Access To Knowledge (A2K)

Cyber Policy Centres Meeting in Sri Lanka

Admin — 2019-01-21T23:50:45Z

Elonnai Hickok, Sunil Abraham and Ambika Tandon participated in this event organized by IDRC in Sri Lanka on January 11 - 14, 2019.

Download the agenda here

See the presentation here

For more details visit https://cis-india.org/internet-governance/news/cyber-policy-centres-meeting-in-sri-lanka

Cyber Policy 2.0

Admin — 2019-08-19T14:18:13Z

National Law University organized an executive education program in Bangalore on August 17, 2019. Arindrajit Basu was a speaker. He spoke on Deconstructing the India regulatory approach to data governance and cyber security.

For more details about the program, click here

For more details visit https://cis-india.org/internet-governance/news/cyber-policy-2.0

Cyber law experts asks why CERT-In removed advisory warning about WhatsApp vulnerability

Megha Mandavia — 2019-11-15T00:48:00Z

On the missing web page note, CERT-In had provided a detailed explanation of the vulnerability, which could be exploited by an attacker by making a decoy voice call to a target.

The article by Megha Mandavia was published in ET Tech.com on November 4, 2019. Pranesh Prakash was quoted.

Cyber law experts have asked the government to explain why the Indian computer emergency response team (CERT-In) removed from its website two days ago an advisory it had put out in May warning users of a vulnerability that could be used to exploit WhatsApp on their smartphones.

“This is merely further evidence that the explanation is to be provided by GoI (Government of India) instead of blame shifting and politicizing the issue,” said Mishi Choudhary, the legal director of the New York-based Software Freedom Law Center. “India is a surveillance state with no judicial oversight.”

On the missing web page note, CERT-In had provided a detailed explanation of the vulnerability, which could be exploited by an attacker by making a decoy voice call to a target.

It had warned WhatsApp users that the vulnerability could allow an attacker to access information on the system, such as logs, messages and photos, and could further compromise it. CERT-In rated the severity “high” and asked users to upgrade to the latest version of the app.

It also listed links to hackernews and cyber security firm Check Point Software that pointed to the alleged involvement of Israeli cyber software firm NSO Group in the hacking of WhatsApp messenger.

CERT-In Director-General Sanjay Bahl did not respond to ET’s mails or calls seeking clarity on why the advisory was pulled from its website.

The Times of India reported first the development.

The government had blamed WhatsApp for not informing it about the attack and asked the Facebook-owned company to respond by November 4.

In response, WhatsApp sources pointed out that it had informed CERT-in in May about the vulnerability and updated in September that 121 Indian nationals were targeted using the exploit, ET reported on Sunday.

“We should not read too much into it. It could just be bad website management. The vulnerability was public knowledge. It was reported by the Common Vulnerabilities and Exposures (CVE) organization in May,” said Pranesh Prakash, fellow at the Centre of Internet and Society, a non-profit organisation.

The government has also questioned the timing of the disclosure, as it comes amid a request by it to the Supreme Court seeking three months to frame rules to curb misuse of social media in the country.

The government has categorically told WhatsApp that it wants the platform to bring in a mechanism that would enable tracing of the origin of messages, a demand that the instant messaging platform has resisted citing privacy concerns.

For more details visit https://cis-india.org/internet-governance/news/et-tech-megha-mandavia-november-4-2019-cyber-law-experts-asks-why-cert-in-removed-advisory-warning-about-whatsapp-vulnerability

Cyber experts suggest using open source software to protect privacy

praskrishna — 2013-07-03T04:32:48Z

Big Brother is watching. With the Central Monitoring System (CMS) at home and PRISM from the US, millions of users worldwide have become vulnerable to online surveillance by state agencies without even realizing it. No surprise, several cyber security experts feel that building one's own personal firewall is a good way of fortifying online privacy.

The article by Kim Arora was published in the Times of India on June 22, 2013. Sunil Abraham is quoted.

One enterprising netizen has compiled a list of services, from social networks to email clients, and even web browsers, that offer better protection from surveillance. They are listed on a web page called prism-break.org.

When asked about steps that a digital native can take to protect his privacy and online data, Sunil Abraham, executive director of Bangalore-based non-profit Center for Internet and Society said, "Stop using proprietary software, shift to free/open source software for your operating system and applications on your computer and phone. Android is not sufficiently free; shift to CyanogenMod. Encrypt all sensitive Internet traffic and email using software like TOR and GNU Privacy Guard. Use community based infrastructure such as Open Street Maps and Wikipedia. Opt for alternatives to mainstream services. For example, replace Google Search with DuckDuckGo."

