Attributing Cyber-attacks: The cyclic nature of it

The cyclic nature of cyber-attack attribution and maintaining anonymity online presents a conundrum to the security industry.

A few days ago, the Indian Congress vice-president Rahul Gandhi’s Twitter account appeared to be hacked, followed by dozens of offensive tweets being posted. Within minutes of the first hack, the Twitterati engaged in a game of ‘whodunit?’ On one hand, people accused PM Modi’s followers for the hack, and on the other, some called it a staged drama by the Congress Party. Premature at best, the accusations were baseless and lacked evidence, highlighting the challenging nature of attribution.

Attribution

The most common factor leading the attribution dialogue today is the un-traceability of a cyber-attack. Attacks do not come with a return address. Tools available to obscure an attack’s origins are becoming more and more sophisticated by the day. Even if an attack can be traced to a system, there are chances of it being a deliberate misdirection.

Anonymity

Anonymity online is crucial for legitimate reasons, privacy at the heart of it, and also being able to voice concerns against strict government rules without reprisals, which is a basic right under any democratic government. There are sophisticated ways to maintain anonymity; you can mask your IP address, use fake accounts, virtual machines, strong encryption, etc.

The Cyclic Natureattribution_cycle

Better tools for anonymity consequently lead to either lack of attribution or improper attribution on cyber-attacks. The lack of proper attribution gives way for increased cyber-attacks, consequently leading to improved techniques for better attribution from the “anti-anonymity” group. Hence, to continually thwart the efforts of anti-anonymity groups, pro-anonymity groups come up with better technological capabilities to maintain their anonymity. This shows a recurring nature between the need to fight against anonymity and the need for anonymity. The recurring nature is the status quo.

Conundrum

This status quo of recurring nature begs the question: Why waste time on attribution when those resources can be better spent on enhancing one’s security and capability?

In his article about attribution, Lital Asher-Dotan, the founder of cyber security company Alfa Tech, argues that the security industry spends too much time and resources in attributing cyber-attacks, which is highly inefficient. According to him “a company’s limited security resources are better spent understanding how the attackers infiltrated the network and their capabilities and using this intelligence to prevent future attacks”

While I agree with Lital that attributing is highly inefficient, I disagree with the notion of not giving enough significance to attribution.

Let’s take the extreme version of this where we do not spend any time or energy into answering the “Who did it” and that time and energy is spent on enhancing security systems. The other side of this coin is that, the lack of attention to attribution leads to a counter response with increased cyber-attacks without fear of reprisals; more creative and dangerous attacks at that. The likelihood of successfully infiltrating a security system increases with disastrous consequences. So, this extreme version of scenario does not yield well.

Even if attribution may not yield to anything, it is an essential aspect of cyber-security. Eliminating attribution is not a logical option. It acts as a deterrence. Hence there is a heightened need to strike the right balance between energy spent on attribution and defending cyber-attacks, where one does not need to compromise resources from the other.

 

Puru Naidu (@Brocolli88) is a Research Analyst at the Takshashila Institution

Comments { 0 }

Of Ethics and Artificial Intelligence

download

War has changed. It is no longer about nations, ideologies and ethnicities. It is an endless series of proxy battles fought by man and machine.[1]

The above is the opening line of Metal Gear Solid 4, one of the greatest pieces of virtual entertainment. It paints a grim picture of the future of warfare replete with references to autonomous artificial intelligence (AI) overrunning defence systems. Given recent advancements however, one has to wonder if these portrayals were right.

Science fiction involving AI generally depicts a utopian or dystopian future, a plot point that writers exploit and exaggerate to no end. However, AI application development has been ongoing for several decades and the impact of early systems raises many questions on its full-scale integration in defence systems.

What could possibly go wrong?

In simple terms if we fail to align the objectives of an AI system with our own, it could spell trouble for us. For machines, exercising firm judgment is still a significant challenge.

Recent advancements in robotic automation and autonomous weapon systems have brought military conflict to a whole new level. Unmanned helicopters and land vehicles are constantly being tested and upgraded. The surgical precision with which these automations can perform military operations is unparalleled.

Emerging weapons tech with deep learning systems can ‘correct’ mistakes and even learn from them, thereby maximising tactical efficiency. The high amount of security in their design make them near-impossible to hack and in some cases even ‘abort’ an operation. This could result in mass casualties despite a potentially controllable situation.

An obvious issue is that in wrong hands an AI could have catastrophic consequences. Although present systems do not have much ‘independence’, the growing levels of intelligence and autonomy indicate that a malfunctioning AI with disastrous consequences is a plausible scenario.

Who is accountable in case of a mistake?

