The Pegasus Hack: A Hark Back to the Wassenaar Arrangement

By Sharngan Aravindakshan

The world’s most popular messaging application, Whatsapp, recently revealed that a significant number of Indians were among the targets of Pegasus, a sophisticated spyware that operates by exploiting a vulnerability in Whatsapp’s video-calling feature. It has also come to light that Whatsapp, working with the University of Toronto’s Citizen Lab, an academic research organization with a focus on digital threats to civil society, has traced the source of the spyware to NSO Group, an Israeli company well known both for developing and selling hacking and surveillance technology to governments with a questionable record in human rights. Whatsapp’s lawsuit against NSO Group in a federal court in California also specifically alludes to NSO Group’s clients “which include but are not limited to government agencies in the Kingdom of Bahrain, the United Arab Emirates, and Mexico as well as private entities.” The complaint filed by Whatsapp against NSO Group can be accessed here.

In this context, we examine the shortcomings of international efforts in limiting or regulating the transfers or sale of advanced and sophisticated technology to governments that often use it to violate human rights, as well as highlight the often complex and blurred lines between the military and civil use of these technologies by the government.

The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (WA) exists for this precise reason. Established in 1996 and voluntary / non-binding in nature[I], its stated mission is “to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.”[ii] Military advancements across the globe, significant among which were the Indian and Pakistani nuclear tests, rocket tests by India and South Korea and the use of chemical warfare during the Iran-Iraq war, were all catalysts in the formulation of this multilateral attempt to regulate the transfer of advanced technologies capable of being weaponized.[iii] With more and more incidents coming to light of authoritarian regimes utilizing advanced western technology to violate human rights, the WA was amended to bring within its ambit “intrusion software” and “IP network surveillance systems” as well. 

Wassenaar: A General Outline

With a current membership of 42 countries (India being the latest to join in late 2017), the WA is the successor to the cold war-era Coordinating Committee for Multilateral Export Controls (COCOM) which had been established by the Western Bloc in order to prevent weapons and technology exports to the Eastern Bloc or what was then known as the Soviet Union.[iv] However, unlike its predecessor, the WA does not target any nation-state, and its members cannot exercise any veto power over other member’s export decisions.[v] Notably, while Russia is a member, Israel and China are not.

The WA lists out the different technologies in the form of “Control Lists” primarily consisting of the “List of Dual-Use Goods and Technologies” or the Basic List, and the “Munitions List”.[vi] The term “dual-use technology” typically refers to technology that can be used for both civilian and military purposes.[vii] The Basic List consists of ten categories[viii]

  • Special Materials and Related Equipment (Category 1); 
  • Materials Processing (Category 2); 
  • Electronics (Category 3); 
  • Computers (Category 4); 
  • Telecommunications (Category 5, Part 1); 
  • Information Security (Category 5, Part 2); 
  • Sensors and Lasers (Category 6); 
  • Navigation and Avionics (Category 7); 
  • Marine (Category 8); 
  • Aerospace and Propulsion (Category 9). 

Additionally, the Basic List also has the Sensitive and Very Sensitive Lists which include technologies covering radiation, submarine technology, advanced radar, etc. 

An outline of the WA’s principles is provided in its Guidelines & Procedures, including the Initial Elements. Typically, participating countries enforce controls on transfer of the listed items by enacting domestic legislation requiring licenses for export of these items and are also expected to ensure that the exports “do not contribute to the development or enhancement of military capabilities which undermine these goals, and are not diverted to support such capabilities.[ix]

While the Guidelines & Procedures document does not expressly proscribe the export of the specified items to non-WA countries, members are expected to notify other participants twice a year if a license under the Dual List is denied for export to any non-WA country.[x]

Amid concerns of violation of civil liberties

Unlike conventional weapons, cyberspace and information technology is one of those sectors where the government does not yet have a monopoly in expertise. In what can only be termed a “cyber-arms race”, it would be fair to say that most governments are even now busily acquiring technology from private companies to enhance their cyber-capacity, which includes surveillance technology for intelligence-gathering efforts. This, by itself, is plain real-politik.

However, amid this weaponization of the cyberspace, there were growing concerns that this technology was being purchased by authoritarian or repressive governments for use against their citizens. For instance, Eagle, monitoring technology owned by Amesys (a unit of the French firm Bull SA), Boeing Co.’s internet-filtering Narus, and China’s ZTE Corp. all contributed to the surveillance efforts by Col. Gaddafi’s regime in Libya. Surveillance technology equipment sold by Siemens AG and maintained by Nokia Siemens Networks were used against human rights activists in Bahrain. These instances, as part of a wider pattern that came to the spotlight, galvanized the WA countries in 2013 to include “intrusion software” and “IP network surveillance systems” in the Control List to attempt to limit the transfer of these technologies to known repressive regimes. 

Unexpected Consequences

The 2013 Amendment to the Control Lists was the subject of severe criticism by tech companies and civil society groups across the board. While the intention behind it was recognized as laudable, the terms “intrusion software” and “IP network surveillance system” were widely viewed as over-broad and having the unintended consequence of looping in both legitimate as well as illegitimate use of technology. The problems pointed out by cybersecurity experts are manifold and are a result of a misunderstanding of how cybersecurity works.

The inclusion of these terms, which was meant to regulate surveillance based on computer codes / programmes, also has the consequence of bringing within its ambit legitimate and often beneficial uses of these technologies, including even antivirus technology according to one view. Cybersecurity research and development often involves making use of “zero-day exploits” or vulnerabilities in the developed software, which when discovered and reported by any “bounty hunter”, is typically bought by the company owning the software. This helps the company immediately develop a “patch” for the reported vulnerability. These transactions are often necessarily cross-border. Experts complained that if directly transposed to domestic law, the changes would have a chilling effect on the vital exchange of information and research in this area, which was a major hurdle for advances in cybersecurity, making cyberspace globally less safer. A prime example is HewlettPackard’s (HP)  withdrawal from Pwn2Own—a computer hacking contest held annually at the PacSecWest security conference where contestants are challenged to hack into / exploit vulnerabilities on widely used software. HP, which sponsored the event, was forced to withdraw in 2015 citing the “complexity in obtaining real-time import /export licenses in countries that participate in the Wassenaar Arrangement”, among others. The member nation in this case was Japan.

After facing fierce opposition on its home soil, the United States decided to not implement the WA amendment and instead, decided to argue for a reversal at the next Plenary session of the WA, which failed. Other nations, including the EU and Japan have implemented the WA amendment export controls with varying degrees of success.

The Pegasus Hack, India and the Wassenaar

Considering many of the Indians identified as victims of the Pegasus hack were either journalists or human rights activists, with many of them being associated with the highly-contentious Bhima-Koregaon case, speculation is rife that the Indian government is among those purchasing and utilizing this kind of advanced surveillance technology to spy on its own citizens. Adding this to the NSO Group’s public statement that its “sole purpose” is to “provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime”, it appears there are credible allegations that the Indian government was involved in the hack. The government’s evasiveness in responding and insistence on so-called “standard operating procedures” having been followed are less than reassuring.

While India’s entry to the WA as its 42nd member in 2018 has certainly elevated its status in the international arms control regime by granting it access to three of the world’s four main arms-control regimes (the others being the Nuclear Suppliers’ Group / NSG, the Missile Technology Control Group / MTCR and the Australia Group), the Pegasus Hack incident and the apparent connection to the Indian government shows us that its commitment to the principles underlying the WA is doubtful. The purpose of the inclusion of “intrusion software” and “IP network surveillance system” in the WA’s Control Lists by way of the 2013 Amendment, no matter their unintended consequences for legitimate uses of such technology, was to prevent governmental purchases exactly like this one. Hence, even though the WA does not prohibit the purchase of any surveillance technology from a non-member, the Pegasus incident arguably, is still a serious detraction from India’s commitment to the WA, even if not an explicit violation.

Military Cyber-Capability Vs Law Enforcement Cyber-Capability

Given what we know so far, it appears that highly sophisticated surveillance technology has also come into the hands of local law enforcement agencies. Had it been disclosed that the Pegasus software was being utilized by a military wing against external enemies, by, say, even the newly created Defence Cyber Agency, it would have probably caused fewer ripples. In fact, it might even have come off as reassuring evidence of the country’s advanced cyber-capabilities. However, the idea of such advanced, sophisticated technologies at the easy disposal of local law enforcement agencies is cause for worry. This is because while traditionally the domain of the military is external, the domain of law enforcement agencies is internal, i.e., the citizenry. There is tremendous scope for misuse by such authorities, including increased targeting of minorities. The recent incident of police officials in Hyderabad randomly collecting biometric data including their fingerprints and clicking people’s pictures only exacerbates this point. Even abroad, there already exist on-going efforts to limit the use of surveillance technologies by local law enforcement such as the police.

The conflation of technology use by both military and civil agencies  is a problem that is created in part at least, by the complex and often dual-use nature of technology. While dual use technology is recognized by the WA, this problem is not one that it is able to solve. As explained above, dual use technology is technology that can be used for both civil and military purposes. The demands of real-politik, increase in cyber-terrorism and the manifold ways in which a nation’s security can be compromised in cyberspace necessitate any government in today’s world to increase and improve its cyber-military-capacity by acquiring such technology. After all, a government that acquires surveillance technology undoubtedly increases the effectiveness of its intelligence gathering and ergo, its security efforts. But at the same time, the government also acquires the power to simultaneously spy on its own citizens, which can easily cascade into more targeted violations. 

Governments must resist the impulse to turn such technology on its own citizens. In the Indian scenario, citizens have been granted a ring of protection by way of the Puttaswamy judgement, which explicitly recognizes their right to privacy as a fundamental right. Interception and surveillance by the government while currently limited by laid-down protocols, are not regulated by any dedicated law. While there are calls for urgent legislation on the subject, few deal with the technology procurement processes involved. It has also now emerged that Chhattisgarh’s State Government has set up a panel to look into allegations that that NSO officials had a meeting with the state police a few years ago. This raises questions of oversight in the relevant authorities’ public procurement processes, apart from their legal authority to actually carry out domestic surveillance by exploiting zero-day vulnerabilities.  It is now becoming evident that any law dealing with surveillance will need to ensure transparency and accountability in the procurement of and use of the different kinds of invasive technology adopted by Central or State authorities to carry out such surveillance. 


[i]A Guide to the Wassenaar Arrangement, Daryl Kimball, Arms Control Association, December 9, 2013, https://www.armscontrol.org/factsheets/wassenaar, last accessed on November 27, 2019.

[ii]Ibid.

[iii]Data, Interrupted: Regulating Digital Surveillance Exports, Tim Maurerand Jonathan Diamond, November 24, 2015, World Politics Review.

[iv]Wassenaar Arrangement: The Case of India’s Membership, Rajeswari P. Rajagopalan and Arka Biswas, , ORF Occasional Paper #92 p.3, OBSERVER RESEARCH FOUNDATION, May 5, 2016, http://www.orfonline.org/wp-content/uploads/2016/05/ORF-Occasional-Paper_92.pdf, last accessed on November 27, 2019.

[v]Ibid, p. 3

[vi]“List of Dual-Use Goods and Technologies And Munitions List,” The Wassenaar Arrangement, available at https://www.wassenaar.org/public-documents/, last accessed on November 27, 2019. 

[vii]Article 2(1), Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL setting up a Union regime for the control of exports, transfer, brokering, technical assistance and transit of dual-use items (recast), European Commission, September 28th, 2016, http://trade.ec.europa.eu/doclib/docs/2016/september/tradoc_154976.pdf, last accessed on November 27, 2019. 

[viii]supra note vi.

[ix]Guidelines & Procedures, including the Initial Elements, The Wassenaar Arrangement, December, 2016, http://www.wassenaar.org/wp- content/uploads/2016/12/Guidelines-and-procedures-including-the-Initial-Elements-2016.pdf, last accessed on November 27, 2019.

