Naavi.org

Ollie Robinson made an impressive Cricket Test debut at Lords last week against  New Zealand. He virtually saved England from losing the test by not only taking 7 wickets but also scoring 42 runs at a critical stage in the first innings.

However a lobby worked against him to point out tweets  that had been posted by him in 2012 which was allegedly “Rascist” and “Sexist”. The English Cricket Board (ECB) in a holier than thou reaction, immediately suspended Mr Robinson indefinitely and said that they will conduct the necessary enquiry.

They said

” Ollie Robinson has been suspended from all international cricket pending the outcome of a disciplinary investigation. He will not be available for selection for the second Test against New Zealand starting at Edgbaston on Thursday 10 June. Robinson will leave the England camp immediately and return to his county”

Subsequently the England Prime Minister Boris Johnson said that the punishment was harsh and he was promptly criticized.  It was unfortunate that even our own much loved cricketer Farooq Engineer was critical of Robinson as well as Boris Johnson for his remarks.

Ravichandran Ashwin however came up with a very mature response stating

“I can understand the negative sentiments towards what #OllieRobinson did years ago, but I do feel genuinely sorry for him being suspended after an impressive start to his test career. This suspension is a strong indication of what the future holds in this social media Gen”

Further, earlier  statements on Twitter from Jimmy Anderson, Eion Morgan, Jos Butler  have also been unearthed accusing them of passing intemperate remarks  may be called rascist. They are more recent than 2012.

Anderson was reported to have stated

“I saw Broady’s new haircut for the first time today. Not sure about it. Thought he looked like a 15 yr old lesbian!”

As against this, it is interesting to note what did the offending tweet from Robinson stated.

[Another publication quoted the following tweets:

“I wonder if Asian people put smileys like this ¦) #racist”; “My new muslim friend is the bomb. #wheeyyyyy”; “Real n—– don’t let the microwave hit 0:00”; and “Wash your fingers for the mingers #cuban”.]

Conservative party leader’s came up with statements suggesting that the statement of Mr Robinson should be seen in the context of a ten year old view of a teen ager and his current apology. However, the labour party which is a known supporter of Muslim interests in England and passed many remarks against Indian interests in the past jumped into the political debate to oppose the views of the conservative party leaders making the issue political.

We know that many times Cricket boards provide suspended sentences so that the career of an individual is not affected by an immediate ban. We have also seen that in civil suits we have a period of limitation and in criminal law, we have the principle of a convict being “reformed” and released into the world. Many rapists and murders come out of jail and lead normal life after a sentence of 5 to 7 years.

In such a situation, it is clear that the immediate suspension from all international cricket and throwing the person out of the team environment immediately and banishing him to his house in utter humiliations appears a very biased decision from ECB. Prima facie this decision itself appears an “Appeasement action” taken by ECB in support of the Muslims and Cubans who were referred to in Mr Robinson’s tweet.

Though the use of “Muslim” and associating it with “Bomb” must have irritated many, we should also observe that he has added the word “Friend” to his description. Hence there was a neutralization of the terror association within the statement itself.

The proposed punishment is definitely “Disproportional” to the gravity of the offence and appears to has been taken for political reasons.

From the Privacy  perspective, we do get a thought that probably Mr Robinson could have exercised his “Right to Forget” some time back so that this controversy could have been avoided. This would not however prevented the possibility  that some archived  version of the tweet could have still surfaced.

Psychologists say that during adolescence, harmonal changes in human beings bring about some changes in a person’s behaviour and could make him/her do things which he/she may correct in later years as maturity dawns in. Many College boys and College girls might have been eve-teasers or adam-teasers but later turned into perfect gentlemen or women.

In fact we recently had controversies surrounding Hardik Pandya’s remarks in a TV show for which some limited punishment was given by the Indian Cricket Board. We know that even Gandhi whom we revere as Mahatma did admit of teen age indiscretions and we all admired him for his honesty.

Many of our celebrities may have had chequered careers during their younger days and if one digs deep, the past of many respected individuals may be tainted with such tweets or articles in print or recorded voice messages.

The action of ECB  therefore appears to be more a case of reverse rascism than a move born out of a genuine reason of discipline. There is a need for investigation of how the tweets surfaced, who brought in a complaint to ECB and why such a severe action was contemplated. There could be political lobbies which were trying to create a political storm and gain sympathy of Muslims and Cubans for political gain.

