1. Why WhatsApp is encrypting backups and how this will impact users

Relevant for GS Prelims & Mains Paper III; Science & Technology

Facebook-owned messaging platform WhatsApp has introduced end-to-end encryption for backups of chats that its users take on cloud services such as Google Drive or Apple’s iCloud. The move is being looked at as a step towards closing a loophole that allowed user chats to be outside the purview of encryption and could therefore be accessed by a third-party, affecting the user’s privacy. WhatsApp said it has been working on bringing this feature out for years and it will be rolled out by the end of this year.

What is the need for backups to be end-to-end encrypted?

Many users of WhatsApp take backups of their chats, which include text messages, photos, videos and documents shared on the messaging platform. “The content of message chats is valuable to WhatsApp users and WhatsApp offers an in-app backup feature to protect the content in the event a user’s device is lost or stolen; and to enable the transfer of their chat history to a new device,” WhatsApp has noted in a security white-paper on encrypted backups. While WhatsApp’s chat service is end-to-end encrypted, it depended on cloud partners like Google Drive or iCloud to store backups of WhatsApp data. The company had said earlier that once the chats were uploaded to Google Drive or iCloud, they were out of the encryption channel and weren’t private anymore. In several cases, armed with a warrant, law enforcement agencies across the world have been able to gain access to WhatsApp chats through backups stored on these cloud services.

What does a user need to do to encrypt the backups of their WhatsApp chats?

Once the service is rolled out later this year, users will get an option to turn on encryption for their backups. There will always be an option to not backup the chats to ensure that the chats never go out of WhatsApp’s infrastructure. Once a user decides to encrypt the backup, a 64-digit key will be generated — this key will be necessary for the backup to be restored at a later point in time. Here, the user will have two options — either they can store the 64-digit key themselves for safe keeping or use WhatsApp’s new Hardware Security Module-based Backup Key Vault to store their key with a password they can create. It is essential to note that in case the password, the 64-digit key or the device through which the key was generated is lost before the encrypted chat backup is decrypted, the user will lose access to the backup. The encryption of the backup will happen before it is uploaded to one of the two cloud services and will stay there as an encrypted file that will be accessible only with the use of the 64-digit key. When someone wants to retrieve their backups, they enter their password, which is encrypted and then verified by the Backup Key Vault. Once the password is verified, the Backup Key Vault will send the encryption key back to the WhatsApp client. With the key in hand, the WhatsApp client can then decrypt the backups. Alternatively, if a user has chosen to use the 64-digit key alone, they will have to manually enter the key themselves to decrypt and access their backups.

How does this work?

In its security white-paper, WhatsApp has compared the system to a safe deposit vault offered by banks, where one key to a vault is provided to the customer to ensure that no one from the bank can alone open the vault without access to the key given to the customer. “With the introduction of end-to-end encrypted backups, WhatsApp has created an HSM (Hardware Security Module) based Backup Key Vault to securely store per-user encryption keys for user backups in tamper-resistant storage, thus ensuring stronger security of users’ message history,” the company said. The HSM-based vault is a digital equivalent of a physical vault, sitting in one of WhatsApp’s servers, containing the key to the encrypted backup. To ensure resilience, WhatsApp said it will deploy this vault in five data centre sites.

A pertinent point to note is that the encryption for backups is being provided only for online cloud services. “Currently, end-to-end encrypted backups are only supported on a user’s primary device In addition, we recommend that users who opt in to end- to-end encrypted backups also deselect WhatsApp from the apps that are included in their device-level backups We will inform users of the need to do this when they set up their end-to-end encrypted backup in WhatsApp,” the company noted.

What could be the impact of this feature?

In a series of tweets, announcing the new feature, Head of WhatsApp at Facebook Will Cathcart said: “Of course, whenever technologists advance security, some will argue that offering more privacy is bad if it makes it harder for governments to access that information. We believe free societies need the best security to protect people. Billions of people now have sensitive digital information — like their private messages — and that information is at an increasing risk of being stolen by hackers, criminals, and even hostile states themselves”. Governments across the globe, including in India, have been seeking a backdoor into encrypted messaging services such as WhatsApp. In the Information Technology Rules announced earlier this year, the Indian government mandated significant social media intermediaries (those with more than 50 lakh users) to trace the originator of a message that is deemed unlawful. The ability to encrypt the backups could elicit a pushback from governments. “…we’re far from a consensus on this. Some governments continue to suggest using their powers to require companies to offer weaker security. We think that’s backwards: we should demand more security from companies for people’s sensitive information, not less,” Cathcart wrote.

