The Architecture of Cybersecurity Institutions in India

This is an edited excerpt of Part IV and Annexure ‘B’ of CCG’s Comments to the National Security Council Secretariat on the National Cyber Security Strategy 2020 (NCSS 2020). The full text of the Comments can be accessed here.

This consolidated organogram is a depiction of cyber security institutions in India as an inter-ministerial and inter-departmental ecosystem. Different ministries and departments are in charge of different aspects of national security in general and cyber security in particular.

The National Security Advisor (NSA) holds a rank equivalent to a Cabinet Minister in charge of the National Security Council Secretariat (NSCS) and is the apex officer relating to national security. The NSA is also in charge of the National Technical Research Organization (NTRO) which is a technical intelligence agency under the Prime Minister’s Office (PMO). The National Critical Information Infrastructure Protection Centre (NCIIPC) was established under Section 70A of the Information Technology Act, 2000 and functions as a unit of the NTRO. 

The National Cyber Security Coordinator (NCSC) is the nodal officer for issues related to cybersecurity, functioning under the PMO along side the NSCS to coordinate with different agencies like CERT-In at the national level.

Our research reveals that the Ministry of Communications, Ministry of Electronics and Information Technology (MeitY), Ministry of Home Affairs (MHA), Ministry of Defence (MoD) and the Ministry of External Affairs (MEA) are most relevant to the establishment, operation and maintenance of technical and administrative ecosystem that enables cybersecurity. The departmental structure of each of these Ministries is outlined below.


Ministry of Communications

The Ministry of Communications consists of two Departments – (i) Department of Telecommunications (DoT) and the (ii) Department of Posts.

The DoT deals with  (a) issues of policy, licensing and coordination matters relating to telegraphs, telephones, wireless, data, facsimile and telematic services and other like forms of communications, (b) standardization, research and development in telecommunications, (c) procurement of stores and equipment required by the Department of Telecommunications and (d) administration of laws including the Indian Telegraph Act, 1885 (13 of 1885), the Indian Wireless Telegraphy Act, 1933 (17 of 1933), the Telecom Regulatory Authority of India Act, 1997 (24 of 1997), among others. Within its ambit is also the Digital Communications Commission, which is responsible for implementing the Government’s telecom policy in all matters relating to telecommunication.

Ministry of Electronics and Information Technology

The Ministry for Electronics and Information Technology (MeitY) deals with all policy matters relating to information technology, electronics and the internet (barring issues relating to licensing of Internet Service Providers, which fall within the mandate of the DoT). Its major functions include (a) the administration of matters relating to cyber laws including the Information and Technology Act, 2000, (b) Promotion of standardization, testing and quality in IT and standardization of procedure for IT application and Tasks and (c) digital initiatives including Digital India, among others.

Significantly, the Indian Computer Emergency Response Team (CERT-In) as well as the Unique Identification Authority of India (UIDAI) are both within its ambit. The Cyber Swacchta Kendra (Botnet Cleaning and Malware Analysis Center) functions under CERT-In.

Ministry of Home Affairs

The Ministry of Home Affairs (MHA) discharges multifarious responsibilities, the important among them being – internal security, border management, Centre-State relations, administration of Union Territories, management of Central Armed Police Forces, disaster management, etc. The MHA continuously monitors the internal security situation, issues appropriate advisories, shares intelligence inputs, extends manpower and financial support, guidance and expertise to the State Governments for maintenance of security, peace and harmony.

Among others, the MHA’s Cyber and Information Security Division (consisting of the Cyber Crime Wing, Cyber Security Wing and Monitoring Unit) as well as some wings of the Department of Internal Security including the Modernization Division of the Police and the Counter Terrorism and Counter Radicalization Division have particular relevance to cyber security.

The Indian Cyber Crime Coordination Centre (I4C) was established as a scheme in 2018 to combat cyber crime in a coordinated and effective manner.

Ministry of Defence

The MoD is comprised of four Departments – Department of Defence (DOD), Department of Defence Production (DDP), Defence Research & Development Organisation (DRDO) and Department of Ex-Servicemen Welfare and also Finance Division.

A new Department of Military Affairs has been created recently, and is headed by the Chief of Defence Staff, General Bipin Rawat. Departments that have particular relevance to cybersecurity, including the newly established Defence Cyber Agency are highlighted.

Ministry of External Affairs

The Ministry of External Affairs (MEA) is responsible for all matters relating to India’s external affairs including consular functions. Departments / activities that have relevance to cybersecurity are highlighted in purple, including international security, counter terrorism and others. The New Emerging and Strategic Technologies (NEST) Division was recently set up as the nodal point for all matters connected to new and emerging technologies including exchange of views with foreign governments and coordination with domestic ministries and departments.  News reports indicate that a major restructuring of the MEA is in the offing.

India's Cybersecurity Budget FY 2013-14 to FY 2019-20: Analysis of Budgetary Allocations for Cybersecurity and Related Activities

This is an edited excerpt of Part V and Annexure ‘C’ of CCG’s Comments to the National Security Council Secretariat on the National Cyber Security Strategy 2020 (NCSS 2020). The full text of the Comments can be accessed here.

Note on Research Methodology

CCG compiled the data on allocations (budgeted and revised) and actual expenditure from the Demands for Grants of Ministries as approved by Parliament and presented in the Annual Expenditure Budget of various ministries and their respective departments which are related to cybersecurity from FY 2013-17 to FY 2019-20. 

The departments have been identified from publicly available information represented in the organograms presented as Annexure ‘B’. We understand a ‘relevant department’ to mean those departments which are either directly related to cybersecurity and/or support the functioning of the technical and security aspects of internet governance at large.

We have then identified those budget heads under the Union Budgets for FY 2013-14 through FY 2019-2020, which correspond most closely to the departments identified and highlighted in Annexure ‘B’ to calculate the total allocation to ministries for cybersecurity-related activities. We then analyse this data in under four broad categories:

(I) Department Wise Allocation: The departments that are directly related to the expenditure for cybersecurity are calculated under this heading. Various expenditures under Ministry of Electronics and Information Technology (MEITY), Department of Telecommunication (DOT), and Ministry of Home Affairs are tabulated for this. 

Under MeitY, we have included the budget heads for

  1. Computer Emergency Response Team (CERT-IN),
  2. Centre for Development of Advanced Computing (C-DAC),
  3. Centre for Materials for Electronics and IT (C-MET),
  4. Society for Applied Microwave Electronics Engineering and Research (SAMEER),
  5. Standardization Testing and Quality Certification (STQC),
  6. Controller of Certifying Authorities (CCA), and
  7. Foreign Trade and Export Promotion and
  8. Certain components of the Digital India Initiative, namely:
  • Manpower Development,
  • National Knowledge Network,
  • Promotion of electronics and IT HW manufacturing,
  • Cybersecurity projects (which includes National Cyber Coordination centre and others),
  • Research and Development in Electronics/IT,
  • Promotion of IT/ITeS industries,
  • Promotion of Digital Payment, and
  • Pradhan Mantri Digital Saksharta Abhiyan (PMGDISHA).

Under Ministry of Communication, our focus was only on the Department of Telecommunication. We considered the budget allocated to the following, to come up with the total Department budget. These heads are:

  1. Telecom Regulatory Authority of India (TRAI),
  2. Human Resource Management under National Institute of Communication Finance,
  3. Wireless Planning and Coordination,
  4. Telecom Engineering Centre,
  5. Technology Development and Investment Promotion,
  6. South Asia Sub-Regional Economic Cooperation (SASEC) under Information Highway Project,
  7. Telecom Testing and Security Certification Centre,
  8. Telecom Computer Emergency Response Team,
  9. Central Equipments Identity Register (CEIR),
  10. 5G Connectivity Test Bed,
  11. Promotion of Innovation and Incubation of Future Technologies for Telecom Sector,
  12. Centre for Development of Telematics (C-DoT), and
  13. Labour, Employment and Skill Development.

Under Ministry of Home Affairs, the funds allocated for the following budget heads have been included:

  1. Education, Training and Research purposes,
  2. Criminology and Forensic Science,
  3. Modernisation of Police Forces and Crime and Criminal Tracking Network and Systems (CCTNS),
  4. Indian Cyber Crime Coordination Centre, and
  5. Technical and Economic Cooperation with Other Countries.

All these budget heads were tabulated to come up with the total for department wise allocation. Along with departments mentioned under ‘Supporting Departments’, all these departments were again classified on the basis of their functions and activities,  and analysed under (III).

(II) Supporting Department Wise Allocation: While certain expenditures of the Ministry of Defence, Ministry of External Affairs, Department of Telecommunication, and Ministry of Home Affairs can potentially be used for cybersecurity-related activities, but it it is not possible to infer from the Demands for Grants, the share of cyber in the total allocation, we have treated them as ‘allocations to supporting departments’. In this data, the total funds indicated may not be directly related to cybersecurity efforts, but they contribute towards the larger security and governance framework, which enables the creation of a secure ecosystem for cyber. These headings are tabulated under this section.

Under Ministry of Defence, the following heads were considered to contribute towards the larger security and governance framework in cyberspace:

  1. Navy/Joint Staff,
  2. Ordnance Factories R&D,
  3. Research and Development, including the Research and Development component of R&D head,
  4. Capital Outlay on R&D, and
  5. Technology Development and Assistance for Prototype Development under Make Procedure

Under Ministry of External Affairs, we considered the following heads as important contributors:

  1. The Special Diplomatic Expenditure,
  2. Expenditure for International Cooperation,
  3. Expenditure for Technical and Economic Cooperation with other Countries, and
  4. Other Expenditure of Ministry

Under Department of Telecommunication again, there were several heads that we considered not to be directly related to cybersecurity, but they did significantly contribute towards it. These include allocations for

  1. Defence Spectrum,
  2. Capital Outlay on Telecommunication and Electronic Industries,
  3. Capital Outlay on Other Communication Services, and
  4. Universal Service Obligation Fund (USOF)

Under Ministry of Home Affairs, the departments that are involved with defence and intelligence along with law enforcement are important to be considered for cybersecurity. Thus we included the allocations for

  1. Intelligence Bureau,
  2. NATGRID,
  3. Delhi Police, and
  4. Capital Outlay on Police.

(III) Activity Wise Allocation: For further analysis, we have categorized the expenditures mentioned in Department Wise Allocation into five categories, each of which have been identified as constituent elements of the three Pillars of Strategy namely:

  1. Human Resource Development Component (Strengthen)
  2. Technical Research & Development Component, Capacity Building (Strengthen/Synergize)
  3. International Cooperation and Investment Promotion Component (Secure/Synergise)
  4. Standardisation, Quality Testing and Certification Component (Strengthen)
  5. Active Cyber Incident Response/ Defence Operations and Security Component (Secure/Strengthen)      

The total for these are calculated to identify if any trends or patterns emerge in expenditure by the ministries. Apart from the ministries covered in classifications (I) and (II), we have also included budgets of two other heads/departments. Namely, these are (i) the allocation towards corporate data management under the authority of the Ministry of Corporate Affairs, which has been included in category (5) indicated above and (ii) the allocation towards technical and economic cooperation with other countries for the Department of Economic Affairs under the Ministry of Finance, which has been included in category (3) indicated above.

