What “We the people” say on Judge’s Controversy

Posted on January 14, 2018 by Vijayashankar Na

The Four judges of Supreme Court who recently held a press conference appealed to the public through the media with a request ‘please take care of the institution and take care of the nation’. The judges namely Justices Chelamaeshwar, Rajan Gogoi, Madan B Lokur and Jurien Joseph were complaining that the Chief Justice as “Master of the Roaster” is actually behaving as a “Master” and he should not do so. They said that their efforts to make him allocate sensitive cases only amongst the top 5 judges were not being heeded and some cases are being allocated to the junior judges.

The revolting judges agreed that this was an unprecedented situation and they wanted to go through this exercise as otherwise history would accuse them of having sold their souls.

The conference itself was held very clumsily. The judges did not have the press release nor a proper statement to be handed out to the press. There were favoured lawyers who were in the crowd of the journalists and Mr Shekar Gupta a veteran journalist was even invited to sit on the dais.  Immediately after the press meeting, the CPI party leader Daniel Raja, a known opposition party leader was seen shaking hands with Justice Chelameshwar giving a political colour to the entire episode.

The judges came out as completely inexperienced in not only the manner in which they conducted the press conference but also the manner in which they were fumbling for words during the interaction.

Justice Chelameshwar said that what they wanted to share was a letter they had written to the CJI a copy of which would be shared and that is all they wanted to say. Gagoi confirmed that there is nothing more to say beyond the letter but inadvertently admitted that the admission of the case in the Justice Loya’s death was a reason for this press meet.

Mr Dushyant Dave has been the advocate strongly advocating that the Justice Loya case should not be heard by a specific judge and it should be heard only by one of these four judges as if they would give a decision in his favour only.

Another advocate Mrs Kamini Jaiswal who is bitterly against Mr Amit Shah indicated in her subsequent statements that the possibility of Mr Amit Shah not being convicted was the reason behind this revolt. It was as if Teesta Setlwad was speaking through Kamini Jaiswal.

Yet another advocate Indira Jaising has also been vocal with similar views indicating that the politics of “Anti Amit Shah” forces were truly pushing the judges into a corner with the press conference.

It appears that these three advocates are either directly or indirectly responsible for the current mess in the Judicial system and are unmindful of the damage that they have done to the Indian judiciary for their own personal gains.

It was not surprising that Congress followed up with its own Press Conference though it was also as indecisive as the Judges press conference. It appeared as if Mr K.S.Tulsi had strongly opposed Congress getting into this controversy but Kapil Sibal and P Chidambaram pushed through the conference.  Rahul Gandhi in his usual style spoke a rehearsed sentence and ran away without taking questions.

With the Meeting of D Raja with Chlemeshwar and the Congress press conference, it was clear that the Four Revolting Judges were playing the tune of the political parties. However much they may try to whitewash their intentions, the perception with the public is clear that this was a political agenda playing out through the four judges.

It appeared that these four judges wanted to say more but were restraining themselves. Finally the charges made by the four judges appeared hollow and self defeating. Had they been more forthright, they would have atleast sounded more convincing.

Since then, several legal luminaries are expressing their views on the points raised. A large number of advocates are on the side of the Four revolting Judges while a large number of past judges are holding  the view that conducting of the press conference was wrong.

If we ignore the perceptions and focus more on the problem they have highlighted, then solution is not difficult to find.

The accusation is that while the CJI is considered as having a discretion to constitute benches and allocate cases to any of them, he should do so only with the consultation of the 5 senior most judges who form the collegium.

While the Judges 2-5 in seniority who held the Press Conference hold that CJI is only the “First amongst equals ” and not more important than any of them, they consider that other judges of the supreme court who are 6-25 in seniority are lesser mortals who are not equal to the first five.

This does not seem to be a logical l argument and has to be rejected.

Either all the judges have the privileges attached to their seniority in which case the CJI as the senior most has higher privileges that includes the management of the roaster, or they should agree that all judges of the Supreme Court are equally competent to handle any legal matter before them without fear or favour and with the legal expertise required.

Expecting that the rule of “First amongst Equals” applies only to the first five and not to all the 25 judges of the Court indicates a self serving argument.

