Archive | blog RSS feed for this section

Giving encryption keys and back-door access to government is paving way to an authoritarian regime

Considering the current state of unaccountability with our government, government’s access to encryption keys and backdoor access inevitably leads to abuse.

You’re probably going “that’s too far fetched”, is it really?

Last year, the government caused a huge ruckus by releasing a draft National Encryption Policy (NEP), with people calling it draconian. It was in fact draconian in nature. The policy expected businesses to hand over the encryption keys and access to communication logs in plain text for 90 days, raising concerns over privacy and free speech.

While the government withdrew it immediately, it opened up a dialogue among the different stakeholders about the necessities for an NEP and the issues facing it. On one hand, some claim that having a encryption policy sets a standard, which will strengthen our cyber-infrastructure and increase foreign investments. On the other had, some think there shouldn’t be any encryption policy, we should just let the market figure that out by itself.

Either way, why does the government want it? The government remains vague as to why it really needs access to encryption keys or backdoors. The general narrative is likely along the lines of the need for real time surveillance for preventing terrorism and cyber crime, and enhancing our national security.

But, whats really at stake here? Enhancing policing tactics in exchange for what? eavesdroppingWe live in an opportunistic society, where breaking laws and cutting corners saying ‘chalta hai’ is the norm. If you don’t follow this norm, a few glaring eyes and smirks abound. It would be naive to think that this doesn’t reflect within our government system, especially within the police system. More troubling is that we not only lack the “right to privacy” in our constitution, but also lack proper oversight architecture that holds the government and its employees accountable when it comes to abuse and corruption. The bad apples are most likely to abuse the access and get away with it scotch free. Hence, given the access and easy surveillance, it is inevitable that this government or the next will abuse it to get rid of opposition and enhance its power, eventually moving towards an authoritarian regime. There is no guarantee against it.

Where is the balance? How can the government investigate and prevent crime without the use encryption keys or backdoor access?

Few things it can do is improve other strategies in preventing terrorism and crime. Stronger Human Intelligence network for instance is a great tactic and provides real time access. Other approach can be to request live monitoring access, via a special court, on terrorist groups or crime syndicates that pose a real threat. Sure, this may not be as good as having instant access, but that’s a trade-off the government has to make to maintain society’s trust with its governance.

Image Source: Flickr user pyride

Puru Naidu (@Brocolli88) is a Research Analyst at the Takshashila Institution.

Comments { 0 }

Mythicising China’s strategic behaviour

From great wall to great iron via Sunzi bingfa

by Pranay Kotasthane (@pranaykotas)

Because we don’t understand China’s strategic priorities well enough, we often resort to historical antecedents, writings, even quotable quotes (remember Deng Xiaoping’s “lie low”?), to explain China’s strategic behaviour. This reductionist tendency is no longer the preserve of the non-Chinese. Chinese strategists themselves selectively pull out cultural myths that can project China as an eternally peaceful and responsible global power. Strategic culture myths serve another function: when on the backfoot, Chinese strategists often use cultural myths to imply that China has a totally different perspective on war and strategy that the West is incapable of understanding.

Given how frequently strategic culture myths are used in the Chinese context, I was delighted to read the chapter “Myth busting: challenging the conventional wisdom on Chinese strategic culture” by Andrew R Wilson, professor of strategy at the US Naval War College. The book is a Routledge edited volume titled China’s Strategic Priorities (ed. Jonathan Ping and Brett McCormick). The author identifies five myths that are believed to be the core elements of China’s strategic culture — the Great Wall myth, the Sunzi myth, the Good Iron myth, the Zheng He myth, and the myth of shi.

In the author’s words,

these myths enjoy little historical basis and even less explanatory power for understanding contemporary Chinese strategy. At best they are reductionist and misleading. And yet these five myths in their various forms and combinations continue to dominate today’s discussions of Chinese strategic behaviour [China’s strategic priorities, page 8].

I found this dismantling of China’s strategic culture myths very useful and constructed a mind map that can help China watchers (maximise the image to see the text). Maybe this will be instrumental in diffusing the mysticism surrounding China’s strategies.

China's Strategic culture myths. (Based on Andrew R Wilson's chapter in China's strategic Priorities)

China’s Strategic culture myths. (Based on Andrew R Wilson’s chapter in China’s strategic Priorities)

Pranay Kotasthane is a Research Fellow at The Takshashila Institution. He is on twitter @pranaykotas

 

Comments { 1 }

Need for accountable Indian cities

India needs to increase the accountability of its cities in order to increase their financial independence.

