My Presentation about Google Search …..

The Bowling Incident – September, 2010

It was a horribly boring day, but that wasn’t really a surprise. Well, I mean it was the recess week the week before the “first” ever midterms of our life and such a day is never “interesting” to say the least. And on this very same day, a bogged down spirit was making its way across the vast expanse of Prince George’s Park Residences muttering “I am screwed” over and over again. Again, no prizes for guessing this one – this wretched creature had made the long famous mistake of trying to pursue “Computer Science” and was supposed to be taking the “Discrete Structures” paper the day after.

I know I should have disclosed this in the climax (if there is any) but I am not much of a story teller and so let me make it clear that the spirit mentioned in the aforesaid paragraph refers to me, my humble self. Actually, I was only supposed to be tested on 6 chapters and considering a week’s time, preparing for the test is by no means a Herculean task. But, as it is with most students (I conveniently assume), I had spent the last 5 and a half days “utilising” my time on Facebook and appreciating good cinema (critically reviewed an average of 5 movies per day.

So, while I was going to my 2nd floor room of Block 17, I was intercepted midway by 2 creatures. One, the tall one named “Shairaz” and the other, the short one named “Raghav” (well, I reluctantly add that the short one was just a little taller than me). Now, the Lambu had made the same mistake as me (I mean Computer Science) and Raghav, too, was not faring any better (Business). I was shocked out of my precarious situation on seeing them appear out of nowhere and what they asked next literally took out the air from my lungs – “Lets go bowling !!”. I said “What? Dude, I have not even properly finished 1 chapter of 1 module (out of the four I was supposed to be tested on in the midterm week). Strictly no, I am not coming.” Now, as I said this, I was half wishing they would protest and convince me to go along with them (as if I needed any convincing). As true friends are, so they did.

Thus, we happily hopped off to the bus stop having forgotten all worldly ties like the impending mid-terms behind. But, then something struck us. Which bus were we supposed to take and from which bus stop?? Quickly, the cell phones got busy at work asking every possible person in their respective contact list how to get to the West Coast Entertainment Centre. But the efforts soon paid off when after over half an hour of frantic calling, a kind similarly vellapandi-inclined soul finally told us the way. What was next – we happily waited for the next 20 minutes for the next correct bus and then left for our destination.

Well, as it turned out, the “kind soul” had told us the wrong way and there was nothing even remotely connected to bowling at the place we landed up. Then, we meticulously and articulately abused the “kind soul” for a full 5-minute stretch in a single breadth. Exhausted and overjoyed by our efforts, we again got to work asking every person we met nearby the way to the nearest bowling alley. You may think we were mad, but no – we were out on a mission and we were going to accomplish it whatever it takes. After all, if we fail today, we would be the next topic of discussion among our Indian brethren for the next few days.

Finally, we found it. Well, actually, not a bowling alley but a drink shop. I swiftly ordered a bottle (of orange juice) and drank it as slow as possible deliberately just to enjoy the expression on the exasperated faces of the other 2 musketeers. Let me tell you it is an amazing sight. Re-energized (actually only me, but last week only, in Physics lecture, we had read of some crap called the inductive effect), we set to work again. And, lo, behold !! We finally had done it. The gate of the recreation centre was smiling widely at us inviting us to slam it hard against the wall. But, what followed was an anti-climax, to some extent. The rates were 8 times more than we expected. This would mean that I won’t be able to buy the text book for my Information Systems Module. But, who cares?? Bowling is certainly better than a book on Computing and Society.

It was an amazing experience. I came second in the first set and secured third position in the second one. Dude, it was tough and the competition was stiff among the 3 participants in the tournament (the 3 unfortunate souls). We happily returned back to PGPR. Okay, okay, let me tell you the truth, The return journey was not happy as we, by mistake, glanced at the time. We had played 2 sets of bowling lasting 15 minutes each in an aggregate of five and a half hours (It is worthwhile to mention that the strike rate of Rahul Dravid is better than this. I mean he succeeds in making atleast 10-12 runs in a test match day). Oh and of course, after a heated debate which uncomfortably lasted the whole bus journey, the blame of this delay was put upon my fucking orange juice (IMAGINE !!).

But still, as I look back at that “LEGENDARY” night, there are some interesting take-aways which I feel compelled to mention-

• Firstly, always say yes to your friends in everything they ask you when the exams are far (personal experience – they won’t ask you for a lot) and always say no to them in whatever they ask just before the exams. I realised that when my midterm grade was out.
• Secondly, always remember to take take photos of whatever you do (in fact, even if you don’t do something, take photographs some how and post it on Facebook). We didn’t click any pictures on that day and I feel so stupid whenever I see some picture of a brat bowling.

Finally, since I don’t know about the genre of this story-like-incident, I decided to make it a moral-based story. The moral – “Where there is a will, there is a way”. We did succeed in our mission that night and the reason was because “agar kisi cheez ko dil se chaaho to saari kaayanaat tumhe us se milaane mein lag jaati hai”.

Stuxnet & Ethics!

We have so far heard mainly of ethical hacking by companies in order to test the robustness and the security features of their software and programs. But this is something new – kindly have a look at the following news in “Economist” –

A cyber-missile aimed at Iran?
Sep 24th 2010, 13:32 by T.S.
THE internet is abuzz this week with speculation about Stuxnet, a “groundbreaking” computer worm that attacks industrial-control systems. Put that way, it doesn’t sound very exciting. But the possibility that it might have been aimed at one set of industrial-control systems in particular—those inside Iranian nuclear facilities—has prompted one security expert to describe Stuxnet as a “cyber-missile”, designed to seek out and destroy a particular target. Its unusual sophistication, meanwhile, has prompted speculation that it is the work of a well-financed team working for a nation state, rather than a group of rogue hackers trying to steal industrial secrets or cause trouble. This, in turn, has led to suggestions that Israel, known for its high-tech prowess and (ahem) deep suspicion of Iran’s nuclear programme, might be behind it. But it is difficult to say how much truth there is in this juicy theory.

The facts are these. Stuxnet first came to light in June, when it was identified by VirusBlokAda, a security firm based in Belarus. The following month Siemens, a German industrial giant, warned its customers that their “supervisory control and data acquisition” (SCADA) management systems were vulnerable to the worm. Specifically, it targets a piece of Siemens software, called WinCC, which runs on Microsoft Windows. For security reasons such systems are usually not connected to the internet. But Stuxnet spreads via USB memory sticks, or key drives. When an infected memory stick is plugged into a computer, the Stuxnet software checks to see if WinCC is running. If it is, it tries to log in, install a backdoor control system and contact a server in Malaysia for instructions. If it cannot find a copy of WinCC, it looks for other USB devices and tries to copy itself onto them. It can also spread across local networks via shared folders and print spoolers. (Here are the gory details.)

At first it was assumed that Stuxnet was designed to conduct industrial espionage or allow hackers to hold companies to ransom by threatening to shut down vital systems. But it has some unusual characteristics. WinCC is a reasonably obscure SCADA management system. Hackers hoping to target as many companies as possible would have focused on other, more popular, control systems. And according to Ralph Langner, a German security expert who published his own analysis last week, Stuxnet examines the system it is running on and, only if certain very specific characteristics are found, shuts down specific processes. All this suggests that a particular system was being targeted.

