Naavi.org

ISMG India carried a report on the Prepaid Instruments recently which has been reproduced here.

Refer for more details here:

Naavi said in this context :

While MeitY has prescribed guidelines, security practitioners have offered other ideas. “The current authentication methods are highly OTP-dependent – whether passwords, aadhaar or e-sign – and don’t ensure complete secured transactions, as they are vulnerable,” says cyber law expert Naavi Vijayashankar of Cyber Law College and Ujvala Consultants. “New authentication systems must be built that circumvent risks with the current form of aadhaar-based authentication.”

“… that while common security measures include passwords and multifactor authentication, issuers must remember the focus of any business, and therefore its information security policy, is protecting the user from consequences of unauthorized access or denial of access.”

“….that practitioners consider risk assessment from multiple perspectives, including securing information from unauthorized access, data integrity and denial of access; protecting organizations from liabilities due to a security breach that could result corporate executives being charged civil and criminal liabilities; and protecting users from adverse consequences of a breach via cyber insurance .”

“…breach reporting is important and the central monitoring authority should possess such information to understand industry-wide risks.”

Naavi

The news about WIPRO retrenching some employees has caused a slight stir in the minds of many aspiring Engineering graduates about the future of their employment prospects. Though the number of retrenchments in WIPRO is by itself not a large number compared to the strength of its work force, it does give an indication of the direction in which the IT job market seems to be moving.

It is possible that this trickle may gather momentum and other companies also start shuffling their work force creating a crisis in the IT workforce and large scale unemployment of computer savvy workforce.

There is a need for Cyber Space watchers to recognize that when techies start losing jobs, the possibilities of at least some of them getting into deviant habits are very much real since they have the necessary skill sets to create “Cyber trouble”. Some who run short of cash for their genuine needs may turn to providing online support to the cyber underworld in the form of writing malware codes or spamming or acting as virus droppers.  Some may use the time to reignite their previous jealousies and personal vengeance on others which may manifest in more of crimes like hacking of face book profiles, defamation and even “Glassdoor Attacks”.

In general, the Cyber Crime incidence in India may increase if the job losses occur in IT industry. This is more so since some of the job losses will be in the mid level workers with experience and financial commitments as they are replaced with the low cost freshers.

Some of these job losses are also triggered by the “Protectionist” attitude that is growing in the US and other markets. Consequent to the Visa restrictions imposed by USA  and possibly more to follow if the trend spreads to Europe. Mr Trump has been clear in his approach that he wants Indian IT companies to create more jobs in USA rather than exporting manpower from India and this certainly means that the growth prospects for Indians working in USA will dwindle.

In this context we can recognize that just as frustration of youth in the Kashmir Valley can be the reason for them turning into “Stone Pelters”, the frustration if it grows in the Cyber Workforce in India could create a situation where Indian techies may start turning into “Cyber Stone Pelters”.  Hence keeping such skilled workforce from not falling prey to negative thoughts and keeping up a positive motivation is the challenge before us.

Both from the point of view of maintaining the IT prosperity in India and not creating a fertile ground for Cyber Criminal workforce to increase, we  have a need to find solutions to reduce the impact of IT job losses that may hit the Indian IT companies in the next few months.

The  one obvious thought is that the situation indicates that  India’s IT development will be more dependent on the outsourced business than it has ever been in the past.  If Indian IT companies have to reduce their work force in USA or cannot expand its present workforce working onsite, to meet the future growth, the only solution left for them is to replace the current work force or the future potential with a “Virtual Workforce”.

But Mr Trump may be pushing the US IT companies to increase jobs in the IT industry which may force them to bring pressure on Indian IT companies to recruit more locals in US to replace the Indian workforce presently working onsite. Additionally, jobs in the IT industry is also being affected adversely by the  increasing levels of “Automation” which also may eat up some jobs and we need to address this issue as well. Hence there is a challenge for replacing the current workforce of Indians working in US with a virtual workforce without losing the business.

We therefore need to find innovative solutions to ensure that there is no job loss despite the new developments in US, Europe or elsewhere.

