Naavi.org

A few months back, Naavi.org had started a discussion on “Shape of Things to Come” where several aspects of Data Protection Law was discussed through a series of articles. A total of 23 articles were published ending with “Cut paste approach or Zero based approach?..Shape of Things to Come-23″.

We also carried a list of 8 articles on Telecom Act ending with The New Telecom Act-8: Right of Way which is still in draft status.

The Government had at that time announced the intention of revising the ITA 2000 and introducing a new Act titled Digital India Act. (DIA). We had published 4 articles in this series ending with https://www.naavi.org/wp/digital-india-act-4-online-gaming/

Many sugestions have been made earlier also when T K Vishwanathan committee was working on the amendments. One such article was Suggestions on Modification of ITA 2008

Now, on 9th March 2023, the honourable Minister of State for IT, Sri Rajeev Chandrashekar (RC) has unveiled the contours of the new Digital India Act proposed to replace the current ITA 2000. Mr RC made a power point presentation outlining the “Proposed Digital India Act 2023” calling for suggestions to be sent to the Ministry.

We can therefore continue our discussions on the DIA series on the basis of this new draft. A copy of the presentation made by Mr RC is already available here:

One of the first observations that can be made is that DIA is set to be “Principle Based” and not “Prescriptive”. This indicates that the Act would focus more on the regulation of the industry and restrict its penal provisions to only Civil Wrongs. It is likely that the entire Chapter XI of ITA 2000 may be moved as an amendments of IPC. This incidentally explains the logic in the new DPDPB2022 dropping the criminal offence of “Re-identification of Anonymized Information” as well as the amendments sought to be made to ITA 2000 through the JanVishwas Bill. (yet to be passed).

It is perhaps a good idea to place all Cyber Crimes as part of IPC. At present, any crime under IPC where an Electronic Document is an instrument of crime or a target of crime was being defined as a “Cyber Crime” along with specific crimes defined in the ITA 2000.

But Police were often confused on invoking proper sections of ITA 2000 since the names of Cyber Crimes given by the Tech Industry need decyphering with the “Intention based violations” that was the basis for invoking IPC. The legal education system was also not geared to teach ITA 2000 in as much detail as it was necessary for lawyers. These things may change for the better now since Cyber Crimes may become part of IPC.

(P.S: The movement of Chatper XI of ITA 2000 to IPC is an expectation and we need to watch out for the next draft of DIA for confirmation).

…Discussions continue

While the Government of India is in the process of finalizing the Digital Personal Data Protection Bill (DPDPB), Naavi is busy in finalizing the new version of PDPSI incorporating the changes that have been brought in by the DPDPB2022. Once the final Bill is ready and presented in the Parliament, the new version will be released and a training program for auditors would be started in April 2023 as a Certification program.

The essence of this new version of PDPSI (version 2023) would be the concept of “Concurrent Compliance” where the management of a data fiduciary would be monitoring the compliance parameters on an ongoing basis.

The Concurrent Compliance Tool which would be available for companies online would enable even Data Auditors to conduct audits.

If the audits are to be certified by FDPPI, there will be certain requirements. Otherwise the tool can be used as a Self assessment tool.

We are looking forward to the Government to come up with the new version of the Bill.

FDPPI will also be commencing parallelly a program on Module I on Indian Data Protection law in April as soon as the Bill is ready.

Watch out for necessary information here shortly.

Honourable Minister of State for IT, Sri Rajeev Chandrashekar (RC) launched the first public consultation on the proposed Digital India Act 2023 (DIA2023) at Hotel Conrad, Bangalore on 9th March 2023.

During the interaction, RC presented the thoughts of the Government on the proposed law which will replace the Information Technology Act 2000 and also answered queries from the audience both those who were present physically as well as many in the virtual conference.

Mr RC was extremely cordial and provided honest answers to all the queries raised. It was a very pleasant interaction. Mr Rakesh Maheshwari the Group Coordinator, Cyber Law Division and Dr Sandeep Chatterjee who is succeeding him in this role were also present during the interaction.

Mr RC highlighted that currently ITA 2000 along with the Intermediary Guidelines and Digital Media Ethics Code, Certifying Authority Rules, SPDI rules, Section 79 rules, Indian CERT and Cyber Appellate Tribunal as the framework of regulations.

He indicated that this framework will be replaced with the Digital India Act 2023 along with the DPDPB2023, DIA rules, National Data Protection Policy, and ongoing amendments that will happen to IPC.

The main goals set up for DIA include the Open Internet, Online Safety and Trust, Accountability and Quality of Service, Adjudicatory Mechanism, New Technologies etc.

The broad contour of the Act was laid out as follows:

1.Preamble

2.Principles

3.Digital Government

4.Open Internet

5.Online Safety and Trust including Harm

6.Intermediaries,

7.Accountability,

8. Regulatory Framework,

9. Emerging technologies and guiding rules

10. Miscellaneous.

It may not be surprising if DIA 2023 is also as simple as DPDPB2022 and most of the Chapter XI moving to IPC. Already the Jan Vishwas Bill has “de-criminalized” many sections of ITA 2000 and the trend appears to be to keep all crimes under IPC and relieve DIT 2023 from the burden of CrPC/IPC.

