A group of hackers calling itself AnonOps India on Thursday tweeted what it called evidence of the Reliance Jio Chat app transmitting geolocation data to Chinese servers – a potentially illegal act that compromises user privacy because the data is being transmitted through an unsecured connection. The purported exposé was possible after AnonOps members decompiled the binary code running in the app, an intricate piece of reverse engineering which in turn is also illegal.
The group had launched a video on YouTube on June 13 alleging that the Reliance Jio enterprise was engaging in widespread surveillance and privacy violations, and that the group was launching Operation Reliance (#OpStopReliance) in an effort to corroborate its allegations. The latest volley in this campaign is the geolocation data transmission.
AnonOps India posted screenshots to Facebook, Twitter and its Tumblr showing data – not necessarily geolocation data – being sent to Chinese IP addresses via an HTTP connection. Trak.in had reported that the addresses were 124.193.183.96:8086, poc.gongsunda.com:8083, www.rsocial.net:8087 and acp.jiobuzz.com:8090.
HTTP is a protocol that transmits textual data between two nodes using hyperlinks. The secured version of this protocol is called HTTPS, whose use on a website is popularly indicated by an image of a lock placed in or near the URL bar. That the data was transmitted to Chinese servers at all is of little concern – Facebook, for example, regularly redirects user data through servers in the US. The concern is that the data was not encrypted, being sent through an HTTP and not an HTTPS connection, putting it up for grabs for anyone with the know-how to find it.
Their tweets prompted Gautam Chikermane, New Media Director of Reliance Industries, Ltd., to retort that AnonOps didn’t know what it was talking about, that its data had always been encrypted, and that the group was wasting Reliance’s time. However, security experts weren’t convinced. Specifically, Chikermane had said the transmitted data had always been encrypted by “binary encoded protocol”, and that the app had recently been switched to using AES (Advanced Encryption Standard).
1/n: Dear @opindia_revenge, your rants against Reliance Jio amuse me. Facts around world’s largest digital initiative follow#OpStopReliance
Aditya Anand, the founder of a software services firm in Mumbai, clarified that HTTPS was for data transfer over the Internet and AES for saving data, probably on disk, and that there was no excuse for not using HTTPS because AES didn’t forestall the risks that only HTTPS could guard against. He added that implementing great software security could be a nightmare. If that lets Reliance off the hook just a little bit for sending unencrypted data into China, it climbs back up by sending it into servers that aren’t using HTTPS either, and by denying anything is amiss.
Apart from Chikermane’s tweets, no official statement has emerged from Reliance Industries, Ltd. He, however, also said that the data was being sent to China from within the app for users there, billing Jio as a global product. China doesn’t allow Google Maps in the country’s network so apps that seek to provide geolocation facilities must rely on Chinese services, he added. In reply, AnonOps asked why data was being transmitted from India to China and why they were accompanied by errors logs in Chinese.
The dust on this debate hasn’t settled yet. It was only a month ago that Reliance had announced it was launching 4G-enabled mobile devices priced around Rs.2,000 – a bargain any which way – and signalled Mukesh Ambani’s intentions to re-breach the telecom market. Reliance had also said that it was in talks with cheap handset manufacturers like Huawei and Xiaomi in China for hardware support.
Artist concept of NASA’s Europa mission spacecraft approaching its target for one of many flybys. Credit: NASA/JPL-Caltech
On Thursday, NASA okayed the development of a probe to Jupiter’s moon Europa, currently planned for the mid-2020s, to investigate if it has conditions suitable for life. The milestone parallels the European Space Agency’s JUICE (Jupiter Icy Moons Explorer) mission, also planned for the mid-2020s, which will study the icy moons of the Solar System’s largest planet.
The NASA mission has tentatively been called Clipper, and its proposal comes on the back of tantalizing evidence from the Galileo mission that Europa could have the conditions to harbour life. Galileo conducted multiple flybys of the moon in the 1990s and revealed signs that it could be harbouring a massive subsurface ocean – with more than twice as much water as on Earth – under an ice shell a few kilometres thick. It also found that the ocean-floor could be rocky, there were tidal forces acting on the water-body, and that the thick ice shell could be host to plate tectonics like on Earth.
These characteristics make a strong case for the existence of habitable conditions on Europa because they mimic similar conditions on Earth. For example, plate tectonics on Earth moves a jigsaw of landmasses on the surface around. Their resulting interactions are responsible for moving minerals on the surface into the ground and dredging new deposits upward, creating an important replenishment cycle that feeds many lifeforms. A rocky seafloor also conducts heat efficiently toward and away from the water, and tidal forces provide warmth through friction.
With NASA’s okay, the Europa mission moves to the “formulation stage”, when mission scientists and engineers will start technology development. The agency’s fiscal year 2016 budget includes $30 million for just this, according to a May 26 statement, out of a total of $18.29 billion that Congress has awarded it. NASA has already also asked for $285 million through 2020 for the Europa mission, with the overall mission expected to cost $2 billion notwithstanding delays at the time of a launch planned for 2022.