In his description of India’s accountability and Governance at London School of Economics publication, Charles Correa, a famous architect and urban planner says:

“India has many growth options. It is not dominated by any single primate city, which pre-empts all investment – like Lagos and Nigeria”

The wide range of tier one and tier two cities in the country are the symbolic of India’s progress and ambition. However, these growth engines are still dependent on the Union and State governments for its fuel. For instance, the largest revenue source for a city currently is the property tax collected by the state and then passed on to the municipalities. Last year, India’s financial capital, Mumbai got mere Rs 3,000 crore as revenue through property tax. Hence, for an economy to match up to the rate of growth in the cities, it is important that the urban infrastructure and services are financed in the best possible manner.

M G Rao and Richard Bird have tried to look at this exact problem in their paper “Urban governance and Finance in India”. The primary objective of the paper is to find solutions for urban governance and finance in India in the context of lessons drawn from fiscal federalism theory and experiences of governance institutions. The paper points out the inadequacy of the resources with the urban government and suggests three major requirements for efficient provision of public services: efficient assignment of function, strengthen local accountability and making the user pay for the benefits. Out of these, strengthening the local accountability is an vital aspect for any municipal body to attain financial independence.

As of now, the primary reasons for financing options available with the cities being limited are- the inability to comprehend the flow of funds, and the lack of institutions to handle bankruptcy. Rao and Bird talk about this in detail as they point out the lack of debt market in India and the necessity to strengthen and deepen markets, particularly land and capital markets. In order to increase the local accountability, some of the steps essential for the cities include maintaining and publishing a detailed financial statement such that the flow of funds can be tracked. The Fourteenth Finance Commission (FFC) in their recommendation gives high importance to this specific criteria by making it an important factor in deciding the Performance Grant. The Performance Grant constitutes 20% of the total grants given to the Urban Local Bodies (ULBs) by the Commission. In their recommendation, the FFC acknowledges the purpose of the Performance Grants to ensure reliable audited accounts and data of receipts and expenditure, and improvement in own revenue.

With regard to the lack of institutions to handle municipal bankruptcy, Securities Exchange Board of India (SEBI) has suggested a chapter on bankruptcy of municipalities be introduced in the proposed bankruptcy Bill by the finance ministry.

It is important to understand that we can only hope for a vibrant capital market at the city level if we have our basic process for accountability and bankruptcy in place. In simple words, we need to fix the books within the municipalities before we ask for a bond market.

Image source: Andreas Praefcke, Wikipedia

Devika Kher is the Program Manger of Takshashila’s Graduate Certificate in Public Policy course and a policy analyst at Takshashila Institution. Her twitter handle is @DevikaKher.

Comments { 0 }

Pakistan’s economic challenge

Thinking beyond CPEC

By Pranay Kotasthane (@pranaykotas)

The Dawn editorial (10th December) makes a case against Pakistan’s overreliance on CPEC to solve its economic woes.

there are multiple roads to integration, and placing all the emphasis on CPEC alone risks putting too many eggs in one basket. [The Dawn, 10th December 2016]

CPEC has been projected as a panacea for Pakistan’s economic woes. A Deloitte report from earlier this year estimated that:

if all the planned projects are implemented, the value of those projects would exceed all foreign direct investment in Pakistan since 1970 and would be equivalent to 17% of Pakistan’s 2015 gross domestic product. It is further estimated the CPEC project will create some 700,000 direct jobs during the period 2015–2030 and add up to 2.5 percentage points to the country’s growth rate. [Deloitte]

Unsurprisingly, the potential benefits accruing from CPEC have been played up by sections of the Pakistani press, government, and the army. Among other things, two separate force formations, each comprising of more than 15000 security personnel, have been mobilised in order to ensure security for the project and for Chinese workers. And as Khurram Hussain highlighted in another Dawn article titled ‘Hidden costs of CPEC‘, the cost of these forces is now being bundled into the power tariff and passed on to the consumers.

Thus, The Dawn editorial accurately identifies the need to think beyond CPEC. It suggests two alternatives: change in the terms of the FTA with China, and increasing trade with Iran, beginning with the natural gas pipeline. However, both these alternatives are unlikely to solve Pakistan’s economic woes for the following reasons.