Source: The Indian Express

2. Improved water management system for toxic textile effluents developed

Relevant for GS Prelims & Mains Paper III; Science & Technology

Indian researchers have developed an improved water management system that can completely reuse dye wastewater from textile industries, eliminating its toxicity and making it suitable for domestic and industrial usage, the Department of Science and Technology said on September 9. It can reduce water treatment costs and facilitate reuse of water in dry regions, it added. The current three-stage treatment process for wastewater consisting of primary, secondary, and tertiary treatment is unable to treat toxic industrial wastewater.

High cost

The stand-alone advanced oxidation process (AOP) treatment technique for colour and odour properties in industrial effluents (dye-based) may be insufficient to meet the set government standards and is also limited due to the high cost of AOPs involving continuous supply of chemical reagents.

It cannot remove the synthetic industrial dyes and the effervescent colour and odour, which have a long-lasting carcinogenic and toxic effect on the ecological balance, especially aquatic life. In order to remove this toxicity, an upgraded solution with the AOP technology is the need of the day, it added. Working towards this, researchers from Indian Institute of Technology (IIT) Kanpur along with Malaviya National Institute of Technology, Jaipur, and MBM College, Jodhpur, have developed a modified AOP solution.

Modified process

This completely modified treatment process consisting of the primary dosing step, followed by the sand filtration step, another AOP and subsequent carbon filtration step.

It eliminates the need for the conventional primary, secondary, and tertiary processes, resulting in maximum colour removal, and meets the inland water discharge standards.

The DST – Water Technology Initiative (WTI), along with the Indian National Academy of Engineering (INAE) – supported the development of this technology at pilot-level in collaboration with Laxmi Textile Prints, Jaipur.

The much-improved AOP technology targeting zero discharge water management system is being utilised for complete reuse of industrial dye wastewater for domestic and industrial usage at a rate of 10 kilo litres/day. The treatment of toxic and highly carcinogenic industrial dyes of textile effluents is performed using this AOP technology for degrading and mineralising recalcitrant organic matter from effluent wastewater.

Low-cost solution

It is a direct replacement of the existing treatment plant processes and consists of a low-cost solution of dye adsorption on acid-modified soil, followed by a photochemical reaction step within a photocatalytic visible light filter and a unique carbon and PAN (polyacrylonitrile) nano-mat fibre filtration process. Having been set up on a pilot basis, it remediates industrial wastewater.

The technology has resulted in the recuperation of 50% of the treatment cost incurred from conventional processes for water treatment (especially due to the high cost of sludge disposability) in the water-scarce regions of Rajasthan. Further, scaling up of this plant to 100 kilolitres/day capacity to meet the current industrial requirement is underway, it added.

Source: The Hindu

3. Will the new Production-Linked Incentive scheme help textile industry?

Relevant for GS Prelims & Mains Paper III; Economics

Ten months after it first approved a Production-Linked Incentive (PLI) scheme for the textile sector, the Union Cabinet cleared it on September 8, after the Ministry of Textiles incorporated suggestions from the industry. With a total budgeted outlay of ₹10,683 crore, the government has designed the scheme with a view to providing a big fillip to the man-made fibres and technical textiles segments of the industry.

What are the details of the scheme?

The scheme is aimed at promoting industries that invest in the production of 64 select products. The product lines include 40 in man-made fibre apparel, 14 in man-made fibre fabrics, and 10 technical textile segments/products. The investment period is two years, and the incentive will be paid for five years after the first year of post-investment operation. The scheme is for two types of investments. The first entails a minimum of ₹300 crore in plant, machinery, equipment and civil works in a unit that must register a minimum turnover of ₹600 crore once it commences operation. The second is for a minimum of ₹100 crore, where the business achieves a minimum turnover of ₹200 crore. Thus, the incentive is based on a combination of investment and turnover. While details of the 64 specific products are expected to be announced once the scheme is notified — officials expect it by the end of this month — the government has indicated that the incentive for the higher investment scheme would start at 15% of the turnover for the first year, and 11% in the case of the lower turnover plan, decreasing gradually by 1% each subsequent year over the next four years for both schemes. Priority will also be given to investment in aspirational districts, Tier-3, Tier-4 towns, and rural areas.

Why the stress on man-made fibre?

