Subject: DEAR SHRI RAVISHANKAR PRASADJI : INDIA CAN SHOW THE WAY

Only Answer : a Statutory Warning

-----------------------------------------

Digital India firewalls: look-alike domains, frauds big threats to govt’s e-push

Summary of this news report :

How phishing web sites cheat people ?

· Misusing govt flagship schemes and debiting amounts from bank accounts to give,

# Fake LPG distributorships

# Government jobs

# Biometric devices

High tech modus operandi :

· Using names similar to government schemes to create phishing web sites

Eg : egramdigital.co.in / Aapka Anghootha / aapka Bank / Ujwalayojana.org

· Using logo of government schemes with photographs of PM / Cabinet Ministers

· Providing link of govt sites to display affiliation to the Central Government

· Alluring common people by promising govt jobs by issuing fake appointment letters

· Extorting money and targeting newly launched govt schemes and trapping people

What has government done so far to protect innocent victims ?

MeitY [ Ministry of Electronics and Information Technology ] has ,

· DIRECTED ministries / govt departments to observe “ due diligence “ to ensure that their schemes are not “ mis-represented “ by “ fake – fraudulent “ entities for extorting money

· SUGGESTED “ awareness schemes “ / “ identification “ of any fake schemes / “ lodging “ of FIRs / “ informing “ Organizations like National Internet Exchange of India

· DIRECTED all ministries to “ tread carefully “ on Direct Benefit Transfers

I seriously doubt whether the above mentioned “ DIRECTIONS / SUGGESTIONS “ can do much to solve this problem

So , is there anything else that can help ?

Yes !

In our ( under drafting ) DATA PROTECTION LAW , mandating that all web sites must carry, on their home pages ( landing pages ), a STATUTORY WARNING of a full page !

To protect consumers , governments all around the World ( including India ) , mandate that some types of products must carry STATUTORY WARNINGS on their packaging

Here are a few examples that come to mind :

· Tobacco Products ( eg : Mouth Fresheners )

· Cigarettes

· Soft Drinks

· Food Products

· Medicines / Drugs

· Alcoholic Drinks

· Cosmetics

· Toys

· Electrical Appliances / Gadgets………..etc

So, why not insist on some kind of a STATUTORY WARNING to online users visiting ANY web site and “ consuming “ its “ Content / Service “ ?

How can this be implemented ?

Here is how :

ALL websites wanting to operate in India , must ,

· Enter into a legally binding CONTRACT ( under proposed Data Protection Law ), with DATA PROTECTION REGULATOR – DPR, as suggested in “ A Matter of Motive ? “

· Prominently display this CONTRACT NUMBER on their home pages

· Carry on its home page , following STATUTORY WARNING

Web sites which fail / refuse to enter into such CONTRACT , will be banned

STATUTORY WARNING

· This web site has entered into a CONTRACT with India’s Data Protection Regulator and has been allotted “ Contractor No : 061139 “

· By clicking on this “ Contractor No “ link , a visitor can get to see,

# The nature of SERVICES being offered by this site to its users

# Nature of “ User Data “ that we will access from

www.IndiaDataCustodian.gov.in

· A visitor who has registered on

www.IndiaDataCustodian.gov.in ,

can get the services of this web site by just entering on this web site :

# Name and User ID / Password [ selected ]

# His REGISTRATION NUMBER at www.IndiaDataCustodian.gov.in

# Then clicking on… “ Log me in with www.IndiaDataCustodian.gov.in

He / She does not need to provide any other personal data

· Whatever “ PERSONAL DATA “ this site requires about an user for delivering its SERVICES , will be “ accessed “ from www.IndiaDataCustodian,gov.in only , as per the terms of the contract

· A user logging into this web site would have deemed to have granted the necessary permission to this web site to contact

www.IndiaDataCustodian.gov.in

and access his / her data , as per the multiple selections that he has made of the “ DATA LEVELS “ detailed there, as follows :

# Data Level 1 ……………… Personal Data ✔

# Data Level 2 ……………… Family Data ✔

# Data Level 3 ……………… Contact Info ✔

# Data Level 4 ……………… Social Media Data ( websites-portals-apps etc ) ✔

# Data Level 5 ………………. Cultural Exposure Data ✔

# Data Level 6 ………………. Education qualifications Data ✔

# Data Level 7 ………………. Languages Knowledge Data ✔

# Data Level 8 ………………. Job Experience Data ✔

# Data Level 9 ……………… Wealth – Income Data [ from Tax Returns ] ✔

# Data Level 10 ………………. Medical History Data ✔

This website agrees and accepts that all of the above mentioned DATA is protected under the Indian Copyright Act 1957 under category , “ Other Literary “ and belongs to the concerned person who has granted the Indian DATA PROTECTION REGULATOR , following limited rights in respect of these data :