A renewal of the FTA with China in no way reduces Pakistan’s dependence on China. Pakistan has already acceded unusual diplomatic and political maneuvering space for China in a bid to revive its economy. Take, for instance, the conduct of Muhammad Lijian Zhao, a Deputy Head of Mission at China’s Islamabad embassy, who single-handedly fends off the mildest of reservations against CPEC by Pakistanis on Twitter. It is unusual that the concerns of Pakistani citizens, instead of being addressed by the provincial government of Balochistan or the Federal Government, are being swatted off by a Chinese bureaucrat.

Images such as these common on Twitter

Building a China—Pakistan friendship narrative: Images such as these are common on Twitter

The issue of raising a Special Security Division also reflects Chinese domination in the China—Pakistan equation. Raising a special division for Chinese projects and nationals, in regions where ordinary Pakistanis themselves fear for their lives, is further stoking alienation.

The opening of trade with Iran, without a peaceful settlement of political issues in Balochistan and Afghanistan, is also an unfeasible alternative. Pakistan’s economic growth centres are near its eastern borders (in Punjab and Sindh) and any trade with Iran will have to pass through the troubled western areas. Thus, it is unlikely that trade with Iran will take off unless Pakistan addresses the aspirations of the Baloch, and stops its overt and covert support for the Afghan Taliban.

What might resolve Pakistan’s economic challenge, then? Moeed Yusuf suggests that Pakistan has no option but to open up economically to India.

He makes an excellent argument:

Even when we add up realistic appraisals of possible reforms, includes CPEC, and factor in new export markets Pakistan can tap, we still end up well short of what the country needs to keep competing with India and other peer countries.

More importantly, it is absolute, not relative, gains that matter. We need to be concerned about the additional growth we would generate from acting as a trade and transit hub for the near and far neighbourhood and the force-multiplier effect it would have rather than what India or others might get out of the arrangement. Plainly, the new chief must know that keeping the region closed guarantees that India and Pakistan’s differential will continue to grow in New Delhi’s favour. [Dawn, The Chief’s Choice]

Alas, it’s is a tragedy that even major geoeconomic decisions of Pakistan need approvals of the army chief.

[Also read my post Thoughts on India’s approach to China’s 1B1R initiative on how India should look at CPEC]

Pranay Kotasthane is a Research Fellow at The Takshashila Institution. He is on twitter @pranaykotas

Comments { 0 }

Attributing Cyber-attacks: The cyclic nature of it

The cyclic nature of cyber-attack attribution and maintaining anonymity online presents a conundrum to the security industry.

A few days ago, the Indian Congress vice-president Rahul Gandhi’s Twitter account appeared to be hacked, followed by dozens of offensive tweets being posted. Within minutes of the first hack, the Twitterati engaged in a game of ‘whodunit?’ On one hand, people accused PM Modi’s followers for the hack, and on the other, some called it a staged drama by the Congress Party. Premature at best, the accusations were baseless and lacked evidence, highlighting the challenging nature of attribution.

Attribution

The most common factor leading the attribution dialogue today is the un-traceability of a cyber-attack. Attacks do not come with a return address. Tools available to obscure an attack’s origins are becoming more and more sophisticated by the day. Even if an attack can be traced to a system, there are chances of it being a deliberate misdirection.

Anonymity

Anonymity online is crucial for legitimate reasons, privacy at the heart of it, and also being able to voice concerns against strict government rules without reprisals, which is a basic right under any democratic government. There are sophisticated ways to maintain anonymity; you can mask your IP address, use fake accounts, virtual machines, strong encryption, etc.

The Cyclic Natureattribution_cycle

Better tools for anonymity consequently lead to either lack of attribution or improper attribution on cyber-attacks. The lack of proper attribution gives way for increased cyber-attacks, consequently leading to improved techniques for better attribution from the “anti-anonymity” group. Hence, to continually thwart the efforts of anti-anonymity groups, pro-anonymity groups come up with better technological capabilities to maintain their anonymity. This shows a recurring nature between the need to fight against anonymity and the need for anonymity. The recurring nature is the status quo.

Conundrum

This status quo of recurring nature begs the question: Why waste time on attribution when those resources can be better spent on enhancing one’s security and capability?

