Naavi.org

I would recall my several writings on naavi.org regarding how to handle fake news on the internet.

Today, read an article about Wikipedia inventor who had a noble objective in giving away knowledge free. But when I reflect back on the developments of Internet, I have realized that Wikipedia is not longer a source of information relied upon on many aspects of our society . In aspects related to information which is Political and Social, Wikipedia has been poisoned and often needs to be read with circumspection. This is a tragedy.

Similarly the P2P media like Twitter or FaceBook has become totally unreliable except as a propaganda vehicle for vested interests.

Further, I also saw a video where AI was used to create a fake video by just taking a few mobile pictures and inserting it into a video in an app. This appears to be the final straw that breaks the back of the camel. We will see rogue techies creating fake videos of all politicians to ensure that Internet as a news purveying media becomes completely worthless since it will be filled with false information alround.

We are aware that the last USA election was defrauded with manipulation of postal ballots. We can expect that the next elections both in USA and India will be full of fake videos of all political figures including Joe Biden, Donald Trump, Narendra Modi and Rahul Gandhi created by AI. Hence any video or any article that appears on the Internet need to be fact-checked and the entity doing the fact-check itself need to be fact-checked.

We have also discussed the solution for countering the misuse of Internet for spread of fake news. The first suggestion was way back in December 2000 when I wrote “How to Respond to Rogue web Sites” which was further referred to in the latest article in March 2023.

In terms of solutions, I had discussed the “Mandatory Counter Views link display”, “Mandatory Identification of content contributors” through verification of IDs including Aadhaar type of reliable verification methods, “Intermediary Liabilities with self regulation in the form of Uniform Intermediary Dispute Resolution” on the lines of UDRP.

Out of this, Mandatory verification of contributors to Twitter kind of platforms have been introduced int he form of “Verified” status and Indian Data Protection laws are expected to carry it through. The Intermediary guidelines are being introduced through ITA 2000/8 and the Grievance Redressal Committee set up by the Government (instead of a self regulatory set up which was suggested by the Government but not accepted by the industry).

Now we are learning that Mr Adani the person who is being used by the opposition to defame Mr Modi has been moving in to introduce the other strategy of taking over some of the rogue media houses. Accordingly after NDTV, we understand that substantial interests have been bought in “Quint”. With such moves, there is a competition being created to George Soros who was holding the control on one sided narrative through paid journalists.

With these moves, “Information Warfare” is being commercialized. This development may not be desirable but it is inevitable to atleast correct the skewed behaviour of Internet and the possibility of further damage through biased AI algorithms.

When Adani was attacked for political reasons by Hindenberg report the loss of market capitalization was depicted by media as “Adani’s loss”. But the real loss was actually that of investors who had no stake in the political narrative. Even Mr Modi would be only marginally affected and perhaps will come out strongly after the fake narrative dies down. Adani also will come back albeit with some delays in some projects. But common investors who have lost their hard earned savings will never pardon Indian politicians who tried to use the bear operators of the stock market for their political propaganda.

The latest fake news corroborating the conspiracy of the Soros media was the article in Economic times calling Adani groups statement of premature repayment of debts as unsubstantiated and causing a 5% loss to investors in Stock markets yesterday. With such articles, Economic Times has once again showed its bias and why it is losing credibility.

We therefore welcome Adani’s move of taking over Quint. His control of NDTV and Quint may not fully match the combined weight of George Soros supported media but could at least create a counter weight. We hope that some “Journalists” who are caught in the Soros network by fate would consider defecting to create a better balance in the use of Internet as a news media.

If this does not happen, then the trust of Internet as an “Information Super Highway” would be further eroded.

As Data Security professionals, the preservation of “Integrity” of information does not end with the binary data but also extends to the preservation of integrity of the data as interpreted by the users of the binary data. Under the Theory of Data, I have stated Data is created by technology but interpreted by humans. Hence if the integrity of interpretation is corrupted, it is a “Data Security” issue.

Just has “Privacy Protection” has expanded the domain of Information Security in to the domain of human rights, it is time to recognize that “Prevention of Information warfare” is an extension of the “Prevention of Cyber Crimes” and hence the Information and Privacy protection domain may need to extend itself into preservation of “Information Integrity” .