Moreover, Stuxnet uses the combination of two compromised security certificates (stolen from companies in Taiwan) and a previously unknown security hole in Windows to launch itself automatically when a user tries to access a memory stick on which it is installed. The use of previously unknown security holes (known in the trade as “zero-day vulnerabilities”) by viruses is not unusual. But Stuxnet can exploit four entirely different ones in order to worm its way into a system. Normally, anyone who discovers a new zero-day exploit can expect to sell it for a handsome fee to hackers who can then make use of it. Whoever built Stuxnet, however, was prepared to pay for four such exploits, which cannot have been cheap, to boost its chances of success. They also had deep knowledge of particular control systems. So it seems to be an expensive piece of software aimed at one specific facility.

But which one? Microsoft said in August that more than 45,000 computers around the world had been infected by Stuxnet. An analysis by Symantec, a computer-security firm,found that 60% of infected machines were in Iran, 18% in Indonesia and 8% in India. It could be just a coincidence that Iran has been hardest hit. But if Stuxnet has been deliberately aimed at Iran, one possible target is its Bushehr nuclear reactor, though there is no specific evidence for this. It is true that according to this screenshot from UPI, the Bushehr reactor is controlled by Siemens systems, including the WinCC software that Stuxnet targets. Dr Langner speculates that it could have been infected via AtomStroyExport, the Russian firm that is building the plant. Bushehr has been dogged by problems for years and its opening was recently delayed once again. But given the long history of delays, there is no need to invoke a computer worm to explain the latest one. A rival theory is that the target was Iran’s uranium-enrichment plant at Natanz, and that Stuxnet successfully shut down some of its centrifuges in early 2009.

We are deep into the realm of speculation here. Readers are invited to follow the links in this post to wade as far as they like into the various conspiracy theories floating around (such as this one, which spots a Biblical reference in a project name buried in the Stuxnet code). Two further reports on the worm are due be released at a computer-security conference starting in Vancouver on September 29th. They may clear up some of the mysteries surrounding Stuxnet—but they may simply prompt further speculation.

Here is a video which tries to unravel Stuxnet and the uncertainities about it –

Well, this is amazing and raises serious questions about ethics.

If at all, some mischief mongers are behind this who out of sarcastic pleasure of sabotaging programmable logic controllers in industrial equipment, or for making money, use Stuxnet, it could be understandable; but if at all it is being used by governments to target their political enemies, it is very unfortunate. Although its use or release by anbody is unethical, but if it being used by governments then it is atrocious and highly condemnable. Athough not much is known about Stuxnet, and we may know more about it in future, but one thing is certain that it is big challenge for the cyber security experts.

Another fallout has been that Iran has apparently blocked the technology website “Ars Technica” for reporting on the Stuxnet virus, which has been found targeting industrial systems in the Middle Eastern nation. This action is also unethical and we also do not know as to what was reported that invoked such a strong reaction. I have browsed this website and failed to see anything that could have warranted such a step.

A very recent report at infowars says, “Stuxnet False Flag Launched For Web Takeover”. This is very interesting and if it is true, it should be fought tooth and nail to ensure privacy and freedom of speech & expression. The following  three videos explain how Stuxnet is being used as a false flag by the US government to takeover and control all aspects of the web and individual communications -

Here is a counter view. The following video blames Iran and Russia for raising the false flag of Stuxnet -

It is still unknown as to who really is behind, but to look at the ethics involved in this, I am analyzing the aims with which it could have been done. For this I assume that I am one of the following -

1. A professional hacker
2. A computer expert thief
3. A terrorist
4. A nation state
5. An industrial unit
6. A software company in cyber security

I will now analyze each case one by one.

A professional hacker
If I am a professional hacker, I try to invent code that can break into computer systems and bring them down. It is not necessarily for wrong motives and I do it for helping the software companies in making their software impregnable and secure. My aim for developing Stuxnet could be to highlight a potential threat with the most ethical objective and then to try to develop a safeguard for this. This action is not unethical and it should be ensured that the product does not fall into wrong hands.

A computer expert thief
If I am a computer expert thief, I try to break into secure computer systems and steal usernames and passwords for committing fraud and transferring money from others’ account into my own account. If I fail in my efforts, I may out of frustration; develop something that makes critical computer systems unworkable. This action is unethical.

A terrorist
If I am a terrorist, my aim is to terrorize people of a particular enemy country and to harm them as much as possible. If I use violent methods, there is destruction of life and there is a great danger to my own life also. A novel way to harm the enemy country would be to use stuxnet to cripple computer systems and vital infrastructure. This action is unethical.

A nation state
If I am a nation state, my aim as a responsibility towards my people would be to ensure that the computer systems in my country and critical infrastructure are safe and secure. I would try to test my computer systems with the most severe viruses and worms and try to make my computer systems capable of warding off any possible threat. In order to achieve this aim, I would develop Stuxnet and try to make my computer systems immune from attacks of even Stuxnet. This action is ethical.

On the other hand, as hinted in the above article in Economist, I might in order to harm my enemy states by developing and releasing Stuxnet in the computer systems of those states in order to harm their computer systems and infrastructure. This helps me in not getting identified and surreptitiously dealing a heavy blow to my enemy. It is much more cost effective also and my men and territory are not endangered in any way in these kinds of attacks. This action is unethical and reprehensible.

An industrial unit
If I am an industrial unit, my aim would be to secure my computer systems from any kind of breakdown and attacks, either intentional or unintentional. I would rather concentrate on my safety and security, rather than thinking of harming my competitors. In order to make myself assured about the preparedness of my systems, I would ask my IT team to constantly check the computer systems by exposing them to the deadliest and most virulent worms and viruses available. This action is not unethical.

Although this possibility is remote, I might even ask them to develop viruses to make my computer systems more secure and to ward off any unexpected attacks. In very rare cases, I might use worms like Stuxnet to harm my competitors. This action is unethical.

A software company in cyber security
If I am a software company in the field of cyber security, my basic job is to develop viruses and worms and then to find ways and means to neutralize them. My company gains recognition and makes more money, if I am able to demonstrate that my products can save any computer system from all the known viruses. I could even throw up an open challenge to hackers around the world, to hack my computer systems, and demonstrate to the world, that my products can ward off any possible threat to any computer. I could even show by developing a Stuxnet and an antidote to it, that I know ways and means to save computers from such virulent attacks. This action is ethical.

I might, out of greed, try to find buyers who would try to use Stuxnet for harming their enemies. The potential buyers could be nation states or terrorist organizations also. This action is unethical.

The mystery of Stuxnet will unravel in the days to come, but whatever it is, it is alarming and needs immediate attention both technologically and politically.

Outsourcing & Ethics

Outsourcing is the buzzword today and apart from companies, it is being discussed at the political and social levels also, particularly in the United States and the developed world.

The following article in the Bangalore edition of the Economic Times of 10th September, 2010 shows that President Obama himself is against outsourcing-

Obama raises pitch against outsourcing

US President Barack Obama on Thursday once again targeted outsourcing of jobs overseas by American companies, increasing the pressure on local firms in an attempt to secure some benefit ahead of the crucial November elections in his country.