Use of licensed or proprietary software, which bind users legally when it comes to use and distribution, seems to be losing favour among an informed niche. While alternative software cannot offer absolute protection, it is being seen as a "better-than-nothing" option. Anonymisers like TOR, though also not entirely foolproof, are also a popular option among those who wish to keep their web usage untraceable. Once installed on a browser, anonymisers can hide the route that digital traffic takes when sent from your computer over a network before emerging at an end node.

There is one caveat, though. Some websites can deny service to users operating on certain anonymising networks. Also, anonymisers are known to reduce browsing speeds. In India, where broadband speeds are already abysmally low, anything that slows one down even further would find popularity hard to come by.

Computer and network security expert Aseem Jakhar too recommends open source software since they offer the convenience of customization to suit one's encryption needs and are able to verify the source code. For laypersons, there are other tools. "One can use anonymisers like TOR which encrypt your communication and hide your identity. With these it becomes very difficult to exactly locate the source. For email clients, it is best to use ones that offer end-to-end strong encryption," he says. Jakhar, co-founder of open security community "null", also recommends the use of customized and Linux systems for more advanced users. Default Linux distributions, he points out, may have free online services which can again be analysed by the governments.

The home-bred CMS programme seeks to directly procure data pertaining to call records and internet usage for intelligence purposes without going through telecom service providers. There were fears of abuse when information about the programme, kept under strict wraps by the government, trickled in. Department of Telecom and Ministry of IT and Communication have been reticent about the state of implementation of the 400-crore rupees programme.

PRISM, a similar, international monitoring programme mounted by the US and revealed to the world by the US National Security Authority whistleblower Edward Snowden, has raised concerns of safeguarding digital information the world over.

For more details visit https://cis-india.org/news/times-of-india-june-22-2013-kim-arora-cyber-experts-suggest-open-source-software-to-protect-privacy

Cyber experts say 'playground open' for influencing elections

Admin — 2018-05-03T03:17:33Z

Cyber experts said that under the provisions provided by 43 (A) of Indian IT Act, two types of data collection are completely legal: first, the data shared by the user in the public domain and secondly, the data published by the social platforms, like Facebook.

This article was published in the Economic Times on May 2, 2018. Sunil Abraham was quoted.

With the Karnataka Assembly elections round the corner, the cyber experts have said that it is quite possible to influence elections in India.

Talking to ANI, cyber expert Sunil Abraham did not rule out the possibility of influencing the voters as India does not have data protection law in place.

He said under the provisions provided by 43 (A) of Indian IT Act, two types of data collection are completely legal: first, the data shared by the user in the public domain and secondly, the data published by the social platforms, like Facebook and Twitter, which was shared by the user for his/her friends.

"Both these types of data are not considered sensitive personal data. Under Indian law, if they are collecting your biometrics, passwords and health information only then they need your consent," Abraham told in an exclusive interview.

Replying a question about the chances of political parties influencing elections, Abraham said, "One cannot answer this question with a clear yes or no. But, the more a political party has in its database about you; the more they can micro-target you for various types of advertising."

He, however, said with the literacy level of Indian internet users, the chances are high that they can be manipulated.

"Once they do this, especially in a country where 30 percent of the public is illiterate and only 10 percent of public knows English and many-many users have just come online, there is a high chance that these users can be manipulated," the cyber expert said.

When asked can it be termed influence, he said, "It will definitely be an influence. Most of the internet users in India have just come online, they don't have media literacy; they have not consumed older technologies like television and broadcast media like radio sufficiently enough so it is easy for these users to get fooled by the content that is propaganda and fake news etcetera."

Abraham said it is unlikely that India will have a data protection law before 2019 general elections, which means the playground is open for people with a clever idea to manipulate voters.

"India is working on data protection laws from last eight years. With the existing laws; all the political parties, social media companies, and search engine optimization companies etcetera can do what they want and they won't get into trouble. So, it is very unlikely that this data protection law is going to be approved by Parliament the 2019 elections. So for the 2019 elections, it is going to be very exciting times because anybody who has any clever idea when it comes to manipulating voters, they will definitely try it. Because, there is no law to stop them from trying those tricks," the cyber expert said.

Replying to another question about India's position in data security, he said, 'India is lagging as per the global trend across the world. The European Union's world-class data protection law called 'General Data Protection Regulation' is being followed by all the countries with the exception of the US. About 108 countries have the data protection laws which look similar to the EU's General Data Protection Regulation."

