Centre for Internet and Society

Supreme Court sets up constitution bench to hear Aadhaar privacy issues

praskrishna — 2017-07-14T10:55:04Z

The Supreme Court ‘s five-judge constitution bench will also decide if the Aadhaar privacy issue should be heard by a larger bench.

The article by Priyanka Mittal was published in Livemint on July 12, 2017. Sunil Abraham was quoted.

A five-judge constitution bench will hear arguments on 18-19 July as to whether Indian citizens have the right to privacy, and whether the Aadhaar unique identity project breaches the right.

Chief Justice of India (CJI) J.S. Khehar on Wednesday set the dates for the hearing by the constitution bench, which will decide whether the issue should be heard by a larger bench.

Should the five-judge bench decide to rule on the case itself and not refer it to a larger bench, it will decide the future of Aadhaar, which has become the backbone of government welfare programmes, the tax administration network and online financial transactions.

This will be based on whether the right to privacy is a fundamental right of Indian citizens.

Privacy rights activists argue that personal data gathered under the Aadhaar programme, aimed at giving a unique 12-digit identity number to every Indian, is vulnerable to abuse. Then attorney general Mukul Rohatgi told the Supreme Court in 2015 that Indian citizens don’t have a fundamental right to privacy under the Indian Constitution—an argument he repeated subsequently.

“In the two-day hearing, the court is not going to decide the full issue of privacy,” said Alok Prasanna Kumar, a lawyer and visiting fellow at think tank Vidhi Centre for Legal Policy, explaining how the Constitution bench is likely to proceed. “They are going to take a call on whether, in light of precedents, there is a need to refer the issue to a larger bench. There are past judgements and the court will have to look at the scope of privacy under each to decide the number of judges.”

He added: “If the five-judge bench agrees with the precedents, then it would continue to address the angle of privacy; if not, then it would be referred back to the CJI to constitute a larger bench of nine judges.”

All cases related to Aadhaar, including the right to privacy, will be heard by the constitution bench; the court decided to set up the constitution bench to hear the privacy case in August 2015.

The CJI’s decision came on a plea by advocate Shyam Divan, who has appeared in several cases opposing Aadhaar, and attorney general K.K. Venugopal seeking the speedy creation of a Constitution bench. It came a week after justice J. Chelameswar said that all matters related to Aadhaar should be addressed by a constitution bench.

“I see it as a step in the right direction. Personally, I hope that the privacy issue is heard by a five-judge bench as against a larger bench as that can bring more disagreement,” said Sunil Abraham, executive director of Bengaluru-based research think tank Centre for Internet and Society.

Last month, the Supreme Court court upheld the government’s decision to link Aadhaar with the permanent account number (PAN) for filing of income-tax returns but ruled that non-compliance with the law will carry no retrospective consequences.

Under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the unique identity number is mandatory only to receive social welfare benefits.

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-priyanka-mittal-july-12-2017-supreme-court-sets-up-constitution-bench-to-hear-aadhaar-privacy-issues

Reliance Jio data leaked on website : report

praskrishna — 2017-07-10T14:53:42Z

Reliance Jio customer data was leaked on independent website magicapk.com, including details such as names, mobile numbers and email IDs , said a report.

The article was published by Livemint on July 10, 2017.

Reliance Jio Infocomm Ltd’s customer data was allegedly leaked on an independent website, magicapk.com, a report said. Jio, which crossed the 100 million mark in February, barely six months after it was launched, ended the financial year with 108.9 million subscribers as of 31 March.

The report, published first in a late-night article on Sunday on Fonearena.com, alleged that “several sensitive details” were exposed, including customers’ first and last names, mobile numbers, email IDs, circles, SIM activation dates and even the Aadhaar numbers. The Aadhaar numbers, however, were redacted on magicapk.

“To my disbelief I found my own details in the database and also couple of my colleagues are affected too,” wrote Varun Krish, the author of the article. However, if you now click on Magicapk.com, it reads: “This Account has been suspended .” The Registrar of the site, according to the whois database, is Godaddy.com, LLC.