Obama, speaking at a rally in Parma, Ohio, the state which banned outsourcing of work overseas by government departments, said he remained firm on ending tax breaks for American firms that sent jobs abroad.

“One of the keys to job creation is to encourage companies to invest more in the United States. But for years, our tax code has actually given billions of dollars in tax breaks that encourage companies to create jobs and profits in other countries,” Obama said, flanked by Ohio governor Ted Strickland, who is trailing in the polls and is fighting to retain his governorship.

Obama’s party, the Democrats, faces a hugely disillusioned and angry electorate on November 2, and is widely expected to lose control of the House of Representatives. The US president has spent the last few days trying to rally his base with promises to protect jobs and spur economic growth.

The full article can be read here.

The main pitch against outsourcing is that jobs are lost because of outsourcing. However, the following video dispels this feeling -

Outsourcing is fast becoming the order of the day and any company that is setting up an online business or optimizing an existing business will likely consider, at one point or another, whether or not to outsource any of their web design, IT maintenance, customer care or even data entry. And certainly, more and more companies are turning to outsourcing, often in an attempt to keep their costs down, and to stay competitive in an increasingly complex business environment marked by cut-throat competition.

I am limiting my blog to offshore outsourcing, which really is the topic of debate nowadays.

The question about whether to outsource or not, at least for the thousands upon thousands who have already made this choice, is redundant. The real questions have become “Is outsourcing unethical?”, “What is ethical outsourcing?”, or “How to outsource ethically?”

Let us first have a look at outsourcing, the history of outsourcing and its benefits in brief -

What is outsourcing?
Outsourcing involves hiring overseas companies, located anywhere around the world, to do tasks, a company would normally do itself. These companies, from all corners of the globe, offer their services online, at extremely competitive, if not unheard of, rates.

History of outsourcing
Outsourcing is has seen an exponential growth spurt on account of Internet and the Information Age. In 1990s, Internet reached a critical mass, and then, almost overnight, technology changes started happening at an alarmingly rate. Internet started growing rapidly and then services like Youtube, MySpace, Facebook, Twitter etc. etc became available. Now, information has become a primary commodity as the global economy has transformed into one based on the manipulation of information. In the early outsourcing days, companies turning to outsourcers often sought IT providers. Today, a growing number of companies use outsourcing services as a means to develop their business, juggle the array of online social media and handle their customer care.

The loss of jobs in the United States and the developed countries to foreign markets is nothing new. For decades, developed countries have been losing jobs in manufacturing, textiles, and almost any field that involves factory work. Offshore outsourcing is just recently becoming prevalent in the news because white-collar jobs that used to be considered secure are being lost to overseas contractors. Two explanations for the sudden outburst of outsourcing in the IT industry are the Y2K bug and the dot com boom. Both events created a great need for developers that could perform mundane repeated tasks at a low cost. Since the developed countries couldn’t provide enough workers at the time, companies looked elsewhere.

Is it necessary to outsource?
Many entrepreneurs feel that they should focus on their core competencies and the routine work should be outsourced. It is often seen that people who have attempted to set up their own company, are just keeping afloat or are seeing a small profit margin. And many others are struggling to generate the same annual income they would have, had they sought employment, working for someone else. Outsourcing represents a way for some companies to stay in business.

Benefits of Outsourcing

Here are a few of the obvious benefits of outsourcing-

The time zone advantage:
A company can outsource any aspect of its online business to providers in a different time zone in the evening, and the work is in the company Inbox the next morning.
The global employee pool:
A company which outsources tasks can tap into a network of literally thousands upon thousands of employees, the vast majority of whom are eager to do the work assigned. This is a treat for those employers who have tenured employees in the office, who grumble when any new project is given to them.
Cost savings, focusing on core competencies and rising in the value chain:
Apart from saving money, the central idea behind outsourcing is that an enterprise should focus on what it does best (make cars, cakes or sell insurance) – its core competency, and hire someone else to do what they do best (make steel, food coloring or cut checks). A business should outsource only what does not differentiate it in the marketplace. It can lead to a company rising in the value chain, by outsourcing its non- core work to other companies. This also allows the company to seek those ventures that generate more revenue and are more profitable.

Ethics of Outsourcing

The recent years have seen a whole new debate in the United States and the developed countries about the ethical dilemma in offshore outsourcing. Critics are concerned about the widespread loss of jobs in their countries as more and more processes move to low cost countries like India, Philippines and Brazil. A company has to choose between the choice of retaining its employees at a higher cost to the company and outsourcing the same task to cheaper locations.

Very recently an anti-outsourcing bill was introduced in the US Senate, but has been defeated, which is being viewed as setback for the Democrats. The following news article was reported in the news papers-

Anti-outsourcing bill blocked in US Senate

Washington (29th September, 2010),(PTI).
US Senate Republicans successfully blocked the passage of an anti-offshoring bill that would have denied tax breaks to US companies which move jobs overseas.

Republicans in a 53-45 vote prevented the bill from overcoming a filibuster. At least 60 votes were needed to overcome the Opposition’s obstruction.

As per the bill, there will be a ban on government contractors from using American taxpayers’ money to move jobs offshore.
What is seen as an electoral populist move, the Creating American Jobs and End Offshoring Act aims at small manufacturers and included a payroll tax exemption for firms that move jobs to US, but the bill also contains provisions to prevent businesses from deferring US taxes on the income they make from foreign subsidiaries.

Indian IT honchos had said the bill won’t make much of an impact on India. However, they warned that US companies operating in other countries may be beaten by the same stick.

Several business groups such as the National Association of Manufacturers (NAM) were strongly opposed to the legislation. It had sent a letter to senators arguing the measure would make US corporations less competitive and hurt job creation.

The full article can be read here.

Here is a video which explains as to why outsourcing is not harmful -

The primary consideration of corporate leadership is to keep their company competitive. Offshore outsourcing helps companies to make substantial savings on costs, improve profitability and add value to shareholders. It is worthwhile to note that most global corporations have adopted outsourcing in a big way. The few that have held out are joining the bandwagon as they find it increasingly difficult to stay competitive without outsourcing.

The offshore outsourcing ethical dilemma

Companies face a lot of outsourcing issues while trying to send out jobs to cheaper locations. Many of them have to do with employee resentment towards outsourcing while other concerns revolve around ethics of outsourcing practices at the vendor location. Some of the concerns about the ethics of outsourcing practices at the offshore location include:

Poor work environment at vendor location: Concerns about poor work environment and exploitative HR policies in developing countries’ BPOs (Business Process Outsourcing) may have been the reason why the earliest outsourcing vendors were described as ‘sweat shops’. However, these concerns are all but gone now as more and more customers visit vendor locations and see the reality of comfortable and state-of-the-art work centers.
Fall in service quality: Most companies that decide to outsource have to keep in mind the concern of employees and shareholders about quality. A moot question is whether services delivered from half-way across the globe by a set of people who are culturally removed from the parent company can meet quality expectations?
Environmental issues: With rising environmental consciousness in the United States and the developed countries, outsourcing companies are concerned that vendor companies may practice environmentally damaging processes.
Cultural differences: The cultural differences between the two countries is often cause for worry in any outsourcing venture. Companies in the United States are greatly concerned that they may have to deal with governmental issues, bribes and language barriers in the country where they wish to outsource.
Retrenchment in the parent company: A major concern is the retrenchment on account of outsourcing and the social issues involved with it.
Outsourcing is damaging to local economy: In recent years, outsourcing hit the headlines with a vengeance. There was an out lash against outsourcing, with the main arguments used including that it does not support the local economy, it reduces wages, and it costs local jobs. Other opponents raised the red alert flag that outsourcing would have negative impact on future generations.
Legal liability: The copyright issues and legal liability of the work done by the outsourcing company are ticklish issues that have to be dealt with.
Outsourcing may result in intellectual theft: Another concern may be that the outsourcing company likes the ideas of the company, copies them and starts its own operations.

