We are anonymous, we are legion

Is the new ‘interception’ order old wine in a new bottle?

Elonnai Hickok, Vipul Kharbanda, Shweta Mohandas and Pranav M. Bidare — 2018-12-29T16:02:00Z

The government could always authorise intelligence agencies to intercept and monitor communications, but the lack of clarity is problematic.

An opinion piece co-authored by Elonnai Hickok, Vipul Kharbanda, Shweta Mohandas and Pranav M. Bidare was published in Newslaundry.com on December 27, 2018.

On December 20, 2018, through an order issued by the Ministry of Home Affairs (MHA), 10 security agencies—including the Intelligence Bureau, the Central Bureau of Investigation, the Enforcement Directorate and the National Investigation Agency—were listed as the intelligence agencies in India with the power to intercept, monitor and decrypt "any information" generated, transmitted, received, or stored in any computer under Rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, framed under section 69(1) of the IT Act.

On December 21, the Press Information Bureau published a press release providing clarifications to the previous day’s order. It said the notification served to merely reaffirm the existing powers delegated to the 10 agencies and that no new powers were conferred on them. Additionally, the release also stated that “adequate safeguards” in the IT Act and in the Telegraph Act to regulate these agencies’ powers.

Presumably, these safeguards refer to the Review Committee constituted to review orders of interception and the prior approval needed by the Competent Authority—in this case, the secretary in the Ministry of Home Affairs in the case of the Central government and the secretary in charge of the Home Department in the case of the State government.

As noted in the press release, the government has always had the power to authorise intelligence agencies to submit requests to carry out the interception, decryption, and monitoring of communications, under Rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, framed under section 69(1) of the IT Act.

When considering the implications of this notification, it is important to look at it in the larger framework of India’s surveillance regime, which is made up of a set of provisions found across multiple laws and operating licenses with differing standards and surveillance capabilities.

- Section 5(2) of the Indian Telegraph Act, 1885 allows the government (or an empowered authority) to intercept or detain transmitted information on the grounds of a public emergency, or in the interest of public safety if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence. This is supplemented by Rule 419A of the Indian Telegraph Rules, 1951, which gives further directions for the interception of these messages.

- Condition 42 of the Unified Licence for Access Services, mandates that every telecom service provider must facilitate the application of the Indian Telegraph Act. Condition 42.2 specifically mandates that the license holders must comply with Section 5 of the same Act.

- Section 69(1) of the Information Technology Act and associated Rules allows for the interception, monitoring, and decryption of information stored or transmitted through any computer resource if it is found to be necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence.

- Section 69B of the Information Technology Act and associated Rules empowers the Centre to authorise any agency of the government to monitor and collect traffic data “to enhance cyber security, and for identification, analysis, and prevention of intrusion, or spread of computer contaminant in the country”.

- Section 92 of the CrPc allows for a Magistrate or Court to order access to call record details.

Notably, a key difference between the IT Act and the Telegraph Act in the context of interception is that the Telegraph Act permits interception for preventing incitement to the commission of an offence on the condition of public emergency or in the interest of public safety while the IT Act permits interception, monitoring, and decryption of any cognizable offence relating to above or for investigation of any offence. Technically, this difference in surveillance capabilities and grounds for interception could mean that different intelligence agencies would be authorized to carry out respective surveillance capabilities under each statute. Though the Telegraph Act and the associated Rule 419A do not contain an equivalent to Rule 4—nine Central Government agencies and one State Government agency have previously been authorized under the Act. The Central Government agencies authorised under the Telegraph Act are the same as the ones mentioned in the December 20 notification with the following differences:

- Under the Telegraph Act, the Research and Analysis Wing (RAW) has the authority to intercept. However, the 2018 notification more specifically empowers the Cabinet Secretariat of RAW to issue requests for interception under the IT Act.

- Under the Telegraph Act, the Director General of Police, of concerned state/Commissioner of Police, Delhi for Delhi Metro City Service Area, has the authority to intercept. However, the 2018 notification specifically authorises the Commissioner of Police, New Delhi with the power to issue requests for interception.

That said, the IT (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009 under 69B of the IT Act contain a provision similar to Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 - allowing the government to authorize agencies that can monitor and collect traffic data. In 2016, the Central Government authorised the Indian Computer Emergency Response Team to monitor and collect traffic data, or information generated, transmitted, received, or stored in any computer resource. This was an exercise of the power conferred upon the Central Government by Section 69B(1) of the IT Act. However, this notification does not reference Rule 4 of the IT Rules, thus it is unclear if a similar notification has been issued under Rule 4.

While it is accurate that the order does not confer new powers, areas of concern that existed with India’s surveillance regime continue to remain including the question of whether 69(1) and 69B and associated Rules are constitutionally valid, the lack of transparency by the government and the prohibition of transparency by service providers, heavy handed penalties on service providers for non-compliance, and a lack of legal backing and oversight mechanisms for intelligence agencies. Some of these could be addressed if the draft Data Protection Bill 2018 is enacted and the Puttaswamy Judgement fully implemented.

Conclusion

The MHA’s order and the press release thereafter have served to publicise and provide needed clarity with respect to the powers vested in which intelligence agencies in India under section 69(1) of the IT Act. This was previously unclear and could have posed a challenge to ensuring oversight and accountability of actions taken by intelligence agencies issuing requests under section 69(1) .

The publishing of the list has subsequently served to raise questions and create a debate about key issues concerning privacy, surveillance and state overreach. On December 24, the order was challenged by advocate ML Sharma on the grounds of it being illegal, unconstitutional and contrary to public interest. Sharma in his contention also stated the need for the order to be tested on the basis of the right to privacy established by the Supreme Court in Puttaswamy which laid out the test of necessity, legality, and proportionality. According to this test, any law that encroaches upon the privacy of the individual will have to be justified in the context of the right to life under Article 21.

But there are also other questions that exist. India has multiple laws enabling its surveillance regime and though this notification clarifies which intelligence agencies can intercept under the IT Act, it is still seemingly unclear which intelligence agencies can monitor and collect traffic data under the 69B Rules. It is also unclear what this order means for past interceptions that have taken place by agencies on this list or agencies outside of this list under section 69(1) and associated Rules of the IT Act. Will these past interceptions possess the same evidentiary value as interceptions made by the authorised agencies in the order?

For more details visit https://cis-india.org/internet-governance/blog/newslaundry-elonnai-hickok-vipul-kharbanda-shweta-mohandas-and-pranav-bidare-december-27-2018-is-the-new-interception-order-old-wine-in-a-new-bottle

Is the govt caught in the 'censorship' web?

praskrishna — 2012-09-04T06:54:25Z

NDTV aired a one-hour debate on censorship in "We the People" episode hosted by Barkha Dutt on August 26, 2012. Pranesh Prakash participated in the discussions as a speaker.

Pranesh Prakash responded to Barkha Dutt's question on what does a government do in a time of social unrest:

"I think in a time of social unrest there is leeway provided in laws for the government to take action. The law existing and the law allowing for it is a very different matter from the government actually making use of it. There are as shown in the United Kingdom, much better ways of combating situations of riots. As we have seen in India for instance, there are people who provoke riots from podiums yet don't get arrested and as we have seen in the UK, there are people who take part in riots and have been punished a great deal."

Video

See the full debate on NDTV

For more details visit https://cis-india.org/news/www-ndtv-com-we-the-people-aug-26-2012-is-the-govt-caught-in-the-censorship-web

Is the govt bid to regulate content on the Internet a good thing?

praskrishna — 2011-12-08T07:12:24Z

The recent move by Union Minister Kapil Sibal to engage leading Internet platform providers like Google, Facebook, etc in regulating content has seen netizens react in different manners. The question of freedom of expression vis-a-vis objectionable content has come to the fore. Pranesh Prakash who deals with such issues on a regular basis at the Centre for Internet and Society was answering questions (more like comments) live on CNN-IBN's chat feature on December 7, 2011.

Q: OK... then how about this... People report abuse against a page...and after some hits that report will go to the governmental organization, and they will decide on what action to take... this may include hiring of some IT services company to do that and gives more employment to people too. Anyways thanks for replying to my questions.