When contacted, a Reliance Jio spokesperson said, “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”

Fonearena.com, on its site, has responded with a: “We still stand by our story.”

The report assumes significance because the site exposed redacted Aadhaar card details. There are nearly 1.2 billion Aadhaar number holders in the country. Aadhaar aims to plug leakages in the delivery of state benefits, such as subsidized grains to the poor, and aid in generating a savings of about Rs70,000 crore a year for the government. But data breaches have rattled citizens, especially since India does not have a Privacy Act.

In March, the Unique Identification Authority of India (UIDAI) blacklisted a common services centre for 10 years after it shared the Aadhaar details of former cricket captain Mahendra Singh Dhoni. On 25 April, Mint reported that many government departments, including the ministry of drinking water and sanitation, the Jharkhand Directorate of Social Security, and the Kerala government’s pension department, had published Aadhaar numbers of beneficiaries of the schemes they run in violation of the Aadhaar Act .

On 1 May, Bengaluru-based think tank Centre for Internet and Society (CIS) reported that a Central government ministry and a state government may have made public up to 135 million Aadhaar numbers .

Under the Aadhaar (Targeted Delivery of Financial Subsidies, Benefits and Services) Act, 2016, the unique identity number is mandatory only to receive social welfare benefits. However, tagging of the Aadhaar number is being made mandatory by the government for various schemes including PAN (permanent account number) accounts for taxation. On 7 July, the Supreme Court refused to pass any interim order against the mandatory use of Aadhaar for various government schemes. It, instead, suggested that petitioners call for immediate formation of a Constitution bench to decide on the case .

News of the alleged data leak also comes at a time when there have been a spate of cyber hacks.

For instance, just when companies started believing that WannaCry—the malware that held over 200,000 individuals across 10,000 organizations in nearly 100 countries to ransom—was on the wane, a virus christened GoldenEye (a variant of the Petya ransomware) by security firm Bitdefender Labs attacked companies, mostly in Ukraine. And while the target primarily appeared to be European countries, the ransomware was also reported to be making inroads in countries like India.

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-july-10-2017-reliance-jio-data-leaked-on-website-report

Act now to protect yourself against future ransomware attacks

praskrishna — 2017-07-10T14:46:14Z

There was Wannacry, then Petya, and several other lesser-known ones: With ransomware attacks coming thick and fast, get proactive about protecting yourself.

The article by Sanjay Kumar Singh was published by Business Standard on July 5, 2017.

The Wannacry ransomware attack in May was followed by the Petya attack last week. This attack affected the Ukrainian government and large corporates like Maersk and Merck. In India it affected the operations of terminals at Jawaharlal Nehru Port Trust (JNPT), operated by Maersk. According to Kaspersky Lab, the rate of ransomware attacks on businesses grew from one every 120 seconds in January 2016 to one every 40 seconds by October that year. The rate of attack on individuals' computers rose from one every 20 seconds to one every 10 seconds over this period. Today, it has become imperative for everyone, including entrepreneurs and small business owners, to learn how to defend themselves against such attacks.

A trend witnessed in 2016 was the growth of ransomware-as-a-service business model. "Code creators offer their malicious product on demand, selling uniquely modified versions to criminals who then distribute it through spam and websites, paying a commission to the creator," says Altaf Halde, managing director, Kaspersky Lab (South Asia). He adds that the growth of cashless payments in India will undoubtedly attract the attention of cyber criminals and lead to more attacks in future.

Next, let us turn to how ransomware works. An operating system (OS) is a large and complicated piece of software with millions of lines of software code. A malware exploits vulnerabilities within the OS to infiltrate it. An infiltration can happen in multiple ways: if you download a malicious email attachment, visit a code-carrying web site, via an infected pen drive, and so on.