In his article about attribution, Lital Asher-Dotan, the founder of cyber security company Alfa Tech, argues that the security industry spends too much time and resources in attributing cyber-attacks, which is highly inefficient. According to him “a company’s limited security resources are better spent understanding how the attackers infiltrated the network and their capabilities and using this intelligence to prevent future attacks”

While I agree with Lital that attributing is highly inefficient, I disagree with the notion of not giving enough significance to attribution.

Let’s take the extreme version of this where we do not spend any time or energy into answering the “Who did it” and that time and energy is spent on enhancing security systems. The other side of this coin is that, the lack of attention to attribution leads to a counter response with increased cyber-attacks without fear of reprisals; more creative and dangerous attacks at that. The likelihood of successfully infiltrating a security system increases with disastrous consequences. So, this extreme version of scenario does not yield well.

Even if attribution may not yield to anything, it is an essential aspect of cyber-security. Eliminating attribution is not a logical option. It acts as a deterrence. Hence there is a heightened need to strike the right balance between energy spent on attribution and defending cyber-attacks, where one does not need to compromise resources from the other.

 

Puru Naidu (@Brocolli88) is a Research Analyst at the Takshashila Institution

Comments { 0 }

Of Ethics and Artificial Intelligence

download

War has changed. It is no longer about nations, ideologies and ethnicities. It is an endless series of proxy battles fought by man and machine.[1]

The above is the opening line of Metal Gear Solid 4, one of the greatest pieces of virtual entertainment. It paints a grim picture of the future of warfare replete with references to autonomous artificial intelligence (AI) overrunning defence systems. Given recent advancements however, one has to wonder if these portrayals were right.

Science fiction involving AI generally depicts a utopian or dystopian future, a plot point that writers exploit and exaggerate to no end. However, AI application development has been ongoing for several decades and the impact of early systems raises many questions on its full-scale integration in defence systems.

What could possibly go wrong?

In simple terms if we fail to align the objectives of an AI system with our own, it could spell trouble for us. For machines, exercising firm judgment is still a significant challenge.

Recent advancements in robotic automation and autonomous weapon systems have brought military conflict to a whole new level. Unmanned helicopters and land vehicles are constantly being tested and upgraded. The surgical precision with which these automations can perform military operations is unparalleled.

Emerging weapons tech with deep learning systems can ‘correct’ mistakes and even learn from them, thereby maximising tactical efficiency. The high amount of security in their design make them near-impossible to hack and in some cases even ‘abort’ an operation. This could result in mass casualties despite a potentially controllable situation.

An obvious issue is that in wrong hands an AI could have catastrophic consequences. Although present systems do not have much ‘independence’, the growing levels of intelligence and autonomy indicate that a malfunctioning AI with disastrous consequences is a plausible scenario.

Who is accountable in case of a mistake?

Autonomous vehicles and weapon systems bring forth the issue of moral responsibility. Primary questions concern delegating the use of lethal force to AI systems.

An AI system that carries out operations autonomously; what consequences will it face in terms of criminal justice or war crimes? As machines, they cannot be charged with a crime. How will it play out in case a fully AI-integrated military operation goes awry?

Problems with commercialisation

Today’s wars are not entirely fought by a nation’s army. Private military/mercenary companies (PMC) play an active role in wars, supplementing armies, providing tactical support and much more. It won’t be long before autonomous technologies are commercialised and not restricted to government contracts.

There is no dearth of PMCs who would jump at the opportunity and grab a share of this technology. The very notion of private armies with commercial objectives wielding automations is a dangerous one. Armed with an exceedingly efficient force, they would play a pivotal role in tipping the balance of war in favour of the highest bidder.

The way forward

In September 1983, Stanislav Petrov, Lieutenant Colonel with the Soviet Air Defence Forces, was the duty officer stationed at the command centre for the Oko nuclear early-warning system. The system reported a missile launch from the United States, followed by as many as five more. Petrov judged them to be a false alarm and did not retaliate. This decision is credited for having prevented a full scale nuclear war.

The findings of subsequent investigations revealed a fault with the satellite warning systems. Petrov’s judgment in face of unprecedented danger shows extreme presence of mind. Can we trust a robot or an autonomous weapon system to exercise judgment and take such a split-second decision?

Stephen Hawking, Elon Musk and Bill Gates – some of the biggest names in the industry – have expressed concern about the risks of superintelligent AI systems. A standing argument voiced is that it is difficult to predict the future of AI by comparing them with technologies of the past since we have never created anything that can outsmart us.