Asked by: Tilak Kamath

A: How about just approaching courts, who are in a far better position to judge what is legal and what is illegal under Indian law than any IT services company or government organization.

Q: Suppose a group of rabble rousers does indeed use a forum and become violent, (the group being identifiable) would the state have the right to ask the forum to be discontinued?

Asked by: Zeus

A: Of course (if what you meant is 'the right to ask the forum to remove the violence-inciting content'). Indeed, this is how ultra-left wing and ultra-right wing publications that advocate violence (which is an imminent threat) are proscribed in India. And the same laws already apply for online fora. But just as you wouldn't ban a newspaper like DNA for carrying an offensive article (such as the anti-Muslim screed written by Subramanian Swamy a few months back), and just as the postal service wouldn't be discontinued for carrying Maoist letters, a forum shouldn't be banned for offensive content. There is no need for a new 'self-regulation code', since the 'report abuse' links found on many of these sites are exactly that: self-regulation.

Q: Article 19(2) of our constitution places arbitrary and subjective restrictions on free speech - public order, decency, morality are all subjective, according to the whims and fancies of those who are in control. Aren't you concerned this is going down the exact path (ignoring that this is impractical to begin with)?

Asked by: Karunakaran

A: No, because there is a rich jurisprudence laid down by the Supreme Court of what is and what isn't a "reasonable restriction". While I do believe that our Constitution does go beyond what the International Covenant on Civil and Political Rights (to which India is a signatory) allows for, Article 19(2)'s interpretation by the Supreme Court and the High Courts have been very progressive for the most part.

Q: The government has a mandate to govern and keep the society in harmony and take care of law & order... If no check on the expressions of netizens the chances of a spark generating debate can escalate to violence given the extremism we see today. The media in print as well as electronic we know & see does it's CENSORING, calling it as editing and publishing only what it likes and wants.This style is for all including CNN-IBN.The difference is in media, the EDITOR gets responsible in case of offensive or blashphemous material gets published. Social network the responsibility seems missing. Freedom always needs to be enjoyed with discipline. How do you the minority indisciplined netizens, who are there and no denying on that ?

Asked by: sundar1950in

A: I believe that killing speech is not the right way to prevent violence. Indeed, a newspaper editor in the Maldives recently noted that they have had less violence committed against the newspaper office ever since they allowed for online comments. Speech often allows people to vent out violence instead of acting it out. Violence should be curbed by reining in those who're committing it, and those who're inciting it on the ground. At any rate, the laws that apply to inciting violence in print apply to the Web also, and no new rules need to be drafted.

Q: Thanks for the information on the report abuse button. but can't we have a Governmental agency regulating websites like FB or Google... they can't say no, cos India is a Huge market for such companies.. and why don't we find many ultra offensive posts about the U.S. or other countries, as we find for Indians..

Asked by: Tilak Kamath

A: That would be a very bad idea. Governments don't have a regulatory agency to dictate what letters post-offices shouldn't carry, nor what articles newspapers shouldn't publish. They should definitely not have a regulatory agency dictate what status updates Facebook or Google+ should and shouldn't carry. You don't find ultra-offensive posts about the U.S. because you aren't looking around. They're *everywhere*, even more so than those that bad-mouth India. Yet, such offensive speech is the price we have to pay (gladly, I should add) for democracy and the freedom of speech.

Q: The idea to ban any post on something that would lead to communal strike is fine however, I feel this is not the intention. The intention is clearly political and due to the Anna movement becoming popular thanks to the posts on the internet as also certain remarks on the Gandhi family in particular and Congress leaders specifically has led to this decision. Kapil Sibal is a smart alec and he knows that this can be used against any adverse comments against them.

Asked by: Arun

A: I am less suspicious of Mr. Sibal. I believe, especially after speaking with some senior lawyer friends of his, that he genuinely believes what he is doing to be required and legal and constitutional, and not for the appeasement of one or two Congress leaders. That, however, does not make his suggested solution correct. Multiple High Courts' decisions have held otherwise, and the Supreme Court's decision in Ajay Goswami v. Union of India also provides them support.

Q: One best possible thing is to advertise the Report Abuse button on the Internet, don't you think so? again there should be proper authentication to do so to avoid miscreants blocking some good pages unnecessarily.

Asked by: Tilak Kamath

A: I believe that the "Report Abuse" option available on most large social media and social network websites is useful, but it is also potentially dangerous since it allows a private party (such as Facebook or Google), rather than a court, to dictate what content is and isn't acceptable, to the possible detriment of larger society.

Q: Good evening sir, my question is that it is legal to pre-screen the private data of users by sites and to interfere between their privacy.

Asked by: Shrey Goswami

A: Whether this proposal by Shri Sibal necessarily involves an invasion of privacy is an open question, since the details of the proposal as as yet not fully sketched out. On Google Plus and Facebook, one can restrictedly share information. Will such restricted sharing also have to be pre-screened, or only information that is going to be available to all members of the public? The proposal still consists only of press articles and a press conference held by the Minister. Even assuming it only require pre-screening of information that is going to be publicly accessible, it imposes too high a burden on intermediaries, and is impractical. And, as you might be aware, only very limited pre-censorship is allowed in India, and such a general requirement of pre-censorship does not seem to be constitutional, in my opinion.

Q: Yes, we were browsing FB yesterday and some content in there, could not be opened in front of my children. So Content is not always good, and there must be some kind of screening. Again, the current trend in India, to think that whatever the government does is not at all a good one. Governing must be left to government and not to news channels/civil society, etc. This looks dangerous, and sad no one is realising this.

Asked by: Narayanan S

A: Perhaps I should allow former Supreme Court Justice Hidyatullah's words speak for themselves: "Our standards must be so framed that we are not reduced to a level where the protection of the least capable and the most depraved amongst us determines what the morally healthy cannot view or read." - Justice Hidyatullah in K.A. Abbas v. Union of India. In the Janhit Manch case, the Bombay High Court held: "By the present petition what the petition seeks is that this court which is a protector of free speech to the citizens of this country, should interfere and direct the respondents to make a coordinated and sustained effort to close down the websites as aforestated. Once Parliament in its wisdom has enacted a law and has provided for the punishment for breach of that law any citizen of this country including the Petitioner who is aggrieved against any action on the part of any other person which may amount to an offence has a right to approach the appropriate forum and lodge a complaint upon which the action can be taken if an offence is disclosed. Court in such matters, the guardians of the freedom of speech, and more so a constitutional court should not embark on an exercise to direct State Authorities to monitor websites. If such an exercise is done, then a party aggrieved, depending on the sensibilities of persons whose view may differ on what is morally degrading or prurient will be sitting in judgment, even before the aggrieved person can lead his evidence and a competent court decides the issue. The Legislature having enacted the law a person aggrieved may file a complaint."

Q: Kapil Sibal has not been able to give conviction to objectionable content as social unrest can't take place through web and it needs well oiled machinery and as far as using offensive language against politicians is concerned it won't be curtailed through web and it will require better self regulation among politicians rather than being irresponsible

Asked by: Rij

A: I agree completely.

Q: Do you feel that Government (Congress in particular ) is trying to impose restrictions on social media to stifle the peoples anger against the Government and its leaders due to various scams and corruption?

Asked by: Santosh

A: No. I am taking Mr. Sibal's words at face value, that what they are trying to prevent is hate speech, inciting speech. Still, the means of doing so are undemocratic, ignorant of how the Internet functions, and liable to have very harmful consequences on our polity.

Q: Are our laws going to be like those in gulf countries with respect to censorship? In the name of communal messages, is there a motive to censor something else?

Asked by: Gaurav

A: It doesn't matter what the 'ulterior motive' is, and I'm not sure there is one. The touchstone should should be that of our Constitution and Article 19(1)(a), which guarantees freedom of speech and expression with the Article 19(2) laying down the reasons for which reasonable restrictions can be laid down. And in many ways our laws are worse than those in Saudi Arabia. There at least when a website is blocked or content removed the public is notified when they try and access the content. In India, there is no such notification.

Q: Is this being done as the politicians on the whole and congressmen in particular are not upon notwithstanding how true the comment is. Is it particular so when they are charry if any adverse comment is made on the Gandhis. All these politicians who have opted for public life need to be open for adverse comments as they are in the public limelight and or it is their privilege.