He, however, added, "We shouldn't be upset because making a law in a big country like India takes time. Shri Krishna Committee is going to present the draft of the Indian data protection law and hopefully, within one or two years India will have data protection law."

Another expert Shubhamangala Sunil told ANI that "In India, our data is not secure today. Be it politicians or businesses, they want the database of people. Many data breaches have already happened and they are being used for different propagandas".

She said the union government and state governments should come forward and tell people about data security measures instead of people complaining about the data breach.

She also said India is at least 10 years behind in comparison with the world in the cyber security domain.

The comments of the experts have come in the backdrop of recently data breach in the Facebook wherein its CEO Mark Zuckerberg faced US Congress for two days over the data theft. The Facebook-Cambridge Analytica data scandal involves the collection of personally identifiable information of up to 87 million Facebook users and almost certainly a much greater number that Cambridge Analytica began collecting in 2014.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-2-2018-cyber-experts-say-playground-open-for-influencing-elections

Cyber Dialogue Conference 2014

praskrishna — 2014-04-08T05:09:54Z

The Cyber Dialogue conference, presented by the Canada Centre for Global Security Studies at the Munk School of Global Affairs, University of Toronto, will convene an influential mix of global leaders from government, civil society, academia and private enterprise to participate in a series of facilitated public plenary conversations and working groups around cyberspace security and governance.

Malavika Jayaram is participating in this event being held on March 30 and 31, 2014. Full event details here.

After Snowden, Whither Internet Freedom?

A recent stream of documents leaked by former NSA contractor Edward Snowden has shed light on an otherwise highly secretive world of cyber surveillance. Among the revelations — which include details on mass domestic intercepts and covert efforts to shape and weaken global encryption standards — perhaps the most important for the future of global cyberspace are those concerning the way the U.S. government compelled the secret cooperation of American telecommunications, Internet, and social media companies with signals intelligence programs.

For American citizens, the NSA story has touched off soul-searching discussions about the legality of mass surveillance programs, whether they violate the Fourth and Fifth Amendments of the U.S. Constitution, and whether proper oversight and accountability exist to protect American citizens' rights. But for the rest of the world, they lay bare an enormous “homefield advantage” enjoyed by the United States — a function of the fact that AT&T, Verizon, Google, Facebook, Twitter, Yahoo!, and many other brand name giants are headquartered in the United States.

Prior to the Snowden revelations, global governance of cyberspace was already at a breaking point. The vast majority of Internet users — now and into the future — are coming from the world’s global South, from regions like Africa, Asia, Latin America, and the Middle East. Of the six billion mobile phones on the planet, four billion of them are already located in the developing world. Notably, many of the fastest rates of connectivity to cyberspace are among the world’s most fragile states and/or autocratic regimes, or in countries where religion plays a major role in public life. Meanwhile, countries like Russia, China, Saudi Arabia, Indonesia, India, and others have been pushing for greater sovereign controls in cyberspace. While a US-led alliance of countries, known as the Freedom Online Coalition, was able to resist these pressures at the Dubai ITU summit and other forums like it, the Snowden revelations will certainly call into question the sincerity of this coalition. Already some world leaders, such as Brazil’s President Rousseff, have argued for a reordering of governance of global cyberspace away from U.S. controls.

For the fourth annual Cyber Dialogue, we are inviting a selected group of participants to address the question, “After Snowden, Whither Internet Freedom?” What are the likely reactions to the Snowden revelations going to be among countries of the global South? How will the Freedom Online Coalition respond? What is the future of the “multi-stakeholder” model of Internet governance? Does the “Internet Freedom” agenda still carry any legitimacy? What do we know about “other NSA’s” out there? What are the likely implications for rights, security, and openness in cyberspace of post-Snowden nationalization efforts, like those of Brazil’s?

As in previous Cyber Dialogues, participants will be drawn from a cross-section of government (including law enforcement, defence, and intelligence), the private sector, and civil society. In order to canvass worldwide reaction to the Snowden revelations, this year’s Cyber Dialogue will include an emphasis on thought leaders from the global South, including Africa, Asia, Latin America, and the Middle East.

For more details visit https://cis-india.org/news/cyber-dialogue-conference-2014

Cyber criminals hide in the ‘dark web’ to remain anonymous

Tushar Kaushik — 2019-05-02T13:55:39Z

An increasing number of cyber criminals are using the dark web — the encrypted part of the internet that cannot be tracked — to shop for software that helps them remain anonymous while carrying out their crimes.

The article by Tushar Kaushik was published in Economic Times on May 2, 2019. Karan Saini was quoted.