The same statement also announced the scientific payload that would accomplish the mission. Out of 33 proposals submitted, NASA selected nine – all geared toward exploring the ice- and water-related properties of the moon. They could also be pressed into observing other moons in the Jovian neighbourhood – many of which are icy and have curious surface and atmospheric characteristics resembling Europa’s. These include another of Jupiter’s moons, Ganymede, and Saturn’s Dione, Enceladus, Hyperion, Iapetus, Phoebe and Tethys.
ESA’s JUICE mission – part of its broader Cosmic Vision strategy for a class of long-term missions in the 2020s – is planned to launch in 2022 and reach Jupiter by 2030. At one point, it will enter into orbit around Ganymede. If NASA’s Clipper is at Europa by then, what the two probes find could be complementary, and be compared to infer finer details.
On June 9, The Wire broke the story of a Bengaluru-based programmer who’d revealed that an Israeli company was injecting malicious JavaScript code into websites visited on Airtel’s 3G network. Thejesh GN had uploaded the script and screenshots of where he found it was being injected on his website to GitHub on June 3. In reply, he was threatened with overzealous punitive action under the IT Act 2000 by the company, named as Flash Networks, on June 8.
On Monday, in a heartening turn of events, Lawrence Liang, a reputed Bengaluru-based legal researcher and cofounder of the Alternative Law Forum, served a counter-notice to Flash Networks’ notice. Liang asserted his and Thejesh’s right to civil and criminal proceedings against Flash for the “unlawful insertion of code by your client into my clients source code”, which “amounts to a violation of the rights of my client, including but not limited to a violation of his privacy, an attempt to unlawfully access and hinder the operation of his website and a violation of the right to integrity of the work of my client.”
A copy of Liang’s reply was uploaded by Thejesh to his website on Monday. The document describes in detail Thejesh’s actions and the underlying intent – which were tantamount to a review of the JavaScript injection by Flash, their origin from an Airtel-owned IP address, and an inspection of their effects on his website. As the document states, “It is also commonly accepted that whenever one encounters any inserted scripts, viruses or spyware, you publish them as supporting document and evidence so other researchers can review your investigation by looking into it.”
Following Thejesh’s upload to GitHub on June 3, Flash put out its notice on June 8. The next day, in an effort to shut down the GitHub repository in which he had uploaded the screenshots, Flash served a notice under the American Digital Millennium Copyright Act. The repository was then automatically taken down by GitHub for until the matter is resolved.
In the aftermath of these events, Flash has repeatedly asserted that Thejesh violated the “confidentiality” of the script that it was injecting, called Anchor.js. Although Airtel issued a statement saying it had teamed up with Flash to track users’ monthly subscription usage, neither Flash nor Airtel have offered a substantive explanation as to how Anchor.js accomplished it. This is because Anchor.js was also found to be inserting ads onto webpages, which – thanks to their unsupervised nature – could just as well be inserting code that compromised security and user privacy.
Apart from asserting their right to legal recourse instead of the blind compliance that Flash’s DMCA notice expects, Liang has demanded that Flash should “offer an unconditional apology for attempting to insert a malicious piece of code into my client’s website which has affected the functionality of the same as well as lowering the reputation of my client” and “for violating the privacy of my client”.
When the first installment of The Lord of the Rings trilogy was released in 2001, it introduced a whole new generation to the ageless charms of Christopher Lee. Far removed from the often campy Dracula that an earlier set of filmgoers loved him for, he played the ‘white wizard’ Saruman with an electrifying dignity, brushing the character with a majestic flavour of evil. It’s hard to imagine many other actors being able to do that without outright vilification.
Sir Christopher Lee passed away on June 7 in a hospital in London due to respiratory problems and heart failure. He is survived by his wife Birgit Krøncke and their daughter, Christina. He was 93 – fully 69 of which he had spent as an actor, starting with small roles in action films to finally playing the bloodsucking Count in the cultic Hammer Horror films, Lord Summerisle in The Wicker Man, memorably, Francisco Scaramanga in The Man with the Golden Gun, Count Dooku in Star Wars EpisodeII and III, and, of course, Saruman in the movies based on JRR Tolkien’s Middle Earth epic.
Lee was also a popular fixture in horror films in the 1950s to the 1970s, often appearing as characters whose places in the literary canon were as revolutionary beings, great influencers of the zeitgeist. In fact, the list all of his roles will be powered with what appear to be minor ones – in keeping with how Hollywood for long treated science-fiction and fantasy films – with a few major forays here and there that received mainstream acclaim.
