state how the malicious code can be introduced in Computers or EVMs that are not under our control.

We had a similar situation some time back when a technology expert demonstrated that the Bank’s Internet Banking systems could be tampered with a user side virus which carries out as a “Man in the Browser” attack. It was with the disclosure that it is true only of that virus is present in the computer. Since we know that there are many ways that a computer of the public can be infected, the demo was legitimate and urged the Banks to introduce counter safety measures.

In the EVM issue, the devices are always with the Election Commission and its officers. Changing of the mother boards in say 10000 EVMs require 10000 fraudulent mother boards to be prepared and installed in the EVMs. It requires compromise of the human beings more than the machines themselves. Unless all the EC members are cheats, the allegation is an empty allegation and not a realistic process.

If Mr Chaudhary had shown that an EVM is susceptible to a WiFi signal or some other remote signal system which could alter the embedded code or otherwise tamper with the results, then there would have been some credibility.

The detractors of EVMs are quoting Mr Subramanya Swamy and GVN Rao who are BJP sympathizers. They may aswell quote me also since all of us have made statements about the tamperability of EVMs in different contexts. But EC has taken some counter steps including the VVPAT to address the vulnerabilities pointed out.

Now EC has also given an opportunity to the EVM detractors to prove that the machine can be tampered with in a hackathon invitation. But it is necessary for the detractors to prove that EVM is hackable while it is in the custody of the EC and not when it is taken over unless they also prove that a large number of EVMs can be taken over and manipulated.

It is ofcourse possible as in the days of booth capturing that EVM booths can be captured and machines tampered with. But today CCTVs do watch over such intrusions and representatives of all parties are present in the polling booth. Hence unless it is a security compromised area such as the parts of Kashmir or Naxal infected areas, capturing the EVM booths and changing the mother boards is not possible elsewhere.

Comparisons with some foreign systems are also not valid since the systems used are different from the stand alone machines used in India.

Political parties are raising this issue only to defame the Election Commission which has been hailed world over. They should stop this short term publicity stunts in the interest of the country’s reputation as a large democracy.

As an Information Security observer, I would like to add that the EC need not be complacent and should always be alert to the possibility that new technologies can be used to tamper any electronic device. If so, it should happen at the manufacturing level and hence proper controls there are required. EC may continue to review the security measures and take necessary measures.

I would not like to discuss any other speculative vulnerabilities in the public but express the confidence that EC should have access to proper security advise with which they can take all measures that are required to keep the possibility of frauds or errors within a range of probability within which the risk can be absorbed.

EC should not agree to some suggestions made by AAP that the voter should be asked to testify if the VVPAT coupon now shows what he himself voted. AAP is capable of bribing some voters to say that the VVPAT coupon is showing some thing different from what he swears.

Similarly, EC should not succumb to the pressure and re-introduce paper ballots just to satisfy the critics. It is even more vulnerable to tampering.

I hope that after today’s meeting of all Political parties with the EC, the controversy is laid to rest.

Naavi

The drama played by the Justice Karnan  having been convicted for 6 months imprisonment and suspension of judicial powers indicates that he is now standing in the shoes of a convict evading arrest.

The rumors floated by one of his lawyers that he may be in Nepal or Bangladesh etc while he is available to his lawyers to sign an affidavit in front of a Notary makes him a self declared fugitive from law.

There is a rumour that he may move the International Court of Justice to claim that injustice has been done to him like in the case of Mr Jadhav by Pakistan Military Court.

I donot see much difference in his conduct from that of Mr Vijay Mallya who is holed out in London. In fact, Mr Vijay Mallya appears to be in comparison a better gentleman than Mr Karnan because Mr Mallya is only fighting his financial charges and not denigrating the country and its democratic institutions which Karnan is trying to do.

What surprises me however is that many in the law community are standing in support of Mr Karnan for their own reasons. Most of these lawyers have a grudge against Judges in general and the Judges in Supreme Court in particular and find Mr Karnan a hero who has stood upto the mighty.

Their present wrath on the Supreme Court judges may be genuine because they feel that the Collegium system of appointment is not transparent, there is nepotism, there is corruption etc. Since Mr Karnan’s problems originated because of his complaints about his brother judges that they are corrupt, some of the lawyers think he is a crusader like Mr Arvind Kejriwal and deserves to be supported.