Naavi

I refer to the article “Punjab and Haryana High Court uses ChatGPT in bail order” which indicates that Justie Anoop Chitkara used ChatGPT while deciding a bail case.

The Judge appears to have added a disclaimer that

“Any reference to ChatGPT and any observation made hereinabove is neither an expression of opinion on the merits of the case nor shall the trial Court advert to these comments. This reference is only intended to present a broader picture on bail jurisprudence, where cruelty is a factor,“.

The use of ChatGPT and making a reference to it in the judgement reflects how the Courts are mis-informed about the natural Language Models like ChatGPT which are prone to bias and hallucination. Also ChatGPT was trained mostly on US data before 2021 and is expected to give wrong answers. It may be good for all of us to use to help our children do their homework but certainly not for other serious work. It is just another tool like the Google Search and needs to be completely supervised by a human being who takes responsibility.

If Courts start referring to ChatGPT, tomorrow petitioners will start quoting ChatGPT as evidence and some judges may be inclined to consider ChatGPT output as gospel truth.

I wish the CJI puts an immediate stop to such use of ChatGPT in arriving at judgements even for reference. The judge is free to use it privately if he wants but should not quote it as one of his aides. This will make ChatGPT output as “Orbiter Dicta” over a time.

Naavi

Blockchain Banking or Crypto Banking has been one of the applications of the Blockchain technology which is being discussed in some security circles. It is being hailed as “Secure”, “Transparent”,” resistant to fraud” and eliminates the need for third party intermediary and therefore is faster than conventional Banking, reduces transaction costs and increases financial inclusion.

This thought process needs to be moderated with the possibility of  destruction of the conventional financial system which would be detrimental to the society.

When Banking system adopted technology, there was a claim that the costs would reduce since back end processing was automated and became more efficient and error free. However this promise did not materialize. Banking became costlier for the customer and more frauds surfaced.

Similarly, the Crypto Banking having all the virtues is also a myth that would destroy the current system and introduce a more risky system in the coming days.

Essence of Block chain technology is that a transaction record is kept in a public ledger and all the “Node Owners” will have copies of all the transaction blocks. The transactions would however be encrypted. Hence the system would multiply the data storage several folds. Since the transactions are encrypted, the node owner may only view a transaction as from X to Y of a certain value and type and not knowing who is X or Y. Hence the claim of “Transparency” is not correct. In fact If X or Y is a fraudster and imposter, the person authorizing the transaction wo views only a hash value representation has no idea of the fraud.

Secondly, if the node owners are members of public there would be no liability attached to their authorization and hence fraud victims cannot hold them responsible. In a Banking environment or a private block chain where the block chain is owned by the Bank itself with its own officers being the nodal controllers, the responsibility can be fixed on the Bank. But this would not eliminate the need for the intermediary. What would change is that the transactions would be stored in terms of encrypted blocks instead of the central server (which also can be encrypted).

If the Banking ledger is kept as a “Public Block Chain” then we will be converting the money of the customers into a virtual data chain which if unauthorizedly modified, is no body’s responsibility.

In the legacy Banking system, the depositor lends his money to the Bank with a contractual guarantee of the same being returned with interest. The Bank is expected to invest the money received in loans and earn an income besides contributing to the development of the business and creation of further assets through a multiplier system.

The block chain banking would block the multiplier system that works in the legacy banking system creating money for development. It would be like every depositor keeping his money in his house and is unproductive.

All other arguments that block chain banking system will reduce inflation etc are also unlikely to materialize. If money supply is withdrawn from the system, then to some extent money available for purchase of goods and services would reduce and this leads to deflation and reversing the progress of the economy. In the long run all persons who have held their Bank deposits in the form of Block-Chain-Bank accounts managed by private Block-chain-syndicates would be at the mercy of a coterie that would take over the majority of nodes and play with the money of the public. These owners would convert the Block chain holdings into real cash through fraudulent transactions and enjoy their dollar wealth where as genuine depositors would live in a false sense that they have a “Crypto Wealth”.

I therefore consider that this would be highly harmful and create a large scale bankruptcy.

Invite counter views.

Naavi

Also refer: A Secure Blockchain-Banking Is What The World Needs?

One of the challenges that the Cyber World is facing is in maintaining the trust worthiness of the Internet content. In the coming days there will be increased use of ChatGPT tools by consumers and it is essential to retain the integrity of these applications to the extent possible by adopting appropriate regulatory oversight.