The problem that Indian IT companies are facing now have been partially created by the policies of the IT companies in the past giving more emphasis to “Body Shopping” rather than “Skills Marketing”. The industry has today built its business model on “Number of Billable Heads” rather than “Measurable Outputs”. It is now time for Indian companies to start changing the narrative of their business offerings from “We offer so many heads at xx dollars per hour” to “We offer the solution at a cost of xxx dollars per month”.

I therefore call upon the IT industry to start a new generation of BPOs where the concept of “head count based billing” is given a go by and only “measurable service units based billing” is adopted.

This apart, there is a need for Government to provide some additional incentives for the BPO industries to be more competitive on the basis of “Solution Offerings”. The proposed new Data Protection Act of India will be one policy decision where the Government action will affect the industry either positively or negatively and hence it has to tread carefully when the new law is introduced.

Naavi

Indian Corporate world exposed to any form of data processing involving a member of the European Union including the countries which have exited recently (Like Britain) or those who may exit in due course (Say France?) are keenly watching the impact of the General Data Protection Regime (GDPR) which has come into force as a replacement of the well known “Data Protection Act” of these countries.  GDPR has been enacted as a “Regulation” and will be applicable from 25th May 2018. We are therefore in the transition period where the Companies in EU as well as those who are in India and processing the personal data of EU citizens either with a direct interaction with EU based companies or with US companies working in EU are re writing their data processing contracts to be in line with the GDPR.

25th May 2018 is not too far considering the criticality of the task and the need to check and double check whether the companies are on the right track.

Indian Companies get exposed to GDPR firstly through their data processing contracts and secondly through their own activities. The data processing contracts are expected to have performance requirements meeting the standards of GDPR and also an indemnity to compensate the vendor company for losses arising out of non compliance. If the Indian Company is directly operating in EU then it is directly exposed to the compliance requirements through its office in the EU.

Additionally, we expect that India will have its own Data Protection Act by 25th May 2018 which will impose responsibilities similar to GDPR and will also endorse the need to uphold the contractual obligations as if it is a legal obligation in India. This provision already exists in ITA 2000/8 and with or without a reiteration in the new proposed Indian Data Protection Act, the agreement with an international vendor to comply with GDPR becomes a statutory obligation under ITA 2000/8 also.

It is in this context that we need to take a serious look at two of the Articles of GDPR and understand how GDPR may apply to Indian Companies.

The first article that we need to observe closely is Article 3, which is on Territorial Scope of GDPR.

The Article states as follows.

Article 3: Territorial scope

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

The first clause of this article is relatively straight forward.  This states that “In the context of activities of an establishment” which involves processing of personal data, the regulations are applicable whether the processing itself takes place in the EU or not.  This means that even when the data is outsourced or the establishment itself maintains a processing center outside EU, it is still under the scope of this regulation. Such an organization is therefore exposed to the possibility of imposition penalties that the GDPR envisages which as we know extends upto 4% of global turnover of the company.

Such companies will therefore impose clauses in their outsourcing contracts which will require the sub contractors indemnify the company for any losses caused by them due to the non compliance of GDPR. The contracts will be deemed to also impose the responsibilities of a “Data Controller” as envisaged in the GDPR on the Indian Sub Contractor whether it is explicitly stated or implicitly meant.

Considering the huge liabilities envisaged in the GDPR, an open indemnity may be a proposition that will drive any Indian Company including the bigger and the biggest of them to insolvency if any major data breach occurs that results in imposition of penalties under GDPR.

Indian Companies need to therefore check what are the compliance requirements and how they should plan to implement them. They should also check if there are any exemptions and how they need to handle the conflicting aspects of Indian law under which they operate such as the existing ITA 2000/8 or the proposed Indian Data Protection Act. Additionally, they need to obtain appropriate Cyber Insurance that will add to their costs by at least 1 to 1.5% of the potential liability. Since the potential liability is indifferent to the value of the contract the cost of insurance in terms of the revenue generated by the contract can be many times more than 1.5% of the contract benefits.

Hence the Indian companies need to take the impact of GDPR seriously before taking up EU contracts. If the risk is not worth it, smaller companies need to withdraw from the contracts that impose indemnity against GDPR liabilities. Larger companies like Infosys or Wipro or TCS need to fight it out with the vendors for at least covering the Cyber Insurance costs.