Ethical outsourcing: Measures for companies considering outsourcing
Companies deciding to outsource can take the following steps to ensure that they manage the tightrope walk between ethics and outsourcing -

Proactive employee management: Companies that decide to cutback or outsource jobs need to take several proactive measures to make the transition as easy as possible for affected employees:

1. Being open and communicative about the decision to outsource.
2. Planning the outsourcing strategy well in advance.
3. Giving the affected employees early notice so that they have enough time to find replacement work.
4. Providing a “safety net” for employees who are losing jobs.
5. Working out severance packages.
6. Devise opportunities for retraining and transfer of employees into alternative roles
7. Alternative recruitment and placement assistance

Detailed vendor research: Companies wanting to outsource should make a thorough inquiry into the track record of the vendor, network and infrastructure security systems in place, security awareness of employees, safety of electronic data storage etc. A detailed investigation of the vendor’s past projects, technical competencies etc. should also be made.
Audit of vendor operations: Outsourcers should impose stringent standards on the offshore vendors and conduct intermittent audits on the work conditions, HR policies and environmental practices of the vendor company.
Sub-standard wages should not be paid under any circumstances: Outsourcing should be done in a way that doesn’t involve sub-standard wages. The minimum wage in the country where the work is outsourced should be taken as a guideline. Not paying a decent wage for work completed falls under the category of unethical outsourcing.
Imagine the employee working at the same table: The working conditions at the vendor premises should be just and humane and which are as per the normal requirements of the workers.
Treating the outsource provider as a partner: Efforts should be made to create a win-win working relationship or partnership, and one that is as transparent as possible. Take for example, the outsourcer who works in the domain of website creation or design, server administration and article content. There are outsourcing companies that will bid for jobs and then outsource the work to individuals who will work at lower rates. This happens as some individuals strive to put themselves in project management or managerial roles while others seek task-driven assignments. In this particular scenario, being transparent would involve saying: “We are getting paid this much per website or article. We will pay you this percentage of our share to do the actual work”. A side benefit of creating a genuine win-win working relationship is that typically it requires less managerial control.
Being an advocate for the outsource provider: A good employer acts as an advocate for his or her employees, and helps them evolve. One way to act as an advocate for the outsource provider is to promote their services on the company website or to refer work to them. Another is to offer, where appropriate, to help the provider profile himself or herself better so that they can charge a higher hourly rate with their other clients.
Asking: “Is there anything that should bother me about my outsourcing practices?”
Ultimately it all comes down to a simple question of conscience.

My Views & Opinion

Throughout history, it has been popular for employers to lower their costs by seeking cheaper sources of labor. The desire for cheap labor is driven by profit motive. By decreasing costs, companies hope to reduce prices and increase profits. One recent trend is to export jobs to countries where salaries are lower. In the past, outsourced jobs have usually been unskilled jobs in routine IT functions like medical transcriptions, payment processing etc. and in manufacturing. However, “safe” jobs in engineering and health care are also now being shipped overseas. Nowadays, even wombs of ladies in the developing countries are being hired for giving births to children of rich couples in the developed countries.

A question that is very pertinent now is whether it is ethical to outsource jobs, and, if so, what are a company’s responsibilities when doing so? In general, companies exist to yield profits for entrepreneurs and investors. As a result, there is significant pressure on management to increase productivity and profits. Usually, this is a good thing. Capitalism is so successful because it strongly rewards the best business models and the hardest workers. However, these forces can lead a company to implement shady business practices to get ahead of the competition like employing child labor and using environmentally unsafe processes.

I feel that outsourcing is not necessarily unethical, nor is it unavoidable. After all, international business has opened huge markets for the products of developed countries and has provided customers with new and cheaper goods. With advancements in shipping and telecommunications, it is easier now than ever before to sell products and services across the globe. Simultaneously, these very factors have led to increased competition. The companies of the developed countries have to compete against businesses in regions where operating and labor costs vary greatly. Outsourcing has the benefit of providing jobs to people in regions that may be poor or lack opportunities for economic growth.

Outsourcing will undoubtedly remain to be a natural part of business today. If the developed world feels that it can refrain itself from outsourcing, it will be a big mistake as this would lead to increase in costs of most of the goods and services, ultimately leading to a deterioration in the quality of life of the people there.

Most economics textbooks reference the theory of comparative advantage, developed by David Ricardo at the turn of the 19th century. It means that nations benefit from free trade when they focus on producing the goods and services they can produce more easily and cost-effectively than other nations. Wise nations purchase the goods and services difficult for them to produce from nations who can sell them for less.

Thomas Siems of the Research Department of the Federal Reserve Bank of Dallas said in a 2003 article, “International trade generates higher overall output by redirecting jobs to those who create the most added value, that is, to those who maximize their productive abilities. Put simply, the benefits of free trade can be summarized as: ‘Do what you do best. Trade for the rest.’”

Outsourcing is here to stay and the statements of some of the leading lights of the corporate world corroborate this.

There is no job that is America’s God-given right anymore — Carly Fiorina, Ex CEO, Hewlett Packard

As CEO of Intel, my allegiance is to the shareholders of Intel and to the success of the company. We go after the most cost-effective resources around the world, no matter where they are. — Craig Barrett, Ex CEO, Intel

A moot point is regarding the employees who have been with the company for many years and who now no longer have work? How could it possibly be ethical to unexpectedly fire these people and hand out their jobs? I feel that such unexpected firing is unethical by today’s standards. It should be the attempt to pursue the best possible outcome for employees within the framework of outsourcing. An important factor would be open, honest communication and good planning.

Decisions to cutback or outsource jobs should be made long in advance so that employees have time to find replacement work. All employees should know what they can expect from their severance packages and how long they have left with the company. The firm should reasonably attempt to help its employees. For the best employees, this may translate into a promotion or extra responsibilities. Others may be given the opportunity to relocate within the company or become managers or lead engineers at the foreign site. But, this is not a feasible solution for every employee.

The companies still have an ethical responsibility to its laid-off employees. They may have anticipated a steady income from the company and perhaps a retirement package. Now, they must start over at a new company, which could push back their retirement and reduce their salary and benefits. As such, the severance package should be commensurate with the time spent at the company. Additionally, workshops on writing resumes, interviewing techniques, and job opportunities should be held to assist the employees in finding new jobs. It is the company’s obligation to minimize the impact of the outsourcing on its employees.