(IV) Ministries share over Financial Year: The total value tabulated in Department wise allocation and supporting department wise allocation for the ministries is then used to calculate the share of budget allocated to Cyber Security and related activities with respect to the total budget allocation of ministries. The ministries taken into account, which contribute significantly to Cyber Security and related activities are:

  1. Department of Telecommunication (under the Ministry of Communications),
  2. Ministry of Defence,
  3. Ministry of External Affairs,
  4. Ministry of Electronics and Information Technology,
  5. Ministry of Home Affairs, and
  6. Department of Science and Technology (under the Ministry of Science and Technology).

Ministry-wise Allocations and Expenditure on Cybersecurity and Related Activities FY 2013-14 to FY 2019-20

Figure 9 depicts actual expenditure (from FY 2013-14 to FY 2017-18), the Revised Expenditure (RE) for FY 2018-19 and Budgeted Expenditure for FY 2019-20. With the exception of FY 2016-17, we can see a clear trend of increasing allocations for expenditure towards cyber-security related activities, especially for the DoT. It is relevant to point out that this representation also includes the expenditure on Departments playing a supporting role in cybersecurity activities, such as the IDS/Joint Staff and R&D under the Ministry of Defence (MoD) as well as the MEA’s expenditure on international technical cooperation. As the expenditure incurred on cybersecurity related activities alone cannot be inferred from these budget heads, they have been treated as Departments playing a supporting role for cybersecurity efforts and included in overall expenditure.

Figure 9: Ministry-wise Total Expenditure on Cybersecurity and Related Activities
FY 2013-14 to FY 2019-20

Figure 10 is a narrower subset of the expenses indicated in Figure 9. It represents the allocations to Departments in Ministries that have been entrusted with core activities that contribute towards cybersecurity operations, R&D, e-Governance and internet governance at large. These include, to name a few, the promotion of electronics and IT hardware manufacturing and other initiatives such as Digital India, C-DAC, NCCC and other similar programmes under MeitY, TRAI, C-DoT and the 5G test bed under the authority of the DoT and MHA’s expenses towards modernization of police forces, forensics, and initiatives such as the Indian Cyber Crime Coordination Centre.

Figure 10 reveals an immediate upsurge in such allocations in the time period during and immediately after the formulation of the National Cyber Security Policy 2013, after which the allocations begin to dwindle in FY 2014-15. We can also note that with the exception of FY 2015-16 actual expenditure is consistently lower than the Budgeted Expenditure allocated to all these Ministries for cybersecurity related activities.

Figure 10: Ministry-wise Total Expenditure on Cybersecurity and Related Activities
FY 2013-14 to FY 2019-20

It is interesting to note that if we convert the absolute figures represented in Figure 10 into percentages, and represent the same data set as such, it reveals a remarkable consistency and a clear pattern emerges in burden-sharing between these three Ministries (MHA, MeitY and DoT under the Ministry of Communications).

Figure 11 depicts the same allocations indicated as absolute figures in Figure 10 as percentages of the total expenditure on core cybersecurity activities. It is clear that the MHA consistently bears the bulk of expenses on cyber security related activities, clearly with an emphasis on cyber crimes. The remaining half seems to be divided between MeitY and DoT more or less equally. FY 2015-16 allocations and actual expenditure in FY 2014-15 is the only exception to this equal distribution.

Figure 11: Ministry-wise Total Allocation for Cybersecurity and Related Activities
FY 2013-14 to FY 2019-20

Activity-wise Allocation and Expenditure on Cybersecurity

To further analyse how these budgetary allocations are being utilized, we have re-categorized the expenditures mentioned in Department/Ministry wise allocation into five categories, each of which have been identified as constituent elements of the three Pillars of Strategy namely: 

  1. Human Resource Development Component (Strengthen)
  2. Technical Research and Development Component, Capacity Building (Strengthen/Synergize)
  3. International Cooperation and Investment Promotion Component (Secure/Synergise)
  4. Standardization, Quality Testing and Certification Component (Strengthen)
  5. Active Cyber Incident Response/ Cyber Defence Operations and Security Component (Secure/Strengthen)

The total expenses incurred for these allocations are calculated to identify if any trends or patterns emerge to identify which activities are being prioritized according to the actual expenditure incurred by the relevant ministries. It is important to note that none of these categories include any expenses earmarked for cyber defence operations under the MoD, as the budget heads do not permit drawing such an inference in its current format.

In this reclassification, we have included one budget head each for two other Departments that do not figure in the data represented in Figures 9, 10 or 11. Namely, these are (a) the allocation towards corporate data management under the authority of the Ministry of Corporate Affairs, which has been included in category (5) indicated above and (b) the allocation towards technical and economic cooperation with other countries for the Department of Economic Affairs under the Ministry of Finance, which has been included in category (3) indicated above.

Figure 12 represents activity-wise trends in these Ministries’ actual expenditure. The figures for FY 2018-19 and FY 2019-20 represent the RE and BE for those years, respectively. It is not surprising that the expenditure on international cooperation and investment promotion towers over all other activities, as the allocated expenses would contribute to overall cooperation efforts at the international level and the promotion of investment broadly, and not only cybersecurity. Nonetheless, these are crucial contributions to enhancing India’s cybersecurity posture at home and abroad. For a clearer analysis, we remove the indicator for expenses towards international cooperation and investment promotion in Figure 13.

Figure 12: Activity-wise Expenditure for Cyber Security
FY 2013-14 to FY 2019-20
Figure 13: Activity-wise Expenditure for Cybersecurity FY 2013-14 to FY 2019-20 (excluding international cooperation and investment promotion)

From Figure 13, we can clearly infer which of the four activities at the core of the Government’s cybersecurity efforts are being prioritized in terms of allocation of budgetary resources. Clearly, emphasis on equipment testing and certification needs to be sharpened. There is an apparent tension between the funds that are made available for active cybersecurity operations and programmes on the one hand, and investments in human resource development on the other.

We submit that in both these areas, the Government must look to the private sector to create synergies and supplement the financial resources available for these particular activities. We also recommend that the expenditure earmarked for quality testing, development of technical standards and certification should be increased, and accorded greater priority than before.

Share of Ministries’ Budget Allocated to Cybersecurity and Related Activities

If we try to contextualize the utilization of funds made available for cybersecurity-related activities against the total allocations to relevant Ministries, there is no identifiable trend in expenditure patterns of the MEA, MeitY and DoT. Figure 14 represents the total expenditure on cybersecurity-related activities as a percentage of the total expenses allocated to the relevant Ministry. Cybersecurity-related activities appear to be fluctuating in terms of the priority accorded to them over time, in the diversion of financial resources towards this area. The contribution of the Department of Science and Technology towards R&D in cybersecurity has been consistently low, almost negligible. This has only changed with the establishment of the National Mission on Interdisciplinary Cyber Physical Systems in FY 2018-19. has been MHA’s share of expenditure on cybersecurity activities appears relatively more consistent, and could potentially be leveraged to create synergies for the rationalization of expenditure across Ministries.

Figure 14: Share of Cybersecurity-related Activities in Total Budget Allocated to Ministries

Budget for NCSS 2020?

In anticipation of the National Cyber Security Strategy 2020 expected to be released soon, we will be closely monitoring the the Union Budget for FY 2020-21 for fresh allocations to the relevant departments indicated in our analysis. We will also be on the lookout for fresh allocations that may be relevant to various components of the NCSS 2020. Watch this space for more on India’s Cybersecurity Budget 2020, coming soon!

CCG's Comments to the National Security Council Secretariat on the National Cyber Security Strategy 2020

The Centre for Communication Governance at the National Law University Delhi (CCG) is grateful to the National Security Council Secretariat for this opportunity to make meaningful contributions to its mandate of formulating a futuristic National Cyber Security Strategy 2020 (NCSS). In response to the Call for Comments CCG apart from the comments below, CCG has separately submitted detailed comments to the Office of the National Cyber Security Coordinator.

Our comments are a result of original and thorough legal and policy research which draws upon multiple primary sources of information, including applicable domestic and international law and precedents, and a comparative study of the cyber security strategy and policy documents of 16 other countries. Secondary sources such as news reports, statistics on cybercrime and malicious cyber activity compiled and released by various Government departments and agencies and data on budgetary allocations released by the Union Government have also been relied on.

This submission is presented in six parts, supplemented by three annexures that provide insight into our sources, analysis and research methodology.

Part I introduces the background in which this strategy is being formulated, and presents a principled approach to the formulation of cybersecurity policy, that is driven by a coherent strategic framework constructed under the NCSS to guide it.

Part II presents an analysis of the landscape of existing and emergent threats that pose a risk to the cybersecurity of the entire nation. We do so with the objective of identifying areas that need to be accorded a higher priority in the formulation of the NCSS.

Parts III, IV and V correspond to the three pillars of strategy identified in the Call for Comments. Part III deals with the horizontal dimension of strategy and unpacks the contents of the first pillar, i.e., “Secure”, wherein we present for the consideration of the Secretariat, an original three-tiered model of the ‘national cyberspace’ as a roadmap to cyber sovereignty. We submit for consideration for the Secretariat, the adoption of the principle of peaceful uses of cyberspace to align with the nation’s goals of sustainable economic development, while being mindful of the gradual militarization of cyberspace by both state and non-state actors.