Additionally, according to Article 3(2), any Indian Company which offers goods or services to a data subject in EU or monitors their behaviour is directly liable under GDPR as a “Data Controller”.

“Offering” goods and services may occur if the Company maintains a website through which online services are offered which can be availed by EU citizens. “Monitoring” of behaviour may also occur in such cases and also by companies which are engaged in data mining on a global scale. If such companies have not taken the precaution of including the “GDPR Exclusion Clause” as proposed by Naavi in their web site policies and contracts, then they are open to being held accountable under GDPR.

Assuming that such companies have no office in EU nor any representative (Required to be designated under (Article 27), still action can be brought in India either under the existing ITA 2000/8 or under the proposed Indian Data Protection Act and hence the risk of GDPR penalties may have to be addressed even by them.

In case of non compliance of an Indian Company it  would be liable for the consequences and is also answerable to its share holders.

Such Indian companies may process the data within India or outside India. If they are storing the data within India or even otherwise, they would be exposed to the possibility of an Indian law enforcement authority issuing/executing a search warrant for seizure of the data which may amount to “Disclosure”. In certain cases, Judicial authorities may order disclosure of some data which interalia involves disclosure of personal data belonging to the EU citizen.

In such cases, we need to also observe the impact of Article 48 which states as under.

Article 48: Transfers or disclosures not authorised by Union law

Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State, without prejudice to other grounds for transfer pursuant to this Chapter.

What this Article implies is that a company subject to Indian law will be in conflict with the jurisdiction of the Indian Courts  because of  a contract  it might have signed with its business partner who is bound by the EU regulation.

It may be noted that this Article is not simply a choice of “Jurisdiction” in a contractual agreement. On the otherhand it renders the Indian Courts impotent.

This Article also introduces a confusion since the general principle of Privacy does provide right to the law enforcement agency and Judiciary to intrude on certain circumstances.

GDPR does permit some exemptions under the “Right of a Data Subject” for reasons such as national security, criminal investigation etc. So it appears difficult to comprehend that  Judiciary has no right even after a trial having been conducted and arriving at a judgement.

We therefore need to interpret this  Article as applicable only if the data has to be released by an organization which is under the jurisdiction of the Eu Courts and not companies which are under the jurisdiction of the Indian Judiciary whether they process EU data or not.

Probably the confusion could have been avoided if the Article had specified that it is not applicable to data processors who are established outside the Union or that it was not in derogation of the rights of the Judiciary of the country in which the data controller operates.

The option now before the Indian authorities to reduce confusion is to introduce an appropriate clause in the proposed Indian Data Protection Act which is on the lines of Article 23 where the member nations are permitted to introduce laws that may impose restrictions on the rights of data subjects in cases of National Security, Defence, Public security etc.

Naavi advocates that a provision be made in the Indian Data Protection Act that

“No international agency can launch any legal action against an Indian company except through the Indian Data Commissioner.

This would be a protective umbrella for Indian companies to be protected from frivolous threats from outside India.

This is not to advocate that Indian companies need not follow privacy protection. In fact GDPR does have good provisions for Privacy protection which is good to be implemented even by Indian companies. However, it is desirable that the Indian Data Protection Commissioner takes the responsibility for disciplining the Indian Companies rather than a EU Data Commissioner. Hence it is necessary to provide a statutory protection for penal action to be restricted through the Indian Data Commissioner’s office only.

I request the MeiTy to take this into account while drafting the new law.

Naavi

In a first decision from the Adjudicator of West Bengal, an order has been passed against an estranged husband who spied on his wife’s phone using “Team Viewer” software.

See Report 

According to the report, the husband had installed a “Team Viewer” software on his wife’s phone and extracted certain Chats which were produced in a divorce suit to prove her disloyalty.

The Adjudicator, (IT Secretary Mr Talleen Kumar) has considered this as a violation of the wife’s privacy and ordered payment of Rs 50000/- as penalty.

Firstly, we congratulate Mr Tallen Kumar for his first decision as Adjudicator of West Bengal. I am aware that there are other cases pending before him they would also perhaps see the light of the day.

At this point of time it is difficult to say that the husband will be too unhappy with the verdict since his case in the matrimonial court may continue. Being a matrimonial Court,  the question of whether the evidence produced for proving the disloyalty of the wife remains valid may be separately debated.