The scheme focuses on the man-made fibre segment to enable the Indian textile and clothing sector to regain its dominant status in the global textiles trade. Currently, Indian production and export of textile and clothing products are largely cotton-based. In 2018-19, while Indian textile and clothing exports amounted to about $36 billion, less than one-third was man-made fibre-based. In contrast, of the total textile and clothing exports by China, it is estimated that almost 80% are man-made fibre-based. Similarly, of the total global fibre manufacturing and consumption, 70% is man-made fibre-related, while in India it is just about 35%. Annual textile and clothing exports have remained largely stagnant over the last seven years, and stuck in the range of $30 billion-$35 billion. India is ranked sixth in the global trade in this sector. Added to this, in recent years, countries including Bangladesh and Vietnam have gained a sizeable share in the man-made fibre segment of the global textile trade, making it all the more vital for India to provide policy support to ensure the country remains competitive internationally. Though the final list of products eligible for the scheme is yet to be notified, it is expected that most of the top globally traded man-made fibre product lines in which India’s share is less than 5% will be covered.

How will it impact traditional textiles such as jute?

The scheme will not impact traditional textile segments such as jute or cotton. It has minimum investment thresholds and select product lines and hence targets a limited number of players. The traditional segments have a large number of industries spread across micro, small and medium enterprises and large-scale operations. They will continue to invest and grow in the fields they are strong in.

Will the scheme help lower dependence on imports?

During 2018-19, the import of man-made fibre garments jumped 39% from the previous year, while the import of the man-made fibre yarn, fabrics, and made-ups rose 16%. With the government recently removing the anti-dumping duty on viscose staple fibre and Purified Terephthalic Acid, most man-made fibre is now available in India at internationally competitive prices. With an incentive to invest in production too, Indian manufacturing of man-made fibre value-added products is expected to increase and thus bring down imports, especially of man-made fibre apparel and fabrics, from countries such as China and Bangladesh.

What lies ahead?

The government has said the scheme will help attract ₹19,000 crore of fresh investments and generate 7.5 lakh jobs. The expectation is that it will motivate industries to make fresh investments in the select product lines and scale up capacities. Global retail brands, which are present in India and sourcing man-made fibre-based apparel from other countries, are likely to start sourcing from India once the garments become available at internationally competitive prices.

Source: The Hindu

4. How will the U.K.’s Children’s Code impact digital space norms?

Relevant for GS Prelims & Mains Paper II; International Issues

Last week the U.K. government brought into effect the Age Appropriate Design Code or the Children’s Code, as an amendment to the Data Protection Act, 2018, operationalising a set of regulations that will make using the digital space safer for children. While the Code is officially in place only in the U.K., tech majors such as TikTok, Instagram and YouTube have tightened safety rules for children, and campaigners hope this will become the norm globally.

What is the Children’s Code?

The Children’s Code is a data protection code of practice for online services likely to be accessed by children. As 5Rights Foundation, which spearheaded the movement, said, “It has the potential to completely transform the way that companies collect, share and use children’s data, requiring them to offer children a high level of privacy protection by default.” It sets out 15 standards for online services, including in apps, games, toy and devices and even news services. Unless the service provider is able to prove that children do not access the service at all, it is required to consider making changes as per the Code.

What are the threats to children online?

Research conducted by 5Rights and Revealing Reality pointed out that within 24 hours of a social media profile being created, children were being targeted with graphic content. It established the pathways between the design of digital services and the risks children face online. According to 5Rights, “It shows that services such as Facebook, Instagram and TikTok are allowing children, some as young as 13 years old, to be directly targeted within 24 hours of creating an account with a stream of harmful content. Despite knowing the children’s age, the companies are enabling unsolicited contact from adult strangers and are recommending damaging content, including material related to eating disorders, extreme diets, self-harm and suicide as well as sexualised imagery and distorted body images.” Further, they concluded that even if the services were not conceived with the intent of putting children at risk, they are by no means ‘bugs’ or mistakes in the code that allow such errors to creep up on children, unbeknownst to the service providers. “These are not ‘bugs’ but features. Revealing Reality interviewed engineers and designers who explained they design to maximise engagement, activity and followers — the three drivers of revenue, not to keep children safe.”

U.K.’s Information Commissioner Elizabeth Denham said, “Data sits at the heart of the digital services children use every day. From the moment a young person opens an app, plays a game or loads a website, data begins to be gathered. Who’s using the service? How are they using it? How frequently? Where from? On what device? That information may then inform techniques used to persuade young people to spend more time using services, to shape the content they are encouraged to engage with, and to tailor the advertisements they see. For all the benefits the digital economy can offer children, we are not currently creating a safe space for them to learn, explore and play.”