Ransomware is a form of malware that encrypts the files in a critical part of the computer, such as My Documents or Desktop, where people usually store their files. It could also encrypt specific file types, say, such .doc files. The user is then informed that his files have been encrypted along with the warning that unless he pays up within the next few hours his files will be deleted. Says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru: "You first have to first pay the attackers using anonymous money like bitcoins and then they give you the key for decrypting your files."

A ransomware attack can be dealt with in two ways: either pay the money and get the files unlocked, or find a way to circumvent the encryption. The latter option can, however, take a fair bit of time.

Safeguard measure you should adopt
Back up important files regularly. Check periodically that these files have not got damaged Enable ‘Show file extensions’ option in Windows settings. Stay away from extensions like “exe”, “vbs” and “scr”. Many familiar file types can be dangerous as scammers use multiple extensions (like hot-chics.avi.exe or doc.scr) If you discover an unknown process on your machine, cut off the Internet connection immediately If you have been infected, find the name of the ransomware. If it's an older version, your files can be restored. For restoration tools visit https://www.nomoreransom.org/

Among the safeguard measures you should adopt, first and foremost, never open a suspicious file. By being vigilant you can avoid a lot of ransomware attacks.

Most malware exploit vulnerabilities within the OS. "These vulnerabilities are frequently patched by the creators of the OS. But if people use pirated OS, or don't upgrade it regularly, they could land in trouble," says Tiwari. Soon after the Wannacry attack, Microsoft had issued a patch. People who updated their computers immediately didn't get affected by it. Also, use the latest version of an OS.

Use a quality antivirus (AV) solution, which is usually one you have to pay for. A high-quality AV can even protect you against vulnerabilities not patched by the OS manufacturer. AVs scan files. If they detect patterns indicating the presence of malware, they lock them apart from the rest of the computer, thereby preventing them from spreading.

One option is to use an OS that is less vulnerable, like Mac and Linux. Fewer malware are designed for these OS as fewer people use them.

Finally, if your files do get encrypted, don’t pay the ransom, unless instant access to those files is critical. "Each payment only fuels this unlawful business," says Halde.

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-july-5-2017-sanjay-kumar-singh-act-now-to-protect-yourself-against-future-ransomware-attacks

Disabled demand rollback of GST on aids

praskrishna — 2017-07-09T02:21:46Z

It has been eight years since Mansoor Ahmed changed his caliper. The one he owns was bought for Rs 20,000. Now, they cost more than double. “It is a challenge to buy a caliper when the cost of living has gone up so much. I know really poor people who haven't changed calipers in 15-20 years. After a point, it could cause the disability to worsen,“ says Ahmed, a senior manager with a Bengaluru-based non-profit.

The article by Sandhya Soman was published in the Economic Times on July 7, 2017.

For disabled people like Ahmed, the 5% GST on basic aids and appliances like calipers, Braille writers and cochlear implants is an additional load. “We are already burdened by other costs -illnesses and medicines. It's quite unfair if I must pay more if I have to walk,“ says Ahmed.

The decision to tax aids and appliances for the disabled continues to draw flak despite a hastily put together statement last week reducing GST and capping it at 5% for 22 categories of products. Cars will continue to have 18% GST even if they are retrofitted for a disabled driver. The disabled find it hard to reconcile that they will have to shell out more while items such as sindoor and bangles got a waiver. This is the government that launched the Ac cessible India campaign and Inclusive India campaign. I don't understand why they should charge people to walk with a cane,“ says Nirmita Narasimhan, policy director, The Centre for Internet and Society.

The economic burden is accentuated by a lack of institutional support, whether in terms of accessibility to public transport or provision of affordable aids. “There is close correlation between poverty and disability . Most of us can't step out of our houses as roads, pavements and public transport are inaccessible,“ asks Javed Abidi, director, National Centre for Promotion of Employment for Disabled People.

Narasimhan notes in her submission to the government that the 21 million disabled record low literacy level (59%, below national average of 74.4%) and low work participation (36.3%).

