Sunday, November 10, 2013

My new job...

I'm really happy to share that I've joined Headlines Today this month as a senior producer. Besides news anchoring, I'll also be producing stories and reporting every now and then for publications within the larger India Today family.

This feels a lot like going back home. I last worked just a few meters away at Business Today. More than the location though, I'm glad to find myself among familiar faces in the newsroom - friends whom I've worked with before at NewsX, and other friends who I have gotten to know over the past couple of years as colleagues at the Mediaplex.

All of them have helped make my transition back to television journalism a painless and exciting experience. I'm going to have a lot of fun working with them to bring you great stories. Keep in touch on twitter and on this blog and let me know how we're doing! 

Sunday, November 3, 2013

The Mars Orbiter Mission: The Journey Is The Reward


OK, let's cut to the chase. In less than 2 days, India is going to launch a space mission that aims to put a satellite in Mars orbit less than a year from now. Many ask why a third-world nation is investing $80 million to send a tiny spacecraft 400 million kilometers away? What could this possibly do to alleviate India's grinding poverty?

And those questions become even more pointed when they hear that a former ISRO director has all but called the mission a waste of time because it will hardly be able to perform any valuable scientific experiments.

It is true that ISRO's Mars Orbiter will carry a very tiny scientific payload to the red planet. Continued problems with India's GSLV rocket mean that ISRO has to rely on the less-powerful PSLV to take the orbiter into space. Less power means a smaller satellite.

So why then is ISRO going ahead with the mission if it won't be able to conduct much research when it arrives? There's an old cliche about the journey being the reward. In this case, it holds true.

If successful, Mangalyaan would equal a feat achieved only by the United States, Russia and the European Space Agency. They possess three of the most advanced scientific communities in human history. India could soon join them, and we would do it at a fraction of the cost. These are two hugely important milestones for the Indian scientific community.

The scientific and technological challenges involved in getting a spacecraft to orbit Mars are so great that half of all missions to the Red Planet have failed.

Getting the orbiter into interplanetary space by itself is no mean feat. Communicating with it across 4-7 minute long time delays, while  having it execute complex, minute maneuvers to enter and stay in Mars orbit requires planning, computing & commmunications capabilities that very few countries possess. And then comes the science. Any success with the scientific payloads would be a wonderful bonus, but getting these instruments to work is a secondary objective.

To succeed across all these steps, you need the very best rocket scientists, computer programmers, artificial intelligence experts, planetary geophysicists, radar and long-range communications engineers, physicists, chemists, material scientists, metallurgists and dozens of other specialists in many disciplines, working as one. If even one of them is not at the very top of their game, the mission could end in failure.

So yes, Mangalyaan is a long shot, but success would mean that India has acheived a level of cutting-edge scientific and technological capabilities previously present in only three scientific communities. It would become a fantastic case study and calling card for investing in India's high-tech industries and education.

Emily Lakdawalla, a scientist and blogger at the Planetary Society, addresses the question about funding space research while fighting poverty more directly:

"...there's an error in the question. It assumes that there is a fixed quantity of wealth in India, and that stopping investment in high-tech industry would mean more money for the poor. Wealth doesn't work that way; there is not a fixed quantity of it. The technology India is developing for this mission has direct commercial applications, generating economic activity that will increase the nation's overall wealth. And I think that backers of India's space program believe that achieving a successful mission to Mars would increase confidence in India's technological prowess and therefore the flow of investment money. To be seen in the company of the U.S. and China and Europe would have to stimulate such investment." 

You can read the rest of her excellent FAQ on Mangalyaan here.

Monday, October 14, 2013

Has India evolved its position on the NSA's spying?

This morning, India's IT Minister Kapil Sibal spoke at CyFy 2013, a cybersecurity conference organised by the Observer Research Foundation and FICCI.

During the Q&A round, Sibal was questioned once again about the interception/ theft of emails and data by the NSA from the Indian consulate in New York. He replied saying: "The Indian Embassy in New York is sovereign Indian territory. Data located there is in Indian territory." This comment followed another one he made earlier: "What is sovereign is not the power of data but the use of data... If it impacts India, then the jurisdiction should be India."

These two statements together suggest Kapil Sibal has significantly evolved his views on the NSA's spying. A few months ago, he had brushed aside questions about the NSA's spying saying, "this is not surveillance", since the NSA had only looked at "metadata" and not the actual content of emails.

(To be fair, that statement was in response to revelations about the NSA's PRISM program, which intercepted emails sent via Gmail. That said, Indian government staffers widely use Gmail for official work & the NSA knows this. Even knowing who is talking to who is in itself a major security threat as I explain in this piece.)

His new statements suggest the Indian government now views the NSA's actions as a violation of India's sovereignty. However, it also suggests the government has taken a realistic view of the incident: If the NSA spied on emails sent via Gmail, then the Indian government simply has no jurisdiction to act. Gmail afterall, is not subject to Indian laws.

However, the NSA didn't just intercept emails, it also stole data from computers located inside the consulate. I asked India's National Security Advisor Shivshankar Menon about this. I'm paraphrasing his reply: 'Look, everyone does this. But if you're going to stand in the middle of the street and shout at people, you can't complain that they are violating your privacy'.

This is another 'realist' statement. Menon isn't just saying that we can't really blame the NSA for doing what every spy agency is doing. He also seems to suggest that by trusting state secrets to Gmail servers or unsecured systems in the consulate, the fault lay with the Indian government.

This would explain why India recently announced a new email policy for its foreign service. Diplomats would now exclusively use NIC servers, which fall under Indian jurisdiction and laws.

At least publicly, the Snowden revelations seem to have taught India's government two lessons. First, there is nothing any government can do about the spying. Every country spies on its rivals. Second, it has learned that leaving sensitive information on servers outside Indian jurisdiction or on unprotected computers is a big no-no. Whether these lessons have been taken to heart will only be known by observing subsequent actions by New Delhi.

Tuesday, September 24, 2013

Living in '1984'

Scientists call it the 'Observer Effect'. It refers to the changes in a phenomenon caused merely by observing it. One good example of the Observer Effect in action is a thermometer. It absorbs heat from the air, causing the mercury in the tube to expand and tell us the temperature. However, by giving up some of its heat to the mercury, the air itself gets cooler - even if it's just by an infinitesimally small amount.

When you apply the Observer Effect to people, the changes are quite dramatic. Remember how we'd automatically straighten up and pipe down when the teacher walked into class? Notice how the office quietens when the boss walks in? You may not have been doing anything wrong, but your behaviour, your demeanour, your natural self changes.

Until this June, the world assumed only terrorists were being watched by the NSA. Today, thanks to Edward Snowden, we know the NSA snoops on every single piece of electronic communication of almost every person on the planet. Emails sent via Gmail, Yahoo and Hotmail are scanned. Phone conversations are monitored either through sweetheart deals with telecom companies around the world or by tapping directly into telephone exchanges and undersea cables. Text messages and faxes, IM chats and video calls are intercepted and scanned for suspicious content.