Who does the Code apply to?

The Code, according to 5Rights, applies to “information society services likely to be accessed by children”. The definition of an ISS is “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”. This includes apps; programs; search engines; social media platforms; online messaging or internet-based voice telephony services; online marketplaces; content streaming services (like video, music or gaming services); online games; news or educational websites; and any websites offering other goods or services to users on the internet. Electronic services for controlling connected toys and other connected devices are also ISS. The code applies to the U.K. based companies and non-U.K. companies that use data of children in the country. However, as has been seen with the example set out by some tech giants, it makes sense to make the entire architecture child-friendly, and not region-specific alone.

Will children in India benefit from the Code?

As Ms. Denham says, “It is rooted in the United Nations Convention on the Rights of the Child that recognises the special safeguards children need in all aspects of their life.” John Carr, online safety expert based in the U.K., says on his blog that the UNCRC put in an addition, General Comment 25, which looked at child rights in the context of a digital environment. If tech giants universalise their safety architecture, children across the world will benefit from the Code. However, child rights activists say it is high time that the Indian government incorporated child safety into its social media agenda.

Source: The Hindu

5. WHO simplifies treatment guidelines for hypertension

Relevant for GS Prelims & Mains Paper III; Science & Technology

The World Health Organization recently released guidelines for pharmacological treatment of hypertension. Though high blood pressure is a leading cause of disease, disability and death in all regions of the world, affecting an estimated 1.4 billion persons across the world, only 14% have it under control. This is because of three gaps in health system performance. Many who have hypertension are unaware, several of those who are detected are not on treatment and only half of those who are treated are effectively controlled on their prescribed treatment. If health systems do not improve their ability to detect and effectively treat hypertension, serious diseases of heart, brain, kidneys and blood vessels will mount.

Adopt healthy habits

All persons with raised blood pressure will need to adopt healthy living habits: reduced salt intake; consumption of more fruit and vegetables; avoidance or limited intake of alcohol; regular physical activity; maintenance of a healthy body weight; adequate water consumption, good sleep and stress reduction. In addition, several will need drugs for adequate control of blood pressure. The recent WHO guidelines, specifically addressing drug treatment, were framed by an international expert group chaired by me. Apart from assessing the strength of published scientific research, we also drew on the perspectives of policy makers, health system managers, healthcare providers, patients and communities.

While several international guidelines on management of hypertension do exist, many of them reflect the tertiary care perspective of high-income countries. Effective hypertension control must pivot on competent and continuous primary care, for both early detection and long-term management. Guidelines have also been divided over whether hypertension treatment should be initiated on the basis of blood pressure values alone or on a comprehensive risk assessment which takes into account age, gender, smoking status, body mass, prior cardiovascular disease, diabetes and blood cholesterol profile besides blood pressure values. While these measures are useful for customised future risk assessment, insistence on such detailed a priori assessment requiring various laboratory tests may delay initiation of treatment and increase loss to follow-up in primary care. Guidelines must maximise benefits and minimise harm and inconvenience to patients.

The benefit of drug treatment was assessed on health outcomes which included the following: blood pressure control, deaths from any cause, cardiovascular mortality, heart attacks, brain strokes, heart failure and advanced kidney disease. Recommendations were graded on the strength of evidence available and distilled with health system perspectives on feasibility of implementation. The aim was to develop evidence-informed, situationally adaptable, resource-optimising, operationally steerable and equity-promoting guidelines which can be implemented in all countries despite varying health system capacities.

Suggested thresholds

Initiation was recommended for all adults whose blood pressure readings, reliably measured, exceed 140 mm of mercury for the upper level (systolic) or above 90 mm for the lower level (diastolic). However, for persons with a prior history of cardiovascular disease, diabetes or chronic kidney disease, treatment should be initiated if the systolic pressure exceeds 130 mm. The same threshold is advised for persons with a high future risk of developing cardiovascular disease, based on clinical and laboratory assessment. Laboratory tests should be performed at the time of diagnosis of hypertension. However, if testing facilities are not readily available and tests are likely to be delayed, treatment may be initiated with a single relatively safe drug amlodipine (a long acting calcium channel blocker) and tests may then be ordered. When test results are available, they will help with choice of further treatments and in comprehensive risk assessment.