[x]Articles V(1) & (2), Guidelines & Procedures, including the Initial Elements, The Wassenaar Arrangement, December, 2016, https://www.wassenaar.org/public-documents/, last accessed on November 27, 2019.

Fork in the Road? UN General Assembly passes Russia-backed Resolution to fight Cybercrime.

By Sharngan Aravindakshan

On 19 November 2019, the Third Committee of the United Nations General Assembly passed a Russia-backed resolution. The resolution called for the establishment of an ad-hoc intergovernmental committee of experts “to elaborate a comprehensive international convention countering the use of information and communications technologies for criminal purposes” (A/C.3/74/L.11/Rev.1). China, Iran, Myanmar, North Korea and Syria were also some of the countries that sponsored the resolution. Notably, countries such as Russia, China and North Korea are all proponents of the internet-restrictive “cyber-sovereignty” model, as opposed to the free, open and global internet advocated by the Western bloc. Equally notably, India voted in favour of the resolution. The draft resolution, which was passed by a majority of 88-58 with 34 abstentions, can be accessed here.

The resolution was strongly opposed by most of the Western bloc, with the United States leading the fight against what they believe is a divisive attempt by Russia and China to create UN norms and standards permitting unrestricted state control of the internet. This is the second successful attempt by Russia and China, traditionally seen as outliers in cyberspace for their authoritarian internet regimes, to counter cybernorm leadership by the West. The resolution, to the extent it calls for the establishment of an open-ended ad hoc intergovernmental committee of experts “to elaborate a comprehensive international convention” on cybercrime, is also apparently a Russian proposal for an alternative to the Council of Europe’s Budapest Convention.

Similarly, last year, Russia and China successfully pushed for and established the Open-Ended Working Group (OEWG), also under the aegis of the United Nations, as an alternative to the US-led UN Group of Governmental Experts (GGE) in the attempt at making norms for responsible state behaviour in cyberspace. Hence, we now have two parallel UN based processes working on essentially the same issues in cyberspace. The Russians claim that both these processes  are complementary to each other, while others have stated that it was actually an attempt to delay consensus-building in cyberspace. In terms of outcome, scholars have noted the likelihood of either both processes succeeding or both failing, or what Dennis Broeders termed “Mutually Assured Diplomacy”.

Criticism

The Russia-backed cyber-crime resolution, while innocuously worded, has been widely criticized by civil society groups for its vagueness and for potentially opening the door to widespread human rights violations. In an open letter to the UN General Assembly, various civil society and academic groups have expressed the worry that “it could lead to criminalizing ordinary online behaviour protected under human rights law” and assailed the resolution for the following reasons:

  • The resolution fails to define “use of information and communication technologies for criminal purposes.” It is not clear whether this is meant to cover cyber-dependent crimes (i.e. crimes that can only be committed by using ICTs, like breaking into computer systems to commit a crime or DDoS attacks) or cyber-enabled crimes (i.e. using ICTs to assist in committing “offline” crimes, like child sexual exploitation). The broad wording of the text includes most crimes and this lack of specificity opens the door to criminalising even ordinary online behaviour;
  • The single reference to human rights in the resolution, i.e., “Reaffirming the importance of respect for human rights and fundamental freedoms” is not strong enough to counter the growing trend among countries to use cybercrime legislation to violate human rights, nor does it recognize any positive obligation on the state to protect human rights.
  • It is essentially a move to negotiate a cybercrime convention or treaty, which will duplicate efforts. The Council of Europe’s Budapest Convention already has the acceptance of 64 countries that have ratified it. Also, there are already other significant international efforts underway in combating cybercrime including the UN Office on Drugs and Crime working on various related issues such as challenges faced by national laws in combating cybercrime (Cybercrime Depository) and the Open Ended Intergovernmental Expert Group Meeting on Cybercrime, which is due to release its report with its findings in 2021.

Wolves in the hen-house?

Russia’s record in human rights protection in the use of information and communications technology has been controversial. Conspicuously, this resolution comes just a few months after it passed its “sovereign-internet law”. The law grants the Kremlin the power to completely cut-off the Russian internet from the rest of the world. According to Human Rights Watch, the law obliges internet service providers to install special equipment that can track, filter, and reroute internet traffic, allowing the Russian government to spy, censor and independently block access to internet content ranging from a single message to cutting off Russia from the global internet or shutting down internet within Russia. While some experts have doubted the technical feasibility of isolating the Russian internet no matter what the government wants, the law has already come into force from 1 November 2019 and it definitely seems like Russia is going to try.

Apart from this, there have also been credible claims attributing various cyberattacks to Russia, including the 2007 attacks on Estonia, the 2008 attacks on Georgia and even the recent hacking of the Democratic National Committee (DNC) in the US. More recently, in a rare incident of collective public attribution, the US, the UK and the Netherlands called out Russia for targeting the Organization for the Prohibition of Chemical Weapons’ (OPCW) investigation into the chemical attack on a former Russian spy in the U.K., and anti-doping organizations through cyberattacks in 2018.

China, another sponsor of the resolution, is also not far behind. According to the RAND Corporation, the most number of cyber-incidents including cyber theft from 2005- 2017 was attributed to China. Also, China’s Great Firewall is famous for allowing internet censorship in the country. A Russo-China led effort in international cybernorm making is now widely feared as portending stricter state control over the internet leading to more restrictions on civil liberties.

However, as a victim of growing cyber-attacks and as a country whose current public stance is against “data monopoly” by the West, India is going to need a lot more convincing by the Western bloc to bring it over to the “free, open and global” internet camp, as its vote in favour of this resolution shows. An analysis of the voting pattern for last year’s UNGA resolution on countering the use of ICT for criminal purposes and what it means for international cyber norm making can be accessed here.

Fractured Norm-making

This latest development only further splinters the already fractured global norm-making process in cyberspace. Countries such as the United States are also taking the approach of negotiating separate bilateral cyberspace treaties with “like-minded nations” to advance its “cyber freedom” doctrine and China is similarly advancing its own “cyber-sovereignty” doctrine alongside Russia.

Add to this mix the private sector’s efforts like Microsoft’s Cybersecurity Tech Accord (2018) and the Paris Call for Trust and Security in Cyberspace (2018), and it becomes clear that any unified multilateral approach to cybernorm making now seems extremely difficult, if not impossible. With each initiative paving its own way, it now remains to be seen whether these roads all lead to cyberspace stability.

[September 30-October 7] CCG’s Week in Review Curated News in Information Law and Policy

Huawei finds support from Indian telcos in the 5G rollout as PayPal withdrew from Facebook’s Libra cryptocurrency project; Foreign Portfolio Investors moved MeitY against in the Data Protection Bill; the CJEU rules against Facebook in case relating to takedown of content globally; and Karnataka joins list of states considering implementing NRC to remove illegal immigrants – presenting this week’s most important developments in law, tech and national security.

Digital India

  • [Sep 30] Why the imminent global economic slowdown is a growth opportunity for Indian IT services firms, Tech Circle report.
  • [Sep 30] Norms tightened for IT items procurement for schools, The Hindu report.
  • [Oct 1] Govt runs full throttle towards AI, but tech giants want to upskill bureaucrats first, Analytics India Magazine report.
  • [Oct 3] – presenting this week’s most important developments in law, tech and national security. MeitY launches smart-board for effective monitoring of the key programmes, The Economic Times report.
  • [Oct 3] “Use human not artificial intelligence…” to keep a tab on illegal constructions: Court to Mumbai civic body, NDTV report.
  • [Oct 3] India took 3 big productivity leaps: Nilekani, Livemint report.
  • [Oct 4] MeitY to push for more sops to lure electronic makers, The Economic Times report; Inc42 report.
  • [Oct 4] Core philosophy of Digital India embedded in Gandhian values: Ravi Shankar Prasad, Financial Express report.
  • [Oct 4] How can India leverage its data footprint? Experts weigh in at the India Economic Summit, Quartz report.
  • [Oct 4] Indians think jobs would be easy to find despite automation: WEF, Tech Circle report.
  • [Oct 4] Telangana govt adopts new framework to use drones for last-mile delivery, The Economic Times report.
  • [Oct 5] Want to see ‘Assembled in India’ on an iPhone: Ravi Shankar Prasad, The Economic Times report.
  • [Oct 6] Home market gets attractive for India’s IT giants, The Economic Times report.

Internet Governance

  • [Oct 2] India Govt requests maximum social media content takedowns in the world, Inc42 report; Tech Circle report.
  • [Oct 3] Facebook can be forced to delete defamatory content worldwide, top EU court rules, Politico EU report.
  • [Oct 4] EU ruling may spell trouble for Facebook in India, The Economic Times report.
  • [Oct 4] TikTok, TikTok… the clock is ticking on the question whether ByteDance pays its content creators, ET Tech report.
  • [Oct 6] Why data localization triggers a heated debate, The Economic Times report.
  • [Oct 7] Sensitive Indian govt data must be stored locally, Outlook report.

Data Protection and Privacy

  • [Sep 30] FPIs move MeitY against data bill, seek exemption, ET markets report, Inc42 report; Financial Express report.
  • [Oct 1] United States: CCPA exception approved by California legislature, Mondaq.com report.
  • [Oct 1] Privacy is gone, what we need is regulation, says Infosys Kris Gopalakrishnana, News18 report.
  • [Oct 1] Europe’s top court says active consent is needed for tracking cookies, Tech Crunch report.
  • [Oct 3] Turkey fines Facebook $282,000 over data privacy breach, Deccan Herald report.

Free Speech

  • [Oct 1] Singapore’s ‘fake news’ law to come into force Wednesday, but rights group worry it could stifle free speech, The Japan Times report.
  • [Oct 2] Minister says Singapore’s fake news law is about ‘enabling’ free speech, CNBC report.
  • [Oct 3] Hong Kong protests: Authorities to announce face mask ban, BBC News report.
  • [Oct 3] ECHR: Holocaust denial is not protected free speech, ASIL brief.
  • [Oct 4] FIR against Mani Ratnam, Adoor and 47 others who wrote to Modi on communal violence, The News Minute report; Times Now report.
  • [Oct 5] UN asks Malaysia to repeal laws curbing freedom of speech, The New Indian Express report.
  • [Oct 6] When will our varsities get freedom of expression: PC, Deccan Herald report.
  • [Oct 6] UK Government to make university students sign contracts limiting speech and behavior, The Times report.
  • [Oct 7] FIR on Adoor and others condemned, The Telegraph report.

Aadhaar, Digital IDs

  • [Sep 30] Plea in SC seeking linking of social media accounts with Aadhaar to check fake news, The Economic Times report.
  • [Oct 1] Why another omnibus national ID card?, The Hindu Business Line report.
  • [Oct 2] ‘Kenyan court process better than SC’s approach to Aadhaar challenge’: V Anand, who testified against biometric project, LiveLaw report.
  • [Oct 3] Why Aadhaar is a stumbling block in Modi govt’s flagship maternity scheme, The Print report.
  • [Oct 4] Parliament panel to review Aadhaar authority functioning, data security, NDTV report.
  • [Oct 5] Could Aahdaar linking stop GST frauds?, Financial Express report.
  • [Oct 6] Call for liquor sale-Aadhaar linking, The New Indian Express report.

Digital Payments, Fintech

  • [Oct 7] Vision cash-lite: A billion UPI transactions is not enough, Financial Express report.

