f FranklySpeaking

Wednesday, 5 September 2012

Simon From Washington Post, Go Back


Picture courtesy: incredibleindia.org


What and how much does a Journalist from a publication in the United States know about Incredible India to write an article  like that about our Prime Minister and our country?


By Francis Adams

Who is this Simon from Washington Post who has so zealously written the "India’s ‘silent’ prime minister becomes a tragic figure" ?
 Isn't he aware of "Simon Go Back"? If not, someone should send him a copy of Bollywood star Akshay Kumar's latest movie Joker.
  To the world: Do not point a finger at our vibrant and bright India. We know what we are doing. Our economy, in the face of all the painful problems the rest of the world is suffering, is illuminating. Don't believe it? Ask Business Birdie.
   We have taken giant strides, since we achieved independence in 1947, to reach the pinnacle of success. And we have the Chairman Emeritus of a global company, Infosys, to attest that claim.
   Yes. It is true that India does not, officially, acknowledge the finding of Transparency International that has ranked it 95th this time from a list of 183 countries on the Less Corrupt Nations list or the  Corruption Perceptions Index.
    Our decision-making skills and timing are on par, if not better than the developed countries, prompting India's poster boy of global business, Lakshmi Mittal, now based in the United Kingdom, to spread his wings to other markets.
   We have the world's better, if not best, companies in the private sector whose unblemished progress has been so ably handled by our agile Human Resources juggernaut that has a telescopic view of employee well-being.
   We don't believe, anymore, in caste. Both, our private and public sector companies are, unlike most in the rest of the world, in the hands of experts who have honed their skills in steering the ship to Himalayan Heights.
   Our tradition and culture are also intact. In fact, they have set a benchmark for others to follow, based on our rich and varied heritage.
    Finally, we have a never-sleeping, hawk-eyed media that can match the best in the world in its reportage, like it did when India anointed its new President.
   So if you, Simon, or anyone in the world wish to know more about corruption in the world, ask us. We'll let you know what to write.

Ex-SEAL's Authentic Account Causes Security Breach

"No Easy day, the first hand account of the mission that killed Osama Bin Laden" has classified information, says Pentagon


By Francis Adams

Mark Bissonette. Picture courtesy CBS News
The Pentagon's spokesman George Little, on Tuesday said that "Sensitive and classified information is contained in the book,” by former Navy SEAL Matt Bissonette, who authored the book using the pseudonym Mark Owen.  
   This is the first time the Pentagon has officially reacted on the revelations in the book that, on Tuesday, w
+as No. 1 on Amazon's best seller list. According to CBS News, the book published by Dutton, a unit of Penguin Group (USA) had an initial print run of 575,000 copies and "publication of the book was moved up from Sept. 11 to Sept. 4 amid a flurry of reports about the book last week."
  The Business Week reported that the "Pentagon General Counsel Jeh Johnson sent a letter to the author dated Aug. 30 warning that he was “in material breach and violation of the non-disclosure agreements you signed” in 2007. “Further public dissemination of your book will aggravate your breach and violation of your agreements.”
  Little told reporters that the Pentagon was still reviewing legal options available against the author before saying, “It is the height of irresponsibility not to have this kind of material checked” for classified information. The author's attorney, Robert Luskin, however, told Business Week that the 2007 agreement “invites but by no means requires” pre-publication review.
  Bissonnette has claimed in the book that he ensured that the content in the book was safe for publication after he hired the former special operations attorney to review his manuscript. 
  Leaks of classified information are not new. In a book titled "A Critical Review of The Classified Information Procedures Act" published as way back as 1985, the author Brian Z Tamanaha writes that "The Classified Information Procedures Act (CIPA) was enacted by Congress in 1980 to deal with the growing graymail problem." Graymail, according to the author, refers to a situation in which "a criminal defendant threatens to disclose classified information during the course of trial in the hope that the government would rather forego prosecution than suffer disclosure of information. So long as the threat of disclosure is real one, the defendant may enjoy immunity from prosecution."
  During those days, the author writes, sensitive concern for national security resulted in foregoing prosecution for serious crimes.
  CIPA, according to the author, while trying to combat graymail, ensured that it reconciles "two often conflicting interests: the defendant's right to fair trial and the government's need to protect national security information involved in the trial."
   The current situation, in 2012, though is different and much stringent. According to "Free Speech Aboard the Leaky Ship of State: Calibrating First Amendment Protection for Leakers of Classified Information" written by Heidi Kitrosser from the University of Minnesota - Twin Cities - School of Law and published by the Journal of National Security Law & Policy, the "The Obama Administration has initiated six prosecutions of government employees for leaking classified information. This is double the number of prosecutions brought by all previous administrations combined. The rise in prosecutions, coupled with other developments – most notably a series of disclosures from the website wikileaks – has brought a renewed focus to the first amendment status of classified information and those who disseminate it."
   Bissonette will be thrilled to read The New York Times review and analysis of his book. The paper says that "The emphasis of his “No Easy Day,” written with Kevin Maurer, is not on spilling secrets. It is on explaining a SEAL’s rigorous mind-set and showing how that toughness is created."
   