If we admit that the roaster allocation had some “Motive” behind it as implied by these four judges, we can also imply a “Motive” behind the accusation of the four revolting judges. If CJI wants to avoid handing over some sensitive cases to any of these four and wants to give it some other judge down the line which is a departure from the procedure indicates a “Bad motive”, then the demand that such cases should be handed over only to them and not to anybody else also indicates a “Bad Motive” on the part of the four judges.

If we leave aside these perceptions since these judges are not transparent about their motives and want to hide behind the respect they enjoy as judges of the highest court of the land, let us accept that the only grievance is that the allocations are being done not in accordance with the established procedures of the past where all the five senior most judges worked together as a collegium and distributed sensitive cases only amongst themselves so that none was unhappy but the current CJI is trying to break this tradition.

Perhaps this is making these judges insecure and their friend lawyers also more insecure because they were perhaps existing in the system more by the strength of their relationship with the judges rather than their ability to fight a case on the merits.

The solution for this is not in asking the media and the public to adjudicate since what “We the people ” may say will not be palatable either to these judges nor to their favoured lawyers. Nevertheless since they have sought our advise, let us provide them the advise.

The problem is about allocation of cases to the 25 judges of the Supreme Court in an equitable manner that justice is done to the petitioners. The criteria of seniority is only relevant as a demonstration of the expertise of a judge and not otherwise. Each judge may however carry a badge of domain expertise based on the type of cases in the past where he would have examined a particular domain in depth and thereby gained an expertise. There cannot be any expertise based on qualifications since the College qualifications of all the judges are at least 3 decades old and has no relevance today. For example, Mr Chelameshwar being a student of Physics in his college does not make him a domain expert in a case involving Noise pollution or Electric outage etc.

Either the judges have to declare their top three areas of interest/specialization based on their own self introspection or based on the cases they might have handled in their career  and have to be tagged with the domain of expertise which were required to resolve them.

Assigning a “Domain Expertise Tag” to every judgement released by a judge in all the Courts is a process that has to be introduced now so that after a decade or so, it becomes a reliable barometer to tag a Judge with his area of domain expertise. Criteria for this needs to be developed and adopted.

In the meantime, an adhoc measure can be adopted where each judge of the Supreme Court is asked to declare three areas of interest that is used as his “Specialization Tag”.

Every judge will automatically have a seniority tag also. Using these two tags along with a “Random Allocation Tag”, it is possible for the Chief Justice to select a Judge or a Bench of multiple judges for assigning any case.

For this purpose, the CJI may categorize a case as “Requiring a specific domain expertise”. He can use is “First amongst equals” privilege to do so. Similarly, he can decide on whether the case requires a single judge or more judges to be in the bench.  Having decided these two parameters out of his privilege of being the CJI, he can proceed to allocate cases in the following manner. CJI can also determine the workload of a judge and determine if he has to be part of the selection for a given case or not.

a) In case of single member allocations, the choice can be completely randomized, such as picking up a judge out of the 25 (or lesser numbers if some is over burdened with cases at present). It is possible to do this by computerized allocation with priority criteria for domain expertise and seniority to be set to zero.

b) In cases where two  judges are there in a bench, one of the selections can be made on domain expertise criteria and the other on random basis.

c) In cases there there are three or more members in the bench, one member may be selected on seniority basis, second on domain expertise basis and the third randomly.

In larger benches the criteria can be repeated for the balance vacancies to be filled up.

This process leaves enough scope for the CJI to exercise his privilege and also provide opportunities for the senior members to be part of the important cases where there are at least 3 members. The single member benches which are prone to manipulation by friendly advocates would be randomized so that no advocate would gain an unfair advantage with a petitioner saying “I Know this Judge, Come to me”.

If the Supreme Court wants a software to be developed for the purpose, I am sure that there would be many software professionals who would be willing to develop it for free as their contribution to protect the institution which is the concern of these four revolting judges.

Naavi

Posted in Cyber Law | Tagged , , , , | Leave a comment

Public Consultation on Data Protection Legislation

Posted on January 14, 2018 by Vijayashankar Na

Yesterday, (13th January 2018), three members of the Judtice Srikrishna Committee on Data Protection Law participated in a public consultation program in Bangalore at the IISc auditorium.