Although current systems offer fewer ethical issues such as decisions taken by self-driving cars in accident prevention, there could be potential complications with AI systems supplementing human roles.

There is a heightened need to introduce strict regulations on AI integration with weapon systems. Steps should also be taken to introduce a legal framework which keeps people accountable for AI operations and any potential faults.

AI, as an industry, cannot be stopped. Some challenges may seem visionary, some even far-fetched however it is foreseeable that we will eventually encounter them; it would be wise to direct our present-day research in an ethical direction so as to avoid potential disasters. A probable scenario would be where AI systems operate more as a team-player rather than an independent system.

Nick Bostrom, in the paper titled Ethics of AI sums up the AI conundrum really well:

If we are serious about developing advanced AI, this is a challenge that we must meet. If machines are to be placed in a position of being stronger, faster, more trusted, or smarter than humans, then the discipline of machine ethics must commit itself to seeking human-superior (not just human-equivalent) niceness.[2]

Image credit: AP Photo/Massoud Hossaini

[1] http://www.goodreads.com/quotes/478060-war-has-changed-it-s-no-longer-about-nations-ideologies-or

[2] https://intelligence.org/files/EthicsofAI.pdf

Further Readings:

https://intelligence.org/files/EthicsofAI.pdf

Ganesh Chakravarthi is the Web Editor of The Takshashila Institution and tweets at @crg_takshashila.

Comments { 1 }

What India’s surgical strike achieved, and what it didn’t?

by Pranay Kotasthane (@pranaykotas)

Having introduced an uncertainty in its response, it is perhaps better for India to reduce the vulnerability of its military establishments.

In the wake of the attacks on the Indian army base in Nagrota, familiar uncomfortable questions have come to the fore: is it the lack of intelligence support that’s making such attacks recur? Has the fragile situation in the Kashmir valley helped rejuvenate terrorist networks? Or, are obsolete security mechanisms making military installations vulnerable to repeated attacks? Despite the recent spate of attacks on military infrastructure, these sticky, fly-papery questions still haven’t found responses that will make them dissolve away.

Nevertheless, the Nagrota attack throws up a completely new question: what did the “surgical strikes” of 29th September achieve — is there a need to replicate such strikes after the Nagrota attacks or should that option be dispensed with?

To answer this question, let’s assess what the surgical strikes achieved, from the lens of the three affected parties — the domestic Indian audience, the Pakistani military—jihadi complex, and the Pakistani civilian leadership.

For many Indians, a consciously coordinated action involving various parts of the administrative machinery — military, diplomatic, and political — was a signal that India will now respond to terrorism at strategic or operational levels, and not merely at a tactical level. Given that the earlier response — a carefully calibrated “strategic restraint” policy had failed to attenuate the attacks from Pakistan, a more forceful quid-pro-quo alternative became a cause of hope for some, and of aggressive chest-thumping for others. After the Nagrota attacks, some groups in this domestic constituency will demand similar strikes, with an aim of institutionalising this strategy.

Second, the Pakistani military—jihadi complex (MJC) was taken by surprise — it was anticipating a tactical response, but not a coordinated operational response. Moreover, the publicly declared cross-LoC Indian raids largely received a thumbs-up from the international community, weakening the complex’s narrative.  Within the complex, the jihadi node was specifically targetted. However, the shallow raids didn’t dent the terrorists’ capacity in any significant manner — there are no terrorist camps at such small distances from the LoC, merely a few launch pads to help terrorist squads in their transit. The operation also did not cause any major loss to the Pakistani army and hence it chose to deny the incident rather than escalate immediately. Overall, the surgical strikes served a signalling purpose against the MJC, rather than a concrete blow to its capacities; it flustered the MJC but hasn’t deterred it. It proved to the MJC that India is capable of maintaining a dynamic conventional threshold and that India is not just limited to the option of tactical retaliation.

Third, the Pakistani civilian leadership was able to utilise the surgical strikes against the dominance of the MJC. Unsurprisingly, a news report claiming that the civilian government has directed the military leadership to act against militants came out immediately after India’s raids. Meanwhile, the civilian leadership kept championing the anti-India rhetoric — such posturing continues to remain popular in Pakistan, regardless of who is in the driving seat. The army’s carefully cultivated image as the ultimate protector of Pakistan’s ideological and geographical frontiers took a dent, and the civilian leadership cashed in on the opportunity.