However, the statements that Indian Judiciary is corrupt is a generic statement similar to what we say about all politicians or all bureaucrats being corrupt. Such statements may be fine for a discussion in a party but not to be highlighted in the national and international media to further personal interests.

Besides some bad elements who may be present or perhaps are definitely present, Indian Judiciary still has some committed and principled Judges and it is uncharitable to carry individual grudges against some in the Judiciary to the entire community and dishearten even those who are honest and dedicated.

If the system of appointment of Judges is incorrect and not transparent, we have every right to fight for it. My lawyer friends should continue to fight for this cause.

But the same lawyers failed to support Modi’s Government when there was the difference between the Government and the then CJI because they had their own prejudices against Mr Modi which were more important to them than Judicial reform.

Today their prejudice for Karnan is making them take up cudgels for a person who is bent upon destroying the credibility of the Indian Judicial system.

This appears to me a hypocritical attitude.

Karnan is not fighting against the restoration of NJAC or some thing similar. He is only fighting what he calls as harassment of a “Dalit Judge”. He has in the past also raised the religion card Hindus Vs Muslims and Christians etc. He basically represents a corrupt mind that is dysfunctional to the society and will be detrimental to the society in the long run. If left unchecked he will divide the Judicial society on religion and caste basis and has to be checked before further damage can be done.

Mr Karnan has shown scant regard for the higher Court by passing his own Kangaroo Court order sentencing 7 Supreme Court judges to 5 years imprisonment without a trial while his lawyers cry injustice that he was himself sentenced by the Supreme Court without trial.

Besides, he is absconding like a common criminal and not surrendering before the Court.

We therefore have no reason to extend our support to Mr Karnan. He needs to be condemned as a person who is trying to denigrate the whole system of Judiciary in India and making our country a laughing stock in the eyes of the world.

The lawyers who have now filed a review petition before the Supreme Court for recall of the order have raised several legal issues including that the “Constitution” does not provide for dismissal of a High Court judge except by impeachment process and Supreme Court has no powers against High Court Judges except to decide on appeal of their decisions.

Their argument may indicate a lacuna in our Constitution that needs to be corrected. According to his detractors which include the Supreme Court judges themselves, Mr Karnan’s orders appear to be the decisions of a person who has lost his mental balance and hence does not fall under “Recognized Legal Contracts” let alone “Judicial Decisions”. Hence to defend them on “Constitutional Rights” is unjustified.

I donot see that it was the intention of the Constitution that a mentally unsound person could continue to occupy a Judicial position and exercise the constitutional privileges meant for the Chair.

If this indiscipline shown by Mr Karnan is not curbed, tomorrow we will have a judicial chaos in the Country with different High Court judges passing orders against brother judges and Supreme Court judges including orders to arrest them. It is better not to discuss the ugly consequences of such a possibility.

Mr Karnan and now his lawyers are giving a handle to Indian Anti Nationals to cock a snook at Indian Democracy.

If we dispassionately look at the developments of Mr Karnan Vs Supreme Court, it appears that Mr Karnan is fit to be declared as either

a) A person of unsound mind and hence all his actions are to be ignored or

b) A person who is an anti national who wants Indian Democratic reputation to be brought down in the eyes of the world

If the first presumption is taken, the review petition has to be dismissed forthwith.

If the second presumption is taken, the trial should be upgraded to a trial under other sections of IPC applicable to anti nationals and the appropriate punishments are considered.

If both the Supreme Court and the lawyers of Mr Karnan want a middle ground, the petition may be  dismissed on the grounds that the signature of Mr Karnan on the affidavit needs to be attested by his personal appearance since there is a probability that it could be a forgery.

It may be taken up again if Mr Karnan surrenders and appears in person.

In the meantime the Notary who attested the signature could be summoned to testify if the signature is true and if so, why the Notary knowing fully well that the person swearing before him was a fugitive from law, did not inform the Police voluntarily.

If Supreme Court is lenient on Karnan because he was a “Judge”, then it would indicate that Supreme Court is discriminating between a common citizen and a past Judge. They will not be able to exercise authority in the case of Mr Vijay Mallya who may raise a defense that the Court is  not consistent.

