Connect with us


Google, Big Tech Say New Cyber Security Rule to Make Doing Business in India Tougher




By Press Trust of India | Updated: 28 May 2022

India’s new directive which mandates reporting of cyberattack incidents within six hours and storing users’ logs for 5 years will make it difficult for companies to do business in the country, 11 international bodies having tech giants like Google, Facebook and HP as members said in a joint letter to the government. The joint letter written by 11 organisations that mainly represent technology companies based in the US, Europe and Asia was sent to the Indian Computer Emergency Response Team (CERT-In) director general Sanjay Bahl on May 26.

The international bodies have expressed concerned that the directive, as written, will have a detrimental impact on cybersecurity for organisations that operate in India, and create a disjointed approach to cyber security across jurisdictions, undermining the security posture of India and its allies in the Quad countries, Europe and beyond.

“The onerous nature of the requirements may also make it more difficult for companies to do business in India,” the letter said.

The global bodies that have jointly expressed concern include Information Technology Industry Council (ITI), Asia Securities Industry & Financial Markets Association (ASIFMA), Bank Policy Institute, BSA – The Software Alliance, Coalition to Reduce Cyber Risk (CR2), Cybersecurity Coalition, Digital Europe, techUK, US Chamber of Commerce, US-India Business Council and US-India Strategic Partnership Forum.

The new directive issued on April 28 mandates companies to report any cyber breach to CERT-In within six hours of noticing it.

It mandates data centres, virtual private server (VPS) providers, cloud service providers and virtual Private Network (VPN) service providers to validate names of subscribers and customers hiring the services, period of hiring, ownership pattern of the subscribers etc. and maintain the records for a period of 5 years or longer duration as mandated by the law.

As per the directive, IT companies need to maintain all information obtained as part of Know-Your-Customer (KYC) and records of financial transactions for a period of five years to ensure cyber security in the area of payments and financial markets for citizens.

The international bodies have raised concern over the 6-hour timeline provided for cyber incident reporting and demanded that it should be increased to 72 hours.

“CERT-In has not provided any rationale as to why the 6-hour timeline is necessary, nor is it proportionate or aligned with global standards. Such a timeline is unnecessarily brief and injects additional complexity at a time when entities are more appropriately focused on the difficult task of understanding, responding to, and remediating a cyber incident,” the letter said.

It said in case of the six-hour mandate, entities will also unlikely have sufficient information to make a reasonable determination of whether a cyber incident has in fact occurred that would warrant the triggering of the notification.

The international bodies said that their member companies operate advanced security infrastructures with high-quality internal incident management procedures, which will yield more efficient and agile responses than a government directed instruction regarding a third-party system that CERT-In is not familiar with.

The joint letter said that the current definition of reportable incidents, to include activities such as probing and scanning, is far too broad given probes and scans are everyday occurrences.

It said that the clarification provided by CERT-In to the directive mentions that logs are not required to be stored in India but the directive does not mention it.

“Even if this change is made, however, we have concerns about some of the types of log data that the Indian government is requiring be furnished upon request, as some of it is sensitive and, if accessed, could create new security risk by providing insight into an organisation’s security posture,” the letter said.

The joint letter said that internet service providers commonly collect customer information but extending these obligations to VSP, CSP and VPN providers is burdensome and onerous.

“A data centre provider does not assign IP addresses. It will be an onerous task for the data centre provider to collect and record all IP addresses assigned to their customers by ISPs. This could be a nearly impossible task when IP addresses are dynamically assigned,” letter said.

The global bodies said that storing the data locally for the life cycle of the customer and thereafter for five years will require storage and security resources for which the costs must be passed on to the customer, who notably has not asked for this data to be stored after their service termination.

“We share the government’s goal to improve cyber security. However, we remain concerned about the CERT-In directive, despite the release of the recent FAQs document intended to clarify the directive, because the FAQ is not a legal document, it does not grant companies with the legal certainty required to conduct everyday business,” ITI senior director of policy Courtney Lang said.