To reduce the financial burden, Abidi and others fought to do away with taxes on aids since 2000. “We could bring down tax rates, sometimes as high as 20%, on various items to 5%. In 2006, it became zero and the last decade was the most important one for disability rights. Instead of making aids more affordable, we are now going back 10 years and charging 5% again,“ says Abidi, a wheelchair user.

For more details visit http://editors.cis-india.org/accessibility/news/economic-times-july-7-2017-sandhya-soman-disabled-demand-rollback-of-gst-on-aids

Cybersecurity - Threat or Opportunity

praskrishna — 2017-07-07T02:42:28Z

For more details visit http://editors.cis-india.org/internet-governance/files/cybersecurity-threat-or-opportunity

2nd China - India Think Tank Forum Report

praskrishna — 2017-07-07T02:39:36Z

For more details visit http://editors.cis-india.org/internet-governance/files/2nd-china-india-think-tank-forum-report

Plagiarism is rampant in Indian food writing – but finally, bloggers have a way to fight it

praskrishna — 2017-07-06T15:53:46Z

“We have been cheated,” declared the headline of the blog post making the rounds of social media on April 25.

The blogpost by Chanpreet Khurana was published by Scroll.in on July 4, 2017. Sunil Abraham was quoted.

The post, written by Rajkumar Saxena, former head of Mumbai’s Institute of Hotel Management, alleged that passages from his 1997 book on Awadhi cuisine, Dastarkhwan-e-Awadh, had been plagiarised by Sunil Soni, a veteran chef, in his new book titled Jashn-e-Oudh: Romance of the Cuisine.

The blog’s text, like the headline, dripped with hurt and contempt: “Here is a case of… a learned, literate person who has no qualms about unhesitatingly lifting word-by-word the explanations, recipes etc. from [a] book authored by us and claiming it to be his original work…” Images from the two books were embedded to support the allegation. “We need to name and shame such so-called experts through social media. We seek your support…”

The support came almost immediately.

Celebrity chef Ranveer Brar, who had written the foreword for Soni’s book, announced on Facebook that he wanted the author to remove it. Outrage also erupted on the wall of Food Bloggers’ Hall of Shame, a closed Facebook group of 421 members dedicated to fighting plagiarism in food writing and photography in India. “How can people even think that they can get away with such a shameless act of plagiarising?” wrote Anushruti RK.

It was an organic reaction. By blogging about his grievance, Saxena had tapped into the one space that Indian food writers are increasingly using today to redress the alleged plagiarism in food writing – social media.

“As a community, we are now discovering an average of one or two plagiarist websites/aggregators every week,” said Rhea Mitra-Dalal, the administrator of the Food Bloggers’ Hall of Shame, which shares dos and don’ts with members to protect their work. “We’ve had several run-ins with celebrity chefs, big food brands, restaurants, and food businesses, especially on their social media pages, where we have found plagiarised images. Public outcry on those pages has usually worked and we have got the plagiarised content down, but these are episodic and the basic mind-set hasn’t changed: it is fine to plagiarise, just apologise and take it down when caught.”

Cease and desist

Saxena’s blog post was a last resort. He says he had first noticed the alleged plagiarism – “42 recipes, 24 explanatory notes and 12 chapter notes,” according to him – in Jashn-e-Oudh in January, and had informed his publisher HarperCollins India. HarperCollins responded by sending a cease-and-desist notice to Soni, copying his publisher Shubhi Publications, and set three demands: remove the offending material from Jashn-e-Oudh, acknowledge the copyright of the authors of Dastarkhwan-e-Awadh, and pay Rs 5 lakh.

Soni and Sanjay Arya of Shubhi Publications claim they never received this notice.

On April 10, Saxena says he got an email from HarperCollins telling him it will not be pursuing the matter further because “currently HCI has put on hold all litigations due to some business-related issues”. “The copyright is definitely in your favour,” declared the email. “You are free to litigate this matter and file a suit for injunction. As far as shaming the authors/publisher on social media is concerned, as a publisher, we cannot opine on that. It is your personal decision...”

So, a fortnight later, Saxena did just that: he took his complaint to the internet.