The dark web is a part of the deep web, the non-indexed part of the world wide web that cannot be accessed by standard search engines such as Google and requires encrypted networks such as Tor browser.

The most significant feature of this world is that the identity of its users is hidden and cannot be tracked, which is why several illicit products such as weapons and drugs are available here. Cyber criminals, too, appear to be shopping here.

According to app developer and cofounder of TBG Labs Harsha Halvi, the deep web makes up as much as about 65- 75% of the world wide web. “Many tools that can be used to commit cyber frauds are available on the dark web,” said cyber crime police station inspector M Chandrappa. Deputy superintendent at the cyber crime police station of CID MD Sharath said it was difficult to ascertain the frequency of usage of such applications by criminals.

Those fighting cyber crime in Bengaluru say that as most cases are not detected, chances are that more and more criminals are using the dark web. While investigating a case recently, a suspect admitted to having downloaded a software from the dark web that enabled him to disguise his number and also prevent it from being traced, the police said. “If a person has used tools from the dark web to hide his number, the investigation ends right there, as we do not have the necessary tools and software to trace the person,” a senior police officer said.

Experts say that while there are ways to trace activity on the dark web, police officials would require special training and specific information about the activity. Security researcher and policy officer at the Centre for Internet and Society Karan Saini said, “Attempting to track unconventional online behaviour would call for development of new methods, along with formal training for those involved, especially if malicious actors are using the Tor network to carry out illicit activities instead of the clear web.”

Halvi said some agencies like the FBI deploy ethical hackers to track specific websites on the dark web. “But they, too, have to rely on getting specific information from people to investigate the dark web. It is a time-consuming process.”

Bitcoin transactions are the preferred mode of payment for purchases on the dark web as they cannot be traced. However, Saini said some US-based researchers have written academic papers on how bitcoin exchanges can be tracked.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-2-2019-tushar-kaushik-cyber-criminals-hide-in-the-dark-web-to-remain-anonymous

Cyber crimes shoot up 52% in India over last year

praskrishna — 2014-07-03T10:14:26Z

There has been a sharp increase in the incidence of cyber crime in the country. The number of cases registered in 2013 under the IT Act has gone up by 52 per cent to 4,192 as against 2,761 in the previous year.

The article by K.V.Kurmanath was published in the Hindu Businessline on July 2, 2014. Bhairav Acharya gave his inputs.

If you add the cases registered under the IPC, the total number of cyber crime cases crosses the 5,500-mark. Police across the country arrested 3,301 persons in connection with these cases.

Maharashtra and Andhra Pradesh (undivided) have topped the list with 681 and 635 cases respectively under the IT Act, both showing an almost 50 per cent growth in cyber crimes over the previous year. In the previous year, Maharashtra had registered 471 and Andhra Pradesh 429.

Cyber security experts have been cautioning people to be careful while using the Internet. Besides increasing the security of the networks they are using, users must be careful while engaging with strangers.

A recent Microsoft report said many customer infections involve users tricked to install secondary offers, indicating a shift in malware proliferation. According to the latest data provided by the National Crime Records Bureau, the official chronicler of crime in the country, cyber crime registered under the Indian Penal Code (IPC) has shown a much higher growth rate of 122 per cent in 2013 over the previous year’s figure. IPC cases went up to 1,316 in 2013 from 595 in the previous year. Maharashtra topped the list here too with the cops booking 226 cases in this category.

Wrong nomenclature?

Bhairav Acharya of the Centre for Internet and Society feels that the term cyber crime has not been defined well. “It is time we do away with the practice of calling any crime a ‘cyber crime’ just because the person who does it uses a computer,” he said.

“Instead, I think the term ‘cyber crime’ should only be used in relation to offences that can only be committed by using information and communications technology (ICT) such as the internet (which is comprised of the world wide web, email protocols, file transfer protocols, and more) as well as network infrastructure that is not the internet,” he said.

Hence, only if there is a direct causal link between the crime and ICT and network technology should a crime be called a cyber crime, Acharya says.

Other States with a high number of cases booked under the IT Act include Karnataka (513), Kerala (349), Madhya Pradesh (282) and Rajasthan (239). Gujarat showed a decline with the number coming down to 61 from 68 in the previous year.

For more details visit https://cis-india.org/news/the-hindu-business-line-july-2-2014-kv-kurmanath-cyber-crimes-shoot-up-in-india-over-last-year

Cyber Crime & Privacy

merlin — 2011-09-01T09:36:11Z

India is a growing area in the field of active Internet usage with 71 million Internet users.