Lang said additionally, the FAQ issued by the CERT-In does not address problematic provisions, including the six-hour reporting timeline.

“We continue to urge CERT-In to pause implementation of the directive and open a stakeholder consultation to fully address the concerns articulated in the letter,” Lang said.


6.1 Percent Indians Are Optimistic About Generative AI Tools: Survey




GenAI is a rapidly evolving space, and its transformative impact is already being felt in workplaces around the world, says Nicolas De Bellefonds.
By Press Trust of India | Updated: 7 June 2023

From ChatGPT to Dall-E and all the technologies in between, the new wave of generative artificial intelligence (GenAI) is transforming businesses at a rapid pace, and 60 percent of Indian executives are optimistic about its impact on workplace, as per a survey.

However, opinions vary by seniority and by country, according to the survey by Boston Consulting Group.

The survey is based on inputs from 12,800 employees from the executive suites to the frontline employees across industries in 18 countries.

As per the survey, Brazil (71 percent) is the most optimistic country about the impact of GenAI on workplace followed by India (60 percent) and the Middle East (58 percent).

The least optimistic are the US (46 percent), the Netherlands (44 percent) and Japan (40 percent).

Geographies most concerned about AI are the Netherlands (42 percent), France (41 percent), and Japan (38 percent), while the least concerned are the Middle East (25 percent), Brazil (19 percent), and India (14 percent), As much as 61 percent of the 1,000 respondents in India are optimistic about the tool while 72.8 percent of them believe the rewards of GenAI outweigh risks.

Also, close to 88 percent of respondents believe their job is likely to be transformed by AI and 80 percent feel AI-specific regulations are necessary.

GenAI is a rapidly evolving space, and its transformative impact is already being felt in workplaces around the world, says Nicolas De Bellefonds, the global leader of AI and software at BCG X, BCG’s tech build and design unit.

As per the survey, 52 percent of respondents are optimistic about AI’s impact on work, which was 35 percent in 2018.

According to Nipun Kalra, managing director & partner, and head of BCG X in India, among the 18 countries surveyed, Indian executives are the most optimistic about the transformative impact of AI.

The survey also showed that senior leaders are more frequent users of generative AI, and thus are more optimistic and less concerned about it than frontline employees. While 62 per cent of leaders are optimistic about AI, only 42 percent of frontline employees share that view.

Also, 62 percent of regular users of GenAI are optimistic about it, compared to 36 percent of non-users. A majority of leaders (80 percent) report that they use GenAI tools regularly, compared with just 20 percent of frontline employees.

Further, frontline employees made up the largest percentage of non-users (60 percent).

Globally, more than a third of the respondents (36 percent) think that their job is likely to be eliminated by AI and 86 percent believe they will need skilling.

Continue Reading


Won’t Notify Fact-Checking Unit Till July 10, Centre Tells HC; Two New Pleas Filed Against IT Rules




The Union government had in April told the HC that the fact-checking unit would not be notified till July 5.
By Press Trust of India | Updated: 7 June 2023 

The Centre on Wednesday told the Bombay High Court it was extending till July 10 its earlier statement that it won’t notify its fact-checking unit to identify fake news against the government on social media, even as two new petitions were filed challenging the recently amended IT Rules.

The Union government had in April told the HC that the fact-checking unit would not be notified till July 5. The statement was made when the court was hearing a petition filed by stand-up comic Kunal Kamra challenging the constitutional validity of the Information Technology Rules.

On Wednesday, a division bench of Justices Gautam Patel and Neela Gokhale was informed that two new petitions have also been filed challenging the Rules.

The petitions filed by the Editors Guild of India and the Association of Indian Magazines claim that the Rules are arbitrary and unconstitutional.

The court said it would hear all the three petitions from July 6.