We have already discussed the need for “Accountability and Transparency” of AI algorithms which include a declaration of the owner of the algorithm in all the outputs. The main responsibility for this has to be taken up by the AI based service providers since the algorithm developers would be hiding behind and cannot be easily located. Hence AI based service providers would be held liable for any bias that may be inherent in the algorithm and it would be their responsibility to demand accountability from the AI developers.

Similarly, the Digital Media of the day which create the Internet content and is used as a training base by ChatGPT/Bard etc., needs to also show some accountability. It is well understood that “Hallucination Error” of AI is the responsibility of the Code developer but the “Bias” is created by the training data input. This is easily manipulated by creating an eco system of motivated news spread through the Internet either in the form of Digital Media, or Individual Blogs.

We are aware that Bitcoin authentication frauds can be committed by fraud syndicates taking over of majority of nodes. Similarly by controlling narrative in more than 50% of Internet content on a specific topic, it is possible to inject bias in the AI algorithms that pick up training data from Internet for reinforced learning. While it may be difficult or impossible to poison 50% of the web content, it is possible to create such biased mass of content in respect of a specific issue.

For example, it is possible to create a mass of content on “Adani” or “Khalistan” or “Islamic obligations” etc where more than 50% content may argue that “Adani” is a stock market manipulator, Khalistan is a popular freedom movement or etc. by pumping in articles of a specific nature in the training data/Internet data.

In all such cases, motivated actions of the interested groups cannot be countered by sufficient number of counter views. Hence it is inevitable that the output of AI algorithms like ChatGPT will eventually get corrupted. The corrupted outputs will in due course become the most accepted world view.

If ChatGPT was relied upon when Socrates said Earth is round while everybody else (other than ancient Indians) believed it to be flat, then science would have to struggle harder than it did to establish its credibility.

Currently, a large part of Digital Media is supported by motivated persons like George Soros who invest large sums of money to maintain a hoard of organizations and journalists to spread a prejudiced view have the capability of introducing bias into the ChatGPT4/5 or Bard.

I therefore advocate that as a part of the Intermediary responsibility in India, all Digital Media should be made to declare through a disclaimer the association with a funding agency whether it is George Soros or others.

Naavi had suggested in 2001, the service called “Lookalikes disclosure” (Visit lookalikes.in for more details) to meet the Domain Name disputes arising out of clash of domain names. Similarly a time has come to suggest that every website provide a disclosure “I am not associated with George Soros” or more generically “This website provides independent views and is not funded by vested interests” (Or some thing similar).

Such disclaimers should be considered as “Due Diligence”. Ideally every website expressing “Opinions” should declare its ownership and alignment if any to specific national, political, religious or racial interests.

Just as products are certified for country of origin, Vegetarian or not, etc, websites, blogs, Youtube channels etc can carry Trust Seals indicating their affiliation or neutrality which will be subject to review by the public.

Hope Meity considers this suggestion to be suitable included in the due diligence requirements of Digital Media.

Naavi

Refer:

George Soros vows to fight PM Modi and Nationalists: Here are some Indian ‘intellectuals’ and NGOs connected to him

Is George Soros trying to influence Karnataka elections through his proxies? Here is what a report says

How George Soros’ Propaganda Machine Has Corrupted The Media

One of the objectives in regulating the Mobile App ecosystem is for the regulators to have a check on the Google and Apple Playstores. These Playstores are “Intermediaries” through which apps get downloaded and hence are liable under ITA 2000/8 for due diligence and ensuring a reasonable security against malicious apps.

At present Google/Apple will check the technical compatibility of the apps submitted for approval and implement the US laws of Privacy to the extent they can check. The legal compliance is not based on Indian law and cannot be expected to be perfect. As a result the permissions allowed can be misused. A continuous oversight may be difficult for these tech companies.

To strengthen this mobile app ecosystem, it is necessary for a secondary filter of “Compliance to Indian laws” by the apps available on the Playstores. This could be expected of Google/Apple as an Intermediary responsibility of due diligence under ITA 2000 but it is unlikely that these organizations could fulfil this responsibility satisfactorily.