Autonomous vehicles and weapon systems bring forth the issue of moral responsibility. Primary questions concern delegating the use of lethal force to AI systems.

An AI system that carries out operations autonomously; what consequences will it face in terms of criminal justice or war crimes? As machines, they cannot be charged with a crime. How will it play out in case a fully AI-integrated military operation goes awry?

Problems with commercialisation

Today’s wars are not entirely fought by a nation’s army. Private military/mercenary companies (PMC) play an active role in wars, supplementing armies, providing tactical support and much more. It won’t be long before autonomous technologies are commercialised and not restricted to government contracts.

There is no dearth of PMCs who would jump at the opportunity and grab a share of this technology. The very notion of private armies with commercial objectives wielding automations is a dangerous one. Armed with an exceedingly efficient force, they would play a pivotal role in tipping the balance of war in favour of the highest bidder.

The way forward

In September 1983, Stanislav Petrov, Lieutenant Colonel with the Soviet Air Defence Forces, was the duty officer stationed at the command centre for the Oko nuclear early-warning system. The system reported a missile launch from the United States, followed by as many as five more. Petrov judged them to be a false alarm and did not retaliate. This decision is credited for having prevented a full scale nuclear war.

The findings of subsequent investigations revealed a fault with the satellite warning systems. Petrov’s judgment in face of unprecedented danger shows extreme presence of mind. Can we trust a robot or an autonomous weapon system to exercise judgment and take such a split-second decision?

Stephen Hawking, Elon Musk and Bill Gates – some of the biggest names in the industry – have expressed concern about the risks of superintelligent AI systems. A standing argument voiced is that it is difficult to predict the future of AI by comparing them with technologies of the past since we have never created anything that can outsmart us.

Although current systems offer fewer ethical issues such as decisions taken by self-driving cars in accident prevention, there could be potential complications with AI systems supplementing human roles.

There is a heightened need to introduce strict regulations on AI integration with weapon systems. Steps should also be taken to introduce a legal framework which keeps people accountable for AI operations and any potential faults.

AI, as an industry, cannot be stopped. Some challenges may seem visionary, some even far-fetched however it is foreseeable that we will eventually encounter them; it would be wise to direct our present-day research in an ethical direction so as to avoid potential disasters. A probable scenario would be where AI systems operate more as a team-player rather than an independent system.

Nick Bostrom, in the paper titled Ethics of AI sums up the AI conundrum really well:

If we are serious about developing advanced AI, this is a challenge that we must meet. If machines are to be placed in a position of being stronger, faster, more trusted, or smarter than humans, then the discipline of machine ethics must commit itself to seeking human-superior (not just human-equivalent) niceness.[2]

Image credit: AP Photo/Massoud Hossaini

[1] http://www.goodreads.com/quotes/478060-war-has-changed-it-s-no-longer-about-nations-ideologies-or

[2] https://intelligence.org/files/EthicsofAI.pdf

Further Readings:

https://intelligence.org/files/EthicsofAI.pdf

Ganesh Chakravarthi is the Web Editor of The Takshashila Institution and tweets at @crg_takshashila.

Comments { 1 }

What India’s surgical strike achieved, and what it didn’t?

by Pranay Kotasthane (@pranaykotas)

Having introduced an uncertainty in its response, it is perhaps better for India to reduce the vulnerability of its military establishments.

In the wake of the attacks on the Indian army base in Nagrota, familiar uncomfortable questions have come to the fore: is it the lack of intelligence support that’s making such attacks recur? Has the fragile situation in the Kashmir valley helped rejuvenate terrorist networks? Or, are obsolete security mechanisms making military installations vulnerable to repeated attacks? Despite the recent spate of attacks on military infrastructure, these sticky, fly-papery questions still haven’t found responses that will make them dissolve away.

Nevertheless, the Nagrota attack throws up a completely new question: what did the “surgical strikes” of 29th September achieve — is there a need to replicate such strikes after the Nagrota attacks or should that option be dispensed with?

To answer this question, let’s assess what the surgical strikes achieved, from the lens of the three affected parties — the domestic Indian audience, the Pakistani military—jihadi complex, and the Pakistani civilian leadership.

For many Indians, a consciously coordinated action involving various parts of the administrative machinery — military, diplomatic, and political — was a signal that India will now respond to terrorism at strategic or operational levels, and not merely at a tactical level. Given that the earlier response — a carefully calibrated “strategic restraint” policy had failed to attenuate the attacks from Pakistan, a more forceful quid-pro-quo alternative became a cause of hope for some, and of aggressive chest-thumping for others. After the Nagrota attacks, some groups in this domestic constituency will demand similar strikes, with an aim of institutionalising this strategy.