Naavi

Also Read

Curious case of Justice CS Karnan: How he defied the Supreme Court and created legal history

The Supreme Court Order Sentencing Justice Karnan to Six Months’ Imprisonment Sets A Wrong Precedent

Justice Karnan vs SC: Playing the lead in his own courtroom drama

Where is justice Karnan? Police struggle to arrest judge convicted by SC

CS Karnan vs Supreme Court: Ongoing stand-off a national shame, harms dignity of Indian judiciary

‘Missing’ Justice Karnan files counter appeal in Supreme Court

Justice CS Karnan ‘missing’, police of 3 states can’t find him

15-yr run: From AIADMK booth agent to judge to jail

Why are India’s top judges doubting each others’ sanity?

At Naavi.org 

Justice Karnan escalates fight with the system

A Sad Day for Judiciary.. at Madras High Court

“Cyber Insurance-a dog that can bite you and itself” says my friend  Mr Dinesh Bareja (Information Security Expert) in an interesting article. Mr Dinesh has well brought out the risk of an insurance company being sued by its client when there is a rejected claim. He has also pointed out how many insurers may find themselves unable to enforce the insurance claim even after incurring the cost. He has rightly concluded that both the Insurer and the Insured will learn in due course how to keep the Cyber Insurance dog under a tight leash.

Let me add to the comments of Mr Dinesh….

Cyber Insurance is a legitimate tool of an Information Security Manager for “Transferring the Risk” at a cost to an insurer. This is after he has taken reasonable steps to mitigate and avoid. The goal of an Information Security manager (ISM) is to ensure that the “Residual Risk” is within the “Risk Absorption” capacity of the organization as set by the Financial Managers.

However, in most practical situations, Cyber Insurance Contract is not conceived and structured with a good assessment of “Total Risk” reduced by  “Avoided Risk”, ” Mitigated Risk” and “Risk Absorption capacity”. (All reduced to a common denominator of Money).

I am not sure if any ISM has ever made a presentation to the Board stating to the effect that….”Our Cyber Risk is estimated to be around 100 crores to the best of our knowledge and ability…. By avoiding this process we can reduce it to Rs 80 crores….. By our ISM we can bring it down to Rs 10 crores…… Beyond this ISM cannot mitigate and the organization needs to absorb or cover through Cyber Insurance if possible.

In order to make an assessment of the kind above, we need to have metrics to evaluate our ISM program. If we intend to cover the residual risk with  Insurance, the best option is to work along with the Cyber Insurance Company what they consider as adequate “Information Security” and develop a mutually acceptable information security program.

If the Information security program of a company is approved by the Cyber Insurance Company, there will be less opportunities for rejection of claims and litigation between the Insurer and the Insured. But the Insurance industry is not interested in this approach for reasons stated below.

We should always remember that Indian Insurance Industry is working under the concept of “All Insurance Contracts are “Uberrimae Fedei Contracts”. Uberrimei Fedei contracts are contracts of “Utmost Faith” where the insured (applicant) has the onus of disclosing all matters that may affect the decision of the Insurer (The Cyber Insurance Company) in accepting the proposal. The Insurer has no obligation to verify and accepts the proposal as declared. But when a claim situation arises, the Insurance Company will undertake an investigation to find whether the Insured had disclosed all risks as were known to him on the date of the proposal and if there is any short fall, the claim would be rejected. The Insured will end up paying the premium but does not enjoy the benefit of the policy.

This system is to the advantage of the Insurance industry and there is no incentive for them to change it while the user industry has every reason to challenge this proposition.

This nature of the Insurance Contract as a “Contract of Utmost Faith” if accepted, puts the CISO in a spot. If he highlights all the risks, the management may say.. “too bad that you are the CISO”. If he does not…then he is postponing the day of reckoning to the day when the Insurance claim may arise.

In most companies, the CISO is not even consulted when a Cyber Insurance deal is negotiated with a Cyber Insurance Company. Some times, Cyber Insurance is taken because the Business Manager says that the vendor of a data processing contract has made it mandatory. It is only the CFO who takes the decision since he has to write the cheque. He will chose to insure to the extent his budget allows or to the extent a business contract mandates. It would be great if he checks with the CISO but it may not happen all the time. (This was corroborated in our Cyber Insurance Survey 2015).