Cryptocurrencies

  • [Oct 1] US SEC fines crypto company Block.one for unregistered ICO, Medianama report.
  • [Oct 1] South Korean Court issues landmark decision on crypto exchange hacking, Coin Desk report.
  • [Oct 2] The world’s most used cryptocurrency isn’t bitcoin, ET Markets report.
  • [Oct 2] Offline transactions: the final frontier for global crypto adoption, Coin Telegraph report.
  • [Oct 3] Betting on bitcoin prices may soon be deemed illegal gambling, The Economist report.
  • [Oct 3] Japan’s financial regulator issues draft guidelines for funds investing in crypto, Coin Desk report.
  • [Oct 3] Hackers launch widespread botnet attack on crypto wallets using cheap Russian malware, Coin Desk report.
  • [Oct 4] State-backed crypto exchange in Venezuela launches new crypto debit cards, Decrypt report.
  • [Oct 4] PayPal withdraws from Facebook-led Libra crypto project, Coin Desk report.
  • [Oct 5] Russia regulates digital rights, advances other crypto-related bills, Bitcoin.com report.
  • [Oct 5] Hong Kong regulates crypto funds, Decrypt report.

Cybersecurity and Cybercrime

  • [Sep 30] Legit-looking iPhone lightening cables that hack you will be mass produced and sold, Vice report.
  • [Sep 30] Blackberry launches new cybersecurity development labs, Infosecurity Mgazine report.
  • [Oct 1] Cybersecurity experts warn that these 7 emerging technologies will make it easier for hackers to do their jobs, Business Insider report.
  • [Oct 1] US government confirms new aircraft cybersecurity move amid terrorism fears, Forbes report.
  • [Oct 2] ASEAN unites to fight back on cyber crime, GovInsider report; Asia One report.
  • [Oct 2] Adopting AI: the new cybersecurity playbook, TechRadar Pro report.
  • [Oct 4] US-UK Data Access Agreement, signed on Oct 3, is an executive agreement under the CLOUD Act, Medianama report.
  • [Oct 4] The lack of cybersecurity talent is ‘a  national security threat,’ says DHS official, Tech Crunch report.
  • [Oct 4] Millions of Android phones are vulnerable to Israeli surveillance dealer attack, Forbes report; NDTV report.
  • [Oct 4] IoT devices, cloud solutions soft target for cybercriminals: Symantec, Tech Circle report.
  • [Oct 6] 7 cybersecurity threats that can sneak up on you, Wired report.
  • [Oct 6] No one could prevent another ‘WannaCry-style’ attack, says DHS official, Tech Crunch report.
  • [Oct 7] Indian firms rely more on automation for cybersecurity: Report, ET Tech report.

Cyberwarfare

  • [Oct 2] New ASEAN committee to implement norms for countries behaviour in cyberspace, CNA report.

Tech and National Security

  • [Sep 30] IAF ready for Balakot-type strike, says new chief Bhadauria, The Hindu report; Times of India report.
  • [Sep 30] Naval variant of LCA Tejas achieves another milestone during its test flight, Livemint report.
  • [Sep 30] SAAB wants to offer Gripen at half of Rafale cost, full tech transfer, The Print report.
  • [Sep 30] Rajnath harps on ‘second strike capability’, The Shillong Times report.
  • [Oct 1] EAM Jaishankar defends India’s S-400 missile system purchase from Russia as US sanctions threat, International Business Times report.
  • [Oct 1] SC for balance between liberty, national security, Hindustan Times report.
  • [Oct 2] Startups have it easy for defence deals up to Rs. 150 cr, ET Rise report, Swarajya Magazine report.
  • [Oct 3] Huawei-wary US puts more pressure on India, offers alternatives to data localization, The Economic Times report.
  • [Oct 4] India-Russia missile deal: What is CAATSA law and its implications?, Jagran Josh report.
  • [Oct 4] Army inducts Israeli ‘tank killers’ till DRDO develops new ones, Defence Aviation post report.
  • [Oct 4] China, Russia deepen technological ties, Defense One report.
  • [Oct 4] Will not be afraid of taking decisions for fear of attracting corruption complaints: Rajnath Singh, New Indian Express report.
  • [Oct 4] At conclave with naval chiefs of 10 countries, NSA Ajit Doval floats an idea, Hindustan Times report.
  • [Oct 6] Pathankot airbase to finally get enhanced security, The Economic Times report.
  • [Oct 6] rafale with Meteor and Scalp missiles will give India unrivalled combat capability: MBDA, The Economic Times report.
  • [Oct 7] India, Bangladesh sign MoU for setting up a coastal surveillance radar in Bangladesh, The Economic Times report; Decaan Herald report.
  • [Oct 7] Indian operated T-90 tanks to become Russian army’s main battle tank, EurAsian Times report.
  • [Oct 7] IAF’s Sukhois to get more advanced avionics, radar, Defence Aviation post report.

Tech and Law Enforcement

  • [Sep 30] TMC MP Mahua Mitra wants to be impleaded in the WhatsApp traceability case, Medianama report; The Economic Times report.
  • [Oct 1] Role of GIS and emerging technologies in crime detection and prevention, Geospatial World.net report.
  • [Oct 2] TRAI to take more time on OTT norms; lawful interception, security issue now in focus, The Economic Times report.
  • [Oct 2[ China invents super surveillance camera that can spot someone from a crowd of thousands, The Independent report.
  • [Oct 4] ‘Don’t introduce end-to-end encryption,’ UK, US and Australia ask Facebook in an open letter, Medianama report.
  • [Oct 4] Battling new-age cyber threats: Kerala Police leads the way, The Week report.
  • [Oct 7] India govt bid to WhatsApp decryption gets push as UK,US, Australia rally support, Entrackr report.

Tech and Elections

  • [Oct 1] WhatsApp was extensively exploited during 2019 elections in India: Report, Firstpost report.
  • [Oct 3] A national security problem without a parallel in American democracy, Defense One report.

Internal Security: J&K

  • [Sep 30] BDC polls across Jammu, Kashmir, Ladakh on Oct 24, The Economic Times report.
  • [Sep 30] India ‘invaded and occupied Kashmir, says Malaysian PM at UN General Assembly, The Hindu report.
  • [Sep 30] J&K police stations to have CCTV camera surveillance, News18 report.
  • [Oct 1] 5 judge Supreme court bench to hear multiple pleas on Article 370, Kashmir lockdown today, India Today report.
  • [Oct 1] India’s stand clear on Kashmir: won’t accept third-party mediation, India Today report.
  • [Oct 1] J&K directs officials to ensure all schools reopen by Thursday, NDTV report.
  • [Oct 2]] ‘Depressed, frightened’: Minors held in Kashmir crackdown, Al Jazeera report.
  • [Oct 3] J&K: When the counting of the dead came to a halt, The Hindu report.
  • [Oct 3] High schools open in Kashmir, students missing, The Economic Times report.
  • [Oct 3] Jaishanakar reiterates India’s claim over Pakistan-occupied Kashmir, The Hindu report.
  • [Oct 3] Normalcy prevails in Jammu and Kashmir, DD News report.
  • [Oct 3] Kashmiri leaders will be released one by one, India Today report.
  • [Oct 4] India slams Turkey, Malaysia remarks on J&K, The Hindu report.
  • [Oct 5] India’s clampdown hits Kashmir’s Silicon Valley, The Economic Times report.
  • [Oct 5] Traffic cop among 14 injured in grenade attack in South Kashmir, NDTV report; The Economic Times report.
  • [Oct 6] Kashmir situation normal, people happy with Article 370 abrogation: Prkash Javadekar, Times of India report.
  • [Oct 7] Kashmir residents say police forcibly taking over their homes for CRPF troops, Huffpost India report.

Internal Security: Northeast/ NRC

  • [Sep 30] Giving total control of Assam Rifles to MHA will adversely impact vigil: Army to Govt, The Economic Times report.
  • [Sep 30] NRC list impact: Assam’s foreigner tribunals to have 1,600 on contract, The Economic Times report.
  • [Sep 30] Assam NRC: Case against Wipro for rule violation, The Hindu report; News18 report; Scroll.in report.
  • [Sep 30] Hindu outfits demand NRC in Karnataka, Deccan Chronicle report; The Hindustan Times report.
  • [Oct 1] Centre extends AFPSA in three districts of Arunachal Pradesh for six months, ANI News report.
  • [Oct 1] Assam’s NRC: law schools launch legal aid clinic for excluded people, The Hindu report; Times of India report; The Wire report.
  • [Oct 1] Amit Shah in Kolkata: NRC to be implemented in West Bengal, infiltrators will be evicted, The Economic Times report.
  • [Oct 1] US Congress panel to focus on Kashmir, Assam, NRC in hearing on human rights in South Asia, News18 report.
  • [Oct 1] NRC must for national security; will be implemented: Amit Shah, The Hindu Business Line report.
  • [Oct 2] Bengali Hindu women not on NRC pin their hope on promise of another list, citizenship bill, The Print report.
  • [Oct 3] Citizenship Amendment Bill has become necessity for those left out of NRC: Assam BJP president Ranjeet Das, The Economic Times report.
  • [Oct 3] BJP govt in Karnataka mulling NRC to identify illegal migrants, The Economic Times report.
  • [Oct 3] Explained: Why Amit Shah wants to amend the Citizenship Act before undertaking countrywide NRC, The Indian Express report.
  • [Oct 4] Duplicating NPR, NRC to sharpen polarization: CPM, Deccan Herald report.
  • [Oct 5] We were told NRC India’s internal issue: Bangladesh, Livemint report.
  • [Oct 6] Prasanna calls NRC ‘unjust law’, The New Indian Express report.

National Security Institutions

  • [Sep 30] CRPF ‘denied’ ration cash: Govt must stop ‘second-class’ treatment. The Quint report.
  • [Oct 1] Army calls out ‘prejudiced’ foreign report on ‘torture’, refutes claim, Republic World report.
  • [Oct 2] India has no extraterritorial ambition, will fulfill regional and global security obligations: Bipin Rawat, The Economic Times report.

More on Huawei, 5G

  • [Sep 30] Norway open to Huawei supplying 5G equipment, Forbes report.
  • [Sep 30] Airtel deploys 100 hops of Huawei’s 5G technology, The Economic Times report.
  • [Oct 1] America’s answer to Huawei, Foreign Policy report; Tech Circle report.
  • [Oct 1] Huawei buys access to UK innovation with Oxford stake, Financial Times report.
  • [Oct 3] India to take bilateral approach on issues faced by other countries with China: Jaishankar, The Hindu report.
  • [Oct 4] Bharti Chairman Sunil Mittal says India should allow Huawei in 5G, The Economic Times report
  • [Oct 6] 5G rollout: Huawei finds support from telecom industry, Financial Express report.

Emerging Tech: AI, Facial Recognition

  • [Sep 30] Bengaluru set to roll out AI-based traffic solution at all signals, Entrackr report.
  • [Sep 1] AI is being used to diagnose disease and design new drugs, Forbes report.
  • [Oct 1] Only 10 jobs created for every 100 jobs taken away by AI, The Economic Times report.
  • [Oct 2]Emerging tech is helping companies grow revenues 2x: report, ET Tech report.
  • [Oct 2] Google using dubious tactics to target people with ‘darker skin’ in facial recognition project: sources, Daily News report.
  • [Oct 2] Three problems posed by deepfakes that technology won’t solve, MIT Technology Review report.
  • [Oct 3] Getting a new mobile number in China will involve a facial recognition test, Quartz report.
  • [Oct 4] Google contractors targeting homeless people, college students to collect their facial recognition data: Report, Medianama report.
  • [Oct 4] More jobs will be created than are lost from the IA revolution: WEF AI Head, Livemint report.
  • [Oct 6] IIT-Guwahati develops AI-based tool for electric vehicle motor, Livemint report.
  • [Oct 7] Even if China misuses AI tech, Satya Nadella thinks blocking China’s AI research is a bad idea, India Times report.

Big Tech

  • [Oct 3] Dial P for privacy: Google has three new features for users, Times of India report.