Honourable Justice (Retd) B.N. Srikrishna, the Chairman of the committee was present along with two other members of the committee namely Mr Gopalakrishna and Rama Vedashree. A healthy discussion was held all through the day with around 100 participants which consisted of the elite Privacy practitioners in Bengaluru including IT professionals, Lawyers, Activists and some representatives from the academia. This was one of the four such meetings that are being held across the country while the option to submit the feedback continues on the website till January 31, 2018. The earlier meetings were held in Delhi and Hyderabad and the last meeting is being held at Mumbai.

Though this consultation was not directly related to a discussion on Aadhaar, there were many agitated Aadhaar critics in the meeting and raised their concerns. The Supreme Court which is resuming its hearing on Aadhaar on 17th January 2018 will take into account the efforts of the Government in improving the Privacy protection regime in the country both in its efforts to introduce the Virtual Aadhaar ID system as well as the introduction of a robust data protection law in India.  In that context, the efforts being taken by the committee to have a wide consultation across the country with experts from the field was important since one of the objections of the Anti-Aadhaar lobby has been that the Justice Srikrishna Committee itself did not have a proper representation of all stake holders. This consultation process therefore addresses this issue and takes the sting out of the criticism that the committee does not represent all the stakeholders.

Justice Srikrishna came through as a well informed person even in the field of Technology and gave confidence to the community that the Data Protection recommendations to be given by the committee would be fair and address most of the concerns. He was keen to listen to the views of everyone and responded where required with his own wit and humour, keeping the discussions lively throughout the day.

End of the day, the gathering was convinced that the job of framing the data protection law which has been pending since many years and passed through many versions would get another serious and fair try.

We urge professionals to take the time left to go through the white paper and submit their valuable views to the committee so that the opportunity to contribute to the law making in this important area is not missed.

Naavi.org hs been providing its views and will continue to do so in the next few days left.  So far some of the views have been expressed in the following articles.

1. Data Protection Law in India… Three Big Ideas …. Data Trust, Jurisdictional Umbrella and Reciprocal Enforcement Rights
2. Look beyond GDPR and Create Personal Data Trusts to manage Privacy of data subjects
3. “Compliance by Design” should be the motto of the Data Protection Act of India
4. We should forget the “Right to Forget” in Indian Data Protection Act
5. Personal Data should be considered a personal Property
6. Data Protection Act.. We should aim at Compliance with Pleasure not Compliance with Pain.
7. Right to Privacy should cease at death
8. Proposed Data Protection Legislation in India- White Paper released
9. All articles

Naavi

Posted in Cyber Law | Tagged , , , | Leave a comment

Data Protection Law in India… Three Big Ideas …. Data Trust, Jurisdictional Umbrella and Reciprocal Enforcement Rights

Posted on January 13, 2018 by Vijayashankar Na

As the Government of India conducting nationwide public consultation programs on the Data Protection Law proposed to be drafted on the basis of the Justice Srikrishna Committee, I would like to place before the ministry, some of my key ideas.

Big Idea 1: Data Trusts

The global regime of data protection including the EU GDPR recognizes the role of

  1. a Data Protection Authority for the nation,
  2. Data Controllers who collect data from the subject and/or determine how the personal data is to be used,
  3. Data Processors who process personal data on the instructions of the Data Controller
  4. Data Protection officers at the industry level as compliance officers.

I propose a new category of agency called “Data Trust” which operates between the Data Subject and the Data Collector and works as an escrow agent for the personal data of the individual. It will be a specialised institution which

  1. has the necessary wherewithal to secure the data entrusted to it by the public
  2. has the ability to classify the personal data entrusted to it by the public into different data category packages such as “Basic”, “Basic-identity”,”Sensitive identity”, “Confidential” \or such other categories as they may chose to logically group
  3. has the ability to decode the consent forms and privacy notices of data collectors and grade the data controllers
  4. has the ability to determine which category of data is required to be supplied to which category of data controller
  5. has the ability to process a realtime request from the data subject to supply appropriate data to the data collector during a service registration process
  6. is registered with the Data protection authority
  7. is subject to being reviewed both by the strength of their performance and an audit by the authority
  8. is able to keep an arms length relationship with the Data collectors
  9. is able to monetize the data for the benefit of the data subject
  10. is able to issue a pseudonomization Id to its members which can be used instead of the real information when personal data is to be provided to data collectors.