From 1950 to 1977, Lee appeared in a host of monster films, playing Dracula eight times for Hammer (1958-1973) and in the regrettable Fu Manchu productions. Although all of the Hammer films fared well commercially, Lee went on record to state that he was emotionally blackmailed into starring in them – principally because the producers ran out of money and would ask Lee to think of all the people he’d put out of work if he backed out.
His Dracula was smooth – in one film, he only hissed – but he had come to hate the lack of challenge. In this time it was as if the pithy roles Lee was being offered insulated him from the acclaim he was starting to receive from the rest of the world. In fact, a film he did in 1970 – The Private Life of Sherlock Holmes – pushed him to refuse being typecast in the future as an ‘evil heavy’, as Christopher “The Count” Lee, and eventually to leave England altogether for America in 1977.
Thus it was only in the 1970s and the 1980s that he started playing characters that would define his legacy the way he wanted. In 1973, Lee starred as the defiant Lord Summerisle in Robin Hardy’s cult classic The Wicker Man, playing a deranged nobleman who has convinced those on his estate of Summerisle that a willing human needs to be sacrificed for every season the local harvest fails. In 1974, he got to play the memorable villain Francisco Scaramanga in The Man with the Golden Gun, where he very nearly stole the show from Roger Moore’s James Bond.
Ian Fleming – whose step-cousin Lee was – conceived of Scaramanga as a crime-hardened Cuban rowdy. But what Lee ended up playing was a villain with great charm and finesse.
Lee took pride in his versatility. In an interview, he once said, “If you’re going to be a real actor, you must possess great versatility, otherwise you’re not going to last very long” – so much so that, to illustrate, he hosted an episode of Saturday Night Live in 1978 with the greats John Belushi, Dan Aykroyd and Bill Murray. Lee later said that before he went onstage that night, he’d been more terrified than before any of his films until then.
A man of many parts, Lee spoke German, French and Italian fluently, could sing (he was a great heavy metal fan and releasing an award-winning metal album called Charlemagne: By the Sword and the Cross in 2010) and fence, and boasted of an impressive variety of wartime experiences before he took to acting as a career.
In the early 1940s, after brief stints in the Finnish army and the British Home Guard, Lee volunteered for the Royal Air Force. Before he was seconded to the Army after the Allied Invasion of Italy in 1943, he was nearly killed twice, came down with six bouts of malaria in one year and received two promotions. In late-1944, he was promoted to flight-lieutenant and sent to Air Force HQ, where he participated in forward planning and liaison. In the last few months before he was discharged and the war was winding down, Lee was attached to the SAS and was part of a team tasked with hunting down and interrogating Nazi war criminals – a job that took him to various concentration camps around Europe.
However, he never spoke about his services in the Special Forces. Sample this now-famous exchange, as forces.tv details,
When pressed by an eager interviewer on his SAS past, he leaned forward and whispered: “Can you keep a secret?”
“Yes!” the interviewer replied, breathless with excitement.
“So can I” replied a smiling Lee, sitting back in his chair.
His career started to flag around the 1990s – not because of the quality of his acting but in terms of the frequency with which he did great films. A notable release in this period was Jinnah, with Lee playing the titular character of the founder of Pakistan. He considers the film his “most important”, “in terms of its subject and the great responsibility” he had as an actor.
Lee’s career was revived spectacularly in 2001 with the release of The Lord of the Rings: The Fellowship of the Ring, in which he played Saruman. There’s an oft-overlooked aspect to this character in the movies: the only other ‘important’ villain in them was Sauron, and he did not possess a physical body, did not command a physical presence. Yes, there were the orcs and the ghastly lieutenants (like the Mouth of Sauron), but as far as a visual focal point of intimidation in the movies was necessary, Lee’s Saruman provided it. Until his death in the first scene of The Return of the King, he was the greatest threat and remained the face of the enemy.
The Return of the King was also a tribute of sorts to Lee’s continued support and endorsement of the fantasy genre through the decades. Even if the Marvel multiverse and the Harry Potter series today tower over other films in terms of earnings, and production houses have become more favourable in terms of sponsoring sci-fi and fantasy films, a part of the support for them can be traced to the success of Peter Jackson’s films: The Return of the King was in fact the first fantasy film to win the Academy Award for Best Picture, in 2004.
During and after starring in the Middle Earth epics, Lee donned the role of the antagonist Count Dooku in two Star Wars films, Episode II: Attack of the Clones (2002) and Episode III: Revenge of the Sith (2005). Also in 2005, he played Willy Wonka’s father in Charlie and the Chocolate Factory. He later said in an interview to Total Films, “Johnny Depp, as far as I’m concerned, is Number One of his generation; there’s no one who can touch him.”