Opinions and Analyses

  • [Sep 26] Richard Stengel, Time, We’re in the middle of a global disinformation war. Here’s what we need to do to win.
  • [Sep 29] Ilker Koksal, Forbes, The shift toward decentralized finance: Why are financial firms turning to crypto?
  • [Sep 30] Nistula Hebbar, The Hindu, Govt. views grassroots development in Kashmir as biggest hope for peace.
  • [Sep 30] Simone McCarthy, South China Morning Post, Could China’s strict cyber controls gain international acceptance?
  • [Sep 30] Nele Achten, Lawfare blog, New UN Debate on cybersecurity in the context of international security.
  • [Sep 30[ Dexter Fergie, Defense One, How ‘national security’ took over America.
  • [Sep 30] Bonnie Girard, The Diplomat, A firsrhand account of Huawei’s PR drive.
  • [Oct 1] The Economic Times, Rafale: Past tense but furture perfect.
  • [Oct 1] Simon Chandler, Forbes, AI has become a tool for classifying and ranking people.
  • [Oct 2] Ajay Batra, Business World, Rethink India! – MMRCA, ESDM & Data Privacy Policy.
  • [Oct 2] Carisa Nietsche, National Interest, Why Europe won’t combat Huawei’s Trojan tech.
  • [Oct 3] Aruna Sharma, Financial Express, The digital way: growth with welfare.
  • [Oct 3] Alok Prasanna Kumar, Medianama, When it comes to Netflix, the Government of India has no chill.
  • [Oct 3] Fredrik Bussler, Forbes, Why we need crypto for good.
  • [Oct 3] Panos Mourdoukoutas, Forbes, India changed the game in Kashmir – Now what?
  • [Oct 3] Grant Wyeth, The Diplomat, The NRC and India’s unfinished partition.
  • [Oct 3] Zak Doffman, Forbes, Is Huawei’s worst Google nightmare coming true?
  • [Oct 4] Oren Yunger, Tech Crunch, Cybersecurity is a bubble, but it’s not ready to burst.
  • [Oct 4] Minakshi Buragohain, Indian Express, NRS: Supporters and opposers must engage each other with empathy.
  • [Oct 4] Frank Ready, Law.com, 27 countries agreed on ‘acceptable’ cyberspace behavior. Now comes the hard part.
  • [Oct 4] Samir Saran, World economic Forum (blog), 3 reasons why data is not the new oil and why this matters to India.
  • [Oct 4] Andrew Marantz, The New York Times, Free Speech is killing us.
  • [Oct 4] Financial Times editorial, ECJ ruling risks for freedom of speech online.
  • [Oct 4] George Kamis, GCN, Digital transformation requires a modern approach to cybersecurity.
  • [Oct 4] Naomi Xu Elegant and Grady McGregor, Fortune, Hong King’s mask ban pits anonymity against the surveillance state.
  • [Oct 4] Prashanth Parameswaran, The Diplomat, What’s behind the new US-ASEAN cyber dialogue?
  • [Oct 5] Huong Le Thu, The Strategist, Cybersecurity and geopolitics: why Southeast Asia is wary of a Huawei ban.
  • [Oct 5] Hannah Devlin, The Guardian, We are hurtling towards a surveillance state: the rise of facial recognition technology.
  • [Oct 5] PV Navaneethakrishnan, The Hindu Why no takers? (for ME/M.Tech programmes).
  • [Oct 6] Aakar Patel, Times of India blog, Cases against PC, letter-writing celebs show liberties are at risk.
  • [Oct 6] Suhasini Haidar, The Hindu, Explained: How ill purchases from Russia affect India-US ties?
  • [Oct 6] Sumit Chakraberty, Livemint, Evolution of business models in the era of privacy by design.
  • [Oct 6] Spy’s Eye, Outlook, Insider threat management.
  • [Oct 6] Roger Marshall, Deccan Herald, Big oil, Big Data and the shape of water.
  • [Oct 6] Neil Chatterjee, Fortune, The power grid is evolving. Cybersecurity  must too.
  • [Oct 7] Scott W Pink, Modaq.com, EU: What is GDPR and CCPA and how does it impact blockchain?
  • [Oct 7] GN Devy, The Telegraph, Has India slid into an irreversible Talibanization of the mind?
  • [Oct 7] Susan Ariel Aaronson, South China Morning Post, The Trump administration’s approach to AI is not that smart: it’s about cooperation, not domination.

India’s new Defence Cyber Agency—II: Balancing Constitutional Constraints and Covert Ops?

By Gunjan Chawla

In our previous post on India’s cyber defence infrastructure, we discussed the new Defence Cyber Agency (DCA), one of the three tri-service agencies announced at the Combined Commander’s Conference last year. Under the leadership of Rear Admiral Mohit Gupta, appointed as its head in April this year, the DCA is expected to serve a dual purpose—first, to fight virtual wars in the cyber dimension and second, to formulate a doctrine of cyberwarfare. In doing so, it is expected to contribute towards a cybersecurity strategy policy which integrates cyberwarfare with conventional military operations. In June, Lt. Col. Rajesh Pant, the National Cyber Security Coordinator announced that the new cybersecurity strategy policy will be released early in 2020.

The utilisation of cyberspace for military operations holds the potential to infuse a certain ‘jointness’ among the Army, Navy and Air Force. Lt. Gen. (Retd.) DS Hooda pointed out the herculean task that lies ahead of Rear Admiral Gupta– “to find a way to work around vertical stovepipes into which the three services have enclosed themselves”. The tri-services nature of the DCA could potentially compel the three services to share operational information and resources on a regular basis, which would further help to formulate a comprehensive and robust cyber defence infrastructure for the country.

From Coordination to Integration

Since the appointment of Rear Admiral Gupta as the head of the DCA, the Government has made only one announcement that has a significant bearing on its role and functioning. The Prime Minister’s announcement in August about the creation of a new position of a Chief of Defence Staff (CDS) is a welcome step and is expected to catalyse the move from coordination to integration  in the operations of the Army, Navy and Air Force and the operationalization of the three tri-services agencies. The burden of this herculean task entrusted to Admiral Gupta will now presumably, be shared by the CDS.

Unlike the Chairman of the Chiefs of Staff Committee (COSC), which is an additional position occupied by the senior-most officer among the three Chiefs, who serves as primus inter pares, or the first among equals – the CDS will be above the three chiefs, and act as a single-point military advisor to the Government and coordinate long term planning, procurements and logistics of the three service. However, there is long way to go between the announcement of this reform and its actual implementation.

Each of these two announcements – the setting up of the DCA, as well as creation of the CDS post necessitates certain changes in the legislated structure of the three wings of the armed forces for two distinct, but related reasons.

First, because the present legislations that govern the composition and structure of the three wings do not offer sufficient guidance for routine operations conducted jointly by the three wings, nor do they envision an officer superior in rank to the Chiefs of the three services.

The Central Government has the power to make rules under S. 191(2)(l) of the Army Act, 1950 to provide for the relative rank of the officers, junior commissioned officers, petty officers and non-commissioned officers of the regular Army, Navy and Air Force when acting together. S. 189(2)(l) of the Air Force Act, 1950 also confers the same power with respect to the Air Force. However, such a provision to make rules is conspicuous by its absence in the Navy Act, 1957. S. 184(2) of the Navy Act, 1957 confers upon the Central Government, the power to make regulations to provide for the relative rank, precedence, powers of command and authority of officers and sailors in the naval service in relation to members of the regular Army and the Air Force, but this makes no specific reference to the situation when members of three forces are acting together. Instead, S. 7 of the Navy Act provides that

“When members of the regular Army and the Air Force are serving with the Indian Navy or the Indian Naval Reserve Forces under prescribed conditions, then those members of the Army or the Air Force shall exercise such command, if any, and be subjected to such discipline as may be prescribed [under this Act].”

Additionally, the provision states that it cannot be deemed to authorise members of the regular Army or the Air Force to exercise powers of punishment over members of the Indian Navy. This provision is rooted in the colonial history of our naval laws, as it was felt that as the conditions of service at sea differed from that on land and because the erstwhile Navy (Discipline) Act, 1934 differed in many respects to the law relating to the Army and the Air Force, no attempt should be made to assimilate the revised Navy Act in other respects to the law relating to the Army and Air Force. Oddly enough, such unique demands of the sea as a theatre of war that prevented assimilation of the three wings are amplified in the case of cyberspace as a distinct, but connected theatre of war and deserve appropriate recognition in law – in a manner that encourages integration.

The existence of such disparate provisions on the conditions of service of members of the three forces when acting together could foreseeably, prove to be a hurdle in implementing integration for the creation of tri-services agencies. Additionally, the rank, powers and office of a Chief of Defence Staff is not defined or recognized in either of the three Acts. Should such a post be created by the issuing of rules or regulations by the Central Government, they would have to be laid before Parliament, pursuant to S. 185 of the Navy Act, S. 193A of the Army Act and S. 191A of the Air Force Act. In the current state of the law, it is unclear which of these three Acts could be invoked to formulate rules to create such a post in a manner that facilitates such integration.

The second reason is that the advent of cyberwarfare has brought nation-states into what can be described to as the fourth dimension of warfare—military operations that were until recently restricted to the physical domains of land, sea and air have now entered the virtual realm. The growing risk of cyber espionage and breaches of information security of Government agencies, like the ones in 2008 highlight the urgent need for such coordination to ensure prompt, proportionate responses. Thus, we need to prepare a framework not only because the conduct of hostilities now requires unprecedented, seamless integration between the three forces, but also because these hostilities will be conducted in an entirely new dimension, which possesses certain unique characteristics and limitations as a distinct operational theatre for military action.

Accordingly, the question of whether the Government would treat the breach of ‘India’s cyberspace’ by foreign actors, at par with violations of our sovereign territory, airspace or territorial waters must be answered in the affirmative.

At the minimum, this should include, (1) defence communications and operational networks, (2) security of the Government communication networks (3) security of classified and privileged information and (4) critical information infrastructure (CII) should be considered constituent components of our sovereign-protected cyberspace. Since the promulgation and notification of the Information Technology (Critical Information Infrastructure Protection Centre and Manner of Performing Functions and Duties) Rules, 2014, CII falls within the purview of the NCIIPC. Rule 3(4) excludes systems notified by the Ministry of Defence (MoD) as critical information infrastructure. To enable this legally, (1), (2) and (3) ought to be notified by the MoD as such, and explicitly entrusted to the DCA for appropriate action for their protection with appropriate directions.

Constitutional Constraints on Waging War in Cyberspace

Indeed, our cyber forces have been fashioned as an ‘agency’ and not a ‘service’ unto themselves, but contemporary research indicates that with appropriate training and experience, the agency is expected to provide the base for, and grow into a full-fledged Cyber Command.  However, we cannot rely solely on emergency powers under Article 352 of the Constitution as the starting point of our analysis of the legal framework that applies to India’s defensive operations in the cyber realm. Such an analysis leads us to arguments in favour of invoking the fundamental duties of citizens Article 51A for boosting the recruitment of cyber warriors. Such a system can only remain functional, if at all, on an ad-hoc basis. The domain of Parliamentary action cannot reasonably be restricted on the premise that cyberattacks against Government agencies are the ‘new normal’. The State must prepare for the eventuality that ad hoc arrangements set up as necessary reactions to security breaches need to be institutionalized in law. It is not sufficient to assert that the exigencies of cyberwarfare make it inefficient to seek Parliamentary sanction. And so, the military establishment that engages in hostilities with foreign actors in cyberspace, whether fashioned as an agency, service or command, should be read into the phrase ‘any other armed forces’ of Entry 2 of Schedule VII.

When it comes to the defence of India, the Constitution is unambiguous.