Around the same time, he and his co-author Sangeeta Bhatnagar sent a legal notice, through their lawyer, to Soni to cease and desist from further publication and distribution of Jashn-e-Oudh, and demanded Rs 15 lakh in compensation.

This time, they got a seven-page response from Soni’s lawyer.

While denying the accusation of plagiarism, the response from Soni’s lawyer said, “Your clients are liable to show their copyright in the alleged infringed work of our client as no copyright can be claimed in the traditional recipes and their preparation as same will be similar across the globe to get the same taste.” It added that no copyright can be claimed on the subject of Awadhi recipes since it is “a common topic and known and available to the general public at large. All the recipes mentioned in the alleged publication are known in the market”.

Soni also denied the allegation when contacted for comment by Scroll.in.

Looking West

The reply from Soni’s lawyer makes some sound legal points, all of which, according to food bloggers, are reasons why food plagiarism is so hard to prove: a recipe that is a list of ingredients cannot be copyrighted. Nor can a traditional cooking method be seen as the property of any author. Reproducing these, therefore, is not plagiarism.

However, substantial literary and artistic expressions are copyrightable, according to the US Copyright Office, and reproducing these is unlawful. Another suspect action is when a chef’s work is tweaked by changing just one or two ingredients. In 2012, the Food Network in the US cancelled chef Anne Thornton’s TV show Dessert First, because some of her recipes were only mildly different from those created by superchefs like Martha Stewart.

Bloggers like Mitra Dalal lean on these definitions to call their content original. “Most of us have unique styles of writing, and we often include anecdotes and other content to our posts,” she said. “So copy-pastes can often be quite correctly identified.”

Another useful metric, according to Mitra Dalal, are rules set in more mature markets where bloggers have already fought, and won, battles.

“There are international guidelines for this,” she explained. “Loosely put, if every third word is different, the text cannot be deemed plagiarised. Also, you cannot say that an ingredient list is plagiarised.”

Small wins

Mitra Dalal and other food bloggers often fight their battles outside the court of law, which is good and bad. On the plus side, it’s faster and easier for them to control the context – but on the minus side, the wins are relatively small.

In July last year, for instance, 20 food bloggers alleged that the recipe aggregating app The Frying Pan had plagiarised their work. They lawyered up, and got ready for a legal battle.

“The Frying Pan had published our recipes and photographs without proper attribution, and without our consent,” said Deeba Rajpal, one of the 20 complainants. “We were advised that if we sought compensation, it would be a long haul. So, we only asked The Frying Pan to take our content down and never to use our work again without permission.”

The case didn’t go to court. The lawyers met and reached an agreement, according to Rajpal. “The app took our content down. The case never had a proper conclusion – it fizzled out.”

Except on social media, where the Food Bloggers’ Hall of Shame kept the pressure up, slamming The Frying Pan – hard.

Can Google help?

Proving plagiarism in food writing is difficult at any rate, but there are factors that complicate the matter in India, according to Sunil Abraham of The Centre for Internet and Society.

The copyright law here, he says, has inbuilt exceptions and limitations that protect the rights of stakeholders, including entrepreneurs, content creators, consumers, the public who may not pay for the content, and the government.

Many times, copyright holders in India have conceded or withdrawn legal cases because of limitations to the copyright law or the doctrine of fair use, which states that “brief excerpts of copyright material may, under certain circumstances, be quoted verbatim”. Just in February, a handful of publishers took back a lawsuit against a photocopier shop in Delhi University that had been selling study packs with materials reproduced from the publishers’ books.

Abraham said that often there is an economic incentive for plagiarising – take that away, and you fix half the problem.

For bloggers, a major source of income is Google AdSense, a popular program that allows website publishers to display ads on their pages and “earn money when visitors view or click the ads”. The problem is: if the advertiser cares only about page views and not the origin of the content, there is no incentive against plagiarism.