Outsourcing is and will remain to be common business practice.

Economist Thomas Friedman strongly encourages Americans to focus on the education and innovation necessary for success in the global marketplace. Outsourcing provides the opportunity for highly-skilled workers to focus on higher-skilled and better-paying tasks than they could have before. Skilled workers as whole have more to gain than they do to lose when it comes to outsourcing. Those in danger, however, are low-skilled workers who choose not to grow and upgrade their skill sets. “…while protectionism would be counter-productive, a policy of free trade, while necessary, is not enough by itself,” Friedman said in his highly-publicized book, “The World is Flat”. “It must be accompanied by a focused domestic strategy aimed at upgrading the education of every American, so that he or she will be able to compete for the new jobs in the flat world.

Some other concerns like data privacy, confidentiality and security at the vendor’s premises should be ensured. The issues of copyright and ownership of intellectual property should be worked out and proper agreements signed with the vendors. The issues of child labor and environmentally safe processes should also be worked out beforehand. A very important aspect is regular monitoring and inspections of the premises of vendors.

One would wonder that it is only the big multinational companies are outsourcing, but wait, and watch the following video. It shows that individuals in United States are also outsourcing their work, which shows that outsourcing is only to grow.

Software Piracy and Ethics .. Latest …

This is continuation of my blog post Software Privacy and Ethics dated 24^th September, 2010. The news is that the four men behind The Pirate Bay have gone to court on Tuesday to appeal against their sentence. The following article appeared in Mashable, an internet news blog  on 27^th September, 2010.

The Pirate Bay Appeal Begins Tuesday

The four men behind The Pirate Bay will go to court Tuesday to appeal their sentence of one year in jail and $905,000 each in fines. Eight trial days will occur before October 15.

It’s been a rough ride for the surprisingly resilient BitTorrent website, which shut down its tracker 10 months ago but remained operational in a bare-bones sort of way. The advocacy organization that founded the site closed its doors in June.

In April, Gottfrid Svartholm, Fredrik Neij, Carl Lundstrom and Peter Sunde were found guilty of assisting in making illegal downloads of copyrighted content possible. All four pleaded not guilty and appealed the ruling, essentially claiming that they weren’t responsible for how people they had never met used their technology.

As TorrentFreak notes, this appeal is light on flair or publicity, unlike the original case. The first case was a media frenzy. Its developments were prominently featured all over Twitter, tech blogs and even mainstream media. This time, not even The Pirate Bay, which is known for mocking its enemies, has acknowledged that the appeal is currently taking place.

I sincerely wish that this appeal is rejected as this would be a big victory for the anti-piracy movement. This case could be a milestone and would act as a deterrent for people trying to get involved in piracy. The result should be publicized widely to have a greater impact.

Software Piracy and Ethics

Software Piracy is defined in the Computing Dictionary of http://dictionary.reference.com/ as “Making or distributing unauthorized copies of software, either for kudos or for profit.” This definition may sound simple, but its impact and affects are anything but simple. According to Business Software Alliance, in 2009, worldwide software piracy rates rose to 43 percent, with losses estimated at US $51.4 billion.

Forms of Software Piracy

The most common forms of software piracy are as follows. A few of them may overlap also:-

1. Softlifting occurs when someone purchases one legitimate copy of the software, and then loads it onto many different computers.
2. Hard Disk Loading occurs when unauthorized copies of software are placed on the hard disk when one buys a new personal computer. This method is used by computer dealers to sell computers at low prices, but give their customers an added value.
3. Renting the Software occurs when one uses the software temporarily and then gives it back. It is the same thing as renting a video from a video store, but the difference is that this is illegal.
4. Software Counterfeiting is burning a software disk and selling it to someone.
5. End-User Piracy occurs when an individual or organization reproduces and/or uses unlicensed copies of software for its operations.
6. Client-Server Overuse occurs when the number of users connected to or accessing one server exceeds the total number defined in the license agreement.
7. Subscription Licensing is using subscription-licensed software past the expiration date.
8. Counterfeiting is the illegal duplication of downloaded software with the intent of directly imitating the copyrighted product.
9. Online Software Theft occurs when individuals download unauthorized copies of software from the Internet.
10. License Misuse occurs when software is distributed in channels outside those allowed by the license, or used in ways restricted by the license.

If one has pirated software, there are ways to tell that it is not real. One way is that it will not have adequate documentation with it such as instructions. Another way is that the user will not get the technical support that one would usually get with the real software. Lastly, since the software is copied, one will not get the software updates needed for some programs.

Whether one purchases software from a retail store or downloads installation files from an Internet site, a user license, not the CD or possession of installation files, is what gives the right to install and use the software. The license purchased defines specific terms and conditions regarding legal use of the software, such as how many computers the user may install the software on, or whether the software can be transferred to another computer or not. Any actions taken outside the limits of the license constitute software piracy.

This video explains in brief, the importance of the terms and conditions of the license and how its violation is piracy

Economic Impact

The impact software piracy has on software companies goes beyond the amount of money involved in lost revenues. Software piracy costs in terms of jobs. If worldwide software piracy levels fell by 10 points over a four-year span, 600,000 jobs would become available in the IT industry, according to a January 2008 report issued by the International Data Corporation. The same study reports this 10-point reduction in software piracy levels would raise an additional $24 billion in worldwide government revenues without increasing taxes.

Risks

Buying or using pirated software has many inherent risks; the least of which is facing legal charges. There is no guarantee that pirated software will function as it should, and in cases where it does not, the user can expect no support, technical or otherwise. This software is not eligible for upgrades, updates or security patches. In addition, the user runs the risk of damaging his/her reputation, as criminal prosecution becomes a public record.

Software Piracy is a Crime and its Possible Implications

Software piracy is a crime and copyright infringement laws make no distinction between one or 100 illegally copied CDs or the unauthorized sale of software installation files. If one is caught, it can lead to heavy penalty, criminal prosecution, fines and/or a few years in jail. In addition, a business is responsible for the actions of its employees, whether it is aware of what takes place or not.

How to Stop Software Piracy

Software piracy affects everyone and illegal and improperly used software hurts the economy in general, the software industry in particular. It can cause harm to the user’s computer and legally speaking, it is against the law. The software industry is taking steps to curb the problem, and there are many things individuals and businesses can do to help stop software piracy.

Personal Measures

1. The End User License Agreement (EULA) for each software product purchased should be read carefully. The EULA’s terms and conditions define how one can legally use the software, how many computers the user can install the software on, and whether or not a backup copy can be made. Most software companies first ask the user to accept their agreement and then only allow the installation of their software.
2. Software should be purchased only from reputable resellers. The manufacturer’s website should be checked to see what kind of authentication markings they include to guarantee that the software is genuine. Microsoft affixes a “Certificate of Authority” label to the outside packaging of their products, and Adobe includes silk-screened artwork along with trademarks, patent information and part numbers on their CDs.
3. Software should be downloaded directly from the manufacturer’s website. It should never be downloaded from a peer-to-peer file- sharing site such as Limewire, Kazaa or BearShare. One should also not make one’s software available on these sites.
4. Software should be registered to prevent others from attempting to install this software on their computers.
5. Software piracy should be immediately reported if it is discovered that software one has purchased is not authentic or if it is suspected that an online reseller or retail establishment is selling counterfeit software. This is the biggest single action anyone can take to stop software piracy.