Introduction

India is a growing area in the field of active Internet usage with 71 million Internet users.[1] “Cyberspace is shorthand for the Web of consumer electronics; computers and communication networks that interconnect the World”. [2] The recent incidents of hacking into various popular websites of Yahoo, CNN, Sony, the CBI and the Indian Army raise the very pertinent issue of online data privacy. This blog will examine the growing instances of hacking websites and its impact on data privacy.

Cyber Crime

“Cybercrime is a criminal offence on the Web, a criminal offence regarding the Internet, a violation of law on the Internet, an illegality committed with regard to the Internet, breach of law on the Internet, computer crime, contravention through the Web, corruption regarding Internet, disrupting operations through malevolent programs on the Internet, electric crime, sale of contraband on the Internet, stalking victims on the Internet and theft of identity on the Internet.”[3]

The computer age gave rise to a new field of crime namely “cybercrime” or “computer crime”. During the 1960s and 1970s cybercrime involved physical damage to the consumer system. Gradually computers were attacked using more sophisticated modus operandi where individuals would hack into the operating system to gain access to consumer files. The 1970s - through to the present - saw cybercrimes taking different trajectories like impersonation, credit card frauds, identity theft, and virus attacks, etc.[4]

The IT Act 2000 was enacted by the government to punish such acts of cyber crime. The Act was amended in the year 2008[5].

Cybercrime — An Overview: India

The IT Act 2000 was enacted by the government in 2000 to punish acts of cyber crime. The Act was amended in the year 2008[5]. According to the National Crime Records Bureau, cyber crime is on the rise. The Bureau reported that 420 cases were reported under the IT Act in the year 2009 alone, which was a 45.8 per cent increase from the year 2008. [6] The NCRB data on cyber crime also provides a useful insight as to the growing awareness of the IT Act. The data clearly shows an increase in the number of cases reported from the years 2005 to 2009.[7]. Hacking and obscene [8] publication/transmission are the highest reported crimes with the highest rate of conviction under the IT Act 2008.

Cyber Attack: No One is Safe!!

In February 2000 the many ‘busy’ Internet websites were jammed shut by hackers causing a national upheaval in the USA with the then President Clinton calling in a high level meeting with experts from around the world. Websites like Yahoo.com were forced to shut down for three hours after they were ‘smurfed’ by hackers [9]. Many other websites like Amazon.com and CNN.com were also attacked by the same hackers. Hacking such popular websites within a span of few hours was unprecedented which left many, including the FBI, clueless. By far these are the most serious cyber attacks in the history of Internet. The attacks not only shut down important sites, but also highlighted a very disturbing growing trend. If such popular websites were shut down by unknown perpetrators then how in the world will these and similar sites be able to protect scores of personal data and credit card information of the customers they pledge to serve?

More recently cyber vandals attacked the US Senate website on the 14 June 2011, causing a huge security scare [10]. This instance again brings us to the pertinent question of the safety of our personal data held by these websites. If the personal data of the US Senators can be breached by somebody, then certainly we as consumers should be very wary of the cyberspace and its ability to protect our data.

Closer Home

On June 8, a group claiming to be “anonymous” hacked into the government’s National Information Centre to protest against the anti-graft agitation [11]. The same group was accused of hacking into the Indian Army’s website although no report of data theft was claimed by the government. Last year in December a Pakistani hacker group named Predators PK hacked into various websites including the website of the CBI.[12]

Cyber Crime: Its Implications to Privacy

Internet security has become an important issue. Recent cyber attacks on various important websites has placed many consumers at risk and vulnerable to cyber criminals. The hacking attack on the Sony website on April 16 and 17 led to the theft of 26.4 million SOE (Sony Online Enterprise) Accounts. The criminals even hacked into a 2007 database which held credit and debit card information of 23,400 customers.[13]

Attacks such as these demonstrate the vulnerability of websites, and the possibility of serious harm to a countries economy and security. Furthermore, consumers’ personal data can be used by hackers to extort and blackmail individuals.

The Internet has become a huge stakeholder in facilitating trade and e-commerce, subsequently cyberspace has become a large network of communication and commerce. We carry out a number of tasks on the Internet — from e-shopping and e-ticketing to e-banking. Though the recent attacks on the CBI website, and the Indian Army website did catch some attention from the media, and the government did make some noise about it, the issue slowly faded away. The government cannot seem to protect its own websites which houses sensitive details of national security, but seems confident about putting personal data and biometrics of a billion plus population under the AADHAR scheme [14] onto a web server which can be hacked anytime by almost anybody with a personal computer in China or Pakistan.[15]

Privacy: No More?