For checking online copyright infringement, Abraham says, the onus should be on multinationals like Google, which host a large number of blogs and web versions of media articles. “Google is constantly indexing the internet,” he said in a phone interview from Bengaluru, so Google knows when a write-up or a photo has been published before.

To be fair, according to the Digital Millennium Copyright Act, Google does entertain requests to remove online posts where a complainant can show copyright infringement. It’s a recourse that Mitra Dalal and some members of her Facebook group have found useful. But Abraham says this is less effective than if Google created hurdles to publishing content it deems plagiarised.

Need for reforms

Where does all this leave Saxena? It’s hard to tell.

Social media has generated awareness about his case, and Saxena has filed a complaint with the Delhi Police under Section 63 of the Indian Copyright Act. He plans to follow it up with a legal case. One thing that has certainly resulted from the episode is the food writing community’s intensified demand for clarity in laws to protect intellectual property.

As Saee Koranne-Khandekar, who blogs at myjhola.in, wrote on Food Bloggers’ Hall of Shame: “What’s amazing is that the original work [by Saxena and Bhatnagar] has gone through three successful editions, is published by a major player, and is written by two prominent names in the industry. One would think theft of content would occur in the case of less lesser known works, but this is pure guts! I hope at least this incident marks the immediate need for reform in our laws.”

For more details visit http://editors.cis-india.org/a2k/news/scroll-july-4-2017-chanpreet-khurana-plagiarism-is-rampant-in-indian-food-writing-but-finally-bloggers-have-a-way-to-fight-it

UIDAI declining multiple requests by police to share Indian citizens’ biometrics

praskrishna — 2017-07-06T15:25:32Z

The Unique Identification Authority of India (UIDAI), the governing agency in charge of Aadhaar, has declined multiple requests from all law enforcement agencies, including the Delhi Police, for biometrics of citizens for criminal investigations, according to a report by The Indian Express.

The blog post by Justin Lee was published by Biometric Update on July 4, 2017.

Investigating agencies such as CBI and NIA have been repeatedly requesting the details of Aadhaar cardholders including their biometrics, UIDAI said.

UIDAI Deputy Director General Rajesh Kumar Singh has written to the heads of each agency, ordering them to stop asking for such details.

“This is regarding requests frequently received by the UIDAI from police and other law enforcement agencies, seeking demographic and biometric information of residents for facilitating identification of individuals in different cases,” Singh said in his letter. “In this regard, I would like to draw your kind attention to provisions under Sections 28 and 29 of the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016, which prohibits sharing of core biometric and identity related information with other authorities.”

Rather than asking forensic labs to match fingerprints, state police and investigating agencies are requesting biometrics data from UIDAI.

“Identity information cannot be shared by UIDAI,” Singh said. “The requests received from law enforcement agencies lead to avoidable delays in investigation by the police authorities and unnecessary increase in the workload of subordinate authorities.”

UIDAI is also concerned about data potentially leaking as the central government has confirmed that identities of individuals, including Aadhaar numbers and other private information, has been leaked to the public.

In May, the Centre for Internet and Society published a report that claimed between 130 to 135 million numbers in India’s Aadhaar biometric registry system, and around 100 million bank numbers of pensioners and rural jobs-for-work beneficiaries, have been leaked online by four key government programs.

For more details visit http://editors.cis-india.org/internet-governance/news/biometric-update-july-4-2017-justin-lee-uidai-declining-multiple-requests-by-police-to-share-indian-citizens-biometrics

GDPR_IndustrySheet_07.pdf

praskrishna — 2017-07-04T16:11:10Z

For more details visit http://editors.cis-india.org/internet-governance/files/GDPR_IndustrySheet_07.pdf

Second Annual Roundtable on Innovation, Intellectual Property and Competition

praskrishna — 2017-08-08T00:33:51Z

Rohini Lakshane attended the round-table organized by CIIPC, National Law University, Delhi, in Bangalore on July 2, 2017.