Asked by: Arun

A: The examples being cited by Kapil Sibal are of harming religious sentiments and inciting hatred. Be that as it may, even if the content deserves to be removed—and I can't comment until I see the content he finds offensive—doing so by mandating pre-censorship by intermediaries with liability fixed on them otherwise is a wrong way of going about it.

* The chat is over. Read the original published in IBN Live Chat here

For more details visit https://cis-india.org/news/ibn-live-chat-with-pranesh

Is Privacy Obsolete?

Admin — 2018-06-23T05:01:21Z

Pranesh Prakash was a panelist at this event organized by TERI in Bangalore on June 22, 2018.

For more details visit https://cis-india.org/internet-governance/news/is-privacy-obsolete

Is India's government becoming Big Brother?

praskrishna — 2013-06-05T09:39:53Z

India's new Central Monitoring System will give officials unprecedented access to calls, texts, and online activity.

The blog post by Talia Ralph and Jason Overdorf was published in Global Post on May 9, 2013. Pranesh Prakash is quoted.

The government has quietly started putting into place its new Central Monitoring System, a project that will give it access to its citizens' telephone calls, texts, and online activities.

The system, in development since 2009, will enable state agencies to monitor all digital interactions, the Times of India reported.

Work on CMS has been kept quiet for the past few years, although the newspaper reported that several government agencies ordered specialized equipment and systems for monitoring telecommunications.

India's government has steadily been increasing its access to telecommunications since the 2008 Mumbai bombings to help track militants and illegal activities.

The country — one of the world's fastest-growing internet markets — enacted its information technology law in 2000, and amended it twice, in 2008 and again in 2011.

As PCWorld described the new system,

The CMS will have central and regional databases to help central and state-level enforcement agencies intercept and monitor communications, the government said. It will also have direct electronic provisioning of target numbers by government agencies without any intervention from telecom service providers, it added. It will also feature analysis of call data records and data mining of these records to identify call details, location details, and other information of the target numbers.

Internet freedom activists and privacy experts worry the project offers far too much access to citizens' communications. They say official agencies allegedly misused and leaked tapped phone conversations, while the government has sought to quash dissent and silence critics on the internet under the guise of preventing hate speech.

"In the absence of a strong privacy law that promotes transparency about surveillance and thus allows us to judge the utility of the surveillance, this kind of development is very worrisome," Pranesh Prakash, the director of policy at the Center for Internet and Society, told the Times of India.

"Further, this has been done with neither public nor parliamentary dialog, making the government unaccountable to its citizens," he added.

The government last year blocked mobile phones and shut down social media sites ostensibly to prevent communal riots, but in the process blocked some 16 Twitter handles known to be critical of the government.

Critics of the CMS movement wrote a blog post arguing that the Indian government wants to use the law to censor "hate speeches and government criticism."

"We know the government today hates public criticizing it," the group Stop ICMS wrote on their blog. "The recent arrests of people for tweeting or posting on Facebook has proved that. Govt. does not like criticism that can be seen by everyone on the Internet."

The CMS program is in place in a "preliminary state" right now, with the full version expected to be in place by August 2014.

For more details visit https://cis-india.org/news/global-post-talia-ralph-jason-overdorf-may-9-2013-is-indias-govt-becoming-big-brother

Is India the next frontier for Facebook?

praskrishna — 2014-11-05T00:43:00Z

Pushing to bring hundreds of millions of Indians into the online world, Facebook founder Mark Zuckerberg on Thursday called for expanding his pet project to provide free mobile Internet for developing countries into India.

The article by Rama Lakshmi was published in Washington Post on October 9, 2014. Sunil Abraham was one of the signatories.

Zuckerberg, 30, the billionaire founder of the Facebook empire, arrives in India at a time when Facebook is losing its luster among American teens, but India’s vast market has yet to be fully tapped. A democratic country with a growing economy like India’s, with 1.2 billion people, two-thirds of whom are under the age of 35, is a market the company cannot afford to ignore.

India has the third-largest population of Internet users in the world at 205 million now, ranking after the United States and China. Yet the majority of its rural poor don’t have Internet access, and less than a tenth of its people, about 100 million, are on Facebook.

“Connectivity can’t be restricted to just the rich and powerful,” Zuckerberg said at a conference on connectivity in New Delhi. Rather, he said, it’s a basic “human right.”

Zuckerberg hopes to use his Internet.org connectivity initiative, which he started with a handful of other tech companies in 2013, to expand Indians’ online footprint and promote Facebook. He said the program will set aside $1 million to help develop local language apps for farmers, women and students in developing countries, including India.

In the past year, Zuckerberg said, Internet.org helped nearly 3 million people around the world gain access to the Internet and Facebook by working with cellphone operators in Indonesia, the Philippines, Paraguay, Tanzania and Zambia. In those countries, cellphone users signed up for data plans that included free but limited access to health and job information, Wikipedia, Google — and, of course, Facebook.

About 4.4 billion people in the world have no access to the Internet, and “the offline population is . . . disproportionately rural, low income, elderly, illiterate, and female,” said a report by McKinsey and Facebook. Countries such as Egypt, India and Indonesia face the greatest challenges with respect to incentives and infrastructure, the report said.

“It took 10 years for India to touch 100 million Internet users, but it grew to 200 million in just the last two years,” said Subho Roy, president of the Internet and Mobile Association of India. There are 930 million cellphone users in India today. “Cellphones have acted as the primary driver pushing Internet usage in the last two years,” Roy said.

Researchers note that new users’ first experience on the Internet is often on Facebook.

The free basic services that Facebook has promoted in different countries help cellphone users “to experience the Internet, use some things, to understand why it would be valuable for them and get exposure to other services that they might over time want to pay for,” Zuckerberg said.

But many critics say that commerce is driving Zuckerberg’s push for connectivity rather than philanthropy. They say many new users may not pay for wider Web access and that can create entrenched monopolies for companies like Facebook and Google.

“You are allowing people to roam the walled garden of Internet for free. But if they don’t pay to use unlimited Web access, you are also creating monopolies and blocking competition in the Internet space,” said Sunil Abraham, executive director of the Center for Internet and Society in Bangalore. “But in India, we are so hungry for Internet access that we cannot afford to look a gift horse in the mouth. Until India builds physical Internet infrastructure, this will help us in the short term to get connected.”

Zuckerberg said cellphone operators are free to choose which services they want to include in the package: “There is no rule that says that Facebook or any other company has to be included in this. All we are saying is that this is a model that works to get more people on the Internet.”

And Facebook’s India push is not all about chasing numbers, Zuckerberg said.

“The sheer numbers are obviously a very important part of it,” he said. “If you can do it in a country like India, you are improving hundreds of millions, or maybe a billion, people’s lives, whereas doing it in almost any other country, you wouldn’t be able to have that impact.”

India’s new prime minister, Narendra Modi, a user of social media, has set an ambitious target of building a broadband highway connecting 250,000 village councils across the country in the next three years. Zuckerberg said he will meet Modi on Friday to “see how Facebook can help” in India’s new connectivity drive.

For more details visit https://cis-india.org/internet-governance/news/washington-post-october-9-2014-rama-lakshmi-is-india-the-next-frontier-for-facebook

Is India Prepared for a Cyber Attack? Suckfly And Other Past Responses Say No

praskrishna — 2016-09-22T00:57:02Z

From mandatory disclosures to improving CERT-IN’s functioning and transparency, there is much to be done in the event of future cyber attacks.

The article by Sushil Kambampati was published in the Wire on September 21, 2016. Pranesh Prakash was quoted.

In early September, details about India’s top secret Scorpene submarine program were published online. This presumed data breach brought the issue of cyber security into the headlines.

However, earlier this year, news of potentially catastrophic breaches of Indian networks barely made a blip. On May 17, the cyber-security firm Symantec stated in a blog post that it had traced breaches of several Indian organisations to a cyber-espionage group called Suckfly. The targeted systems belonged to the central government, a large financial institution, a vendor to the largest stock exchange and an e-commerce company. The espionage activity began in April 2014 and continued through 2015, Symantec said. Based on the targets that were penetrated, Symantec speculated that the espionage was targeted at the economic infrastructure of India. Such allegations should be ringing alarm bells inside the government and amongst private businesses across the country. And yet, from the official public response, one would think nothing was amiss.

