By Press Trust of India | Updated: 28 May 2022
India’s new directive which mandates reporting of cyberattack incidents within six hours and storing users’ logs for 5 years will make it difficult for companies to do business in the country, 11 international bodies having tech giants like Google, Facebook and HP as members said in a joint letter to the government. The joint letter written by 11 organisations that mainly represent technology companies based in the US, Europe and Asia was sent to the Indian Computer Emergency Response Team (CERT-In) director general Sanjay Bahl on May 26.
The international bodies have expressed concerned that the directive, as written, will have a detrimental impact on cybersecurity for organisations that operate in India, and create a disjointed approach to cyber security across jurisdictions, undermining the security posture of India and its allies in the Quad countries, Europe and beyond.
“The onerous nature of the requirements may also make it more difficult for companies to do business in India,” the letter said.
The global bodies that have jointly expressed concern include Information Technology Industry Council (ITI), Asia Securities Industry & Financial Markets Association (ASIFMA), Bank Policy Institute, BSA – The Software Alliance, Coalition to Reduce Cyber Risk (CR2), Cybersecurity Coalition, Digital Europe, techUK, US Chamber of Commerce, US-India Business Council and US-India Strategic Partnership Forum.
The new directive issued on April 28 mandates companies to report any cyber breach to CERT-In within six hours of noticing it.
It mandates data centres, virtual private server (VPS) providers, cloud service providers and virtual Private Network (VPN) service providers to validate names of subscribers and customers hiring the services, period of hiring, ownership pattern of the subscribers etc. and maintain the records for a period of 5 years or longer duration as mandated by the law.
As per the directive, IT companies need to maintain all information obtained as part of Know-Your-Customer (KYC) and records of financial transactions for a period of five years to ensure cyber security in the area of payments and financial markets for citizens.
The international bodies have raised concern over the 6-hour timeline provided for cyber incident reporting and demanded that it should be increased to 72 hours.
“CERT-In has not provided any rationale as to why the 6-hour timeline is necessary, nor is it proportionate or aligned with global standards. Such a timeline is unnecessarily brief and injects additional complexity at a time when entities are more appropriately focused on the difficult task of understanding, responding to, and remediating a cyber incident,” the letter said.
It said in case of the six-hour mandate, entities will also unlikely have sufficient information to make a reasonable determination of whether a cyber incident has in fact occurred that would warrant the triggering of the notification.
The international bodies said that their member companies operate advanced security infrastructures with high-quality internal incident management procedures, which will yield more efficient and agile responses than a government directed instruction regarding a third-party system that CERT-In is not familiar with.
The joint letter said that the current definition of reportable incidents, to include activities such as probing and scanning, is far too broad given probes and scans are everyday occurrences.
It said that the clarification provided by CERT-In to the directive mentions that logs are not required to be stored in India but the directive does not mention it.
“Even if this change is made, however, we have concerns about some of the types of log data that the Indian government is requiring be furnished upon request, as some of it is sensitive and, if accessed, could create new security risk by providing insight into an organisation’s security posture,” the letter said.
The joint letter said that internet service providers commonly collect customer information but extending these obligations to VSP, CSP and VPN providers is burdensome and onerous.
“A data centre provider does not assign IP addresses. It will be an onerous task for the data centre provider to collect and record all IP addresses assigned to their customers by ISPs. This could be a nearly impossible task when IP addresses are dynamically assigned,” letter said.
The global bodies said that storing the data locally for the life cycle of the customer and thereafter for five years will require storage and security resources for which the costs must be passed on to the customer, who notably has not asked for this data to be stored after their service termination.
“We share the government’s goal to improve cyber security. However, we remain concerned about the CERT-In directive, despite the release of the recent FAQs document intended to clarify the directive, because the FAQ is not a legal document, it does not grant companies with the legal certainty required to conduct everyday business,” ITI senior director of policy Courtney Lang said.
Lang said additionally, the FAQ issued by the CERT-In does not address problematic provisions, including the six-hour reporting timeline.
“We continue to urge CERT-In to pause implementation of the directive and open a stakeholder consultation to fully address the concerns articulated in the letter,” Lang said.