“We shall take up the petitions for final disposal from July 6 onwards. The petitioners’ counsels shall complete their arguments on July 7 after which we shall set a date for the Union government to put forth their arguments,” the court said.

“In view of the dates fixed for hearing, the Additional Solicitor General Anil Singh says that the statement made earlier by the Centre shall stand extended till July 10,” the court added.

On April 6, 2023, the Union government promulgated certain amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, including a provision for a fact-checking unit to flag fake or false or misleading online content related to the government.

The three petitions sought the court to declare the amended Rules unconstitutional and direct the government to restrain from acting against any individual under the Rules.

The Union government in its affidavit filed in comedian Kamra’s petition in April said that the “role of the fact-checking unit is restricted to any business of the Centre, which may include information about policies, programmes, notifications, rules, regulations, implementation thereof, etc”.

“The fact check unit may only identify fake or false or misleading information and not any opinion, satire or artistic impression. Therefore, the aim of the government regarding the introduction of the impugned provision is explicitly clear and suffers from no purported arbitrariness or unreasonableness as alleged by the petitioner (Kamra),” the Centre’s affidavit had said.

As per the amendments, intermediaries such as social media companies will have to act against content identified by the fact-checking unit or risk losing their safe harbour protections under Section 79 of the IT Act.

“Safe harbour” protections allow intermediaries to avoid liabilities for what third parties post on their websites.

Continue Reading


Apple Acquires AR Headset Startup Mira: Report




This comes a day after Apple unveiled a costly augmented-reality headset called the Vision Pro.
By Reuters | Updated: 7 June 2023

Apple has acquired Mira, a Los Angeles-based AR startup that makes headsets for other companies and the US military, the Verge reported on Tuesday, citing a post from Mira CEO’s private Instagram account and a person familiar with the matter.

This comes a day after Apple unveiled a costly augmented-reality headset called the Vision Pro, one of its riskiest bets since the introduction of the iPhone more than a decade ago, barging into a market dominated by Meta Platforms.

Apple’s headset will test a market crowded with devices that have yet to gain traction with consumers and put it in direct competition with Facebook-owner Meta after years of clashes between the companies over issues like user privacy and control of developer platforms.

Mira’s military contracts include a small agreement with the US Air Force and a $702,351 agreement with the Navy, according to government records and press releases, the Verge report said.

The Verge added that Apple had confirmed the acquisition saying that it buys smaller technology companies from time to time, and generally does not discuss its purpose or plans.

Apple has brought on at least 11 of Mira’s employees as part of the acquisition, according to the report.

Apple, Mira and its CEO Ben Taft did not immediately respond to Reuters’ requests for comment.

Last month, Apple said it has entered a multi-billion-dollar deal with chipmaker Broadcom to use chips made in the United States.

Under the multi-year deal, Broadcom will develop 5G radio frequency components with Apple that will be designed and built in several US facilities, including Fort Collins, Colorado, where Broadcom has a major factory, Apple said.

© Thomson Reuters 2023

Continue Reading


Reddit Lays Off 5 Percent of Its Workforce, Will Reduce Planned Hiring for 2023




Tech companies have been slashing jobs after aggressively hiring during the pandemic, as the industry braces for an economic downturn.
By Reuters | Updated: 7 June 2023

Reddit said on Tuesday it is laying off about 5 percent of its workforce, or 90 employees, joining a list of technology companies that have been cutting jobs across corporate America.

Tech companies including Meta Platforms have been slashing jobs after aggressively hiring during the pandemic, as the industry braces for an economic downturn.

Meta, the owner of Facebook, slashed jobs across its business and operations units last month, as it carried out its last batch of a three-part layoff round, first announced in March to eliminate 10,000 roles.

Reddit, which was spun off from magazine conglomerate Conde Nast in 2011, saw a recent surge in appeal due to the popularity of WallStreetBets and other forums on its platform that have become a venue for retail investors to speculate on stocks.