The CIIPC conducts the Annual Roundtable on Innovation, Intellectual Property and Competition to offer a forum for members of the academia, policy makers, industry stakeholders and academically minded practitioners to engage on emerging issues at the interface of innovation, intellectual property & competition law and policy. The First Annual Roundtable on Innovation, Intellectual Property and Competition, held last year in New Delhi, was well attended. This time around, we look forward to continuing this dialogue through open and nuanced discussions on the most relevant and contentious issues concerning this area of law and economic policy, with special emphasis on recent developments in India.

Click to see the Agenda

For more details visit http://editors.cis-india.org/a2k/news/second-annual-roundtable-on-innovation-intellectual-property-and-competition

Freedom of Expression on the Internet : Possibilities and Challenges

praskrishna — 2017-07-09T02:30:32Z

Sharat Chandra Ram was a speaker at an international seminar organized by Bolivar Technological University, Cartagena in Colombia on June 29, 2017. The theme of the seminar was ‘Freedom of Expression on the Internet : Possibilities and Challenges”.

For more info on the event, click here

For more details visit http://editors.cis-india.org/internet-governance/news/freedom-of-expression-on-the-internet-possibilities-and-challenges

Preliminary Findings: Working Requirements for Complex Products under the Indian Patent System

praskrishna — 2017-08-22T13:48:08Z

Prof. Jorge L. Contreras gave a talk on a forthcoming paper "Preliminary Findings: Working Requirements for Complex Products under the Indian Patent System" at the "2nd International Conference on Standardisation, Patents and Competition Issues" held on June 10 and 11, 2017 in New Delhi. The conference was organized by O.P. Jindal Global University.

The paper contains findings a study by Rohini Lakshane of CIS and Prof Jorge Contreras, University of Utah on the Statements of Working (Form 27) of the patents they found for their previous paper "Patents and mobile devices in India: An empirical survey". View the slide deck. See the event website. To read the Research Methodology click here.

For more details visit http://editors.cis-india.org/a2k/news/2nd-international-conference-on-standardisation-patents-and-competition-issues

GoldenEye ransomware attack hit operations at Pipavav Port, JNPT

praskrishna — 2017-07-06T22:53:13Z

Shipping ministry says the GoldenEye ransomware attack at JNPT and Pipavav port may result in bunching of inbound and outbound cargo.

The article by Jyotika Sood and Utpal Bhaskar was published in Livemint on June 28, 2017. Pranesh Prakash was quoted.

Operations at one of three terminals at India’s largest container port, Jawaharlal Nehru Port Trust (JNPT) run by AP Moller-Maersk, near Mumbai, were disrupted by a global ransomware attack, the port said on Wednesday. The version that caused the disruption has been dubbed GoldenEye by security firm Bitdefender Labs.

Operations at the Danish firm’s terminal at Gujarat Pipavav Port were also affected, but by the Petya variant of the ransomware.

Ransomware typically logs users out of their own systems and asks them to pay a ransom if they want to access the encrypted data.

“The central server is in Europe which we can’t control. It is not a problem aimed at India... we have become collateral damage,” said a senior Indian government official involved in cybersecurity operations.

The ransomware hit the integrated transport and logistics firm’s global operations on Tuesday across its 75 terminals. It also impacted Chernobyl’s radiation monitoring system, law firm DLA Piper, pharma firm Merck, a number of banks, an airport, the Kiev metro, British advertising giant WPP and Russian oil firm Rosneft, according to Bitdefender Labs.

“The IT (information technology) department of JNPT became aware of the attack at around 4.30pm on Tuesday. The Windows server started conking off and the master file got encrypted and we couldn’t access any data. The operations immediately came to a standstill,” said a JNPT official requesting anonymity.

AP Moller-Maersk operates the Gateway Terminals India (GTI) at JNPT which has a capacity to handle 1.8 million standard container units. JNPT, which ships more than half the containerized cargo passing through India’s ports, serves a vast hinterland comprising all of northern and western India.

“While DP World and JNPT terminals are operational, the Gateway Terminals India operated by APM is completely shut,” said the JNPT official.

