Connect with us

Internet

Google, Big Tech Say New Cyber Security Rule to Make Doing Business in India Tougher

Avatar

Published

on

By Press Trust of India | Updated: 28 May 2022

India’s new directive which mandates reporting of cyberattack incidents within six hours and storing users’ logs for 5 years will make it difficult for companies to do business in the country, 11 international bodies having tech giants like Google, Facebook and HP as members said in a joint letter to the government. The joint letter written by 11 organisations that mainly represent technology companies based in the US, Europe and Asia was sent to the Indian Computer Emergency Response Team (CERT-In) director general Sanjay Bahl on May 26.

The international bodies have expressed concerned that the directive, as written, will have a detrimental impact on cybersecurity for organisations that operate in India, and create a disjointed approach to cyber security across jurisdictions, undermining the security posture of India and its allies in the Quad countries, Europe and beyond.

“The onerous nature of the requirements may also make it more difficult for companies to do business in India,” the letter said.

The global bodies that have jointly expressed concern include Information Technology Industry Council (ITI), Asia Securities Industry & Financial Markets Association (ASIFMA), Bank Policy Institute, BSA – The Software Alliance, Coalition to Reduce Cyber Risk (CR2), Cybersecurity Coalition, Digital Europe, techUK, US Chamber of Commerce, US-India Business Council and US-India Strategic Partnership Forum.

The new directive issued on April 28 mandates companies to report any cyber breach to CERT-In within six hours of noticing it.

It mandates data centres, virtual private server (VPS) providers, cloud service providers and virtual Private Network (VPN) service providers to validate names of subscribers and customers hiring the services, period of hiring, ownership pattern of the subscribers etc. and maintain the records for a period of 5 years or longer duration as mandated by the law.

As per the directive, IT companies need to maintain all information obtained as part of Know-Your-Customer (KYC) and records of financial transactions for a period of five years to ensure cyber security in the area of payments and financial markets for citizens.

The international bodies have raised concern over the 6-hour timeline provided for cyber incident reporting and demanded that it should be increased to 72 hours.

“CERT-In has not provided any rationale as to why the 6-hour timeline is necessary, nor is it proportionate or aligned with global standards. Such a timeline is unnecessarily brief and injects additional complexity at a time when entities are more appropriately focused on the difficult task of understanding, responding to, and remediating a cyber incident,” the letter said.

It said in case of the six-hour mandate, entities will also unlikely have sufficient information to make a reasonable determination of whether a cyber incident has in fact occurred that would warrant the triggering of the notification.

The international bodies said that their member companies operate advanced security infrastructures with high-quality internal incident management procedures, which will yield more efficient and agile responses than a government directed instruction regarding a third-party system that CERT-In is not familiar with.

The joint letter said that the current definition of reportable incidents, to include activities such as probing and scanning, is far too broad given probes and scans are everyday occurrences.

It said that the clarification provided by CERT-In to the directive mentions that logs are not required to be stored in India but the directive does not mention it.

“Even if this change is made, however, we have concerns about some of the types of log data that the Indian government is requiring be furnished upon request, as some of it is sensitive and, if accessed, could create new security risk by providing insight into an organisation’s security posture,” the letter said.

The joint letter said that internet service providers commonly collect customer information but extending these obligations to VSP, CSP and VPN providers is burdensome and onerous.

“A data centre provider does not assign IP addresses. It will be an onerous task for the data centre provider to collect and record all IP addresses assigned to their customers by ISPs. This could be a nearly impossible task when IP addresses are dynamically assigned,” letter said.

The global bodies said that storing the data locally for the life cycle of the customer and thereafter for five years will require storage and security resources for which the costs must be passed on to the customer, who notably has not asked for this data to be stored after their service termination.

“We share the government’s goal to improve cyber security. However, we remain concerned about the CERT-In directive, despite the release of the recent FAQs document intended to clarify the directive, because the FAQ is not a legal document, it does not grant companies with the legal certainty required to conduct everyday business,” ITI senior director of policy Courtney Lang said.

Lang said additionally, the FAQ issued by the CERT-In does not address problematic provisions, including the six-hour reporting timeline.