Article 53(2) of the Constitution declares that the supreme command of the armed forces of the Union shall be vested in the President and the exercise thereof shall be regulated by law. (emphasis added) Article 53(3)(b) also states that nothing in this Article shall “prevent Parliament from conferring by law functions on authorities other than the President”.

Article 246(1) of the Constitution vests legislative powers in the Parliament. The provision refers to Schedule VII, which identifies specific areas upon which Parliament is entitled to legislate in the national security domain. These areas include the following:

1. Entry 1 refers to “the Defence of India and every part thereof including preparation for defence and all such acts as may be conducive in times of war to its prosecution and after its termination to effective demobilization.”

2. Entry 2 places “naval, military and air forces; and any other armed forces of the Union” within the legislative competence of Parliament. To this effect, The Army Act and Air Force Act were adopted by the Parliament in 1950 and the Navy Act in 1957.

3. Entry 7 refers to “Industries declared by Parliament by law to be necessary for the purpose of defence or for the prosecution of war”. Although the IT sector is treated as a strategic sector by the Government, no such law has been enacted by Parliament.

The language of Article 246 indicates that Parliament is competent to legislate on these issues. However, the use of the word ‘shall’ in the language Article 53 suggests that Parliament is duty-bound to enact such a law. This can also be inferred from the language of Article 73(1) of the Constitution, which states that “The Executive power of the Union shall extend –(a) to matters with respect to which Parliament has the power to make laws”. This makes it clear that the exercise of the Executive power is made conditional on the legislative competence of the Parliament, and not vice versa.

So far, no specific legislation has been forthcoming from Parliament to approve or regulate the exercise of the executive power to engage in cyberwarfare, nor has the Government proposed any. However, the promulgation of a Cybersecurity Act that would cover not only various cyber-related crimes, offences, forensic and policing, but also, have enabling provisions for cyber war and defences against cyber war has been proposed by other think tanks, and even Admiral Gupta himself.

Thus, the power to make preparations for prosecution of war in cyberspace should be backed by Parliamentary sanction. Such an enactment would also help clarify many other questions and streamline the contours of India’s cybersecurity infrastructure and institutions. For example, the domain of authority of the DCA and its relationship with its civilian counterparts including the National Cyber Security Coordinator (NCSC) and the Indian Computer Emergency Response Team (CERT-In) remain unclear. With proper consideration and consultations, the setting up of the DCA could potentially open the doors to enhanced, perhaps even institutionalised civilian-military cooperation that begins in cyber operations and permeates into conventional operations as well.

Two new domains—space and cyber—enabled by high technology, offer unprecedented opportunities for enhanced communication and coordination among wings of the armed forces in all theaters of war, and be used as force multipliers for intelligence analysis, mission planning and control.[i] Given their crucial role in intelligence analysis, foreseeably, the Government could model the agency as one that ‘cyber-supports’ military operations, but  with a greater emphasis on covert operations rather than conventional warfare.  In such a scenario, we may expect that its structure and functioning would be shrouded in secrecy, analogous to the Research and Analysis Wing (R&AW) or the Intelligence Bureau (IB). This means that the DCA would work closely with the Defence Intelligence Agency (DIA). While structures analogous to existing intelligence agencies could potentially allow greater freedom of action for cyber operations, it could also compromise the DCA’s potential to draw upon civilian expertise.

In the interest of widening the pool from which the DCA recruits and trains its cyber-warriors, a proper legislative mandate would go a long way in establishing and strengthening strategic partnerships with the private sector, where most of the country’s tech talent is currently employed.


[i] As an aside, it is pertinent to mention that India’s entry into the fifth dimension i.e. space remains debatable— even after carrying out the first successful test of anti-satellite (ASAT) weapon and being in the process of setting up a Defense Space Agency, our policies still espouse the principle of peaceful uses of outer space.

[September 23-30] CCG’s Week in Review: Curated News in Information Law and Policy

The deadline to link PAN cards with Aadhaar was extended to December 31 this week; the Election Commission ruled that voting rights of those excluded in the NRC process remain unaffected; the Home Minister proposed a digital census with multipurpose ID cards for 2021; and 27 nations including the US, UK and Canada issued joint statement urging for a rules-based order in cyberspace – presenting this week’s most important developments in law, technology and national security.

Aadhaar and Digital IDs

  • [Sep 23] Home Minister announces digital census in 2021, proposed multipurpose ID card, Entrackr report; Business Today report.
  • [Sep 24] NRIs can now apply for Aadhaar on arrival without 182-day wait, The Economic Times report.
  • [Sep 24] Aadhaar will be linked to driving license to avoid forgery: Ravi Shankar Prasad, The Indian Express report.
  • [Sep 24] One nation, one card? Amit Shah floats idea of all-in-one ID; here are all the problems with that idea, Medianama report; Money Control report.
  • [Sep 24] Explained: Is India likely to have a multipurpose national ID card? The Indian Express report.
  • [Sep 24] UIDAI nod to ‘voluntary’ use of Aadhaar for National Population Register rollout, The Economic Times report.
  • [Sep 24] Govt must decide on Aadhaar-social media linkage:SC, Deccan Herald report.
  • [Sep 25] New law needed for Aadhaar-social media linkage: UIDAI, The Economic Times report; Inc42 report.
  • [Sep 26] NPR process to include passport, voter ID, Aadhaar and other details, Business Standard report.
  • [Sep 27] Gang involved in making fake Aadhaar cards busted, The Tribune report.
  • [Sep 27] What will happen if you don’t link your PAN card with Aadhaar by Sep 20, The Quint report.
  • [Sep 27] Explained: The National Population Register, and the controversy around it, The Indian Express report.
  • [Sep 27] Aadhaar to weed out bogus social security beneficiaries in Karnataka, Deccan Herald report.
  • [Sep 29] Bajrang Dal wants Aadhaar mandatory at dandiya to keep ‘non-Hindus’ out, The Hindustan Times report; The Wire report.
  • [Sep 30] Kerala urges Centre to extend deadline to link ration cards with Aadhaar, The News Minute report.
  • [Sep 30] PAN-Aadhaar linking deadline extended to December 31, The Economic Times report.

Digital India 

  • [Sep 25] India’s regulatory approach should focus on the regulation of the ‘core’: IAMAI, Livemint report.
  • [Sep 27] India may have to offer sops to boost electronic manufacturing, ET Tech report; Inc42 report.
  • [Sep 27] Digital India, start-ups are priorities for $5 trillion economy: PM Modi, Medianama report.
  • [Sep 29] Tech giants aim to skill Indian govt officials in AI, cloud, ET CIO report.
  • [Sep 29] India’s share in IT, R&D biz up in 2 years: report, The Economic Times report.

Internet Governance

  • [Sep 24] Supreme Court to MeitY: What’s the status of intermediary guidelines? Tell us by Oct 15, Medianama report.
  • [Sep 26] Will not be ‘excessive’ with social media rules, ay Govt officials, Inc42 report.
  • [Sep 26] Government trying to balance privacy and security in draft IT intermediary norms, The Economic Times report.
  • [Sep 27] Citizens, tech companies served better with some regulation: Facebook India MD Ajit Mohan, ET Tech report; Inc42 report.
  • [Sep 27] Balance benefits of internet, data security: Google CEO Sundar Pichai, ET Tech report; Business Today report.

Free Speech

  • [Sep 25] Jadavpur University calls upon ‘stakeholders’ to ensure free speech on campus, The New Indian Express report.
  • [Sep 28] RSS raises objections to uncensored content of Maoj Bajpayee’s “The Family Man”, The Hindu report; Outlook report.

Privacy and Data Protection

  • [Sep 23] A landmark decision on Tuesday could radically reshape how Google’s search results work, Business Insider report.
  • [Sep 23] Google tightens its voice assistant rules amidst privacy backlash, Wired report.
  • [Sep 24] Dell rolls out new data protection storage appliances and capabilities, ZDNet report.
  • [Sep 24] ‘Right to be forgotten’ privacy rule is limited by Europe’s top court, The New York Times report; Live Law report.
  • [Sep 27] Nigeria launches investigation into Truecaller for potential breach of privacy, Medianama report.
  • [Sep 29] Right to be forgotten will be arduous as India frames data protection law, Business Standard report.
  • [Sep 30] FPIs move against data bill, seek exemption, ET Telecom report; Entrackr report.

Data Localisation

  • [Sep 26] Reconsider imposition of data localisation: IAMAI report, The Economic Times report.
  • [Sep 27] Why data is not oil: Here’s how India’s data localisation norms will hurt the economy, Inc42 report.

Digital Payments and Fintech

  • [Sep 23] RBI rider on credit bureau data access has Fintech in a quandary, ET Tech report.

Cryptocurrencies

  • [Sep 23] Facebook reveals Libra currency basket breakdown, Coin Desk report.
  • [Sep 23] The face of India’s crypto lobby readies for a clash, Ozy report.
  • [Sep 23] Why has Brazil’s Central Bank included crypto assets in trade balance? Coin Telegraph report.
  • [Sep 24] French retailers widening crypto acceptance, Tech Xplore report.
  • [Sep 26] Why crypto hoaxes are so successful, Quartz report.
  • [Sep 26] South Africa: the net frontier for crypto exchanges, Coin Telegraph report
  • [Sep 27] The crypto wars’ strange bedfellows, Forbes report.
  • [Sep 28] Crypto industry is already preparing for Google’s ‘quantum supremacy’, Decrypt report.
  • [Sep 29] How crypto gambling is regulated around the world, Coin Telegraph report.

Tech and Law Enforcement

  • [Sep 29] New WhatsApp and Facebook Encryption ‘Backdoors’ – What’s really going on, Forbes report.
  • [Sep 28] Facebook, WhatsApp will have to share messages with UK Government, Bloomberg report.
  • [Sep 23] Secret FBI subpoenas scoop up personal data from scores of companies, The New York Times report.
  • [Sep 23] ‘Don’t transfer the WhatsApp traceability case’, Internet Freedom Foundation asks Supreme Court, Medianama report.
  • [Sep 24] China offers free subway rides to citizens who register their face with surveillance system, The Independent report.
  • [Sep 24] Facial recognition technology in public housing prompts backlash, The New York Times report.
  • [Sep 24] Facebook-Aadhaar linkage and WhatsApp traceability: Supreme Court says government must frame rules, CNBC TV18 report.
  • [ep 27] Fashion that counters surveillance cameras, Business Times report.
  • [Sep 27] Unnao rape case: Delhi court directs Apple to give Sengar’s location details on day of alleged rape, Medianama report.
  • [Sep 27] Face masks to decoy t-shirts: the rise of anti-surveillance fashion, Times of India report.
  • [Sep 30] Battle for privacy and encryption: WhatsApp and government head for a showdown on access to messages, ET Prime report.
  • [Sep 29] Improving digital evidence sharing, Scottish Government news report; Public technology report.

Internal Security: J&K

  • [Sep 23] Government launches internet facilitation centre in Pulwama for students, Times of India report; Business Standard report.
  • [Sep 23] Army chief rejects ‘clampdown’ in Jammu and Kashmir, Times of India report.
  • [Sep 24] Rising power: Why India has faced muted criticism over its Kashmir policy, Business Standard report.
  • [Sep 24] ‘Restore Article 370, 35A in Jammu and Kashmir, withdraw army, paramilitary forces’: 5-member women’s group will submit demands to Amit Shah, Firstpost report.
  • [Sep 24] No normalcy in Kashmir, says fact finding team, The Hindu report.
  • [Sep 25] End clampdown: Kashmir media, The Telegraph report.
  • [Sep 25] Resolve Kashmir issue through dialogue and not through collision: Erdogan, The Economic Times report.
  • [Sep 25] Rajya Sabha deputy chair thwarts Pakistan’s attempt at Kashmir at Eurasian Conference, The Economic Times report.
  • [Sep 25] Pakistan leader will urge UN intervention in Kashmir, The New York Times report.
  • [Sep 25] NSA Ajit Doval back in Srinagar to review security situation, The Hindustan Times report.
  • [Sep 27] Communication curbs add fresh challenge to Kashmir counter-insurgency operations, News18 report.
  • [Sep 27] Fresh restrictions in parts of Kashmir, The Hindu report.
  • [Sep 27] US wants ‘rapid’ easing of Kashmir restrictions, Times of India report.
  • [Sep 27] Kashmir issue: Rescind action on Art. 370, OIC tells India, The Hindu report.
  • [Sep 28] India objects to China’s reference to J&K and Ladakh at UNGA, The Economic Times report; The Hindu report.
  • [Sep 29] Surveillance, area domination operations intensified in Kashmir, The Economic Times report; Financial Express report.
  • [Sep 29] Police impose restrictions in J&K after Imran Khan’s speech at UNGA, India Today report.