This is the second major ransomware attack since May after hackers exploited a loophole that was first identified by the US National Security Agency, to create WannaCry, that affected several businesses in more than 150 countries including India.

The ministry of corporate affairs and the Andhra Pradesh Police were affected, besides several large organizations..

“While the terminal operator is taking steps to address the issues disrupting operations, it is anticipated that there could be bunching of in-bound and out-bound container cargo,” India’s shipping ministry said in a statement.

Maersk group, through its terminal and infrastructure business, has invested $800 million in India.

“The global attack has impacted APM terminal of the JNPT port. The operations at the terminal have slowed down and are being entered manually. We are trying to handle the crisis by diverting traffic to other terminals,” JNPT chairman Anil Diggikar said, adding that JNPT’s operations have not been affected to a great extent.

He said it would take around 24 hours to clear the backlog.

Gujarat Pipavav Port told stock exchanges that the ransomware did not have “any major impact on the company at this point in time”.

Concerns have been expressed about the safety of India’s infrastructure projects with power generation and transmission projects figuring high on terrorist threat lists.

Ravi Shankar Prasad, minister of electronics and information technology, on Wednesday said advisories have been issued and the government is keeping a close watch on developments.

The Indian Computer Emergency Response Team (CERT-In), the agency coordinating efforts on cybersecurity issues, in a 27 June advisory warned, “It has been reported that variants of Petya ransomware with work-like capabilities are spreading.”

Such attacks pose a grave threat to the economy and businesses. Cybersecurity Ventures predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion by 2021.

Experts believe India is ill-equipped to face such attacks.

“These cases of malware attacks highlight the need for proper planning of cybersecurity at all levels, especially for the government infrastructure networks,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

“Transportation and shipping companies are ill-prepared for cyberattacks,” added Amit Jaju, executive director, fraud investigation and dispute services, EY.

The emergency playing out at the ports assumes significance, given India’s Rs8 trillion investment plan until 2035 under the Sagarmala programme, which involves the construction of new ports to harness the country’s 7,517km coastline and setting up of as many as 142 cargo terminals at major ports.

“Indian companies lose approximately Rs40,000 crore due to cybercrime every year. India is among the top 5 countries today in terms of the frequency and the number of cyber attacks,” Jaju said.

“We are not prepared at all. This is a question of cyber literacy because the latest attack has reused the same Windows vulnerability that was exploited by WannaCry ransomware last month and for which security patches were released almost three months ago by Microsoft,” added cybersecurity expert Mohit Kumar.

Anirudh Laskar, Mayank Aggarwal, Shally Seth & Komal Gupta contributed to the story.

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-june-28-2017-jyotika-sood-utpal-bhaskar-golden-eye-ransomware-attack-hit-operations-at-pipavav-port-jnpt

Second India China Think-Tank Forum

praskrishna — 2017-07-07T02:43:09Z

The second India-China Think-Tank Forum was held in Beijing from June 22 to 27, 2017. The Forum was jointly organized by the Institute of Chinese Studies, the Indian Council of World Affairs, and the Chinese Academy of Social Sciences. Saikat Dutta represented an Indian think tank.

The Forum was set up following an MoU between India and China during the visit of Prime Minister Narendra Modi in 2015. The idea of the forum is to explore contentious issues and new areas of cooperation between India and China as a Track 1.5 dialogue. Read More

Click here for the report

Click to read Saikat Dutta's presentation

For more details visit http://editors.cis-india.org/internet-governance/news/second-india-china-think-tank-forum

DSCI Best Practices Meet

praskrishna — 2017-07-07T01:39:23Z

Udbhav Tiwari represented CIS on a Panel titled "Reposing Trust in Citizen Identity Systems" at the DSCI Best Practices Meet held at the ITC Gardenia on June 22 and 23, 2017 in Bangalore.

The event discussions featured around privacy and Aadhaar.

For more details visit http://editors.cis-india.org/internet-governance/news/dsci-best-practices-meet