India’s Cyber Readiness: Former Deputy NSA Arvind Gupta’s New Book

Former Deputy National Security Advisor Dr. Arvind Gupta’s new book How India Manages Its National Security was released a few days ago. It has dedicated a chapter to ‘Cyber Security Challenges’ and fills a major gap in my understanding of the NDA government’s manoeuvring on cyber.

Beyond the glib and the rhetoric, very little has come out on the qualifiable and quantifiable assessment of nation’s cyber readiness and how the principals of the establishment perceive it. By design or accident, the UPA government actually had a more accessible interface to the then fledgling cyber apparatus, aided by press briefings, dossiers and, occasionally, media leaks – or this may very well reflect my own bias as I was a part of the system then.

Continue reading “India’s Cyber Readiness: Former Deputy NSA Arvind Gupta’s New Book”

An oral history of the inapplicability of laws in cyberspace

A recent opinion piece of mine hasn’t gone down well with a clutch of lawyers at the helm of the privacy debate in India. I experienced a backlash of sorts in a Whatsapp group operating under the Chatham House rules, so I’m not in a position to share much. Apart from the fact that the article wasn’t even written keeping them in mind, the clutch imagining itself to be the sole torchbearer on the issue did disturb me.

I was aspersed and told that I don’t know the meaning of “Hobbesian” and “Libertarian” – loaded words for someone like me to use, no doubt. What followed was a minor showdown of sorts. The comment did pinch me a little, not because I’ve invested in education to hone my legal knowledge, but because I’ve always known code and law to be the realm of autodidacts. Anyone can cook, code and interpret the law. I also feared that the group could be an echo chamber, and echo chambers kill republics.

Continue reading “An oral history of the inapplicability of laws in cyberspace”

Policy as the Clausewitzean Continuation of Cyberwar

Part I

Nicholas Kristof’s July 4 opinion piece in The New York Times is a misleading contribution to the public discourse, especially at a time when the U.S. is battling the worst imaginable crisis in cyberspace.

Kristof begins by painting the picture of an all-out cyberattack jamming the nation’s critical networks – symptomatic of the ‘Cyber Pearl Harbor’ mentality of overplaying the risk of a digital conflict. It even paralyzed decision-making at the top in the runup to the Russian disinformation campaign.

Continue reading “Policy as the Clausewitzean Continuation of Cyberwar”

Digital privacy is a Faustian bargain – The Tribune

My opinion piece for The Tribune, published on 2 Aug, 2018. It’s an abridged version of my blog post, All roads of data sovereignty lead to a dystopia.

The draft of the data privacy Bill furnished by the Srikrishna Committee is an important first step in bolstering the digital civil liberties of citizens, but it cannot address the systemic weaknesses of cyberspace that are beyond the reach of any single government.

The Brihadaranyaka Upanishad describes the creative principle of the universe as neti-neti — not this, not that. It hints at the subtle symbiosis, the fluctuating nature of opposing forces. Digitised information, too, complies with this inherent non-duality.

Continue reading “Digital privacy is a Faustian bargain – The Tribune”

Deconstructing the dissent around the draft data privacy bill

Let’s take a step back from the constant quibbling between the activists and the government. The interests of a citizen, especially in cyberspace, are aligned with that of neither. I’ve felt so since the beginning of the net neutrality debate.

Praavita writes for The Wire, Can the Aadhaar Act and a Data Protection Act Coexist?

At first glance, the draft data protection bill appears to provide massive exceptions for welfare that seemingly apply to Aadhaar. Section 13 makes the processing of personal data without a person’s consent possible for any function of the Parliament or State Legislature.

So does the GDPR, the magna carta of cyber civil liberties, on “other important public interests, in particular economic or financial interests, including budgetary and taxation matters, public health and security”. Yes, that also includes “national identification numbers” and even “churches and religious associations”. Go figure.

Continue reading “Deconstructing the dissent around the draft data privacy bill”

All roads of data sovereignty lead to a dystopia

My take on the draft Indian data privacy bill. An abridged version of this piece was published by The Tribune. It was also cross-posted at Medianama.

Let’s take a step back from the constant quibbling between the activists and the government. The interests of a citizen, especially in cyberspace, are aligned with that of neither. But let’s first understand the political shape-shifting of the internet in the recent years.

This isn’t a reverberation from my echo chamber, but anyone who hasn’t violated privacy at scale or undertaken mechanised cyber offence would be divorced from the reality on the ground. Or at the least, if the structural dominance of offence in cyberspace isn’t accounted for as a variable in your privacy equation, then it would remain inapplicable in the majority of the cases.

Continue reading “All roads of data sovereignty lead to a dystopia”

Cybersecurity vendors as foot soldiers

This report is a little unsettling if not surprising:

CyberScoop recently reported that FireEye had drawn a red line around exposing certain activities by so-called “friendlies.”

Ronald Prins, who founded Dutch security firm FoxIT, told Mashable in 2014 that his company chose not to publish details about a malware variant known as “Regin” because it might “interfere with NSA/GCHQ operations.”

A former U.S. intelligence official told CyberScoop that these types of “informal and unique” information sharing partnerships with the cybersecurity industry have proved invaluable in the past. The source said these arrangements are usually driven through “personal, one-on-one relationships” rather than a broad based agreement of some sort.

Continue reading “Cybersecurity vendors as foot soldiers”