Securing the India Stack

IndiaStack-logoOver the weekend, the Times of India ran a front page article about how someone was able to hack into India’s Aadhaar database.

Aadhaar is India’s attempt to give everyone in India a unique 12 digit ID that can be used for a variety of government services. The Aadhaar project is part of what many call the India Stack. According to Wikipedia the India Stack is:

…a set of APIs that allows governments, businesses, startups and developers to utilise a unique digital Infrastructure to solve India’s hard problems towards presence-less, paperless, and cashless service delivery.

IndiaStack

In a nutshell, the government is going digital and everything will revolve around this unique 12 digit number. Initially, it will be basic government services then it will move to eKYC (Know Your Customer), payments and beyond.

As more and more services go online using the Aadhaar number to authenticate services, we will hear about more and more security breaches. This is not uncommon in the technology world, in the early days of PayPal (they provide online money transfers) they dedicated a large number of resources to “plug” these holes. The reason why people prefer open source security solutions is because you have a large community of programmers that are looking at the code base and constantly testing it to find holes in it.

The Government of India (GoI) should not sweep these issues under the rug and say everything is secure. When a government official says their technology is “tamper proof” that’s when you know they don’t understand technology. Actually, if they are so confident they should host hackathons. These hackathons have two purposes: 1. potentially find bugs or security issues 2. an excellent hunting ground to find talent for the India Stack team.

The Government should actually embrace these hackers whether they are black hat or white hat. Creating a platform like HackerOne would be a step in the right direction. HackerOne is a bug bounty platform that connects hackers (or as they called them “cybersecurity researchers”) with companies to crowd-source security vulnerabilities.

The idea of embracing hackers goes against the grain of conventional thinking but when it comes to digital, I think it’s the best way to constantly improve security and enhance service delivery. The current thinking of “nothing is wrong and nothing to see here” is old school and needs to die.

By the way if you are concerned about AI (Artificial Intelligence) and robots taking over your job, you are in luck! I think India has a severe deficiency in technology security experts which I don’t think robots will be able to takeover…for now. If I was coming out of college today:

  • I would read every API spec document on Aadhaar, UPI, eKYC and others
  • Not only would I read them, I would tear them apart and see how they work
  • Build Android apps around them to understand a real world implementation
  • Start a blog and give recommendations on how to make them better
  • Download other apps to sniff the traffic and see how they implement these APIs
  • Find Indian companies on HackerOne and monetize (as of now, only Ola is on the platform)

Then the next battle will be those robots!

“Hello, World!’ for Quant Traders

high-frequency-tradingThis is the second blog post on my journey to learn Machine Learning. My first blog post talked about setting up the infrastructure. Now that the infrastructure is up and running, I’m able to get to the business of writing Python code.

Whenever you start to learn ANY programming language the first lesson is usually titled “Hello, World!“. It’s something of a tradition to teach the person the basics of the programming language to output something to the screen which is usually – “Hello, World!”

For quant/algo traders the equivalent of “Hello, World!” is calculating a simple daily moving average (DMA) and building some logic to buy or sell a security based on the DMA parameter.

Below is my “Hello, World!” Will this strategy make you money? Absolutely not. Will it help you build other strategies? Absolutely.

Leaving Apple Island

mrj-high-school-mac

From my high school yearbook (Washington Catholic 1991).

A couple of weeks ago a friend of mine, Sahil, blogged about making the switch from Apple to the Google ecosystem. I haven’t made the jump yet, but I’m on the same trajectory. When I tell people about it, the first question is “why?”

My first memory of an Apple computer was in the early 1980s when a family friend in Chicago had an Apple II and I was mesmerized by it. That green monochrome screen seemed so magical to me. Then for the next 20 years I used Apple computers on and off but was mainly an IBM PC guy.  In 2003, I bought the “lampshade” iMac and started to get hooked into the Apple ecosystem with the iPod, iPod Shuffle and iTunes in 2004. The big move came in 2005 when I bought a MacBook Pro as my “daily driver” and completely ditched the Microsoft clusterf$#% that was Windows.

