Naavi.org

In a significant ruling, the US Federal Communications Commission (FCC)has rejected to force websites a petition by the Consumer Watchdog to enforce the “Donot Track” requests from individuals.

The petition had requested  that the Commission “initiate a rule making proceeding requiring ‘edge providers’ (like Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn) to honor ‘Do Not Track’ Requests from consumers.”

The FCC however ruled that the current regulations meant for voice services cannot be applied to broadband internet and dismissed the petition.

Copy of Order

Some observers in the Privacy and Consumer Interest groups express concern that this will prevent online services from requiring consumers to consent to tracking in exchange for accessing web services, preventing online services from sharing personal information of users with third parties when consumers send “Do Not Track Requests”. This may also mean that websites will reject the web browser settings that send “Opt out” requests.

A counter view is that the FCC order only applies to “Transmission Services” and not “Content Services”. If this view is valid, then the content owners need to continue obtaining consent from the website visitors as they are doing at present.

We concur with the counter view since use of web services is a contract and the visitor should be given the option to either share or not share data which he considers as not essential for the service.

If however, the website wants to make it a “Dotted line contract”,  they need to highlight and draw specific attention of the user to the information sharing clauses before proceeding with the use of the services.

This may not however be practical to implement for all user and hence any prudent website owner would continue the existing practice of honouring automatic requests for opting out of any such information collection that the website wants to do and wait for an Opt-in for collecting analytics which involve identifiable personal information.

Naavi

Naavi has been pointing out that the increasing use of IT in E Governance and E Commerce and the embracing of the Digital India policy which includes the Internet of Things and Big Data, there is a need for a revision of Information technology Act 2000.

A “Cyber Law Vision-2018” was suggested by Naavi which included some thoughts on the direction that the Indian Cyber Law of the future should pursue. The vision document was released before the Supreme Court verdict but anticipated the possibility of Supreme Court holding the section unconstitutional.

Naavi has also repeatedly drawn the attention Modi Government on the unsavoury experience of Mr Chandrababu Naidu who lost a political election despite his glorious achievements in the IT sector and warned the Government of a possibility of similar nature for Modi. ( Refer: An Open Letter to Mr Modi) Now unfortunately this prediction has come through in the form of a debacle in the Bihar election.

Scrapping of Section 66A by the Supreme Court, had already forced the hands of the Government to start a process of revisiting ITA 2008 and the Bihar debacle has added the urgency.

In order to ensure that Government gets the right inputs on amending the ITA 2008 which not only satisfies the Supreme Court but also provides a base for Secure Digital India without a political backlash, Naavi invites interested specialists in Cyber Law to come together into a Virtual Special Interest Group that can recommend a comprehensive revision of ITA 2008.

It may be remembered that when an “Expert Committee” was formed by the then Government in 2005 to amend ITA 2000, it had no representation of Netizens and it came up with a highly controversial amendments. Though some of the mistakes were corrected by the Parliamentary Committee before it was passed in 2008 (what we recognize now as ITA 2008), many of the weaknesses remain.

Over the period we have pointed out how the Government officials themselves are flouting ITA 2000/8 out of sheer ignorance. In particular, we have pointed out the Karnataka IT Secretary who ruled “Person” in Section 43 means only an individual and not a company. Karnataka Legislature passed the amendment to Indian Registration Act 1908 which is ultra vires the ITA 2000/8. Even the Central Government in its notifications for the Digital Locker project violated ITA 2000/8.

In view of the above, we the Citizens of India who are being forced to be also Netizens because of the rapid digitization of the country, but firmly believe that ICT has the potential to transform India for the better if the policies are implemented in a proper manner, need to participate in the process of this transformation of Cyber Laws.

We presume that the Government may not invite the public to contribute their ideas until it is too late for making any positive contributions and hence need to move now before the Government pushes ahead its own efforts in this matter.

The objective is to ensure that the amendments when made are “Citizen Centric” and even the Biharis and Uttar Pradeshis who would vote in the elections should be able to appreciate the benefits and does not derail the Digital India vision.

We shall call this the “VSIG on Cyber Laws for Digital India” and collate recommendations from the private sector for amending ITA 2008 in such a manner that it becomes an instrument of development which does not face the opposition either from the politicians or the general public who only feels the effect of IT but does not understand the intricacies or the limitations.

Looking forward to participation from the Cyber Law stalwarts of India.

Naavi

An interesting narration from a security professional published in techinasia.com (Read the Article here), highlights how Indian Start ups are neglecting information security and opening themselves to the “Data Breach” and “Cyber Law Non Compliance Risk”.

The article indicates that in a recent study, 17 start ups in India including Ola, Zomato, HomeShop18, BookMyShow and others were found to have security vulnerabilities that could cause leak of Personal and Sensitive Personal Data of its customers. According to the author, more than 70% of the Start Ups have severe bugs compromising security and creating a potential financial risk to the company.

We refer to our earlier article “The Start-ups and Techno Legal Risks” in which we have highlighted the need for “Techno Legal Feasibility Analysis” to be undertaken by Start ups to identify and mitigate certain risks that arise out of non compliance of ITA 2008.