Data generated in cyberspace are a fingerprint of an individual which is detailed, processed, and made permanent.[16] The cyberspace generates a blue print of our whole personality as we navigate through a health site, pay our bills, or shop for books at Amazon.com. The data collected by surfing through all these domains creates a fitting profile of who we are. [17] When hackers and cyber vandals steal this very information, it becomes a gross violation of our privacy.

Conclusion

Privacy does not exist in cyber space. The various websites that offer varied services to its consumers fail to protect their personal data time and again. The Sony website including its play station and music website was hacked at least three times this year. Scores of personal data was stolen and the consumers were kept in dark regarding the breach for almost a week. Speaking as a consumer, if a large corporate company like Sony cannot protect its website from being hacked into, it is hard to imagine other websites protecting itself from attacks.

The rise of the Internet has brought with it a new dimension of crime. The IT Act 2000 has brought some reprieve to the aggrieved according to the NCRB. Despite this, the IT Act clearly will not completely deter criminals from hacking into websites, as was demonstrated in the NCRB report. The cyber criminals of the February 2000 cyber attacks have yet to be apprehended and the attacks on various websites have been increasing every year.

Despite progress being made on enacting cyber laws and implementing them, cyber crime is still not nipped in the bud. Governments can do precious little to stop it and only hope that a cyber criminal can be traced back and be punished. Hence, Internet users need to more careful of the sites they visit; know the privacy policy of these websites to protect their personal data as much as possible.

Notes

[1] According to an annual survey conducted by IMRB and Internet and Mobile Association of India for the year 2009 – 2010.

[2] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

[3] http://legal-dictionary.thefreedictionary.com/cybercrime

[4] http://www.mekabay.com/overviews/history.pdf

[5]http://www.cyberlaws.net/itamendments/index1.htm

[6] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[7] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[8] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[9] http://www.pbs.org/newshour/extra/features/jan-june00/hackers_2-17.html

[10] http://in.reuters.com/article/2011/06/14/idINIndia-57677720110614

[11] http://www.thinkdigit.com/General/Anonymous-hacks-Indian-govt-website-to-support_6933.html

[12] http://www.deccanherald.com/content/117901/pakistan-hackers-wage-cyber-war.html

[13] http://mashable.com/2011/05/03/sony-another-hacker-attack/

[14] http://uidai.gov.in/

[15] http://www.securitywatchindia.org.in/selected_Article_Cyber_warfare.aspx

[16] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

[17] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

For more details visit https://cis-india.org/internet-governance/cyber-crime-privacy

Cyber bullying is a crime, but open to interpretation: Expert

praskrishna — 2014-12-07T10:54:32Z

The social media attack on a Doordarshan anchor who made a series of gaffes at the recent Goa film festival would qualify as cyber bullying, experts say, but hasten to add there is not much that can be done to prevent such behaviour online, given the humungous size of the virtual universe.

The article by Neha Alawadhi was published in the Times of India on December 2, 2014. Pranesh Prakash gave his inputs.

The anchor reportedly shut down all her online accounts following the slew of unflattering and personal comments that she was bombarded with after the video of the event went viral and was shared across Facebook, Twitter and YouTube, among other such platforms.

Under Section 66 (A) of the IT Act, 2000, cyber bullying is a bailable offence, punishable with three years of imprisonment and fine. However, the complainant and police can interpret what constitutes offensive behaviour, said cyber law expert Pavan Duggal.

"Just as we don't regulate jeering and taunting of adults when it happens in person, as opposed to a threat of violence, unless there is a special case made out for the harm of online taunting, I don't think there is a case for a legislative response," said Pranesh Prakash, policy director at Bengaluru-based Centre for Internet and Society.

According to a recent report by McAfee, part of Intel Security, half of Indian youths have had some experience with cyber bullying and of these over a third (36%) have been bullied themselves online.

IT and cybersecurity expert Rakshit Tandon recalled the trauma a young professor at one of the top colleges underwent when an old picture of her, from one of her social media accounts, went viral and became the butt of unflattering comments by students. "Once it goes viral, you can't track who is sharing or sending it," he said.

"We don't have one personality anymore," said Adhvith Dhuddu, founder and CEO of digital marketing agency Alive-Now, which handles social and digital for brands online. "We have an offline personality and we have an online personality, and this is true for anyone —whether you are a brand, person, book or a movie," he added.

Several schools, NGOs and individuals are working towards educating children and young people about the dangers of sharing information online, but often find themselves at a loss when confronted with real situations every day.

The approach AliveNow's Dhuddu takes is to "engage first and ban later". He said, "We try to reason with people. We always take any grievance offline, we don't try to solve a grievance online."