A week later, another cyber-security firm, Kaspersky Lab, announced that it too had tracked at least one cyberespionage group, called Danti, that had penetrated Indian government systems through India’s diplomatic entities.

Breaches of corporate and government networks are nothing new. Usually, these breaches come to light if the perpetrators reveal the attack, the target of the attack discloses the breach, or because the leaked data shows up on the Internet. The Suckfly and Danti breaches are unusual because they were reported by a third party while the targets (in this case, Indian organisations and the government) themselves have remained silent. The breaches reported by Symantec and Kaspersky of Indian organisations received tepid coverage in India. A few news organisations published the same wire story that basically rewrote information in the original posts, but there was very little follow-up as there was not much follow-up investigation to determine the targets or an analysis to gauge how much damage the leaks could cause.

Part of the reason there was no fallout may have to do with the reluctance of the parties involved to provide information. Symantec, in response to multiple requests for more details, kept referring to the original blog post. The government made no statement either confirming or denying the report. Several banks, e-commerce companies and government agencies were asked whether they were aware of Suckfly, whether they had been breached by the organisation and whether Symantec had contacted them. Only Yatra, Axis Bank and Flipkart responded, denying that they had been penetrated by Suckfly. The National Stock Exchange also said it had not been penetrated, although the questions asked were about whether any of the stock exchange’s vendors had been penetrated and if they had been, whether the NSE knew about such a breach.

This collective lack of response across the board indicates a mindset that shows unpreparedness for the cyber threats that are very real, existent and ongoing. Compare the Suckfly reaction to the threat of a terrorist infiltration. In that scenario, the government goes on high alert, resources are mobilised and the public is warned. The government then tries to identify the threat and stop it from doing any harm. Citizens demand that in the future the government take proactive steps to catch infiltrators and prevent any future threats.

Weak government response

One method that Suckfly uses to gain access, according to Symantec, is by signing its malware with stolen digital certificates. This is the same method that was used to infect and sabotage the Iranian nuclear centrifuges with the Stuxnet virus, so the potential for harm of these breaches cannot be understated. Several security experts confirmed the plausibility of such doomsday scenarios as two-factor authentication being turned off for credit card transactions, unauthorised money transfers, leakage of credit card details, stolen password hashes or personal information, massive numbers of fake e-commerce orders and the manipulation of the stock exchange.

All the targets taken together, the potential for economic damage that the Suckfly breach poses is immense. If another country or malevolent group wanted to wreak havoc in India, it could trigger banking panic by emptying accounts or a stock-market collapse by dumping stocks at fractional values.

Even more disturbing, though, is that if a foreign entity has access to government networks, it has the potential to collect passwords to critical systems using key-loggers and password scanners. From there the entity could steal national security data, disrupt control systems of electrical grids or nuclear facilities and gain access to everything the government knows about its citizens, including personal details, financial information and identity information. On an only slightly less dangerous level, the central bank’s funds could be stolen, like the recent attempt to heist $800 million from the central bank of Bangladesh.

A report on risks facing India, published in August by KPMG and the Confederation of Indian Industry said: “While traditionally cyber attacks were largely used for causing financial and reputational loss, today they have  a potential of posing a threat to human life. While the perpetrators behind these attacks traditionally were a few challenge loving ‘hackers’ with unbridled curiosity, we see an increasing number of state sponsored cyber terrorists and organised criminals behind the attacks today.”

In light of such serious threats, the government needs to take more action to mitigate the threat and reassure the public that it is on top of the situation. Reports of encounters between the armed forces and alleged terrorists are frequently relayed to the press. Similarly, the National Informatics Centre (NIC) or its parent organisation, the Department of Electronics and Information Technology, needs to make a public statement when breaches of government systems or of private organisations at this scale come to light. The investigative agencies need to open an enquiry into the matter.

In the Suckfly case, it took a right-to-information query from this author to get a response from the NIC. In the response, the NIC stated that it was unaware of any breach of its systems by Suckfly, that it did not use Symantec’s services and that Symantec had not notified NIC of any breach. Of course, the response also raises many more questions, which could be asked if the government took an attitude of openness and disclosure.

The government also needs to step up its efforts of identifying and neutralising the threat. The Indian government’s Computer Emergency Response Team (CERT-IN) is responsible, according to its website, for “responding to computer security incidents as and when they occur” and also collecting information on and issuing “guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.” Yet, as of September 12, its website does not mention the Backdoor.Nidoran exploit which Suckfly allegedly used to gain access during at least one of its attacks. The CVE-2015-2545 vulnerability that Danti used, according to Kaspersky, is also unlisted. Any organisation or person relying on CERT-IN to get notifications of vulnerabilities would be in the dark and exposed to a breach.

CERT-IN is a perfect example of where the government could really do so much more, starting with some very basic things. For example, by design, contact e-mail addresses listed on the site cannot be clicked on or copied, and so have to be retyped. Such a measure would barely stop even a novice hacker. E-mail messages sent to one of the contact email address bounce back. While it laudably posts its e-mail encryption hash on its contact page, one of the identifiers does not match what is registered in the public KeyStores (usually that would be a sign of a hack). Most glaringly, anyone searching for information on a vulnerability on the site will have to click in and out of every document because the site does not have a search function. Collectively, these flaws give the impression that while the government has thought about cyber-security, it is not putting enough resources and effort into making that a credible initiative.

The government’s regulatory agencies also need to get into the fray. For example, one of the organisations that Suckfly allegedly breached is a large financial institution. It makes sense, therefore that the Reserve Bank of India (RBI), which oversees all financial institutions, should make it mandatory that a bank notify the RBI whenever there is a security breach. The RBI did just that in a notification issued on June 2, 2016, after the Suckfly breach. However, the notification does not address the need to inform the public. The RBI itself also needs to be more forthcoming. In the Suckfly instance the RBI has not made any statements about whether financial institutions under its supervision are secure. It took an RTI query to get a statement from the RBI, and there it responded that it had no information on the matter.

The Securities and Exchange Board of India (SEBI), which oversees the country’s stock exchanges, initially did not respond directly as to whether it knew of the breach at any IT firm that supplies an Indian stock exchange. However, SEBI reacted to an RTI query by asking all the stock exchanges under its mantle to verify with each of their IT vendors whether there had been any breach. They all denied it. If any of them are being untruthful, they have made a false statement to SEBI. However, if taken at their word, the public can take comfort in the fact that the stock market was not compromised by this attack.

SEBI also issued a cyber-security policy framework for its stock exchanges in July 2015, around the time when Suckfly may have been actively attacking systems. Where the RBI asks financial institutions to report breaches within six hours of detection, SEBI requires the reports to be quarterly. Given how fast information travels and how many transactions can be done in mere minutes, that seems like too much time for SEBI to take any effective action. SEBI’s policy also does not address the need to inform the public.

What is needed is a coordinated, comprehensive and unified policy that applies to stock exchanges, financial institutions, government organisations and private companies. It doesn’t matter from where the data is being stolen, what matters is how quickly the organisation learns of it and lets people know so that they too can take any action they need to.

Right or wrong?

The across-the-board denials of any breach raise the question whether Symantec was mistaken. Skeptics could even wonder whether the company exaggerated the situation to increase sales of its products and services. For its part, Symantec refuses to provide any further information about the breach beyond what is in its initial post; crucial information in this regard would include more forensic details, which could identify whether the breach actually took place. Symantec also would not confirm whether it had notified the targets of the attacks, though the government says it has not been alerted by Symantec.

On the other hand, according to Sastry Tumuluri, a former Chief Information Security Officer for the state of Haryana, Symantec probably did correctly identify the breaches. Symantec collects vast amounts of information at every point where it has a presence, such as on individual computers, at internet interconnection points and web hosts globally. All that data can give a fairly accurate and reliable indication of systems being penetrated. Depending on their capabilities and level of sophistication, the target organisations could also truthfully say that they have not detected a breach.

