Naavi.org

This article is a response to the article today in Economic Times by one Ms Namita Wahi, of the Center of Policy Research.

The article appears to be an attempt to influence the Supreme Court which is hearing the PIL and is known to be hostile to the current Government dispensation due to the ongoing controversy on Judicial appointments. It has to be therefore flagged as an unethical act of journalism on the part of both the author and the publication.

I therefore record my strong objection to the article and its intentions.

It is well known that corruption is not unknown in Judiciary. In fact many ex-Supreme Court Justices have vouched in the past brought out the unsavory play of corruption even at the Supreme Court level. It was during the days of Indira Gandhi that Supreme Court was compromised with the superseding of judges to protect the emergency and the stigma has not been completely removed till date. Even now there have been recent incidents that have raised eye brows.

For example, when a High Court judge opts to mis-total an arithmetic table and releases an influential Chief Minster from jail and the Supreme Court allows the appeal to linger on for 6 months (to let the convicted die peacefully outside the jail and the supporters of the convicted canvas for a “Bharat Ratna” award),  the citizens of India do get a signal that atleast some of the so called “Black Money” may be in the hands of past and present judicial members including those working in the respected highest court of the land. In this context, there could be some in the Judiciary who may be itching to at least make provocative comments against the Government to gain some brownie points with the similarly minded press. There may also be sufficient urge  to pass orders couched in the language of “Freedom of Expression”, “Protection of Fundamental Rights” etc to over turn normal executive orders instead of helping the executive to correct its mistakes if any and achieve objectives that are beneficial to the country. We are aware how the scrapping of Section 66A was influenced by media campaign which was gladly lapped up by the Supreme Court and converted into an erudite judgement on Freedom of Speech though it was a completely misplaced interpretation.

We therefore need to ensure that articles such as that of Ms Namita Wahi in leading publications such as Economic Times are not used as tools by the corrupt politicians led by equally corrupt politician advocates to give an excuse to the Judiciary to intervene in the de-monetization issue.

I donot believe that the Supreme Court would be naive enough not to see the upheaval that may be caused in the country if it decides to intervene and over turn the demonetization decision since it has a lot to cover for charges of its own corruption and nepotism in the Judicial appointments. It may however make some adverse comments just to feel that it has done its bit to embarrass the Government.

On the other hand, I urge the Supreme Court and the intelligentia to help the Government tide over the practical difficulties involved in the implementation of the demonetization scheme. People who have been involved in the illegal note exchange scheme both in the Banking system and elsewhere need to be identified and punished along with their political masters who are the root cause for the shortage of currency we see in the general market today.

I have already suggested some measures both to ensure that the obstructive measures of the opposition parties are thwarted as well as to improve the security of digital payment system and protect the interest of the public.

 I would greatly appreciate the Supreme Court if it chastises the Government for

a) not introducing a whistle blower scheme to make public bring any illegal note exchange activities in the Bank or elsewhere to the knowledge of the Government authorities in such a manner that even the Tax authorities are not selective in taking corrective action

b) not providing more incentives for digital payments including complete abolition of “Service Tax” on all digital payments ..even beyond Rs 2000/-

c) not ensuring that the RBI’s limited liability circular of August 11, 2016 is operationalized

d) not introducing a Cyber Insurance Scheme for the public

If the Supreme Court bench hearing the case can push the Government to take such actions expeditiously, the public in India will continue to respect the Judiciary. Otherwise, there is a danger that public will get disheartened that corruption is too deep routed to be disturbed even by Mr Modi.

Naavi

(P.S: More on the legal issues involved addressed in the follow up article)

In discussions on “Privacy” we often debate how can the service provider use my data for purposes which are commercially beneficial to him but I am neither aware nor benefiting from such usage.

The general principle of all Privacy legislations is that the “Data shall not be used nor disclosed by the processor except as authorized by the data owner or otherwise provided under law”. Data owner often signs a contract with the data collector in which the data collector discloses his privacy policy detailing why he is collecting the information, what he will do with it etc. Once this contract is accepted by the data owner by say “Clicking on the I accept button”, it is deemed to be a consent and it will determine all further rights and liabilities.

In India “Click Wrap” contract through an “I Accept button” is not recognized in law and hence all such consents only become “Deemed consent” which is “Voidable” at the option of the customer at least as to some fine print clauses of the standard contract.

Under these circumstances, if the data user had over stepped the consent terms and used the data for commercial exploitation, the data owner normally could only grumble without a proper legal remedy.

It appears that now there is a new door being opened in the Privacy legislation in India applicable to “Health information” which is also a “Sensitive Personal Information” under ITA 2008.

The recently amended EHR guidelines released by the Ministry of Health and Family Welfare which is a pre-cursor to the Health Care Data Privacy and Security Act make a categorical statement that

1. The contained data which are the sensitive personal data of the patient is owned by the patient.
2. The medium of storage or transmission of such electronic medical record will be owned by the healthcare provider.
3. The physical or electronic records, which are generated by the healthcare provider, are held in trust by them on behalf of the patient

This provision actually lends substantial strength to the “Consent” by not only making it a part of a Contract under the Indian Contracts Act but also introduces the element of possibility of “Breach of Trust” if the data user uses the data other than as provided for in the consent.