We're told this will keep us safe from terror attacks; that everyone needs to be watched because no one knows who the real terrorists are. That's why the State now treats all of us as potential terrorists.

 But at least the US has safeguards. We're told the Executive branch has designed the software with protocols to hunt only for potential terrorist activity. And in case the software fails, the US Legislature and Judiciary are there for backup. Encouragingly, a small group of US legislators is pushing for even more safeguards for this system.

That is the US. India too, is developing its own version of total surveillance called the 'Central Monitoring System', but our safeguards don't even come close. They are largely the prerogative of a single individual in the government - the Home Secretary. This is an office that's constantly wooed by promotions and post-retirement benefits or dreaded 'transfer postings'. Are we to assume our privacy is safe in the face of such influences?
 
What's worse is that despite some outcry against CMS, the government has so far not said one word about what privacy protections will be built into the system. It gets worse. In the US, the NSA and other intelligence agencies were created by law and are accountable to the Legislature and Judiciary for excesses or abuses. In India, the intelligence agencies that will operate CMS are accountable only to the Executive. They do no have to face Parliament or the Courts if they go beyond their mandate.

Let's go back to the Observer Effect. Remember how human beings changed their behaviour when they know they're being watched? Under CMS, we will live in a society where our most private conversations are no longer private. We must always remember that this system will operate in a country where people were arrested or harassed for drawing cartoons about politicians, for saying they don't like when a city is shut down following the death of a politician, and for writing books or creating art that offends others.

These are all crimes in a country where the social contract - our Constitution - declared in no uncertain terms that the State would "secure to all its citizens: liberty, of thought, expression, belief, faith and worship..." CMS rips apart the preamble of our Constitution.

Under CMS, imagine phone conversations between you and your wife, if you know someone is listening in. Imagine emails between you and your boss about a contract where the competitor is a government MP's firm. Imagine internet chats between you and friends where you discuss your strong dislike of a certain minister.

This is an excerpt from a Twitter conversation I had this morning with Nitin Pai of the Takshashila Institution. It is was led to this blog post. You can read the rest of it here.

Will your behaviour change under such total surveillance? Will you ever communicate naturally with friends and family again? Will you feel more free to express yourself?

If the answer is no, we need to start an open, robust debate about where we draw lines between privacy and security. Our social contract is gradually being redefined to deprive us of the same liberties our grandparents' generation fought long and hard to earn for us. If we do nothing to protect them, we will lose these liberties and in doing so, we will lose a large part of individuality.

Thursday, September 5, 2013

In the Beginning there was Raghuram Rajan


Inspired by The Book of Genesis.... and all those breathless headlines from this morning's papers. 

1:1 In the beginning Raghuram Rajan created confidence in the rupee and inclusive growth.
1:2 As the economy was without form, and void; and darkness was upon the face of the deep. And the signature of Rajan moved upon the face of all bank notes.
1:3 And Rajan said, Let there be financial stability: and there was financial stability.
1:4 And Rajan saw the financial stability, that it was good: and Rajan divided the stability from the chaos.
1:5 And Rajan called the stability growth, and the chaos he called recession. And the evening and the morning were the first day.
The end.


You see, God may have needed seven days to work his miracle, Raghuram Rajan - apparently - only needed one.


(And no, I don't have anything against Raghuram Rajan. Quite like him, actually. But the rest of us need to drink a very large mug of "Relax" and give him time). 

Tuesday, August 27, 2013

Plugging Leaks

The Government of India's new rules for email security may not be enough.

Anyone who has interacted even briefly with India's bureaucracy knows this: most babus rarely check their official email accounts. In fact, most Government of India businesscards display a webmail address such as Gmail, Hotmail or Yahoo at the bottom. This is true not just of individual officers, but of entire departments.

There are three reasons for this: ease of use, reliability and storage space. The problem is this doesn't just look unprofessional, it's also a major security risk. This summer Britain's Guardian newspaper revealed a global email snooping program by the US National Security Agency. PRISM gave the NSA backdoor access to the very email servers used by India's babus and diplomats around the world.

Imagine if a certain neighbour intercepts sensitive defence plans forwarded by the MoD; or if talking points for New Delhi's diplomats in Afghanistan are accessed by rival governments looking to upstage India there.

To guard against such snooping, India's IT minister Kapil Sibalannounced new email security measures last week. India's missions abroad would be the first to implement these. The measures include the use of virtual private networks (VPNs) and one-time-passwords (OTPs). And there would be no more Gmail and Hotmail – only email from the National Informatics Centre (NIC). Unfortunately, if these are the only security measures planned, the government's official communications are still far from safe.

For secure communication, you need to lock down three separate stages. First, at the end points – the computers from which the emails are sent and read. Second, 'data in transit' – that is the cables and networks along which an email is transported between computers and servers. And finally, 'data at rest' – while it sits on the server in your mailbox.

The first of Sibal's measures – VPNs – protects data in transit. VPNs use a program to create an encrypted and protected connection between a user's PC and the server. This protects data from being intercepted while on the move. Many companies already use VPNs to securely connect employees working in remote locations to their corporate servers. However, once the data reaches its destination, it relies on server-side security to stay safe.

The second measure – OTPs – offer limited protection for data at rest. Anyone who uses internet banking has had some experience with OTPs. Each time you want to sign in, the server generates a new password using complex algorithms and sends it to your mobile phone. Each password can only by used once, hence the name. This eliminates the need to remember passwords, which can be guessed by hackers. At best, OTPs prevent someone from logging into specific email accounts. However, a hacker who has backdoor access to the server (like the NSA does through PRISM) can still easily read your emails.

That's where the third measure comes in – official NIC emails. The problem is NIC servers have become something of a joke. They are routinely hacked and data stored on them – including emails – has been stolen or modified. Government websites hosted on NIC servers are regularly defaced. Sachin Pilot, India's junior IT minister told Parliament last year that as many as 270 government websites had been defaced between January and July. By comparison, 308 government websites were defaced over the entire 12 month period the year before. Hacking NIC servers has now become a rite of passage for so-called 'script kiddies' – young hackers who are looking to prove their mettle.

In short, NIC server security needs to be vastly improved if the government wants its emails to be stored safely. You can be rest assured the NSA and other advanced adversaries such as China and Pakistan are probably already planting bugs to siphon out emails.

The two most reliable ways of defeating threats to 'data at rest' are stronger server security and email encryption. This way, even if someone gets past the improved security, the encryption will make the emails unreadable. While there are many tools to implement both steps effectively – both free and paid for - none were found in Sibal's plans.

Most importantly though, I saw no mention of the most important part of communications security, the end-points. If the sender's and receiver's computers are compromised or if they follow unsafe practices, no amount of security for data in transit and at rest will help.