If Symantec’s is correct in conjecturing that the Suckfly breach targeted India’s economic sector, its lack of further action is disturbing. India is one of the world’s ten largest economies and instability here would have ripple effects globally. Then there is the potential of catastrophic cyberterrorism. It is in everyone’s interest that Symantec reach out to the government and to let the public know which organisations may be compromised.

According to Pranesh Prakash, Policy Director at the Centre for Internet and Society and Bruce Schneier, a globally recognised security expert, the lack of knowledge regarding which organisations were targeted reduces people’s trust in the Internet across the board. In an email response, Schneier wrote, “Symantec has an obligation to disclose the identities of those attacked. By leaving this information out, Symantec is harming us all. We all have to make decisions on the Internet all the time about who to trust and who to rely on. The more information we have, the better we can make those decisions.”

Looking at it in the other direction, it is not apparent whether the government has asked Symantec and Kaspersky for more information and a disclosure of who the targets were. After all, if government systems were breached, it is a matter of national security. If the government has indeed reached out and received more information, it has an obligation to let the public know.

What other governments and private companies are belatedly learning is that it is better to proactively disclose the breaches before the information gets out through other parties. When US retailer Target came under attack, its data breach was first revealed by security reporter Michael Krebs. Target was criticised for not coming forth itself and faced several lawsuits. In the US, most states and jurisdictions have laws that require companies to disclose data breaches, although transparency advocates point out that there is great variation on how long companies can wait to disclose and what events trigger a mandatory disclosure. In Europe, telecoms and Internet Service Providers must report a breach within 24 hours and other organisations have 72 hours.

India has no mandatory disclosure law in the case of data breaches at government or private organisations, Prakash said. It is something that CIS supports and had proposed since 2011, he added.

According to Schneier, a mandatory disclosure law would also be valuable if confidentiality agreements would otherwise prevent a security firm such as Symantec from disclosing names of targets.

Finally, private companies need to understand that they are not doing themselves any favours by remaining silent on the matter. Even if Suckfly or its clients do not use the information they may have gained, the lack of disclosure by the targets will weaken trust in online commerce and financial transactions, says Prakash. For example, looking at e-commerce, while it is true that e-commerce has grown rapidly in India, a study in 2014 by YourStory and Kalaari Capital found that lack of trust and doubt about online security were hurdles for 80% of people who had never made an online purchase.

When an organisation lets the public know that it has been breached, users of the service or site can evaluate what action they need to take. For example if a person uses the same password across multiple sites, they would know they needed to change the password at the other sites. Depending on the breach they would also be able to alert credit card companies as well as friends and family.

As the KPMG report states, cyber attacks are only going to become more common. Despite multiple warnings, the response on the part of the Indian government and private organisations has been quite underwhelming. The government needs to proactively monitor and respond to attacks. Lawmakers need to pass laws establishing privacy policies and mandatory disclosures. Companies will also need to invest in better security practices as well as gain public trust by reacting to breaches promptly and letting the public know what they are doing to recover from them.

For more details visit https://cis-india.org/internet-governance/news/the-week-sushil-kambampati-september-21-2016-india-is-unprepared-for-future-cyber-attacks

Is India Ignoring its own Internet Protections?

praskrishna — 2012-01-17T05:33:40Z

India’s information technology law of 2008 limits the liability of Internet companies for material posted on their Web sites by users, including anything government regulators deem objectionable. The firms are supposed to be notified of offensive content — by users or the authorities — and then remove it when legally warranted.

If that’s how the system is supposed to work, then why did the Indian government just sanction a criminal lawsuit against Google, Facebook and 19 other companies that all but ignores those protections in the information technology law?

That is one of the most puzzling elements of the legal drama over free speech on the Web that is unfolding in New Delhi.

The case against the companies, brought by Urdu weekly journalist Vinay Rai, accuses them of violating various provisions of India’s criminal code by allowing material that is mocking or offensive to religious and political figures to stay on their social networking sites. There are charges of inciting communal passions and disturbing public order – catchall stuff normally meant to give police tools to rein in hooligans.

The punishments for these criminal offenses can include several years of jail time and stiff fines. That these elements of the criminal code are now being used to target Internet companies is somewhat bizarre, especially when one considers the apparently careful lawyering that went into drafting protections for Internet companies a few years ago.

As Google and others fight the charges – today they are continuing an appeal in Delhi High Court to quash the case – they will likely make the case that the courts cannot ignore India’s I.T. law. “It isn’t a trivial defense – the court cannot dismiss it,” said Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, a civil liberties advocacy group. “The I.T. act provides immunity to (Internet companies) and that should be the default starting position.”

A spokesman for India’s telecom ministry did not immediately respond to a request for comment. We’ve described Mr. Rai’s rationale for filing the lawsuit in a separate post.

The crackdown on Web companies couldn’t come at a worse time for the emerging Internet sector in India, which many analysts believe has a potential to grow from about 100 million users to more than 300 million within a few years if nurtured. Facebook and Google representatives declined to comment on the case.

The protections for Internet firms are fairly clear in Section 79 of the 2008 law, known as India’s I.T. Act Amendments. An “intermediary,” or Internet firm, “shall not be liable for any third party information, data or communication link.” There are several caveats, of course – the company can’t initiate or solicit the harmful post and can’t coordinate with the offender. Under the rules that India put into place last April to implement the act, companies must remove material that is “grossly harmful, harassing, blasphemous, defamatory” as well as anything “ethnically objectionable, disparaging” or “otherwise unlawful in any manner.”

Internet companies and civil society advocates weren’t happy with those guidelines, finding them far too draconian and subjective. But at least the law required that the companies be notified of such content and be given a chance to remove it within 36 hours. (The punishments for not removing offensive content within 36 hours would depend on the underlying laws governing that content in India; in general, prison time and fines would both be possible.)

In the case of the Vinay Rai lawsuit, such procedures don’t appear to have been followed. Google has told the court it hasn’t seen the allegedly offensive material or been notified about it. Mr. Rai says he didn’t flag the content to Google or others, because he believed his duty as a citizen was to notify the government.

What was the point of passing the I.T. law if it’s being swept to the side?

The article by Amol Sharma was published in the Wall Street Journal on 16 January 2012

For more details visit https://cis-india.org/news/is-india-ignoring-its-own-internet-protections

Is freedom of expression under threat in the digital age?

praskrishna — 2013-02-03T10:50:52Z

This week Index held a high level panel debate in partnership with the Editors Guild of India and the India International Centre to discuss the question “Is freedom of expression under threat in the digital age?” Mahima Kaul reports

This post by Mahima Kaul was published in Index on Censorship on January 18, 2013.

Index on Censorship, in partnership with The Editors Guild of India, hosted a debate in New Delhi on Tuesday (15 January) asking, “Is freedom of expression under threat in the digital age?” Discussing the topic were Ajit Balakrishnan (founder and Chief Executive of rediff.com), Index on Censorship CEO Kirsty Hughes, Sunil Abraham (Executive Director of the centre for Internet and Society), and Professor Timothy Garton Ash, Director of the Free Speech Debate project.

Sunil Abraham questioned the idea of technology specific “internet freedom” that has been advocated by many not least the US Secretary of State Hillary Clinton. He said there was for instance much greater freedom and diversity on Indian TV than in the US. He also argued that that this freedom does not seem to extend to a right of access to knowledge, as demonstrated by the charges brought against open access activist and developer Aaron Swartz, who committed suicide earlier this month. Swartz was facing charges for allegedly downloading 4.8 million academic articles from subscription-only digital library JSTOR.

Abraham said one unintentional effect of censorship by governments is that it teaches citizens how to protect themselves online. Finally, he questioned the Indian government’s draconian laws and arbitrary actions in the digital realm, wondering whether this is the authorities’ way of warning future netizens about “acceptable online behaviour”, to condition the public not to criticise the government and to create a chilling effect.

Digital

Is freedom of expression under threat in the digital age?