Second, the Pakistani military—jihadi complex (MJC) was taken by surprise — it was anticipating a tactical response, but not a coordinated operational response. Moreover, the publicly declared cross-LoC Indian raids largely received a thumbs-up from the international community, weakening the complex’s narrative.  Within the complex, the jihadi node was specifically targetted. However, the shallow raids didn’t dent the terrorists’ capacity in any significant manner — there are no terrorist camps at such small distances from the LoC, merely a few launch pads to help terrorist squads in their transit. The operation also did not cause any major loss to the Pakistani army and hence it chose to deny the incident rather than escalate immediately. Overall, the surgical strikes served a signalling purpose against the MJC, rather than a concrete blow to its capacities; it flustered the MJC but hasn’t deterred it. It proved to the MJC that India is capable of maintaining a dynamic conventional threshold and that India is not just limited to the option of tactical retaliation.

Third, the Pakistani civilian leadership was able to utilise the surgical strikes against the dominance of the MJC. Unsurprisingly, a news report claiming that the civilian government has directed the military leadership to act against militants came out immediately after India’s raids. Meanwhile, the civilian leadership kept championing the anti-India rhetoric — such posturing continues to remain popular in Pakistan, regardless of who is in the driving seat. The army’s carefully cultivated image as the ultimate protector of Pakistan’s ideological and geographical frontiers took a dent, and the civilian leadership cashed in on the opportunity.

What will be the impact of another cross-border raid on the three affected parties?
Projected as a strong rejoinder to Pakistan’s use of terrorism, the Indian government will be able to garner domestic support from many quarters to a repeat strike. However, the border states of Punjab and J&K will have to bear the brunt of any further escalation, threatening livelihoods and economic prospects in these states.

The MJC and the Pakistani civilian establishment will now be better prepared in anticipation of another Indian strike. So, it will be very difficult for India to inflict any damage using the same level of deployment. Other options of this nature include using artillery against bunkers from a vantage point while avoiding collateral damage, or the use of air to surface strikes or using short-range cruise missiles to strike terrorist hideouts. But each of these alternatives is likely to result in significant escalation on both sides.

Having introduced an uncertainty in its response, it is perhaps better for India to reduce the vulnerability of its military establishments. Recommendations of the Lt Gen Philip Campose Committee, constituted after the Pathankot attacks, need to be implemented. There is clear indication that the MJC has altered its strategy over the last two years, focusing on high-value Indian military establishments rather than cause large-scale civilian damages. The sub-conventional warfare level, where terrorists operate, has clearly narrowed across the world. A conventional response to a terrorist attack having mass civilian casualties will now be seen as a necessity to curb terror. The surgical strikes have helped reinforced this viewpoint. A variant of the strikes can be used to target high-value terrorist infrastructure if Pakistan returns to its policy of causing mass casualties.

For now, it is better that India focuses on its defences. Ultimately, India is better off putting both — a grand rapprochement or a full-scale war — on the back burner, while expending available capacity to launch economic reforms, rendering Pakistan irrelevant.

Pranay Kotasthane (@pranaykotas) is a Research Fellow at the Takshashila Institution.

Comments { 0 }

Beware the security risks before you jump onto digital payments bandwagon

Deficit in cash flow has forced users into digital payments. Without proper precautions and security policies, the highly reactive nature of cyber security leaves us vulnerable to cyber-attacks.

chaiwalla-paytmImage source: DNA India

The whole demonetization of currencies has shaken our country to its core. In the past week, we saw how it affected people at all levels and how they were coping with it, hoping for the better in the near future. While the challenges still persist, it has nudged people towards digital transactions even for their daily needs using virtual wallets, PayTM and others. Companies that enabled digital payments acted as buffers soaking up some of the pressure. In fact, there was a surge in digital payments hitting records high over the past week; PayTM saw a 200% increase in its mobile application downloads and a 250% increase in overall transactions. MobiKwik saw an increase of 200% in its application downloads within few days. Other companies within this domain such as, Oxigen and PayU have also seen a rise in their service usage.

Resultant trend maybe vulnerable to security threats

This new trend is certainly heading in the right direction towards digitization, however there is risk of casting a blind eye towards the security aspect in the whole process of adapting to this digitized lifestyle. The Nordea Bank Fraud incident that occurred in 2007 is a classic example of e-banking cyber-attack, where perpetrators infected unsuspecting customers’ systems with a malware that stole login credentials, and made off with over 1.1 million US dollars. Not even major financial corporations like VISA, PayPal, and MasterCard are invincible from cyber-attacks.