What will be the impact of another cross-border raid on the three affected parties?
Projected as a strong rejoinder to Pakistan’s use of terrorism, the Indian government will be able to garner domestic support from many quarters to a repeat strike. However, the border states of Punjab and J&K will have to bear the brunt of any further escalation, threatening livelihoods and economic prospects in these states.

The MJC and the Pakistani civilian establishment will now be better prepared in anticipation of another Indian strike. So, it will be very difficult for India to inflict any damage using the same level of deployment. Other options of this nature include using artillery against bunkers from a vantage point while avoiding collateral damage, or the use of air to surface strikes or using short-range cruise missiles to strike terrorist hideouts. But each of these alternatives is likely to result in significant escalation on both sides.

Having introduced an uncertainty in its response, it is perhaps better for India to reduce the vulnerability of its military establishments. Recommendations of the Lt Gen Philip Campose Committee, constituted after the Pathankot attacks, need to be implemented. There is clear indication that the MJC has altered its strategy over the last two years, focusing on high-value Indian military establishments rather than cause large-scale civilian damages. The sub-conventional warfare level, where terrorists operate, has clearly narrowed across the world. A conventional response to a terrorist attack having mass civilian casualties will now be seen as a necessity to curb terror. The surgical strikes have helped reinforced this viewpoint. A variant of the strikes can be used to target high-value terrorist infrastructure if Pakistan returns to its policy of causing mass casualties.

For now, it is better that India focuses on its defences. Ultimately, India is better off putting both — a grand rapprochement or a full-scale war — on the back burner, while expending available capacity to launch economic reforms, rendering Pakistan irrelevant.

Pranay Kotasthane (@pranaykotas) is a Research Fellow at the Takshashila Institution.

Comments { 0 }

Beware the security risks before you jump onto digital payments bandwagon

Deficit in cash flow has forced users into digital payments. Without proper precautions and security policies, the highly reactive nature of cyber security leaves us vulnerable to cyber-attacks.

chaiwalla-paytmImage source: DNA India

The whole demonetization of currencies has shaken our country to its core. In the past week, we saw how it affected people at all levels and how they were coping with it, hoping for the better in the near future. While the challenges still persist, it has nudged people towards digital transactions even for their daily needs using virtual wallets, PayTM and others. Companies that enabled digital payments acted as buffers soaking up some of the pressure. In fact, there was a surge in digital payments hitting records high over the past week; PayTM saw a 200% increase in its mobile application downloads and a 250% increase in overall transactions. MobiKwik saw an increase of 200% in its application downloads within few days. Other companies within this domain such as, Oxigen and PayU have also seen a rise in their service usage.

Resultant trend maybe vulnerable to security threats

This new trend is certainly heading in the right direction towards digitization, however there is risk of casting a blind eye towards the security aspect in the whole process of adapting to this digitized lifestyle. The Nordea Bank Fraud incident that occurred in 2007 is a classic example of e-banking cyber-attack, where perpetrators infected unsuspecting customers’ systems with a malware that stole login credentials, and made off with over 1.1 million US dollars. Not even major financial corporations like VISA, PayPal, and MasterCard are invincible from cyber-attacks.

The security standards and precautions have certainly evolved since these high profile attacks. But the speed of technological developments and its integration into our economy far supersedes that of the defense mechanisms and protocols in place to mitigate any cyber-attack on these developments. It goes to show that they are unparalleled and reactive in nature which ultimately begs the question: Is it safe to utilize these new payment platforms?

PayTM for instance is certified under the Payment Card Industry Data Security Standard (PCI DSS) 2.0 certification, which is the current industry security standard set by American Express, Visa International, MasterCard Worldwide and few other international dealers. This is an essential certification for companies that store credit-card info. PayTM also uses 128-bit encryption technology to crypt any information transfer between two systems. It takes more than 100 trillion years for a hacker to crack a password under 128-bit encryption. Needless to say, transactions via PayTM are fairly secure. Other companies like MobikWix also employ the 128-bit encryption technology. This is a common security measure that companies dealing with credit card information and transactions deploy, hence there is little doubt that companies taking advantage of demonetization are employing their share of precautions for secure transactions.

Is that secure enough?

But, these precautions won’t make us invulnerable. There are other things aside from the login credentials that hackers target these days. For example, just few days back, hackers breached a British mobile company, Three Mobile’s database and stole private information on six million users. Another example is the recent massive data breach of Indian bank networks that compromised over three million users’ financial data. The breach occurred between May 25 and June 10, victimizing major banking companies, including HDFC Bank, ICICI Bank, YES Bank, and Axis Bank. This stolen data can be sold underground, used for identity theft, or strengthen brute force attacks for further personal attacks.