“We continue to urge CERT-In to pause implementation of the directive and open a stakeholder consultation to fully address the concerns articulated in the letter,” Lang said.

Internet

New Zealand Plans to Introduce Law to Make Google, Facebook Pay Local Outlets for News

Avatar

Published

on

New Zealand is planning legislation to compensate news outlets that is modelled on similar laws passed in Australia and Canada.
By Reuters | Updated: 5 December 2022

The New Zealand government said it will introduce a law that will require big online digital companies such as Alphabet’s Google and Meta to pay New Zealand media companies for the local news content that appears on their feeds.

Minister of Broadcasting Willie Jackson said in a statement on Sunday that the legislation will be modelled on similar laws in Australia and Canada and he hoped it would act as an incentive for the digital platforms to reach deals with local news outlets.

“New Zealand news media, particularly small regional and community newspapers, are struggling to remain financially viable as more advertising moves online,” Jackson said. “It is critical that those benefiting from their news content actually pay for it.”

The new legislation will go to a vote in parliament where the governing Labour Party’s majority is expected to pass it.

Australia introduced a law in 2021 that gave the government power to make internet companies negotiate content supply deals with media outlets. A review released by the Australian government last week found it largely worked.

The law, which took effect in March 2021 after talks with the big tech firms led to a brief shutdown of Facebook news feeds in Australia, may need to be extended to other online platforms, the review said.

Since the News Media Bargaining Code took effect, the tech firms had inked more than 30 deals with media outlets compensating them for the content which generated clicks and advertising dollars, said the Treasury Department report, published last week.

The report mostly recommended that the government consider new methods of assessing the administration and effectiveness of the law, and did not suggest changing the law itself.

“At least some of these agreements have enabled news businesses to, in particular, employ additional journalists and make other valuable investments to assist their operations,” said the report. “While views on the success or otherwise of the Code will invariably differ, we consider it is reasonable to conclude that the Code has been a success to date.”

© Thomson Reuters 2022

Continue Reading

Internet

Google CEO Sundar Pichai Pays Tribute to Indian Roots on Being Honoured With Padma Bhushan

Avatar

Published

on

Google this year added 24 new languages to its translation service using a new advancement in machine learning.
By Press Trust of India | Updated: 3 December 2022

“India is a part of me and I carry it with me wherever I go,” Google and Alphabet CEO Sundar Pichai has said, as he received the prestigious Padma Bhushan award from the Indian envoy to the US.

Indian-American Pichai was awarded the Padma Bhushan for 2022 in the Trade and Industry category. The Madurai-born Pichai was named one of the 17 awardees earlier this year.

He received India’s third-highest civilian award in the presence of his close family members in San Francisco on Friday.

“I am deeply grateful to the Indian government and the people of India for this immense honour. It is incredibly meaningful to be honoured in this way by the country that shaped me,” 50-year-old Pichai said while accepting the award from India’s Ambassador to the US, Taranjit Singh Sandhu.

“India is a part of me. I carry it with me wherever I go. (Unlike this beautiful award which I will keep somewhere safe),” he said.

“I was fortunate to grow up in a family that cherished learning and knowledge, with parents who sacrificed a lot to make sure I had opportunities to explore my interests,” Pichai said.

India’s Consul General in San Francisco, T V Nagendra Prasad, was also present during the event.

Sandhu said that Pichai represented the limitless possibilities of technology for transformation.

“He has been making commendable efforts towards making digital tools, and skills accessible to across various segments of the society in different parts of the globe,” he said.

Recalling Prime Minister Narendra Modi’s vision of technology that combines 3Ss – speed, simplicity and service, Sandhu hoped that Google would make full use of the digital revolution happening in India.

Pichai said that it had been amazing to return to India many times over the years to see the rapid pace of technological change.

The innovations created in India are benefitting people around the world – from digital payments to voice technology, he said.

“I look forward to continuing the great partnership between Google and India, as we work together to bring the benefits of technology to more people,” he said.

Businesses are seizing the opportunities for digital transformation, and more people have access to the internet than ever before, including in rural villages, Pichai said.

