Skip to content
Salus Cyber

Salus News August 1st 2022

1 August 2022

India Data Protection Bill Revocation of DP Bill

India Data Protection Bill Scrapped

On Wednesday 3rd of August, the prime minister of the Indian government, Narendra Modi, made an announcement that he would be withdrawing the new proposed bill for personal data protection which was first conceived back in 2018 and instead proposed a new “comprehensive framework” for tech regulation and privacy. The Indian Government explained that their reason for withdrawing the new bill was because it had grown to the point of being too complicated, stating that there were “eighty-one amendments in the bill of ninety-nine sections”. As such, a new bill is currently being created that will be presented for public consultation.

Personal Data Protection Bill

The now scrapped personal data protection bill, if it had gone ahead, would have required internet companies like Google and Facebook (Meta) to get permission for the use of an Indian person’s personal information. This would also have made it easier for Indian people to request for the deletion of personal data that they no longer wanted to be stored. This is very similar to how the General Data Protection Regulation (GDPR) act works in Europe.

How was the Bill Received?

Salman Waris, a lawyer who specialises in international technology law stated that the bill was “a bad draft from the inception”. His main complaint being that it would have given the Government too much control over large amounts of personal data on its citizens. Manish Tewari, a politician from the Indian National Congress party stated that the bill would have created two parallel universes. The first being for the private sector who would have to follow strict laws and the second one would be one where the government can skate around the laws due to having exemptions. Tech companies were also concerned about this new bill as they feared it would put too much strain on them to be compliant with and that it would increase the difficulty for data storage requirements. This was primarily due to a new rule in the bill which would have required tech companies to store certain elements of Indian users’ personal data within the country. This could have created problems for global tech companies looking to expand their services into the India marketplace.

Conclusion

With India being one of the most targeted countries in the world for data breaches, it will be important for India to not fully scrap the idea of creating a bill that will protect users’ personal data, but instead look to make amendments to the original to address concerns that the public and tech companies had about the previous bill being introduced.

References

India Scraps Data Privacy Bill – The New York Times (nytimes.com)
India Government Withdraws Data Protection Bill (databreachtoday.com)

 

UK Balloting Delayed Hacking Concerns Delay Balloting

Fears Online Ballots Can be Altered by Hackers

With the current prime minister Boris Johnson announcing he will step down, a new leader to serve as prime minister is to be elected by Conservative party members. Members can either vote by postal ballot or online. However, the specific functionality of the online system has led to growing concerns about potential nation state or other attackers potentially manipulating the results of the ballot. This warning was issued by Britain’s National Cyber Security Centre (NCSC).

Changes to Voting Process

As a result of the warning, a change to the voting timeline has been made, such that a party member will only be able to use their unique code once to vote. After it has been used, the code will be deactivated, as opposed to remaining active, allowing the party member to change their vote up until the deadline. Due to this change, it is expected that party members won’t receive their voting ballot until the 11th of August. This new change has also made it so that a party member can’t vote by post and then later change their vote though the online voting option. They will only be able to choose one of the options. This will be useful in preventing hackers from being able to change party members votes. It should be noted that this change was not made due to a current threat but was rather advised by the Government Communications Headquarters (GCHQ) as a precaution.

Analysis

As electronic voting gains traction within British politics, expect advisories around specific voting implementations to continue from GCHQ and subject matter experts. As has been seen in the US, the apparent mistrust of digital voting devices has already led to their integrity being questioned and discussed throughout the political spectrum. At a time when web 3.0 is developing, is the political establishment moving fast enough to take advantage of the security features offered by blockchain and other technologies?

References

Hacking Concerns Delay Balloting for New UK Prime Minister (databreachtoday.com)
Tory leadership contest: GCHQ’s hacking concerns cause ballot paper delay – Gloucestershire Live