Naavi.org

When India started using Digital Signatures after the ITA 2000 was enacted, CCA had approved MD5 algortithm for hashing. Susequently, MD5 was disaccredited and SHA-1 was being used as approved algorithms. Global developments now indicate that time has come for users to move from SHA-1 to SHA-2 since SHA-1 has either been already cracked or is about to be cracked.

Related Article: 

Crypto experts inidcate that  by end of Dec 2015, Chrome may start providing browser warnings and by 2016-17, both Chrome and Microsoft may discontinue acceptance of SHA-1 in the applications. This may result in SSL/TLS authentication certificates need to be replaced by websites.

If SHA-1 is unreliable for SSL-TLS, it should also be considered unreliable for the Indian Digital Signature system which carries the judicial weight for non repudiation.

We are already in 2015 and many digital signature users may be using a 2 year  valid digital signature certificate which may overlap with the discontinuance of the SHA-1 certificates by the international community.

In order to preserve the sanctity of the Digital Signature system of India, it is necessary for CCA to take steps to migrate completely to SHA-2 which is already an approved system, by phasing out SHA-1 in time. Hopefully CA s are making necessary arrangements so that we are in tune with global security standards.

Naavi

Just yesterday, we were congratulating SEBI on its intended progressive use of technology for e-IPO. Unfortunately, today we need to point out the serious security issues that remain to be addressed when IT usage is taken to critical areas such as investments.

A whistle blower from Singapore has now revealed a major fraud which he alleges has been going on in NSE for a long time which has been hushed up by the Stock Exchange.

The enclosed document  provides in graphic detail the modus operandi used by certain broking firms to gain unfair advantage in trading with the connivance of the staff at NSE. (Also read this article in Moneylife)

Similar tactics were employed earlier in IRCTC which was brought to public notice by Naavi.org. However, in comparison, the impact of the present fraud in NSE is far far greater.

It is possible that NSE might have tightened up the security now. However there is a need to identify the individuals responsible for the fraud and send them to jail for life.

Hushing up is providing protection to such fraudsters who may re surface in other companies.

NASSCOM also has to issue a notice to NSE so that the “National Skills Registry” contains the correct information about these fraudsters.

People like Arnab who bark up the wrong tree need to address issues such as these instead of shouting on political rivals.

The incident also highlights how information security audit of NSE system has failed and can fail again in future.

We do understand that rather than blaming everybody in the administration, we need to appreciate the corrective measures taken and enable the management to set things right without any panic reaction that may cause more damage.

We look forward to a proper explanation from NSE authorities along with an assurance that checks and balances will be built to address such issues in future.

At the same time we need to thank the whistle blower for bringing the problem to public knowledge.

Naavi

One of the most exciting manifestations of the Digital India story is in the process of being unleashed in the Indian investment scenario shortly.  The undersigned was one of the financial professionals who has seen the Capital markets in all its glory when it was a retail market where millions of investors used to participate in IPOs. (It was then termed Public Issues). The undersigned had also created an index to project the investment potential of a proposed public issue at different prices etc. However subsequently, changes in the policy of SEBI converted the IPO markets from a retail market to a whole sale market.

Now the sunny days for the IPO market appears to back with SEBI finalizing a proposal for e-IPO. SEBI is expected to finalize a detailed guideline for e-IPOs by the end of this month as per this ET report.

SEBI’s discussion paper

SEBI had issued a discussion paper which provides some details of what may be coming forth. This is an attempt to use the current secondary market infrastructure where investors have been investing in various capital market instruments through their brokers using e-investment tools. Since IT provides  all the flexibility for auctioning, reverse auctioning, instant processing of applications etc, it is the ideal platform to involve a large number of Netizen investors directly in the process of IPO.

In fact just as Retail business has seen a sea change with Flipkart/Snap deal/Amazon etc coming into fray, the e-IPOs are sure to revive the retail interest in the primary markets which is very essential for the growth of Capital markets in India. This is bound to give a huge boost to the capital markets much more than a good monsoon this year or a RBI dropping interest rates or Inflation coming down etc which are being touted as huge market movers.

I congratulate SEBI on its move.

Before we end, there is of course a Cyber Law angle into the development since IPO applications need to be “Digitally Signed” and the Certifying authorities may be rejoicing the development. I recall that one of the first E-Commerce initiatives I had personally supervised was the hosting of public issue application forms of Corporation Bank some time in the mid 80’s with a running serial number which was a great innovation at that time. Lot of water has flowed under the bridge since then and we will now see an e-form being filled up and digitally signed, application electronically processed and demat shares issued all in the back end servers…. Three Cheers to ICT revolution..

Naavi

In the cacophony surrounding the Times Now campaign against Sushma Swaraj, the media did not high light an important event yesterday where the Chief of the Anti Corruption Bureau (Appointed by the LG) complained that his office was bugged with spy devices for voice recording. The “Pen like spying  tool” was reportedly found in his office. (See report here)

The natural inference is that it was planted there by Arvind Kejriwal’s group which has appointed its own chief for the same Anti Corruption Bureau.

Apart from the political issues involved in two officials working in the same capacity, what needs to be recognized is that “Unauthorised implant of spying devices” is a serious violation of Privacy.

Unfortunately India does not have a good Privacy Protection law and hence we need to struggle to find out how this prima facie offence can be brought under legal scrutiny.

It is essential for Mr Ravi Shankar Prasad to examine if there is a need to amend ITA 2008 to enable such offences be recognized without ambiguity, when the next revision is undertaken.