Manufacturers’ Measures

While it is doubtful that a manufacturer will be able to completely eliminate piracy, it can work towards reducing the number of incidents.

1. Offering free and paid versions of software. It can be successful to offer different levels of the software program. One level is free and includes basic functionality, and customers must pay to receive an advanced version of the software that includes more features.
2. Reducing the cost of software to the extent possible. Some people pirate software because they feel that the price is too high. If the price is reduced, more and more people could be encouraged to buy it instead of obtaining illegal copies.
3. Including an activation step. As users install software, the manufacturer can include a step that involves activating the software through the Internet or by phone before users actually can use the software. This involves a unique code that a user can only get by purchasing the software legally.
4. Seeking out and stopping illegal downloads. Some people pirate software through peer-to-peer file sharing. The manufacturer can send these sites a cease and desist letter, asking them to remove its software. Some will be more responsive than others, and may remove the software; the manufacturer might have to take legal action against the others. The file sharing sites should be continuously monitored for this type of activity. Some software programs can help do this automatically.
5. Taking legal action against those who pirate your software. When someone is caught pirating software, the manufacturer should take legal action against him. As people see that the manufacturer does actually take action against pirates, they become less likely to pirate software, as it presents a greater risk of them getting sued.

What Are the Causes of Software Piracy?

High Income Gap

Piracy thrives greater when the income gap between the rich and the poor is relatively large. For example, developing countries like China, India and Mexico have higher piracy rates per-capita.

Lax Enforcement

The remote possibility of being held responsible for copyright infringement is often cited as a cause of piracy.

Reliability of Pirated Copies

The amount of piracy is affected by the reliability of the pirated software available for a given product. Software that pirates can produce reliable copies of is more likely to be stolen than software that pirates cannot reliably copy.

Ease

The ease of pirating software using peer-to-peer file sharing software such as BitTorrent and LimeWire contributes to its prevalence.

Ignorance

Many users do not realize the illegality of “softloading”, the installation of one piece of software onto multiple computers

Ethics

The software industry has to deal with the threat of piracy and its impact on their business. While the activity is generally seen as illegal, the ethical implications of it are explored here in the following most common cases-

1. The pirate seeks to sell pirated software at a price
2. The pirate seeks to distribute pirated software free of cost

Today, it isn’t difficult to pirate software, and with Bit Torrent and Lime Wire around, it’s fairly easy to do so. With such an ease, it is very logical that some people might try to earn a profit from pirated software. Suppose there is a person who copies an application developed by a large company and decides that this product is way over-priced and should be available for a much lower price. With this in mind, he begins creating and distributing copies of the application at a new, adjusted price (of course lower than the price of the original software). Very clearly, this activity is illegal, since he is reselling copyrighted material, which he has illegally copied. The pirate in this case may think that he is ethically right for providing the product at a price that he feels it should be sold at. He might even feel a little noble for doing so; after all, he thinks that he is protecting the consumer and making a product available at the “right” price. This scenario is actually a very weak argument to present piracy as ethical. Even though, it may seem that the pirate is doing the “right” thing, he is not. In case he feels that the software is overpriced, he should raise this issue with the company or protest legally in various forums. He can’t begin “stealing” software and selling at a “just” price. Another important question is whether he is keeping the money to himself or donating it to charity. If he is keeping the money to himself, he should stay far away from the term “ethics”; he cannot give the money to the company stating what he is doing as the company will file a criminal case against him, and he has already admitted his wrongdoing. What if he is donating the money to charity? It is a difficult case and it means that in effect, the company is being forced to charge some customers a low price and to pass it entirely to charity. The pirate’s act of getting the software is unethical, but his giving the sale proceeds away to charity is ethical, but what when the two acts are taken together? I would treat it as not totally unethical, but well, I am unable to pass a final value judgment. There is another point to consider in this type of piracy. If a company discovers the existence of a pirate who is selling their product and chooses not to take action, how do the ethics now apply? Suppose the company does not take action because the legal expenses would cost more than what it is losing to the pirate. In this case, it is better for the company financially to allow the pirate to continue, but does this make the piracy ethically right? I feel that the act of the pirate is still “unethical”. However, the company must also share some of the blame for allowing the piracy to continue. It is not economically sound for the company to initiate legal action against the pirate, but not doing so shall have adverse effects. Even if it is not economical, taking an exemplary action against the pirate could reduce piracy in general and would certainly start to give the company a reputation for not tolerating piracy of its products, which could be beneficial in the long run. Ethically also, the company is wrong because they are allowing the unethical act of piracy to occur when they are able to take action to stop it. Thus, in a situation such as this, the act of pirating a product is still “unethical”.

The second type of piracy is that in which software is obtained freely and the software is distributed free of charge. The proponents say that they wouldn’t have purchased the product anyways and that the companies, while pricing their products, already take into account piracy, and price it higher than they would have had if there were no piracy. The proponents of “I wouldn’t have purchased it anyways” argument feel that nobody is being hurt because of this and thus they attempt to consider this sort of piracy ethical. It is worthwhile to mention that the pirate is using a product money was invested in to develop and that individuals spent time to work on. The company should receive payment for providing him with the product to use. If the pirate wouldn’t have bought it, yet he is using it, shows that he likes the product. Consequently, he should purchase it so the company can receive compensation for use of the product. By using the product without compensating the company, an “unethical” act is being committed. The second argument that companies price products higher in order to account for piracy and that this justifies obtaining the product for free, is wrong. If nobody uses the product for free, the company would not have to adjust the price at all. Using the effect of an unethical act to justify it is not a judicious argument, therefore, this case is “unethical” in terms of piracy.

There are many softwares and we have seen recently in the Application Stores of both iOS and Android that there are certain applications which are free to use, but with a remark that if the user likes it, he/she should purchase a copy of the same. The cases where a user likes it, but still continues to use it without purchasing are “unethical”.

Another aspect concerns the people who are below the poverty line and are using pirated software. Technically, they are wrong and their action is “unethical”, but in view of their financial status, it is impossible for them to buy software and they can be given the benefit of doubt. Here there is a scope for the software companies, particularly the big ones, to find ways and means to ensure that people, who are below a defined income level, can have access to software free of cost. Although this is ridden with problems of implementation, it would really be “ethical” on the part of these companies. A counter view is that most of the basic softwares have free alternatives also like Linux in place of Windows & Mac for operating systems, OpenOffice in place of MS Office for office suites, etc. and so there is no need for any proprietary software to be provided to the poor people; and if anybody wants to use it, he/she should pay for it. This argument is again, technically right, but debatable. The readers may decide for themselves, but a recent case in Russia is relevant. The following was reported at http://www.engadget.com/2010/09/14/microsoft-responds-to-russian-crack down-by-extending-software-li/ by Joseph L. Flatley on 14th September, 2010.

