“Make in India” campaign by building an “International City” within Indian boundaries

Posted on September 25, 2014 by Vijayashankar Na

In developing the economy of a nation we often discuss about what incentives we need to give to investors to invest. India is now in the search for such global investments in its quest to promote the “Make In India” campaign with an aim of making India Import free by 2020.

The main impediments in such a quest is the lack of infrastructural facilities and hence one approach is to provide incentives to develop basic infrastructure such as power, water, communication and transportation. I am sure that Modi Government will pursue this approach. The US $35 billion from Japan, a possible US$20 billion from China and perhaps some thing more from USA, UK, Germany, France and Australia in the coming days can help in this direction.

However, one of the biggest hurdles in such cases is the legal impediments that prevent development. It may be in the form of Tax laws or real estate laws or human right laws etc. Yes, Modi Government is also working on making changes in these individual laws to make “Doing Business With India” easy.

But changing existing laws is a time-consuming affair and will involve the cooperation of the political parties in the opposition who would bring as many hurdles as possible in making the task of this Government difficult.

A thought that strikes me in this context is instead of making changes to our law to make our country an investment destination acceptable to global business, why can’t we make one single law to create a “Zone” where “Universally acceptable International laws” apply rather than the current laws except to ensure that India will have a royalty on the revenues generated in the zone as a part of the revenue share. For the sake of a better expression let’s call this an “International City Zone”. (ICZ) Some principles of the SEZ laws can help us understand what we need to do to make doing business in this zone easy.

This is only an initial thought and I donot have a complete solution as yet in mind. But in simple terms what I have in mind is to expand the SEZ concept and say that the ICZ will be developed as a self-contained city unit with a local administration which will make its own laws and will be free from the laws applicable to other Indian geographies except Defense  and subject to the revenue sharing arrangement.

This ICZ will therefore not be bogged down by our socialistic principles such as “Reservations on the basis of caste, religion or gender” and will be free to make laws that are good for increasing the GDP of the ICZ. It will not be bogged down by the language issues such as Hindi Vs English Vs Kannada etc. It can set up manufacturing facilities, can import resources and manpower from anywhere in the world. If resources from India are cheaper and of the required quality, it is expected that imports will happen from within India but outside of the ICZ.

The ICZ will have its own currency. Hopefully RBI will promote a Virtual Currency exclusively for this zone which can be made mandatory for recording the transactions but would be freely convertible. Use of a Virtual Currency is recommended since it can provide the best accountability since we can track every transaction and unit of currency used. RBI can be the sole mint for such currency and at its choice can outsource mining to other Indian entities outside the zone to provide the supply. Other than a source of minting of the virtual currency, rest of the financial regulation within the ICZ can be handled by a regulator within the ICZ.

The local administration will be representative of the investors for the ICZ. India will be having a share in the venture both because of the investment in land as well as some thing similar to “Sweat Equity”. In return it will have a proportionate representation. Others will have representation in proportion of their investments in the project. For example, let’s say that we start with an ICZ whose land is valued at US$10 billion. Of this 10% may be considered as core equity eligible for royalty purpose. 100% management would be with India. Then a conglomerate of US companies invest US$ 1 billion. The equity distribution then will be 10% as royalty and of the balance 90% equity, India will have 90% and the US Conglomeration will have 10%. The total distribution would be 91% for India and 9% for the US Conglomerate. In the management the same distribution would be maintained with 91% of the board of governance from India and 9% from the US Conglomerate.  Each subsequent investment will further reduce the Indian holding and it may become a minority in due course.

It should be open to the Government to however dilute its management control straight away and accept less than the eligible number of directors in the board of Governance and accommodate a minimum representation from countries of its choice for the purpose of attracting investments.

The size of the board of Governance may be determined by a constitution and may provide for expansion keeping the value of the ICZ as one of the parameters for decision. It will be like a “Cabinet” of ministers with a need to address different portfolios and experts can be drawn from across the world.

Law and Order within the Zone would be the responsibility of the Board of Governance. Defense of the territory would be the responsibility of the Indian Government.

The essence of the ICZ City would be that it would be created from a zero base. no legacy legal hurdles, with the best of administrative talent from across the globe with the sole objective that this micro economy will focus on “Governance for Building Wealth For the ICZ City”.

I invite comments.

naavi

Posted in Cyber Law | 3 Comments

Cyber War Risk with China is evident

Posted on September 23, 2014 by Vijayashankar Na

Despite the recent visit of the Chinese premier to India and the pledging of the possible investment of US$20 billion, the utterances of the Chinese prime minister after his return to China asking his troops to be ready for a “Regional War” is a matter to be taken note of.

China has always been an unreliable nation and cannot be trusted for business relations. China is the leader in Cyber Warfare and using their technologies for our bullet trains and smart cities is an open invitation to disaster if and when there is a cyber war between India and China.

It is good for Mr Modi to keep China at arms length in the field of technology and ensure that India tries to develop its capabilities in the technology era with the assistance of Japan and USA.

Indian companies doing business with China should also be careful not to transfer any critical technology to China in the long term interest of our country.

Naavi

Posted in Cyber Crime | Leave a comment

First Steps in Cyber Crime Insurance

Posted on September 23, 2014 by Vijayashankar Na

Recently interest on Cyber Crime Insurance has been on the rise in India. According to a recent report in Business Standard, the premia for such policies is around o.5% to 1.5%.

It is important for the insured to however consider what are the exclusions in the policy and there is clarity on the valuations of the insurable assets at the time of purchase and the valuation of claims.