Part IV deals with the “Strengthen” pillar in which CCG examines the existing architecture for cybersecurity to analyse the vertical dimensions of strategy. Herein, we propose measures to strengthen institutions, process and capabilities relevant for cyber security.

Part V deals with the third pillar, namely, “Synergise”, which explains how the horizontal and vertical dimensions of the strategy can be integrated in order to optimize levels of inherent friction that could hinder the achievement of strategic and policy goals. We propose that synergies need to be identified and/or created at three levels. First, at the inter-ministerial level, among the government departments and agencies. Second, at the national level, for enhanced cooperation and strategic partnerships between the public and private sectors. Third, at the international level for enhanced cooperation and strategic partnerships with like-minded nations, geared towards building stronger national defences in cyberspace. In this part, we take the Government’s inclination to treat data a “public good” or “societal commons” to its logical conclusion and accordingly, propose a principled, common-but-differentiated-responsibility model between multiple stakeholders in the cybersecurity ecosystem for grounding public private partnerships and pooling of financial resources.

Part VI concludes this submission and presents the major findings, suggestions and recommendations of this submission.

The full text of the comments is available here.

The Pegasus Hack: A Hark Back to the Wassenaar Arrangement

By Sharngan Aravindakshan

The world’s most popular messaging application, Whatsapp, recently revealed that a significant number of Indians were among the targets of Pegasus, a sophisticated spyware that operates by exploiting a vulnerability in Whatsapp’s video-calling feature. It has also come to light that Whatsapp, working with the University of Toronto’s Citizen Lab, an academic research organization with a focus on digital threats to civil society, has traced the source of the spyware to NSO Group, an Israeli company well known both for developing and selling hacking and surveillance technology to governments with a questionable record in human rights. Whatsapp’s lawsuit against NSO Group in a federal court in California also specifically alludes to NSO Group’s clients “which include but are not limited to government agencies in the Kingdom of Bahrain, the United Arab Emirates, and Mexico as well as private entities.” The complaint filed by Whatsapp against NSO Group can be accessed here.

In this context, we examine the shortcomings of international efforts in limiting or regulating the transfers or sale of advanced and sophisticated technology to governments that often use it to violate human rights, as well as highlight the often complex and blurred lines between the military and civil use of these technologies by the government.

The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (WA) exists for this precise reason. Established in 1996 and voluntary / non-binding in nature[I], its stated mission is “to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.”[ii] Military advancements across the globe, significant among which were the Indian and Pakistani nuclear tests, rocket tests by India and South Korea and the use of chemical warfare during the Iran-Iraq war, were all catalysts in the formulation of this multilateral attempt to regulate the transfer of advanced technologies capable of being weaponized.[iii] With more and more incidents coming to light of authoritarian regimes utilizing advanced western technology to violate human rights, the WA was amended to bring within its ambit “intrusion software” and “IP network surveillance systems” as well. 

Wassenaar: A General Outline

With a current membership of 42 countries (India being the latest to join in late 2017), the WA is the successor to the cold war-era Coordinating Committee for Multilateral Export Controls (COCOM) which had been established by the Western Bloc in order to prevent weapons and technology exports to the Eastern Bloc or what was then known as the Soviet Union.[iv] However, unlike its predecessor, the WA does not target any nation-state, and its members cannot exercise any veto power over other member’s export decisions.[v] Notably, while Russia is a member, Israel and China are not.

The WA lists out the different technologies in the form of “Control Lists” primarily consisting of the “List of Dual-Use Goods and Technologies” or the Basic List, and the “Munitions List”.[vi] The term “dual-use technology” typically refers to technology that can be used for both civilian and military purposes.[vii] The Basic List consists of ten categories[viii]

  • Special Materials and Related Equipment (Category 1); 
  • Materials Processing (Category 2); 
  • Electronics (Category 3); 
  • Computers (Category 4); 
  • Telecommunications (Category 5, Part 1); 
  • Information Security (Category 5, Part 2); 
  • Sensors and Lasers (Category 6); 
  • Navigation and Avionics (Category 7); 
  • Marine (Category 8); 
  • Aerospace and Propulsion (Category 9). 

Additionally, the Basic List also has the Sensitive and Very Sensitive Lists which include technologies covering radiation, submarine technology, advanced radar, etc. 

An outline of the WA’s principles is provided in its Guidelines & Procedures, including the Initial Elements. Typically, participating countries enforce controls on transfer of the listed items by enacting domestic legislation requiring licenses for export of these items and are also expected to ensure that the exports “do not contribute to the development or enhancement of military capabilities which undermine these goals, and are not diverted to support such capabilities.[ix]

While the Guidelines & Procedures document does not expressly proscribe the export of the specified items to non-WA countries, members are expected to notify other participants twice a year if a license under the Dual List is denied for export to any non-WA country.[x]

Amid concerns of violation of civil liberties

Unlike conventional weapons, cyberspace and information technology is one of those sectors where the government does not yet have a monopoly in expertise. In what can only be termed a “cyber-arms race”, it would be fair to say that most governments are even now busily acquiring technology from private companies to enhance their cyber-capacity, which includes surveillance technology for intelligence-gathering efforts. This, by itself, is plain real-politik.

However, amid this weaponization of the cyberspace, there were growing concerns that this technology was being purchased by authoritarian or repressive governments for use against their citizens. For instance, Eagle, monitoring technology owned by Amesys (a unit of the French firm Bull SA), Boeing Co.’s internet-filtering Narus, and China’s ZTE Corp. all contributed to the surveillance efforts by Col. Gaddafi’s regime in Libya. Surveillance technology equipment sold by Siemens AG and maintained by Nokia Siemens Networks were used against human rights activists in Bahrain. These instances, as part of a wider pattern that came to the spotlight, galvanized the WA countries in 2013 to include “intrusion software” and “IP network surveillance systems” in the Control List to attempt to limit the transfer of these technologies to known repressive regimes. 

Unexpected Consequences

The 2013 Amendment to the Control Lists was the subject of severe criticism by tech companies and civil society groups across the board. While the intention behind it was recognized as laudable, the terms “intrusion software” and “IP network surveillance system” were widely viewed as over-broad and having the unintended consequence of looping in both legitimate as well as illegitimate use of technology. The problems pointed out by cybersecurity experts are manifold and are a result of a misunderstanding of how cybersecurity works.

The inclusion of these terms, which was meant to regulate surveillance based on computer codes / programmes, also has the consequence of bringing within its ambit legitimate and often beneficial uses of these technologies, including even antivirus technology according to one view. Cybersecurity research and development often involves making use of “zero-day exploits” or vulnerabilities in the developed software, which when discovered and reported by any “bounty hunter”, is typically bought by the company owning the software. This helps the company immediately develop a “patch” for the reported vulnerability. These transactions are often necessarily cross-border. Experts complained that if directly transposed to domestic law, the changes would have a chilling effect on the vital exchange of information and research in this area, which was a major hurdle for advances in cybersecurity, making cyberspace globally less safer. A prime example is HewlettPackard’s (HP)  withdrawal from Pwn2Own—a computer hacking contest held annually at the PacSecWest security conference where contestants are challenged to hack into / exploit vulnerabilities on widely used software. HP, which sponsored the event, was forced to withdraw in 2015 citing the “complexity in obtaining real-time import /export licenses in countries that participate in the Wassenaar Arrangement”, among others. The member nation in this case was Japan.

After facing fierce opposition on its home soil, the United States decided to not implement the WA amendment and instead, decided to argue for a reversal at the next Plenary session of the WA, which failed. Other nations, including the EU and Japan have implemented the WA amendment export controls with varying degrees of success.

The Pegasus Hack, India and the Wassenaar

Considering many of the Indians identified as victims of the Pegasus hack were either journalists or human rights activists, with many of them being associated with the highly-contentious Bhima-Koregaon case, speculation is rife that the Indian government is among those purchasing and utilizing this kind of advanced surveillance technology to spy on its own citizens. Adding this to the NSO Group’s public statement that its “sole purpose” is to “provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime”, it appears there are credible allegations that the Indian government was involved in the hack. The government’s evasiveness in responding and insistence on so-called “standard operating procedures” having been followed are less than reassuring.

While India’s entry to the WA as its 42nd member in 2018 has certainly elevated its status in the international arms control regime by granting it access to three of the world’s four main arms-control regimes (the others being the Nuclear Suppliers’ Group / NSG, the Missile Technology Control Group / MTCR and the Australia Group), the Pegasus Hack incident and the apparent connection to the Indian government shows us that its commitment to the principles underlying the WA is doubtful. The purpose of the inclusion of “intrusion software” and “IP network surveillance system” in the WA’s Control Lists by way of the 2013 Amendment, no matter their unintended consequences for legitimate uses of such technology, was to prevent governmental purchases exactly like this one. Hence, even though the WA does not prohibit the purchase of any surveillance technology from a non-member, the Pegasus incident arguably, is still a serious detraction from India’s commitment to the WA, even if not an explicit violation.

Military Cyber-Capability Vs Law Enforcement Cyber-Capability

Given what we know so far, it appears that highly sophisticated surveillance technology has also come into the hands of local law enforcement agencies. Had it been disclosed that the Pegasus software was being utilized by a military wing against external enemies, by, say, even the newly created Defence Cyber Agency, it would have probably caused fewer ripples. In fact, it might even have come off as reassuring evidence of the country’s advanced cyber-capabilities. However, the idea of such advanced, sophisticated technologies at the easy disposal of local law enforcement agencies is cause for worry. This is because while traditionally the domain of the military is external, the domain of law enforcement agencies is internal, i.e., the citizenry. There is tremendous scope for misuse by such authorities, including increased targeting of minorities. The recent incident of police officials in Hyderabad randomly collecting biometric data including their fingerprints and clicking people’s pictures only exacerbates this point. Even abroad, there already exist on-going efforts to limit the use of surveillance technologies by local law enforcement such as the police.

The conflation of technology use by both military and civil agencies  is a problem that is created in part at least, by the complex and often dual-use nature of technology. While dual use technology is recognized by the WA, this problem is not one that it is able to solve. As explained above, dual use technology is technology that can be used for both civil and military purposes. The demands of real-politik, increase in cyber-terrorism and the manifold ways in which a nation’s security can be compromised in cyberspace necessitate any government in today’s world to increase and improve its cyber-military-capacity by acquiring such technology. After all, a government that acquires surveillance technology undoubtedly increases the effectiveness of its intelligence gathering and ergo, its security efforts. But at the same time, the government also acquires the power to simultaneously spy on its own citizens, which can easily cascade into more targeted violations. 