Microsoft responds to Russian crackdown by extending software licenses to NGOs

Put yourself in Microsoft’s shoes for a second: how would you feel if the Russian government used your product as a pretext for shutting down opposition groups? As you know, that’s exactly what happened in January when an NGO known as Baikal Environmental Wave had its computers confiscated under the pretext of searching for pirated Microsoft software. The group, it seems, is spearheading opposition to the reopening of a paper factory with a history of polluting Lake Baikal – much to the chagrin of a certain Prime Minister Putin. In an attempt to keep this sort of thing from happening in the future (and to clean up its tarnished image), Microsoft has announced that it will provide a unilateral NGO Software License that automatically covers NGOs and media outlets in Russia and other, as yet unspecified, countries, and which will extend until at least 2012. “We want to be clear,” said VP and general counsel Brad Smith. “We unequivocally abhor any attempt to leverage intellectual property rights to stifle political advocacy or pursue improper personal gain.”

This shows that as far as political advocacy is concerned, software piracy cannot be used as a tool to stifle it; in other words, Microsoft is not treating software piracy in such a case as “unethical”. Well, my wording of the previous and this sentence may not be exactly correct, but the crux is that certain instances are there where software piracy has not been punished, even when a sovereign government was taking legal action against piracy. In fact, the company has come out and legalized the pirated software. It is a clear indication that software piracy is not always being dealt with plainly in legal and technical terms, and there can be cases where “other” considerations come in.

I am specifically of the opinion that software piracy is “unethical” and there can be hardly any reason for it to be justified as “ethical”. As far as people who cannot afford to pay are concerned, most of the basic and essential software have free variations available which can be used readily and freely. The economic losses of software piracy are colossal and as stated at the beginning, the losses in 2009 were estimated at US $ 51.4 billion. Had this amount been realized by the software developers, the prices would definitely have come down and greater research would have been fuelled for the development of better and easier to use software.

A great victory against piracy has been the action against the owners of the file sharing website The PirateBay which is a store house for pirated videos, music & software. In 2009, a Swedish court has convicted four men of helping people to break copyright law by creating and running The Pirate Bay file sharing website. The media corporations who own the content sued them for loss of earnings. Here is a brief report about this -

However; producers are aware that the growth and innovations in technology are going to provide better facilities of file sharing and that they have to adapt to this and develop alternative revenue and business models. An insight can be had from an interesting seven part video series “Piracy is Good”. The first part is -

The other six parts of this series can be viewed by clicking the appropriate part number here: 2 3 4 5 6 7

Privacy Versus National Security

A serious debate about “Privacy vs National Security” is raging in India for the last few months.

It relates to the threat of the Indian Government to ban the BlackBerry services in the country if it is not allowed to have access to the encrypted data of its email and messenger services, which it believes could be used by the terrorists to communicate with each other and to the detriment of India’s national security.

Here is what the media said on 12^th August, 2010 -

It is worth noting that Tata Teleservices’ application to offer BlackBerry Services in India has been rejected after the Department of Telecom (DoT) forwarded the request to the Union Ministry of Home Affairs (MHA) citing that under India’s Information Technology Act of 2000, the government has the right, under certain circumstances, to intercept electronic communications for security reasons and in national interest. Security agencies say that terrorists are increasingly using the internet and applications such as e-mail to communicate with one another. RIM (Research in motion) operates in more than 130 countries around the world and says that it respects the regulatory requirements of governments. It however uses an algorithm to keep its data protected and thus inaccessible to the government of any country. Other operators, who already hold a license to offer BlackBerry services in India, have been asked to give the government access and the right to intercept emails, under threat of cancellation of their BlackBerry licenses. These operators include Vodafone Essar, the Indian joint venture of Vodafone Group and Reliance Communications, a large Indian mobile services provider.

What is BlackBerry?

BlackBerry is a device developed by Canada’s Research in Motion (RIM) and more than a million people in India use its services.

The main USP of the BlackBerries is their security which is believed to be the best in the world for communications with handheld devices. The details about BlackBerry security are given here and a brief about wireless data security is reproduced below:-

Wireless Data Security

End-to-end Encryption
The BlackBerry Enterprise Solution offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES), for all data transmitted between BlackBerry® Enterprise Server and BlackBerry smart phones.

Private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smart phone user. Each secret key is stored only in the user’s secure enterprise account (i.e., Microsoft® Exchange, IBM® Lotus® Domino® or Novell® GroupWise®) and on their BlackBerry smart phone and can be regenerated wirelessly by the user.

Data sent to the BlackBerry smart phone is encrypted by BlackBerry Enterprise Server using the private key retrieved from the user’s mailbox. The encrypted information travels securely across the network to the device where it is decrypted with the key stored there.

Data remains encrypted in transit and is never decrypted outside of the corporate firewall.

RSA SecurID Two-Factor Authentication
BlackBerry MDS Services on BlackBerry Enterprise Server support RSA SecurID® authentication, providing organizations with additional authorization when users access application data or corporate intranets on their BlackBerry smart phones. BlackBerry MDS Services utilize RSA ACE/Agent® Authorization API 5.0 to interface to RSA ACE Servers®. Users are prompted for their Username and Token Passcode when navigating to a site or application requiring authorization.

HTTPS Secure Data Access
BlackBerry MDS Services act as a secure gateway between the wireless network and corporate intranets and the Internet. They leverage the BlackBerry AES or Triple DES encryption transport and also enable HTTPS connections to application servers.

BlackBerry smart phones support HTTPS communication in one of two modes, depending on corporate security requirements:

• Proxy Mode: An SSL/TLS connection is created between BlackBerry Enterprise Server and the application server on behalf of BlackBerry smart phones. Data from the application server is then AES or Triple DES encrypted and sent over the wireless network to BlackBerry smart phones.
• End-to-End Mode: Data is encrypted over SSL/TLS for the entire connection between BlackBerry smart phones and the application server, making End-to-End Mode connections most appropriate for applications where only the transaction end-points are trusted.

IBM Lotus Notes Email Encryption Support
BlackBerry Enterprise Solution support for Lotus Notes® email encryption is designed to increase usability of the BlackBerry Enterprise Solution. With BlackBerry Enterprise Server v4.1, BlackBerry smart phones are able to read Lotus Notes encrypted email.

BlackBerry smart phones applications created using the BlackBerry® Java™ Development Environment (JDE), which have certain functionality — such as the ability to execute on startup or to access potentially sensitive BlackBerry smart phone application data — require developers to sign and register their applications with Research In Motion (RIM). This adds protection by providing a greater degree of control and predictability to the loading and behaviour of applications on BlackBerry smart phones.

Additionally, the BlackBerry Signing Authority Tool can help protect access to the functionality and data of third party applications by enabling corporate developers or administrators to manage access to specific sensitive Application Programming Interfaces (APIs) and data stores through the use of server-side software and public and private signature keys.

To help protect BlackBerry® MDS Studio applications from tampering, corporate developers can sign an application bundle with a digital certificate described by an alias. They can use either a trusted certificate authority (CA) or a generated (self-signed) certificate. BlackBerry MDS Studio generates and signs applications with certificates that are compliant with the Public Key Infrastructure (X.509) standard.

