Naavi.org

The Indian Election Commission has been suggesting that the Government should initiate measures to ensure that funding of election parties is properly accounted so that black money transactions are reduced. The present Government of Mr Modi has also shown a greater resolve than earlier Governments to tackle the issue of election funding. It is therefore time to find a proper solution to ensure that black money does not get generated in the election process.

For this issue there are two requirements that the EC and Government should address. First the artificial restriction on election expenses can be removed. Let political parties spend money as long as they account for it. Unaccounted cash expenses can be reduced to some negligible amount less than the current expenditure limits as a drive towards cash less election spending. At the same time the spending limits through digital payments which can be traced and accounted can be completely removed.

Having provided the freedom to spend the resistance of political parties to account the donations received can be reduced. Then the Government can reduce the unaccounted cash donations to some ridiculously low level of say Rs 100/-. Anything above Rs 100 has to be through digital payment system so that it is accounted. No more should an option be created for donations in cash upto Rs 20000/-.

However, the excuse for anonymous donations based on possible retribution by political opponents still remains to be tackled. Here we can adopt the time tested principles of “Privacy Protection” through de-identification of information for which ready tools are already available.

The essence of this election funding system is a “De-identification Portal for Election Funding” which runs like the “Anonymizer” as both a mobile App as well as a desktop tool. Any person who wants to contribute will open the app and will be allocated a transaction ID. The server issuing transaction ID does not know what is the amount of contribution but only maintains a mapping of the transaction ID to the Aadhar ID of the contributor or his finger print for aadhaar invocation.  The app will then connect to the payment gateway and complete the payment against the transaction ID. The Transaction ID server and the Payment gateway will both report the transaction to the tax authorities which alone will have the real identity of the contributor and the contribution. This is of course inevitable if we want to eliminate black money.

The de-identifcation transaction server can be maintained by the Election Commission or the IT auhorities. Private agencies may also be allowed to maintain such servers on a distributed service model so that the transaction IDs are handled randomly by different servers defusing the identification possibilities. There are more robust anonymization strategies through “Multi-split ID Management for anonymization” which Naavi has discussed earlier, to completely eliminate any private agency coming to know the real identity of the contributor so that there is no reason to fear any retribution.

If therefore there is a political will to eliminate black money in election process without the obnoxious suggestions such as “Public Funding” etc, here is a solution. Let the Election Commission and Mr Modi both consider this and adopt if they have the resolve.

Naavi

Five years after the Cyber Appellate Tribunal (CyAT) became dysfunctional because the earlier Chair Person retired, it is now reported that the Government may merge CyAT with TDSAT (Telecom Disputes Settlement and Appellate Tribunal).(View Report here)

According to the Government they are looking at rationalizing the tribunals and this move is keeping with that principle.

The move is at first glance to be welcomed from the point of view of reviving the dead CyAT. However, the TDSAT has so far been involved in high profile multi crore cases where as the CyAT normally handles small ticket cases in comparison. The difference in the culture of the two organizations needs to be taken note of before such a move is attempted.

Also, since CyAT is part of the ITA 2000, there will be a major amendment that would be required at ITA 2000 level and the merger cannot be a simple administrative note.

It appears that unable to find a Chair person and irked by the CAG report questioning the idle expenditure, Government has give an off the cuff answer without considring the pros and cons and more particularly how it may affect the interest of the cyber crime victims.

The TDSAT does not appear to be the forum which cyber crime victims will be comfortable with. From the Adjudicator to the TDSAT it would be a jump similar to going from a district court to supreme court. Victims would find the expense and procedures of TDSAT overwhelming.

I would urge the Government to drop the idea.

We may wait and see how the things develop.

Naavi

For some time it has been a hot discussion whether a WhatsApp admin should be held liable for the contents posted by a member.  In several places, police have launched action against WhatsApp admins in such cases. It is however heartening to note that the Delhi High Court has in a recent decision has held that the Admin should not be held liable.

(See the report here)

In Ashish Bhalla Vs Suresh Chawdhary & Others [CS(OS) no 188/2016, IA No 4901/2016,IA 8988/2016, IA 9554/2016) the High Court of New Delhi has observed “…to make the administrator of an online platform liable for defamation would be like making the manufacturer of the newsprint on which defamatory statements are published liable for defamation”.

The case has been dismissed also for other reasons. But Netizens and WhatsApp admins should be happy with the remarks recorded in the judgement.