Governments must resist the impulse to turn such technology on its own citizens. In the Indian scenario, citizens have been granted a ring of protection by way of the Puttaswamy judgement, which explicitly recognizes their right to privacy as a fundamental right. Interception and surveillance by the government while currently limited by laid-down protocols, are not regulated by any dedicated law. While there are calls for urgent legislation on the subject, few deal with the technology procurement processes involved. It has also now emerged that Chhattisgarh’s State Government has set up a panel to look into allegations that that NSO officials had a meeting with the state police a few years ago. This raises questions of oversight in the relevant authorities’ public procurement processes, apart from their legal authority to actually carry out domestic surveillance by exploiting zero-day vulnerabilities.  It is now becoming evident that any law dealing with surveillance will need to ensure transparency and accountability in the procurement of and use of the different kinds of invasive technology adopted by Central or State authorities to carry out such surveillance. 


[i]A Guide to the Wassenaar Arrangement, Daryl Kimball, Arms Control Association, December 9, 2013, https://www.armscontrol.org/factsheets/wassenaar, last accessed on November 27, 2019.

[ii]Ibid.

[iii]Data, Interrupted: Regulating Digital Surveillance Exports, Tim Maurerand Jonathan Diamond, November 24, 2015, World Politics Review.

[iv]Wassenaar Arrangement: The Case of India’s Membership, Rajeswari P. Rajagopalan and Arka Biswas, , ORF Occasional Paper #92 p.3, OBSERVER RESEARCH FOUNDATION, May 5, 2016, http://www.orfonline.org/wp-content/uploads/2016/05/ORF-Occasional-Paper_92.pdf, last accessed on November 27, 2019.

[v]Ibid, p. 3

[vi]“List of Dual-Use Goods and Technologies And Munitions List,” The Wassenaar Arrangement, available at https://www.wassenaar.org/public-documents/, last accessed on November 27, 2019. 

[vii]Article 2(1), Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL setting up a Union regime for the control of exports, transfer, brokering, technical assistance and transit of dual-use items (recast), European Commission, September 28th, 2016, http://trade.ec.europa.eu/doclib/docs/2016/september/tradoc_154976.pdf, last accessed on November 27, 2019. 

[viii]supra note vi.

[ix]Guidelines & Procedures, including the Initial Elements, The Wassenaar Arrangement, December, 2016, http://www.wassenaar.org/wp- content/uploads/2016/12/Guidelines-and-procedures-including-the-Initial-Elements-2016.pdf, last accessed on November 27, 2019.

[x]Articles V(1) & (2), Guidelines & Procedures, including the Initial Elements, The Wassenaar Arrangement, December, 2016, https://www.wassenaar.org/public-documents/, last accessed on November 27, 2019.

Fork in the Road? UN General Assembly passes Russia-backed Resolution to fight Cybercrime.

By Sharngan Aravindakshan

On 19 November 2019, the Third Committee of the United Nations General Assembly passed a Russia-backed resolution. The resolution called for the establishment of an ad-hoc intergovernmental committee of experts “to elaborate a comprehensive international convention countering the use of information and communications technologies for criminal purposes” (A/C.3/74/L.11/Rev.1). China, Iran, Myanmar, North Korea and Syria were also some of the countries that sponsored the resolution. Notably, countries such as Russia, China and North Korea are all proponents of the internet-restrictive “cyber-sovereignty” model, as opposed to the free, open and global internet advocated by the Western bloc. Equally notably, India voted in favour of the resolution. The draft resolution, which was passed by a majority of 88-58 with 34 abstentions, can be accessed here.

The resolution was strongly opposed by most of the Western bloc, with the United States leading the fight against what they believe is a divisive attempt by Russia and China to create UN norms and standards permitting unrestricted state control of the internet. This is the second successful attempt by Russia and China, traditionally seen as outliers in cyberspace for their authoritarian internet regimes, to counter cybernorm leadership by the West. The resolution, to the extent it calls for the establishment of an open-ended ad hoc intergovernmental committee of experts “to elaborate a comprehensive international convention” on cybercrime, is also apparently a Russian proposal for an alternative to the Council of Europe’s Budapest Convention.

Similarly, last year, Russia and China successfully pushed for and established the Open-Ended Working Group (OEWG), also under the aegis of the United Nations, as an alternative to the US-led UN Group of Governmental Experts (GGE) in the attempt at making norms for responsible state behaviour in cyberspace. Hence, we now have two parallel UN based processes working on essentially the same issues in cyberspace. The Russians claim that both these processes  are complementary to each other, while others have stated that it was actually an attempt to delay consensus-building in cyberspace. In terms of outcome, scholars have noted the likelihood of either both processes succeeding or both failing, or what Dennis Broeders termed “Mutually Assured Diplomacy”.

Criticism

The Russia-backed cyber-crime resolution, while innocuously worded, has been widely criticized by civil society groups for its vagueness and for potentially opening the door to widespread human rights violations. In an open letter to the UN General Assembly, various civil society and academic groups have expressed the worry that “it could lead to criminalizing ordinary online behaviour protected under human rights law” and assailed the resolution for the following reasons:

  • The resolution fails to define “use of information and communication technologies for criminal purposes.” It is not clear whether this is meant to cover cyber-dependent crimes (i.e. crimes that can only be committed by using ICTs, like breaking into computer systems to commit a crime or DDoS attacks) or cyber-enabled crimes (i.e. using ICTs to assist in committing “offline” crimes, like child sexual exploitation). The broad wording of the text includes most crimes and this lack of specificity opens the door to criminalising even ordinary online behaviour;
  • The single reference to human rights in the resolution, i.e., “Reaffirming the importance of respect for human rights and fundamental freedoms” is not strong enough to counter the growing trend among countries to use cybercrime legislation to violate human rights, nor does it recognize any positive obligation on the state to protect human rights.
  • It is essentially a move to negotiate a cybercrime convention or treaty, which will duplicate efforts. The Council of Europe’s Budapest Convention already has the acceptance of 64 countries that have ratified it. Also, there are already other significant international efforts underway in combating cybercrime including the UN Office on Drugs and Crime working on various related issues such as challenges faced by national laws in combating cybercrime (Cybercrime Depository) and the Open Ended Intergovernmental Expert Group Meeting on Cybercrime, which is due to release its report with its findings in 2021.

Wolves in the hen-house?

Russia’s record in human rights protection in the use of information and communications technology has been controversial. Conspicuously, this resolution comes just a few months after it passed its “sovereign-internet law”. The law grants the Kremlin the power to completely cut-off the Russian internet from the rest of the world. According to Human Rights Watch, the law obliges internet service providers to install special equipment that can track, filter, and reroute internet traffic, allowing the Russian government to spy, censor and independently block access to internet content ranging from a single message to cutting off Russia from the global internet or shutting down internet within Russia. While some experts have doubted the technical feasibility of isolating the Russian internet no matter what the government wants, the law has already come into force from 1 November 2019 and it definitely seems like Russia is going to try.

Apart from this, there have also been credible claims attributing various cyberattacks to Russia, including the 2007 attacks on Estonia, the 2008 attacks on Georgia and even the recent hacking of the Democratic National Committee (DNC) in the US. More recently, in a rare incident of collective public attribution, the US, the UK and the Netherlands called out Russia for targeting the Organization for the Prohibition of Chemical Weapons’ (OPCW) investigation into the chemical attack on a former Russian spy in the U.K., and anti-doping organizations through cyberattacks in 2018.

China, another sponsor of the resolution, is also not far behind. According to the RAND Corporation, the most number of cyber-incidents including cyber theft from 2005- 2017 was attributed to China. Also, China’s Great Firewall is famous for allowing internet censorship in the country. A Russo-China led effort in international cybernorm making is now widely feared as portending stricter state control over the internet leading to more restrictions on civil liberties.

However, as a victim of growing cyber-attacks and as a country whose current public stance is against “data monopoly” by the West, India is going to need a lot more convincing by the Western bloc to bring it over to the “free, open and global” internet camp, as its vote in favour of this resolution shows. An analysis of the voting pattern for last year’s UNGA resolution on countering the use of ICT for criminal purposes and what it means for international cyber norm making can be accessed here.

Fractured Norm-making

This latest development only further splinters the already fractured global norm-making process in cyberspace. Countries such as the United States are also taking the approach of negotiating separate bilateral cyberspace treaties with “like-minded nations” to advance its “cyber freedom” doctrine and China is similarly advancing its own “cyber-sovereignty” doctrine alongside Russia.

Add to this mix the private sector’s efforts like Microsoft’s Cybersecurity Tech Accord (2018) and the Paris Call for Trust and Security in Cyberspace (2018), and it becomes clear that any unified multilateral approach to cybernorm making now seems extremely difficult, if not impossible. With each initiative paving its own way, it now remains to be seen whether these roads all lead to cyberspace stability.

[September 30-October 7] CCG’s Week in Review Curated News in Information Law and Policy

Huawei finds support from Indian telcos in the 5G rollout as PayPal withdrew from Facebook’s Libra cryptocurrency project; Foreign Portfolio Investors moved MeitY against in the Data Protection Bill; the CJEU rules against Facebook in case relating to takedown of content globally; and Karnataka joins list of states considering implementing NRC to remove illegal immigrants – presenting this week’s most important developments in law, tech and national security.

Digital India

  • [Sep 30] Why the imminent global economic slowdown is a growth opportunity for Indian IT services firms, Tech Circle report.
  • [Sep 30] Norms tightened for IT items procurement for schools, The Hindu report.
  • [Oct 1] Govt runs full throttle towards AI, but tech giants want to upskill bureaucrats first, Analytics India Magazine report.
  • [Oct 3] – presenting this week’s most important developments in law, tech and national security. MeitY launches smart-board for effective monitoring of the key programmes, The Economic Times report.
  • [Oct 3] “Use human not artificial intelligence…” to keep a tab on illegal constructions: Court to Mumbai civic body, NDTV report.
  • [Oct 3] India took 3 big productivity leaps: Nilekani, Livemint report.
  • [Oct 4] MeitY to push for more sops to lure electronic makers, The Economic Times report; Inc42 report.
  • [Oct 4] Core philosophy of Digital India embedded in Gandhian values: Ravi Shankar Prasad, Financial Express report.
  • [Oct 4] How can India leverage its data footprint? Experts weigh in at the India Economic Summit, Quartz report.
  • [Oct 4] Indians think jobs would be easy to find despite automation: WEF, Tech Circle report.
  • [Oct 4] Telangana govt adopts new framework to use drones for last-mile delivery, The Economic Times report.
  • [Oct 5] Want to see ‘Assembled in India’ on an iPhone: Ravi Shankar Prasad, The Economic Times report.
  • [Oct 6] Home market gets attractive for India’s IT giants, The Economic Times report.