Government offices are highly irregular with patching their computers with virus and security updates. Just last year, suspected Chinese hackers compromised as many as 12,000 government email accounts by sending them infected documents. These viruses can do anything from sweeping the computer for sensitive data and uploading it to the hacker's servers, to logging every keystroke so the hacker knows what's being typed. This way, even before you can encrypt and send your email or documents, the hacker already knows its contents.

That's why user awareness is the most important aspect of data security. Without it, even the most technically-advanced security measures are useless. The Indian government wants to train 500,000 IT security professionals over the next five years. I'd wager that it would get more benefits by first training current employees to use their computers more safely.

Monday, July 29, 2013

Will CMS Really Stop Terrorists?

(This piece first appeared on Firstpost.com)  

The Indian government plans to spend $132 million on setting up its brand new Central Monitoring System this year. Several articles have raised valid questions about privacy violations, including this one by Danish Raza. Elsewhere, Pranesh Prakash has raised important points about how CMS may actually violate several laws and at least one Supreme Court verdict.

I ask a much more basic question: will CMS work? Can it really help security agencies eavesdrop on criminals and terrorists, despite several known technical hurdles?

Encryption
In 2008, a prominent Brazilian banker and investor named Daniel Dantas was arrested and charged with money laundering and tax evasion along with a former mayor of Sao Paulo. For five months, the Brazilian National Institute of Criminology tried to read the contents of his hard drive but failed to crack it. Dantas had encrypted his data using a free program called Truecrypt. The INC sent the hard drive to the FBI in the US, which spent a whole year trying to crack it; it too failed. Dantas’s use of encryption likely helped him escape the money laundering and tax evasion charges. He was ultimately convicted of attempting to bribe a police officer.

This story illustrates a fundamental loophole at the heart of CMS. A criminal, using free and easy-to-use software, can protect his data from even the most advanced surveillance tools available in law enforcement. NSA whistle blower Edward Snowden himself used encrypted email to communicate with journalists at the Guardian. In an online chat where he took questions from the public, Snowden noted that encryption was “one of the few things that you can rely on” to protect you from the eavesdropping behemoth created of the NSA.

It should hardly be surprising then, that terror groups have been encrypting their emails and data for at least the last five years. In fact Al Qaeda developed its own encryption software called ‘Mujahideen Secrets’, to encrypt emails, chat sessions and files. Version two of Mujahideen Secrets even included a tool to delete files securely so that they could not be recovered using special software if the computer was captured. Al Qaeda’s links to several terror groups operating in India has been widely reported in the past. It is not inconceivable that they have shared their encryption software with their comrades-in-arms.

Over the years it has become easier to encrypt one’s communication. YouTube tutorials train even novice users to set up email encryption within minutes. Phone calls, text messages and online chats can also be encrypted with free, easy-to-install apps.

The biggest problem with encryption is that it is virtually impossible to break the code in a time frame that’s useful for law-enforcement purposes. Without getting too technical, modern encryption relies calculating the prime factors of very, very large integers. In 2009, a group of some of the world’s best-known mathematicians and cryptographers reported that it took them four years to factor a 768-bit integer. They estimated it would take 1,000 times longer to factorise a 1024-bit integer. GPG, which is the most widely-used email encryption software, allows users up to 4096-bit encryption. Unless you have the password to the encrypted files, it would take you a very long time to crack the encryption.

Here’s an example to help you understand why encryption makes CMS redundant. Let’s say the system intercepts an encrypted email sent by a LeT handler in Karachi to a sleeper cell in Mumbai. The email contains instructions to detonate a bomb in a specific market at a specific time four days from now. Even if India’s intelligence agencies managed to link up every computer they had available to process the encryption, they would still not be able to crack it in time to learn the details and stop the attack.

What about ‘Metadata’?
It should be noted that encryption only protects the body of the email. The metadata, including the sender’s and receiver’s email addresses remain unencrypted, else the service provider would be unable to send the email to its destination. Law enforcement agencies often partner with email providers to track down the exact computer on which tell-tale emails were read.

However, this method of tracing criminals has a limitation. Programs such as TOR and Hotspot Shield disguise the IP address of a user’s PC. For example, when I use TOR, Facebook will often ask me to confirm my identity as it sees me as logging in from an unfamiliar location. TOR has thousands of servers around the world through which it bounces your data before sending it to its destination.
There is another limitation to using metadata. Due to obvious legal hurdles, CMS will only be deployed to capture communication within India. If terrorists were planning an attack from elsewhere in India’s neighbourhood (as happened with 26/11), we would have to rely on that country’s intelligence services for an alert. Good luck with that!

To make untraceable phone calls, terrorists have been known to use “burner” phones. These are pre-paid phones that are easily available in the US and other countries that do not require an ID for such mobile connections. They can be topped up using cash, which makes their prolonged using even more untraceable.

Even if CMS allowed spooks to listen to these calls, it would not be able to tell who was talking to whom. From details that emerged following the Abbottabad operation that killed Osama bin Laden, we also know that terrorists have been trained to turn off their phones and remove the battery to prevent being tracked even while not on a call.

So what is CMS good for?
If terrorist communications can easily be hidden from CMS, you have to wonder why the government is going through all the effort and expense to set up such a system. What good can come off the mass hoovering of data of ordinary citizens’?

Imagine if CMS intercepted a ‘BBM chat’ between two businessmen, who were discussing a contract that could affect the business interests of a government MP.

Imagine the government getting access to emails exchanged between a journalist and a source in the IAS who wants to expose a major corruption scandal involving a cabinet minister.

Imagine if the government had access to phone calls between two opposition politicians discussing election strategies.

What if CMS tracks a PhD candidate who is researching Naxal terror and has downloaded Naxal pamphlets? What if this researcher has been able to establish contact with Naxals for an interview. Can the government use such data to charge him with participating in a Naxal conspiracy, even if his only intention was to research their motivations? In a country where chief ministers label their critics as “Naxals” for merely raising questions, are we certain we want such unmitigated power in the government’s hands?

These are all questions well worth asking, especially since the ostensible reason for setting up the CMS—monitoring terrorists and criminals—is a fool’s errand at best. 

Thursday, June 20, 2013

Spare our Constitution, professor!

Professor Saswati Sarkar's opinion piece at NitiCentral about the Ishrat Jehan killing has created a bit of debate. The arguments presented however, are riddled with self-contradictions and flawed assumptions. 

The heart of her piece is a demand that security forces should be allowed to stage encounters to kill terror suspects, including Indian citizens, without a trial.

Why does Prof Sarkar believe that staging encounters is better than a fair trial? Here's her reasoning in her own words: 
1. "The police could surely have arrested the terrorists and produced them in court. In due course, they would be sentenced to jail terms and our consciences satisfied. Not quite, since before the act is perpetrated, the law enforcers rarely have evidences that would stand legal scrutiny."
AND

2. "Corroboration  of the intelligence input in a court of law would violate the anonymity the sources deserve."