“Prime Minister Modi’s Digital India vision has certainly been an accelerator for that progress and I’m proud that Google continues to invest in India, partnering with governments, businesses, and communities over two transformative decades,” he said.

“Every new technology that arrived at our doorstep made our lives better. And that experience put me on a path to Google, and the chance to help build technology that improves the lives of people all over the world,” he said.

Pichai said he sees so much opportunity ahead.

On India taking over the G20 presidency, Pichai said: “It’s an amazing opportunity to build consensus on strengthening the global economy by advancing an internet that is open, connected, secure, and works for everyone. That’s a goal we share, and are committed to advancing with you.” India formally assumed the G20 Presidency on Thursday.

“I am grateful for the opportunity to do this work together and bring the benefits of technology to more people,” Pichai said.

Google this year added 24 new languages to its translation service using a new advancement in machine learning. Eight of them are languages native to India.

“It means so much to see how people can access information and knowledge in their preferred language, and see the world open up to them in new ways. That’s why I continue to be so optimistic about technology, and why I believe India can and must continue to lead,” he added.

Continue Reading

Internet

Amazon’s Media Chief Jeff Blackburn Announces Plans to Retire in 2023

Avatar

Published

on

Amazon media chief Jeff Blackburn joined the company in 1998 and guided the company through its initial public offering prospectus at Deutsche Bank.
By Agencies | Updated: 3 December 2022

Amazon.com’s top media executive Jeff Blackburn plans to retire at the start of 2023, the e-commerce giant said on Friday.

The company said that the media and entertainment businesses, led by Blackburn since May last year, will be overseen by two current executives, Mike Hopkins and Steve Boom, who will report directly to Chief Executive Officer Andy Jassy.

The businesses include Prime Video, Amazon Studios, Music, Audible, Games, and Twitch.

Blackburn, who also served as senior vice president at Amazon, joined Amazon in 1998 and guided the company through its initial public offering prospectus at Deutsche Bank.

He left Amazon briefly in February 2021, before returning again in May 2021.

“I’ve decided to spend 2023 differently, giving more time to family, and feel strongly this is the right decision for me,” said Blackburn.

Over the past year and a half, Blackburn was a key figure behind the success of shows like Rings of Power as well as the acquisition of movie studio MGM this year, said Amazon.

Meanwhile, Amazon witnessed mass layoffs in November this year, which are now claimed to extend into next year, as stated by CEO Andy Jassy. The company has informed workers in its devices and books divisions about layoffs. A few employees were also offered a voluntary buyout offer.

Amazon has already notified that it would lay off about 260 corporate workers at various facilities in the state. For those being laid off, Amazon is offering severance packages. It is one among the many tech companies that are witnessing mass layoffs this year. Meta and Twitter also announced job cuts in November, laying off thousands of employees.

Continue Reading

Internet

UPI, Digital Transactions: Government Extends Deadline to Implement 30 Percent Cap

Avatar

Published

on

NPCI had announced to limit a single third party app to handle only 30 percent of overall UPI transaction volumes in November 2020.
By Press Trust of India | Updated: 3 December 2022

The National Payments Corporation of India (NPCI) on Friday extended the deadline for third party UPI players to meet its 30 percent volume cap in digital payment transactions by two years to end-December 2024.

The decision may provide a relief to third party app providers (TPAP) like Google Pay and Walmart’s PhonePe which have a majority share in UPI-based transactions.

NPCI runs the Unified Payments Interface (UPI) used for real-time payments between peers or at merchants’ end while making purchases.

In November 2020, NPCI had announced to limit a single third party app to handle only 30 percent of overall UPI transaction volumes. The cap was to come in force from January 1, 2021.

However, the TPAPs (live on November 5, 2020) which were exceeding the cap were given a period of two years to comply with the norms in a phased manner.

“Taking into account the present usage and future potential of UPI, and other relevant factors, the timelines for compliance of existing TPAPs who are exceeding the volume cap, is extended by two (2) years i.e. till December 31, 2024, to comply with the volume cap,” NPCI said in a circular.