Internet Governance

  • [Oct 2] India Govt requests maximum social media content takedowns in the world, Inc42 report; Tech Circle report.
  • [Oct 3] Facebook can be forced to delete defamatory content worldwide, top EU court rules, Politico EU report.
  • [Oct 4] EU ruling may spell trouble for Facebook in India, The Economic Times report.
  • [Oct 4] TikTok, TikTok… the clock is ticking on the question whether ByteDance pays its content creators, ET Tech report.
  • [Oct 6] Why data localization triggers a heated debate, The Economic Times report.
  • [Oct 7] Sensitive Indian govt data must be stored locally, Outlook report.

Data Protection and Privacy

  • [Sep 30] FPIs move MeitY against data bill, seek exemption, ET markets report, Inc42 report; Financial Express report.
  • [Oct 1] United States: CCPA exception approved by California legislature, Mondaq.com report.
  • [Oct 1] Privacy is gone, what we need is regulation, says Infosys Kris Gopalakrishnana, News18 report.
  • [Oct 1] Europe’s top court says active consent is needed for tracking cookies, Tech Crunch report.
  • [Oct 3] Turkey fines Facebook $282,000 over data privacy breach, Deccan Herald report.

Free Speech

  • [Oct 1] Singapore’s ‘fake news’ law to come into force Wednesday, but rights group worry it could stifle free speech, The Japan Times report.
  • [Oct 2] Minister says Singapore’s fake news law is about ‘enabling’ free speech, CNBC report.
  • [Oct 3] Hong Kong protests: Authorities to announce face mask ban, BBC News report.
  • [Oct 3] ECHR: Holocaust denial is not protected free speech, ASIL brief.
  • [Oct 4] FIR against Mani Ratnam, Adoor and 47 others who wrote to Modi on communal violence, The News Minute report; Times Now report.
  • [Oct 5] UN asks Malaysia to repeal laws curbing freedom of speech, The New Indian Express report.
  • [Oct 6] When will our varsities get freedom of expression: PC, Deccan Herald report.
  • [Oct 6] UK Government to make university students sign contracts limiting speech and behavior, The Times report.
  • [Oct 7] FIR on Adoor and others condemned, The Telegraph report.

Aadhaar, Digital IDs

  • [Sep 30] Plea in SC seeking linking of social media accounts with Aadhaar to check fake news, The Economic Times report.
  • [Oct 1] Why another omnibus national ID card?, The Hindu Business Line report.
  • [Oct 2] ‘Kenyan court process better than SC’s approach to Aadhaar challenge’: V Anand, who testified against biometric project, LiveLaw report.
  • [Oct 3] Why Aadhaar is a stumbling block in Modi govt’s flagship maternity scheme, The Print report.
  • [Oct 4] Parliament panel to review Aadhaar authority functioning, data security, NDTV report.
  • [Oct 5] Could Aahdaar linking stop GST frauds?, Financial Express report.
  • [Oct 6] Call for liquor sale-Aadhaar linking, The New Indian Express report.

Digital Payments, Fintech

  • [Oct 7] Vision cash-lite: A billion UPI transactions is not enough, Financial Express report.

Cryptocurrencies

  • [Oct 1] US SEC fines crypto company Block.one for unregistered ICO, Medianama report.
  • [Oct 1] South Korean Court issues landmark decision on crypto exchange hacking, Coin Desk report.
  • [Oct 2] The world’s most used cryptocurrency isn’t bitcoin, ET Markets report.
  • [Oct 2] Offline transactions: the final frontier for global crypto adoption, Coin Telegraph report.
  • [Oct 3] Betting on bitcoin prices may soon be deemed illegal gambling, The Economist report.
  • [Oct 3] Japan’s financial regulator issues draft guidelines for funds investing in crypto, Coin Desk report.
  • [Oct 3] Hackers launch widespread botnet attack on crypto wallets using cheap Russian malware, Coin Desk report.
  • [Oct 4] State-backed crypto exchange in Venezuela launches new crypto debit cards, Decrypt report.
  • [Oct 4] PayPal withdraws from Facebook-led Libra crypto project, Coin Desk report.
  • [Oct 5] Russia regulates digital rights, advances other crypto-related bills, Bitcoin.com report.
  • [Oct 5] Hong Kong regulates crypto funds, Decrypt report.

Cybersecurity and Cybercrime

  • [Sep 30] Legit-looking iPhone lightening cables that hack you will be mass produced and sold, Vice report.
  • [Sep 30] Blackberry launches new cybersecurity development labs, Infosecurity Mgazine report.
  • [Oct 1] Cybersecurity experts warn that these 7 emerging technologies will make it easier for hackers to do their jobs, Business Insider report.
  • [Oct 1] US government confirms new aircraft cybersecurity move amid terrorism fears, Forbes report.
  • [Oct 2] ASEAN unites to fight back on cyber crime, GovInsider report; Asia One report.
  • [Oct 2] Adopting AI: the new cybersecurity playbook, TechRadar Pro report.
  • [Oct 4] US-UK Data Access Agreement, signed on Oct 3, is an executive agreement under the CLOUD Act, Medianama report.
  • [Oct 4] The lack of cybersecurity talent is ‘a  national security threat,’ says DHS official, Tech Crunch report.
  • [Oct 4] Millions of Android phones are vulnerable to Israeli surveillance dealer attack, Forbes report; NDTV report.
  • [Oct 4] IoT devices, cloud solutions soft target for cybercriminals: Symantec, Tech Circle report.
  • [Oct 6] 7 cybersecurity threats that can sneak up on you, Wired report.
  • [Oct 6] No one could prevent another ‘WannaCry-style’ attack, says DHS official, Tech Crunch report.
  • [Oct 7] Indian firms rely more on automation for cybersecurity: Report, ET Tech report.

Cyberwarfare

  • [Oct 2] New ASEAN committee to implement norms for countries behaviour in cyberspace, CNA report.

Tech and National Security

  • [Sep 30] IAF ready for Balakot-type strike, says new chief Bhadauria, The Hindu report; Times of India report.
  • [Sep 30] Naval variant of LCA Tejas achieves another milestone during its test flight, Livemint report.
  • [Sep 30] SAAB wants to offer Gripen at half of Rafale cost, full tech transfer, The Print report.
  • [Sep 30] Rajnath harps on ‘second strike capability’, The Shillong Times report.
  • [Oct 1] EAM Jaishankar defends India’s S-400 missile system purchase from Russia as US sanctions threat, International Business Times report.
  • [Oct 1] SC for balance between liberty, national security, Hindustan Times report.
  • [Oct 2] Startups have it easy for defence deals up to Rs. 150 cr, ET Rise report, Swarajya Magazine report.
  • [Oct 3] Huawei-wary US puts more pressure on India, offers alternatives to data localization, The Economic Times report.
  • [Oct 4] India-Russia missile deal: What is CAATSA law and its implications?, Jagran Josh report.
  • [Oct 4] Army inducts Israeli ‘tank killers’ till DRDO develops new ones, Defence Aviation post report.
  • [Oct 4] China, Russia deepen technological ties, Defense One report.
  • [Oct 4] Will not be afraid of taking decisions for fear of attracting corruption complaints: Rajnath Singh, New Indian Express report.
  • [Oct 4] At conclave with naval chiefs of 10 countries, NSA Ajit Doval floats an idea, Hindustan Times report.
  • [Oct 6] Pathankot airbase to finally get enhanced security, The Economic Times report.
  • [Oct 6] rafale with Meteor and Scalp missiles will give India unrivalled combat capability: MBDA, The Economic Times report.
  • [Oct 7] India, Bangladesh sign MoU for setting up a coastal surveillance radar in Bangladesh, The Economic Times report; Decaan Herald report.
  • [Oct 7] Indian operated T-90 tanks to become Russian army’s main battle tank, EurAsian Times report.
  • [Oct 7] IAF’s Sukhois to get more advanced avionics, radar, Defence Aviation post report.

Tech and Law Enforcement

  • [Sep 30] TMC MP Mahua Mitra wants to be impleaded in the WhatsApp traceability case, Medianama report; The Economic Times report.
  • [Oct 1] Role of GIS and emerging technologies in crime detection and prevention, Geospatial World.net report.
  • [Oct 2] TRAI to take more time on OTT norms; lawful interception, security issue now in focus, The Economic Times report.
  • [Oct 2[ China invents super surveillance camera that can spot someone from a crowd of thousands, The Independent report.
  • [Oct 4] ‘Don’t introduce end-to-end encryption,’ UK, US and Australia ask Facebook in an open letter, Medianama report.
  • [Oct 4] Battling new-age cyber threats: Kerala Police leads the way, The Week report.
  • [Oct 7] India govt bid to WhatsApp decryption gets push as UK,US, Australia rally support, Entrackr report.

Tech and Elections

  • [Oct 1] WhatsApp was extensively exploited during 2019 elections in India: Report, Firstpost report.
  • [Oct 3] A national security problem without a parallel in American democracy, Defense One report.