Let's look at her second assertion first: a trial in court "would violate the anonymity the sources deserve". 

First, intelligence doesn't only come from human sources. In fact, in the Ishrat Jehan case, which Prof Sarkar bases her entire piece on, information about the planned terror attack came from intercepts of the LeT's communications. This has been stated by none other than Rajinder Kumar, a senior intelligence bureau officer, whose questioning by the CBI has left Prof Sarkar 'troubled'. 
Second, even if the intercepts came from a human source within the LeT, the anonymity of that source can easily be protected by holding an in-camera trial. In fact, closed-door trials have been used in the past in Indian terror-related cases. Most notably, three senior NSG commandos were allowed to depose in-camera during the 26/11 trial to protect the techniques and skills used by them to eliminate the terrorists. There is simply no reason to assume (as Prof Sarkar has) that this protection won't be extended to future terror cases, particularly when it comes to sensitive techniques and sources. 

Now let's look at Prof. Sarkar's first assumption - that law enforcement authorities would "rarely have evidences that would stand legal scrutiny". This is by far the most bizarre and troubling assumption she makes. So let me say this as clearly as I possibly can. 

If, as you say, dear professor, the evidence won't stand up to legal scrutiny, how can you even think about labelling any person, much less a citizen of India, guilty AND have them executed in a staged encounter?! 

So why should we worry about legalities? For starters, the right to a fair trial is guaranteed by the Constitution (and the Code of Criminal Procedure and that pesky Universal Declaration of Human Rights, which India was among the first to ratify). 

But let's not be moralistic in our approach. Here's a more pragmatic concern for pro-'encounter' hawks on the Right. What if a "secular" government one day declared that it had discovered a plot by a "Hindu terror" outfit, and had eliminated its members after utilising the same "checks and balances" that Prof Sarkar prescribes? In fact, what if this was the fate that befell Sadhvi Pragya, who stands accused of one such terror plot? 

How would we know the truth behind the allegations? Would we simply have to take every government's word at face value? Would you be comfortable knowing that tomorrow, any government - BJP, Congress, or otherwise - can drum up terrorism charges against an individual and have them executed without a fair trial?

Prof. Sarkar's prescription also severely undermines a principle of jurisprudence that has, for good reason, been held sacrosanct for centuries: the presumption of innocence. In 2011, the Supreme Court of India held that this is akin to a human right. “It is equally well-settled that suspicion, howsoever, strong can never take the place of proof,” said a bench headed by Justice Dalveer Bhandari.

Prof. Sarkar's tailpiece is also interesting because it raises the oft-repeated canard that there have been no terror attacks directed at the US since 9/11. Perhaps she forgets what happened in Boston. Or what happened on NWA Flight 253, or AA Flight 63 or at Fort Hood or at Times Square, New York. Two of those attacks succeeded. The three that failed had more to do with the incompetence of the would-be terrorists than any action by security agencies to stop them. At any rate, all the attackers were arrested and tried and sentenced. None were executed in a staged encounter like the kinds Prof Sarkar would like to see legalised.

Of course, it would be wrong to suggest that the US has not been far safer than India since 9/11. Primarily, this is because America has decimated the ranks of terrorists leaders and forced others to go underground, making it nearly impossible for them to coordinate large-scale attacks. The result is the lone-wolf attacks like the ones I noted above, the recent murder of a British solider on the streets of London, and the attempted murder of a French solider in Paris just days later.

In response to this point, Prof. Sarkar mentions the killing of Osama bin Laden by US forces in Pakistan. This is a terrible analogy for three reasons. 

One, unlike an Ishrat Jehan (or, heavens forbid, a Sadhvi Pragya), Osama bin Laden was not a citizen of the country he had attacked. He was a foreign terror leader actively engaged in a 'non-state' war against the United States. In fact, the Obama Administration faced a legal challenge in the one case in which it knowingly executed a US citizen without a trial.
Two, bin Laden has claimed direct responsibility for attacks that have killed dozens of US citizens, including the 2000 bombing of the USS Cole in Yemen and the 1998 bombings of US embassies in Tanzania and Kenya. 
Three, bin Laden continued to call for and support acts of terrorism carried out against US citizens, remaining a persistent threat. 

A more apt analogy for bin Laden would be Hafiz Saeed. However, the reasons why India cannot carry out a drone campaign or send special forces teams into Pakistan are well understood. 

Prof Sarkar would do well to re-examine the assumptions she makes in the construction of her arguments. As for her 'cure', as I have noted, it may well be worse than the disease. 


UPDATE:
I felt I should add what I believe would close some of the legal loopholes that Prof Sarkar is afraid of with the current system. 

 Certainly, India could use special anti-terror courts. These could have the resources and capacity to rapidly try and sentence terror suspects. Judges and lawyers who work there could receive special training on things such such as terror financing laws, international anti-terror treaties, and they should have an inclination towards security matters. For example, the judges would be sympathetic towards an in-camera trial when intelligence sources are discussed. I think that would make Prof. Sarkar happy as well.

Flooded With Insecurity


This week's floods in North India have once again highlighted the inability of our civilian administration to cope with disasters. Each time, the military gets called out to rescue stranded civilians and repair broken roads and bridges. Of course, the Indian military isn't unique in this regard. From China to the US, armed forces are ordered to assist civilian authorities during major natural disasters. We saw this with the Sichuan earthquake and during Hurricane Katrina.

But in India, the military has become our default option for disasters great and small, when it should be no more than a back-up. This seriously undermines military readiness, because we have now established a predictable pattern, which can be exploited by the enemy. 

Here is an entirely plausible scenario based on events that have occurred in the past.

The People's Liberation Army is planning an assault to capture Arunachal Pradesh. However, India's two new mountain divisions in the region are a major roadblock. It needs to somehow distract their attention and limit their ability to respond before the assault so that it can march past the border unhindered.
It coincides a major theatre-level "training" operation in Tibet with the rainy season. This allows it to move troops into the region without much suspicion. As the rains fall, the dams that China has been building along its section of the Brahmaputra are filled to bursting point, it begins to open the flood gates. The floodwaters hit Arunachal Pradesh and Assam, washing away villages as well as vital roads and bridges that connect forward areas of the state. 
With no information on what's causing the flooding, the Indian government orders to army to begin relief operations. Entire battalions are called away from their bases to find survivors and rebuild broken transport links. Indian force levels protecting this front are diminished and the PLA begins its assault.

The above situation is not entirely imaginary. In June 2000, the Brahmaputra river burst its banks causing flash floods in Arunachal Pradesh. (http://news.bbc.co.uk/2/hi/south_asia/867657.stm) 20,000 homes were destroyed and ten people were killed. The flooding washed away villages, roads and bridges, cutting off entire districts. The army and air force were ordered to mount rescue operations in difficult terrain to reach the survivors.

