Nandan babu and my finger print... (Part 2/2)

Part 1 of this article is available @

(http://ragsgopalan.blogspot.com/2009/09/nandan-babu-and-my-finger-print-part-12.html)

The issues in India are well known to us, but if you think that security issues in matured countries are hunky-dory then consider the following stats (from a study from PWC and CIO magazine):

1. Western companies continue to struggle with the constant updating of security and privacy laws. The study reports 1 out every 5 companies are not compliant with various state security breach notification laws. That number rises to almost thirty five percent that are noncompliant with the Sarbanas-Oxley law.
2. Forty percent of the respondents report non-compliance with HIPAA.
3. Fifty percent of the Australian organizations are not fully compliant with Australian Privacy Legislation.
4. Forty two percent of French organizations did not meet compliance with CNIL (Independent French administrative authority on data privacy).
5. Thirty one percent of the United Kingdom based organizations did not meet compliance with Data Protection Act.
6. The number is about forty-five percent with other European Nations and about thirty percent with Canadian companies.
7. The financial services industry encrypts data during transmission only sixty eight percent of the time. Only forty three percent of the companies’ encrypted stored data and forty two percent of the companies kept accurate inventory of user related data.
8. Security policies reveal that more than half of the companies within financial services industry do not address adequate data protection, disclosure and destruction.
9. Data breaches are common in governmental agencies as well as in businesses.(Holmes, 2006) In April 2007, the U.S. Department of Agriculture (USDA) reported that thousands of social security numbers of loan recipients were publicly available from a database maintained on the USDA website.
10. In August 2006, the Veterans Administration admitted to losing a considerable amount of patient insurance claim data. Major universities report unknowingly exposing student or faculty data including addresses, social security numbers and tax information.

The concerns I have are simply summarized as this:

1. Data Privacy management is a global headache and so is the "ID theft" industry.
2. Awareness about Information security and data privacy is low among 99.99%+ of our citizens. I don’t think for the next 25 years this shall improve significantly.
3. Country is weak in defining and legalizing privacy laws. I am not sure how many of us know what our legal rights are in traffic laws and forget the awareness on data privacy laws.
4. A culture of corruption as a way of life, poor data inputs from multiple sources certainly question the accuracy and validity of these IDs.
5. India’s legal system sucks!
6. Above all Chalta hai attitude and discipline in process adherence are mutually exclusive and what is the quality we are born with or nurtured with can be guessed without a clue.

Given the above situation I am not sure if we are jumping the gun for a idealistic solution instead of a more practical solution. The implementation of such a huge and critical project requires maturity at key stratas of the society and government.

Till then our finger prints shall be in a national data center which i am not sure is secured enough legally and operationally.

Till then my personal, biometric data - my finger print is at the mercy of our Nandan Babu's wisdom and our government's inefficiency !!!

Nandan Babu Jahaan !

Mera finger print vahaan, (phir bhi)

Mera Bharat Mahan!

Happy reading !!

Nandan babu and my finger print... (Part 1/2)

One of the symbolic achievements of the UPA government in the first 100 days has been appointing our Nandan babu .aka. Nandan Nilekani to head the National unique ID (UID) project. Even a congenial critic like me has to appreciate the intent and drive of this government to deliver something unique and invest in a long term plan.

But just as i started hearing about some of the details it was more anxiety than optimism that prevailed about this project. Let me explain why:

1. The massive scale of this project is absolutely unique and the whole world would be watching us as it unfolds. The government will spend around $6 billion on developing smart cards apart from a mammoth citizen database.

2. The first roll out seems to be starting within 12-18 months and promise of rolling out atleast 500m IDs in about 5 years (that is half the country currently) is nothing but impressive.

3. The identity cards proposed will be smart cards which will carry information of each and every individual; his/her finger biometrics as well as a photograph. A unique National Identity Number will be assigned to each individual including those below 18 years of age.

4. The value this can add to a country like ours is immense. ID validation, tracking is possibly applicable in every of our life from banking, credit control / report, subsidy allotment, citizen profiling, tax evasions, illegal transactions, internal security, crime, law & order. You name it, and it is applicable.

But the concerns are the following:

1. Accuracy of data: If we rely on the existing database of Voter ID, PAN cards etc. we all know that the % of errors in these databases is so high. I am not sure how we are going to clean this up. As a country if we have the wherewithal to clean this up, we would have done this already.

2. Illegal entries: It is an open secret and an accepted way of life that you can enter, edit and delete entries in some of these IDs with a generous graft at any point of time. If this is the case, we all have to realize that this UID project would have JUNK OUT, if it’s just JUNK IN.

3. Data privacy: The lacunae here give me jitters. Lets look at the current issues:

1. Buy a new SIM card try activating it in your mobile phone, the first call that you would receive is most probably a marketing call for credit card or personal loan.
2. Our IDs are bought and sold at every level and we have failed to recognize that “ID Marketing” is a huge industry by itself.
3. Indian legal system does not guarantee security and privacy to its citizens like all matured countries do. Ask any expert they would say that there are NO PRIVACY Laws yet in this country.
4. Even if you think that this government shall enact privacy laws our legal system and the overall process for a judicial decision sucks royally. Inefficiency of the judiciary is a clear concern at all levels.
5. Ask anyone in the field of Information security, more than 70% of the information security issues are related to internal reasons of an organization or entity.
6. The extent of awareness of data privacy, information and its security is literally nothing in over 99% of the population. I am being very generous attributing 1% of the population with this knowledge.
7. Even in the best of the corporate houses, the idea of information security is more a marketing tool than a way of life. I have implemented BS7799 in atleast 2 organizations and can tell you with absolute authority on this.