It is high time that such incidents are evaluated based on the context and not literally on the basis of the words used.

An AI algorithm may commit such a mistake but human beings endowed with  the power to think should  not commit such mistakes.

The action of ECB will have a chilling effect on free speech and needs to be condemned.

Naavi

Reference articles

Republicworld.com

Indianexpress.com

Foundation of Data Protection Professionals in India (FDPPI) is an organization of the Data professionals dedicated to the empowerment of the Data Protection eco system in India.

Towards this end, FDPPI has developed Certification programs for skill development of professionals. At the same time, FDPPI has also developed a Certification standard for “Personal Data Protection Compliance Management System” to enable organizations to implement appropriate compliance programs which are certifiable by experts.

In a bid to extend the awareness of Privacy and Data Protection regulations in India, FDPPI engages itself in many outreach activities. One such activity is its weekly webinars from experts on various topics surrounding Data Protection.

In a bid to further extend the reach of these awareness programs to the younger generation in Colleges, FDPPI has set up a separate division to promote student participation in Privacy and Data Protection activities. The “Privacy and Youth” is a movement that has been set up for this purpose to engage the educational institutions and provide an opportunity for the students of Law, Engineering and Management students to participate in the activities of FDPPI.

FDPPI has therefore embarked on setting up “Student Chapters” and “Affiliate Colleges” so that the interaction between the academia and the industry can proceed on a continuing basis.

The program is coordinated by Dr Mahendra Limaye, Advocate, Nagpur. For more information Dr Limaye may be contacted at mahendralimaye yahoo.com or fdppi@ fdppi.in.

Naavi

Anonymization is an important aspect of  Data Protection in India. It segregates Data into two categories namely Personal Data for which the proposed PDPA-India will be applicable as per PDPB 2019 and Non Personal Data which is outside this regulation. According to PDPB 2019 the DPA (Data Protection Authority) when formed will issue the guideline for a standard of anonymization that would be acceptable under law.

It is understood that no technology is perfect and even the strongest of anonymization can be broken by hackers just as Encryption can be broken. Hacking of such nature can be made punishable but as long as hackers exist, it cannot be prevented.

Some hackers would not like themselves to be called hackers and they call themselves as “Security Researchers”. As long as their intention is to find out security vulnerabilities and they  work for an organization under authority to find bugs in its processes they deserve to be called security researchers or white hackers. But the moment they turnover their findings to the dark web or use it for extortion, they become black hackers.

The standard prescribed by law can only introduce a reasonable limit for an organization to render an identified personal data to anonymized personal data. If the standard is set too high, it will be disproportional to the business needs. If it is set too low, it would not suffice.

Hence the DPA will have a task to ensure that a right level of difficulty is set for hackers to determine what level of technology is sufficient to call a personal data as anonymized.

ICO-UK has now come up with a guidance note on this topic which is a good starting point to understand how anonymization is interpreted in UK and how it is distinguished from De-Identification and Pseudnymization.

A copy of the guidance note is available here

Some key points in the guideline are as follows:

Anonymisation is the process of turning personal data into anonymous information so that an individual is not (or is no longer) identifiable.

Data protection law does not apply to truly anonymous information.

Pseudonymisation is a type of processing designed to reduce data protection risk, but not eliminate it. You should think of it as a security and risk mitigation measure, not as an anonymisation technique by itself.

It must be noted that

Anonymisation is the process of turning personal data into anonymous information so that an individual is not (or is no longer) identifiable.

Data protection law does not apply to truly anonymous information.

Pseudonymisation is a type of processing designed to reduce data protection risk, but not eliminate it. You should think of it as a security and risk mitigation measure, not as an anonymisation technique by itself.

It must be noted that  Pseudonymization is similar to De-Identification in effect. In de identification, all identifiers are removed as a set and substituted with one proxy ID. In Pseudonymization, each identifier is replaced with a pseudo identifier.

Both de-identified and pseudonymized personal data may be re-identified by some body who has the mapping information. In anonymization, the mapping information is irretrievably destroyed so that even the person who anonymized it in the first place is not capable of identifying it without resorting to efforts which are not considered normal.