Internal Security: NRC and the North-East

  • [Sep 23] Assam framing cyber security policy to secure data related to NRC, police, services, The Economic Times report; Money Control report.
  • [Sep 24] BJP will tell SC that we reject this NRC, says Himanta Biswa Sarma, Business Standard report.
  • [Sep 24] Amit Shah to speak on NRC, Citizenship Amendment Bill in Kolkata on Oct 1, The Economic Times report.
  • [Sep 26] ‘Expensive’ legal battle for those rejected in Assam NRC final list, The Economic Times report.
  • [Sep 27] Scared of NRC? Come back in 2022, The Telegraph report.
  • [Sep 27] Voters left out of NRC will have right to vote, rules Election Commission, India Today report; The Wire report.
  • [Sep 27] NRC: Assam government announces 200 Foreigners Tribunals in 33 districts, Times Now report; Times of India report.
  • [Sep 28] Judge urges new FT members to examine NRC claims with utmost care, Times of India report.

National Security Legislation

  • [Sep 23] Centre will reintroduce Citizenship Bill in Parliament: Himanta Biswa Sarma, The Hindu report.
  • [Sep 26] National Security Guard: History, Functions and Operations, Jagran Josh report.
  • [Sep 28] Left parties seek revocation of decision on Article 370, The Tribune India report.

Tech and National Security

  • [Sep 25] Army to start using Artificial Intelligence in 2-3 years: South Western Army commander, The Print report; India Today report; The New Indian Express report; Financial Express report.
  • [Sep 23] Modi, Trump set new course on terrorism, border security, The Hindu report.
  • [Sep 23] PM Modi in the US” Trump promises more defence deals with India, military trade to go up, Financial Express report.
  • [Sep 23] Punjab police bust terror module supplied with weapons by drones from Pak, NDTV report.
  • [Sep 26] Lockheed Martin to begin supplying F-16 wings from Hyderabad plant in 2020, Livemint report.
  • [Sep 26] Drones used for cross-border arms infiltration in Punjab a national security issues, says Randhawa, The Hindu report.
  • [Sep 27] UK MoD sets up cyber team for secure innovation, UK Authority report.
  • [Sep 29] New tri-services special ops division, meant for surgical strikes, finishes first exercise today, The Print report.
  • [Sep 30] After Saudi attacks, India developing anti-drone technology to counter drone menace, Eurasian Times report.

Tech and Elections

  • [Sep 20] Microsoft will offer free Windows 7 support for US election officials through 2020, Cyber Scoop report.
  • [Sep 26] Social media platforms to follow ‘code of ethics’ in all future elections: EC, The Economic Times report.
  • [Sep 28] Why is EC not making ‘authentic’ 2019 Lok Sabha results public? The Quint report.

Cybersecurity

  • [Sep 24] Androids and iPhones hacked with just one WhatsApp click – and Tibetans are under attack, Forbes report.
  • [Sep 25] Sharp questions can help board oversee cybersecurity, The Wall Street Journal report.
  • [Sep 25] What we know about CrowdStrike, the cybersecurity firm trump mentioned in Ukraine call, and its billionaire CEO, Forbes report.
  • [Sep 25] 36% smaller firms witnessed data breaches in 2019 globally, ET Rise report.
  • [Sep 28] Defence Construction Canada hit by cyber attack – corporation’s team trying to restore full IT capability, Ottawa Citizen report.
  • [Sep 29] Experts call for collective efforts to counter cyber threats, The New Indian Express report.
  • [Sep 29] Microsoft spots malware that turns PCs into zombie proxies, ET Telecom report
  • [Sep 29] US steps up scrutiny of airplane cybersecurity, The Wall Street Journal report.

Cyberwarfare

  • [Sep 24] 27 countries sign cybersecurity pledge urging rules-based control over cyberspace in Joint Statement, with digs at China and Russia, CNN report; IT world Canada report; Meri Talk report.
  • [Sep 26] Cyber Peace Institute fills a critical need for cyber attack victims, Microsoft blog.
  • [Sep 29] Britain is ‘at war every day’ due to constant cyber attacks, Chief of the Defence Staff says, The Telegraph report.

Telecom and 5G

  • [Sep 27] Telcos’ IT investments intact, auto companies may slow pace: IBM exec, ET Tech report.
  • [Sep 29] Telecom players to lead digital transformation in India, BW Businessworld report.

More on Huawei

  • [Sep 22] Huawei confirms another nasty surprise for Mate 30 buyers, Forbes report.
  • [Sep 23] We’re on the same page with government on security: Huawei, The Economic Times report.
  • [Sep 24] The debate around 5G’s safety is getting in the way of science, Quartz report (paywall).
  • [Sep 24] Govt will take call on Huawei with national interest in mind: Telecom Secy, Business Standard report.
  • [Sep 24] Huawei enables 5G smart travel system at Beijing airport, Tech Radar report.
  • [Sep 25] Huawei 5G backdoor entry unproven, The Economic Times report.
  • [Sep 25] US prepares $1 bn fund to replace Huawei ban kit, Tech Radar report.
  • [Sep 26] Google releases large dataset of deepfakes for researchers, Medianama report.
  • [Sep 26] Huawei willing to license 5G technology to a US firm, The Hindu Business Line report; Business Standard report.
  • [Sep 26] Southeast Asia’s top phone carrier still open to Huawei 5G, Bloomberg report.
  • [Sep 29] Russia rolls out the red carpet for Huawei over 5G, The Economic Times report.

Emerging Tech and AI

  • [Sep 20] Google researchers have reportedly achieved “Quantum Supremacy”, Financial Times report; MIT Technology Review report
  • [Sep 23] Artificial Intelligence revolution in healthcare in India: All we need to know, The Hindustan Times report.
  • [Sep 23] A new joystick for the brain-controlled vehicles of the future, Defense One report.
  • [Sep 24] Computing and AI: Humanistic Perspectives from MIT, MIT News report.
  • [Sep 24] Emerging technologies such as AI, 5G posing threats to privacy, says report, China Daily report.
  • [Sep 25] Alibaba unveils chip developed for artificial intelligence era, Financial Times report.
  • [Sep 26] Pentagon wants AI to interpret ‘strategic activity around the globe, Defense One report.
  • [Sep 27] Only 10 jobs created for every 100 jobs taken away by AI, ET Tech report.
  • [Sep 27] Experts say these emerging technologies should concern us, Business Insider report.
  • [Sep 27] What is on the horizon for export controls on ‘emerging technologies’? Industry comments may hold a clue, Modaq.com report.
  • [Sep 27] India can become world leader in artificial intelligence: Vishal Sikka, Money Control report.
  • [Sep 27] Elon Musk issues a terrifying prediction of ‘AI robot swarms’ and huge threat to mankind, The Daily Express (UK) report
  • [Sep 27] Russia’s national AI Centre is taking shape, Defense One report.
  • [Sep 29] Explained: What is ‘quantum supremacy’, The Hindu report.
  • [Sep 29] Why are scientists so excited about a new quantum computing milestone?, Scroll.in report.
  • [Sep 29] Artificial Intelligence has a gender bias problem – just ask Siri, The Wire report.
  • [Sep 29] How AI is changing the landscape of digital marketing, Inc42 report.

Opinions and Analyses

  • [Sep 21] Wim Zijnenburg, Defense One, Time to Harden International Norms on Armed Drones.
  • [Sep 23] David Sanger and Julian Barnes, The New York Times, The urgent search for a cyber silver bullet against Iran.
  • [Sep 23] Neven Ahmad, PRIO Blog, The EU’s response to the drone age: A united sky.
  • [Sep 23] Bisajit Dhar and KS Chalapati Rao, The Wire, Why an India-US Free Trade Agreement would require New Delhi to reorient key policies.
  • [Sep 23] Filip Cotfas, Money Control, Five reasons why data loss prevention has to be taken seriously.
  • [Sep 23] NF Mendoza, Tech Republic, 10 policy principles needed for artificial intelligence.
  • [Sep 24] Ali Ahmed, News Click, Are Indian armed forces turning partisan? : The changing civil-military relationship needs monitoring.
  • [Sep 24] Editorial, Deccan Herald, A polity drunk on Aadhaar.
  • [Sep 24] Mike Loukides, Quartz, The biggest problem with social media has nothing to do with free speech.
  • [Sep 24] Ananth Padmanabhan, Medianama, Civilian Drones: Privacy challenges and potential resolution. 
  • [Sep 24] Celine Herwijer and Dominic Kailash Nath Waughray, World Economic Forum, How technology can fast-track the global goals.
  • [Sep 24] S. Jaishankar, Financial Times, Changing the status of Jammu and Kashmir will benefit all of India.
  • [Sep 24] Editorial, Livemint, Aadhaar Mark 2.
  • [Sep 24] Vishal Chawla, Analytics India Magazine, AI in Defence: How Indi compares to US, China, Russia and South Korea.
  • [Sep 25] Craig Borysowich, IT Toolbox, Origin of Markets for Artificial Intelligence.
  • [Sep 25] Sudeep Chakravarti, Livemint, After Assam, NRC troubles may visit ‘sister’ Tripura.
  • [Sep 25] DH Kass, MSSP Blog, Cyber Warfare: New Rules of Engagement?
  • [Sep 25] Chris Roberts, Observer, How artificial intelligence could make nuclear war more likely.
  • [Sep 25] Ken Tola, Forbes, What is cybersecurity?
  • [Sep 25] William Dixon and  Jamil Farshchi, World Economic Forum, AI is transforming cybercrime. Here’s how we can fight back.
  • [Sep 25] Patrick Tucker, Defense One, Big Tech bulks up its anti-extremism group. But will it do more than talk?
  • [Sep 26] Udbhav Tiwari, Huffpost India, Despite last year’s Aadhaar judgement, Indians have less privacy than ever.
  • [Sep 26] Sylvia Mishra, Medianama, India and the United States: The time has come to collaborate on commercial drones.
  • [Sep 26] Subimal Bhattacharjee, The Hindu Business Line, Data flows and our national security interests.
  • [Sep 26] Ram Sagar, Analytics India Magazine, Top countries that are betting big on AI-based surveillance.
  • [Sep 26] Patrick Tucker, Defense One, AI will tell future medics who lives and who dies on the battlefield.
  • [Sep 26] Karen Hao, MIT Technology Review, This is how AI bias really happens – and why it’s so hard to fix.
  • [Sep 27] AG Noorani, Frontline, Kashmir dispute: Domestic or world issue?
  • [Sep 27] Sishanta Talukdar, Frontline, Final NRC list: List of exclusion.
  • [Sep 27] Freddie Stuart, Open Democracy, How facial recognition technology is bringing surveillance capitalism to our streets.
  • [Sep 27] Paul de Havilland, Crypto Briefing, Did Bitcoin crash or dip? Crypto’s trajectory moving forward.
  • [Sep 28] John Naughton, The Guardian, Will advances in quantum computing affect internet security?
  • [Sep 28] Suhrith Parthasarathy, The Hindu, The top court and a grave of freedom.
  • [Sep 28] Kazim Rizvi, YourStory, Data Protection Authority: the cornerstone to implement data privacy.
  • [Sep 28] Shekhar Gupta, The Print, Modi has convinced the world that Kashmir is India’s internal affair – but they’re still watching.
  • [Sep 29] Indrani Bagchi, The Economic Times, Why india needs to tread carefully on Kashmir.
  • [Sep 29] Medha Dutta Yadav, The New Indian Express, Data: Brave new frontier.
  • [Sep 29] Jon Markman, Forbes, New cybersecurity companies have their heads in the cloud.
  • [Sep 29] Editorial, The New York Times, On cybersecurity: Two scoops of perspective.
  • [Sep 30] Kuldip Singh, The Quint, New IAF Chief’s appointment: Why RKS Bhadauria must tread lightly.
  • [Sep 30] Karishma Koshal, The Caravan, With the data-protection bill in limbo, these policies contravene the right to privacy.