Amazon, Five Publishers Win Dismissal of Lawsuits Alleging Conspiracy to Fix Book Prices: Details
By Reuters | Updated: 30 September 2022
A federal judge on Thursday dismissed two antitrust lawsuits accusing Amazon.com Inc and five large publishers of illegally conspiring to fix US prices of electronic and traditional books, causing consumers and bookstores to pay more.
US District Judge Gregory Woods in Manhattan accepted a magistrate judge’s recommendations to end both cases against Amazon, Hachette Book Group, HarperCollins Publishers, Macmillan Publishing Group, Penguin Random House and Simon & Schuster.
Consumers accused the defendants of signing agreements that let the publishers inflate e-book prices by locking in a 30 percent “agency” fee for Amazon on each sale, and guaranteeing that Amazon’s prices would not be undercut.
Retail booksellers, meanwhile, alleged that Amazon had been awarded a “discriminatory discount” on hardbacks, paperbacks and mass-produced books, forcing them to pay higher wholesale prices to the publishers and depressing book sales.
According to the plaintiffs, Amazon commands 90 percent of retail e-book sales and 50 percent of print trade book sales, while the publishers account for 80 percent of both kinds of books.
But in two opinions totaling 113 pages, US Magistrate Judge Valerie Figueredo recommended last month that both lawsuits be dismissed, citing a lack of evidence of collusion.
She found it “telling” in the e-book case that the consumers offered “no plausible explanation for why the publishers would have been motivated to participate in a conspiracy that further entrenched Amazon’s dominance as an e-book retailer.”
Woods adopted Figueredo’s reasoning in full. The lawsuits were dismissed without prejudice, meaning the plaintiffs can try amending their complaints.
Lawyers for the plaintiffs did not immediately respond to requests for comment. Amazon had no immediate comment.
The trade book case was led by Bookends & Beginnings, a bookseller in Evanston, Illinois.
The cases are In re Amazon.com Inc e-Book Antitrust Litigation, US District Court, Southern District of New York, No. 21-00351; and Bookends & Beginnings LLC v Amazon.com Inc et al in the same court, No. 21-02584.
© Thomson Reuters 2022
RBI Unlikely to Extend Card Tokenisation Deadline Despite Payment Failures, Revenue Losses, Bankers Say
By Reuters | Updated: 29 September 2022
India’s central bank is unlikely to extend a Friday deadline for businesses to set up an additional layer of security for consumers’ credit card data even after some concerns remain over payments failing and revenue losses, say bankers and merchants.
Despite a demand by smaller merchants to delay the compliance date, there has been no indication so far by the central bank that there is likely to be an extension in deadline, three banking and merchant sources with knowledge of the matter told Reuters.
The Reserve Bank of India (RBI) did not respond to an email request for comment.
“The general sense is that banks, card networks and (bigger) merchants are better prepared and so the push from the ecosystem side for an extension has also not been massive and we haven’t received any indication to suggest an extension either,” said a banker with a large state-owned bank.
“If it happens, it will be a surprise,” he added.
Three years ago, India embarked on a mammoth exercise to secure card data by requiring businesses to tokenise cards by September 30.
Tokenisation is a process by which card details are replaced by a unique code or token, generated by an algorithm, allowing online purchases without exposing card details, in a bid to improve data security.
The RBI first introduced the norms in 2019 and after several extensions has ordered all companies in India to purge saved credit and debit card data from their systems by October 1, 2022.
While banks, card companies, and large retailers are prepared, smaller merchants may face trouble which they say could lead to revenue losses for them in the short-term.
Merchant associations have also reached out to the central bank to see if they can be given more time.
Some merchants and bankers also fear card-related transactions may drop in the short-term after tokenisation norms are introduced.
“The moment an additional layer or friction is introduced, payments seem to drop. And there are concerns that initially we may see recurring drop by similar levels to what we had seen,” said Rohit Kumar, Founding Partner of TQH Consulting, a public policy consulting firm.
When the previous tokenisation deadline was nearing, recurring payments were failing by 10-15 percent, according to merchants.