These breaches may appear sophisticated, but there are other easier methods that anyone with basic IT skills can deploy. For Instance, here is an article by a hacker displaying the html code on how to fake the PayTM website. Using a spoofed site, a hacker can use phishing tactic to gain login credentials from unsuspecting users. Other tactics include fake mobile applications or spyware that steal information, social engineering tactics that make you reveal your login credentials, etc. This is nothing new however; spoofing, phishing, and spyware have plagued the IT security industry for more than a decade, with their tactics getting increasingly sophisticated.

But, if companies like HDFC and ICICI, which are most likely proactive in updating their security systems, still experienced cyber-attacks, what does that imply about unsuspecting users? Most new users were forced onto the digital payments bandwagon due to the currency demonetisation. Especially street-vendors, who were primarily reliant on cash payments before the demonetization, such as the Chai-wallas and Pan-wallas that were quick to adapt so as to maintain their revenue. Are these new users aware of the security risks involved here? I highly doubt it. Even if they are aware of the risks, whose responsibility is it and what precautions can they take to minimize damage from future attacks?

Whose responsibility is it?

It is not a single entity’s responsibility. Everybody involved in the process, including companies offering the service, the customers, and the government should do their share to mitigate cyber-attacks and minimize its damages. The following is a three pronged approach for companies, customers and the government to mitigate security risks:

digital-payment-risk-management

Companies

All companies that offer platforms or services enabling digital payments should, first and foremost, increase awareness of the risks among their customer base and educate them on ways to secure themselves. Employ behavior analytics and pattern analysis at their fraud departments to predict suspicious behavior. Stay proactive in looking out for any spoofed applications or websites that masquerade their service. Proactively monitor discussion boards, social media platforms, and forums that discuss hacking and fraud tactics, and implement proactive measures to thwart their tactics.

Government

The Government should also do its share to protect its citizens by minimizing vulnerabilities. It should check if the current policies regulating this platform are adequate, and update it if necessary. Educate the populace on the risks involved. Enforce strict policies and hold companies accountable for not meeting security standards. Minimize benefits that come from overlooking security precautions. And, strengthen public-private partnership on live information sharing about cyber-attacks and fraud.

Customers

Customers should do their share to minimize damages. They should educate themselves about the risks involved, and take appropriate precautions. Minimize vulnerability with two-factor authentication and routine password changes. Check for applications’ authenticity by looking for the number of downloads and reviews by other users; the higher the number of downloads and reviews are, the higher the chances that the application is legitimate. In addition, check for other application releases from that developer. Check for website’s authenticity by checking for proper spelling of the web address, or if the website is secure by checking for a green padlock symbol on the left to the web address, and that the address starts with ‘https:’ Keep the web browsers updated as they can recognize illegitimate sites easily. Do not share sensitive information including login credentials over emails, phone calls, or chats. Lastly, trust your instincts and double check to make sure you don’t leave yourself vulnerable.

Puru Naidu (@Brocolli88) is a Research Analyst at the Takshashila Institution

Comments { 0 }

The disappearance of the middle ground

By Anupam Manur (@anupammanur)

The end result of an acrid political climate, as witnessed in the US and India, could be one of highly populated extremes and a disappearing middle-ground.

political_parties

Dear America,

Allow me the liberty to predict what will happen over the next few years. This is not another fear-mongering doomsday scenario painting exercise about the potential consequences of a Trump Presidency. I’ll leave that to the experts; experts, who have gotten all their predictions wrong until now. You are in a lot of trouble, not because of what Trump will do or not do, but because of the way you will react to his every move.

If you thought the election campaign trail saw the heights of polarisation, bigotry and racism in your society, then, you have another thing coming. Things are only going to get more divisive from now on. There will be an exponential increase in nationalistic fervour. Public discourse will worsen over the next few years to the point that sensible people will be forced to retire out of sheer frustration and saturation. This is the adverse selection problem in public discourse. If there is a higher proportion of lemons in the market, and the average consumer cannot differentiate between the lemon and the peach, the peaches get crowded out.