[September 16-23] CCG’s Week in Review: Curated News in Information Law and Policy

Cybersecurity experts warned of a new ‘SIM jacking’ threat, the Kerala High Court recognizes a right to access internet as the internet shutdown in Kashmir entered its 50th day; more updates on the linkage of Aadhaar with voter IDs and social media as the Indian Army braces itself to adopt AI – presenting this week’s most important developments in law, tech and national security.

Aadhaar

  • [Sep 16] Here are the amendments the Election Commission wants to the Representation of the People Act for Aadhaar-Voter ID linkage, Medianama report.
  • [Sep 18] Why Maj. Gen. Vombatkere has challenged Aadhaar Amendment Act in the Supreme Court; On WhatsApp and traceability, Medianama report.
  • [Sep 19] Drop in Aadhaar enrolments in J&K, The Economic Times report.
  • [Sep 20] In-principle decision to link Aadhaar with GST registration, The Economic Times report.
  • [Sep 23] Aadhaar card is now mandatory for nominees of your EPF account, Livemint report.

Digital India

  • [Sep 18] Indo-US ICT working group to meet on Sept 30, Oct 1, Medianama report.
  • [Sep 17] NITI Aayog frames guidelines for automated inspection of vehicles, ET Auto report.
  • [Sep 17] What TikTok told MEITY about its intermediary status, data collection, and policies for children, Medianama report.
  • [Sep 18] Soon, lands will have Aadhaar-like unique numbers, The Economic Times report; Business Today report.
  • [Sep 18] Drones to be used to digitally map India: report, Medianama report.
  • [Sep 18] PMO panel to release policy to boost handset manufacturing in India: report, Medianama report.
  • [Sep 19] Karnataka to set up exclusive body to boost innovation, The Hindu report.
  • [Sep 20] ‘Right To Access Internet Is Part Of Right To Privacy And Right To Education’: Kerala HC, Live Law report; Hindu report; NDTV report.

Data Protection and Privacy

  • [Sep 15] Privacy debate between govt, Facebook continues; no winner yet, Money Control report.
  • [Sep 16] Singapore, Philippines sign MoU on personal data protection, The Manila Times report.
  • [Sep 16] Industry wants careful drafting of regulations on non-personal data, The Economic Times report.
  • [Sep 16] Here are the top three reasons why data protection is required in every business, Firstpost report.
  • [Sep 20] Sensitive, super-sensitive data must be stored locally in india: RS PRasad, Business Standard report.
  • [Sep 20] Yet another data leak in Indian government database, exoposes multiple citizen IDs, Inc42 report.
  • [Sep 22] Infosys co-founder Kris Gopalakrishnan to lead panel on protection of non-personal data, Financial Express report.

E-Commerce

  • [Sep 16] Odisha government makes e-marketplace mandatory for procurements, The New Indian Express report.
  • [Sep 16] US antitrust officials investigate Amazon’s marketplace practices, Medianama report.
  • [Sep 17] Ministry of COnsumer Affairs extends deadline for comments on draft E-Commerce Guidelines 2019 to October 31, Medianama report.

FinTech and Digital Payments

  • [Sep 16] WhatsApp to roll out its payment services by end of this year: report, Medianama report; The Economic Times report.
  • [Sep 18] RBI proposes norms to regulate payment gateways and payment aggregators, Entrackr report.
  • [Sep 19] Regulatory shock for fintech firms: RBI blocks unregulated access to consumer credit history, Entrackr report.
  • [Sep 19] DSCI, MeitY and Google India join hands for ‘Digital Payment Abhiyan’, The Economic Times report.

Cryptocurrencies

  • [Sep 16] The toss of a Bitcoin: How crypto ban will hurt 5 mn Indians, 20k Blockchain developers, The Economic Times report.
  • [Sep 16] US Sanctions three alleged crypto hacking groups from North Korea, Coin Desk report.
  • [Sep 16] Crypto firms assess how to comply with anti-money laundering standards, The Wall Street Journal report.
  • [Sep 19] Bitcoin and crypto wallets are now being targeted by malware, Forbes report.
  • [Sep 21] Weekends are for Altcoins when it comes to crypto market gains, ET Markets report.
  • [Sep 21] Chinese officials surprisingly chill on crypto, Decrypt report.

Cybersecurity

  • [Sep 13] Ransomware has a new target, Defense One report.
  • [Sep 16] Deep learning and machine learning to transform cybersecurity, Tech Wire Asia report.
  • [Sep 16] America needs a whole-of-society approach to cybersecurity. ‘Grand Challenges’ can help, Defense One report.
  • [Sep 17] Financial asset firm PCI ordered to pay $1.5 million for poor cybersecurity practices, ZD Net report.
  • [Sep 20] Current Act outdated, need to include cyber security in IT legal framework: DCA chief, The Indian Express report.
  • [Sep 20] 10% of IT budget should be used for cybersecurity: Rear Admiral Mohit Gupta, ET Times report.
  • [Sep 20] Once hacked, twice shy: How auto supplier Harman learned to fight cyber car jackers, ET Auto report.
  • [Sep 21] Cybersecurity a big opportunity for telcos, says IBM executive, The Economic Times report.
  • [Sep 23] Cybersecurity experts raise alarm over new SIM jacking threat, The New Indian Express report.
  • [Sep 23] Cybersecurity: Tackling the menace of phishing, Financial Express report.

Tech and Law Enforcement; Surveillance

  • [Sep 15] Facebook moots ‘prospective’ solution to WhatsApp issue; India stands firm on traceability, Business Today report; Livemint report.
  • [Sep 18] Chinese firms are driving the rise of AI surveillance across Africa, Quartz report.
  • [Sep 18] Documents reveal how Russia taps phone companies for surveillance, Tech Crunch report.
  • [Sep 20] WhatsApp traceability case petitioner asks court to remove Aadhaar from the plea, consider only ‘authorised govt proofs’, Medianama report; Inc42 report; Bar & Bench report.
  • [Sep 20] Chennai-based KPost says traceability is possible, wants to be impleaded in WhatsApp case, Medianama report.

Tech and National Security

  • [Sep 13] Pentagon’s former top hacker wants to inject some Silicon Valley into the defense industry, Defense One report.
  • [Sep 16] Here’s how startups are helping the Defence Ministry up its game, Money Control report.
  • [Sep 16] After 6 years in exile, Edward Snowden explains himself, Wired report.
  • [Sep 17] US tells Saudi Arabia oil attacks were launched from Iran, The Wall Street Journal report.
  • [Sep 17] Why Rafale jets may be inducted into IAF by next summer only, Livemint report.
  • [Sep 17] US Air Force to shift billions of dollars to network its weapons, Defense One report.
  • [Sep 18] India to achieve US$26 billion defence industry by 2025: Defence Minister, Business Standard report.
  • [Sep 18] Mitigating security risks from emerging technologies, Army Technology analysis.
  • [Sep 18] Revised draft defence procurement norms to be ready by November end, The Hindu report.
  • [Sep 20] The NSA is running a satellite hacking experiment, Defense One report.
  • [Sep 20] Army to host seminar on artificial intelligence next week; seeks to enhance lethality, The Economic Times report; India Today report; The New Indian Express report.
  • [Sep 20] Defence Procurement: Not a level playing field for private sector, PSUs still rule, Bharat Shakti report.
  • [Sep 20] Indian Air Force ‘accepts’ Rafale, formal hand over on Dussehra, Livemint report.
  • [Sep 22] Amid US-India blooming ties, Washington prepares to take down Indian air defence systems, EurAsian Times report.
  • [Sep 23] Government likely to order 36 more Rafale fighter jets, The Economic Times report.

Tech and Elections

  • [Sep 20] Social media companies raise concerns over Election Commission’s voluntary code of ethics, Medianama report.

Internal Security: J&K

  • [Sep 16] Supreme Court says normalcy to return to Kashmir but with national security in mind, India Today report.
  • [Sep 16] Farooq Abdullah booked under Public Safety Act, committee to decide duration of arrest: report, Financial Express report.
  • [Sep 17] Amnesty’s report on the (mis)use of Public Safety Act in J&K counters the govt’s narrative, Youth ki Awaaz report.
  • [Sep 18] China says Kashmir issue may not be a ‘major topic’ during Modi-Xi meet, Livemint report.
  • [Sep 19] In Pakistan-held Kashmir, growing calls for independence, The New York Times report.
  • [Sep 20] Kashmir residents say they are being charged by telcos despite no service, The Hindu report.
  • [Sep 20] UN Chief could discuss Kashmir issues at UNGA: UN spokesman, The Economic Times report.
  • [Sep 20] How military drones are becoming deadly weapons across the globe, The Economic Times report.
  • [Sep 22] Modi’s Digital India comes crashing down in Kashmir’s longest ever internet gag, The Wire report; The Hindu report.
  • [Sep 23] No clampdown in Kashmir, only communication line of terrorists stopped: Army Chief Bipin Rawat, India Today report.

Internal Security: NRC

  • [Sep 16] Those declared foreigners cannot file NRC appeal, say Assam govt, Hindustan Times report.
  • [Sep 18] NRC in Haryana, The Tribune report.
  • [Sep 18] NRC is an internal exercise, sovereign right of a country: EAM Jaishankar, Outlook report.
  • [Sep 18] Government will implement NRC across the country: Amit Shah, The Economic Times report.; Times of India report.
  • [Sep 21] NRC Officials issue public advisory against collection of identification documents, Guwahati Plus report.
  • [Sep 22] NRC-exluded Gurkhas not to approach foreigners’ Tribunals, seek empowered panel, The Hindu report; Times of India report.
  • [Sep 14] Final Assam NRC list, with 1.9 million exclusions, published online, Hindustan Times report.

National Security Law

  • [Sep 17] Pulwama to Aug 5: Delhi HC indicted govt for PSA arrests – in 80 pc cases, Financial Express report.
  • [Sep 16] What is the Public Safety Act under which Farooq Abdullah has been detained? News Nation report.
  • [Sep 16] 52 years on, still no sign of national defence university, The Times of India report.
  • [Sep 16] NSA Doval gets national security, foreign policy as PMO defines roles of top officials, The Asian Age report.

Big Tech

  • [Sep 15] Facebook VP Nick Clegg says India’s policies will decide the fate of the internet, Financial Express report.
  • [Sep 17] Facebook Establishes Structure and Governance for an Independent Oversight Board, Facebook Newsroom announcement; Medianama report.
  • [Sep 19] Facebook expands definition of terrorist organization to limit extremism, The New York Times report.
  • [Sep 22] Facebook is experimenting ith AI that lets you digitally get dressed, The Source report.
  • [Sep 23] Google braces for landmark global privacy ruling, Bloomberg report.