18 Jan 2013

This week Index held a high level panel debate in partnership with the Editors Guild of India and the India International Centre to discuss the question “Is freedom of expression under threat in the digital age?” Mahima Kaul reports

Freedom of expression is always under threat and in need of defending, argued Timothy Garton Ash. However, he didn’t think the threat was particularly high today in the digital realm — rather the threats to privacy were what were particularly concerning online. With 76.8 per cent of India’s 1.2 billion population connected by mobile phone, there is an extraordinary opportunity for the prevalence of freedom of expression brought about by new technologies. But he said there are also a lot of challenges to free expression in India — and that “swing states” such as Brazil and India will be very important in determining where the global conversation goes on freedom of expression

Ajit Balakrishnan, founder of web portal Rediff.com, explained that many of the problems that have occurred in the digital realm in India have to do with poor drafting of legislation. He was particularly concerned about intermediary liability and explained why and how intermediaries roles needed protecting. He also explained that government officials have genuine problems with phrasing, and that when it comes to the application of these laws, understanding them and when they should be applied will take another 25 years. He added that the country is challenged by a legal system ill-equipped for coping with new technologies.

Kirsty Hughes said that freedom of expression is a universal right, meant to be applied across borders not just within countries. She said that while the digital domain allowed a big expansion in freedom of expression there were risks we are heading towards a more controlled net, a partially censored net, and a fragmented net (for instance with Iran attempting to build its own internet disconnected from the rest of the world). She said that some of the negative reactions by government to social media in India were seen to in the UK where there had been a trend towards criminalising supposedly offensive comment — although the new interim guidelines on social media prosecutions were a step in the right direction. Hughes emphasised three main concerns — state censorship, privatisation of censorship and the role of big companies, and mass surveillance. She pointed out that the British government had pushed for extensive surveillance with the Communications Data Bill, but this has now been shelved after a critical report from MPs.

Ramanjit Singh Chima, policy adviser for Google, said that the question is not about absolute freedom, but about what is appropriate and lawful. He emphasised that in the US, judges had strongly defended free expression online as they saw the digital world as a powerful space for free exprssion. He pointed out how effective social media tools, including Google’s own products, have become in helping during emergency situations like natural disasters and terrorist attacks. He also pointed out that the internet is not only about free expression but business as well. The internet contributes to 1.6 per cent of India’s GDP. Singh Chima said positive judgements by US and EU courts protect the users, adding that regulation for the net should be appropriate for its engineering.

For more details visit https://cis-india.org/news/index-on-censorship-mahima-kaul-january-18-2013-is-freedom-of-expression-under-threat-in-the-digital-age

Is freedom of expression under threat in digital age?

praskrishna — 2013-01-17T06:16:09Z

With social networking site Facebook boasting of 1 billion members globally and micro-blogging site Twitter claiming millions, opinion was divided on whether the freedom of expression was under threat in the digital age.

This article was originally published by Indo Asian News Service on January 16, 2013. It was also covered in Business Standard, Vancouver Desi, DNA, and Tech2. Sunil Abraham is quoted.

"Censorship of content should be the last resort as curbing a particular content online actually amplifies its spread over the internet," said Sunil Abraham from Centre for Internet and Society.

He was speaking at a panel discussion organised by London based Index on Censorship and the Editors Guild of India on the issue at the India International Centre Tuesday evening.

"The government has refused to amend Section 66(A) of the IT Act which is used to curb free speech on the net," said Guild chief TN Ninan who moderated the debate. "The law treats digital media differently than the print media," he said.

Director of Free Speech Debate, Oxford University, Timothy Garton Ash said, "There was no threat to the freedom of speech as internet was actually an opportunity for spreading freedom of expression."

India with the large number of net users could act as swing state between two extremes of China which is trying to control the net and the US which champions free speech, he said.

"The question is what are the legitimate limits of free speech rather than asking for unlimited speech," said Ash.

Ajit Balakrishnan, CEO and founder of online portal rediff.com, said "there was a sense of powerlessness among nation states as only local laws applied to any such violations."

He said the internet was not so democratic as it sounded as the actual numbers of users who posted content on Facebook were just 8-9 million while the rest just watched. The same was with Twitter with just 7-8 percent users actually posting messages.

Kirsty Hughes, CEO, Index on Censorship, said "freedom of speech was universal" while noting a "worrying trend that increasingly governments were moving to control the internet."

"The risks of such controls are that we could have a much more controlled, censored and fragmented internet," she said.

Ramanjit Singh Chima of Google India stressed on the need to have laws to protect internet freedom as such curbs affected livelihood of many users and contributed to local economies.

He said the internet allowed people to instantly collaborate and publish critical information during emergency situations.

For more details visit https://cis-india.org/news/ians-news-is-freedomexpression-under-threat-in-digital-age

Is free speech an Indian value?

praskrishna — 2013-04-30T07:18:10Z

Is freedom of speech and expression deeply accepted in Indian society? Or is it merely a European cultural import that made its way along with the English language and appeared in the Constitution because of the founding fathers' genius? Satarupa Sen Bhattacharya reviews Freedom Song, a film and connects the dots.

Satarupa Sen Bhattacharya's blog post was published in India Together on April 27, 2013. Snehashish Ghosh is quoted.

Debates on freedom of speech can be traced back to the earliest evolutions of human society, but if there is a time which could be considered most apposite for this debate to come to the fore and dominate public thought and discourse, this surely would be it for Indian society.

From the banishment of literary icons such as Salman Rushdie to repeated assaults on artists and cartoonists seeking to express their viewpoints through their art, and even the gag on the common man’s voice in traditional and new media, freedom of speech and expression has found itself under fire increasingly and in the most alarming of ways.

Is India as a nation becoming more intolerant of contrarian perspectives, or is it merely that voices seeking to stifle dissent are now amplified, thanks to a greater number, as well as newer forms, of media covering this debate?

Can India really achieve free speech in the way that its founding fathers conceived of and constitutionalized it?

These are the questions probed in Freedom Song – a 52-minute documentary from the Public Services Broadcasting Trust, co-directed by veteran journalist, author and academic Paranjoy Guha Thakurta and Professor Subi Chaturvedi.

Freedom Song, the film

Interestingly, since the time Freedom Song was conceived of and filmed, the clamp-down or attacks on free speech in India have only become more frequent and flagrant. This was made much before the time that Salman Rushdie, in almost a repeat of the 2010 Jaipur Lit-fest incident, was stopped by the state from attending the screening of Midnight’s Children in Kolkata; or when two young girls from Palghar in Maharashtra were arrested by the police merely because one of them had questioned on Facebook the derailment of normal life in Mumbai following Balasaheb Thackeray’s death and the other had ‘liked’ it; or even before the long-awaited Kamal Hassan film Vishwaroopam was banned for purportedly offending the sensibilities of a religious community in a few scenes, which the director eventually had to agree to censor in order to ensure that his creation could reach the audience.

Freedom Song, the documentary, chronologically precedes all of these as well as the debate and outrage over sociologist Ashish Nandy’s remarks on corruption and backward castes; yet, when one sees it now, recalls the numerous incidents highlighted in the film, and hears the debates that rage on, the larger context and culture that has facilitated the perpetuation of suppression become clearer. It also drives home, disturbingly, the alarming regularity with which speech and expression have been muffled. It can thus be seen as a commentary on the gradual but consistent build-up to the current climate where there is an almost systematic and continuous crackdown on free speech whenever it inconveniences the powers-that-be.

Gags on expression - recent incidents

In July 2010, when T.J. Joseph, a professor of Malayalam at the Newman College in Thodupuzha (Ernakulam district) in Kerala was arrested by police following a controversial examination question set by him, allegedly containing disparaging remarks about the Prophet Mohammad. He was released on bail but suspended from his post following protests by Islamic organizations. But suspension wasn’t the last of Joseph’s tribulations: he was brutally attacked by a gang of men who chopped off his hand at the wrist with an axe. He was also stabbed in the arms and legs. While Joseph’s hand was stitched back in a 16-hour-long operation, even as he was recuperating, his college terminated his services on grounds that he had offended the religious sentiments of students. He was also stripped of all benefits and pension.