I am receiving alarm that the blog has exceeded the attention span of a normal individual hence .....To be continued in the next blog....

Yours Uniquely

Happy reading!

Israel = Yinyang = Shiva+Vishnu

Dear Yins and Yangs,

Do you know what Israel means or Tao means? Would you be surprised if i say that both means the same?

It was last week of Jan 2008, i was returning from Las Vegas to India and picked up a book from my backpack as i settled in the flight. The visit was for a sales conference and generally given the hectic(!) activity list you generally carry for such occasions and that too to a venue like LA, it was natural to assume that i would have slept for the next 18 hours till some one woke me up at Bangalore airport.

Something very different happened to my surprise and to the surpise of few friends who travelled with me. I was completely awake reading this 150 odd page book through out the journey, not reading once but thrice over and over. Its a book by Osho, "Tao - its history & teachings" and needless to add that the impact it had on me was tremendous and also the implicit message was i did not understand it in one go - though i was very excited and determined to read it again. On my way to my house i was wondering was it Osho or Taoism with which i was so impressed. Unable to conclude / decide on one, i safely decided to abandon this thought.

I had read about Taoism many years before when i was initiated in "Tai Chi" - a form of chinese martial arts and most important symbol that is impressioned in my mind was Yinyang. One book i would seriously recommend if you like eastern principles and science (Quantum physics) is The Tao of Physics - Fritjof Capra. This is one of the books which changes your way of thinking in a very positive way and deals with most of the eastern philosophies and Quantum physics.

I am not certainly going to bore you with Taoism / Yinyang which you can google - if you are interested. Here is a quick link ... http://en.wikipedia.org/wiki/Yin_and_yang

In one of the passages Osho explains what Israel means. Is-Ra-el:

Is - As in Egyptian moon goddess ISIS. Also babylonian moon goddess is Ishtar. Hence IS is moon / feminine principle also known as Yin.

Ra - Egyptian sun god representing the masculine principle. Also to note that Lord Rama in Hinduism is a king in the solar dynasty. In Taoism the masculine principle is Yang.

El - Elohim - Hebrew word for god and El reprsents the union / meeting.

So the explanation goes as the meeting of masculine and feminine and their transcedence. This explanation holds good for Tao and Israel both and both meaning the same. Lets look at the symbols that represent them:

Figure 1 Figure 2 Figure 3

Both of them represent in some way union the union or interconnectedness or harmonious existence of opposing forces or duality. Lets also look at the hinduism connection to both of the above:

1. The IS / Yin and Ra / Yang concept is very well represented in the ancient yogic techniques and many would have heard about Ida (Moon - left) and Pingala (Sun - right side) nadis (Channels) that run through human body. There are loads and loads of literature in Yoga and Ayurveda which tells us how to manage and balance them for healthy worldy and spiritual life.
2. From a religious perspective have a look at the image below which is that of Arthanareeswara - Half male and half female (Artha - Half, Naaree - Female) signifying this from a religious perspective.
3. Sri Chakra which is a symbolic representation of the female goddess in hinduism explains that that triangle points up is male (Shiva) and the triangle pointing down is Shakti (Female).

Infact both the above points are known many of you and there would be nothing new in this. What prompted me to write this blog was something more.

Few days back I was reading (actually re-reading) a book called "Deivathin Kural" - essentially collection of discourses of Sri Chandrasekara swamigal of Kanchi (a very revered monk) who is believed by a section of the society in India - to be a representation of god in the 20th century living among us. There are about 7 volumes, each volume running to 1000+ pages. The passage was from the 7th volume where he highlights that Shiva and Vishnu as cosmic powers are not only dependent on each other but cannot exist without the other. The sectional fighting among Shaivites and Vaishnavities claiming either Shiva or Vishnu is superior to the other was a fine blend of ignorance and arrogance. He quotes a passage from Skandopanishad:

"Vishnoshcha hridayam Shivaha

Shivasya hridayam Vishnuhu"

which means "The heart of vishnu is shiva" and the "the heart of Shiva is Vishnu". Shiva represents the Static principle / the nucleus / white color and Vishnu represents the dynamic principle / dynamic energy / black color. The word "Krishna" in sanskrit means black / dark in color.

So try to imagine that Shiva (White) and Vishnu (black / dark) are coexisting, balancing each other and one resides in the heart of another. One of the first symbol that came to my mind was the YinYang diagram represented above in Figure 1. But taking this thinking a little further if the dark spot in the white area is Vishnu, then Vishnu's heart / center of the black spot should be white. Same way the white spot in the black area is Shiva but its heart has to be white.

So the actual representation should be Yinyang symbol with the black and white spots in turn should have white and black spots in them respectively and those white and dark spots should have their hearts again. Hence this can go on till we can distinguish subsequent white and dark spots progressively within the symbol in a sort of concentric way.

So for the last few days i have been trying to imagine how this symbol would look like and failed miserably since i could not progress beyond a point. This is when i accidentally landed upon the image below (Figure 4) when i googled for something else.

Figure 4

So its the excitement of finding something that you have been looking for - though accidentally - prompted this blog.

There is a very popular saying in Sanskrit "Ekam sat, vipra bahuta vadanthi" - meaning there is only one truth (god) which is called by different names. This blog may sound like a Interfaith article but the thought remains that all these beliefs were connected to a common root and that too not so long ago. We have lost that connection some where, some how, ignored the message and fighting over the messengers.

There are differences, for example unlike popular hindu beliefs that the realization of god or nirvana or moksha as the goal of life, Taosim states that the journey is the goal and there is no destination otherwise. So lets enjoy the journey!

With the government repealing article 357, who knows, there may be new symbols generated in this generation of Yang-Yang and Yin-Yin too. But till then,

Yours Yangly!

Happy reading!