Unauthorized re-identification of de-identified/pseudonymized information as well as anonymized information is a punishable office under UK-GDPR as much as it is so in Indian PDPA.(proposed).

It is recognized that in some instances effective anonymization may not be possible due to the nature or context of the data, or the purpose(s) for which it is collected or used.

More guidelines are expected to be announced by ICO in due course as additional chapters to this guideline and may be a good document to keep track.

Naavi

In a commendable move, Karnataka Police has set up a special help desk to attend to Cyber Crimes involving financial crimes.

See Report here

The  Cybercrime Incident Report system, with a call center responding to calls at 112, will  be  an information-based Business Process Outsourcing (BPO) mechanism.

The system will alert banks and internet services within around two hours, the golden period, to block a transaction or a social media account reported to be linked to a cyber offence.

According to the Bangalore Commissioner, Mr Kamal Pant, the system will alert banks and internet services within around two hours, the golden period, to block a transaction or a social media account reported to be linked to a cyber offence.

The control room officials will soon alert the nodal officers of concerned banks and service providers. The basic purpose would be to stop further transactions because we have a two hour period to block and reverse transactions with banks. This is the basic objective.

Mr Pant has stated that this is like filing an FIR and “What we are proposing is that wherever a person is located and gets an intimation of an illegal financial transaction, then he can intimate us in real-time,.”.

This was a long felt need since Banks were not addressing the reported frauds properly and were driving away the customers who were made to shunt between multiple Police Stations. Banks have not been alert in immediately stopping the payment at the other end of the fraudulent fund transfer and this system will now bring pressure on them to act.

Most Cyber Crimes can be frustrated if the criminal is not allowed to withdraw the money at the receiving end.

Though Police is talking of a “Golden Hour”, with 24 hour ATM network, criminals can withdraw cash transferred in a fraud within a very short time. Often such frauds occur in the middle of the night and hopefully this call center will work round the clock.

RBI also has to ensure that night withdrawals  (Say 10.00 pm to 6.00 am) are made subject to additional verification such as a second factor authentication. RBI should also classify ATMs based on their location and identify priority ATMs such as those within Airports which may be given some exemptions for night operation. Since entry to airports is subject to some verification, the risks are less.

What is not clear but could have been already introduced is that the incident report may be converted into an FIR with least formalities so that the complainant does not encounter any harassment.

Recently cyber crimes are on the increase in E Commerce platforms like OLX. Both Banks and such platforms need to ensure that there are security controls to verify buyers and sellers so that frauds can be traced efficiently.

Naavi

P.S: Outside Bangalore, the MHA has set up a call center number 155260 for a similar purpose.

Naavi.org has been flagging the Twitter Controversy as a “War Against India”.  Twitter is confirming this more and more by their actions. Recently removing the verifiability tick of Vice President of India as also many functionaries of RSS is a needless provocation they have engaged themselves in. It is the personal experience of Naavi that Twitter has not provided the Verification despite many requests after which I have realised that the blue tick has a political reason and I don’t qualify.

It appears Twitter is emboldened because India is behaving like how the 1962 Nehruvian Government behaved against China. It is provoking the Government so that the politicians and those who oppose the current Government can take any counter action taken by the Government as a curb against “Freedom of Speech” so that they can mobilize public opinion in India and abroad to bring about a regime change. There will also be a case filed with the Supreme Court  to get the orders passed if any against Twitter struck down.

But how long will the Government remain in such a compromising mood or  like Lord Srikrishna waiting for Shishupala to complete 100 abuses before releasing the Sudarshana Chakra, is the Government also waiting for the Twitter’s pot of sins to be full before taking action?.. is a moot question.

In fact according to the Intermediary guidelines of 25th February 2021, rule 4(7) Twitter is required to follow the following guideline.

“The significant social media intermediary shall enable users who register for their services from India, or use their services in India, to voluntarily verify their accounts by using any appropriate mechanism, including the active Indian mobile number of such users, and where any user voluntarily verifies their account, such user shall be provided with a demonstrable and visible mark of verification, which shall be visible to all users of the service: Provided that the information received for the purpose of verification under this sub-rule shall not be used for any other purpose, unless the user expressly consents to such use.”

Twitter has not introduced any measures as required above and instead trying to project its present “Blue Tick” verification as a verification measure that it can arbitrarily impose even if it is against the law of the land. This is clearly a confrontation that cannot be missed.