The security standards and precautions have certainly evolved since these high profile attacks. But the speed of technological developments and its integration into our economy far supersedes that of the defense mechanisms and protocols in place to mitigate any cyber-attack on these developments. It goes to show that they are unparalleled and reactive in nature which ultimately begs the question: Is it safe to utilize these new payment platforms?

PayTM for instance is certified under the Payment Card Industry Data Security Standard (PCI DSS) 2.0 certification, which is the current industry security standard set by American Express, Visa International, MasterCard Worldwide and few other international dealers. This is an essential certification for companies that store credit-card info. PayTM also uses 128-bit encryption technology to crypt any information transfer between two systems. It takes more than 100 trillion years for a hacker to crack a password under 128-bit encryption. Needless to say, transactions via PayTM are fairly secure. Other companies like MobikWix also employ the 128-bit encryption technology. This is a common security measure that companies dealing with credit card information and transactions deploy, hence there is little doubt that companies taking advantage of demonetization are employing their share of precautions for secure transactions.

Is that secure enough?

But, these precautions won’t make us invulnerable. There are other things aside from the login credentials that hackers target these days. For example, just few days back, hackers breached a British mobile company, Three Mobile’s database and stole private information on six million users. Another example is the recent massive data breach of Indian bank networks that compromised over three million users’ financial data. The breach occurred between May 25 and June 10, victimizing major banking companies, including HDFC Bank, ICICI Bank, YES Bank, and Axis Bank. This stolen data can be sold underground, used for identity theft, or strengthen brute force attacks for further personal attacks.

These breaches may appear sophisticated, but there are other easier methods that anyone with basic IT skills can deploy. For Instance, here is an article by a hacker displaying the html code on how to fake the PayTM website. Using a spoofed site, a hacker can use phishing tactic to gain login credentials from unsuspecting users. Other tactics include fake mobile applications or spyware that steal information, social engineering tactics that make you reveal your login credentials, etc. This is nothing new however; spoofing, phishing, and spyware have plagued the IT security industry for more than a decade, with their tactics getting increasingly sophisticated.

But, if companies like HDFC and ICICI, which are most likely proactive in updating their security systems, still experienced cyber-attacks, what does that imply about unsuspecting users? Most new users were forced onto the digital payments bandwagon due to the currency demonetisation. Especially street-vendors, who were primarily reliant on cash payments before the demonetization, such as the Chai-wallas and Pan-wallas that were quick to adapt so as to maintain their revenue. Are these new users aware of the security risks involved here? I highly doubt it. Even if they are aware of the risks, whose responsibility is it and what precautions can they take to minimize damage from future attacks?

Whose responsibility is it?

It is not a single entity’s responsibility. Everybody involved in the process, including companies offering the service, the customers, and the government should do their share to mitigate cyber-attacks and minimize its damages. The following is a three pronged approach for companies, customers and the government to mitigate security risks:

digital-payment-risk-management

Companies

All companies that offer platforms or services enabling digital payments should, first and foremost, increase awareness of the risks among their customer base and educate them on ways to secure themselves. Employ behavior analytics and pattern analysis at their fraud departments to predict suspicious behavior. Stay proactive in looking out for any spoofed applications or websites that masquerade their service. Proactively monitor discussion boards, social media platforms, and forums that discuss hacking and fraud tactics, and implement proactive measures to thwart their tactics.

Government

The Government should also do its share to protect its citizens by minimizing vulnerabilities. It should check if the current policies regulating this platform are adequate, and update it if necessary. Educate the populace on the risks involved. Enforce strict policies and hold companies accountable for not meeting security standards. Minimize benefits that come from overlooking security precautions. And, strengthen public-private partnership on live information sharing about cyber-attacks and fraud.

Customers

Customers should do their share to minimize damages. They should educate themselves about the risks involved, and take appropriate precautions. Minimize vulnerability with two-factor authentication and routine password changes. Check for applications’ authenticity by looking for the number of downloads and reviews by other users; the higher the number of downloads and reviews are, the higher the chances that the application is legitimate. In addition, check for other application releases from that developer. Check for website’s authenticity by checking for proper spelling of the web address, or if the website is secure by checking for a green padlock symbol on the left to the web address, and that the address starts with ‘https:’ Keep the web browsers updated as they can recognize illegitimate sites easily. Do not share sensitive information including login credentials over emails, phone calls, or chats. Lastly, trust your instincts and double check to make sure you don’t leave yourself vulnerable.