Regions affected by the June 2000 flash-floods are highlighted in pink. (Courtesy: NASA Earth Observatory)

Initially, there was little information about what caused the flooding. One month later, it became clear. An AFP report quoted a Chinese official who confirmed that the floodsoccured after a natural dam in Tibet burst. The official worked for the Water Resources Department of the Tibet Autonomous Region government in Lhasa.

That August, the Indian army asked the Defence Ministry to take up the matter with Beijing. This excerpt is from a Rediff report of the incident:
“Army officials suspect that the Peoples Liberation Army of China may have blasted the dam to experiment the impact of flash floods in the sensitive north-east and to study the damage such a flood may cause on the Indian side.”

To make matters worse, Beijing did not inform Indian authorities about the dam breach, nor did it allow the incident to be reported by Chinese media. India was caught unawares as the water rushed towards villages in the north-east.

China is currently building 39 dams of varying sizes along the Brahmaputra and its tributaries in Tibet. Ostensibly these are for its water and power projects. India and China have not signed any river treaties, although they have created a joint-working group to share data on the Brahmaputra. 

That said, China's lack of transparency about its riparian plans in thisregion doesn't seem to be going away any time soon. This has led to grave concern in the Arunachal government.

The solutions of course are quite obvious. The National Disaster Response Force needs to get more men, training and equipment. Also, instead of regular army units, which should be manning the front, the government could train and involve the Territorial Army much more in disaster relief operations. The main military force should be a fall-back option at all times in such situations. Unfortunately, by making it the default option, we have severely affected our military preparedness.

Saturday, June 8, 2013

A Dangerous New Era of Cyber War

In November 2012, Barack Obama signed into effect "Presidential Policy Directive/ PPD-20". The name makes the document sound bland. Its contents are anything but. Through PPD-20, President Obama tasked a host of US government agencies to be prepared to hack into other countries' computer systems and defend the US from the same.

The breadth of operations defined in PPD-20 is breathtaking. Sample this passage from the document leaked to the Guardian:
"The Secretary of Defense, the [Director of National Intelligence], and the Director of the CIA in coordination with the [Attorney General], the Secretaries of State and Homeland Security, and relevant [intelligence community] and sector-specific agencies shall prepare for approval by the President through the National Security Advisor a plan that identifies potential systems, processes, and infrastructure against which the United States should establish and maintain [Offensive Cyber Effect Operations] capabilities; proposes circumstances under which OCEO might be used, and proposes necessary resources and steps that would be needed for implementation, review, and updates as U.S. national security needs change."
President Obama had ordered his team to draw up a hit-list of cyber targets in foreign countries and develop tools to hack into them, manipulate them, steal their data or destroy them.

This plan has already been put into action. In fact, PPD-20 even required the principals mentioned above to provide an update of their work six months after the directive was approved. Here's what we know has happened since November 2012.

This April, Reuters reported that the US Air Force had designated six cyber tools as 'weapons'. The report quotes Lt. Gen. John Hyten, vice commander of the US's Space Command, which oversees satellite and cyberspace operations. Hyten says the decision to designate certain cyber tools as weapons would help ensure funding. "It's very, very hard to compete for resources ... You have to be able to make that case," he said.

One month later, Reuters (again) reported that the US government had become the world's largest buyer of particularly dangerous cyber tools known as 'Zero Days'. Zero Days help hackers infiltrate a target system by exploiting flaws even the system's developer doesn't know exist. Such an attack gives the victim 'zero days' time to fix the flaw, hence the term. The reason Zero Days are particularly dangerous is they can even get past fully-updated anti-virus software and operating systems, since the flaw that allows them to get in is unknown to everyone except the attacker.

Not surprisingly, hackers who specialise in finding 'Zero Days' are highly skilled and their work does not come cheap. Reuters estimates that the starting rate to buy a zero-day is around $50,000. It adds that the price depends on how widely installed the targeted software is and how long the zero-day is expected to remain exclusive. One former executive at a defense contractor that bought 'Zero Days' from independent hackers and turned them into exploits for government use told Reuters his "job was to have 25 zero-days on a USB stick, ready to go".

If I were to summarise the Guardian and Reuters stories, here's what I'd say. In November, the US President ordered his administration to create hit-lists of foreign cyber assets that will be targeted, should the need arise. By April, the US Air Force, had identified six cyber tools as weapons. This would give it the necessary funds for their development or to purchase them from independent developers. One of the tools is very likely the aforementioned 'Zero Day', which the US is stockpiling in the event it needs to infiltrate a virus on an enemy computer system.

Other tools could include viruses that turn on your PC's microphone and camera to record what is going on and send it back to the attackers. Or viruses that steal information of your hard drive. Or, as was the case with the Stuxnet virus, destroy centrifuges at an Iranian nuclear facility. Unfortunately, Stuxnet also spread to 100,000 computers around the world thanks to a programming flaw (Thankfully, it would only work if it found the highly specific configuration, located only at Natanz).

Imagine if Stuxnet worked on every computer it infiltrated. There would be global chaos. And this where it gets really worrying. We now know that the Obama Administration had ordered the deployment of Stuxnet without a policy framework such as PPD-20 in place. PPD-20 lists several safeguards, including the prescription to hold back if there are "significant consequences" to a US-initiated cyber attack.

Still, it muddies the waters ahead of this weekend's "informal" summit between President Obama and his Chinese counterpart Xi Jingping in California. The US has been a voluble critic of China, whose military it accuses of rampant hacks against US systems. China has accused the US of the same. That's why cybersecurity is one of the main focuses of the Obama-Xi meeting.

The interconnectedness of the Internet means a virus directed against one system could potentially take down 5 others if its coding is not precise. That is why we need an agreement between governments about limits to cyber offensives. Perhaps we may not end up with a treaty on the lines of the ban on Chemical Weapons. At the very least, we need a gentleman's agreement.

Certainly purely civilian infrastructure should be off limits. This includes health and emergency services and food and water supplies. It may even be worthwhile to consider exchanging information about such networks and infrastructure (such as satellites) that enable these services so they can be specifically excluded from cyber attacks.

Perhaps the conversation will shift away from the usual trading of accusations to something far more useful. Thankfully, both the United States and China seem eager to hold such a dialogue. But they shouldn't be the only ones at the table.

Last year, the Indian Prime Minister, much like President Obama, designated two agencies to carry out offensive cyber operations. A team of international researchers believes they uncovered one such Indian operation recently. While the researchers did not specifically blame the Indian government, it is not known whether India has a policy framework to guide its cyber offensive actions, like PPD-20.

At least half a dozen other countries have the resources and talent to launch debilitating cyber operations abroad. This pool is expanding rapidly. That's why every country needs to be at the table when it comes to limiting the fallout of a cyber war.

But state-sponsored hacking isn't the only threat. Independent hackers, the non-state actors of the cyber world, can sit anywhere. Most operate within or on behalf of criminal syndicates. But nothing prevents them from selling their work to terrorist groups.

