US – India ICT Working group

IT discussion paper04 November 2009

Earnings Break up, top 10 companies of S&P500 index

Growth (%)

Rank CompanyFY08

Revenue (USD Bn)

06-07 07-08

4 HP India $3.43 37 30

5 IBM India $2.26 52 23

6 Ingram Micro $1.92 25 25

11 Cisco Systems $1.30 30 32

12 Oracle India $1.29 52 22

17 Microsoft India $0.73 26 26

19 Dell India $0.71 66 60

Markets such as India fueling growth for US Tech cos**

Source: Annual reports of companies, *USTPO, **Dataquest

• India has opened up its markets in the Technology sector• US Companies have been generating high growth in both hardware and services,

winning large deals• 7 of the top 20 tech companies in India are US origin

2

INDIA PROVIDING GROWTH FOR US COMPANIES

IN THIS LIGHT, BILLS THAT RESTRICT BUSINESS ARE COUNTER PRODUCTIVE

IMPACT ON INDUSTRY:

No new visas Business model change Higher costsIncreased documentation and bureaucracy

3

Salient points of the bill introduced by Senators Durbin and Grassley

Protectionist measures globally, cause concerns in the Indian IT Industry

Concerns Examples

What does the Industry seek?

CONTRARY TO POPULAR PERCEPTION, INDIAN IT COMPANIES DO NOT HOARD H-1 B VISASBreak up of visas issued to Indian companies (Total visas – 107K) H-1B visas issued to top 30 Indian IT companies

Key Facts• Need for De-registration of H-1B’s :

28,354 H-1B visas granted to the top 6 Indian IT companies from 2006 to 2008. Whereas present number of H-1B’s in US for these companies is around 18,000. Hence ,

– High number of visas granted does not necessarily means more number of workers in US

– Indian companies use H-1B visa to transfer workers for short term assignments

6

India 12%

Non-India84%

Non classified

4%

Source: DOL report FY’08; NFAP (share changes to 15.1% out of 85K)

Key Facts• Indian Companies comply fully with H-1B

dependant norms • Salaries paid to all H-1B employees as per

prevailing wages norm • Indian companies face DOL audits • Indian companies make significant efforts

made for local hiring, however – Indian companies not as recognized as

American brands, hence not first choice

Indo-US Totalisation agreement – lack of progress

• US has signed more than 20 Totalisation agreements all with developed nations

• Systems in the developing world with very large population have to address needs of various strata's of society, hence - multiple layers / frameworks

• Mismatch between US visa regime and US social security • Lack of progress on this a concern for the Indian Industry • Estimates suggest Indian workers contribute more than $1B each year without

receiving any benefits • Unfair treatment handed to some of the best minds who are contribute

towards US companies and economies • Instead of looking at coverage of total population of India, US system should

look at workers in the organized sector who are covered under mandatory framework similar to US system

India proposes: Till the time US system can accommodate country such as India for a comprehensive treaty. A short term arrangement between India and US Government that allows either exemption or refund of the contribution made by workers in their respective countries on reciprocity basis between both countries

Indian population and Social security coverage

Similarities • Agricultural workers and domestic

employees excluded under both systems• Government employees covered under

special programs under both systems• Both systems are managed or regulated

by the State• Both systems are mandatory

Differences• Self-employed excluded under Indian

system• Differences are in

– Nature of labour force– Stage of development– Historical backgrounds

• Indian system not homogenous like US system but is multi-layered

Differences between Indian and US system

Composition of workforce Coverage of the organized workforce

IT (Amendment) Act 2008Section 84 A

Govt. to prescribe the modes and methods for encryption

84 A-Encryption Scenarios

Data-at-Rest, Data-in-Transit, Messaging services

Strong Encryption

Growth of e-governance

Impetus to e-commerce

Trust in Transborder data flow

Law Enforcement Reqd

Access to plain text

Cooperation from industry

Security interest of country

Industry Recommendations: NASSCOM- DSCI

• Cooperation with LEA, without resorting to key recovery• Disclosure of plain text- bit length of algorithm is

irrelevant, as is the registration of products• Implementation difficulties in Transborder relations

• Encryption up to & including 256 bits AES or equivalent• Plain text of encrypted communication, within

reasonable time frame (3 days)• Due process- transparent and subject to oversight• Accountability of LEA agency• ISP, mere conduit, is not responsible to help LEA

Encryption Ecosystem

• Symmetric encryption for session security: e-commerce/ e-governance

• Message encryption

• Securing Data-at-Rest

• By outsourcing industry for securing client data

• Propriety encryption tools

• Various tools used by individual

IT (Amendment) Act 2008: Encryption Policy

Security ManagementISO 27001

IT GovernanceCoBIT

Security StandardsITU-T X.1051

Security PracticesNIST SP 800

Risk ManagementOCTAVE | COSO | FMEA

Infrastructure MgmtITIL | ISO 20000

EU Privacy Directives

US- FTC directives, Patriot Act

GLBA

HIPAA

Aus- Privacy Act 1988

Canada- PIPEDA

JAPAN- JPIPA

UK- Data Protection Act 1998

PCI-DSS

Privacy Regulations

Compliance Regulations

Security Market Research

Academic Collaborations

Industry best practices

Data Protection Authorities

Lega

l & R

egul

ator

y Re

quire

men

ts

Knowledge Collaboration

Legal Forums

Architecture Principles

Product, solution trends

Vendor forums, interactions

Technology advancement

Solution Categories

Security Technology Trends

Security Vendor Collaboration

Tech

nolo

gy a

nd

Vend

or in

tera

ction

sDSCI- A Self Regulatory Org.Data ProtectionBest PracticesCapacity buildingIndependent oversightEnforcementDispute ResolutionCyber Crime Speedier trial

Technology Forums

NASSCOM Approach: DSCI as a Self Regulatory Organization…Best Practices approach to Data Protection