IS specialists know that apart from all the risks that they are theoretically expected to assess and mitigate there are “Zero Day Risks” that no CISO knows. Ransomware payments in “Bitcoins” may involve an illegal acquisition of bitcoins which the Insurance company may refuse to fund. There is also a difficulty in stating the “Value of the insured assets” since financial valuation of data is difficult. Further most of the insurance claims are not for pre-determinable costs but liabilities that arise based on the third party claims. Hence to state in Good faith that “This is the Risk I face and this is the risk I can mitigate and this is the Risk which I want the Insurance Company to cover” is a near impossibility if we want to respect the “Uberrimae Fidei” nature of Insurance contracts.

Another risk that a CISO finds himself in is that when all the risks that he has identified are not mitigated and/or covered through insurance, when the claim arises, the Insurance company may hold the company of undervaluing its assets for insurance and either call it a fraud or at least reduce its coverage under the clause that “Insured is considered a Co-Insurer to the extent of under insurance”.

It is therefore clear that the decks are stacked against the Insurance seeker and this is one of the reasons that Cyber Insurance is slow to take off. In turn this also puts the Insurance industry in a state that they are not able to spread their risks and bring down the premia. If business expands, it is better for both the insured and the insurer. Efforts are therefore required in this direction.

I refer to my earlier article “If China can have a PRC law, Can we not too have a similar law?..for Insurance?“.

In this article I had highlighted the fact that In China, the Insurance law has been modified to make Insurance contracts, “Contracts of Honest Disclosure” and not “Contracts of utmost Faith”.

We in India need to introduce a similar modification to our Insurance law if we want the Cyber Insurance contract to be a useful tool in the hands of the industry.

What this “Honest Disclosure” could imply is that the Insurance Company is given the freedom to ask as many questions as they like on the “Cyber Insurability” of the proposer and even allow them to do their own risk assessment after which a mutually acceptable premium is fixed for the coverage sought and approved. In such cases, the possibility of a claim being rejected and bad blood developing between the user industry and the Insurance industry would reduce.

In the coming days, the GDPR regulations will force more and more IT companies to look for Cyber Insurance and for the benefit of all the contracts should be made acceptable to both the parties so that there is no misunderstanding.

It is for this reason that any organization that intends to take Cyber Insurance needs to have a suitable consultant to advise them to understand the limitations of what the Insurance company proposes rather than being surprised later at the time of claim.

Some of the Insurers particularly the Banks are used to issuing an RFP and chose the lowest bidder. This approach is dangerous since the RFP will become the base on which the “Utmost Faith” is determined on a later date.

Instead, they should enter into a negotiation with a short listed group of Cyber Insurers and discuss what is possible to be insured and take the insurance contract with the full understanding of what is covered and what is not.

This objective of having Cyber Insurance which is acceptable under a “Negotiated Risk Assessment” between the Insurer and the Insured can be achieved by IRDA coming out with necessary guidelines by declaring “Cyber Insurance” as a separate category of Insurance and instituting the “Honest Disclosure” element as part of the Proposal clearance.

So… the power to tame the Cyber Insurance Dog and make it a saviour of the IT industry without biting its master, now lies with IRDA.

Naavi

Two events dominated the news rooms yesterday both of which make us sad that the bizarre nature of some individuals are forcing others to consider equally drastic measures to avoid further disasters. Ultimately the society stands divided and bruised.

The first event was the decision of the Supreme Court of India to declare Justice Karnan, a sitting Judge of Kolkata High Court guilty of Contempt sentencing him to six months of imprisonment. Court ordered his immediate arrest.

Kolkata Police ignored the order and did not act in time. This allowed Mr Karnan to leave Kolkata and go to Chennai. Now he is under the Chennai Police jurisdiction and Kolkata police can say that they were not able to execute the order of the Supreme Court. TN Police may find their own excuses not to arrest him and in the end, Supreme Court will be considered as an “Ineffecive Institution” that cannot enforce a simple diktat of causing arrest of its own convict.

The second event was the demo of a self constructed EVM lookalike in the Delhi assembly and showing how it could be manipulated. This was to discredit the Indian election system and undermine the democratic system in India.

The demo was done within the legislative assembly session so that no action can be taken on “Mis-representation” or “Defamation” without the defense of “Privileges of an MLA”. Election Commission will therefore not be able to take any action on Mr Kejriwal or his party for seeding an element of doubt in the minds of people that our election system is rigged.

On a single day therefore the two events have denigrated two apex institutions of our country which should be handy for India-baiters to dub our democracy and judiciary as a farce.