According to the above BS report “distribution of unsolicited email”, “wire tapping”, “eavesdropping”, “fraudulent acts”, “failure to maintain standard computer security” are some of the major exclusions.

Out of the above exclusions, the failure to maintain standard computer security is understandable. However, what is “Standard computer Security” is debatable.

Also it is not understandable how “eavesdropping”, “Fraudulent acts” etc can be excluded. If these are true, insurance companies must be considering more of “Loss due to technical failures” rather than “Loss arising out of Cyber Crimes”.

Technical failures may lead to loss of data. However in most of the cases where a claim is to be preferred there will always be a human hand, malicious or otherwise. Hence “Fraud” cannot be eliminated from the risks. Hence if “Frauds” are excluded, there is insufficient coverage. Also if the coverage does not cover “Liabilities” arising out of the security breach, it is not beneficial to the insured.

The question of “Standards” is always daisy. At present in India law requires “Reasonable Security Practice” which is often not interpreted properly by the companies. Hence what constitutes “Failure to meet Security Standards” is always a debatable issue. While many may be able to produce a certificate such as ISO audit or PCIDSS audit, these does not constitute indisputable standards under the “Reasonable Security Practice” under ITA 2000/8.

It would be interesting to see how insurance companies define such exclusions. Unless some data is built up over time on the claim settlements of different companies, it is difficult to evaluate which policy is better for a prospective insurance seeker.

As regards valuation, in a liability insurance, the value of the asset has to be based on the value of “Information” rather than the value of the hardware and software. Hence in companies where “Data Loss” is the prime criteria, the “Data” need to be valued.  Will this be based on acquisition cost or replacement value or liability potential is a matter to be discussed. Normally the acquisition cost of data is relatively low while the liability potential is high. The insurance premium would therefore be on the lower value but the claims would be on the higher value.

According to one of the recent security reports, in case of data breaches the biggest loss comes out of the “Reputation Loss”.  At the time of insurance, is it possible to add the “Value of Reputation” as part of the assets to determine the premium? is therefore a valid point for discussion.

Probably the role of insurance brokers s therefore very critical in the current juncture since they need to ensure a fair coverage for the clients at affordable premia.

We need to watch out the performance of such insurance brokers.

Naavi.org calls upon insurance seekers to share their experience with insurance companies and insurance brokers so that we can evaluate their performance from time to time.

Naavi

Posted in Cyber Crime, ITA 2008 | Leave a comment

Cyber Crime Insurance industry is waking up

Posted on September 22, 2014 by Vijayashankar Na

Several years after Indian industry started demanding Cyber Crime Insurance,  insurers appear to have realized that there is a potential business here worth exploring. (See article here). In our earlier article we had highlighted that after the recent G Mail hacking report, the interest seem to have got a boost.

While three companies namely HDFC ERGO, TATA AIG and ICICI Lombard appear to have started writing insurance policies, it appears that they are still in the process of writing customized policies for specific large clients. They may be banking more on their relationship with the existing customers in other products rather than developing an exclusive product for the “Cyber Crime Risk”.

The premia talked about in the media also appear to be unrealistically high and indicate that the insurance agencies are yet to get a grip on the risks and the acturial evaluation.

In order that the industry picks up such insurance products, it is necessary that the products must be affordable and also promise quick settlement of claims.

At present we donot have any experience as to the settlement of claims and therefore we need to await further developments to understand how the industry is set to progress in the coming days.

Naavi

Posted in Cyber Crime | Leave a comment

Supreme Court clarifies on Evidentiary Aspects

Posted on September 21, 2014 by Vijayashankar Na

Ever since ITA 2000 became a law in India (17th October 2000), discussions are being held on the admissibility of electronic evidence in a Court of law. Section 65B of the Indian Evidence Act laid down the procedure by which an electronic document may be considered as “Admissible”.

Naavi.org has clarified this many times and since around 2002 maintains a service “Cyber Evidence Archival Center” providing certified copies of electronic document in print form with certification as explained in Section 65B. Though the evidence produced by CEAC has been presented and accepted in some court proceedings, there used to be continued discussion on the subject.

Now in a recent case, Supreme Court has provided some clarification.

According the report, the Supreme Court stated

” An electronic record by way of secondary evidence shall not be admitted in evidence unless the requirements under Section 65B (of Evidence Act) are satisfied. Thus, in the case of CD, VCD, chip, etc., the same shall be accompanied by the certificate in terms of Section 65B obtained at the time of taking the document, without which, the secondary evidence pertaining to that electronic record, is inadmissible,” said the court in the judgment written by Justice Kurian Joseph.”

Refer: Article in FPJ

Naavi

Posted in ITA 2008 | Leave a comment

G Mail hacking news triggers interest in Cyber Insurance

Posted on September 15, 2014 by Vijayashankar Na

The recent report on the compromise of 4.93 million passwords has triggered a renewed interest in Insurance against Data Security threats. According to this report in Indian Express, (See here), some of the BPOs in India have been showing interest in buying such products.

This report is very important since it establishes the viability of such insurance. Naavi has been advocating that Banks should take such insurance to protect the customers against Phishing frauds.RBI has also mandated the same to Banks since 2001.  Many of the Banks have however been suggesting that no such insurance is available in India.

With the developments reported in the news papers,  such excuses will no longer be be acceptable to the judiciary.

This is good news for those Cyber Crime victims who have been pursuing their cases against Banks such as ICICI Bank, PNB, SBI, AXIS Bank etc.

Naavi

Posted in ITA 2008 | Leave a comment