Curiously, Joseph himself distances the entire incident from the issue of freedom of expression. In his conversation with the film-makers he says that whatever happened could be interpreted as attempts to meddle with and dilute academic independence in the state. “The incident is not related to the issue of freedom of expression...external attempts to break down communication between students and their teacher was at the core of the entire episode,” says Joseph. Even Union Minister for Human Resource Development Shashi Tharoor, who hails from the state himself, attributes this incident to the act of some anti-social fringe elements who masquerade as representatives of a particular community. But these arguments from the victim himself, and an eminent authority, cannot resolve the question of his expulsion from service. Nor can they address the fact that the atmosphere of tolerance in the country is such that anti-socials can hijack as simple an academic exercise as question-setting to their advantage and perpetrate such atrocities.

A more recent incident highlighted in the documentary is the arrest and detention of Ambikesh Mahapatra, a professor of Chemistry in Jadavpur University of West Bengal for forwarding a set of cartoons that allegedly defamed Chief Minister Mamata Banerjee. Shortly after the dismissal of Union Railway Minister, Trinamool’s Dinesh Trivedi, and his replacement by Mukul Roy, the widely-circulated cartoon showed Roy and the CM having a conversation along the lines of one in a very popular Satyajit-Ray film, conspiring to get rid of Trivedi.

Ambikesh was not the creator of this cartoon – as he himself says, he received it on a forwarded email. Amused by it, he wanted to share it with his friends. Thus he forwarded it again to over 60 members of his housing co-operative society, some of whom happened to have affiliations to the party in power. This action led to the professor being arrested and charged under IPC Sections 509 (insulting the modesty of a woman), Section 500 (defamation) and Section 66 A of the IT Act (causing offence using a computer). He had to spend a night in jail before he was released on bail the following afternoon.

However, charges against the professor have since been dropped and the West Bengal Human Rights Commission (WBHRC) ruled that the state police were indeed guilty of harassing the professor (and one of his colleagues, who had also been arrested).

Paranjoy Guha Thakurta, co-director of Freedom Song

Muffling creativity

One thing that stands out pretty sharply in Freedom Song is the deep angst shared by the creative fraternity in the country over the assault on free speech. Perhaps, by dint of being that section of society which is most inclined to spontaneous and non-conformist expression, they also constitute one of the most vulnerable groups when it comes to being restrained or gagged.

One of the darkest chapters of suppression of artistic expression in India relates to the forced exile of iconic painter M F Hussain during the last days of his life, after being targeted for his nudist depictions of Hindu Gods and Goddesses. Sadly, as artist Arpana Caur points out, such waves of intolerance or fanaticism fail to factor in either subjective value judgments (how deeply Hussain must have loved Hindu culture and mythology to actually apply his creative instincts to bring it alive) or objective facts (that the nudist paintings were actually done in the ancient Khajuraho tradition of figurative depiction, it was not something Hussain had developed).

Often, the gag on works by artists and writers has transcended to direct discrimination against the person himself. The state of West Bengal banned exiled Bangladeshi author Taslima Nasreen’s book “Dwikhandito” in 2003 on fears that it would stoke communal disharmony. When human rights activists challenged the decision in Court and managed to win rulings on her behalf, the writer herself was banished from public life in the state. She was unceremoniously asked to leave the state in 2007, after violent protests against her by fundamentalists. Much later in 2012, even after the political reins in the state had changed hands, the launch of her book at the Kolkata Book Fair was cancelled upon threats of protest.

One of the most heart-rending is the story of Pakistani singer Ali Haidar, who confesses to being almost brainwashed, in one of his weakest moments, by radical elements into believing that the loss of his child was in fact a retribution for him having taken up music as a profession.

The feeling of anger, frustration and even a sense of bewilderment among the artists, writers and performers interviewed in the documentary is almost palpable. As Rajiv Lochan, Director of the National Gallery of Modern Art, says, “Freedom of expression, creative freedom…in simple words, that is the only freedom you are born with...” The unuttered question of how anyone can take that away from you hangs heavy in the silence.

If artists are the most vulnerable, they are also perhaps the most resilient. In the context of the various cartoon controversies that this nation has seen and the proscriptions of cartoonists from Shankar to Aseem Trivedi, eminent political cartoonist Sudhir Tailang says, “We cartoonists know only one way of protest, which is the most peaceful, Gandhian way…you do what you want, we’ll draw a cartoon…and more cartoons… we’ll flood you with cartoons.”

The defiance and rejection of censorship is also strongly voiced by noted danseuse Mallika Sarabhai, who talks of the various forms of attack and insult that she has been subjected to for her unconventional presentations and activism, but asserts that despite all of it, she feels it is her “dharma to go on.”

The language barrier

Perhaps unwittingly, Freedom Song tends to favour the premise that freedom of speech as a principle in India is largely a preoccupation among the English-educated, intellectual and creative segments of the populace. Even the musical score that has played such a dominant part in invoking the spirit of freedom throughout the film seems to underline that - from the refrains of Bob Marley’s ‘Won't you help to sing these songs of freedom,’ to the remixed pop version of ‘Raghupati Raghav Raja Ram’ that one hears in parties and joints in India’s westernized urban landscape.

How attuned to the issue of free speech is the wide majority of India, the section that still follows vernacular media and are relatively distanced from the constructs of Anglo-Saxon influence? The verdict on the linguistic divide does not emerge with clear certainty when we talk to intellectuals or thought leaders from various parts of the country.

In the words of academic Subhoranjan Dasgupta, a professor at the Kolkata-based Institute of Development Studies, mainstream Bengali media has played a big role in highlighting transgressions of freedom of speech and expression every time it has occurred, irrespective of the political regime in power at the time.

"Whether in the case of the ban on Taslima Nasreen or the arrest of Professor Mahapatra, local media - and especially two widely-followed dailies, the Anandabazar Patrika and Ei Shomoy - have been audibly vocal and consistent in their coverage of these incidents," says Dasgupta. "Irrespective of political ideologies, the common man in Bengal knows that Taslima Nasreen got a raw deal or that what happened to the professor was not acceptable," he adds. Ostensibly, the role of local media in such public consciousness cannot be written off. In a way, it might not be an exaggeration to say that the voices of these publications have been instrumental, to a large extent, in ensuring that these issues grab the eyeballs of the largest number possible, and hence gain traction.

And yet, a completely different picture emerges as one reaches out to another part of the country. Badri Seshadri, Publisher, New Horizon Media - a Chennai-based company that publishes books in Tamil, and an active blogger, feels that notions of freedom, or free speech, are essentially offshoots of the modern era which have found a voice in our country primarily through English media.

Seshadri goes back to the freedom struggle in India when many among the noted thought leaders and freedom exponents wrote both in English and the local language. In those days, the discourse on freedom of thought and expression were perhaps more at par across spheres. But with the dying trend of bilingual writing, intellectual writing increasingly gravitated towards English. Today, the gulf between English writers and regional writers has become so huge in his state that even the most fundamental of issues are discussed in vocabularies that cannot bridge the schism. Issues pertaining to secularism and democracy are viewed with a completely different lens in vernacular media, and those pertaining to liberalism, not at all.

"Take the case of the most recent ban on Kamal Hassan's Vishwaroopam," points out Seshadri; "this was not a film made in Hindi or English that you could assume to be emotively disconnected from the Tamil mindspace. It was a film that had been made by one of the cult film personalities of the region, and yet even as the national English media followed this issue and consistently questioned the violation of an individual's right to creative freedom, deliberations in local channels and publications were strangely muted and focused only on whether or not the disputed scenes in the film could be considered to be offensive to the Islamic community. The larger debate on whether one has the right to offend, in an impersonal way, was completely missing." Those who want to toe the line of liberalism either through their writing or new media are dismissed as harbouring "fancy" ideals or pandering to Western sensibilities.

Guhathakurta, himself, disagrees with the claim that free expression is essentially a Western construct or that debates around it are restricted to the chattering classes in plush drawing rooms. “It is something that concerns every common man,” he says, referring to the case of Laxmi Oraon, the teenaged tribal girl who was stripped, beaten and molested in the streets of Guwahati, where she had been part of a peaceful protest rally, seeking the inclusion of 80 lakh Adivasis living in Assam in the ST category. Traumatised and deeply angered by the brutal injustice meted out to her and the lack of legal redress, Laxmi eventually even contested the Lok Sabha elections, points out the director in order to elucidate the struggle that even the most marginalized take part in to press for their fundamental rights.