Every move by your next President will receive disproportionate attention and reactions. Yes, in a democracy, the citizens have to provide the vigil, but this will take an extreme turn, and perhaps a turn for the worse. The vigil will turn into an obsession, which will saturate public attention. The supporters and detractors will fight out every move, not based on the merits or demerits of the move, but based on the position they took on the day of the election. Supporters will cheer every move and defend it with all their might, irrespective of whether there exists any merits to it. Even terrible moves that might actually induce harm in these stakeholders will find staunch supporters. The supporters might even be willing to endure the negative effects in order to defend their position.

Detractors, on the other hand, will assume that it is their moral obligation to oppose everything. Let us assume that Trump does something reasonable in his tenure, which can be welfare enhancing to Americans, like perhaps fixing the fragile Obamacare. Regardless, the detractors will vilify him, make highly polemical arguments, and go to great lengths to find faults, instead of nuanced debates on how it can be improved. Reasonability and sensibility will disappear from public discourse and so will balanced objectivity. The residue will be a highly charged, hyper-partisan platform for dogmatic exchanges. To make things worse, your political representatives will also be highly divided and it would be reasonable to expect the Congress and the Senate to be in a continuous gridlock for the next few years. Sure, some legislations may get passed, but most of it will have to endure an extremely rough path.

This black hole of negativity will suck in everything in its sight. Previously sane commentators will start taking positions and will stick to it, even in the face of contradictory evidence. Very few will be exempt from this. The middle ground will rapidly vanish and the extremes will start getting populated. There is perhaps some merit in apathy and indecisiveness among citizens, but the time for that has gone. Everyone has a strong opinion and of course, it is the right opinion. The media houses will not be spared either from the hyper-partisan discourse. An independent and impartial media will be left wanting.

I speak from experience. This is what has happened to public discourse in India since the elections in 2014. I am not trying to draw any parallels between our two elected representatives nor our political parties or governments. There is just an overwhelming similarity in the acrid political climate of our countries and the end result could be one of highly populated extremes and a disappearing middle-ground.

Anupam Manur is a Policy Analyst at the Takshashila Institution

 

Comments { 0 }

Changing alignments in East Asia

by Pranay Kotasthane (@pranaykotas)
Early indications about a Trump Presidency’s impact on partnerships in East Asia

Since Woodrow Wilson, the goal of American foreign policy has been to prevent regional hegemony.

believes Seth Cropsey, Director of the Centre for American Seapower at Hudson Institute. Assuming this was true, the goal is now being reconsidered seriously in the wake of Donald Trump’s victory in the presidential elections. All through the election season, Trump has indicated that the next administration would be more inward-looking — provision of the common good of security, and promotion of free trade, will not be the guiding principles of US foreign policy anymore.

In the early days, the effects of this new strategy are most clearly visible in East Asia. After Obama decided to suspend efforts to pass his signature Trans-Pacific Partnership (TPP) deal through the Congress, Vietnam too will not ratify the deal in the national assembly anytime soon. Trump’s victory also caused panic in South Korea’s financial markets, prompting an emergency meeting of the National Security Council. Australia too followed suit — signalling support for Chinese-led Free Trade Area of the Asia-Pacific.

The framework below gives an idea of how East Asian states are recalibrating their strategies over the past few weeks.

tpp-trump-duterte

Given that the US and China are overwhelmingly powerful in the region, bipolarity exists in East Asia. Further, there are two axes of alignments — political and economic. Based on their relationships with these two major powers, East Asian states can be assigned to one of the four quadrants. There are two bandwagon quadrants (where a state aligns with US or China both, politically and economically) and two hedging quadrants (where a state aligns with one major power in political engagements and aligns with the other in economic arrangements). Grey points indicate positions of East Asian states before Trump’s presidency and black points indicate recent shifts. I haven’t classified all the East Asian states in this framework, yet.

This framework indicates that countries like Australia and Philippines are already moving towards the hedging quadrants. With TPP faltering, a lot of states might follow the Australian trajectory —  economic alignment with China and play a waiting game on geopolitical alignment.

Countries such as North Korea and Japan will find the realignment tougher, and will look out for more options. Faster movement on India—Japan cooperation is an example. No surprises that a landmark nuclear deal between the two countries took place once it was clear that Trump would be the next US president.

Interesting days ahead for East Asia watchers. China can be expected to be strident in the days to come.

Pranay Kotasthane (@pranaykotas) is a Research Fellow at the Takshashila Institution.

Comments { 1 }