Both Mr Karnan as well as Mr Kejriwal had an agenda of their own, parts of which can be justified. Mr Karnan can say that he was exposing corruption in higher judiciary and he was targetted in counter action. Mr Kejriwal can say that he is trying to rid the election system of a possible vulnerability.

However, the damage that both are doing to the overall system is some thing that needs to be recognized as an “Irreversible Damage”. At the same time, there are enough reasons to believe that both these crusaders have themselves created a situation where there are leaving no choice for others to take drastic decisions.

If others try to follow propriety and honour traditions of decorum, then we may see far worse days ahead. There is therefore a need to cut our losses and take corrective measures before things go more and more out of hand.

In the case of Mr Karnan, who is himself considered as a “Constitutional Authority”, many legal luminaries consider that Supreme Court does not have a jurisdiction to order arrest or curtail his judicial powers. They suggest that the only way his powers can be taken away is through a process of “Impeachment” knowing fully well that he would retire much before such action can be taken.

At the same time, supporters of Mr Karnan forget that it was even more unconstitutional for Mr Karnan to don his Judicial hat and pass orders of arrest and five year imprisonment on 7 senior judges of the country including the Chief Justice of India. These seven judges together have the powers under the constitution to even amend the Constitution itself. To argue therefore that they donot have the powers to order disrobement of Mr Karnan is “hair splitting”.

Also, in case no restraining action is taken, Mr Karnan could pass other bizarre orders including arrest of the Prime Minister and perhaps even the President of India and claim that he has all the powers to himself. It was therefore inevitable that the Supreme Court had to move and take action which can be called one of the “Rarest of Rare” situations.

Mr Karnan has not only denigrated the superior Judiciary but also brought “Caste” into judicial decisions and for this alone he deserves to be dumped into oblivion for ever, though it is impossible to undo the seeds of doubt he has injected in the minds of the citizens of India that judges are always looking at the Caste and Religion of the litigants and the advocates. This is a great disservice to all the honest judges who have treated the profession as a noble responsibilities beyond the normal discussions of caste, religion or politics.

I am aware that many of my friends in the Legal circles would not be happy with this view but the situation is similar to what a doctor faces when a limb has to be amputated to save the body.

Now the Supreme Court has to demonstrate that they can cause the arrest of Mr Karnan even if he has run away to a sanctury and may go into hiding until the heat subsides. Otherwise how can Supreme Court think that persons like Mr Vijay Mallya will respect the Court?

Coming to Mr Kejriwal’s theatrics, he used one of his MLAs to demonstrate that EVMs can be hacked. But what the AAP MLA Mr Saurabh Bharadwaj has done is to construct a device of his own and demonstrate how it can be hacked. This is a complete fraud enacted to fool the public. The objective is to create a fear among the public that our election system is unreliable and is manipulated by persons in power.

Mr Bharadwaj has not used a genuine EVM but his demonstration was meant to present his device as a genuine machine. There was therefore an attempt to impersonate the fake EVM as the real EVM. Using such a fake device, he is demolishing the foundation of democracy in India. The EVM system which is being hailed as a model by many other nations, is being denigrated so that India could suffer an economic loss and reputation loss in the global market.

All this together should qualify the demo as a punishable offence. It can be debated if his action could even be considered as an act of “Cyber Terrorism” since he used a “Computer Contaminant” to manipulate a “Lookalike EVM” and his intention was to give an impression that he is demonstrating the “Hacking of a genuine EVM”. Though he may be unsuccessful, it is definitely an “Attempt” to create a fear in a section of the society that our democracy has been undermined by the Election Commission at the behest of the ruling party.

However, since the demo was conducted within the precincts of the Assembly session, it may be constitutionally improper to take legal action except with the permission of the Speaker which ofcourse would not be forthcoming.

This again means that if legislative power is in the hands of people like Mr Kejriwal, they would even commit a murder inside the Assembly and exercise their privilege to bar investigation.

It is therefore necessary for the Election Commission and the Government of India to devise a means by which Mr Saurabh Bharadwaj is brought to book for an “Attempt to Destabilize the Democracy of India” under the appropriate legal provision.

Unfortunately neither the Supreme Court may be able to cause the arrest of Mr Karnan nor the Election Commission may be able to take action on Mr Surabh Bharadwaj. It is the Citizens of India who will be kept wondering that when people with power lose their mental balance, they will become the greatest risks to the country and our system is unable to control such mavericks.