The creation of this intermediary would be a unique suggestion that will make Indian law different from the rest of the world and meet the requirements of our country where there are a large number of less literate persons operating mobiles.

Big Idea 2: Jurisdictional Umbrella

Since Data Protection is a global concept and just as India is imposing responsibilities under Indian law, many of the Indian processors are already under obligation to international data protection agencies including GDPR authorities where huge penalties are likely to be imposed on the Indian companies through contractual obligations.

Indian law therefore has to also decide on the jurisdiction of the proposed law and how it will handle the disputes arising between Indian processors (or controllers) with the GDPR counterparts.

It is proposed that Indian law is made primarily applicable to the Indian Citizens for the protection of their rights on personal information privacy.

Impact of this law on non citizens arising due to the collection of their personal data during their activities which come under the Indian legal jurisdiction is not an obligation of the country but could be accepted in the interest of projecting India as a country that can be trusted for data protection for cross border transactions.

However, when it comes to enforcement of the rights of any foreign agency including private citizens as well as GDPR authorities or even the Contractual beneficiaries aborad, on any Indian Citizen or Indian Data Controller or Data Processor, it should be mandatory that the dispute is resolved only with the involvement of the Indian Data Protection Authority.

Indian Data Protection Authority shall be the sole adjudicating authority for all disputes in which an Indian Citizen or an Indian Corporate or an Indian Government agency is a party.

Big Idea 3: Reciprocal Enforcement Rights

Recognition of any data protection law of any country outside India shall be only on a reciprocal basis where equal rights are available from the other country which may include

a) Enforcement of the privacy rights of an Indian Citizen or a Company in the foreign jurisdiction

b) Enforcement of penalty of any description on an Indian Citizen or a Company vis a vis similar rights for the Indian companies or individuals on the foreign citizens and companies.

I urge the Ministry to incorporate the above three ideas into the proposed law in appropriate terms.

Naavi

Posted in Cyber Law | Tagged , , , , , | 2 Comments

It is Y2K moment again in India, with Virtual Aadhaar ID

Posted on January 12, 2018 by Vijayashankar Na

It appears as if the Anti Aadhaar lobby in India has just been outsmarted by the UIDAI with its proposition of the “Virtual Aadhaar ID” as a response to the many complaints about the leakage of Aadhaar information.

The Supreme Court is waiting to complete its hearing which potentially could hold that the linking of Aadhaar to Bank and Mobile accounts was in violation of the Constitutional Right to Privacy of an individual. In the process, the entire Aadhaar scheme’s future hangs in balance.

The ground had been well prepared for scrapping the Aadhaar with the hurriedly issued 9 member judgement in the Puttaswamy case declaring Privacy as a fundamental right giving a very strong weapon with which any action of the Modi Government related to Aadhaar could be struck down.

Since the Supreme Court cleverly avoided defining what is Privacy even while holding that it is a Fundamental right, it left the doors wide open to intervene on any thing that Aadhaar was supposed to be linked with. The recent sting operation of Tribune alleging that the entire Aadhaar data base access could be purchased for Rs 500/- in 10 minutes had primed up the argument for striking down the Aadhaar linkage. Aadhaar linkage appeared to be a lost cause after this Tribune revelation.

But suddenly the “Virtual ID” option floated by UIDAI has frustrated the anti Aadhaar lobby and given a strong argument for UIDAI that it is responding to the security vulnerabilities and taking mitigation steps.

The plight of the Anti Aadhaar lobby is  like the plight of a batsman in a Cricket game who has happily jumped forward to a flighted delivery hoping to hit a six,  only to find that he has  missed the ball and is now praying that the Wicket Keeper does not stump him out.

We hope that the Wicket Keeper completes his expected duty and the Umpire does not call a no-ball.