Identifying such individuals is notoriously hard because they bounce their traffic off multiple servers around the world. Tracing these signals to their origin goes through a minefield of legal jurisdictions. Here, it is extremely important to have a global framework to quickly identify and prosecute such individuals and limit their harm.

The time for all these discussions is now. 

Wednesday, April 24, 2013

Why the Dragon Baits the Tiger

China's neighbours are bearing the brunt of its worsening internal challenges, but there is a solution.

This latest incursion at Daulat Beg Oldi is not unique. There have been at least 600 such incidents since 2010. Every previous incursion was resolved by talking ourselves down from a stand off or with PLA troops simply leaving the area. There's no reason to assume this incident will end any differently.

But why do Chinese troops keep crossing the LAC? It boils down to one word: legitimacy. The Chinese government - actually, the Communist Party (they are technically different entities) - has expertly positioned itself as the only guarantor of its citizens' well-being. To maintain legitimacy and avoid its own demise, it needs to continue being seen as just such a guarantor. To be fair, the Party has delivered extraordinary economic growth, reducing China's poverty rate from 85% in 1981 to 15% in 2005.

This unfettered growth has brought its own challenges. Among them, a huge gap between rich and poor, debilitating pollution that is now the leading cause of social unrest, and clashes with between the State and ethnic minorities. Official figures for "mass incidents" or unrest grew from 8,709 in 1993 to 87,000 in 2005. These are official figures, so the actual number is likely higher. Then came the very public embarrassment from the Bo Xilai scandal, which severely damaged the Party's already worn reputation. In short, the Party has lost 'face'. It now greatly fears a threat to its legitimacy. 

As a sort of insurance policy for its own survival, the Party has spent more on internal security than military expenditure for three years running. For added insurance, it is simultaneously distracting its citizens from the many problems within the country, by making outsiders take some of the flak

The South China Sea dispute with the Philippines and Vietnam is back on the front pages. Japanese and South Korean businesses have faced increased hostility from Chinese consumers. Taiwan remains a sore point. And there's India - the only land-based border dispute that Beijing has not yet settled. Most of these neighbours have seen an increase in aggression that has coincided with growing China's internal unrest. The U.S's very loud 'pivot to Asia', which was partially a response to growing Chinese aggression, has only added to this sense of encirclement.

This raises an interesting question: how do you deal with someone who wants to demonise you, just so they can distract from their own problems?

Let's start with the immediate problem - the incursions. The one thing India does not want to do is to play Beijing's game. Beijing wouldn't mind a fight right now. This would rally China's citizens behind the Party. The goal, remember, is not the fight itself, which the PLA will likely win thanks to superior logistics. It is for the Party to have the unquestioning support of its citizens. India, at any rate, cannot afford a conflict right now. The best solution is to talk and defuse such provocations. This has happened 600 times before and will continue to happen in the future. The media should avoid conflating such obvious distractions with the real problems identified above. 
 
That said, there is no harm in enhancing India's ability to respond to a potential conflict. The stationing of new military units along the LAC is a strong signal that New Delhi is prepared to defend its territory. This conventional deterrence bolstered by the existing nuclear deterrent, will ward off more serious land-grabbing attempts. 

Another strong signal would be the strengthening of ties with China's other neighbours such as Japan, South Korea, Vietnam, the Philippines and Taiwan. The message to China's strategic community from this is that continuing such tactics would only alienate Beijing further. In fact, such ties should not only include military exercises but also partnerships in the fields of science and technology, agriculture, trade and investment. The wider the basket of benefits for good behaviour, the greater will be Beijing's perceived alienation for its bad behaviour. MEA officials and observers in the strategic community indicate that the New Delhi is doing exactly this. Perhaps its public messaging could do with improvement.

--------------------------------------------------------------------------------------------------------------------------------

Of course there are covert means to discourage China from a fight, but I would leave these to the imagination of conspiracy theorists and the capable hands of more competent individuals. Finally, for anyone looking for more perspective, do read Lt. General Panag's excellent primer on the standoff.

UPDATE: I'd like to add a link to another post by Brigadier Gurmeet Kanwal, distinguished fellow at SAISA (an earlier version of this post incorrectly stated he worked at CLAWS. He is no longer with the organization). He explains that another reason for the timing of these incursions is that China is in a position of relative strength. So, it is looking to gain as much ground before India can develop enough of a conventional deterrent to pre-empt future incursions.

Saturday, March 23, 2013

Fog of War: Italian Marines

The made-for-television jingoism surrounding the Italian marines case has made dispassionate analysis of what went wrong nearly impossible. Anyway, here's my theory of how and why two Indian fishermen ended up dead on February 15 2012. 

Much of what happened can be traced back to an anti-piracy manual released nearly two years earlier. The document is titled "Best Management Practice 3: Piracy off the Coast of Somalia and Arabian Sea Area". It was published in June 2010 by an international consortium of merchant shipping organisations and federations. Insiders call it 'BMP3' for short. Among other things, the manual plotted 'high risk areas' for piracy, gave advice on identifying a potential pirate vessel and what to do during a pirate attack.

Let's start with its definition of a 'High Risk Area'. Before BMP3 came out, merchant ships followed guidelines set by BMP2 (released in 2009). BMP2 advised vessels to inform maritime security authorities 4-5 days before they entered the HRA. In 2009, this was defined as an "area bound by 12 degrees North or 58 degrees East or 10 degrees South" (yellow on map below).

In 2010, in Section 2.3, BMP3 updated the HRA to include an area "bounded by Suez to the North, 10°S and 78°E". The significant extension of the HRA is seen in the red area on the map. 
 

View High Risk Area for Somali Piracy in a larger map or zoom out for a better view.



Merchant vessels were now forced to sail right up to Indian territorial waters to avoid the expanded HRA. In doing so they would often encounter Indian fishing vessels. 
 
On February 15 2012, at the time of the fatal shooting, the Enrica Lexie was roughly 22.5 nautical miles off the Indian coast. This falls within the HRA as updated by BMP3 (and its successor, BMP4, published in 2011). 

Now that we know why the Enrica Lexie was sailing so close to India, let's examine why the Marines on board had their fingers on the trigger. Here's what BMP3 says about the nature of pirate attacks:
- Pirates typically attack using two or more skiffs (Section 4.1)
- Pirate attacks increase following the release of hostages or after bad weather when pirates are unable to sail. (Section 3.6)

Given this context, let's look at other regional events that occurred before the shooting: 
- The Indian Coast Guard and Navy had arrested pirates operating near the coast a whole year before this. In short, the extension of the HRA in BMP3 was perfectly valid.
 - Roughly three weeks before the shooting, on 25 January, US Navy SEALS killed 9 pirates during the rescue of two western hostages in Somalia. Merchant ships would have been wary of their comrades wanting to make up for the lost ransom money or those wanting to avenge their deaths.
 - Five days before the shooting, on February 10, Somali pirates seized the Free Goddess, a bulk carrier. One report of that hijacking notes that weather conditions were "improving", and that pirates were "leaving the coast in greater numbers". The same report notes that having armed security teams on board and implementing the BMP had deterred most attacks. 
Any merchant ship passing through the HRA that night would have been on high alert.
  