Lee was a product of the ‘old school’, a generation given to resilience and forthrightness, possessing a commitment toward once-commonplace ideas like waiting one’s turn. It’s hard to say if that’s what led to more than six decades of Hollywood success or if it was the other way round – but it doesn’t matter. Lee remained an actor until the day he died (a month ago, he’d signed up for a Danish film). He was proud of the wide variety of people he got the opportunity to play, to work with giants ranging from Laurence Olivier to George Lucas to Tim Burton. And through all the years he, with quiet dignity, made a giant of himself.
In an intriguing case of abuse, a Bengaluru-based programmer was on Monday threatened with a criminal lawsuit for attempting to expose an avaricious program that violated net neutrality.
On June 3, Thejesh GN, an activist and programmer, published screenshots and some text explaining how the Airtel 3G network was inserting some extra lines of code into his browser every time he visited a webpage.
— Thejesh GN ⏚ ತೇಜೇಶ್ ಜಿ ಎನ್ | thejeshgn.com (@thej) June 3, 2015
A brief inspection revealed that the code comprised a few lines of JavaScript that loaded an asset like an advertisement on webpages that Thejesh was visiting. It was called Anchor.js.
A screenshot of the script found to have been injected without the user’s permission. Credit: Screengrab from GitHub
Using a web-based IP tracker, he was also able to find that the code was originating out of the IP address 223.224.131.144 – which belonged to Bharti Airtel Limited.
A screengrab of what the IP-tracker revealed about the source of the script.
According to Vignesh Sundaresan, an Ottawa-based developer, JavaScript injection is a very clumsy technique to add extra functionality to certain programs. “It is often malicious when injected without notifying the user first,” he said. So, Thejesh uploaded the location and other details of the program to GitHub, a collaboration platform on the web for developers, to warn other users.
On June 8, however, he received a cease-and-desist order issued by Flash Networks, Ltd., a company based out of Herzliya, Israel, via their attorneys in Mumbai. The order required that Thejesh remove the description and implications of Anchor.js he had uploaded to GitHub because they violated Flash Networks’ copyright over it. His ‘act’ was alleged to be a criminal offence under the IPC 1860 and Information and Technology Act, 2000.
So I got cease and desist letter for exposing JS injection by big a telco for publishing JS code & screenshots. I will probably remove it 🙁
— Thejesh GN ⏚ ತೇಜೇಶ್ ಜಿ ಎನ್ | thejeshgn.com (@thej) June 8, 2015
On June 9, the order was followed by a takedown notice (under the Digital Millennium Copyright Act of the US) posted to GitHub. After this, Thejesh’s files became inaccessible (although a cached version is available). Developers in the country are calling this a case of cyber-bullying.
The case’s intrigue stems from the intent of Flash Networks, which it never discusses in its notices. In their C&D order, what the attorneys don’t mention is what Anchor.js enables for Flash as well as, and more importantly, the Airtel network. When Thejesh – or any susceptible user for that matter – visits a webpage on the Airtel 3G network, Anchor.js loads an asset, like an advertisement, on that page.
When the user views or interacts with that asset, whichever entity the asset has been posted by makes some money. In this case, since Flash Networks – the source of Anchor.js – is hosted on Airtel’s IP address, the implication is that Airtel is using Anchor.js to make money for itself using the user’s browsing experience. There is also the additional threat of Flash Networks using its unverified script to trawl for user data.
However, since Thejesh did not intend commercial use of Anchor.js (nor did he expose code that wasn’t already confidential), it’s unclear how Flash’s copyright was infringed. Pranesh Prakash, Policy Director at the Centre for Internet and Society, tweeted that irrespective of how Anchor.js harmed Thejesh’s experience, his act of uploading it to GitHub was protected by the Section 52(1)(ac) of the Indian Copyright Act 1957. It states that
the observation, study or test of functioning of the computer programme in order to determine the ideas and principles which underline any elements of the programme while performing such acts necessary for the functions for which the computer programme was supplied
… shall not constitute an infringement of copyright.
More troublingly, the intent of Flash Networks signals that the ISP is violating net neutrality because a user on the Airtel 3G network sees a website X differently than a user on, say, BSNL, because of the asset loaded by the injected script.
Recently, while the net neutrality debate was surging in India following a controversial policy document from TRAI, Airtel Zero was in the thick of things. It involved Airtel being paid by, say, Facebook to let users access Facebook for free on Airtel networks. The deal violated net neutrality because it implied the preferential treatment of data packets based on their sources.
Sundaresan added that should such dubious instances of JavaScript injection be discovered in the Western world, the inserter could be sued for millions.
Airtel has since issued a statement on the issue, claiming the JavaScript injection was a way for it to keep track of how much data the subscriber has consumed, for billing purposes, and termed it a “standard solution deployed by telcos globally”. At the same time, the statement doesn’t explain why the deployment was placing advertisements on the user’s destination webpages – a behaviour Sundaresan says is definitely not part of the standard solution.