There is no doubt that the Aadhaar authorities have been in the past behaving with an air of arrogance that reminded me of the “Indira Gandhi of Emergency Days” . But the intention of the Government to use Aadhaar as a unique identifier to root out benami asset holding and black money cannot be faulted. All those who wanted to  protect their black money were using the “Privacy” argument to oppose Aadhaar. The UIDAI was playing into their hands so far by its own negligence, ignorance and arrogance.

Hence there is a need to address the security concerns and meet them adequately rather than blaming the system itself and fight for its scrapping.

The Virtual ID concept is some thing which should be appreciated as a step in the right direction. It is true that it has come late and should have been in place from the day Aadhaar was intended to be used for KYC purposes widely. We have repeatedly advocated what we have called  “Regulated Anonymity” and the Virtual Aadhaar ID is close in its concept to part this concept which is the principle of “De-Identification” or “Pseudonomization”.

Under the proposed system, UIDAI will stop allowing direct access to its core CIDR server system which houses the data of the citizens collected for issue of Aadhaar. Instead there will be a gateway server which faces the down stream service providers which is linked in the back end with the core CIDR server. Public will be able to obtain a “Virtual Aadhaar ID” which is a 16 digit temporary random number mapped to the Aadhaar number of the user, through the website. This 16 digit number may be used as an ID to be provided to service providers like Banks and Mobile companies. When these users want to check the Aadhaar identity against either the OTP or biometric of the Aadhaar holder, the query will be processed by the secondary server which in turn will query the Core CIDR server and process the request.

The exact architecture that UIDAI may use is not known. It is however clear that the Core CIDR server has to be kept insulated from the public including the agencies such as AUA/KUA with a strong Firewall that separates the Core CIDR system from any communication from outside. The mapping of the Virtual ID issued and the true ID has to be maintained some where and that becomes a critical component of the process. How this is secured determines the security of the system as a whole.

If UIDAI again makes mistakes in managing the security of this “Mapping Server”, then the problem will continue.

The architecture should therefore include a “Virtual ID issuing server”, “Virtual ID-True ID mapping Server” in addition to the current “Core CIDR Server”. In the Regulated Anonymity system that we had discussed in the past, a system was discussed for such requirements and hopefully some of those principles would be used and improved upon in the UIDAI new system. (The Regulated Anonymity system is discussed here). The concept was discussed in 2013 and could be considered as raw and amenable to many improvements.

If UIDAI does not secure access to the “Mapping Server”, the data will be only be marginally more secure as it introduces one additional step for the hackers to break.

If UIDAI sheds it’s “I Know Everything” attitude and is humble in listening to the experts in the field, it may perhaps be able to secure the system at least in future. Whether it is too late?… is difficult to answer.

The Y2K Moment again

Keeping the arguments of how the security of the Virtual ID would be implemented, we can now address the industry issue that the proposed system has introduced. UIDAI has announced that the UIDAI will start accepting VID from March 1, 2018. From June 1, 2018 it will be compulsory for all agencies that undertake authentication to accept Virtual ID from their users.

This means that all the agencies who are using Aadhaar now, (Should be thousands of companies) will all have to tweak their codes to accommodate a 16 number system in the place of a 12 number system for its services. For some time, they need to maintain both systems working and later remove the earlier 12 digit number acceptance.

Additionally it may be necessary for them to covert all existing storage of True Aadhaar Id with a Pseudo Aadhaar Id or atleast remove the True Aadhaar Id from their system.

This will be like implementing the “Right to Forget” which is a tough task since most of these companies will not know where all they have stored the Aadhaar numbers in their systems. It could be on web servers, on cloud storage systems, on e-mail servers etc and all of these have to be erased. (If such a requirement is made).

It is possible that the Supreme Court may impose the above condition for allowing the use of Virtual ID in future and not scrap the system. But it is not known when they will give their view on it. The user companies have to therefore keep their fingers crossed and wait if the 16 number field has to be used in future or they should keep both options in place for some time.

The software developers therefore have their hands full only to implement the changes as the Supreme Court may decide. In this respect we will be re-living the days of Y2K implementation when globally codes were changed to accommodate a four digit field for the year component of a date instead of the 2 fields which were provided.