The article in TechInAsia also highlights the Section 43A of ITA 2008 and warns the entrepreneurs of the possibility of financial losses arsing out of data breach. It also suggests that there is a need for good “Bug Bounty” programs to ensure that these Start Ups get voluntary help from security professionals.

We also highlight that it is not only the breach of Sensitive Personal Information that creates liabilities but also breach of personal information. Additionally, ITA 2008 can create liabilities on account of many other non compliance issues and any company which does not conduct an “ITA 2008 Compliance” audit on its processes (including mobile Apps) is running the risk of not only a hacker’s attack but also liabilities that can cripple or kill the company.

There are many aspects of ITA 2008 which can land the innocent CEO or CTO of a Start Up in Jail for non compliance of ITA 2008.

The undersigned invites such companies to use the services of Naavi’s Cyber Law Center, so that it reduces the risk of a premature death.

Naavi

[Once again, I apologize for a non Cyber Law Post prompted by the unprofessional views expressed by Moody’s which needs countering. Ignore if you want….Naavi]

Press Reports suggest that the International Credit Rating Agency  Moody’s has warned that Narendra Modi needs to rein in members of the Hindu fringe elements or risk losing credibility.

Read Economic Times Article here

Moody’s is a credit rating agency and has the expertise to comment on the financial aspects of the country. It is customary to consider that the economy of the country is affected by several factors one of which is the political environment.  Hence “Country Risk” and “Political Risk” is often used as elements of analysis in a Credit Rating exercise.

However, a prudent Credit Rating agency assigns appropriate weightages to different aspects that affect the economy and obviously the facts such as that it is natural in a Democratic country for  opposition to keep rattling  has to be taken into consideration before factoring in impact of such opposition antics into its rating.

According to the ET report, Moody’s are reported to have “Advised” PM Narendra Modi that

“Modi must keep his members in check or risk losing domestic and global credibility,”.

The report goes on to comment on the ongoing Bihar elections and says

“The BJP is not the incumbent (in Bihar), so a win here would help secure an upper house majority… Overall, it is unclear whether India can deliver the promised reforms and hit its growth potential. Undoubtedly, numerous political outcomes will dictate the extent of success,” 

There is no doubt that the report is a scathing attack on the Modi’s Government and predicts that the GDP growth rate would be around 7.4% to 7.6% for the full fiscal year 2015-2016 as against a potential of around 9.3%.

In a way the report has placed a value on the disruptionist impact of the opposition as around 2% of GDP.

However, instead of restricting itself to providing its views, the report actually becomes a political commentary set to help the opposition in the Bihar elections. Now, politicians like Lalu Prasad Yadav who may not know the difference between Modi and Moody will start quoting the agency in their election speeches.

It must however be emphasized that in our view,

“While a Credit Rating agency has the right to make its observations, it is unacceptable to word its observations in the form of an “Advice” to the country’s Chief executive.

Lifting the Corporate Veil

The report  has to be read along with the credibility of the agency which has lent its name. Since it comes from Moody’s, it is being read and commented. But at the same time, we all know that any such report is a product of some individual’s efforts and ultimately the credibility of the report has to be tested against the credibility of the person who puts out the report. We therefore need to look beyond the name of Moody’s and lift the corporate veil.

This report is attributed to Faraz Syed, associate economist at Moody’s Analytics and raises a question on the credibility of the analyst as well as Moody’s as a Credit Rating Agency.

At the outset, I would like to categorically state that my comments should be disassociated from the fact that the name of the analyst may lead to certain inferences. I am only analyzing the issue from other factors.

Mr Faraz Syed is based in Sydney and is in the process of completing his Master’s degree in Economics. He completed his Bachelor’s degree in 2013 from MACQUAIRE Universtity, in Australia. His interest initially has been in the field of Cricket and  entered the career as an Economist in January 2013. After working for one year with the Australian Bureau of Agricultural and Resource Economics and Sciences, he joined Moody’s in December 2014 as Associate Economist.

His experience  as an analyst in Moody’s is therefore less than an year. I suspect that he has never visited India and his knowledge of India may be through Cricketers  and IPL.

His attempt to convert a Financial Analytical report into a political advisory to a Head of State  shows his immaturity as an analyst and nothing else.

However, one cannot appreciate how Moody’s let the report to be published under its name and that indicates that there is no control or supervision over the work of an “Associate Economist”.

What this States of the Opposition

While the opposition parties and the so called  intellectuals  who are spearheading the AwardWapsi movement would rejoice at the endorsement they have received from Mr Syed Faraz, I must point out the other dimension of the report.

What Mr Syed Faraz says is that the potential of 9.3% growth in GDP has been reduced to around 7.4% because Mr Modi has an opposition in Rajya Sabha and cannot pass progressive legislation. This confirms that the disruptionist activities of the opposition are harming the progress of the nation.

In other words, Mr Syed Faraz and the Moody’s are confirming that the actions of the opposition are “Anti National”.