Internal Security: J&K

  • [Sep 30] BDC polls across Jammu, Kashmir, Ladakh on Oct 24, The Economic Times report.
  • [Sep 30] India ‘invaded and occupied Kashmir, says Malaysian PM at UN General Assembly, The Hindu report.
  • [Sep 30] J&K police stations to have CCTV camera surveillance, News18 report.
  • [Oct 1] 5 judge Supreme court bench to hear multiple pleas on Article 370, Kashmir lockdown today, India Today report.
  • [Oct 1] India’s stand clear on Kashmir: won’t accept third-party mediation, India Today report.
  • [Oct 1] J&K directs officials to ensure all schools reopen by Thursday, NDTV report.
  • [Oct 2]] ‘Depressed, frightened’: Minors held in Kashmir crackdown, Al Jazeera report.
  • [Oct 3] J&K: When the counting of the dead came to a halt, The Hindu report.
  • [Oct 3] High schools open in Kashmir, students missing, The Economic Times report.
  • [Oct 3] Jaishanakar reiterates India’s claim over Pakistan-occupied Kashmir, The Hindu report.
  • [Oct 3] Normalcy prevails in Jammu and Kashmir, DD News report.
  • [Oct 3] Kashmiri leaders will be released one by one, India Today report.
  • [Oct 4] India slams Turkey, Malaysia remarks on J&K, The Hindu report.
  • [Oct 5] India’s clampdown hits Kashmir’s Silicon Valley, The Economic Times report.
  • [Oct 5] Traffic cop among 14 injured in grenade attack in South Kashmir, NDTV report; The Economic Times report.
  • [Oct 6] Kashmir situation normal, people happy with Article 370 abrogation: Prkash Javadekar, Times of India report.
  • [Oct 7] Kashmir residents say police forcibly taking over their homes for CRPF troops, Huffpost India report.

Internal Security: Northeast/ NRC

  • [Sep 30] Giving total control of Assam Rifles to MHA will adversely impact vigil: Army to Govt, The Economic Times report.
  • [Sep 30] NRC list impact: Assam’s foreigner tribunals to have 1,600 on contract, The Economic Times report.
  • [Sep 30] Assam NRC: Case against Wipro for rule violation, The Hindu report; News18 report; Scroll.in report.
  • [Sep 30] Hindu outfits demand NRC in Karnataka, Deccan Chronicle report; The Hindustan Times report.
  • [Oct 1] Centre extends AFPSA in three districts of Arunachal Pradesh for six months, ANI News report.
  • [Oct 1] Assam’s NRC: law schools launch legal aid clinic for excluded people, The Hindu report; Times of India report; The Wire report.
  • [Oct 1] Amit Shah in Kolkata: NRC to be implemented in West Bengal, infiltrators will be evicted, The Economic Times report.
  • [Oct 1] US Congress panel to focus on Kashmir, Assam, NRC in hearing on human rights in South Asia, News18 report.
  • [Oct 1] NRC must for national security; will be implemented: Amit Shah, The Hindu Business Line report.
  • [Oct 2] Bengali Hindu women not on NRC pin their hope on promise of another list, citizenship bill, The Print report.
  • [Oct 3] Citizenship Amendment Bill has become necessity for those left out of NRC: Assam BJP president Ranjeet Das, The Economic Times report.
  • [Oct 3] BJP govt in Karnataka mulling NRC to identify illegal migrants, The Economic Times report.
  • [Oct 3] Explained: Why Amit Shah wants to amend the Citizenship Act before undertaking countrywide NRC, The Indian Express report.
  • [Oct 4] Duplicating NPR, NRC to sharpen polarization: CPM, Deccan Herald report.
  • [Oct 5] We were told NRC India’s internal issue: Bangladesh, Livemint report.
  • [Oct 6] Prasanna calls NRC ‘unjust law’, The New Indian Express report.

National Security Institutions

  • [Sep 30] CRPF ‘denied’ ration cash: Govt must stop ‘second-class’ treatment. The Quint report.
  • [Oct 1] Army calls out ‘prejudiced’ foreign report on ‘torture’, refutes claim, Republic World report.
  • [Oct 2] India has no extraterritorial ambition, will fulfill regional and global security obligations: Bipin Rawat, The Economic Times report.

More on Huawei, 5G

  • [Sep 30] Norway open to Huawei supplying 5G equipment, Forbes report.
  • [Sep 30] Airtel deploys 100 hops of Huawei’s 5G technology, The Economic Times report.
  • [Oct 1] America’s answer to Huawei, Foreign Policy report; Tech Circle report.
  • [Oct 1] Huawei buys access to UK innovation with Oxford stake, Financial Times report.
  • [Oct 3] India to take bilateral approach on issues faced by other countries with China: Jaishankar, The Hindu report.
  • [Oct 4] Bharti Chairman Sunil Mittal says India should allow Huawei in 5G, The Economic Times report
  • [Oct 6] 5G rollout: Huawei finds support from telecom industry, Financial Express report.

Emerging Tech: AI, Facial Recognition

  • [Sep 30] Bengaluru set to roll out AI-based traffic solution at all signals, Entrackr report.
  • [Sep 1] AI is being used to diagnose disease and design new drugs, Forbes report.
  • [Oct 1] Only 10 jobs created for every 100 jobs taken away by AI, The Economic Times report.
  • [Oct 2]Emerging tech is helping companies grow revenues 2x: report, ET Tech report.
  • [Oct 2] Google using dubious tactics to target people with ‘darker skin’ in facial recognition project: sources, Daily News report.
  • [Oct 2] Three problems posed by deepfakes that technology won’t solve, MIT Technology Review report.
  • [Oct 3] Getting a new mobile number in China will involve a facial recognition test, Quartz report.
  • [Oct 4] Google contractors targeting homeless people, college students to collect their facial recognition data: Report, Medianama report.
  • [Oct 4] More jobs will be created than are lost from the IA revolution: WEF AI Head, Livemint report.
  • [Oct 6] IIT-Guwahati develops AI-based tool for electric vehicle motor, Livemint report.
  • [Oct 7] Even if China misuses AI tech, Satya Nadella thinks blocking China’s AI research is a bad idea, India Times report.

Big Tech

  • [Oct 3] Dial P for privacy: Google has three new features for users, Times of India report.

Opinions and Analyses

  • [Sep 26] Richard Stengel, Time, We’re in the middle of a global disinformation war. Here’s what we need to do to win.
  • [Sep 29] Ilker Koksal, Forbes, The shift toward decentralized finance: Why are financial firms turning to crypto?
  • [Sep 30] Nistula Hebbar, The Hindu, Govt. views grassroots development in Kashmir as biggest hope for peace.
  • [Sep 30] Simone McCarthy, South China Morning Post, Could China’s strict cyber controls gain international acceptance?
  • [Sep 30] Nele Achten, Lawfare blog, New UN Debate on cybersecurity in the context of international security.
  • [Sep 30[ Dexter Fergie, Defense One, How ‘national security’ took over America.
  • [Sep 30] Bonnie Girard, The Diplomat, A firsrhand account of Huawei’s PR drive.
  • [Oct 1] The Economic Times, Rafale: Past tense but furture perfect.
  • [Oct 1] Simon Chandler, Forbes, AI has become a tool for classifying and ranking people.
  • [Oct 2] Ajay Batra, Business World, Rethink India! – MMRCA, ESDM & Data Privacy Policy.
  • [Oct 2] Carisa Nietsche, National Interest, Why Europe won’t combat Huawei’s Trojan tech.
  • [Oct 3] Aruna Sharma, Financial Express, The digital way: growth with welfare.
  • [Oct 3] Alok Prasanna Kumar, Medianama, When it comes to Netflix, the Government of India has no chill.
  • [Oct 3] Fredrik Bussler, Forbes, Why we need crypto for good.
  • [Oct 3] Panos Mourdoukoutas, Forbes, India changed the game in Kashmir – Now what?
  • [Oct 3] Grant Wyeth, The Diplomat, The NRC and India’s unfinished partition.
  • [Oct 3] Zak Doffman, Forbes, Is Huawei’s worst Google nightmare coming true?
  • [Oct 4] Oren Yunger, Tech Crunch, Cybersecurity is a bubble, but it’s not ready to burst.
  • [Oct 4] Minakshi Buragohain, Indian Express, NRS: Supporters and opposers must engage each other with empathy.
  • [Oct 4] Frank Ready, Law.com, 27 countries agreed on ‘acceptable’ cyberspace behavior. Now comes the hard part.
  • [Oct 4] Samir Saran, World economic Forum (blog), 3 reasons why data is not the new oil and why this matters to India.
  • [Oct 4] Andrew Marantz, The New York Times, Free Speech is killing us.
  • [Oct 4] Financial Times editorial, ECJ ruling risks for freedom of speech online.
  • [Oct 4] George Kamis, GCN, Digital transformation requires a modern approach to cybersecurity.
  • [Oct 4] Naomi Xu Elegant and Grady McGregor, Fortune, Hong King’s mask ban pits anonymity against the surveillance state.
  • [Oct 4] Prashanth Parameswaran, The Diplomat, What’s behind the new US-ASEAN cyber dialogue?
  • [Oct 5] Huong Le Thu, The Strategist, Cybersecurity and geopolitics: why Southeast Asia is wary of a Huawei ban.
  • [Oct 5] Hannah Devlin, The Guardian, We are hurtling towards a surveillance state: the rise of facial recognition technology.
  • [Oct 5] PV Navaneethakrishnan, The Hindu Why no takers? (for ME/M.Tech programmes).
  • [Oct 6] Aakar Patel, Times of India blog, Cases against PC, letter-writing celebs show liberties are at risk.
  • [Oct 6] Suhasini Haidar, The Hindu, Explained: How ill purchases from Russia affect India-US ties?
  • [Oct 6] Sumit Chakraberty, Livemint, Evolution of business models in the era of privacy by design.
  • [Oct 6] Spy’s Eye, Outlook, Insider threat management.
  • [Oct 6] Roger Marshall, Deccan Herald, Big oil, Big Data and the shape of water.
  • [Oct 6] Neil Chatterjee, Fortune, The power grid is evolving. Cybersecurity  must too.
  • [Oct 7] Scott W Pink, Modaq.com, EU: What is GDPR and CCPA and how does it impact blockchain?
  • [Oct 7] GN Devy, The Telegraph, Has India slid into an irreversible Talibanization of the mind?
  • [Oct 7] Susan Ariel Aaronson, South China Morning Post, The Trump administration’s approach to AI is not that smart: it’s about cooperation, not domination.

[September 23-30] CCG’s Week in Review: Curated News in Information Law and Policy

The deadline to link PAN cards with Aadhaar was extended to December 31 this week; the Election Commission ruled that voting rights of those excluded in the NRC process remain unaffected; the Home Minister proposed a digital census with multipurpose ID cards for 2021; and 27 nations including the US, UK and Canada issued joint statement urging for a rules-based order in cyberspace – presenting this week’s most important developments in law, technology and national security.