The courts now need to decide whether the Italian marines operated within the rules of engagement. If they opened fire without a warning, they should be held accountable for the deaths. If sentenced to prison, it would not be unprecedented for them to serve their jail term back home. However, given all the context, as far as I am concerned, February 15 2012 was a tragedy waiting to happen. 

I'll end this post with two thoughts:
1. The Indian government is now petitioning international authorities to have the 'High Risk Area' pushed out to 65 deg East. This will mean fewer merchant vessels sailing through areas where Indian fishermen operate. However, Somali pirates do not heed international law. Allowing ships to drop their guard in places where the pirates still operate may prove unwise. This threat affects not just human security but global commerce. The correct response would be to increase ship and air patrols in the region. UPDATE: It would also be prudent to create standard operating procedures for fishing boats when they encounter merchant vessels. These could include a range of measures such as warning lights/flags, moving out of the path of larger ships, knowing and using the appropriate response to warning signals from ship crews, etc.

2. There is some precedent when it comes to soldiers harming foreign civilians while serving abroad in peace time. 

- In 1998, a US Marine Corps jet severed a cable car line in Italy, sending 20 people falling to their deaths. The jet was flying out of Italy's Aviano Air Base, a NATO station. The pilots faced a military trial back home. They were found 'not guilty' for involuntary manslaughter, but guilty on charges of 'obstruction of justice' and 'conduct unbecoming of an officer' as they had destroyed video evidence from the flight. Both were dismissed from service (hat-tip Kabir Taneja).

- In 2001, a US spy plane collided with a Chinese fighter jet sent to intercept it off Hainan Island, killing the latter's pilot. A second Chinese jet forced the spy plane to land, following which the PLA detained the 24 US crew members. They were released 10 days later - without charges - after diplomats worked on a face-saving solution. 

- Closer to home, Indian soldiers were indicted for sexual misconduct while serving as UN peacekeepers in Congo. The army took disciplinary action against one jawan, while three other men, including a major, were accuses of failing to retain control of their men. None of the soldiers stood trial in Congo. All of them (many more were investigated) faced a court of inquiry back in India. (hat-tip Jaskirat Singh Bawa).

The point of highlighting these cases is to show that such incidents are not uncommon. Thankfully, calmer heads have prevailed in this case too. Let's hope they continue to do so.

Thursday, March 14, 2013

What if a Parsi were PM?

If you were ever curious, this is the sort of stuff Parsis forward to each other to have a laugh. Boy, am I proud to belong (at least in part) to a community that laughs this much at itself!

UPDATE: Someone I met requested that I make it clearer, since "this is the sort of stuff Parsis forward to each other" is vague. I have not written this piece. It was forwarded to me by an uncle. If anyone knows who the original author is please let me know and I'll happily add credit.

What if a Parsi were PM? 

Stop laughing. This is a very serious fantasy. 

There would be a Ministry Of Dhansakh. This would be known officially as the Ministry Of Diplomacy of course, serving up cauldrons of the good stuff to leaders of other countries.  Naturally, once they were stuffed senseless, they would sign treaties that benefitted the country immensely.

All car & bike owners who didn’t maintain their cars and bikes in an impeccable manner, would be summarily shot at dawn. Their vehicles would then be auctioned off, to find a home where they would be loved and taken care of, for the next hundred years.
Parliament would be home to some very un-parliamentary language. ‘Bhosri no’, ‘choothyo’, ‘bhangi’ and ‘lauro saalo’ would have to be explained to the translators of visiting dignitaries well in advance as being mere expressions of warmth and welcome. This would avoid anyone starting a nuclear war. 

Additionally, the PM would have to undergo sensitivity training to avoid calling President Obama, ‘te kaaro saalo’. This would also, it is hoped, avoid a nuclear war being started. Liquor companies would have to recalibrate their bottles, to account for Parsi Peg measures. Egg farmers would laugh all the way to the bank as the country discovered the glory of  ‘everything par eeda’. Life Insurance companies would moan about skyrocketing cholesterol levels, but such is life.

The national airline would be handed back to the Tatas. This would mean Air India would have hot bawi airhostesses with names like Roxane and Persis, instead of the current matronly, grumpy brigade in the sky. Accompanying them would be gay bawa pursers with names like Ronnie and Tempton. In-flight magazines would also have to explain to foreigners flying on board that, ‘kem che madarchod?’ is but the Captain’s friendly welcome as you enter the aircraft.

The suburbs of most cities would be bombed, razed and rebuilt, like baugs. This would allow non-parsis the right to host inter-baug games and give old men across the country, the right theyhad hitherto not enjoyed, to legitimately stare lasciviously at young girls thumping volleyballs across nets well into the night. The price of pacemakers would plummet, given their rising demand.
Our PM would know when to clap, if any symphony orchestra visited the country. He, or she, would also clap people into jail with a zero-tolerance attitude for corruption. The Army, Navy & Air Force Chiefs of Staff would have to deal with a boss who’d be even more finicky than them, about maintaining their tanks, ships & planes. Who knows how many Court Martials may occur for a spot of oil on a tarmac that ought not to have been there.

There’d be a permanent solution to Pakistan, Kashmir & Ayodhya. The first would be invaded and rejoined with our country, the second won over through Dhansakh Diplomacy and the third would be the disputed site being handed over to Zoroastrian Priests, to keep the peace between the two main communities as an amicable solution.

China’s attempts at building roads and train tracks near the Siachen border would be met with swift countermeasures. ACC and L&T would swing into action, to build a network of highways and tracks that would send the ‘cheena gadheros’ packing.

India would exert tremendous pressure upon Iran to behave itself in the Middle East. The Iranis of India would be commissioned to show the Iranis of Iran how to set up coffee shops around the world that served brun maska and sugary sweet tea, earning rich foreign exchange in return. This would get the mullahs very agitated, but the Brun Pao Spring would be irreversible. Embargos would be lifted (Obama would have to, else no more dhansakh) and Make My Trip would offer bumper low prices on Tempting Tehran package tours.


All terrorist negotiations would involve Parsi Mother In Laws. The terrorists would know when they were severely outclassed and give themselves up post haste. But that would only be in extreme circumstances. As a softer option, Shiamak Davar could be sent in with his troupe to gyrate to Kajra re. This mind-blowing experience would leave them separated from their Kalashnikovs - and even their sanity.

Everyone in India would learn how to play the piano. This would foster harmony in the neighborhood, people would drop in for sing-a-longs every evening and copious amounts of beer would be drunk. You can’t riot against people you’ve been drunk with after all.