Having been involved in the Financial Services industry for a long time in the beginning of my career and observed the birth and growth of Credit Rating agencies in India such as CRISIL and ICRA, I consider that India is in a path to progress with economic reforms which need time to yield results. Professionals in credit rating agencies need to understand that we cannot set up power plants in one year and without adequate power, industries cannot take off, and without industries taking off, there cannot be employment etc.. All this takes time and a professional in a credit rating agency should be aware.

The Dadri incident or Kalburgi incident has no relevance in the long term economic building of the country. It is only the anti national forces who would like to fish in troubled waters when such incidents happen and if a professional lets himself to be drawn into using those incidents to blame the PM, he stops being a professional. I consider Syed Faraz has betrayed his incapability of filling the boots of an “Economist”. If he gets to be a “Master in Economics” because of his erudite discourse on India, it would reflect the standards of the University that grants him the degree.

Though political commentators in their Bihar election mood may say whatever they feel like, professional organizations such as Moody’s should have shown maturity in passing comments as have been passed in the report and this actually undermines the credibility of Moody’s as a credit rating agency.

I would like to call upon the Moody’s as an organization to disown the advisory, withdraw the report and publish a corrected version without the politicized comments of Syed Faraz.

I will be forwarding a copy of this article to appropriate persons in Moody’s and also request readers to send it to appropriate contacts in Moody’s if they are able to reach out.

Naavi

ICICI Bank has introduced a new type of Card which it calls “Innovative” and “Asia’s First”.

The uniqueness of the Card is that it carries an LCD screen and a 12 button keyboard. User needs to first register the Card with VISA CODESURE and subsequently, dynamic pass codes are generated for every transaction. There will be an inbuilt battery and a micro processor. The lifespan of the card is about 3 years.

Presently the card is being offered by “Invitation”.

Though the Bank claims that this is more secure, what we can see is that it is as secure as the single PIN that is assigned to the registered card and the dynamic generation of PINs has no value. In  fact if the OTP was being sent through the mobile, then a thief who got hold of the Card and the Core PIN (say if it is written down or is found out by brute force or otherwise) needed to steal the mobile also. However in this system it is not necessary at all.

The Bank therefore needs to explain how this system is more secure than the mobile based OTP. RBI also needs to assure the public that the card meets it’s guidelines.

Naavi

P.S: This is not a post on Cyber Law and I apologize for the diversion. But I as a citizen of India have my views on some of the recent developments and want to use this platform to record the same. You may ignore it if you donot like. This is prompted by the returning of the awards by many prominent persons which trend has now percolated into the community of scientists. Just as Scientists are also humans and as citizens of India have the right to express their views, I also have my right to express my views and criticize these persons for their action. I am exercising this option.

I was today pleasantly surprised with a report in dnaindia.com where it was stated that an international organization by name “Freedom House”, in its report stated that Internet Freedom in India has improved under the Modi led Government in India. I am not aware of this organization and its credibility but since the view goes with my own view of the Government’s in India since my student days when we saw the pre-Emergency days and followed up with the Emergency days and there after to Sonia Gandhi’s proxy rule, I tend to agree with the report and take this opportunity to add some thoughts on the other burning issue in our media now namely the #Awardwapsi craze.

If we go by the media reports and the noise made by political leaders from the opposition, it appears that India is going through a great time of suppression of freedom and intolerance all because NDA has a majority of 282 Loksabha seats. After the FTII students and Sahitya Akademi winners it is now the turn of scientist community lead by Mr P M Bharghava to return their awards expressing their “Concern” for the “Intolerance” that is prevalent in the society.

The media is holding out as if this is a reflection on the functioning of the Modi Government which on the other hand is going great guns with its African Summit and Easing of Business objectives.

The opposition that is being raised comes bang in association with the Bihar elections and one has to be naive not to see the effort to create a negative PR for the BJP.

In this entire exercise it is the intellectual credibility of these “Award Returnees” that has come in to the public glare. They are reflecting their level of intolerance to a non Congress Government being at the helm and their favourite parties in the opposition becoming irrelevant by the day for reasons of their own.

I suppose that this fervour for returning the awards may wane after the Bihar elections and even those who have announced returning of the awards may not actually return them. I therefore call upon the Government to set up a committee of auditors to follow up the media announcements made by these awardees and create a smooth system for their returning of their awards. They can be collected and put up in a museum. Along with the return of the medals, it is also necessary for these awardees to return the cash benefits they have received which can be put in a fund .

After the disclosures of Netaji Files and other historical documents that were so far buried under a veil of secrecy, it is clear that what we were fed so far as Indian History was a doctored version and  Congress must be blamed for its role in hiding the truth from public. Some of these grey haired intellectuals who are showing intolerance were perhaps aware of these doctoring of Indian history and it makes me sad that they did not have any opposition for this fraud on the Indian society.

I am therefore not unhappy that these people are returning their awards and would like these returns to be meaningful and this event can be preserved as a part of the transformation that is happening in our society now.  Hence the returned trophies deserve to be placed in a museum and public should know who are and who are not with the current transformation from the dynastic rule of the Congress family to the Modi led BJP rule.

Naavi