When tests confirm that there are no contraindications to certain drugs, three classes of drugs are offered to the prescribing physician on the strength of evidence. They are: thiazide diuretics and thiazide-like agents; angiotensin-converting enzyme inhibitors or angiotensin receptor blockers (both of which act at different levels of the renin–angiotensin system) and calcium channel blockers. Better clinical outcomes are achieved in most persons when drugs from any two of these categories are initially used in combination, in moderate doses, rather than using a single drug in a high dose. This provides the advantage of combining two different but complementary modes of action and avoids the side-effects that accompany a high dose of any single drug.

Recommended targets

The target is to lower blood pressure values to less than 140/90 mm, in all adults. In persons with known cardiovascular disease, the target is a systolic value less than 130 mm. This is based on strong evidence. The same target is also recommended for persons at a high risk of cardiovascular disease or with co-existing diabetes or chronic kidney disease. Persons in whom treatment has been initiated should be followed up monthly, till the target level has been achieved. Once that has been reached, follow up may be once in three to six months, as feasible.

It has been recommended that non-physicians like nurses and pharmacists can provide drug treatment for hypertension if they receive proper training, have prescribing authority, follow specific management protocols and have physician oversight. Community health workers may assist in patient education, blood pressure measurement and delivery of medications, as part of a health team. Telemonitoring and home or community-based self-care are encouraged to improve blood pressure control, as part of an integrated management system.

These guidelines are positioned within a strong scientific frame of evidence, while accommodating the practical aspects of implementation across diverse health systems. Low- and middle-income countries, which have the highest health burdens resulting from uncontrolled hypertension, should find it easier to implement these guidelines rather than those tailor-made for high-income countries.

Source: The Hindu

6. What is the new framework to share financial data?

Relevant for GS Prelims & Mains Paper III; Economics

On September 2, the Reserve Bank of India launched the account aggregator framework aimed at making financial data more easily accessible. Under it, a number of fin-tech entities have been granted the licence to operate as account aggregators. Eight large banks have also agreed to share various financial data about their customers with account aggregators.

How will an account aggregator work?

The framework will allow financial data to be exchanged between the holders of data and its users. The RBI has allowed a number of companies like PhonePe to act as account aggregators to facilitate this process. Account aggregators will act as intermediaries who will collect data from one financial entity and exchange it with another. For example, a bank which is processing a loan application from a potential borrower may want to access a variety of financial data about the borrower. The lending bank can access details of the borrower’s savings, past loan repayment record, mutual fund holdings and insurance holdings through an account aggregator. The borrower, however, will have to grant consent for the sharing of his data with the lending bank.

What are its benefits?

At the moment, the various financial data of an individual is scattered across the databases of several financial institutions. So a person’s savings and loans data may be with a bank, his investments data may be with a mutual fund, while his insurance data may be with another financial entity. Under the account aggregator framework, all this data can be easily collated and shared through account aggregators with the consent of the individual. Proponents of the framework believe that the easier availability of data will have significant benefits for the economy. They believe the framework will help financial institutions make better assessment of the creditworthiness of individuals, and thus make better loan decisions. Even though mechanisms such as CIBIL already exist to assess the creditworthiness of individual borrowers, their scope is limited. An individual’s PAN number, for instance, captures only a limited number of transactions which are of value higher than a certain minimum threshold amount. It is said the framework will offer a wider array of data to financial firms, making them more willing to serve creditworthy populations that they earlier ignored. Account aggregators can also make life easier for creditworthy customers by allowing them to share their financial data digitally with ease, it is believed. The availability of wider financial data may also help financial institutions offer better products tailored to the needs of individual customers.

What happens next?

The issue of the security of the financial data of individuals will be a looming concern going forward, given the risk of data theft. To protect the privacy of individuals, account aggregators are supposed to receive and share financial data in an encrypted form. The RBI has also said the data ownership will reside with individuals. More financial firms are expected to get on board the framework as offering access to their financial databases will help them gain access to the databases of other firms. Over time, financial institutions may also mandate access to data available through account aggregators as a condition for individuals to receive loans and other services. The eventual success of the framework, however, will depend on multiple factors. Some believe an individual’s PAN number may be a better way to access his financial data as it serves as a common link between multiple accounts maintained by an individual. Further, the extent to which financial firms desire extensive, micro-level financial data from their customers and the enthusiasm among customers to share their data will also play a crucial role.

Source: The Hindu