If appealed, this could be the first fresh case to be referred to TDSAT in its role as the new Cyber Appellate Tribunal under ITA 2000/8 and would test TDSAT on how it handles a Cyber Case. However, this does not appear to be a fit case for appeal and hence it may not have the privilege of being referred to TDSAT.

The other point that is to be noted is that “Team Viewer” software normally requires a confirmation from the destination computer for access. However, there is a feature called “Unattended Access” which if activated would provide access to the destination computer without popping up a consent screen each time.

One of the news papers has referred to the Team Viewer software as a “Virus”, and this should set the software manufacturers (Team Viewer GmbH) thinking of how to prevent their genuine and useful software be tarred with the image of a “Virus”.

This leads to the question of how to make a software “Cyber Law Compliant” and should be a lesson to all the software manufacturers.

Naavi

Copy of the Judgement

[According to the West Bengal Government website, as of 4/4/2017, Mr Tallen Kumar was indicated as Principal Secretary, Paschimanchal Unnayan affairs Deptt,  and Dr. Krishna Gupta, was the Principal Secretary of the department of IT & Electronics.  Probably Mr Kumar might have been transferred after delivering this award. The judgement seems to have surfaced in the last two days, almost 2 weeks after Mr Tallen Kumar ceased to be the Adjudicator. No date appears on the copy of the judgement except the date 26/11/2014 which obviously is the date of complaint. ]

P.S: According to one reaction to this article, Team Viewer was not used. My note above is based on Telegraph report and I am awaiting further information on this.. But the award confirms the use of Team Viewer and also a cloud storage facility syncdroid.org. Probably it was not the Unattended access of Team viewer that was used but the back up on syncdroid to get the information that is held as unauthorized access. … Naavi

It is ridiculous that Times Now Group thinks it is smart in issuing a legal notice to Mr Arnab Goswami that he should refrain from using the phrase “Nation Wants To Know” on which Times Now claims an “Intellectual Property Right”. (Refer here).

At this point of time, it is not clear that the restraining notice is only on Mr Arnab Goswami or on the whole world and if so it is for the entire phrase along with a certain intonation and voice modulation and whether it applies to written text, voice, TV etc.

Just because Mr Arnab used to use the phrase often while on the news program and made it popular, it is not automatically possible to consider that an exclusive “Intellectual Property Right” is created for the owner of the channel. The first thing to settle is whether the claim is for Trademark or Copyright  or some other IPR.  Since the program was named “News Hour” and not “Nation Wants To Know”, there cannot be a trademark right associated with the phrase. The most obvious choice of the type of IPR is therefore the Copyright.

Mr Arnab is not the only person who used the term “Nation Wants to Know” but since he was the anchor of the channel, he did speak out the phrase several times a day and made it popular. Was the creation of the value an accident? or was it a “Literary Work” created with the use of “Intellect” of Mr Arnab?… are questions to ask before applying the Copyright Act.

It is also necessary to ponder whether  the employment contract between Times Now and Arnab mention or even envisage the possibility of copyright on different phrases used by the news readers and anchors? If so, can Ravi Shastri (or on his behalf Star Sports) claim similar rights on “The Ball Goes to the fence like a Tracer Bullet”? “Can Sidhu ( or on his behalf Star Sports) claim rights on all the Sidhuisms that he introduced?..are some of the questions that pass in our mind.

I remember one of our lecturers in the College saying “OK” after every sentence and we used to enjoy counting whether he will hit a century of “OKs” in one lecture hour. If Times Now was the college authorities, they would have perhaps claimed copyright on “Saying OK” and claim royalty on others using the word.

Yes… the Court will spend its valuable time on this trivia for days on end and in the next couple of years give out its wisdom. Probably the Court will reject the claim of Times Now or the matter becomes irrelevant with the passage of time.

But it is time that the public in the meantime pull up Times Now for the arrogance they have shown in trying to gag Mr Arnab Goswami of spoken words which is actually an assault on his freedom of speech and expression. If the thought to be expressed is that the” Nation wants to know”, except to substitute the word “Nation” with say “Country” or “Wants”  with “Desires”, there cannot be an alternative. If every news anchor has to stop using all his popular phraseology once he moves from one channel to another he will have to always carry a thesaurus in his pocket.