I understand that in the US constitution, there is a provision that if the President is suspected to have lost his mental balance, some of his subordinates such as the Secretary of State, the Vice President, the Speaker and the Chief Justice may take a collective decision to remove the Presidential powers.

We need such a power to be exercised now to remove Mr Arvind Kejriwal and Mr Karnan from their respective constitutional positions without the usual procedures such as an “Impeachment” or “No Confidence Motion”.

May be it is time to consider suitable constitutional amendments to make emergent decisions possible in emergent situations…. without of course re-concentrating the powers in another single office including the Prime Minister or the President.

May be the President, Prime Minister together along with the Defence Minister,Chief of Defence, Chief Election Commissioner, Chief Justice of India, Speaker of the Loksabha, and the leader of the recognized opposition party, etc could be declared as a collective body to take such decisions on which the Constitution currently is inadequate to address.

….A point for debate

Naavi

Update: 11th May 2017

As anticipated, Mr Karnan is playing hide and seek and Police parties are shuttling between Kolkata, Chennai, Tindivanam (TN) and Kalahasti (Andhra) to locate him. In the meantime it is reported that he would be filing a petition challenging the order of the Supreme Court in the Supreme Court itself and has successfully executed an affidavit before a notary in Chennai without the Police being able to locate him.

The game perhaps is to extend this hide and seek, filing a review petition, seeking a stay etc until he retires or until the Supreme Court gets tired. Mr Karnan with all his experience is teaching people like Mr Vijay Mallya some tricks.

We would not be surprised if he turns into a successful practicing advocate after his retirement and replace the aging Mr Ram Jethmalani in defending Mr Kejriwal pro bono.

Also Read:

Justice Karnan Esclates fight

A Sad day for Indian Judiciary

Cyber Law Compliancy and Electronic Voting

EVM Controversy

Many of the app developers develop interesting and useful mobile Apps which are offered free and supported by Ads from Google.

There is no doubt that the creator of the Ad is entitled to monetize his creative work and we also appreciate that Google provides a reasonably good option to monetize and the system needs to be encouraged.

However, one of the risks that such App owners who allow ads to be served from a third party face, is the possibility of law infringing advertisements being served by the Ad servers.

All Ad service providers therefore need to take care that no advertisements which infringe the laws are served when the App is being used by the users.

I had recently (5th March 2017)  came across an incident where an app “A2ZKannada” which provides Kannada radio stations on the mobile displayed an ad on the android mobile with a link to a pornographic site. I notified the same to the app owner who informed as follows.

” Yes the app is ours. Thanks for the information regarding the inappropriate advertisement in our app. Actually its from Google Admob services. We are unaware that Google is approving these ads.

Today, I observed the same ad being displayed on another app.

These ads obviously appear randomly and it is difficult for us to reproduce the same. However, I have provided the date and time of the display and I am sure that Google already has information on who all visited the app at that specific time or there abouts. If Google asks, I am willing to give my mobile information to pin point the incident.

I have information that in the previous instance, the Company contacted Google but could not get any response.

I would like to reiterate that displaying links to “hot video” could be considered as an offence under Section 67,67A and 67B of ITA 2000/8 and the offence would be extended to the CEO and other officers and directors of the company owning the App through the operation of section 79 and 85 of the Act. Hence the App owners cannot take this lightly and brush aside as a technological aberration.

The App owners would have signed an implied contract with Google which should be considered Google as also an intermediary and responsible and liable for similar punishments.

However, if a complaint is actually made, then the Police are more likely to catch hold of the App owner and leave out Google.

It is therefore essential for all App owners using Google Ad service to immediately notify their Google Ad contact with a message to the equivalent of the following.

” We on behalf of ……….., a customer of your Google Ad service with the ID ….. hereby bring to your notice as follows:

We understand (Refer: https://www.naavi.org/wp/google-mobile-ad-server-serious-vulnerability/  ) that  there is a possibility that the ads served by your Company may be violative of the laws prevalent in India and may render us for penal legal action.

We request you to kindly note that under Information Technology Act 2000/8 applicable to publishing of electronic documents, display of ads that link to pornographic content which have been referred to in the said article are liable to be considered as a punishable offence.

We also foresee the possibility of other kinds of offensive ads including racist or terror promoting ads being displayed in similar circumstances exposing us to grave risk of loss of business, reputation and even imprisonment.