When the iPhone was announced in January 2007, I knew I had to have it and waited till June when they launched it. By October of that year, I got rid of my BlackBerry and switched to the iPhone. Over the years, I bought more Apple products and slowly accumulated what I call “technical debt.”  As of today, I own the following:

  • iPhone 6
  • iMac
  • MacBook
  • iPad Mini
  • 2 – Apple TVs

Some things just didn’t work as advertised but I was too entrenched in the Apple ecosystem to leave. Case in point, some of the torrent video files I download are in the .mkv container format which you cannot natively play via iTunes and thus can’t steam to an AppleTV. So I was converting (the technical term is transcoding) all those files to an .mp4 format which iTunes could understand. I soon realized I was spending too much time making it all work.

I also noticed that many of the apps I used on my iPhone were by Google and I just loved the software simplicity of Google. So one by one, I moved everything over to Google and currently just using the iPhone 6 for it’s hardware.

  • Email -> Inbox by Gmail
  • iTunes/Music -> Google Play Music
  • Photos -> Google Photos
  • Calendar/iCal -> Google Calendar
  • Notes -> Google Keep
  • Safari -> Google Chrome
  • iCloud Drive -> Google Drive
  • Podcast -> Overcast (non-Google app, but Google is planning to release an update to Google Play Music that will play podcasts)

For streaming video content to my TVs I’m using Plex Media Server on my iMac. And my Sony TVs run Android, so I’m running Plex as an Android app on the TV. Now, I no longer have to convert the files and can natively play any file and stream it to my TV without all that extra work. As of now, I’ve stopped using my Apple TVs.

The first device I will switch out is the iPhone, the OnePlus 5 was just announced but really I’m waiting for the Pixel 2 from Google. Then over time I will switch my iMac and MacBook to Windows 10 based machines and the iPad Mini will get replaced with a Google Pixel C.

When I first started using Apple products I was mesmerized and felt I had reached paradise island. However, after years of being loyal to Apple it’s time to leave the island.

Learning Machine Learning: The Infrastructure

braindata-370x290In 2016, all I was reading about was big data, deep learning, artifical intelligence, machine learning, etc… soon I realized I needed to do more than just read about it. So for 2017, I decided it was time to take a deep dive into Machine Learning and see what all the buzz was about.

I haven’t programmed in 20 years but figured now would be a great time to restart. From all the reading I did in 2016 it was clear that the programming language of choice for Machine Learning was Python. I didn’t want to take a bunch of disconnected courses on Coursera and Udacity to learn about Machine Learning, instead I had a project in mind. When I moved to India 12 years ago, it was to launch an algorithm/quant hedge fund and I was the guy tasked with getting all the technology infrastructure (servers, data feeds, leased lines, datacenter access, etc…) in place and then over time I would learn to build trading algorithms. One thing led to another and I never got around to build those models. Over the years, I felt the algo/quant space was over done and it would be tough to get back into it. However there has been a resurgence with all of the new technologies involving Artificial Intelligence entering the space. So that was my goal, learn Machine Learning to trade the stock market.

I spent the first couple weeks of the new year putting together a plan to accomplish the end goal. The first thing was to take an introduction course on Python from Coursera. In parallel I was researching the algo/quant side and understanding what goes into building models, trading models and risk management. Not only did I want to learn about Machine Learning but whatever I did, I wanted to build it like it was going to be a billon dollar asset management company – highly redundant architecture, quality data feeds and top-notch risk management. It soon became clear this was something that was not going to get built over the weekend!

I was able to breakdown the work into 3 stages:
1. Infrastructure – cloud provider, servers, databases, data feeds, trade execution
2. Research trading models – researching and designing algorithms to produce “alpha”
3. Risk management – once the trade is made, constantly monitoring the position and making sure it fits within the risk model that has been designed. Or as they say within the industry Value at Risk (VaR).

This blog post will talk about the infrastructure and some of the technology I learned along the way.

It quickly became apparent that many of the Machine Learning experts were using something called Jupyter which is an open-source platform to share notebooks and run live Python code. It’s like an online version of an IDE (integrated development environment) that programmers use to build applications.