Naavi

Arnab Goswami has been a disruptive influence on the TV media especially in the last one year. Times Now claims that it has made a huge progress in media ratings because of Mr Arnab’s antics. Mr Rajdeep Sardesai who was once a Guru of Arnab has now become a secondary journalist and has to team up with Rahul Kanwal and others to fight Arnab. Even Bukah Dutt has become subdued under the verbal onslought of Arnab. In fact the predicament of the competing channels is evident from the fact that they are running ad campaigns depicting Times Now as  the “Noice Channel” and “Circus Channel”.

Recognizing this contribution of Mr Arnab Goswami, he has been recently elevated as President and Editor in Chief of Times Now and more importantly ET Now. (Refer article here).

As if intoxicated by this new found recognition from within, Arnab Goswami went hammer and tongs at Sushma Swaraj yesterday even announcing that his reporter was waiting at the gate of Sushma Swaraj’s residence expecting her to come out any time and announce her resignation to the press. Unfortunately, BJP called his bluff and refused to budge to his wishes. He is ofcourse trying again today and continuing his tirade against BJP much to the delight of Congress and Aam Admi Party.

Now with the new found responsibility in ET Now, it would be amusing to see whether the noice levels increase in the studios of ET Now and whether it would disturb the clear leadership that CNBC TV possesses in this market.

If we predict the influence of Arnab on ET Now, we can expect more of negative reports from ET Now particularly on the Reliance Group companies which own CNBC TV. There could even be a “Combo Attack” by both Times Now and ET Now on Reliance companies for a domino effect in bringing down the share prices.

There have been many financial journals which we have seen in the past which have adopted the “Black Mail Strategy” to growth where they publish negative reports to boost circulation and extract benefits of various kinds. Most of them have however withered away after flattering to deceive.

So far, the Arnab antics was limited to Political discussions and affected the country only in the political scenario. Now that he will have a hand in the management of economic news, his potential to bring down the future of India has increased.

We may therefore have another Kejriwal of the Indian media set to destroy the economic progress of the country.

However, there is one management principle that we all need to remember. It is called the “Peter’s Principle”. I suppose this will start working now in the case of Arnab. His strategies which worked well for political debates with an audience who rejoice the noisy debates for fun, may fail miserably in the investor market. And Arnab might have been elevated to his “level of inefficiency” as Peter’s principle enunciates.

The ground is set for the same since what Arnab Goswami has claimed in yesterday’s report includes a claim to possess confidential emails of some persons which he has used for the furtherance of his business. This is a prima facie offence under Section 66 of Information Technology Act 2008 which is a cognizable offence. If any person files a complaint, the Police will have no option but to register an FIR, and investigate whether Times Now was directly or indirectly involved in the hacking of email accounts of any one of the stake holders whose names have come out during the exposure of the emails.

The only defense that Arnab will have would be to claim that what seems to be an offence was done without malicious intention and with public interest. He will also claim that he is exercising a “Freedom of Speech” and he cannot be questioned on his reports. These however is not a defense against any civil claims if any that may also be filed by various persons whom the report has tried to defame.

Naavi

In his enthusiasm to break a sensational story, Arnab Goswami appears to have landed himself in one of the biggest problems of his life by declaring possession of e-mails of an UK Member of Parliament which the MP has challenged as a Criminal act.

The defense for Mr Arnab is only that he is a “Journalist” and doing this “Apparent Criminal Act”  in “Public Interest”. Unfortunately this may have to be defended in an UK Court and not in the Indian Court.

The incident relates to a revelation that Mr Lalit Modi living in UK wanted to travel to Portugal ostensibly to sign some hospital papers for his wife to undergo surgery for Cancer and was having difficulty in obtaining travel clearances. Since UK Government had been earlier informed of the pending Enforcement Directorate investigations going on on Lalit Modi in India, there was a perception that allowing Mr Modi to travel would make India unpleasant. In this context it is alleged that Ms Sushma Swaraj, the External Affairs Minister was approached by Mr Modi and she had spoken to the UK MP which ultimately resulted in Mr Modi getting the travel permissions. Ms Sushma Swaraj has stated that she only requested the UK Government to deal with it under UK laws and it would not hurt the relations with India.

Mr Goswami is tying to present this as if Ms Swaraj should be considered as a part of Lalit Modi investigation and naturally the other political parties will be happy to debate this issue all through the day.

However, Mr Goswami has been challenged by the UK MP Mr Keith Vaz that Mr Arnab Goswami is guilty of hacking into the email account of Mr Vaz. The fact that Mr Arnab Goswami is in possession of the emails is prima facie evidence that Mr Keith Vaz’s emails have reached unauthorised hands. It is also prima facie clear that these emails have been used for commercial benefit by Times Now. Hence the charge of “Unauthorized Access” to an electronic document which is also an offence under ITA 2008 cannot be denied.

Mr Goswami has been alleging that Ms Sushma Swaraj was trying to help Mr Modi to get travel clearances. However the accusation is not for any other financial fraud or illegal activity. Ms Sushma on the other hand claims that this was a “Humanitarian” act. It will be therefore essential for Mr Goswami to defend that there was “Public interest” and claim the immunity which journalists normally claim in sting operations. However given the limited benefit if at all that Mr Modi could get from the intervention of Ms Sushma Swaraj, it is unlikely that a Court will be convinced of the “Public Interest” in this e-mail hacking case.

It would be interesting if this issue is taken to a Court.

(PS: It would be interesting to see if Times Now continues to carry Mr Keith Vaz’s interview in which he accuses Mr Arnab of a criminal activity during the rest of the day.)

Naavi