Telecom/5G

  • [Sep 16] 5G spectrum auction this year or in early 2020: Telecom Minister RS Prasad, Medianama report.
  • [Sep 20] TRAI opens consultation process for mergers and transfers in telecom sector, Medianama report.
  • [Sep 23] Indian masses have to wait 5-6 years to get true 5G experience, ET Telecom report.

More on Huawei

  • [Sep 17] Facing US ban, Huawei emerging as stronger tech competitor, The Hindu Business Line report, The Diplomat report.
  • [Sep 18] Huawei’s big test will be trying to sell a device with no Google apps outside China, Quartz report.
  • [Sep 18] Huawei users at risk as US blacklist cuts access to shared data on new cyber threats, Forbes report.
  • [Sep 20] Huawei makes sizeable 5G progress, bags 60 contracts: Ken Hu, The Economic Times report.
  • [Sep 21] Huawei unveils 5G training center in UK, ET Telecom report.

AI and Emerging Tech

  • [Sep 14] Artificial intelligence only goes so far in today’s economy, says MIT study, Forbes report.
  • [Sep 16] The US Govt will spend $1 bn on AI next year – not counting the Pentagon, Defense One report.
  • [Sep 18] Facial recognition systems to debut at Pune airport by 2020: report, Medianama report.
  • [Sep 18] AI stats news: AI is actively watching you in 75 countries, Forbes report.
  • [Sep 18] The Intel community ants to identify people from hundreds of yards away, Defense One report.
  • [Sep 19] Google setting up AI lab ‘Google Research India’ in Bengaluru, Entrackr report.
  • [Sep 20] India is planning a huge China-style facial recognition program, The Economic Times report.

Opinions and Analyses

  • [Sep 15] Nitin Pai, Livemint, The geopolitical profile of India tracks the economy’s trajectory.
  • [Sep 16] Paul Ravindranath, Tech Circle, Inclusion in technology is a compelling economic and business case.
  • [Sep 16] Markandey Katju, The Hindu, The litmus test for free speech.
  • [Sep 16] Vishal Chawla, Analytics India Magazine, What India can take away from Google’s settlement on employees’ freedom of expression.
  • [Sep 16] Editorial, Times of India, All talk: Fate of national defence university shows apathy towards defence modernisation.
  • [Sep 16] Jeff Hussey, Forbes, The gap between strong cybersecurity and demands for connectivity is getting massive.
  • [Sep 16] Kai Sedgwick, Bitcoin.com, How crypto became a gamblers paradise.
  • [Sep 17] Ajai Shukla, Business Standard, In picking strategic partners, the defence ministry isn’t spoilt for choice.
  • [Sep 17] Anthony Pfaff, Defense One, The Saudi-Oil attacks aren’t game changing. The Show how the Game has changed.
  • [Sep 17] Kayla Matthews, Security Boulevard, Who’s financially responsible for cybersecurity breaches?
  • [Sep 17] Anirudh Gotety, ET Markets, Check crypto trade, ban won’t help.
  • [Sep 17] PS Ahluwalia, Livemint, Rafale will add heft to IAF’s deterrence capabilities.
  • [Sep 17] Lorand Laksai, Privacy International, How China is supplying surveillance technology and training around the world.
  • [Sep 18] Tabish Khair, The Hindu, In Kashmir, shaking the apple tree.
  • [Sep 18] Catrin Nye, BBC News, Live facial recognition surveillance ‘must stop’ .
  • [Sep 18] Privacy International, the EU funds surveillance around the world: here’s what must be done about it.
  • [Sep 18] Joshua P Meltzer and Cameron F. Kerry, Brookings Institution, Cybersecurity and digital trade: Getting it right.
  • [Sep 19] Lt Gen HS Panag, The Print, Amit Shah’s political aim to recover PoK is not backed by India’s military capacity.
  • [Sep 20] Rifat Fareed, Al Jazeera, Farooq Abdullah’s arrest leaves India with few allies in Kashmir.
  • [Sep 22] Air Marshal (retd) M Matheswaran, Deccan Herald, Time for structural reforms, modernisation.

[September 9-16] CCG’s Week in Review: Curated News in Information Law and Policy

This week Telecom Minister RS Prasad announced 5G spectrum allocation this year, or by early 2020; The Supreme Court will hear matters relating to Article 370, including communication shutdowns and detentions on Monday; Indian trader bodies seek bans on Amazon and Flipkart festive sales; and MEITY constitutes a non-personal data committee to be headed by S. Gopalakrishnan.

Aadhaar

  • [Sep 13] Linking of social media with Aadhaar: Supreme Court asks govt to share plans, Livemint report.
  • [Sep 14] IT ministry doesn’t favour linking Aadhaar & social media accounts, The Times of India report.
  • [14 Sep] PAN-Aadhaar cards linkage deadline this month. How to link or check status, Livemint report.
  • [Sep 15] Aadhaar verification to be mandatory for new dealers from January 2020: GST Network, Business Today report.

Digital India and MEITY

  • [Sep 10] MeitY pings UIDAI on Aadhaar-social media linking, The Economic Times report.
  • [Sep 11] MeitY Demands Update Over Objectionable Content From Facebook, Twitter, Inc42 report.
  • [Sep 16] When Yogi Adityanath stepped in to stop Samsung from leaving UP, The Hindustan Times report.
  • [Sep 16] Indian govt forms committee to recommend governance norms for non-personal data, Infosys’ Gopalakrishnan to head it, Medianama report; Business Standard report; Indian Express report; ET Tech report.

Data Protection and Governance

  • [Sep 12] 4 New Data Protection Trends in India Jeopardize Innovation, The Diplomat report.
  • [Sep 12] Government’s proposed data protection bill to be significant in building data privacy norms in India: Omidyar Network India, CNBCTV18 report.
  • [Sep 12] School ‘bans’ surnames because of ‘data protection’, Metro UK report.
  • [Sep 13] Hefty Fines Considered for Noncompliance with Russia’s Data Protection, Internet Laws, Lexology.com report.

Online Content Regulation

  • [Sep 10] Govt & Social Media Regulation: A year of ups & downs, yet no clarity, ET Tech report.
  • [Sep 10] India: Minimum Modicum Of Obscenity & Need Of Online Content Regulation In India, Mondaq.com report.
  • [Sep 11] Host Violent Content? In Australia, You Could Go to Jail, The Ney York Times report.
  • [Sep 12] Internet regulator instructs platforms to create ‘healthy’ online environment, Technode report.
  • [Sep 15] Universities In Iran Implementing Tough New Regulation To Deter Students From Activism, Radio Farda report.
  • [Sep 16] Major streaming platforms commit to produce responsible content, The Manilla Times report.

E-Commerce

  • [Sep 10] Jack Ma steps down as Alibaba chairman, CEO Daniel Zhang to succeed him, Medianama report.
  • [Sep 14] CAIT urges government to ban festival sales by e-commerce players, The Times of India report.
  • [Sep 16] Indian Trader Body Seeks Ban on Amazon, Flipkart’s Festive Season Sales: Report, First Post report.
  • [Sep 16] US antitrust officials investigate Amazon’s marketplace practices, Medianama report.

Cryptocurrency and FinTech

  • [Sep 13] Lord Mayor of London leads fintech mission to India, The Economic Times report.
  • [Sep 13] RBI should give FinTech firms access to transaction and account history data: Finance Ministry’s FinTech report, Medianama report.
  • [Sep 14] Trump Executive Order Banning A Cryptocurrency Could Mutate Into Far-Reaching Law, Forbes report.
  • [Sep 15] Wall Street banks are upping bets on their potential fintech competitors, CNBC report.
  • [Sep 15] Regulators to question Facebook over new Libra cryptocurrency, The Guardian report.
  • [Sep 16] Report: Philippine Police Raid Alleged Cryptocurrency Scam, Arrest 277, Cointelegraph report.

Cybersecurity

  • [Sep 10] Smart Cities Will Require Smarter Cybersecurity, The Wall Street Journal report.
  • [Sep 12] Delhi Airport Facial Recognition Trial Calls for Establishment of Cybersecurity Laws, News18 report.
  • [Sep 16] NZ provides $10 million to help Pacific countries lift cybersecurity capability, CIO New Zealand report; ZDnet report.
  • [Sep 16] Chicago Brokerage to Pay $1.5 million Fine for Lack of Cybersecurity, Securitymagazine.com report.
  • [Sep 16] Cybercriminals Are Targeting Pharma Companies, And India Sees The Sixth Highest Attacks, News18 report.

Tech and National Security

  • [Sep 13] California lawmakers ban facial-recognition software from police body cams, CNN Business report.
  •  [Sep 16] U.S. Targets North Korean Hacking as Rising National-Security Threat, Wall Street Journal report.

Tech and Elections

  • [Sep 15] Snapchat launches political ads library as 2020 election ramps up, CNN Business report.

Internal Security: J&K

  • [Sep 15] SC to hear pleas against Centre’s move to abrogate Article 370, restrictions in J&K on Monday, Zee News report.
  • [Sep 15] ‘If Political Party Can Avail it, Why Not Locals?’ Internet Access to BJP From Media Centre Irks Kashmiris, News18 report.
  • [Sep 16] Farooq Abdullah detained under Public Safety Act for 12 days, The Hindu report.
  • [Sep 16] Kashmir LIVE: Not a Single Bullet Fired Since Scrapping of J&K’s Special Status, Centre Tells SC, News 18 report.
  • [Sep 16] SC asks Centre, J&K to restore normalcy in state keeping in mind national interest, The Times of India report.

Internal Security

  •  [Sep 13] National security: Fortifying Defence, India Today report.
  • [Sep 15] Will implement NRC in Haryana, says CM Khattar, The Times of India report.
  • [Sep 16] Will Implement Citizens’ List “When UP Needs It”: Yogi Adityanath, NDTV report.

Telecom/5G

  • [Sep 10] Telcos face another hit, may have to pay Rs 41,000 crore more as spectrum charges, The Economic Times report.
  • [Sep 16] Telecom department aims to connect uncovered villages by 2022, ET Telecom report.
  • [Sep 16] 5G spectrum auction this year or in early 2020: Telecom Minister RS Prasad, Medianama report.
  • [Sep 16] WhatsApp offers India traceability alternatives, ET Telecom report.

More on Huawei

  • [Sep 9] New Huawei ‘Workaround’ May Put Google Apps Back On Mate 30, Evading Blacklist, Forbes report.
  • [Sep 14] Huawei Offers To License 5G Technology To U.S. To Flush Out Trump, Forbes report.
  • [Sep 15] Trade war between US and China follows Huawei to Africa, South China Morning Post report.
  • [Sep 16] US semiconductor companies urge Trump to hurry Huawei licenses, South China Morning Post report.

Emerging Tech

  • [Sep 10] 21 per cent Indian IT managers consider Internet of Things threats top security risk, The New Indian Express report.
  • [Sep 12] Artificial intelligence: Expert committee to explore the development of a legal framework, The Council of Europe press release.
  • [Sep 15] Ericsson acquires Niche AI workforce for India centre, The Hindu Business Line report.

Opinions and Analyses

  • [Sep 12] Editorial, The New York Times, What Won’t Netanyahu Say to Get Re-elected?
  • [Sep 13] Editorial, The Hindu, John Bolton goes: On the sacking of U.S. National Security Advisor.
  • [Sep 15] Karen Roby, Tech Republic, How holding off on 5G can save money and help the environment.
  • [Sep 15] Editorial, Wall Street Journal, Why London Spurned Hong Kong.
  • [Sep 15] Michael Bloomberg, The New York Post, Rage has free speech under siege on the American campus.
  • [Sep 15] Editorial, The Hindustan Times, The language question.
  • [Sep 16] Editorial, The Hindu, Effort worth emulation: On Rajasthan’s public information portal.
  • [Sep 16] Markandey Katju, The Hindu, The litmus test for free speech.