Since we donot have any control on the ads served, the entire responsibility to avoid such ads lies with you and you are deemed to have indemnified us completely from the legal consequences arising out of such ads.”

Please ensure that the e-mail is digitally signed or use the services of ceac.in which will provide free notification service as a special case with Section 65B certification of the notice having been sent to the given Google Ad contact. The App owners may also use the services of cyber-notice.com which will also be provided free for this incident reporting.

As regards Google Ad managers, I would like to state that

“The incident indicates that there is a vulnerability in their filter mechanism and this particular ad seems to be getting through whatever filtering mechanism you might have built. I consider this as a “Bug” in your system.

I am aware that your system largely is well designed and does prevent such occurrences most of the time.

Probably such ads are also legal in certain countries and the filter might have failed in identifying the country of origin of the visitor.

You are required to investigate these incidents seriously and let me know how you are eliminating the bug.

Now that you are notified publicly, if the bug is not rectified and in the next such occasion some visitor files a criminal complaint against the App owner and Google, your company would be liable for the consequences. Such liabilities include the possible imprisonment of your officers working in India. I therefore expect that Google will not neglect this open complaint and take necessary action.”

If any other App owner or member of the public observe similar ads being displayed in any App or website, kindly let me know.

Naavi

India has a high stake in the American Health Care industry since there is a huge IT spending by the Health care and Health Insurance industry in USA which also gets reflected in the outsourcing market. It is for this reason that HIPAA and HITECH Acts have been of interest to India as  prime Privacy and Information Security regulations which the Indian Business Associates of US Covered Entities were mandated to implement.

Even while the Indian industries are waiting for our own versions of HIPAA through the proposed Health Data Privacy and Security Act and the proposed Data Protection Act of India, HIPAA-HITECH Act provisions continue to be a “Best Practice Standard” for Indian companies exposed to Health Data which is classified as “Sensitive Personal Information” under Section 43A.

Hence any changes in the US Health Care market needs to be closely monitored by Indian companies to assess the financial impact that these regulations may have on the Indian companies. In this context the recent changes in the US in Health Care legislation needs to be watched by the Indian IT industry.

One of the election promises made by Mr Donald Trump was to repeal the present Affordable Health Care Act (ACA) regulations referred to as “Obama Care” and replace it with a better legislation. Now the US Congress has passed the “American Health Care Act -2017 (AHCA)” repealing the Obama Care with “Trump Care”. It has to go through the formalities of being passed by the senate before the President can proclaim it as a law.

The Trump Care does not affect HIPAA or HITECH Act provisions of Privacy and Information Security and hence it does not affect the HIPAA stakeholders both in USA and India. The Obama Care and Trump care both address the Health Insurance industry and the extent to which the citizens of USA should be provided with health insurance subsidized by the Government. Obama Care mandated “Health Insurance for All” and created an IT infrastructure for registration of individuals and for marketing insurance policies etc. People were made to obtain insurance if their income is above a particular limit or pay a tax penalty. If they were below an income limit, the Government would subsidize their premium. The entire project created a large IT business in USA, some of which must have benefitted Indian Companies also.

Trump was of the opinion that Obama Care was not feasible and the insurance companies were increasing the premia to an extent that there would be an unreasonable burden on the Government. Hence he wanted substantial changes or a replacement of the old act with a new act.

Under the new AHCA, it is not mandatory for everyone to take Health Insurance. If some body wants to take a new policy or renew a discontinued policy, when there could be pre-existing conditions, then the insurance agencies can charge a penal premium.

Also the cut off income for subsidization of premium has been brought down reducing the incidence of subsidy in the country as a whole.

Further there could be changes on existing policies with the States could introduce options to leave out some protections.

All this means that there has to be a tweaking of the insurance related data and a complete overhaul of many accounts.

This means that there would be another rush of IT work for making the changes in the accounts of individuals, removal of some from the subsidy scheme, changing the coverage etc. Essentially it could be a low end data updation work part of which could be automated or managed by the customers themselves. However the insurance companies need to revise their terms of insurance and hence IT work related to it would arise.

In summary we can therefore say that the switch over from Obama Care to Trump care would not affect the compliance requirements under HIPAA but may provide additional business for outsourced IT managers, subject of course to the new push for more domestic work force which Mr Trump wants.

Naavi

Related Article in Foxnews