Apart from payments, other things that need to be stress tested include what happens when a product is returned and other post-transaction flows as card data will not be stored on the merchant servers, said Rajaram Suresh of Boston Consulting Group.
Unlike India where it has been made mandatory, European stakeholders have been encouraged to tokenise cards for security benefits, Suresh added.
However, analysts argue that at a time when digital payments are expected to reach the $10 trillion (roughly Rs. 8,17,37,500 crore) mark by 2026, tokenisation is imperative. Fraud concerning card or internet transactions have been on a rise and made up 34.6 percent of total number of fraud cases in FY21, according to central bank data.
“People are used to one-click checkout so adoption may take more time and some people may shift to cash but considering that this makes online transactions more secure, customers will adopt this faster without much chaos this time around,” said Jagdish Kumar Senior Vice President of Worldline India.
© Thomson Reuters 2022
Fast Company Shuts Down Website After Hackers Compromise Apple News Feed
By Reuters | Updated: 28 September 2022
US business and media publication Fast Company said it shut down its website on Tuesday evening after the site was hacked and sent “obscene and racist” notifications to Apple users via the iPhone maker’s Apple News service.
News publishers using the Apple News aggregation app can connect their digital publishing tools to Apple News to send push notifications to Apple customers who subscribe to the publisher’s channel. Fast Company said hackers broke into those publishing tools.
Hackers sent two “obscene and racist push notifications” about a minute apart, Fast Company said in a tweet, adding it had suspended the Apple News feed until the situation was resolved.
“We are investigating the situation and have suspended the feed & shut down FastCompany.com until we are certain the situation has been resolved,” the publication added.
Fast Company’s website was down and the page displayed a 404 error when viewed by Reuters on Tuesday evening.
In a subsequent tweet after the shutdown, Fast Company said that its content management system – software used by news outlets to publish and manage their stories – had been hacked to send the notifications.
Apple News said in a tweet that it had disabled Fast Company’s channel.
Fast Company said it had earlier suffered an “apparently related” hack of its website on Sunday afternoon, when similar language appeared on its home page, causing it to shut the site down for about two hours.
Fast Company is owned by publishing firm Mansueto Ventures LLC.
© Thomson Reuters 2022
Elon Musk Fake Accounts Claim Not Backed Up by Data Scientists’ Findings, Twitter Lawyer Tells Court
By Agence France-Presse | Updated: 28 September 2022
Twitter and Elon Musk sparred in court on Tuesday, each digging for evidence to prevail in a high-stakes trial next month over the billionaire’s bid to break his buyout deal.
Musk has been keen to find evidence to back his accusation that Twitter misled regulators and investors about what portion of accounts are actually spam or software “bots,” as well as its key measures regarding growth.
Twitter, which has sued Musk to force him to complete the $44 billion (roughly Rs. 3,60,140 crore) buyout deal, seeks material or testimony to prove he is contriving excuses to walk away because he changed his mind.
A Twitter attorney told the judge it was a struggle to get documents from data scientists Musk used to estimate the portion of fake accounts on the social network, and that what they finally got did not back his accusation about it being much higher than five percent.
Attorney Brad Wilson contended that Twitter has encountered a “pattern of delay and obfuscation” when it comes to what Musk learned from data scientists he had study Twitter data.
Musk attorneys, in turn, pressed the judge to make Twitter hand over more messages or other material, particularly regarding “monetisable daily active users” and “user active minutes.”
The hearing came during a discovery phase in which rival sides seek documents, emails, depositions, and more to back their positions.
The long list of those called on to provide documents or to answer questions in the case includes Twitter co-founder and former chief Jack Dorsey.
Tesla chief Musk will be deposed under oath over the course of two days next week in sessions that are to be recorded by “stenographic, sound and visual means,” according to a filing.
Musk’s deposition is set to take place privately in law offices ahead of a five-day trial scheduled to begin October 17 in the Court of Chancery in the state of Delaware.
Musk, the world’s richest man, said in a letter in April that he was canceling the deal because he was misled by Twitter concerning the number of bot accounts on its platform, allegations rejected by the company.
He later added accusations made in a whistleblower complaint by a former head of security at Twitter to his reasons for walking away from the deal.