# Reproduce the work

# Issue copies of the work to the public

· This web site accepts that DATA PROTECTION REGULATOR has been granted , a limited “ Power of Attorney “ from the persons registered on

www.IndiaDataCustodian.gov.in ,

and that the DPR has full authorization from each registered user to deal with this web site on his / her behalf

· This web site agrees to make direct payments to DPR for uses of PERSONAL DATA of the users who are registered on www.IndiaDataCustodian.gov’in , in terms of the contract and does not accept any liability in this regards , directly to the user

· This website undertakes to use the “ User Data “ strictly for the purpose of delivering the promised service and for no other purpose

· This web site further undertakes to prevent access to the User Data to third parties and further agrees to compensate the users for any breach / leakage of such personal data , as stipulated in its contract with the Indian DPR

· This web site uses a user’s PERSONAL DATA accessed ( from www.IndiaDataCustodian.gov.in ) , only during the USER SESSION

This web site does NOT store on its servers, any USER DATA at any other time , nor

engage in any MIRRORING – CLOUD STORAGE – CROSS BORDER MIGRATION of

user data

As soon as a user “ logs out “ from this site after a session, following things happen :

# Any user data accessed during the session is instantly deleted

# Entire “ transaction log “ of the session is transferred to

www.IndiaDataCustodian.gov.in

How are other countries trying to protect PERSONAL DATA of its citizens ?

# EU has recently introduced GDPR

# In USA , Sen Ron Wyden ( Democrat ) has just proposed :

https://www.wyden.senate.gov/news/press-releases/wyden-releases-discussion-draft-of-legislation-to-provide-real-protections-for-americans-privacy

# Our own Central Government is in the process of drafting a DATA PROTECTION BILL ,

based on SriKrishna Committee Report

Why is my proposal outlined above , better than those mentioned above ?

Other proposals do NOT stop the web sites :

· from collecting any amount personal data of users ( whether required or not )

· from storing such data permanently ( even after you cease to be a user ! )

· from sharing it with third parties ( under the guise of , “ I Agree / Accept “ )

· from making a ton of money by misuse of such data ( literally impossible to catch )

Other proposals :

· Allow the web sites to monetize the data without sharing any profit with the users

· Depend upon the government of concerned country to discover “ mass data leakages “ ( and not leakage of data of a single user ) , in order to lodge complaints with them

· Enable the web sites to carry on this “ monetization “ indefinitely even after receiving such complaints from the government, in absence of any court order to desist ( no country has filed a plaint with the International Court of Justice ! )

· Enable the web sites to continue to operate in a country ( or EU ) after paying some fine to concerned government ( leaving users poor )

Other proposals focus on a “ CURE “ viz :

Catching the thief after he commits a crime and then proving his guilt (provided you can prove it over months and years ) and then punishing him ( most proposals are clueless about what punishment ! )

My proposal focuses on “ PREVENTION “ of a possible CRIME !

Is China ahead of others in this regard ?

Most certainly !

A recent news report reads :

“ China and Xi have pushed for a bigger role in global internet governance and called on nations to respect Beijing’s “ CYBER SOVEREIGNTY “ , an idea that ,

COUNTRIES SHOULD BE FREE TO CONTROL AND CENSOR THEIR INTERNET INFRASTRUCTURE AS THEY SEE FIT

Foreign websites such as Alphabet’s Google and Facebook are blocked in China, where authorities also tightly control online content and CENSOR or PUNISH those who post material seen as opposed to ‘ core socialist values ‘

China's Xi calls for global cooperation to create 'fairer' internet

Is my proposal guaranteed to protect the personal data of users , 100 % ?

No !

May be 90 % at present and quite possibly , no more than 10 % by 2024 !

How come ?

At present , users are interacting with internet , primarily through their mobile phones / tablets and desk-tops , using browsers or Apps to reach websites

So the websites are visible / traceable and therefore “ Ban-able “ , if they refuse to enter into contract with the DATA PROTECTION REGULATOR

But , by 2024 , each Indian home may have 10 other “ Internet Connected “ devices ( eg : Alexa – Google Home – smart watches – refrigerators – radios – solar panels – air conditioners – smart clothes – cars – scooters – drones etc )

Billions of such IoT devices will be manufactured by millions of companies ( local and foreign ) and supplied / delivered by lakhs of dealers / agents

Indian consumers may even “ download “ such devices using small 3 D printers in their homes !

And all of these devices will pick up sounds of every word that we utter and videos of everything we do ! 24x7 !

There is no way any government would be able to “ BAN “ those manufacturers / suppliers !

Nevertheless , my proposal is still the best bet that we have , at the moment !

Dear Shri RaviShankar Prasadji,

It is still not too late to incorporate my suggestion in the proposed Data Protection Bill

References :