In fact, Airtel also distanced itself from the order issued by Flash Networks to Thejesh: “We … categorically state that we have no relation, whatsoever, with the notice.” Even so, that the two companies are and have been associated with each other is betrayed by one of Flash’s press releases from 2014 that includes Airtel and Vodafone among its clients.
If the ISP’s complicity is more conclusively established, it is likely to face legal action for violating user privacy. Because the script could also have been injected when people viewed Thejesh’s website via Airtel’s network, the ISP is also liable to have misrepresented his content to his audience.
It has also emerged since Thejesh’s disclosure that Vodafone might also be engaging in similar insertions of third-party software into browsers.
Note: This article was edited on June 9, 2015, to link to a Flash Networks press release and to include Airtel’s statement.
“So when Pichai talks about the next billion people about to come online with smartphones, I get the impression that, for him, Google’s monetization strategy really is secondary to Pichai’s stated goal: giving people everywhere the power of Google’s machine learning whenever and wherever they need it. He’s clearly proud of the fact that Google’s products work the same whether you’re a billionaire or a rural farmer in a far-flung place. And Pichai’s vision is to ensure that dedication becomes a part of everything Google makes.” (15 min read, theverge.com)
“This very intense freshwater flux into a relatively small and semi-enclosed basin results in an intense dilution of the salt contained in seawater. The over 100 km-wide freshwater mass that is formed from river discharges and runoffs is transported down south by the East Indian Coastal Current, the western boundary current of the Bay of Bengal. The freshwater signal generally becomes smaller and occurs later while progressing toward the southern tip of India.” (3 min read, thehindu.com)
“Is MSG harmful? Not when you consider lab-produced glutamic acid and naturally occurring glutamic acid are chemically indistinguishable. When the compound from either source enters our guts, it’s digested in an indistinguishable way. Finally, here’s the clincher: despite what alarmist news reports will tell you, glutamic acid – and MSG, for that matter – is found naturally in mushrooms, peas, potatoes, soy sauce, tomatoes and walnuts. Yes, people can have legitimate allergic reactions to MSG, but no, its presence in Maggi Noodles doesn’t deserve to be uttered in the same breath as the presence of lead, a heavy metal with far worse consequences.” (6 min read, thewire.in)
“An alternative approach is to check whether already-approved drugs could be used to treat the new disease. This process is called “drug repurposing” or “drug repositioning,” and the US Army Medical Research Institute of Infectious Diseases has applied it to find new drugs for Ebola. In a study just published in Science Translational Medicine, they report finding two such drugs that could be used in Ebola treatment soon.” (4 min read, qz.com)
“But bubbles do not stop all species. To make them scarier, Ovivo, another Quebec firm, illuminates bubbles with flashing bright lights and installs underwater speakers to produce loud noises. Although it seems a bit like an aquatic disco the constantly changing lighting and sound sequences are scientifically calculated to be as obnoxious as possible to various aquatic species. The combo works well enough to mostly keep Chinook salmon, a species not typically afraid of bubbles, out of a pumping station that draws water from the Sacramento–San Joaquin River Delta in Tracy, California.” (4 min read, economist.com)
Chart of the Week
“The authors do not claim to prove that religion causes an innovation deficit. However, they hypothesise that theocratic models of government, in which political leaders are strongly influenced by religious institutions, may provide a channel for anti-scientific views to influence public policy. As examples, they cite the banning of printing in the Ottoman Empire, and the controversial decision by the former American president George W. Bush to limit the federal government’s funding of stem-cell research. Even after taking into account these restrictions, the existence of the United States is still problematic for the theory: a fifth of the world’s GDP comes from a country that is both religious and innovative. And if religion does in fact depress innovation, that does not necessarily mean it is bad for economic growth. After all, faith could quite plausibly offer benefits, such as social cohesion, that outweigh its costs.” (2 min read, economist.com)
In 1968, the New England Journal of Medicine published a letter from Robert Ho Man Kwok, a doctor in Maryland. Kwok wrote that he experienced symptoms like an allergic reaction every time he ate at a local Chinese restaurant, but that he didn’t know what the cause was.
After him, many readers of the journals started to send in letters complaining of similar reactions when they ate Chinese food. The correspondence generated enough interest that, soon after, a neuroscientist named John W. Olney – later known for his study of brain lesions – published a paper in Science that claimed a salt called monosodium glutamate (MSG) in the Chinese food could’ve been the cause of the allergic reactions. The date of Olney’s paper’s publication, May 9, 1969, could for all practical purposes be considered the start of the MSG scare that prevails to this day.
One of the first things the scare had going for itself was Olney’s experiment itself. His paper’s abstract concludes that MSG’s effects interfered with the proper functioning of the endocrine system. However, two things immediately stand out from his study. First, Olney injected MSG into lab mice subcutaneously, i.e. under the skin. If his findings have to be applicable to humans, then, we’ve to inject the salt under our skin, too – and that’s something we never do. Second, he injected the mice with 5-7 mg per gram of body-weight – for a person weighing 75 kg, that translates to 375-525 grams (Olney followed this experiment up with subcutaneous injections of 2.7 g/kg of body-weight of MSG to infant rhesus monkeys). According to the US FDA, however, humans consume something like 14 grams of MSG a day.