A Parsi PM would hang out with the Queen back ‘home’ and convince her that the Kohinoor really ought to return back home to India. (Another fine example of Dhansakh Diplomacy at work.) A Parsi PM would laugh a lot, swear a lot, eat a lot, drink a lot and entertain like crazy. World leaders would swing by to India when they needed a good laugh. And good food.

The Jam-E-Jamshed would have a higher circulation than the Times Of India. Everyone would want to know about what the PM said in his own community newspaper first. The Times Of India would promptly rebrand Bombay Times to Bawa Times and throw a launch party with Tanaz Godiwalla catering to boot. Queenie Singh would sport a gara miniskirt. This would leave Parsi women fuming and Parsi men steaming.

Trains would run, planes would fly, the environment would get cleaner, the cities greener. Smoking would be stubbed out, poverty would be rubbed out. The Left would grumble, the Right would mumble, the middle would rumble contentedly.

The Judiciary would have incorruptible bawa Judges. In five years flat they’d expedite the zillions of cases that have clogged the courts. Any frivolous lawsuit would be dealt with a swift dismissal, any true plea for justice would be swiftly dispensed. The parallel system of goondagardi would lose its relevance as people believed in the system, the State once again.

A Parsi PM. Who’d crack the country up when he spoke in Hindi every Republic Day from the ramparts of the Red Fort. Who’d laugh the loudest himself when he was lampooned by the Comedy Store. Now that’s a happy thought for this Navroze. Into that heaven of completely benign lunacy, dear Father, let my Country awake.

Thursday, February 14, 2013

Techies, The NCDC Could Use A Hand

Yesterday, I paid a visit the National Centre for Disease Control in Delhi on a personal errand. While waiting for one of the pathologists, I met an epidemiologist who has worked on both the policy side as well as in the lab. We had an engaging and fascinating discussion that sparked off from our mutual admiration for the amazing work of the very appropriately-named Larry Brilliant

(I encourage you to learn more about this unsung hero who has saved tens of thousands of Indian lives. Here's an interview I did with him three years ago). 

Coming back to the reason for this post, our discussion headed towards how the NCDC currently works to detect potential epidemics and stop them in their tracks. 

From what I gathered, the current system has two levels. The first is monitoring centers located in each district. These are in touch with local clinics & hospitals. They report back to New Delhi via satellite if there is a sudden rise in hospitalisations or sick patients, etc.

The second level is what the NCDC calls its 'Media Scanning & Verification' team. This team is based in Delhi and 'scans' TV & print media across the country for information of potential outbreaks. The team's epidemiologist then gets in touch with local authorities and doctors to 'verify' details of the disease, its virulence and whether any help is required to control the spread. 

In an ideal scenario, the district teams would rapidly spot a potential epidemic and alert the NCDC, which would then swing into action. In case the district teams miss something, the NCDC would pick up signals from media reports and swing into action. 

This 'sort of' works but I personally find it inadequate in the age of Google Flu Trends and rapid, mass transit. 

Our system relies on official reporting, which as we all know, takes time. Several days may be lost between the time 'Patient Zero' develops symptoms to the time 'The System' realises 'Patient Zero' has travelled to another city via a major airport hub. 

Now, Google does report Dengue Trends for India. However, the NCDC has some 35 diseases on its watchlist.

So here's a call to techies and coders who'd be willing to volunteer time and work with the really passionate doctors at the NCDC. I personally believe an effort to develop tools like the ones Google offers, relevant to the Indian context, can save countless lives. I'd be happy to connect you to the team I met at NCDC. Leave me a comment or connect with me via Twitter. 

Wednesday, February 6, 2013

Rapes and the Indian Justice System: An experimental data visualisation

This weekend, I attended an excellent big data visualisation workshop organised by Hacks/Hackers Delhi. The idea was to get journalists and techies to collaborate on investigative, data-driven stories and tell them in intuitive ways. Numbers dull the reader's mind. A well-designed infographic can convey complex ideas in a single frame.

The group I was a part of included journalists Nasr ul Hadi, Rajan Zaveri, Aayush Soni and my colleague at ITG Rohan Venkat. Our 'techies', who did much of the heavy lifting, were Piyush Kumar and Konark Modi. We were also joined by Yuan Lei, a journalism student from Shantou University in Guangdong. Since it's been such an important story in recent weeks, we looked at how rape cases in India are treated by 'the system'.

Before I get to our findings, I want to add a short note. We had just three hours to find data, organise it, clean it, 'query' it, and generate the visualisations. Not a lot of time. I'm sure a team working with more resources (particularly time) will draw more impactful conclusions. Our intention - since this was not a formal editorial process - was to start the conversation. We focused on three questions based on the data we had immediately available.



1. Adjusted for population, which states have the highest incidence of rape? 
For brevity's  sake, we called this 'rape probability'. In other words, how many rapes per thousand people. (Total reported rape cases/ State's Population x 1000).

Some states such as Mizoram appear to have an unusually high 'rape probability'. This may simply be because more rapes are reported, and not necessarily because women are more at risk. The national average was about 0.03 rapes per 1000 people.


2. If a rape case is reported in a state, how often does it result in a formal chargesheet? 
We called this 'chargesheet probability'. (Number of cases where charges are framed / Total reported cases x 100).

The clear outlier here is Manipur with just 9% of reported rapes ending in chargesheets. Is that only because of AFSPA? We cannot draw that conclusion until we know who the suspects are in each reported case. I also noticed an oddity. Three states - Andaman & Nicobar Islands, Tripura and Goa  - have 'chargesheet probabilities' higher than 100%. We didn't have time to find out why, so if someone out there could help in explaining that, I'd be grateful. The national average here was about 80%.

Update:  As Twitter user Pramurto Mukhopadhyay explains here, one likely reason for why the 'chargesheet probability' for Andaman & Nicobar Islands, Tripura and Goa crosses 100% is because there may be more than one accused per case. This is possible in the case of gangrape, or if the main accused had accomplices.


3. Finally, of the total reported cases, how many result in convictions? 
We called this 'conviction probability'. (No. of cases ending in convictions / No. of reported rapes x 100).

The outliers here are Nagaland and Sikkim with convictions secured in nearly 70% of cases that went to trial. Kerala was personally surprising with just a 2.7% conviction rate. The national average was about 18%.


Data sources: 2011 National Crime Records Bureau, National Census data

P.s. Even though we had the data, Google Fusion Tables would not generate visualisations for Jammu and Kashmir. It automatically marked the territory as 'disputed'. Oddly, while it marks Arunachal Pradesh with similar diagonal lines, we still get the data represented on a map. I have contacted the Help Team about this and will post an update if I get a reply. 

P.P.S Several states and U.Ts would show zero in their data fields. That's mostly because data was either unavailable or could not be reliably 'cleaned'.