Legally, there is a provision for “Compulsory Licensing” and the Government should come forward to issue a notification that the phrase “Nation Wants To Know” is too generic an utternace that it cannot be a subject matter of “Exclusive Copyright”. The objective behind the provision is to provide for the mechanism to prevent the abuse of monopoly by the copyright holder and to ensure that the general public is not deprived of the copyrighted work, solely because of the unreasonable demands of the copyright holder. Normally the “Compulsory Licensing” is applied where a “Copyright” is recognized and the owner is preventing the use of the copyrighted property by the community.

In the current instance, the principle to prevent abuse of law is very much relevant.  But  in the instant case, we need to reject even copyrightability of the phrase and not go into the discussion of “Licensing”. We need to declare that “Nation Wants To Know” is a generic phrase in the language which cannot be copyrighted.

While the Court has a power to come to such a conclusion in due course, and probably it will, it should be explored if the Government can bring in an explanatory notification to clarify that Copyright Act does not extend to such phrases (I am not sure if it can be called a phrase in the normal English Grammatical usage).

Alternatively, pressure should be brought upon Times Now to withdraw its stupid claim of intellectual property rights through a social media campaign against Times Now and by consumers boycotting products advertised on Times Now channel.

We have seen in the past some equally objectionable copyright claims by the music industry including that a record cannot be played aloud for multiple persons to hear at the same time . (Remember the ad where two people listen to a song sharing the ear pieces?….it is copyright violation). It is this tendency to abuse the law that makes Copyright law lose its respect.

I am certain that Mr Arnab will ignore the notice and the controversy will fizzle out. But it would be better if Times Now itself withdraws  its notice and apologize to the public for trying to misuse Copyright law pursuing its vengeance on an outgoing employee.

Probably an online petition should be started with the theme “Nation Wants to Know why Times Group should not have an exclusive right to say so”.

Naavi

Related Article:

Swarajyamag.com

Intepat.com

My article on the Bank of Maharashtra(BOM)  UPI fraud where in I had expressed an opinion that NPCI and RBI also have  some responsibility elicited some off the record remarks  from NPCI and one of the senior technical members of another Bank. Their main contention was that the BOM Core Banking System (CBS) interacts with the BOM-UPI system which inturn interacts with NPCI, and in this instance the problem of mis communication was between BOM-CBS and BOM-UPI interface. Hence they argue that NPCI was not in a position to understand if the transaction was genuinely cleared by the CBS system or not. It is also stated that BOM-UPI interface belongs to BOM and hence it has to assume complete responsibility for the transaction and NPCI cannot be held liable.

I suppose that this is the structure of communication used and if so, it may be technically correct to consider that NPCI was not in a position to find out whether the transaction was cleared in the back end between BOM CBS and BOM UPI systems or not.

That apart, we should discuss some additional aspects of how the system was adopted between NPCI and BOM without an end-to-end testing so that a faulty sub system became part of the whole system that operated between a customer of the Bank and an intended payee.

It is possible that technical persons in NPCI as well as BOM were only focussing on how the UPI interface of BOM interacts with UPI interface at NPCI and only tested the technical aspects involved in this exchange of data.

The technical persons forgot that what UPI interface of BOM was communicating to NPCI was whether a certain money was debited to a certain account and the debit was passed by the Banking officials.

Here was a banking transaction bound in law. Had it been a cheques transaction,  Negotiable Instruments Act 1881 (NI Act) as amended in 2002 would require the payment should be a “Payment in Due Course”.  Even in this case of e-instructions substituting the cheque transaction,  it is essential that the payment from BOM CBS system should be a “Payment in Due Course” or its equivalent. If not, the Paying Bank may be liable for the fraud.  At the same time the Collecting Bank (to which the money was credited on behalf of the payee) should also fulfill its responsibilities similar to what is contained in Section 131 of NI Act for collection of cheques, which should be taken care of by the technology team configuring the UPI app at that end.

Without satisfying the legal requirements of the NI Act, or its equivalent,  the transaction cannot be considered as legally complete.