Good for many… but costs for the companies….Perhaps it is the price to be paid for the development amidst a hostile political environment.

Waiting to see what the Supreme Court will do now….

Naavi

Related Articles:

Aadhaar Authentication: How To Use Virtual ID (VID)

Virtual ID is Aadhaar 2.0, It Can be Changed Any Number of Times: UIDAI Chairman

Aadhaar Virtual ID “Unworkable”, Will Oppose Tooth-And-Nail: Petitioners

There’s no consensus over Aadhaar number or 16-digit virtual ID

Old Articles of naavi

Reasonable Security Practices For UID Project..in India..A Draft for Debate

The Unique ID Project.. What should be Unique?

The National ID Card Challenge for Nandan Nilekani.. Part I

The National ID Card Challenge for Nandan Nilekani.. Part II

Posted in Cyber Law | Tagged , , , , , | 4 Comments

Look beyond GDPR and Create Personal Data Trusts to manage Privacy of data subjects

Posted on January 11, 2018 by Vijayashankar Na

As the extended date (31st January 2018) for submission of feedback on the whitepaper on Data Protection law approaches, there is increased activity in the industry circles to submit the recommendations.

It is obvious that there will be two distinct sets of recommendations that will be reaching the Government. One would be from the industry side where the concern is on the role of Data Controllers, Data Processors, the Cross border data flow restrictions, Data Localization, impositions such as Privacy by design and Right to be forgotten, Right to access and correction etc. On the other hand the Privacy Rights activists would be focusing more on the rights protection through increased participation of the data subject in the management of personal data, increased penalty, better data breach notification, proper consent management etc.

The law makers need to ensure that there is a balance in meeting the conflicting demands of the two stakeholders.

The Justice Srikrishna Panel has been heavily influenced by the GDPR in the draft of the white paper and it is likely that even the final law may borrow a lot of ideas directly from GDPR.

One of the key suggestions which Naavi.org would like to put out is to look beyond the concepts of Data Controller and Data Processor which form the backbone of GDPR and look at a new dimension of control by creating a third entity which we may call “Data Trusts” or “Data Managers”.

The “Data Trust” is envisaged an intermediary between the data subject and the Data Controller and would address most of the regulatory concerns where there are likely to be conflicts between the Privacy activists and Data Industry.

We all accept that “Data” is the new oil and there is a huge  business interest driving data analytics which will be seriously affected by the Privacy regulations. If the regulations are too strict, the business interests will find ways to overcome the law and do what they would do for the commercial gains.

For example, “Informed Consent” coupled with “Notice” can be the basis on which any data controller could gather personal information for further processing. Even if these are mandated by legislation and supported by audit, penalty etc, it is unlikely that this would be anything beyond formalities. In the mobile world which is the biggest concern, consumers of service can hardly be expected to study the Privacy Notice and provide Informed Consent all the time. The Consent may be so complicated and long winding that “Consent Fatigue” may make it useless. Further it is possible that the coding of the Apps or software may include data mining though the notice may say otherwise.

Hence “Notice+Informed Consent” principle though is essential would not work in practice to the extent it should.

I therefore propose that a system should be introduced where data subjects are provided assistance by professionals in managing their “Data” and ensuring that it is not misused and where it is used with consent for financial gain, a part of the reward goes to the data subject.

For this,  I propose the following infrastructure.