Twitter has stood by its assessment of user numbers, and portrayed the whistleblower as a “disgruntled former employee” whose allegations are without merit.
“There are a range of possibilities that can come from the Delaware court including settlement, breakup fee paid, deal enforced, and a myriad of other outcomes,” Wedbush analyst Dan Ives said of the trial.
“We also continue to believe there is a possibility behind the scenes both parties look to attempt negotiations before stepping into court in a few weeks.”
Twitter to Depose Tesla CEO Elon Musk, Known for ‘Combative’ Testimony, Ahead of Upcoming Legal Battle
By Reuters | Updated: 27 September 2022
Billionaire Elon Musk’s tendency to dish out insults while being questioned under oath will be tested anew this week, when lawyers for Twitter are expected to interview the Tesla CEO about his abrupt decision in July to ditch his $44 billion (roughly Rs. 3,37,465 crore) deal for the social media company.
Testifying in past legal battles, the world’s richest person has called opposing attorneys “reprehensible,” questioned their happiness and accused them of “extortion.” He asked one attorney if he was working on a contingency because the lawyer’s client was allegedly behind on child support payments.
“So probably you’re on a contingency or you’re taking that kid’s money. Which is it?” Musk asked a lawyer for a whistleblower in a case against Tesla, according to a transcript of the 2020 deposition.
The high-stakes Twitter interview is closed to the public. A court filing last week said the Musk deposition was scheduled to begin on Monday and run into Wednesday, if needed. Sources with knowledge of the deposition said Musk was not questioned on Monday and they did not know what day it would begin nor did they give a reason for the delay.
Musk’s lawyers will want to keep him focused on answering questions, but that can be a challenge with such a smart and opinionated witness, said James Morsch, a corporate litigator who is not involved in the court battle.
“I would compare it to trying to hold a tiger by his tail,” Morsch said.
In a 2019 deposition in litigation over Tesla’s takeover of solar-panel maker SolarCity, Musk refused five times to answer one of the initial questions because of the way it was worded, the transcript shows.
“We can stare at each other until you rephrase it,” Musk told opposing attorney Randall Baron, according to a transcript.
“I’ll guess we’ll just cancel this deposition,” Baron responded. Baron suggested that he would seek an order from the judge directing Musk to answer questions, which seemed to get things moving.
Twitter declined to comment and Musk’s legal team did not immediately respond to a request for comment.
Twitter’s attorneys are expected to use the interview to try to show that Musk abandoned the deal due to falling financial markets and not because the company misled him about the real number of users or hid security flaws, as he alleged.
Musk wants a judge to allow him to walk away without penalty, while Twitter wants an order forcing him to buy the company for $54.20 (roughly Rs. 4,180) per share. Twitter’s stock ended up 0.4 percent at $41.58 (roughly Rs. 3,300) on Friday.
A five-day trial is scheduled to begin on October 17 in Wilmington, Delaware.
Dozens of depositions are scheduled in the case, including of Twitter CEO Parag Agrawal, as each side questions witnesses and gathers evidence to make its case.
Agrawal was scheduled to answer questions from Musk’s lawyers at a law firm in San Francisco starting at 9.00am (9.30pm IST) local time on Monday, according to a court filing, although sources said that deposition was also postponed and did not give a reason.
Twitter co-founder and former Twitter CEO Jack Dorsey was scheduled to be deposed last week.
What is the whole truth?
Musk at times has shown in his depositions the charm and wit he deploys on Twitter, where he has built a cult-like following.
The Twitter deposition atmosphere could be especially fraught. Its legal team includes the firm of Wachtell, Lipton, Rosen & Katz, and the main lawyer on the case, Bill Savitt, initially represented Musk and Tesla in the SolarCity deal, although not during discovery and depositions in the litigation.
Savitt did not respond to a request for comment.
Twitter is also represented by Wilson Sonsini Goodrich & Rosati.
A constant in the three depositions reviewed by Reuters is Musk’s dislike of attorneys representing the opposing side, who he accuses of “trickery” and pursuing him merely for money.