Naavi

In what can be considered as a commendable move, the CERT IN has indicated that it will shortly set up a “Malware Cleaning Service” to the public. It is expected to maintain a botnet hosting malware cleaning tool kits which can be accessed by public on demand to clean their devices.

The botnet service would be supported by a  malware detection facility and a coordination with anti phishing facilities of Banks at least in India.

Refer Article here

Presently the information has been released as an answer to a Parliamentary question and more details are awaited.

However, according to Economic Times,  the center is being rolled out tomorrow the 20th December 2016 and a full fledged launch would be on next Monday, December 26th.

This is certainly a good move which will make CERT In relevant for the general public for the first time since its formation along with the notification of ITA 2000 on 17th October 2000. If properly implemented as envisaged, it will be a game changer in the Cyber Security domain in India with many down stream benefits.

Naavi

Recently, the Government of India announced several incentives to promote digital payments. These included 10% incentive on LIC payments. (Refer article here).

The incentives announced were for the following transactions.

1.Discount of 0.75% on petrol and diesel sold through Government Petroleum PSUs

2.Discount upto o.5% for monthly or seasonal tickets railway tickets bought online from January 1, 2017

3.  Free accidental insurance upto Rs 10 lakhs for railway passengers booking tickets online

4. Discount of 5% for railway paid services such as catering, accommodation retiring rooms etc paid through digital means

5. Discount of upto 10% on the premium in General Insurance policies and 8% in new life policies of LIC sold through the customer portals in case payment is made through digital means.

6. Additionally, it was stated that

(a) “Government departments and PSUs will ensure that transactions fee/MDR charges associated with payment through digital means shall not be passed on to the consumers and all such expenses shall be borne by them. State Governments are being advised that the State Governments and its organisations should also consider to absorb the transaction fee/MDR charges related to digital payment to them and consumer should not be asked to bear it.”

(b) “Public sector banks are advised that merchant should not be required to pay more than Rs 100 per month as monthly rental for PoS terminals/Micro ATMs/mobile POS from the merchants to bring small merchant on board the digital payment eco system. Nearly 6.5 lakh machines by Public Sector Banks have been issued to merchants who will be benefitted by the lower rentals and promote digital transactions.“

(c) No service tax will be charged on digital transaction charges/MDR for transactions upto Rs.2000

(d) For the payment of toll at Toll Plazas on National Highways using RFID card and Fast Tags, a discount of 10 per cent will be available to users in the year 2016-17.

These were not only welcome measures but were required since Government was actually pushing people to digital payment system which is known to be more risky than cash payments. While we can argue for the economic benefits of the cashless society. when the Government forces people to a certain system of Governance as a transformation from the current system, any additional cost impose will amount to “Tax”.

Hence while the incentive were necessary for bringing in more users into the system, it was mandatory for the Government that no new additional financial burden is imposed on the customers by virtue of transforming one self from cash payments to digital payments.

It is however observed that LIC has actually introduced new charges for online payment of premium which was not there in the previous years. It appears that the charges are being levied for Credit Card payments but not for Debit Card or Internet Banking payments.

This practice does not seem to agree with the Government’s intentions of promoting cash less society since payment through a debit or credit card is not the concern of LIC since it anyway receives its payment immediately. If the customer wants to pay it out of his savings or from credit card borrowings should not affect the insurance contract which is “Covering of a risk for payment to a consideration?”. Using the opportunity to disincentivise credit cards is an “Unfair Trade Practice” and needs to be discontinued forthwith.

Further it is also necessary for the Government to completely withdraw Service Tax from all digital payments and not upto only transactions of Rs 2000/-. Where digital payment services are used for larger payments, most probably it would be for payment of other goods and services for which taxes have already been levied. Collecting the  service charges for paying out of digital means instead of cash is a direct levy for the digital transformation. I therefore request the Finance Minister to withdraw the service tax on all digital transactions immediately without waiting for the budget.

Last but not the least, since the Government is pushing citizens into a higher risk domain in digital transactions, its silence in not reacting to the RBI failing to confirm its “Limited Liability Circular” of August 11 is not acceptable.

Mr Arun Jaitely seems to be unaware of the implications of RBI not confirming the circular which was first issued as “Draft for Public Comments” and not further re-issued. I wish the finance ministry takes note of this and advise RBI to confirm the circular without any further delay.

Naavi

The story of the former Tamil Nadu Chief Minister Ms J.Jayalalitha’s hospitalization and the mysterious secrecy that shrouded her treatment has now become a topic of discussion on what is “Privacy” in the context of health care in India.