  1. Declare “Personal Data” as the property of the data subject which he has right to license for a commercial consideration.
  2. Any Data Controller who wants to use personal data must be prepared to purchase the rights from the data subject through a “License”.
  3. The “Personal Data License” will be bound by a contract (like the consent) which will determine the purpose for which the data use is licensed, the period etc along with a measurable financial benefit in case the data is used for marketing and financial gain.
  4. Since it is difficult for the data subject to negotiate a proper value for the personal data, there is a need for “Personal Data Managers” as professional advisers to the data subjects or a more institutional form of “Data Trusts” which could be organizations who will offer the service of “Personal Data Management”. They will function like “Portfolio management advisers” and  “Mutual Fund” organizations in the investment circles.
  5. Personal Data Managers and Data Trusts may offer their services under a “Self Declared Data Management Practice Statement” which is registered with and approved by the National Data Management Authority.
  6. The National Data Management Authority will provide the Approval rating of such individual Personal Data Managers and Institutional Data Trusts in a National Registry and through periodical public feedback and its own research make necessary changes as and when required.
  7. The data subject will be free to chose any Personal Data Manager or Data Trust and deposit their personal data with them with option to “Port data” to other data managers/trusts.
  8. The Data Controllers will be mandatorily required to  obtain the data from these data managers and trusts who will be responsible for vetting the “Notice” and “Consent” in a professional manner.
  9. In order to enable a data subject to encapsulate his personal data into a package that can be managed, the Data Trust will receive the data and issue a “Personal Data Management ID”. This could be issued in multiple layers such as “Basic Data ID”, “Medical Data ID”, “Financial Data ID”, “Biometric Data ID” etc.
  10. When a data subject needs to provide his personal data for availing any service, he may simply provide the appropriate ID and the service provider has to extract the details from the designated data trust/manager who is expected to apply due diligence in the interest of protecting the interests of the data subject.

Advantages 

Apart from the benefits of this system to assist the data subject surf through the maze of complicated Privacy Notices, and Consent forms multiple times and understanding them befor approval, the system will make it easy for the regulator to regulate the industry since instead of regulating hundreds of data controllers and processors, they can focus on regulating the Data Trusts and Data Managers as an intermediary industry. This will reduce the number of players to be monitored.

At the same time, the Data Management industry will be able to develop expertise in data protection and management which is absent today even with regulatory authorities.

Since this scheme envisages that there would be a proxy ID for the data, it will enable confidentiality and data security by not exposing the primary data in multiple collection points.

Each data trust will be like the UIDAI or even better in terms of data security and they should compete on the basis of their security principles and ability to pay a license fee to the data subject members.

We donot envisage that members will pay for this service. They will license their personal data to the Data Trust agency either for free or for a fee payable. It may take some time for the economic model here to develop and for the Data Trusts to provide a commercial benefit to the members. But initially, their ability to provide data protection by pseudonomization of the personal ID or through complete encapsulation with the proxy ID will be a sufficient reward to the data subjects.

If Data is really the new Oil and the Data industry makes money out of the data subject’s data, then they may pass on part of the benefits to the data subjects. For this purpose they may offer a small percentage, even if it is one part in a lakh of a rupee of their profits from the data management business either in cash or in the form of “Loyalty Coupons” that can be exchanged elsewhere, it would provide some kind of “Return” to the data subject to compensate for his loss of privacy.

I believe that the above proposal is even a solution for the inadequacy of UIDAI to secure the Aadhaar data.

P.S: These are my preliminary ideas which can be refined further into a commercial service if any organization is interested. I trust the Data Protection Law recommended by Justice Srikrishna Committee makes such service feasible through appropriate enabling provisions.

Naavi

Earlier Articles related to the above may be available here: 

Posted in Cyber Law | 2 Comments

Mr Piyush Goyal and Mr R K Singh… Do you know how much energy goes into Bitcoins?

Posted on January 8, 2018 by Vijayashankar Na

I draw the attention of the honourable Union Ministers Mr Piyush Goyal and Mr R .K Singh, responsible for the energy sector in the country on the need to take steps to reduce the adverse impact Crypto Currencies are having on the energy sector on a global scale.

It is a pet idea of Mr Modi’s Government that we need to encourage transport vehicles which would use electricity and renewable energy instead of the conventional Coal and Thermal energy. This is being countered by the proliferation of Bitcoins and Crypto Currencies and needs to be checked.

I would like both the Ministers responsible for Energy related activities,  to reflect for some time the havoc that the Crypto Currency system is creating in the whole world in terms of the energy consumption and whether the World can afford it.

We often discuss the global warming and Carbon footprint and design policies to correct the environmental imbalance. But have we ever paused to consider the damage we are inflicting on the global energy environment by not taking action on Crypto Currencies?