It’s toast
In fact, 13 out of the 14 grams we consume is in the form of naturally occurring glutamate, which in turn is equivalent to glutamic acid, an amino acid that’s part of proteins. Whenever we consume food that contains proteins, we’re effectively also consuming glutamic acid – and so glutamate. When glutamic acid forms a salt with sodium, we get MSG. In an aqueous solution, MSG breaks down into glutamic acid and sodium. And these intricate chemical details make up important information in the context of the Maggi scandal.
According to Mid-Day, Nestle has stated that it doesn’t add MSG at the time of manufacturing its flagship noodles product: “We do not add MSG to our Maggi Noodles sold in India and this is stated on the packet of the product concerned.” The previous paragraph and the first episode of the TV show Mad Men illustrate how this could be misleading.
In the show, when the bosses at Lucky Strike are stumped for an advertising strategy that will get their brand of cigarettes ahead of the hoi polloi, Don Draper (Jon Hamm) has the answer. He suggests Lucky Strike be branded along with the words “It’s toasted”. When others in the meeting argue that pretty much all cigarettes are toasted, Draper retorts that consumers won’t care because all they’ll know is that Lucky Strike has been toasted for sure. And if those words are important enough to ride the billboards, then Lucky Strike will become the pioneering brand of cigarettes to have done that in public memory.
Assimilating the MSG anxiety
By that measure, saying Nestle doesn’t add MSG to Maggi Noodles isn’t tantamount to the packets not containing MSG – irrespective of whether or not MSG is harmful. The Nestle statement continues to add, “However, we use hydrolysed groundnut protein, onion powder and wheat flour to make Maggi Noodles sold in India, which all contain glutamate.” The disingenuousness that worked in Lucky Strikes’ favour will, in Nestle’s case, go against it because what’s likely to remain in public memory here is not that glutamic acid is naturally occurring in foods but that Nestle denied adding MSG to its product. And when the lab tests return positive for MSG – which is likely – good luck, Maggi.
It’s to forestall such situations that the US FDA doesn’t allow packages of foods containing MSG from natural sources to claim “No added MSG” like Nestle has with Maggi Noodles in India. The Food Safety and Standards Authority of India, the FDA’s counterpart in the country, in fact defered to the US FDA’s rule that products naturally containing MSG don’t get to add “No added MSG” on the packaging in an Order issued on June 5, 2015. It goes on to say that Nestle’s statement is thus in violation of the Food Safety and Standards (Packaging and Labeling) Regulations, 2011. It remains unclear how the FSSAI made this leap, ignoring the fact that it only implies Nestle violated the US FDA’s rules, not the FSSAI’s. However, the FSSAI by itself doesn’t pronounce that “No added MSG” can’t be printed if the products contain naturally-occurring MSG. The Regulations, as well as a newsletter dating from April 18, 2012, in fact require the explicit mention of MSG’s presence only for products used by infants below 12 months.
So much for the presentation. Now, is MSG harmful? Not when you consider lab-produced glutamic acid and naturally occurring glutamic acid are chemically indistinguishable. When the compound from either source enters our guts, it’s digested in an indistinguishable way. Finally, here’s the clincher: despite what alarmist news reports will tell you, glutamic acid – and MSG, for that matter – is found naturally in mushrooms, peas, potatoes, soy sauce, tomatoes and walnuts. Yes, people can have legitimate allergic reactions to MSG, but no, its presence in Maggi Noodles doesn’t deserve to be uttered in the same breath as the presence of lead, a heavy metal with far worse consequences.
Intents and responsibilities
And how harmful is MSG at all? Katherine Woessner, an immunologist with the Scripps Clinic Medical Group, toldScience Friday in 2014 that “there’s a great misunderstanding” when it comes to assessing the risks of consuming MSG. The conclusions of multiple studies over the years, especially a double-blind study in 2000 involving 130 test subjects, have swung from ‘no link between MSG and allergic reactions’ to ‘link between MSG and minor allergic reactions’. This isn’t to say that there is no link whatsoever, but that if there is a link, it has manifested among humans in the form of short-lived and verily curable symptoms (unless, of course, it’s being injected under the skin many grams at once).
Moreover, those who do focus on MSG labour with tunnel vision, forgetting agriculture as we practice it consumes a lot of chemicals, many of them potent teratogens, for they help maintain the scale at which we produce and consume food. Even shortcomings in the way the apprehension against MSG has bloomed can find roots in how, for example, the FSSAI doesn’t specify when packaged foods can or can’t say “No added MSG”; or how the food inspectors in Uttar Pradesh who found problems with Maggi Noodles in February 2014 didn’t notify the FSSAI until more than 12 months later; or, to indulge in a stretch, why the US FDA continues to require manufacturers to mention the presence or absence of MSG (on products meant for adults) even though it has reason to believe it is a minor allergen.