Though the EHR does recognize the national interests in denying some privacy rights (which we shall discuss in a subsequent article), the use of the term “Data is owned by the patient” makes a strong case for legal interpretation of “Data” as “Property” and all the rights associated with it including the right of the data owner to place a price on it. If the data user makes any substantial profit out of aggregation of individual data, it would therefore be reasonable to expect that part of the commercial benefit arising thereof should go to the data owner.

This concept though laid out specifically in the case of health data, should be extendable to all types of data including financial data.

It would require some time for understanding the full implications of this concept in the era of data analytics and data aggregation over IoT devices and a multitude of platforms.

Naavi

RBI has clarified that any unreturned notes of denominations of Rs 500 and Rs 1000 will remain as unclaimed/claimable liability on their balance sheets but will not be transferred to Government in the form of dividend. It will therefore remain as a “Special Fund” arising out of demonetization.

I would like to draw the attention of the RBI as well as the Government and the Courts in India, besides the public that on August 11, 2016, RBI issued a circular stating that under certain circumstances the victims of card frauds would have zero liability.  Banks were mandated to send SMS alerts and victims were required to inform the Bank about any unauthorized transaction after which there would be no liability for the card holder.

This circular was marked as “Draft for public comments” and August 31 was the last date for such comments. Until now there is no further information on the circular.

On 1st December 2016, the undersigned has sent a letter to the Governor of RBI (Copy available here) under copy to PM and FM. The letters have been received at the destination on 3/12/2016 in Delhi and 5/12/2016 at Mumbai by the respective addressees as per speed post delivery information.

As mentioned in the said letter, in view of the silence of RBI, it is deemed that the circular of August 11th 2016 on limited liability is now operational.

As per the circular, Banks have to publish their policies on how they will handle delayed reporting of fraudulent transactions. Banks are also responsible to institute that SMS alerts are sent mandatorily to all card customers on the transactions irrespective of the amount. Also since most of the times the dispute with the Bank is on the sending or not sending of the alert SMS, Bank need to assume the responsibility for providing necessary evidence as and when required.

As regards the customer reporting the fraudulent transaction, Naavi will provide assistance to the victims to record their notice so that Banks cannot repudiate such notices having been received by them through the services of ceac.in and cyber-notice.in.

These services will be provided free of charge until 31st January 2016 or until further notice whichever is later.

If a proper service has been sent to the respective Bank and it continues to dispute the return of money to the victim customer, the victim may consider taking legal action not only for recovery of the dues but also for harassment etc.

We hope that victims will make use of such services so that the expected spurt in the cyber frauds following the recent demonetization and special thrust for digital payments does not result in personal losses for the newly converted digital India enthusiasts.

In the meantime, since Banks will raise a dispute of their own that RBI is responsible for the draft circular contents, (since it has not been clarified that the circular is now operational) RBI may have to assume the liability on behalf of the banks. We therefore suggest that RBI may create a “Cyber Fraud Insurance Guarantee Fund” on the lines of  DICGC and utilize the special reserve created out of the un returned notes as a seed fund. Further Banks may be required to pay upto say 2% of their card liabilities on a monthly basis as fees and build up the necessary fund base for this guarantee fund.

I draw the attention of the FM and PM to facilitate such a move.

I request my friends in Mumbai and Delhi to file appropriate RTI applications to know what follow up action has been taken by RBI/FM/PM on this issue.

Naavi

In the last few months, there have been many start ups in Bangalore and elsewhere who have introduced many mobile app based services in Health Care industry. Some of them have ventured into areas which may come under the provisions of the Pharmacy Act 1948. (Refer here under the link Rules &Regulations). Some of  these Companies are functioning as e-Pharmacies who need to also keep an eye on the effect of the “Pharmacy Practice Regulations 2015” on their business activities.

Additionally the pharmacists will also be subject to the proposed Health Care Data Privacy and Protection Act. (Refer www.hdpsa.in) .

According to the Pharmacy regulations, registered pharamcists need to maintain medical/prescription records pertaining to a period of 5 years. He should be in a position to make it available on demand by the patient/authorized attendant. Pharmacist is bound to maintain “Privacy” of patient information and the associated security when the information is maintained in electronic form.

The critical aspect of the regulations from the perspective of the App developers is that the definition of “prescription” takes cognizance of e-prescriptions.

The definition states, “Prescription” means a written or electronic direction from a Registered Medical Practitioner or other properly licensed practitioners such as Dentist,Veterinarian, etc. to a Pharmacist to compound and dispense a specific type and quantity of preparation or prefabricated drug to a patient.

The “Electronic direction” is considered as an “e-prescription” and meet all the requirements of a written prescription.