Puru Naidu (@Brocolli88) is a Research Analyst at the Takshashila Institution

Comments { 0 }

The disappearance of the middle ground

By Anupam Manur (@anupammanur)

The end result of an acrid political climate, as witnessed in the US and India, could be one of highly populated extremes and a disappearing middle-ground.

political_parties

Dear America,

Allow me the liberty to predict what will happen over the next few years. This is not another fear-mongering doomsday scenario painting exercise about the potential consequences of a Trump Presidency. I’ll leave that to the experts; experts, who have gotten all their predictions wrong until now. You are in a lot of trouble, not because of what Trump will do or not do, but because of the way you will react to his every move.

If you thought the election campaign trail saw the heights of polarisation, bigotry and racism in your society, then, you have another thing coming. Things are only going to get more divisive from now on. There will be an exponential increase in nationalistic fervour. Public discourse will worsen over the next few years to the point that sensible people will be forced to retire out of sheer frustration and saturation. This is the adverse selection problem in public discourse. If there is a higher proportion of lemons in the market, and the average consumer cannot differentiate between the lemon and the peach, the peaches get crowded out.

Every move by your next President will receive disproportionate attention and reactions. Yes, in a democracy, the citizens have to provide the vigil, but this will take an extreme turn, and perhaps a turn for the worse. The vigil will turn into an obsession, which will saturate public attention. The supporters and detractors will fight out every move, not based on the merits or demerits of the move, but based on the position they took on the day of the election. Supporters will cheer every move and defend it with all their might, irrespective of whether there exists any merits to it. Even terrible moves that might actually induce harm in these stakeholders will find staunch supporters. The supporters might even be willing to endure the negative effects in order to defend their position.

Detractors, on the other hand, will assume that it is their moral obligation to oppose everything. Let us assume that Trump does something reasonable in his tenure, which can be welfare enhancing to Americans, like perhaps fixing the fragile Obamacare. Regardless, the detractors will vilify him, make highly polemical arguments, and go to great lengths to find faults, instead of nuanced debates on how it can be improved. Reasonability and sensibility will disappear from public discourse and so will balanced objectivity. The residue will be a highly charged, hyper-partisan platform for dogmatic exchanges. To make things worse, your political representatives will also be highly divided and it would be reasonable to expect the Congress and the Senate to be in a continuous gridlock for the next few years. Sure, some legislations may get passed, but most of it will have to endure an extremely rough path.

This black hole of negativity will suck in everything in its sight. Previously sane commentators will start taking positions and will stick to it, even in the face of contradictory evidence. Very few will be exempt from this. The middle ground will rapidly vanish and the extremes will start getting populated. There is perhaps some merit in apathy and indecisiveness among citizens, but the time for that has gone. Everyone has a strong opinion and of course, it is the right opinion. The media houses will not be spared either from the hyper-partisan discourse. An independent and impartial media will be left wanting.

I speak from experience. This is what has happened to public discourse in India since the elections in 2014. I am not trying to draw any parallels between our two elected representatives nor our political parties or governments. There is just an overwhelming similarity in the acrid political climate of our countries and the end result could be one of highly populated extremes and a disappearing middle-ground.

Anupam Manur is a Policy Analyst at the Takshashila Institution

 

Comments { 0 }

Changing alignments in East Asia

by Pranay Kotasthane (@pranaykotas)
Early indications about a Trump Presidency’s impact on partnerships in East Asia

Since Woodrow Wilson, the goal of American foreign policy has been to prevent regional hegemony.

believes Seth Cropsey, Director of the Centre for American Seapower at Hudson Institute. Assuming this was true, the goal is now being reconsidered seriously in the wake of Donald Trump’s victory in the presidential elections. All through the election season, Trump has indicated that the next administration would be more inward-looking — provision of the common good of security, and promotion of free trade, will not be the guiding principles of US foreign policy anymore.

In the early days, the effects of this new strategy are most clearly visible in East Asia. After Obama decided to suspend efforts to pass his signature Trans-Pacific Partnership (TPP) deal through the Congress, Vietnam too will not ratify the deal in the national assembly anytime soon. Trump’s victory also caused panic in South Korea’s financial markets, prompting an emergency meeting of the National Security Council. Australia too followed suit — signalling support for Chinese-led Free Trade Area of the Asia-Pacific.

The framework below gives an idea of how East Asian states are recalibrating their strategies over the past few weeks.

tpp-trump-duterte

Given that the US and China are overwhelmingly powerful in the region, bipolarity exists in East Asia. Further, there are two axes of alignments — political and economic. Based on their relationships with these two major powers, East Asian states can be assigned to one of the four quadrants. There are two bandwagon quadrants (where a state aligns with US or China both, politically and economically) and two hedging quadrants (where a state aligns with one major power in political engagements and aligns with the other in economic arrangements). Grey points indicate positions of East Asian states before Trump’s presidency and black points indicate recent shifts. I haven’t classified all the East Asian states in this framework, yet.