From behind the thick curtains of the Indian Meteorological Department’s offices, it was announced on June 2 that the monsoon forecast for 2015 was being revised from 93% to 88% of the long-period average (LPA), ringing in fears of a drought.
The LPA hovers around 89 cm, computed using the rainfall received between 1951 and 2000. The forecast of 88% was made with an error of 4%, meaning the predicted amount of rainfall for the southwest monsoon, which lasts from June to September, ranges from 84% to 92% (74.76-81.88 cm). A normal or good monsoon is pegged at 96% to 104%.
The IMD’s annual forecasts form the basis of estimating crop yields in the country. Although the advent of groundwater irrigation that kicked in in the 1960s helped stave off losses due to deficient rainfall in the subsequent decades, reckless expansion unaccompanied by efforts to replenish the water means farmers will be back to writing off crops during periods of insufficient rains. It has already been suggested once that water supply will fall below 50% of demand by 2030.
At the same time, the basis of the IMD’s predictions are also suspect. The agency lists some 36 papers on its website that it uses as the basis of its modeling but does not provide the contents of those papers, making it difficult to verify its predictions. Alternatively, private forecasters like Skymet Weather disagree with the IMD’s outlook.
Skymet CEO Jatin Singh wrote on his site on June 2 that he’s sticking to his company’s prediction of a normal monsoon this year. The reason for his optimism? “… if the El Nino episode is a continuing El Nino from [the previous] year, the monsoon in the second year does not fail as often as it fails in the first year of evolution.”
The El Nino southern oscillation is a heating-and-cooling pattern of the waters of the Pacific Ocean along the South American coast. Its variations are influenced by trade winds along the equator, and in turn affects weather patterns worldwide.
Interestingly, an analysis performed by the Wall Street Journal earlier this year showed that, given even the generous 4% margin of error within which the IMD operates, it has got the annual monsoon levels right only six times in the last 21 years. Evidently, monsoon-forecasting in the country leaves much to be desired.
“But at least these places had a “dry heat,” and overnight temperatures have been falling into the 80s. Along the coast, temperatures were slightly lower, but much higher humidity levels created a punishing heat index that persisted throughout the night. In Mumbai, for example, the heat index bottomed out just below 100 degrees Fahrenheit, and only for a few hours overnight Wednesday. In severe heat waves, oppressively hot overnight temperatures are extremely deadly, because there’s just no chance for overheated bodies to cool off. That means the “misery index”—a creation of Web developer Cameron Beccario that factors in both heat and humidity—is off the charts nearly nationwide.” (4 min read, slate.com)
“There are no takers for all the generation capacity that is in place. There is demand but they don’t have the money to pay for the power due to the health of the [state distribution companies],” a senior government official told ET, adding that discoms across all states had incurred accumulated losses of Rs 2.51 lakh crore in 2012-13. In 2014-15, 22,566 MW of capacity was commissioned, which officials and experts said were stuck in the pipeline for years till they were put on the fast-track by the UPA in its fag end through the Cabinet Committee on Investments.” (4 min read, economictimes.com)
“Twins have fascinated both scientists and Bollywood directors alike. Why are there are some places with a statistically higher incidence of twin births? Much higher! Is it the water, the air, or could it be the yam? Padmaparna Ghosh and Samanth Subramanian investigate the mysteries behind twin births, getting behind the science, the statistics and some plain old superstition to uncover the theories and the conspiracies.” (12 min listen, audiomatic.in)
“Break Dengue, a site funded by drug companies, NGOs, and other health groups, posits an unlikely potential factor in Madeira’s outbreak: global football star Cristiano Ronaldo. The epidemic’s origins trace back to a charter flight of tourists from Venezuela, according to Ana Clara Silva, an epidemiologist at Madeira’s health institute, who spoke at a recent infectious disease conference in London. Break Dengue’s Gary Finnegan noted that the tourists were quite possibly making a pilgrimage to the Portuguese soccer mega-star’s birthplace, as Ronaldo is a major tourist draw for Madeira.” (3 min read, qz.com)
“The authors show that as a country’s ethnic inequality falls, average GDP per person rises. A one-standard-deviation decline in a country’s ethnic Gini index—the equivalent of moving from the level of Nigeria to that of Namibia—is associated with a 28% increase in GDP per person. It seems likely that ethnic inequality leads to low levels of development, not the other way around. After all, in other tests the authors find that ethnic inequality mostly reflects unequal geographical endowments, such as more fertile land and distance to the coast. What explains these results? When there is inequality along ethnic lines, the paper suggests, those grouped at the bottom feel their poverty more keenly. The rich are easier to identify, and thus an easier target. All told, ethnically imbalanced societies may be more prone to conflict, which is hardly good for growth.” (2 min read, economist.com)
Chart of the Week
“In 2000, United Nations member countries agreed to ambitious development targets that they hoped to reach by 2015. These are the Millennium Development Goals (MDG). Among them was to reduce the number of people suffering from undernourishment—enough to cut the global hunger rate in half. Now 2015 is here, and it turns out the world is actually doing a pretty good job on that measure. The UN has released its annual report on hunger, which it defines as chronic undernourishment—the inability to acquire enough food for at least one year. Here’s what it found: since 1990 31 more countries have met the UN goal of cutting hunger in half or bringing it under 5% of their populations.” (2 min read, qz.com)
DUAL_EC_DRBG is the name of a program that played an important role in the National Security Agency’s infiltration of communication protocols, which was revealed by whistleblower Edward Snowden. The program, at the time, drew the suspicion of many cryptographers who wondered why it was being used instead of the NIST’s more advanced standards. The answer arrived in December 2013: DUAL_EC_DRBG was a backdoor.