The requirements of a written prescription include the following:

Prescribers office information – [Name, qualification, address & Regn. No.]
(ii) Patient information – [Name & address, Age, Sex, Ref.No.]
(iii) Date
(iv) Rx Symbol or superscription
(v) Medication prescribed or inscription
(vi) Dispensing directions to Pharmacist (or) subscription
(vii) Directions for patient [to be placed on lable]
(viii) Refill, special labeling and /or other instructions
(ix) Prescriber’s signature and licence (or) Drug Enforcement Agency (DEA) number as required.

Hopefully, the e-pharmacies and e-prescription app developers take these into consideration before the department starts questioning them on the legality of their activities.

Naavi

Today I visited the following 5 Bangalore One centers in South Bangalore

1. Srinagar (Ramanjaneya Road)
2. Srinivasanagar (80ft Road)
3. BDA complex, Banashankari II stage
4. .N.R.Colony
5. BBMP office near Ashoka Pillar

with a request to get my finger prints updated on my Aadhar card.

Unfortunately, in none of the offices the aadhar service was open. In some offices, there was a board put up that the service was temporarily suspended. Being Sunday, there appeared to be only a few employees who were in the office attending only to other activities. They were not authorized to handle Aadhar activities.

The impression I got was that Bangalore One as a policy is trying to shy away from Aadhar based services for some reason. I would request the e-Governance department of Karnataka to check and find out the reason.

On the basis of my enquiries it appears that UIDAI or the Government has mandated that those who man these counters need to pass an examination and get certified. This ofcourse is a good move and has to be supported. However, in the process, there appears to be shortage of manpower with the requisite certification. Probably the certified workers would require to be paid a little extra compared to people in the other counters and this needs to be handled by the Bangalore One agency.

Whatever be the reason for closure of Aadhar services, it is necessary that the e-Governance department of Karnataka conducts an audit of all Bangalore One offices and ensure that the services are restored immediately.

Also in none of the above 5 offices there were officers to supervise and there was no security for the one or two ladies who were working there along with significant cash holdings. This is a security risk being imposed on these people.

Naavi

[I am one of the vocal supporters of the Modi’s initiatives on Note ban and other measures. However, it is necessary to bring instances such as the following to the attention of the public since they indicate the unknown risks that Mr Modi is taking in a bid to push his Digital India agenda. Before the opposition takes advantage of such comments and the media takes it up for discussion, I wish that the Modi Government to take corrective action.  Unfortunately, Mr Modi is not only fighting with the corrupt elements in other parties but also the bureaucracy. Hence many of his efforts are derailed by deliberate mismanagement by subordinate officers. Nowhere is such doubt more glaring than the 2G scam tainted DeITy. I therefore urge Mr Modi and Mr R.S.Prasad to be doubly careful since there are many bureaucrats who may be waiting for an opportunity to put spokes in the wheels of development…Naavi]

Today, I went to one of the Jio dealers to get a new Jio SIM with aadhar based KYC. After Aadhar registration was done by me several years back, for the first time, I saw a vendor using aadhar KYC and I was happy.  In fact this was the first time my finger print was tested against the Aadhar data base for authentication though my Aadhar number has been taken for KYC purpose at several places with a photocopy of the aadhar card/letter.

Unfortunately however, in this first attempt at authentication, my finger prints did not pass through successfully despite multiple attempts and the vendor said that I need to re-register my fingerprints with UIDAI . In my presence, another customer was authenticated and hence there was no problem with the vendor’s device and it was a denial of authentication at the server level or at an intermediary authentication service provider.

This meant that I suffered a “Denial of Service” from UIDAI which is an offence under Section 66 of ITA 2000/8.

Further I got a doubt that if my finger print is not showing up against my Aadhar number, then which other finger print might have been mapped with my aadhar number and if so, does it mean that there is a “Hacking” of my aadhar records, which is another offence under Section 66. Both warranted an immediate police complaint.

In the meantime, I checked the finger print again with another Jio vendor and to my great relief, I was successfully authenticated. This at least relieved me from the doubt about my aadhar data had been hacked but still my dissatisfaction on “Denial of Service’ remained”. The incident meant that the e-KYC has still not become as reliable as it should be.

I therefore request UIDAI authorities to make public statistics of “False Negatives” and if possible “False Positives” from their experience. If necessary, UIDAI should conduct a massive testing to identify if the false negatives and positives are within reasonable limits. This is a duty that UIDAI owes to the public.

Secondly, CEO of NITI Ayog recently brandished a Micro USB connected finger print reader for Android phones in a TV program. I tried to check its availability on the online stores and could not find it either on Amazon, eBay, Snapdeal or Flipkart. Showing the device he was promoting the use of digital wallets connected to e-KYC.

However, my experience on the unreliability of the e-KYC should raise a red flag on the digital push that Mr Modi is personally spearheading.

I request PMO and DeiTy to let me know  what action they would take to improve the reliability of the e-KYC and reducing the false negatives such as what I experienced today to the bearest minimum. For this purpose we first need the metrix and DeiTy needs to arrange for a pan India survey in this regard.

Naavi