This framework indicates that countries like Australia and Philippines are already moving towards the hedging quadrants. With TPP faltering, a lot of states might follow the Australian trajectory —  economic alignment with China and play a waiting game on geopolitical alignment.

Countries such as North Korea and Japan will find the realignment tougher, and will look out for more options. Faster movement on India—Japan cooperation is an example. No surprises that a landmark nuclear deal between the two countries took place once it was clear that Trump would be the next US president.

Interesting days ahead for East Asia watchers. China can be expected to be strident in the days to come.

Pranay Kotasthane (@pranaykotas) is a Research Fellow at the Takshashila Institution.

Comments { 0 }

The Trumping of Marrakech

The 22nd Conference of Parties (COP) to the UNFCC negotiations at Marrakech have barely been in the mainstream Indian news simply because it is hard to find the media space between the withdrawal of the Rs.500 and Rs.1000 notes and the U.S Presidential elections. The COP 22 negotiations were to represent the optimism of a hard fought climate deal and design the implementation strategy for the Paris Deal. However, they have been largely overshadowed in light of contemporary geopolitics.

On November 4th, the outcome of the 2015 Paris negotiations came to fruition as 176 countries (the largest number to sign an international instrument since UNCLOS) deposited their instruments of signature at the United Nations. India had jumped on the bandwagon by ratifying the climate deal on the symbolic date of Gandhi Jayanti.

Multilateral negotiations for the climate deal saw India change its stance from a disrupter to a norm follower- a stance it has echoed in other multilateral negotiations including nuclear proliferation and the WTO negotiations. India had resolutely refused to sign any climate deals that did not involve Western nations in pulling their weight. Indian diplomats had claimed that in order to allow their citizens dignity of life through economic development, they could not commit to energy cut back of the scale required and insisted that countries responsible for the emissions take the lead.

However, this was not a viable position for long. Once China, the world’s largest contributor to carbon emissions joined with the US to cut down on emissions, India would have found its disruptive stance an even more unpopular and isolated position. India has shifted its stance and declared its Intended Nationally Determined Contributions (INDC). However India’s new stance also stresses on its reliance on the rest of the world in bridging its energy needs through technology and help. Over the last year, steps have also been taken within the country to support its stance at the COPs. By streamlining its civil aviation rules and signing the CFC cutdown treaty, India has shown its willingness in combating climate change.

However, all of that now stands to change. The biggest shadow over the Marrakech COP is the US Presidential elections. While hyperbole has shown anti-Trump supporters protesting even at Marrakech, Donald Trump’s record on climate change shows little promise. He has repeatedly dismissed climate change and global warming as hoaxes and even gone on record to state that climate change was a conspiracy pioneered by the Chinese to reducing American manufacturing potential. Trump has stated that he would roll back the Paris Agreement. But speculation about Trump’s potential climate policy will lead us down a road that goes nowhere.

The Paris Agreement was ratified by President Obama on the sidelines of the G20 summit. In a show of US-China alignment, leaders of both countries deposited the Paris deal together is Hangzhou. The Paris Agreement also does not allow countries to withdraw from it for a period of three years. Therefore, there is little danger of Trump rolling back the Paris deal.

However, it is important to remember that INDCs are, at the end of the day, voluntary mechanisms based on good faith. They are non enforceable and bear little penalties in international law though the effects of climate change may seem apparent to everyone but Trump supporters. What is possible is that Trump will not prioritise the INDCs or fund the Clean Energy Plan, the brainchild of the Obama Administration. This is particularly important in terms of signalling for other countries. Countries like Saudi Arabia whose economies depend on conventional sources of energy could take the lethargy of the United States as a signal to disregard the Paris Deal. This would mean that the hard won negotiations of the last seven years have come to nought. Trump’s disregard for climate change will also stir the Chinese to take the lead on the issue. Already, Chinese officials have stated that they are committed to their climate change declarations despite political changes in other countries. China has also set up its national carbon emission trading market and has reportedly reduced its carbon intensity by 20% between 2011 and 2015.

What does this mean for India? India directly faces the effects of climate change as much of its agriculture is contingent on the monsoons. It has shifted its stance from norm disrupter to norm follower as a way to break out of the climate chakravyuh. However, if the United States will not stick to its INDC and China will, which path will India choose? Several commentators are already questioning India’s stance considering its close ties with the US. However, a comprehensive definition of security would require India to stick to its INDCs as the country is vulnerable to the effects of climate change. India needs to exercise its strategic autonomy and continue with tackling its INDCs.