Aadhaar and Digital IDs

  • [Sep 23] Home Minister announces digital census in 2021, proposed multipurpose ID card, Entrackr report; Business Today report.
  • [Sep 24] NRIs can now apply for Aadhaar on arrival without 182-day wait, The Economic Times report.
  • [Sep 24] Aadhaar will be linked to driving license to avoid forgery: Ravi Shankar Prasad, The Indian Express report.
  • [Sep 24] One nation, one card? Amit Shah floats idea of all-in-one ID; here are all the problems with that idea, Medianama report; Money Control report.
  • [Sep 24] Explained: Is India likely to have a multipurpose national ID card? The Indian Express report.
  • [Sep 24] UIDAI nod to ‘voluntary’ use of Aadhaar for National Population Register rollout, The Economic Times report.
  • [Sep 24] Govt must decide on Aadhaar-social media linkage:SC, Deccan Herald report.
  • [Sep 25] New law needed for Aadhaar-social media linkage: UIDAI, The Economic Times report; Inc42 report.
  • [Sep 26] NPR process to include passport, voter ID, Aadhaar and other details, Business Standard report.
  • [Sep 27] Gang involved in making fake Aadhaar cards busted, The Tribune report.
  • [Sep 27] What will happen if you don’t link your PAN card with Aadhaar by Sep 20, The Quint report.
  • [Sep 27] Explained: The National Population Register, and the controversy around it, The Indian Express report.
  • [Sep 27] Aadhaar to weed out bogus social security beneficiaries in Karnataka, Deccan Herald report.
  • [Sep 29] Bajrang Dal wants Aadhaar mandatory at dandiya to keep ‘non-Hindus’ out, The Hindustan Times report; The Wire report.
  • [Sep 30] Kerala urges Centre to extend deadline to link ration cards with Aadhaar, The News Minute report.
  • [Sep 30] PAN-Aadhaar linking deadline extended to December 31, The Economic Times report.

Digital India 

  • [Sep 25] India’s regulatory approach should focus on the regulation of the ‘core’: IAMAI, Livemint report.
  • [Sep 27] India may have to offer sops to boost electronic manufacturing, ET Tech report; Inc42 report.
  • [Sep 27] Digital India, start-ups are priorities for $5 trillion economy: PM Modi, Medianama report.
  • [Sep 29] Tech giants aim to skill Indian govt officials in AI, cloud, ET CIO report.
  • [Sep 29] India’s share in IT, R&D biz up in 2 years: report, The Economic Times report.

Internet Governance

  • [Sep 24] Supreme Court to MeitY: What’s the status of intermediary guidelines? Tell us by Oct 15, Medianama report.
  • [Sep 26] Will not be ‘excessive’ with social media rules, ay Govt officials, Inc42 report.
  • [Sep 26] Government trying to balance privacy and security in draft IT intermediary norms, The Economic Times report.
  • [Sep 27] Citizens, tech companies served better with some regulation: Facebook India MD Ajit Mohan, ET Tech report; Inc42 report.
  • [Sep 27] Balance benefits of internet, data security: Google CEO Sundar Pichai, ET Tech report; Business Today report.

Free Speech

  • [Sep 25] Jadavpur University calls upon ‘stakeholders’ to ensure free speech on campus, The New Indian Express report.
  • [Sep 28] RSS raises objections to uncensored content of Maoj Bajpayee’s “The Family Man”, The Hindu report; Outlook report.

Privacy and Data Protection

  • [Sep 23] A landmark decision on Tuesday could radically reshape how Google’s search results work, Business Insider report.
  • [Sep 23] Google tightens its voice assistant rules amidst privacy backlash, Wired report.
  • [Sep 24] Dell rolls out new data protection storage appliances and capabilities, ZDNet report.
  • [Sep 24] ‘Right to be forgotten’ privacy rule is limited by Europe’s top court, The New York Times report; Live Law report.
  • [Sep 27] Nigeria launches investigation into Truecaller for potential breach of privacy, Medianama report.
  • [Sep 29] Right to be forgotten will be arduous as India frames data protection law, Business Standard report.
  • [Sep 30] FPIs move against data bill, seek exemption, ET Telecom report; Entrackr report.

Data Localisation

  • [Sep 26] Reconsider imposition of data localisation: IAMAI report, The Economic Times report.
  • [Sep 27] Why data is not oil: Here’s how India’s data localisation norms will hurt the economy, Inc42 report.

Digital Payments and Fintech

  • [Sep 23] RBI rider on credit bureau data access has Fintech in a quandary, ET Tech report.

Cryptocurrencies

  • [Sep 23] Facebook reveals Libra currency basket breakdown, Coin Desk report.
  • [Sep 23] The face of India’s crypto lobby readies for a clash, Ozy report.
  • [Sep 23] Why has Brazil’s Central Bank included crypto assets in trade balance? Coin Telegraph report.
  • [Sep 24] French retailers widening crypto acceptance, Tech Xplore report.
  • [Sep 26] Why crypto hoaxes are so successful, Quartz report.
  • [Sep 26] South Africa: the net frontier for crypto exchanges, Coin Telegraph report
  • [Sep 27] The crypto wars’ strange bedfellows, Forbes report.
  • [Sep 28] Crypto industry is already preparing for Google’s ‘quantum supremacy’, Decrypt report.
  • [Sep 29] How crypto gambling is regulated around the world, Coin Telegraph report.

Tech and Law Enforcement

  • [Sep 29] New WhatsApp and Facebook Encryption ‘Backdoors’ – What’s really going on, Forbes report.
  • [Sep 28] Facebook, WhatsApp will have to share messages with UK Government, Bloomberg report.
  • [Sep 23] Secret FBI subpoenas scoop up personal data from scores of companies, The New York Times report.
  • [Sep 23] ‘Don’t transfer the WhatsApp traceability case’, Internet Freedom Foundation asks Supreme Court, Medianama report.
  • [Sep 24] China offers free subway rides to citizens who register their face with surveillance system, The Independent report.
  • [Sep 24] Facial recognition technology in public housing prompts backlash, The New York Times report.
  • [Sep 24] Facebook-Aadhaar linkage and WhatsApp traceability: Supreme Court says government must frame rules, CNBC TV18 report.
  • [ep 27] Fashion that counters surveillance cameras, Business Times report.
  • [Sep 27] Unnao rape case: Delhi court directs Apple to give Sengar’s location details on day of alleged rape, Medianama report.
  • [Sep 27] Face masks to decoy t-shirts: the rise of anti-surveillance fashion, Times of India report.
  • [Sep 30] Battle for privacy and encryption: WhatsApp and government head for a showdown on access to messages, ET Prime report.
  • [Sep 29] Improving digital evidence sharing, Scottish Government news report; Public technology report.

Internal Security: J&K

  • [Sep 23] Government launches internet facilitation centre in Pulwama for students, Times of India report; Business Standard report.
  • [Sep 23] Army chief rejects ‘clampdown’ in Jammu and Kashmir, Times of India report.
  • [Sep 24] Rising power: Why India has faced muted criticism over its Kashmir policy, Business Standard report.
  • [Sep 24] ‘Restore Article 370, 35A in Jammu and Kashmir, withdraw army, paramilitary forces’: 5-member women’s group will submit demands to Amit Shah, Firstpost report.
  • [Sep 24] No normalcy in Kashmir, says fact finding team, The Hindu report.
  • [Sep 25] End clampdown: Kashmir media, The Telegraph report.
  • [Sep 25] Resolve Kashmir issue through dialogue and not through collision: Erdogan, The Economic Times report.
  • [Sep 25] Rajya Sabha deputy chair thwarts Pakistan’s attempt at Kashmir at Eurasian Conference, The Economic Times report.
  • [Sep 25] Pakistan leader will urge UN intervention in Kashmir, The New York Times report.
  • [Sep 25] NSA Ajit Doval back in Srinagar to review security situation, The Hindustan Times report.
  • [Sep 27] Communication curbs add fresh challenge to Kashmir counter-insurgency operations, News18 report.
  • [Sep 27] Fresh restrictions in parts of Kashmir, The Hindu report.
  • [Sep 27] US wants ‘rapid’ easing of Kashmir restrictions, Times of India report.
  • [Sep 27] Kashmir issue: Rescind action on Art. 370, OIC tells India, The Hindu report.
  • [Sep 28] India objects to China’s reference to J&K and Ladakh at UNGA, The Economic Times report; The Hindu report.
  • [Sep 29] Surveillance, area domination operations intensified in Kashmir, The Economic Times report; Financial Express report.
  • [Sep 29] Police impose restrictions in J&K after Imran Khan’s speech at UNGA, India Today report.

Internal Security: NRC and the North-East

  • [Sep 23] Assam framing cyber security policy to secure data related to NRC, police, services, The Economic Times report; Money Control report.
  • [Sep 24] BJP will tell SC that we reject this NRC, says Himanta Biswa Sarma, Business Standard report.
  • [Sep 24] Amit Shah to speak on NRC, Citizenship Amendment Bill in Kolkata on Oct 1, The Economic Times report.
  • [Sep 26] ‘Expensive’ legal battle for those rejected in Assam NRC final list, The Economic Times report.
  • [Sep 27] Scared of NRC? Come back in 2022, The Telegraph report.
  • [Sep 27] Voters left out of NRC will have right to vote, rules Election Commission, India Today report; The Wire report.
  • [Sep 27] NRC: Assam government announces 200 Foreigners Tribunals in 33 districts, Times Now report; Times of India report.
  • [Sep 28] Judge urges new FT members to examine NRC claims with utmost care, Times of India report.

National Security Legislation

  • [Sep 23] Centre will reintroduce Citizenship Bill in Parliament: Himanta Biswa Sarma, The Hindu report.
  • [Sep 26] National Security Guard: History, Functions and Operations, Jagran Josh report.
  • [Sep 28] Left parties seek revocation of decision on Article 370, The Tribune India report.