The next thing was to start getting data and lots of data onto the platform that I had built. For all the crap I talk about Yahoo, they have a pretty good finance section to download historical stock data for Indian stocks. Using pandas, a Python data analysis library, I was able to pull down all the price data I needed.

Some of the technologies I learned and implemented along the way:

  • Amazon Web Services – the cloud provider
  • EC2/Ubuntu – Linux distribution on an EC2 server
  • Let’s Encrypt – secure the server with a free SSL cert
  • Python – programming language
  • Jupyter – online IDE
  • pandas – data analysis library for Python (developed by an AQR employee)
  • Python scripting – used to get the daily price updates from Yahoo
  • RDS/MySQL – database where the price data resides
  • crontab – run the Python script at 2am in the morning
  • crontab.guru – a super simple site to understand the syntax for scheduling cron jobs
  • MySQLWorkBench – Software to interact with the MySQL DB
  • SQL statements – Structured Query Language (SQL) to manage and get data from the DB

Below is a SlideShare document showing the process of setting up the server on AWS:

Part 2 will talk about the research aspect of building trading models – the traditional methods and using the newer Machine Learning tools like Apache SystemML, Caffe2, Microsoft’s CNTK,  TenserFlow and Sciket-learn to name a few.

Thank You, Mukesh Bhai

55724156.cms
On September 1, 2016 the largest Indian company by market cap – Reliance, entered the telecom market…again. In 2002, Reliance launched its first mobile network and brought the per minute call rates down. This time around Mukesh Ambani launched Reliance Jio at the annual shareholders meeting and vowed to bring down the data prices.

I remember last year calling Vodafone to get a better 4G data package and they were offering plans with 2GB, 4GB and some with 8GB of data. And my cable TV provider Hathway was offering monthly plans for 60GB and 80GB of high-speed internet at 50Mbps. Mukesh bhai was not kidding about bringing down the prices. Today, Vodafone is offering me around 7GB a month and Hathway is now offering 200GB a month at the same price I was paying. I’m sure I can negotiate and get better pricing but I’ll wait and see.

When Jio was launched they gave it away for free so everyone could experience high speed internet, which was a brilliant move. It was a hugh gamble by Mukesh and team and I think it has paid off. Because, once you get a taste of high speed internet, you are hooked and it’s really tough to go back to 2G (edge) or 3G speeds.

Although Jio has many pricing plans, I think it’s all noise. They are focused on only 1 plan – the Rs. 303 monthly plan. For Rs. 303 you get unlimited voice calling across India and 28GB of data. 28GB of data per month is a hugh disruption not only for the Indian telecom scene but around the world. AT&T Wireless in the US recently announced their “unlimited” data plan that is capped at 22GB per month.

So why did Jio pick Rs. 303 as the price point that they wanted to focus on? Currently, the average mobile phone user in India spends about Rs. 141 per month, what the industry calls ARPU – average revenue per user. I think Jio is betting that the average Indian user will double their spend to over Rs. 300 a month but only if they find value in it. And from the looks of it, they are finding value in the service. Everywhere I look, people are glued to their phones and streaming content such as movies, music and TV shows. Jio has over 100 million free users and as of March 31, 2017 over 72 million people have applied for the Rs. 99 Jio Prime yearly program.

As I mentioned because of Jio the other telecom providers have dropped their prices as well. Below is a quick comparison:
Jio – Rs. 303, unlimited voice calls, 28GB
Vodafone – Rs. 346, virtually unlimited voice calls, 28GB
Airtel – Rs. 349, unlimited voice calls, 28GB

And just for fun, let’s compare how these plans stack up against the US wireless carriers:
Sprint – Rs. 3888 ($60), unlimited calling, 23GB
T-Mobile – Rs. 4536 ($70), unlimited calling, 28GB
Verizon – Rs. 5184 ($80), unlimited calling, 22GB
AT&T Wireless – Rs. 5832 ($90), unlimited calling, 22GB

I would like to take this opportunity to thank you Mukesh Bhai for changing the telecom game in India not once but twice. I run by your house almost everyday and think of two things as I pass, just how fat is your internet pipe and why do your Z level security agents not like when I try to run on your sidewalk. Or is your fiber optic cabling located under the sidewalk?