Thursday, 22 March 2012

Data and Identity Theft: India Perspective (Part II)


Are Indian companies equipped to tackle data and identity theft from within the company as well as from external attacks? Read on...


"An employee is leaving and you’ve heard he is going to work for the competition or is setting up his own business to become the competition. You’ve worked for years to build up your business and can’t risk your competitors obtaining your valuable confidential information from this employee, " alerts Deloitte, one of the Big Four accounting firms, in an article posted on its web site titled "Theft of confidential Information."

The article has quoted a survey conducted by the Ponemon Institute -- a consultancy firm providing services to private and public sector organizations in consolidating their data protection and security practises -- that says "60% of exiting staff admitted to taking confidential company information with them when they left."

Such a revelation is likely to give employer companies the heebie-jeebies as there are multiple risks at stake in such cases. The Ernst & Young fraud survey -- Fraud & corporate governance: Changing paradigm in India -- found that companies were reluctant to take legal recourse against the exiting employee involved in the data theft owing to fear of collateral damage and the resultant loss of reputation of the company. Weak anti-fraud measures was the other reason, the report said, why companies were unwilling to step forward and press charges. The report did not say what were the weak measures, but summed up saying "Companies still rely on traditional anti-fraud measures."

Most of these companies -- 330 in IT services, 119 in ITES/BPO/KPO, 13 in telecom and 62 others -- are members of the Data Security Council of India (DSCI), a not-for-profit organization
that is responsible for promoting as well as developing data protection and security and privacy codes and standards. "While its immediate goal is to raise the level of security and privacy of IT and BPO service providers to assure their clients and other stakeholders that India is a secure destination for global sourcing, DSCI also promotes these best practises for domestic industry segments like Banking, Telecom and E- governance," is how the organization describes itself on its web site.

Although most of these companies seem to be equipped to tackle data and identity thefts by employees, little is known about their preparedness to stymie external attacks.

Two days ago, a report in the Times of India's web site appealed to individual and corporate internet users to beware of KhantastiC, a hacker belonging to the Pakistan Net Army.

"They attacked and defaced 31 government websites this year exposing the poor handling capacity of web servers by state government," the report said, referring to the attack reported from the state of Rajasthan.

The report did not say whether the crime involved data and identity theft, but warned that more than 70 % of government web sites were vulnerable to cyber attacks.

India's outsourcing industry is aiming at $225 billion in export and domestic revenues by 2020.
Currently, 80 % of its revenues come from US and European clients. However, the slowdown in these markets has prompted Indian companies to seek business from other emerging markets including China, Latin America, Russia and Africa.

Aiming for such voluminous business also means explosion of data its digital ecosystem will have to handle and PROTECT.

Part III of the series will delve into the data and identity theft experienced by companies in the United States and their government's preparedness.


Part IV will talk about how data and identity thieves are ensnaring personal information of children and how the governments -- in the United States and India - the oldest and the largest democracies in the world deal with it.