It is therefore suggested that the Government of India encourage indigenous organizations to audit mobile apps and provide an assurance of compliance to Indian laws. Such organizations can be independent of the regulator so that the regulator does not get directly involved in the assurance. However, the regulator (Data Protection Board) may suggest a broad criteria for registration of such organisations (like the consent manager registration) and accredit them. They can be subject to peer monitoring where apps assured by one organization can be re-assessed by other organizations and a “Peer Evaluation” can be published.

Adoption of this system by app developers can be voluntary and it can be left to the users to bring consumer pressure on app developers to get this assurance. If more Indian app developers adopt this approach of getting “Certified” as compliant to the Indian Cyber Law (DIA and DPDP Act), they will carve out a special niche in the mobile app world which will add value to the app.

Since these apps are also certified by Google and Apple, the technical compatibility requirements would be taken care of by the Google/Apple and only legal compliance is taken care by this second factor authentication of the app.

To accommodate this scheme, it is recommended that the DIA may introduce a category of service providers designated as “Application Certifiers” which will be another category of intermediaries and work out regulatory advisory for their operations.

Naavi

Also Refer suggestions by Mrs Karnika Seth

In a statement which was attributed to the MOS Sri Rajeev Chandrashekar, Economic Times reported that there is a proposal to allow “Cros Border Data Flow by Default”.

Just like “Privacy By Default”, the proposal suggests “Free Data Transfer by Default”.

This proposal is fundamentally against national interests and needs to be opposed.

All of us agree that “Data is an asset of value”. It has value as raw data, as Corporate data, as personal data, as sensitive personal data, as critical personal data or even as anonymised non personal data. If these are transferrable by default it is like having a “Free Border”. Even if we declare that China and Pakistan are negative list countries, if we consider Singapore or Thailand as default transfer countries, what prevents a Chinese data buyer to target the picking up of Indian data from those countries?. How will we prevent Aadhar data or health data or Indian defence data, Scientific data etc not to be transferred freely to another country?

We had one such instance in the past when sensitive personal data of 500 million Indians were transferred by CIBIL to a US Company by change of share holding from Indian Banks to the TransUnion. This was done during the last days of Mr P Chidambaram as Finance Minister and not questioned by Mr Arun Jaitely. (Refer this article)

Any data of an Indian which is unclaimed is automatically a sovereign data. Hence all personal data are “Potential National Asset” and has to be preserved in the interest of the nation. If the data is a valuable picture or a crypto wallet number, it may have huge financial value which cannot be allowed to be transferred freely to foreign interests.

It is not surprising that Nasscom supports this view of “Free Data Transfer out of India” since for long Nasscom has been in favour of the BigTech and always thinks of the benefit to the foreign interests.

I also note some other experts such as Quantum Hub Consulting also holds views similar to Nasscom .

I also note Mr Rahul Sharma of “The Perspective” as well as Mr Vinayak Godse of DSCI seem to favour the thought of “Cross Border Personal Data Transfer by Default”.

I urge all these experts not to be swayed by the propaganda of media channels and think of what is good for the country. As long as we consider Data to be an asset of financial value, providing unregulated transfer outside India is against the economic interests of the country.

While we readily accept that EU can introduce Data Localization without calling it so and Adequacy principle without calling it a positive list, when India tries to bring in similar restrictions, there is an opposition. I donot see any logic in this. It appears more like a colonial mindset and letting foreign countries treat India as a whole as a “Data Colony”.

The earlier proposal spoke of “Data Protection Zone” like “Data Embassies”. (which was also attributed to Mr Rajeev Chandrashekar ). In this concept, each country could set up a Protected Data Processing zone to ensure that the personal data of their country when processed in India could be regulated as per their law.

We are aware that the European Nations like Portugal, France and later the East India Company started with similar permitted areas of operation and later extended to the occupation of India as a whole through deceit.

This could happen even in these Data Embassies if these embassies are not restricted to processing of personal data of their country citizens alone and not the data of Indian Citizens. This was however not intended in the proposal and hence it was hailed as an innovative measure.

The current proposition of free data transfer by default will hinder the national security since financial transactions of criminals and corrupt people will not be traceable by ED or the IT departments. MHA will not have trace of terror funding.

In view of the above, I consider that the proposal of “Free Cross Border Data Transfer by default” is anti national and has to be dropped immediately.

Otherwise opposition parties like TMC or Congress will tear into BJP in the Parliament and ensure that this Bill will be shelved once again…

Naavi