For individuals, however, the offline route may be impractical or infeasible. Tandon believes the only way is to "sensitise people", while CIS's Prakash says a person can "block abusive users, set one's account in private mode and just get off such social networks for a while till the situation cools off".

For more details visit https://cis-india.org/internet-governance/news/economic-times-december-2-2014-neha-alawadhi-cyber-bullying-is-a-crime-but-open-to-interpretation

Cyber Appellate Tribunal in Bengaluru

praskrishna — 2012-05-30T05:47:48Z

Bengaluru will be home to the southern chapter of the Cyber Appellate Tribunal (CAT), which will reach out to victims of cyber crime, the state government announced at the Cyber Security Summit here on Tuesday.

Pranesh Prakash is quoted in this article published in the Deccan Herald on May 9, 2012.

But on the other hand, the IT Secretary, who is the state adjudicator, has held in all the cases that he has no jurisdiction to pass orders against the banks and that no complaint can be admitted under Section 43 of the IT Act against any corporate entity.

"The state IT secretary has passed more than 80 orders. They include both cases of phishing and orders against cyber cafes for not adhering to rules under the IT Act. The Adjudicator has held that ‘section 43 of IT Act is not applicable to a body or Corporate’, after the amended IT Act came into force in 2008," said Pranesh Prakash of the Centre for Internet Society "I feel Section 43 has been mis used . The definition given in this section cannot be understood either by lawyers or technical people. If there is a genuine case of phishing and a user has suffered losses over the internet then there should be no ambiguity in passing the order," he said.

For more details visit https://cis-india.org/news/cyber-appellate-tribunal-bengaluru

Cyber 360

praskrishna — 2015-10-14T02:22:27Z

Synergy Foundation organized the Cyber 360 conference in Bangalore on September 29 and 30, 2015. Sunil Abraham participated in the event.

As part of Cyber 360 Degree, a two-day conference on cyber security continuing Wednesday in Bangalore, experts from around the world gathered to discuss global threats to information security, particularly focusing on open wifi, which poses a huge threat to information security. The conference aimed to bring together strategic security practitioners, policymakers, media and business enterprises on a single platform to obtain a 360o perspective on cybersecurity. It was an endeavour to create a holistic security strategy that will help to achieve resilience against modern cyber-threats. A range of keynote presentations and panel discussions will give participants a rare chance to interact and learn from leading cyber security experts and solution providers from around the world.

The Participants

 CEOs, Members of Board and CIOs of more than 60 companies
 Security practitioners
 Policy-makers
 Leading Academia
 International think tanks & media

Download the agenda

For more details visit https://cis-india.org/internet-governance/news/cyber-360

Curating Genderlog India's Twitter handle

Admin — 2019-05-14T14:40:08Z

Shweta Mohandas has been nominated to curate Genderlog's Twitter handle (@genderlogindia).

Shweta Mohandas will be tweeting about topics related to gender and data, more specifically around AI, big data, privacy and surveillance. To view the tweets, click here

For more details visit https://cis-india.org/internet-governance/news/curating-genderlog-indias-twitter-handle

Cultivating India’s Cyber Defense Strategy

Admin — 2019-11-13T14:39:19Z

For more details visit https://cis-india.org/internet-governance/files/cultivating-india2019s-cyber-defense-strategy

Cryptocurrency Regulation in India – A brief history

vipul — 2020-03-05T18:36:09Z

In March 2020, the Supreme Court of India quashed the RBI order passed in 2018 that banned financial services firms from trading in virtual currency or cryptocurrency. Keeping this policy window in mind, the Centre for Internet & Society will be releasing a series of blog posts and policy briefs on cryptocurrency regulation in India

The story of cryptocurrencies started in 2008 when a paper titled “Bitcoin: A Peer to Peer Electronic Cash System” was published by a single or group of pseudonymous developer(s) by the name of Satoshi Nakamoto. The actual network took some time to start with the first transactions taking place only in January 2009. The first actual sale of an item using Bitcoin took place a year later with a user swapping 10,000 Bitcoin for two pizzas in 2010, which attached a cash value to the cryptocurrency for the first time. By 2011 other cryptocurrencies began to emerge, with Litecoin, Namecoin and Swiftcoin all making their debut. Meanwhile, Bitcoin the cryptocurrency that started it all started getting criticised after claims emerged that it was being used on the so-called “dark web”, particularly on sites such as Silk Road as a means of payment for illegal transactions. Over the next five years cryptocurrencies steadily gained traction with increased number of transactions and the price of Bitcoin, the most popular cryptocurrency shot up from around 5 Dollars in the beginning of 2012 to almost 1000 Dollars at the end of 2017.