The author can be reached at francisadams2010@gmail.com and on +91 9916484564



Monday, 19 March 2012

Data and Identity Theft: Common, Growing Menace (Part I)


By Francis Adams

This is an attempt to dig into the nature and scope of data and identity theft. In the first of the four-part series, the writer delves on how the threat is affecting individuals and companies 

Inspite of unwavering vigilance and surveillance by both government and private watchdogs, backed by the use of advanced technology in stonewalling such incidence, data and identity theft in the United States and India -- the world's oldest and largest democracies -- are reported to be on the rise.

Ernst & Young, among the world's top four accounting firms, revealed in its ‘Fraud & Corporate Governance: Changing Paradigm in India’  report that data or information theft, along with IP infringement were among the top five frauds in the country. In the United States, a survey by California-based research company Javelin Strategy & Research, unraveled that about 11.6 million citizens were victims of identity theft in 2011, compared to 10.2 million the survey had revealed in the previous year.

Last week, the U.S. Immigration and Customs Enforcement homeland security agents and the Secret Service arrested 19 people operating in a transnational ring that involved data and identity theft of victims from Europe, the Middle East, Asia and the United States, prompting an official to dub it "Operation Open Market".

A Federal Bureau of Investigation report, on March 13, said six people pleaded guilty to charges of identity theft after they had attempted to defraud the United States by filing fake tax returns in the names of deceased taxpayers. The conspirators apparently sent the US Treasury checks obtained by fraudulent returns to co-conspirators in Ohio, who then sold and distributed them to businesses and banks.

Days after Ernst & Young released its fraud survey report has come Monday's news that two call centre staff in India were busted by undercover reporters from the United Kingdom while trying to sell critical personal information -- names, addresses, phone numbers and credit card details -- of millions of Britons for tuppence, or twopence or two Old British pence. The report claimed that the stolen data belonged to few of Britain's large financial companies and banks, such as NatWest and HSBC.

In its survey, Ernst & Young has revealed that besides the regular targets from the banking, non-banking financial companies, real estate and telecommunication sectors, an increasing number of data and identity theft cases have now emerged from companies in infrastructure, IT/ITes and consumer products.

"The motive of committing a fraud now has shifted from “need” to “greed” making the perpetrator perform fraud to support opulent lifestyle. A typical fraudster today is in his 30's, generally from the middle management of a company. He/she is ambitious and comfortable with technology, sitting at a remote location generally working in the procurement or sales departments of companies," said the report.

Javelin Strategy and Research, which uses a broad definition for identity theft, that is, "any time a transaction occurs using a victim’s name or account information without authorization", found that certain social media and mobile phone behaviors are also easy preys for identity thieves.

"Despite warnings that social networks are a great resource for fraudsters, consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity. Surprisingly those with public profiles (those visible to everyone) were more likely to expose this personal information. Specifically, 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name—­all are prime examples of personal information a company would use to verify your identity. Smartphone owners experience greater incidence of fraud—The survey found seven percent of smartphone owners were victims of identity fraud," the report said.

Edward John Maher, a fugitive from England was last month arrested and indicted by the United States Attorney for the Western District of Missouri for using a Social Security card, not issued lawfully in his name, as an identification document for employment verification, last year. The indictment also claimed that Maher used the identification knowing full well that it belonged to another person. "This charge is related to Maher’s alleged use of a Missouri driver’s license in the name of his brother, Michael Maher, on Oct. 12, 2011," according to an FBI report.

While protecting personal information on social media and on mobile phone is primarily the individual owner's responsibility, safeguarding customers' personal information lies on the head of the respective company. In the United States, many states, led by California in 2002, have enacted laws that put the burden of tackling identity theft cases on businesses. The law in California requires that companies inform customers when their Personally Identifiable Information or PII -- as it is used in information security -- have been stolen or compromised. Today, about 45 states and U.S. territories have put such a law in place.

"More and more companies are taking cognizance of the changing regulatory scenario. We are seeing an increased focus on corporate governance. Also companies are increasingly now taking proactive measures against fraud, bribery and corruption," the Ernst & Young report has noted about the scenario in India.

The author can be reached at francisadams2010@gmail.com and on +91 9916484564