A backdoor is a vulnerability deliberately inserted into a piece of software to allow specific parties to decrypt it whenever they want to. When the NSA wasn’t forcibly getting companies to hand over private data, it was exploiting pre-inserted backdoors to enter and snoop around. Following 9/11, the Patriot Act made such acts lawful, validating the use of programs like DUAL_EC_DRBG that put user security and privacy at stake to defend the more arbitrarily defined questions of national security.
However, the use of such weakened encryption standards is a Trojan horse that lets in the weaknesses of those standards as well. When engineers attempt to use those standards for something so well-defined as the public interest, such weaknesses can undermine that definition. For example, one argument after Snowden’s revelations was to encrypt communications such that only the government could access them. This was quickly dismissed because it’s open knowledge among engineers that there are no safeguards that can be placed around such ‘special’ access that would deter anyone skilled enough to hack through it.
It’s against this ‘power draws power’ scenario that a new report from the UN Office of the High Commissioner for Human Rights (OHCHR) makes a strong case – one which the influential Electronic Frontier Foundation has called “groundbreaking”. It says, “requiring encryption back-door access, even if for legitimate purposes, threatens the privacy necessary to the unencumbered exercise of the right to freedom of expression.” Some may think this verges on needless doubt, but the report’s centre of mass rests on backdoors’ abilities to compromise individual identities in legal and technological environments that can’t fully protect those identities.
On June 1, those provisions of the Patriot Act that justified the interception of telephone calls expired and the US Senate was unable to keep them going. As Anuj Srivas argues, it is at best “mild reform” that has only plucked at the low-hanging fruit – reform that rested on individuals’ privacy being violated by unconstitutional means. The provisions will be succeeded by the USA Freedom Act, which sports some watered-down notions of accountability when organisations like the NSA trawl data.
According to the OHCHR report, however, what we really need are proactive measures. If decryption is at the heart of privacy violations, then strong encryption needs to be at the heart of privacy protection – i.e. encryption must be a human right. Axiomatically, as the report’s author, Special Rapporteur David Kaye writes, individuals rely on encryption and anonymity to “safeguard and protect their right to expression, especially in situations where it is not only the State creating limitations but also society that does not tolerate unconventional opinions or expression.” On the same note, countries like the US that intentionally compromise products’ security, and the UK and India which constantly ask for companies to hand over the keys to their data to surveil their citizens, are now human rights violators.
By securing the importance of strong encryption and associating it with securing one’s identity, the hope is to insulate it from fallacies in the regulation of decryption – such as in the forms of the Patriot Act and the Freedom Act. Kaye argues, “Privacy interferences that limit the exercise of the freedoms of opinion and expression … must not in any event interfere with the right to hold opinions, and those that limit the freedom of expression must be provided by law and be necessary and proportionate to achieve one of a handful of legitimate objectives.”
This anastomosis in the debate can be better viewed as a wedge that was created around 1995. The FBI Director at the time, Louis Freeh, had said that the bureau was “in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge’s authority where we can get there if somebody is planning a crime.”
Then, in October 2014, then FBI Director James Comey made a similar statement: “It makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact.” In the intervening decades, however, awareness of the vulnerabilities of partial encryption has increased while the law has done little to provide recourse for the gaps in online protection. So, Comey’s arguments are more subversive than Freeh’s.
Kaye’s thesis is from a human rights perspective, but its conclusions apply to everyone – to journalists, lawyers, artists, scholars, anyone engaged in the exploration of controversial information and with a stake in securing their freedom of expression. In fact, a corollary of his thesis is that strong encryption will ensure unfettered access to the Internet. His report also urges Congress to pass the Secure Data Act, which would prevent the US government from forcibly inserting backdoors in software to suit its needs.