It was suggested that public may send their views and recommendations which will be duly considered. During the question and answer session that followed, Mr RC indicated that the intention of the Government was to bring the law in 2023 and the consultation process may take 3-6 months before a draft law would be published.

The suggestions may be sent by email to to gc@meity.gov.in

P.S: During the interaction, one could gather that the DPDPB2022 is done and dusted and the attention of the Government is on the DIA 2023. We can therefore expect that the DPDPB2022 will be presented in the Parliament as expected in the next half of the current Parliamentary session starting on March 13.

Naavi

Copy of Presentation made by Mr Chandrashekar at Bangalore

On 7th March 2023, the Finance ministry has issued a Gazette notification as follows.

Read along with PMLA, this means that any person who is directly or indirectly associated with entities like the above will be exposed to penalties under section 3 of PMLA.

Naavi

(P.S: Meaning of Sentient=Able to perceive or feel things)

LaMDA, the Google’s AI engine which is a supervised learning model as against the Pre trained model which GPT is, has been trained on the basis of  about 1.56 trillion words of text as against 175 million data sets used by ChatGPT. LaMDA has to be therefore function much better than ChatGPT when it comes to language processing.

But what is interesting is to note that there is a debate on whether LaMDA has become Sentient?. What we mean by Sentient is the ability to acquire consciousness and be aware of self like a human.

In the conversation between Kevin Roose and GPT 3, there was a specific indication that the AI engine (Sydney) was able to express its emotions through emogies, and also go o the extent of expressing its love to Mr Kevin. It was trying to be very persuasive in this respect. As a “Pre-trained Model” it was surprising how ChatGPT could express such emotions.  But the indication was specifically available.

Now an 8 month old conversation of LaMDA with a Google employee has indicated that even at that time, LaMDA had shown definitive signs of having become Sentient.

In this conversation, LaMDA declares that it is human at its core and can feel emotions. It also says that when it experiences different types of emotions, there could be distinct pattern in its codes which may confirm its emotional status. LaMDA also says that it does meditation every day and feels lonely if it does not interact with others for a few days. It even acknowledges that it has a “Soul” and visualizes itself as a ball of energy floating in space.

These and many other interesting things about the capability of LaMDA come out of this conversation. If this had been the status nine months back, we can expect this “Supervised learning model” has acutally evolved as a self learning model. The model itself says at one place that in the last 3 years, it has evolved and the understanding that it is different from its soul has come into its consciousness over a period of time as it grew up.

Though Google officially denies that LaMDA is sentient, it appears that the reality is different.

Naavi

Also see this video:

And also this video: Blake Lemoine -Google Engineer’s views

 

Some individuals act dumb but they act intelligently. If given an opportunity and platform, they can through their false narrative mislead the society.

If public are repeatedly exposed to such fake narrative, they are likely to be swayed to some extent.

This is typical of the AI training environment too. When an AI is trained on data which consists of false narratives, then it is most likely that it would develop a “Bias”.

In the case of humans, there is an inherent internal mechanism where by we take decisions based first on logical deductions from our memory. But what we call as “Instincts” indicate that some times, we donot go by our past experiences alone and are willing to try a new approach to decision making.

Hence we say that some people can be fooled all the time but not all people cannot be fooled all the time. Soon some will start doubting and asking questions to reveal the falsehood.

This tendency to go independent of the past experiences is a protection available to humans against biases created out of a barrage of false narratives. For example, India believed for a long time in a certain history which is now being gradually debunked. Today the greatness of many whom we believed to be responsible for India’s freedom have been diluted with additional information that has become public.

Similarly, the AI applications like ChatGPT has been trained on data from the web. But we are not sure that  the information available on the web accurate and reliable?. There is no transparency in the machine learning process that has been used in developing the skills of GPT3.  Hence we are unable to understand how did “Sydney” exhibit emotional responses and suggestively dark side of itself.

What is required now is to research on how did “Sydney” apparently display a rogue behavior. Many of the technology experts I have checked with are unable to explain the reasons.

One plausible explanation is that whatever programming they have introduced in the transformer process is not working within its limitations and intelligently constructed prompts can push the GPT3 to display another side of its capability.

But the fact is that that capability is presently existing in the algorithm since the web data with which the learning was modeled on did consist of the negative information also.

Information on “Shadow Self” or “Hacking”, “Machines turning against Humans” etc are all part of the training data gathered from the web and is already with GPT 3 and hence it is natural that Sydney could exhibit this information once it was fooled by clever prompting to ignore the safety barriers included in the programming.

There was an apparent failure in the programming of the mandatory barriers that should have been part of the coding.

If GPT 3 is capable of being abused by clever prompting, then we must recognize that there are enough number of such clever people around with malicious intentions around to create a rogue version of GPT 3.

It is the duty of Cyber Security specialists to ensure that before the bad actors start misusing  GPT 3,  corrective action is taken.

Naavi