The Wall Street Journal first reported Reddit’s move on Tuesday, citing an email sent to employees from Chief Executive Steve Huffman.

Huffman said the company would also reduce its hiring for the rest of the year to about 100 people from an early plan of 300, according to the WSJ report.

In December 2021, Reddit had confidentially filed for an initial public offering with the US securities regulator after the company’s message boards became the go-to destination for day traders during a meme stock frenzy.

The company was looking at a valuation of more than $15 billion (roughly Rs. 1,14,380 crore), Reuters had reported in September 2021.

Earlier that year, the company was valued at $10 billion (roughly Rs. 76,260 crore) in a private fundraising round.

Reddit was also reportedly tapping Wall Street banks Morgan Stanley and Goldman Sachs Group for its initial public offering.

Reddit, which was founded in 2005 by Steve Huffman and Alexis Ohanian, has more than 50 million daily active users and over 100,000 communities.

© Thomson Reuters 2023

Continue Reading


India’s Internet Economy Expected to Grow Six-Fold, Reach $1 Trillion by 2030: Report




The report estimates that India's internet-economy was in the range of $155-175 billion in 2022.
By Press Trust of India | Updated: 6 June 2023

India’s internet economy is expected to register six-fold growth and touch $1 trillion (roughly Rs. 82,58,950 crore) by 2030, mainly driven by the e-commerce vertical, a joint report by Google, Temasek, and Bain & Company released on Tuesday said.

The report estimates that India’s internet economy was in the range of $155-175 billion in 2022.

According to the report, the growth will be led by the B2C e-commerce segment, followed by B2B e-commerce, software-as-a-service providers, and online media led by over-the-top players.

“India’s internet economy is expected to grow 6 x to $1 trillion (roughly Rs. 82,58,950 crore) by 2030,” Google India, Country Manager & Vice President, Sanjay Gupta said while sharing details of the report.

He said most of the purchases in the future will take place digitally.

Gupta said while startups have led the path of digital innovation, small and medium businesses, and large enterprises after the pandemic have started to use digital technologies to become more competitive.

According to the report, B2C e-commerce is expected to grow 5-6 times to $350-380 billion by 2030, from around $60-65 billion in 2022.

The report estimates B2B e-commerce to grow 13-14 times to $105-120 billion, from around $8-9 billion in 2022.

The software-as-a-service segment is expected to grow 5-6 times to $65-75 billion by 2030, from $12-13 billion in 2022.

Temasek, Managing Director (Investments), Vishesh Shrivastav said India is now a new hope for the growth of global GDP.

Continue Reading


Microsoft to Pay $20 Million to Settle US FTC Charges for Violating Children’s Privacy




The company illegally collected personal information from children without their parents' consent, the FTC said on Monday.
By Reuters | Updated: 6 June 2023

Microsoft will pay $20 million (roughly Rs. 163 crore) to settle US Federal Trade Commission (FTC) charges that the tech company illegally collected personal information from children without their parents’ consent, the FTC said on Monday.

The company had been charged with violating the US Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children who signed up to its Xbox gaming system without notifying their parents or obtaining their parents’ consent, and by retaining children’s personal information, the FTC said in a statement.

The order requires Microsoft to take steps to improve privacy protections for child users of its Xbox system. It will extend COPPA protections to third-party gaming publishers with whom Microsoft shares children’s data, the FTC said.

A Microsoft spokesperson said the company was committed to complying with the order. The spokesperson added the account creation process will be updated and a data retention glitch found in the company’s system will be resolved.

“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection.

“This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA,” Levine added.

The law requires online services and websites directed to children under 13 to notify parents about the personal information they collect and to obtain verifiable parental consent before collecting and using any personal information of the children.

From 2015 to 2020, Microsoft retained the data that it collected from children during the account creation process, even when a parent failed to complete the process, according to the complaint.

© Thomson Reuters 2023

Continue Reading