Initially, there was a silent appreciation that Apollo hospital was committed to patient information privacy when no information leaked out of the hospital about the health condition of Ms Jayalalitha. But when arrests were made on any person who publicly wondered what has happened to her, it was clear that the “Confidentiality” concern had turned into some thing more sinister. The attempt was to suppress the information about her health by the force of the law enforcement.

If rumours could cause law and order problem and hence the health information needed to be kept confidential, for the same reason health condition of Ms Jayalalitha was a matter of public interest and the “Confidenitality” or “Privacy” was not sustainable because of the over riding “Public interest”.

Now there is a serious doubt that extends to the charge that perhaps Ms Jayalalitha was murdered and if so the hospital authorities would be considered as “Accomplices”.

It is unfortunate that apart from the doctors of Apollo hospital, there were doctors from AIIMS and one London doctor who were also privy to her health condition and have played along the tune “She was recovering”. They will now be considered as also accomplices if things take an adverse turn.

The fact however is revealing.

Ms J. Jayalalitha, fondly addressed by her followers as “Amma”,  was admitted to the Apollo  hospital on September 22nd, 2016 on what appeared to be some simple health problem of dehydration and fever. Then she continued to be treated until she was put on ECMO and Ventilator and perhaps a dialysis machine simultaneously indicating a dead heart, dead lungs  and dead kidneys.  However no proper health information flowed out and all health bulletins said that she was “recovering” and close to being “Discharged as a living individual”.

People were naturally left shocked when finally she was declared dead on the night of 5th December 2016.

After her death, an e-mail leak of the NDTV journalist Ms Burkha Dutt has surfaced. The email clearly indicates that there was a clear

ground to believe that there was wrong medicine administered to her to worsen her diabetes condition. When she was admitted to the hospital, she was perhaps in a serious condition because of the wrong treatment for diabetes leading to failure of some of the organs and internal infection. Apollo may claim that they were not responsible for this but they definitely had no business to hide it from their medical bulletins.

Apart from this prima facie evidence of what can be loosely termed as “Causing death by negligence”, some of the relatives of Jayalalitha have complained that they suspect some wrong doing and also that the hospital failed to allow them to meet the patient during the last few days. They even conducted a second funeral for her in Srirangapatna holding her burial unsatisfactory last rites.

It is therefore now obligatory on the Government to conduct a thorough investigation to find out the truth. However, considering that the death of a king is always to be suspected to have been caused by the successor, and the prime suspect in this case as per the relatives of Jayalalitha is her potential successor, the investigation cannot be trusted under the hands of the Tamil Nadu police. It has to be handled by CBI and using officers who are not from TN cadre to avoid conflict of interest.

During the days when Jayalalitha was in the hospital, several decisions were taken under her name as part of the Government decisions including one on which her finger print was supposed to have been applied. A forensic investigation on the finger print would reveal if it was a finger print of a living person or a person whose blood circulation and sweat glands donot indicate life. There must be all the medical records and statements of the staff including that of the man political leaders who visited her which all should be collated as evidence.

If any evidence is missing, then it would corroborate the offence and call for additional charges of destruction of evidence and obstruction to justice.

The primafacie evidence indicates that Apollo hospital is in the docks.

Under health care privacy we always say that when the patient is in a mental condition in which he/she is not capable of taking a rational decision, the “legal heirs” have the right to assume charge and the attending physician needs to provide the health information to them. In the instant case, Apollo authorities seem to have decided that “Ms Sasikala” was the “legal heir” to Jayalalitha.

It will be interesting to see how the Supreme Court will interpret this aspect. If a close political associate can be considered as the “Legal Heir”, then in any business concern, if the Managing Director dies or is in a serious condition, it would be the “Deputy Managing Director” who will be considered as the “Legal Heir” to whom the health information would be trusted and not the son, daughter or the kin of the patient. The action of Apollo is therefore unsustainable in law and this may make Apollo a co-accused in witholding heath information from the blood relatives of the patient. The daughter of Jayalaitha’s sister by name Ms Amrita  and another cousin by name Deepa have claimed rights as the surviving legal heirs.

Law cannot be changed just because in this case, the political interests are involved. If Deepa and Amrita are the surviving legal heirs, law should determine not only the inheritance of the deceased wealth, but also answer the question why Apollo did not take instructions from these persons during the stage when the patient was not in a mental condition to provide any “Authorization”.

India is now on the verge of framing a law for “Health Care Data Privacy and Security”and it should address situations such as these in no uncertain terms.

Naavi