“I heard yesterday that 3% of the U.S. economy is legal services. That’s one of the saddest facts I’ve heard in a long time,” Musk said to Baron, the lawyer in the SolarCity deposition.
The deposition in the litigation with the Tesla whistleblower, Martin Tripp, who accused the company of wasting raw materials, began with Musk being asked if he understood the oath he took to testify truthfully.
“This sounds like some sort of legalese, semantic argument. The — what is the whole truth of something?” asked Musk, according to the transcript. “You say, ‘Is that a tree? What kind of tree is it? Is it a tree with lots of leaves?’ Or is — if you’re saying something is a tree is the whole truth? No, of course not.”
Tripp’s attorney reminded Musk that the judge warned he would oversee the deposition in person if questions weren’t answered properly.
“Do you intend to comply with the judge’s admonition there?” asked attorney William Fishbach.
“Of course,” Musk said.
© Thomson Reuters 2022
Google Says Decade-Old Demand for Shared Network Costs by EU Telecom Operators is Bad for Consumers
By Reuters | Updated: 26 September 2022
Alphabet unit Google on Monday rebuffed a push by European telecoms operators to get Big Tech to help fund network costs, saying it was a 10-year-old idea that was bad for consumers and that the company was already investing millions in Internet infrastructure.
The comments by Matt Brittin, president of EMEA business & operations at Google, come as the European Commission said it would seek feedback from the telecoms and tech industries on the issue in the coming months before making any legislative proposal.
Deutsche Telekom, Orange, Telefonica and other big operators have long complained about tech rivals freeriding on their networks, saying that they use a huge part of internet traffic and should contribute financially.
The idea, floated more than 10 years ago, could disrupt Europe’s net neutrality or open internet access, Brittin said.
“Introducing a ‘sender pays’ principle is not a new idea, and would upend many of the principles of the open Internet,” he said according to the text of a speech to be delivered at a conference organised by telecoms lobbying group ETNO.
“These arguments are similar to those we heard 10 or more years ago and we have not seen new data that changes the situation.”
It “could have a negative impact on consumers, especially at a time of price increases,” Brittin said, citing a report by pan-European consumer group BEUC outlining such concerns.
He said Google, owner of YouTube, has done its part to make it more efficient for telecoms providers by carrying traffic 99 percent of the way and investing millions of euros to do so.
“In 2021, we invested over 23 billion euros in capital expenditure – much of which is infrastructure,” Brittin said.
These include six large data centres in Europe, 20 subsea cables globally, with five in Europe, and caches to store digital content within local networks in 20 locations in Europe.
© Thomson Reuters 2022
Elon Musk Set to Unveil ‘Optimus’ Humanoid Robot After Delay on Tesla Day: All Details
Amazon, Five Publishers Win Dismissal of Lawsuits Alleging Conspiracy to Fix Book Prices: Details
New York to Ban New Gas Vehicles by 2035, Gradually Tighten Emissions Standards for ICE Vehicles: All Details
India Is Planning to Roll Out 6G Telecom Network by Decade End, 5G to Launch in Few Months: Prime Minister Modi
Hyundai Partners With Tata Power to Set Up Electric Vehicle Charging Infrastructure
India’s 5G Testbed Successfully Tested in IIT Madras, Union Minister Ashwini Vaishnaw Made First 5G Call
Internet1 week ago
Meesho Records Nearly 87.6 Lakh Orders on Day 1 of 5-Day Festive Sale
Games2 weeks ago
Microsoft’s $69 billion Activision deal in UK’s crosshairs
Games2 weeks ago
Take-Two’s Grand Theft Auto VI gameplay leaked online – Bloomberg News
Internet3 weeks ago
Taiwan president warns of ‘volatile’ challenges facing chip industry
Internet2 weeks ago
Adobe agrees to buy Figma in $20 billion software deal
Internet3 weeks ago
EU court’s ruling on record $4.4 bn Google fine may set precedent
Cryptocurrency2 weeks ago
Bitcoin falls below $19,000 as cryptos creak under rate hike risk
Entertainment2 weeks ago
Steven Spielberg’s The Fabelmans wins Toronto audience award