Hamsini Hariharan is a Research Scholar with the Takshashila Institution and tweets at @HamsiniH

Comments { 0 }

Politicisation of armed forces to collect funds is deplorable

Recent announcement of donating Rs 5 Cr. to Army welfare fund by bollywood producer-director Karan Johar cannot be repentance for sins of commission and omission by political parties 

By Guru Aiyar (@guruaiyar)

In one of the most brazen forms of extortion witnessed in recent times, a political party in Mumbai extracted a promise of donating Rs 5 Cr to the Indian Army from Karan Johar. The reason for asking this kind of money was for penance by Karan Johar for casting Pakistani actor Fawad Khan in his yet to be released movie Ae dil hai Mushkil. The capitulation of Karan Johar and Maharshtra state Chief Minister Devendra Fadnavis, who brokered the deal has been one of ultimate cravenness in the face of unreasonable demands. Politicisation of the army in this manner reeks of selfishness to further the short term goals of the party in question.

There wouldn’t have been any issue if the donation was voluntary. It gained salience only because the director was threatened with violence. The scheduled release on October 28 was put on hold because the party workers of Maharashtra Navnirman Sena (MNS) had orchestrated protests. A party that managed to garner only a single seat in the assembly elections of 2014 in Maharashtra saw this as a perfect opportunity to capture public mindspace.

There is nothing wrong in wanting to respect the army and the sacrifice of its soldiers. To find common cause in a soldier guarding the nation’s frontier should be a matter of pride for any citizen. What runs counter to common sense logic is why to mix the issues of Pakistani artistes working in Indian movies and the army? The issue of granting visas to Pakistani artistes must have been taken only after deliberation by the central government.

Fortunately, the defence and Information and Broadcasting ministers have slammed this deal. That was to clearly demonstrate to the public that the central government does not appreciate this act of coercive donation. The army too has refused to accept this money. But the centre could have gone further. Mere condemnation is not enough. It is time to ask as to why should the rule of law be subverted? Why should any government give in to this form of thuggery? Now since the issue is deemed to be settled, should we expect the workers of the MNS to get back to their daily life? Of course, no. We can certainly expect some other kind of protest over seemingly inane issues.

Guru Aiyar is a Research Fellow in geostrategy programme at Takshashila and tweets @guruaiyar.

Featured Image: PM Modi pays homage to martyrs of Indian army at Badami Bagh in Srinagar courtesy creativecommons.org

Comments { 0 }

To keep the money where you raise it

Tax Increment Financing is amongst the many public financing methods that the cities in India need to explore further.

The City of Chicago, the third biggest city in United Sates of America, evidently requires a large revenue source to maintain the needs of a growing population of two million plus. It is in this attempt that there are various innovative financing methods used by the Chicago government to raise revenue. One of the methods that stands out is the Tax Increment Financing (TIF) method. It refers to a funding tool that allows the extra property tax to be used in the region itself.

TIF is generally used for a given region, whereby the taxes collected in the region are called base revenue and any amount collected above the base revenue is captured by the region itself. The taxes above the base revenue, incremental revenue, is used for economic development in the region earmarked under the TIF. It is usually spent on the public work or to attract private businesses in the region. TIF is usually used in regions that are declared “underdeveloped” and are considered to be dependent on the public expenditure for growth.

This method of funding have been supported by experts in urban planning like Donald C Shoup. The basic argument being that the citizens tend to pay more taxes if they can see tangible changes from their contributions. In his paper The High Cost of Free Parking, Shoup makes the case that the curb side parking revenue could be used to fund the Business Improvement Districts just like TIF is used for redevelopment projects from the increases in property tax revenues. TIF, therefore, acts as a pool of fund that can be used by the given region to attract business and economic opportunities based on the contributions by the population directly benefitting from it.

Although it may sound like a good idea, TIF has been severely criticised for being biased towards the business units and acting like a subsidy for the rich businesses. In their attempt to attract higher private investments, the regions tends to give large subsidies to the businesses. Thereby, diverging money away from the basic requirements like improving and maintaining infrastructure in the region.

The other major complaint regarding TIF is that it leads to development in the regions that do not need it as much. As TIF is collected from the funding made over and above the basic property tax, it is inevitable that regions with high income populations tends to collect higher funding as compared to poorer neighbourhood. Hence, TIF tends to limits the distribution of resources in a given region rather than help distribute it.