Government of India’s stand on this issue

1. BlackBerry’s process of information exchange is based over the net via the messenger service and email.
2. The government of India’s current surveillance mechanism is to scan data at the cell phone towers of telecom operators. The net is simply way too extensive and exhaustive to police.
3. Information from one BlackBerry to another moves via the customer’s particular cell phone operator’s tower.
4. The problem from the government’s point of view is that this information at the cell operator’s tower is encrypted by BlackBerry. It’s been one of their USP’s in fact.
5. The government wants access to this data as there is a legitimate possibility that security threats may use BlackBerry’s encrypted information convenience to communicate with each other hence leaving the government with no way of tracking them down.

Why the ban?

The Government of India has reportedly asked RIM for access to the encryption keys in order to make incoming and outgoing emails legible to government security agencies. The home ministry has asked all cell phone operators to help the Department of Telecom in deciphering and monitoring the enterprise services data of RIM.

Blackberry has come out with a tentative solution on providing access to the Metadata of BlackBerry services, which will be monitored by Indian security agencies. The Department of Telecom has remained unsatisfied with the deal as Metadata was only showing the length of the text, when it was written and its author, which is of no use, even if the author turns out to be a terrorist. In reply, BlackBerry said that they have been keeping their policies same for all countries.

Earlier RIM had come up with a another solution that the information to the security agencies would be provided on a deferred basis. The government agencies rejected this solution and demanded to have real time information rather than the deferred ones.

RIM had provided an option to the security agencies and officials of the Home Ministry that they could hand over details of BlackBerry phones needed to be monitored and it also agreed to decrypt all the Blackberry Messenger and Blackberry Enterprise mail Service which was demanded by the security office. However, the proposal was rejected as the security agencies said that providing phone numbers of suspicious calls for surveillance would expose the source to an outside company and that would prove detrimental for the country’s security.

RIM has assured India that it will provide a “technical solution” presumably similar to the arrangement RIM recently worked out with Saudi Arabia, but India still isn’t making any final decisions just yet, with a government source simply saying that its “technical team will evaluate if it works.” The issue has been deferred and somewhat curiously, the source also mentioned that India had “concerns” about Gmail and Skype, but didn’t offer any further details.

My Views & Opinion

First of all, as stated above, we should be clear about the route taken by a corporate BlackBerry message and its security features:-

The BlackBerry cell phone sends the encrypted message to the BlackBerry server(s) which then sends that message to the corporate’s Exchange server (BlackBerry Enterprise Server runs on top of Microsoft Exchange Server). The exchange server then sends it ‘out’ to the recipient’s email server.

The BlackBerry security architecture is specifically designed to provide corporate customers with the ability to transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data. This has been done purposefully to provide corporate customers with the necessary confidence that the transmission of their valuable and confidential data is completely secure.

BlackBerry does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party, under any circumstances, to gain access to encrypted corporate information. Thus, RIM can accommodate any request for a copy of a customer’s encryption key since it does not at all at any time; ever possess a copy of the key.

BlackBerry Enterprise Server (BES) security architecture is deliberately designed to perform as a global system independent of geography. The location of infrastructure and the customer’s choice of wireless network are irrelevant factors from a security perspective where end-to-end encryption is employed.

Anyone who knows this (publicly available information) and does not want his email read can simply install a third party encryption tool (for instance PGP) on his BlackBerry. Then what happens is that the Blackberry device encrypts the already (PGP) encrypted message and sends that out to its server. Even if the server decrypts the Blackberry encryption, there is nothing that can be done about the third party encryption that has happened at the sender’s end, without the keys to decrypt it. PGP for instance is a widely used encrypting tool and is as of now perfectly legal to use. There are a number of tutorials on the Internet that shows how such third party encryption can be set up on handhelds. You don’t need to be a hacker to do that. Even if one goes by the argument that the bad guys may use Blackberry devices to send messages to each other, the presumption that the communication will be in human language is rather naïve. Using predetermined code words sensitive information can be passed on between parties in between what appears to be common everyday conversation. “Where are you going ..?” – “My gramophone is not working.” may mean just that or those could be a secret code.

Here is a short tutorial of the many available on the internet on PGP -

If, say, the Government finally gets its way and BlackBerry data starts residing on servers located physically in India and suppose BlackBerry makes the messages readable.

It would be near impossible to simply read (via human or machine) all messages and emails sent by BlackBerry devices. I am not sure, but it can well be imagined as to what infrastructure would be required to scan the entire lot of transmitted BlackBerry messages in real-time and the algorithms required to pick up keywords and flag specific messages for human review.

It has also been reported that Google and Skype are under the radar of the Government of India as well, but it is not clear as to for what reasons.

The authorities should well understand that there are hundreds of email service providers and forcing all of them to place servers that store emails of Indian accounts to be placed in India will be extremely difficult and time plus resource consuming.

In a purely hypothetical world, let us say the above becomes possible and the security agencies can ‘monitor’ all emails sent using any email provider. The simplest solution for anyone not wanting the government to read its emails is to again use encryption tools – like the open source PGP. The third party encryption tools are relatively easy to setup and as the reports on the internet say, nearly impossible to decode.

All that shall be achieved is potentially compromised corporate security, unnecessary hassles for the service providers, who may have to setup infrastructure in order to play along and in turn pass the additional cost on to customers.

India’s image in the corporate world shall take a beating and it would be classified as a country which disallows confidential and secure exchange of messages over the air, which is very important & necessary for the corporate sector.

Yes, it’s true that India has had some tragic experiences with terrorism, and it’s also true that terrorists need secure communication to hide from police and the intelligence services. But any terrorist would not be using a BlackBerry. Any mail he sends is not only traceable, but also stored and backed up. (As for BIS (BlackBerry Internet Service), it is in RIM’s control: so access is easier for government agencies.). The smarter terrorists will go to a cybercafé, and use a Gmail or Yahoo mail account. He’d simply read and save the mail in draft mode without sending mail (so there’s nothing to intercept). Then there’s file share: sites like YouSendIt, where he can keep encrypted files, leaving almost no trace, unlike with a BES mail.

And here is how to use PGP in Gmail -

Of course, the Indian government may also decide to ban PGP and other encryption algorithms. But will that really work? India has a large number of IT professionals, already doing work for top notch U.S. firms; it is pretty certain, that with this talent pool, somebody shall devise a technology to secure the messages.

My strong feeling is that the Indian authorities should drop the idea altogether, and promote India as a place which allows confidential and secure communication between corporates. This will add to the already attractive scenario and add a push to the growing Indian economy. Terrorism is definitely a concern, but the proposed method is futile, time-consuming and will lead to a downslide in the country’s image.

It would seem that only countries like India, Indonesia and Saudi Arabia are trying to restrict BlackBerry and the like. Well, here is a surprise, if at all it is. The following video indicates how efforts are being made in UK to monitor all phone calls and emails. The European Union of which UK is a member has strict privacy control laws and in view of this, this is very strange. Hear it for yourself ..

My advice to the authorities the world over is to keep their hands off any such action, as the objective they are trying to achieve is not going to be achieved and it leads to the country getting an adverse publicity.