Tech and National Security

  • [Sep 25] Army to start using Artificial Intelligence in 2-3 years: South Western Army commander, The Print report; India Today report; The New Indian Express report; Financial Express report.
  • [Sep 23] Modi, Trump set new course on terrorism, border security, The Hindu report.
  • [Sep 23] PM Modi in the US” Trump promises more defence deals with India, military trade to go up, Financial Express report.
  • [Sep 23] Punjab police bust terror module supplied with weapons by drones from Pak, NDTV report.
  • [Sep 26] Lockheed Martin to begin supplying F-16 wings from Hyderabad plant in 2020, Livemint report.
  • [Sep 26] Drones used for cross-border arms infiltration in Punjab a national security issues, says Randhawa, The Hindu report.
  • [Sep 27] UK MoD sets up cyber team for secure innovation, UK Authority report.
  • [Sep 29] New tri-services special ops division, meant for surgical strikes, finishes first exercise today, The Print report.
  • [Sep 30] After Saudi attacks, India developing anti-drone technology to counter drone menace, Eurasian Times report.

Tech and Elections

  • [Sep 20] Microsoft will offer free Windows 7 support for US election officials through 2020, Cyber Scoop report.
  • [Sep 26] Social media platforms to follow ‘code of ethics’ in all future elections: EC, The Economic Times report.
  • [Sep 28] Why is EC not making ‘authentic’ 2019 Lok Sabha results public? The Quint report.

Cybersecurity

  • [Sep 24] Androids and iPhones hacked with just one WhatsApp click – and Tibetans are under attack, Forbes report.
  • [Sep 25] Sharp questions can help board oversee cybersecurity, The Wall Street Journal report.
  • [Sep 25] What we know about CrowdStrike, the cybersecurity firm trump mentioned in Ukraine call, and its billionaire CEO, Forbes report.
  • [Sep 25] 36% smaller firms witnessed data breaches in 2019 globally, ET Rise report.
  • [Sep 28] Defence Construction Canada hit by cyber attack – corporation’s team trying to restore full IT capability, Ottawa Citizen report.
  • [Sep 29] Experts call for collective efforts to counter cyber threats, The New Indian Express report.
  • [Sep 29] Microsoft spots malware that turns PCs into zombie proxies, ET Telecom report
  • [Sep 29] US steps up scrutiny of airplane cybersecurity, The Wall Street Journal report.

Cyberwarfare

  • [Sep 24] 27 countries sign cybersecurity pledge urging rules-based control over cyberspace in Joint Statement, with digs at China and Russia, CNN report; IT world Canada report; Meri Talk report.
  • [Sep 26] Cyber Peace Institute fills a critical need for cyber attack victims, Microsoft blog.
  • [Sep 29] Britain is ‘at war every day’ due to constant cyber attacks, Chief of the Defence Staff says, The Telegraph report.

Telecom and 5G

  • [Sep 27] Telcos’ IT investments intact, auto companies may slow pace: IBM exec, ET Tech report.
  • [Sep 29] Telecom players to lead digital transformation in India, BW Businessworld report.

More on Huawei

  • [Sep 22] Huawei confirms another nasty surprise for Mate 30 buyers, Forbes report.
  • [Sep 23] We’re on the same page with government on security: Huawei, The Economic Times report.
  • [Sep 24] The debate around 5G’s safety is getting in the way of science, Quartz report (paywall).
  • [Sep 24] Govt will take call on Huawei with national interest in mind: Telecom Secy, Business Standard report.
  • [Sep 24] Huawei enables 5G smart travel system at Beijing airport, Tech Radar report.
  • [Sep 25] Huawei 5G backdoor entry unproven, The Economic Times report.
  • [Sep 25] US prepares $1 bn fund to replace Huawei ban kit, Tech Radar report.
  • [Sep 26] Google releases large dataset of deepfakes for researchers, Medianama report.
  • [Sep 26] Huawei willing to license 5G technology to a US firm, The Hindu Business Line report; Business Standard report.
  • [Sep 26] Southeast Asia’s top phone carrier still open to Huawei 5G, Bloomberg report.
  • [Sep 29] Russia rolls out the red carpet for Huawei over 5G, The Economic Times report.

Emerging Tech and AI

  • [Sep 20] Google researchers have reportedly achieved “Quantum Supremacy”, Financial Times report; MIT Technology Review report
  • [Sep 23] Artificial Intelligence revolution in healthcare in India: All we need to know, The Hindustan Times report.
  • [Sep 23] A new joystick for the brain-controlled vehicles of the future, Defense One report.
  • [Sep 24] Computing and AI: Humanistic Perspectives from MIT, MIT News report.
  • [Sep 24] Emerging technologies such as AI, 5G posing threats to privacy, says report, China Daily report.
  • [Sep 25] Alibaba unveils chip developed for artificial intelligence era, Financial Times report.
  • [Sep 26] Pentagon wants AI to interpret ‘strategic activity around the globe, Defense One report.
  • [Sep 27] Only 10 jobs created for every 100 jobs taken away by AI, ET Tech report.
  • [Sep 27] Experts say these emerging technologies should concern us, Business Insider report.
  • [Sep 27] What is on the horizon for export controls on ‘emerging technologies’? Industry comments may hold a clue, Modaq.com report.
  • [Sep 27] India can become world leader in artificial intelligence: Vishal Sikka, Money Control report.
  • [Sep 27] Elon Musk issues a terrifying prediction of ‘AI robot swarms’ and huge threat to mankind, The Daily Express (UK) report
  • [Sep 27] Russia’s national AI Centre is taking shape, Defense One report.
  • [Sep 29] Explained: What is ‘quantum supremacy’, The Hindu report.
  • [Sep 29] Why are scientists so excited about a new quantum computing milestone?, Scroll.in report.
  • [Sep 29] Artificial Intelligence has a gender bias problem – just ask Siri, The Wire report.
  • [Sep 29] How AI is changing the landscape of digital marketing, Inc42 report.

Opinions and Analyses

  • [Sep 21] Wim Zijnenburg, Defense One, Time to Harden International Norms on Armed Drones.
  • [Sep 23] David Sanger and Julian Barnes, The New York Times, The urgent search for a cyber silver bullet against Iran.
  • [Sep 23] Neven Ahmad, PRIO Blog, The EU’s response to the drone age: A united sky.
  • [Sep 23] Bisajit Dhar and KS Chalapati Rao, The Wire, Why an India-US Free Trade Agreement would require New Delhi to reorient key policies.
  • [Sep 23] Filip Cotfas, Money Control, Five reasons why data loss prevention has to be taken seriously.
  • [Sep 23] NF Mendoza, Tech Republic, 10 policy principles needed for artificial intelligence.
  • [Sep 24] Ali Ahmed, News Click, Are Indian armed forces turning partisan? : The changing civil-military relationship needs monitoring.
  • [Sep 24] Editorial, Deccan Herald, A polity drunk on Aadhaar.
  • [Sep 24] Mike Loukides, Quartz, The biggest problem with social media has nothing to do with free speech.
  • [Sep 24] Ananth Padmanabhan, Medianama, Civilian Drones: Privacy challenges and potential resolution. 
  • [Sep 24] Celine Herwijer and Dominic Kailash Nath Waughray, World Economic Forum, How technology can fast-track the global goals.
  • [Sep 24] S. Jaishankar, Financial Times, Changing the status of Jammu and Kashmir will benefit all of India.
  • [Sep 24] Editorial, Livemint, Aadhaar Mark 2.
  • [Sep 24] Vishal Chawla, Analytics India Magazine, AI in Defence: How Indi compares to US, China, Russia and South Korea.
  • [Sep 25] Craig Borysowich, IT Toolbox, Origin of Markets for Artificial Intelligence.
  • [Sep 25] Sudeep Chakravarti, Livemint, After Assam, NRC troubles may visit ‘sister’ Tripura.
  • [Sep 25] DH Kass, MSSP Blog, Cyber Warfare: New Rules of Engagement?
  • [Sep 25] Chris Roberts, Observer, How artificial intelligence could make nuclear war more likely.
  • [Sep 25] Ken Tola, Forbes, What is cybersecurity?
  • [Sep 25] William Dixon and  Jamil Farshchi, World Economic Forum, AI is transforming cybercrime. Here’s how we can fight back.
  • [Sep 25] Patrick Tucker, Defense One, Big Tech bulks up its anti-extremism group. But will it do more than talk?
  • [Sep 26] Udbhav Tiwari, Huffpost India, Despite last year’s Aadhaar judgement, Indians have less privacy than ever.
  • [Sep 26] Sylvia Mishra, Medianama, India and the United States: The time has come to collaborate on commercial drones.
  • [Sep 26] Subimal Bhattacharjee, The Hindu Business Line, Data flows and our national security interests.
  • [Sep 26] Ram Sagar, Analytics India Magazine, Top countries that are betting big on AI-based surveillance.
  • [Sep 26] Patrick Tucker, Defense One, AI will tell future medics who lives and who dies on the battlefield.
  • [Sep 26] Karen Hao, MIT Technology Review, This is how AI bias really happens – and why it’s so hard to fix.
  • [Sep 27] AG Noorani, Frontline, Kashmir dispute: Domestic or world issue?
  • [Sep 27] Sishanta Talukdar, Frontline, Final NRC list: List of exclusion.
  • [Sep 27] Freddie Stuart, Open Democracy, How facial recognition technology is bringing surveillance capitalism to our streets.
  • [Sep 27] Paul de Havilland, Crypto Briefing, Did Bitcoin crash or dip? Crypto’s trajectory moving forward.
  • [Sep 28] John Naughton, The Guardian, Will advances in quantum computing affect internet security?
  • [Sep 28] Suhrith Parthasarathy, The Hindu, The top court and a grave of freedom.
  • [Sep 28] Kazim Rizvi, YourStory, Data Protection Authority: the cornerstone to implement data privacy.
  • [Sep 28] Shekhar Gupta, The Print, Modi has convinced the world that Kashmir is India’s internal affair – but they’re still watching.
  • [Sep 29] Indrani Bagchi, The Economic Times, Why india needs to tread carefully on Kashmir.
  • [Sep 29] Medha Dutta Yadav, The New Indian Express, Data: Brave new frontier.
  • [Sep 29] Jon Markman, Forbes, New cybersecurity companies have their heads in the cloud.
  • [Sep 29] Editorial, The New York Times, On cybersecurity: Two scoops of perspective.
  • [Sep 30] Kuldip Singh, The Quint, New IAF Chief’s appointment: Why RKS Bhadauria must tread lightly.
  • [Sep 30] Karishma Koshal, The Caravan, With the data-protection bill in limbo, these policies contravene the right to privacy.