The fact that they have also ignored other aspects such as appoininting of a compliance officer etc only corroborates that Twitter wants to tease the Government of India the way Shishupala was doing in Lord Krishna’s courtyard.

The time has now come for Indian Government to draw its Sudarshana Chakra and  close the Twitter chapter in India.

Before Mr Modi started popularizing Twitter interaction, Twitter had no fan following in India. Now if Mr Modi exits Twitter, 68 million of his followers will also exit. This should be the first act of the Government of India which has no legal issue of any kind.

Secondly, the Government should use any of the sections of ITA 2000 or IPC and challenge Twitter for having assisted the commission of any offence such as “Spreading disharmony, hatred, etc” and since it does not have the defence under Section 79, block Twitter under Section 69 of ITA 2000 to prevent continuation of the offence.

Twitter can then go the Supreme Court where we can discuss whether the action was necessary and expedient or not.

Whatever the Court can decide, it cannot force Indians to continue to use Twitter and Government should give an administrative guideline to all Government agencies including the Courts to exit from Twitter.

Let Twitter thrive on opposition member’s support if they so want. Government should not even respond to any comment on Twitter nor post even after a delay etc. They should switch all their G2C communication to Koo and/or Tooter. In about an year’s time Koo will be good enough to be a messenger between the Government and the citizens. Twitter will fade away.

Hope our Government musters enough courage for such an action, some time today itself. We should not relent even if Twitter appears to make a tactical retreat. They will come back to hit us again in another weaker moment. We should adopt Chanakya Neeti to ensure that Twitter should be removed from its roots, from India.

Naavi

Cricket followers have long debated who is greater between Sir Don Bradman and Sir Gary Sobers. As a Batsman, Don Bradman was incomparable in the value he brought to his team. But a person like Gary Sobers with his all-round skills as a Batsman and a bowler who could bowl both fast and spin exhibited an amazing skill which made him a person of high utility to any team. Cricket is a team game which can accommodate both Bradman and Sobers in one team and the team will be richer with the contribution of both.

The corporate scenario which we now observe with the advent of the position of a DPO (Data Protection Officer) in to the  corporate CxO team  that consists of the CISO, CTO, CCO and the CRO besides  the CEO will now sport a similar debate. Some companies may try to create the position as a CPO instead of a DPO or perhaps a CDPO with DPOs for different divisions which will ease the problem of bringing in harmony between the two key players.

With the DPO being seen as the protector of the 4% penalty (calculated on global turnover)  that most Data Protection Laws seem to fancy, the management would like the DPO to be involved in more top management decisions than what they would expect from the CISO.

While the CISO is presently taking responsibility for securing both the personal data and the non personal data in the current day scenario, the DPO is snatching away the responsibility for the protection of the Personal Data. Though the volume of personal data in an organization is always less than the total data that the CISO was hitherto managing, the role of a DPO is more complex and challenging.

A DPO has to not only manage the legal issues but should also be on top of the technology. He has to be a true allrounder and be able to manage both internal responsibilities as well as the external relationships with the regulator and the data principals.

In view of the complexities involved in the work of a DPO, a versatile player like Sobers will have to be treated with equal respect even though he may be a new entrant into a team which already has Don Bradman in it. For the CEO, having both in the team is great as long as he is able to keep both motivated enough.

For those who are today neither a Bradman or  a Sobers, but are still recognized as a leading player, the role model to follow is clear…

To be a Bradman and open the innings and come back to contribute only in the next innings or To be a Sobers and come down the order and continue to contribute as a bowler even when the opposition is batting. A Sobers will be relevant in all the 4 innings of a test match while Bradman will be relevant in only two.

I suppose the argument of who you would like to be is clear…. the DPO is the preferred destination for every Information security professional or a Legal professional.

An opportunity to move in this direction strikes you now with the upcoming DPO training being offered by FDPPI… A 36 hour online training to accredit “Certified PDP-CMS Auditor” with the knowledge of Indian laws, foreign laws and Audit skills. .. Time to join without delay. (Registration closes on June 10, 2021)

Naavi

(P.S: Using the analogy to pay  tributes to the two legends of the game of cricket which has given endless hours of enjoyment to our life….Naavi)