NPCI further said that in view of significant potential of digital payments and the need for multi-fold penetration from its current state, it is imperative that other existing and new players (banks and non-banks) shall scale-up their consumer outreach for the growth of UPI and achieve overall market equilibrium.

TPAPs typically tie-up with banks at the back-end to add users and process payments for them.

It was reported last month that the NPCI is planning to propose the Reserve Bank to implement the earlier deadline of December 31, 2023, for limiting the volume cap of players to 30 percent. It is to be noted that currently there is no volume cap, leading to Google Pay and PhonePe accounting for around 80 percent of the total market share.

Continue Reading

Internet

Medibank Data Breach: Hackers Upload More Customer Data, Say ‘Case Closed’ on World Cybersecurity Day

Avatar

Published

on

By Reuters | Updated: 1 December 2022

Medibank, Australia’s biggest health insurer, said on Thursday hackers had released more of its stolen medical records, as the media reported that the complete set of data on millions of customers was now public.

The Office of the Australian Information Commission (OAIC), the country’s privacy regulator, has also begun investigating how the company handles personal information, Medibank said in a statement.

The latest release on the dark web follows progressive uploads, including records of customers’ mental health and alcohol use, that began after Medibank said on November 7 it would not pay a ransom.

“The raw data we have analysed today so far is incomplete and hard to understand,” chief executive David Koczkar said. “While there are media reports of this being a signal of ‘case closed’, our work is not over.”

On Thursday, the media reported that a blog, believed by cyber experts to be used by the hackers, carried a new post: “Happy Cyber Security Day!!! Added folder full. Case closed.” It also included a file that had several compressed files amounting to more than 5 gigabytes.

Reuters has not verified the contents of the latest files uploaded on the dark web, part of the World Wide Web that is accessible only with special software.

Medibank did not immediately respond to a Reuters question about whether it believed all stolen data had now been released.

Australian Federal Police last month said Russia-based hackers were behind the Medibank cyberattack, which compromised the details of almost 10 million current and former customers. Medicare revealed the breach on October 13.

In an update on Thursday morning, Medibank said there were currently no signs that banking data had been stolen. Personal details accessed by hackers were not enough to enable financial fraud, it added.

Six zipped files placed in a folder called “full” and containing raw data believed to have been stolen had been uploaded, Medibank said in a statement.

Australia has been grappling with a recent rise in cyber attacks. At least eight companies, including telecoms company Optus, owned by Singapore Telecommunications, have reported breaches since September.

The OAIC, which is also investigating Optus over the breach, did not immediately respond to a Reuters request for comment on the Medibank investigation.

Technology experts have said Australia has become a target for hackers just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop attacks.

© Thomson Reuters 2022

Continue Reading

Internet

YouTube Removes More Than 17 Lakh Videos in India in Q3 2022 for Violating Community Guidelines

Avatar

Published

on

By Press Trust of India | Updated: 30 November 2022

YouTube has removed over 17 lakh videos uploaded from India during the July-September quarter for violating the company’s community guidelines, the Google-owned firm said on Tuesday. “Between July and September 2022, in India over 1.7 million videos were removed for violating YouTube’s Community Guidelines,” YouTube said in the Community Guidelines Enforcement report for the third quarter of 2022.

Globally, YouTube removed over 56 lakh videos for violating community guidelines.

“Of the videos detected by machines, 36 percent were removed before they received a single view, and 31 percent received between 1 and 10 views before removal,” the report said.

The video hosting platform removed over 73.7 crore comments from the platform for violation of the guidelines, the report said.

YouTube data shows 99 percent of the comments were removed after they were flagged by its automated system and only 1 percent were removed after they were flagged by its users.

The Alphabet-owned company recently said that it is bringing shopping features to its Shorts video service, as it looks to fortify its revenue against a drop in spending by recession-wary advertisers. The feature, being tested with eligible creators in the US, will allow them to tag products from their own stores. “Viewers in the US, India, Brazil, Canada, and Australia can see the tags and interact with them and we’ll continue to bring tagging to more creators and geographies,” a Google spokesperson said.

Continue Reading

Trending