The Future of Payments

Fintegrate_2017
Earlier this month I had a chance to be on a panel discussing User Experience (UX) for payments. The panel was part of the Fintegrate Zone 2017 event located at the BSE Building in Bombay hosted by the Zone Startups.

The panel was moderated by Harsimran Julka @HarsimranJulka an editor for the Economic Times. The panel included:
Anurag Sinha, Co-Founder, Walnut App
Deepak Agarwal, CDO, Barclays Wealth
Sohini Rajola, @RajolaSohini, RVP, Western Union
Tina Singh, @tinasinghj, CDO, Mahindra Finance
Malcolm Anthony, Head of User Experience Design, PayPal
Nitin Vyakaranam, @vnitinb Founder & CEO, ArthaYantra

As with any recent discussion involving the Indian financial markets half the time was devoted to talking about Modi’s demonetization. It was more about who benefited from it and who struggled with it, as a whole most fintech startups all benefited from it.

Although we touched on the overall user experience of payments and had much to debate about, I still feel most of the world is struggling with a seamless payment experience. Part of the issue is that people are used to physical cash and it’s been around for ages. People are familiar with it and how to use it, kids from a very young age are taught about physical money and many have piggy banks with some of that loot! Basically, cash is convenient, intuitive and effortless.

But as with everything else, we need to move forward and electronic payments are the future and most governments are behind it as a way to tackle the black money and counterfeit money. Credit/debit cards are a hybrid instrument, although the card is physical in nature it connects to an electronic platform to authorize, clear and settle the payments. Credit cards are prone to fraud since someone can steal your card, go to an online store and enter your card details and buy stuff.

This is where a whole new generation of solutions are entering the marketplace under the banner of mobile proximity payments (MPP), this includes near field communications (NFC) and quick response (QR) codes. NFC is the technology behind Apply Pay, Google Pay, Visa payWave and MasterCard contactless,  it’s a communications protocol that works with devices that are within inches of each other. With Apple Pay when you are ready to checkout, the retailers point of sale (POS) system will “talk” to your phone and then you use Touch ID to authenticate and enable the payment. That really is the way to do it. The problem with NFC is that the phone has to have an NFC chip and so does the retailers POS system. I don’t see this gaining much traction in India as many of the phones are fairly inexpensive and won’t include an NFC chip for years.

How-to-get-paytm-QR-code-175x300
Surprisingly, because of India’s demonetization the use of QR codes has gone from a niche type of application to full mainstream usage. Demonetization was a stroke of luck for Paytm and they turned it into gold. Overnight people needed to send money and many people quickly downloaded the Paytm app and started to transact.

A couple weeks ago, I used the QR code functionality to pay for parking at Phoenix Mills and it was pretty seamless. Since all smartphones have a camera they can scan this QR code and submit a payment to an individual or retailer. I really see this taking off and becoming the standard in India, it’s a low tech solution but sometimes that’s required to get high (mass) adoption in India.

BharatQR, Another Payment Option?

It’s another day and yet another payment option/technology was launched in India. The newest one to the party is called BharatQR, it’s being launched by the Government of India. BharatQR is like Paytm except instead of using e-wallets, you just need a bank account. It’s pretty clear the Indian government is hell bent on getting most people to transact online. With the explosive growth of Paytm, I’m guessing the government decided it needed it’s own QR-code offering.

I think this is a great move but I think the average user will be even more confused now. Below is a list of electronic payment options that I have compiled in alphabetical order:

  1. Aadhar Enabled Payment Service (AEPS)
  2. BharatQR
  3. BHIM
  4. Apple Pay and Android Pay (coming soon…)
  5. Credit/debit card
  6. E-wallets – Paytm, Mobikwik, etc…
  7. IMPS
  8. NEFT
  9. RTGS
  10. RuPay
  11. UPI
  12. USSD

Yeah, even the most tech savvy person would get confused. I think the government should just wrap AEPS, BharatQR and BHIM into a single app and make that the defacto standard.