In the digital payment transaction, between the Paying Bank and the Collecting Bank, there is NPCI as a clearing agency. It is an intermediary which instructs both the Paying Bank and the Collecting Bank on what they should do to complete the banking transaction using the UPI interface.

As an intermediary, NPCI has its own responsibilities under ITA 2000/8 besides some immunity derived under the Payment and Settlements Act.

NPCI should have supplied APIs to different Banks along with instructions on how they may be configured at the respective Banks and linking it with their own CBS systems. If the API belongs to NPCI, then it is also responsible to ensure that it is compatible with the different CBS systems that may be under use by different Banks.

It appears from this BOM incident that the UPI interface as built by BOM was not properly functioning and hence it’s instructions to NPCI were unreliable. But NPCI did not know because it had not tested  the “transactions” from the banking perspective and was satisfied only in testing the technical connectivity within a section of the transaction.

In this type of transaction, the transaction originates from one mobile using an UPI app and the digital instruction travels to NPCI, then onto the paying Bank, comes back and is communicated by NPCI to the sender. In case of successful transactions, information is also sent to the intended payee’s mobile app and his bank’s UPI interface. The authentication system used in each segment of the transaction may not conform to the legal standards necessary in Indian laws but is only riding on a technical belief that nothing will go wrong.

The way UPI system developed, it may be argued that NPCI is the owner of the system and has enrolled the Banks as members to use the platform. Therefore, the responsibility for the integrity of the platform lies more with NPCI than the Banks. Even if in the case of individual Bank’s UPIs, there is a possibility for NPCI to shift the responsibility to the Banks, at least in the case of BHIM, it is clear that NPCI is the lead institution and others are supporting organizations.

Frauds can occur right from the downloading of the App by either of the two  transaction parties, with possible malware infections at various levels.

It would not be possible for Banks and NPCI to consider that they donot have responsibility for technology related frauds and the customer should bear the cost of such frauds. Since the Government is behind forcing users to adopt digital payments, it is the responsibility of the Government and RBI to ensure that the system is safe and does not create a technology based risk to the customers.

Technology persons especially the software developers should understand that they are building software that substitutes humans at different points of decision making and unless they view the software from the perspective of the underlying transaction and not as  few bytes of data that go in between, they will not be able to build secure applications. Applications that are tested only for the functionality without any regard to the underlying business transaction, are to be considered as “Faulty ab-initio”.

Software developers who are used to releasing software with bugs and later on sending patches and holding the users responsible for not applying the patches in time cannot be called “Responsible Software Developers”.

Knowing the difficulties in technology, there are two things which software developers and their owners should do.

First is that any software released to the public should be put on extensive field test at first. During this time, there should be a “Bug Bounty” program which attracts other specialists to pool their skills in cleaning up bugs. UPI did not go through this standard process.

Secondly, in financial transactions related software, the users must be protected by “Cyber Insurance” and part of the liability of the insurance premium must be borne by the software developers.

In the present instance, none of the players such as the Banks or NPCI or the RBI or the Government is concerned about the risks that an UPI user is exposed to. Banks are interested in their profits, RBI is powerless to regulate the Banks and the Government officials and politicians donot know what is the risk they are pushing  into the system. Since public love Mr Modi, they are adopting digital payment systems faster than they should and hence exposing themselves to greater and greater financial risks by the day.

By making NPCI as a giant universal gateway for financial transactions across India, a huge amount of financial risk has converged on the organization. In the event of a war or a major terrorist attack, NPCI may be rendered dysfunctional by our enemies and the Indian financial system may take a huge hit.

I am not convinced that the technologists who donot have a holistic view of the transactions will be able to visualize all the risks in the system and take adequate action.

In the meantime, we the honest citizens of the country are left to keep praying to our favorite Gods that they should be spared from Cyber Crime risks, more so  in the coming days when payments happen with their aadhar registered biometric.

One technology person complained that I am creating a “Scare” by exaggerating the risks. I donot agree. But even if it is so, it does not matter. Because I know that software developers suffering from “Technology intoxication” are likely to over speed and cause accidents to the passer’s by while they themselves are protected behind sophisticated air bags.  Some body like us should therefore challenge them from time to time for the general good of the society.

Naavi