Having said that, TIF is an interesting tool that can be used to raise the local revenue and to incentivise higher tax collection in various wards in the city. The ward members can be made responsible for the use of the amount raised. The representatives being elected from each ward  will ensure that the members are directly accountable to the local population.

With Indian cities still struggling to find sources to raise revenue, TIF is at least a good option to explore.

Image: http://indypolitics.org/wp-content/uploads/2016/02/TIFS.jpg

Devika Kher is the Program Manger of Takshashila’s Graduate Certificate in Public Policy course and a policy analyst at Takshashila Institution. Her twitter handle is @DevikaKher.

Comments { 0 }

Regulating Fintech: A Proactive Approach

fintech-logos

Image courtesy of Forbes

By Nitin Malik (@nitinmalik86)

Financial Technology or Fintech sector needs a proactive and stable financial regulation policy environment to grow. Fintech can have a potentially transformative impact on economy in the future, and as such, Indian regulators need to carefully nurture a policy regime which promotes innovation and growth of fintech companies.

Fintech encompasses a broad range of technological innovations in the areas of block chain, financial advisory, digital currency, payments, financial inclusion, peer to peer lending, among others, which are disrupting traditional financial services. Not only do fintech innovations increase efficiency and lower costs, they also help increase access to financial services. For example, innovations like P2p and social data based lending is enabling people without formal credit histories to get faster and easy access to loans. In Kenya, M-Shwari uses call data and recharge history of customers to determine their credit worthiness. This has made it possible for millions of mobile subscribers to get loans in just a few minutes.

The Indian Fintech sector is estimated to be $1.2 billion in 2015 and is projected to touch $2.4 billion by year 2020, as per a NASSCOM study. Globally the sector is estimated to touch $45 billion by 2020. A recent McKinsey study estimated that digital financial services can help governments in developing countries to save around $110 billion annually.

Why regulating fintech is different?

Rapid innovations in fintech sector makes it a difficult sector to regulate. The objective of Fintech firms is to disrupt banking and financial services which are traditionally heavily regulated. Sometimes these regulatory costs create high capital requirements on startup firms and pose barriers to innovation in the initial growth phases.

This is why regulations of fintech is so critical, one that enables and not stifles innovation. Globally, regulators have had to walk a thin line between over and under regulation. Since understanding of risks posed by fintech firms is limited, regulators have come up with different approaches to understand and regulate this sector. Countries like UK, Singapore, the US and Australia have been at the forefront of these regulatory innovations.

How others are doing it?

UK’s Financial Conduct Authority and Monetary Authority of Singapore have created regulatory sandboxes for fintech firms. These sandboxes are like contained experiments, where fintech firms are allowed to innovate without the burden of regulatory permissions. FCA in UK through its project innovate scheme has invited fintech firms to innovate. These firms are provided with regulatory feedback and a safe house to build on their innovations and experiments.

Another approach, advocated by Omidyar Network, is the minimal approach to regulations called lean regulation – a term borrowed from the lean startup philosophy by Eric Ries. The spectacular growth of Kenya’s M-PESA and Philippines’ GCash mobile money services owe a lot to minimal regulations in the initial stages by central banks. Under the lean approach, regulators collaborate with players in their incubation phase and keep the regulatory requirements to a minimum. Rules are developed gradually as the market matures and there is better understanding of risks involved. This approach has proved highly successful for both countries, as they have become global leaders in providing mobile financial services to their citizens.

Recently, PayPal has also come with a paper on performance based standards for regulating payments industry. It advocates setting smart governance models by governments using data analytics and feedback loops to advance payment business models. This is still at ideation stage.

In summary, the overall arc of regulations should move from a rule based approach to principles based approach. Regulators should be active participants in market development rather than bystanders. They should encourage pilots, trials of innovations and engage with both incumbent players like banks, NBCFs and new startups.

India can spearhead the change

In last few years, India has taken a lead in emerging markets in embracing financially innovative regulations and policies, especially in finding innovative ways to promote financial inclusion. Despite this, we still don’t have pervasive mobile money services for the poor like Kenya and other east African countries. But the government along with RBI has been proactive with initiatives like award of differentiated banking licenses, development of India Stack, unified Payments Interface and laying out of JAM architecture. RBI has even issued a paper on P2P lending providing much needed clarity to the regulatory grey area.

India’s traditional software strengths and large internet consumer market places it an optimum position to be a leader in fintech sector globally. It is important that RBI, SEBI and other regulators continue to embrace the growth of fintech and make India a global hub of fintech innovation.

Nitin Malik is a financial inclusion consultant working in Myanmar and a participant of the 14th cohort of the Takshashila GCPP. His twitter handle is @nitinmalik86

Comments { 0 }