Riding on the back of this wave of popularity, a number of cryptocurrency exchanges started operating in India between 2012 and 2017 providing much needed depth and volume to the Indian cryptocurrency market. These included popular exchanges such as Zebpay, Coinsecure, Unocoin, Koinex, Pocket Bits and Bitxoxo. With the price of cryptocurrencies shooting up and because of its increased popularity and adoption by users outside of its traditional cult following, regulators worldwide began to take notice of this new technology; in India the RBI issued a Press Release cautioning the public against dealing in virtual currencies including Bitcoin way back in 2013. However, the transaction volumes and adoption of cryptocurrencies in India really picked up in earnest only after the demonetisation of high value currency notes in November of 2016, with the government’s emphasis on digital payments leading to alternatives to traditional online banking such as cryptocurrencies forcing their way into the public consciousness. Indian cryptocurrency exchanges started acquiring users at a much higher pace which drove up volume for cryptocurrency transactions on all Indian exchanges. The growing popularity of cryptocurrencies and its adoption by large numbers of Indian users forced the RBI to issue another Press Release in February 2017 reiterating its concerns regarding cryptocurrencies raised in its earlier Press Release of 2013.

In October and November, 2017 two Public Interest Petitions were filed in the Supreme Court of India, one by Siddharth Dalmia and another by Dwaipayan Bhowmick, the former asking the Supreme Court to restrict the sale and purchase of cryptocurrencies in India, and the latter asking for cryptocurrencies in India to be regulated. Both the petitions are currently pending in the Supreme Court.

In November, 2017 the Government of India constituted a high level Inter-ministerial Committee under the chairmanship of Shri Subhash Chandra Garg, Secretary, Department of Economic Affairs, Ministry of Finance and comprising of Shri Ajay Prakash Sawhney (Secretary, Ministry of Electronics and Information Technology), Shri Ajay Tyagi (Chairman, Securities and Exchange Board of India) and Shri B.P. Kanungo (Deputy Governor, Reserve Bank of India). The mandate of the Committee was to study various issues pertaining to Virtual Currencies and to propose specific actions that may be taken in relation thereto. This Committee submitted its report in July of 2019 recommending a ban on private cryptocurrencies in India.

In December 2017 both the RBI as well as the Ministry of Finance issued Press releases cautioning the general public about the dangers and risks associated with cryptocurrencies, with the Ministry of Finance Press Release saying that cryptocurrencies are like ponzi schemes and also declaring that they are not currencies or coins. It should be mentioned here that till the end of March 2018, the RBI and the Finance Ministry had issued various Press Releases on cryptocurrencies cautioning people against their risks, however none of them ever took any legal action or gave any enforceable directions against cryptocurrencies. All of this changed with the RBI circular dated April 6, 2018 whereby the RBI prevented Commercial and Co-operative Banks, Payments Banks, Small Finance Banks, NBFCs, and Payment System Providers not only from dealing in virtual currencies themselves but also directing them to stop providing services to all entities which deal with virtual currencies.

The effect of the circular was that cryptocurrency exchanges, which relied on normal banking channels for sending and receiving money to and from their users, could not access any banking services within India. This essentially crippled their business operations since converting cash to cryptocurrencies and vice versa was an essential part of their operations. Even pure cryptocurrency exchanges which did not deal in fiat currency, were unable to carry out their regular operations such as paying for office space, staff salaries, server space, vendor payments, etc. without access to banking services.

As a the operations of cryptocurrency exchanges took a severe hit and the number of transactions on these exchanges reduced substantially. People who had bought cryptocurrencies on these exchanges as an investment were forced to sell their crypto assets and cash out before they lost access to banking facilities. The cryptocurrency exchanges themselves found it hard to sustain operations in the face of the dual hit of reduced transaction volumes and loss of access banking services. Faced with such an existential threat, a number of exchanges who were members of the Internet and Mobile Association of India (IMAI), filed a writ petition in the Supreme Court on May 15, 2018 titled Internet and Mobile Association of India v. Reserve Bank of India, the final arguments in which were heard by the Supreme Court of India in January, 2020 and the judgment is awaited. If the Supreme Court agrees with the arguments of the petitioners, then cryptocurrency exchanges would be able to restart operations in India; as a result the cryptocurrency ecosystem in India may be revived and cryptocurrencies may become a viable investment alternative again.

For more details visit https://cis-india.org/internet-governance/blog/cryptocurrency-regulation-in-india-2013-a-brief-history