Afterall, Crypto currencies like Bitcoin have no economic value to the society other than being the Currency of the Criminals, created by Criminals posing as technologists, for the benefit of the Criminals. The society has no reason to pay a price to make the life of Criminals comfortable and profitable. But that is what the policy makers are doing now.

It is unfortunate that instead of India under Modi taking a lead in preventing the damage to the energy environment being created by Bitcoins and its 1370 cousins (as of 31st December 2017) in the energy sector, we are debating whether India should legalize Bitcoins.

According to one estimate, (Refer digieconomist.bet)the current estimate of energy

consumption by the Bitcoin network isaround 38.21 Twh per year and it has grown from around 10 Twh to this level in the last one year.

This appears to be only refering to the Bitcoin network and if we add the other Crypto currencies, it would be more than double this level.

If this is compared with the total energy consumption in different countries, it appears that Bitcoin network consumes nearly 10% to 15% of the consumption of most advanced countries.

Compared to India whose estimated energy consumption is estimated to be about 1238 TWh, Bitcoin industry consumes around 3% of our consumption and the entire Crypto currency industry should be consuming around 6% of the electricity consumption of the 1.2 billion population. The consumption of Electricity by the Bitcoin industry is said to be higher than that of the whole of Denmark or Nigeria.

If this is not checked, the energy managers of the world will be considered as fools. There is no justification for wasting the precious energy resource of the globe to promote a Currency network for the criminals .

Since China is one of the biggest Bitcoin mining country and it uses Coal based power, it is also said that the Bitcoin industry contributes adversely to the Carbon footprint in the globe as well.

Bitcoin’s villany in  being a “Perfect Black Money” and “Currency for funding Crimes and Terror” is well known. To this we need to add the adverse impact that the Crypto currency industry leaves on the Power consumption for unproductive and negative purposes and the Carbon foot print.

All this indicates that if the Government of India does not immediately move to ban Bitcoin and discourage use of all Crypto Currencies in India, it will be doing a disservice to the global community.

Many people are unable to understand the difference between Crypto Currencies and the Digital Currencies which represent the money in the Bank withdrawable by electronic means. Such people try to create a misconception that opposition to Crypto currency is opposition to Mr Modi’s Digital India Concept. I am sure that you understand the difference and you should educate other members in the Government about why Crypto Currencies is bad for India and we need to ban it forthwith.

Government is also often mislead with the fact that some countries like Japan have recognized Bitcoins and we should also follow. This is not a valid argument since the needs of different countries are different. We know that there are countries which have legalized sale of narcotics and illegal arms. It may be good for them. But we cannot follow them.

We donot know what is the stock of Crypto currencies held by Japan and China. It could be huge and they would like it to be used by converting it into dollars. USA also has a large stock in Government control. China has been very clever and has banned Bitcoin exchanges and prevented the Citizens to trade in Bitcoins but the Government itself is said to be continuing the mining data centers which run like an industry. It is also possible that China must have now shifted its attention on mining other Crypto currencies such as Ripple or Ethereum since it is more profitable than mining Bitcoins and hence it is playing a double game of banning the exchanges without stopping the mining activities.Those who already have a significant share of Bitcoins would definitely want to legalize Bitcoins not only for their countries internal use but also to use it in international payments.

We must resist their attempts since it would be detrimental to our interest.

I therefore suggest that India should take a global leadership position to oppose Bitcoins and Private Crypto Currencies (Not the Government backed Crypto Currencies which may be introduced by Russis or other countries in the coming days), starting with an immediate ban on Bitcoins in India.

In India I am sure that those who have already built up a stock of Bitcoins which unfortunately includes persons like Mr Amitabh Bachchan could be preventing the Government from taking a decision to ban Bitcoins. We need to take a tough stand on this and cannot allow those who converted white money to black by investing in Bitcoins to profit from their activities even if it was done innocently.

We need to show the same resolve that we showed during the demonetization of high denomination notes and now demonetize Crypto currencies.

I request Mr Piyush Goyal and R.K. Singh to move the issue with the Finance Minister as the delay in the decision is hurting the clean image of Mr Modi’s Government.

Naavi

Posted in Cyber Law | Tagged , , , , | Leave a comment