A still from the documentary Freedom Song. Pic: PSBT India via Youtube

"Reasonable” restrictions

Despite the continuous infringements on artistic and even individual expression, what emerges from the film is not a blanket wave of intolerance that is engulfing society but rather certain powerful groups with vested interests who are driven either by fanaticism for their ideologies or by the lure of political mileage to raise voices against freedom. In the age of 24x7 channels, their voices gain in both volume and pitch and new media enables greater visibility and debate around it.

As Tharoor says, “The government has the lowest level of tolerance possible because it cannot be seen as offending anybody who is held precious by any segments of Indian society.”

Veteran journalist Saeed Naqvi points out, “You have a whole link between the politician, the vote bank and the proprietor. Therefore, the freedom of the press, while this trio exists, is under threat.”

But having said all of the above, it is also clear that defining freedom, especially in an absolute sense, is in itself a huge challenge that most of society acknowledges. More so, in the context of Article 19 (2) of the Constitution which itself allows the state to impose “reasonable restrictions on the exercise of the right...in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.”

Senior journalists such as Rajdeep Sardesai are quoted in the documentary, expressing their support for such ‘reasonable restrictions’ to combat the spread of expression or opinion that fuels divisiveness or hatred in society. But the fact remains that such restrictions not only add a qualifier to freedom as enshrined in the founding principles, but also create the larger question of ‘who decides?’

Young India however would prefer to see Article 19 (2) as an enabler rather than as a veto. As Apar Gupta, an advocate of the Supreme Court says in the film, he would like to believe that the incorporation of “reasonable restrictions” was done with a view to ensuring that the Constitution does not remain a static document and does not apply only to fixed definitions of facts and circumstances. Certainly not with the objective of curbing any form of dissent or deviation from convention.

Fali S. Nariman, senior advocate to the Supreme Court and a constitutional jurist, also points out very pertinently that the range of restrictions in 19(2) does not include public interest.

Reality does not bear that out though; especially when one looks at the many recent instances of arbitrary impositions of Sec 66A of the IT Act in booking individuals for expression of their opinion and stances through channels offered by new media and Internet. The documentary in itself does not delve deep into the challenges and threats to freedom of expression that have emerged in the FB/Twitter era, perhaps because many of the most volatile and controversial cases surrounding freedom of speech on the Internet occurred after the film was made. But a new debate is brewing in India, especially after the Palghar incident or the arrest of a Puducherry businessman for allegedly posting 'offensive' text on the micro-blogging site Twitter about the son of an Union Minister.

Snehashish Ghosh, a lawyer and Policy Associate at the Centre for Internet and Society, Bangalore, says, “Essentially, there are eight restrictions on freedom of speech and expression as enumerated in Article 19(2) of the Constitution. The Supreme Court in many cases has held that these reasonable restrictions should be construed narrowly and with due regards to the value of freedom of speech in a democratic society. Section 66A in its current form goes well beyond the restrictions laid down under Article 19(2). Therefore, it is liable to be struck down for being in violation of Article 19(1)(a) of the Constitution.”

Snehashish also feels that technologically, in the present time, it would be near-impossible to 'monitor' the Internet. As far as regulations are concerned, there are laws already in place which ensure the implementation of reasonable restrictions. For example, the Indian Penal Code, 1860 already covers offenses such as incitement of violence, obscenity, criminal intimidation and outraging religious sentiments. The laws which are being applied offline are well equipped to deal with offenses committed online. There is no need to have extraordinary laws where ordinary laws suffice.

But in a country that appears to grow increasingly thin-skinned with time, the import of such logic could well be lost.

Access and freedom

Interestingly, Freedom Song begins with a series of frames capturing the widely different and divergent faces of Indian society, fast moving scenes juxtaposing the educated, affluent sections of urban India against the child who performs on sidewalks to earn his bread or the old emaciated man getting his night’s sleep on the pavement. The clear correlation between access – to basic needs, education and media – and the very consciousness of freedom is hard to ignore.

“Freedom to me is the ability to do what I want, where no one tells me to do anything” says one child on screen, evidently from an English-speaking, relatively privileged background; but one cannot help feeling that his coherence and articulation on freedom would be hard to come across in the children on the streets who are filmed in some of the previous shots.

The point that access to the very basic necessities of life is a necessary condition for freedom of expression is driven home by social activist Ram Bhat in the documentary, who says that despite the technologies aiding free expression, and the profusion of players in this debate, talk of freedom of speech will be pointless unless the problem of access is solved. In its absence, such freedom will remain the privilege of a few.

On balance, in all the voices that emerge from our conversations, and the many more episodes that Freedom Song, the documentary narrates, the only thing that can be concluded without doubt is the challenge of establishing freedom as a perennial or permanent concept in a country as complex and diverse as India. A truly effective and desirable state of free speech and expression can only evolve out of a continuous, fearless, rational dialogue between society and its stakeholders, in which all voices are expressed and heard.

Whether India, as a whole, can facilitate such a dialogue is going to be the moot question in the times to come.

For more details visit https://cis-india.org/news/india-together-april-27-2013-satarupa-sen-bhattacharya-is-free-speech-an-indian-value

Is Facebook tracking your virtual footprints?

praskrishna — 2011-11-24T03:02:00Z

Social media experts claim number of cases of privacy violations against the site has increased in past few months; Facebook rubbishes the allegations. This article by Sheetal Sukhija was published in MidDay on 22 November 2011.

If you thought your online footprints would be erased by merely clicking on the 'delete web history' option and no one would ever know about your virtual movements, think again.

For, some popular social networking sites have been accused of tracking their users' movements on the Internet even when they log out from the sites.

According to reports in the international media, Facebook, the virtual face of around 80 crore people across the globe, is battling a series of legal cases for alleged violating users' privacy worldwide.

While the social media giant has categorically said that they have not misused any user data, internet experts have dubbed the website 'the big brother of new media'.

"Many users claim that when they log onto their accounts, Facebook automatically installs a cookie onto a user's browser, which keeps tracking their movement on the internet.

We believe that Facebook might be using this just to boost their marketing and not to sell this data to any third party," said Sunil Abraham, Executive Director, Centre For Internet and Society.

Experts also believe that using such strategies have now made Facebook the world leader when it comes to credible demographic information.

"Facebook has achieved the status of possessing the most accurate demographic information. It is a credible source to understand consumer habits of a single unique user and even user groups. However, using such information is surely a violation of privacy," he added.

Former member of NASSCOM, Pratap Reddy, believes that often people ignore the 'fine print' or the agreement page while creating an account on a social networking site or elsewhere on the net. "When users sign up on these social networking websites, they often ignore the fine print.

When legal cases come up, companies often defend their stance by saying that their agreement page (or privacy policy page) mentioned all such things and make up a leeway for themselves," argued Reddy.

He added, "This is surely a violation, but there is also a positive side to this. Such websites are only trying to facilitate users better, based on their past web history. This helps them put you onto people/issues/topics that you have previously searched - like a mediator," added Reddy.

All about marketing?
Experts argued that this is not for the first time a website is being sued for such an act. In the past, Google, Adobe, Microsoft, Yahoo and other online advertising agencies too have been criticised for using such controversial tracking cookie technology.

According to reports, users from across the world have been taking legal recourse after pointing out that Facebook used cookie technology to track their virtual movements even after they have logged out of the social networking site.

Australian blogger Nik Cubrilovic is the latest user to join the growing list of people suing the website for violating federal wiretap laws, reported a UK-based tabloid.

The other side
Defending their stance, Facebook argued in its official statement that they are not tracking users across the web.

Facebook's official stance: Facebook does not track users across the web. Instead, we use cookies on social plugins to personalise content, to help maintain and improve what we do, or for safety and security.

No information we receive when you see a social plugins is used to target ads, we delete or anonymise this information within 90 days, and we never sell your information.

Specific to logged out cookies, they are used for safety and protection. They are used for identifying spammers and phishers, detecting when somebody unauthorised is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birth date, powering account security features such as 2nd factor login approvals and notification and identifying shared computers to discourage the use of 'keep me logged in'.

Security tips
Internet security software experts suggest that installing strong anti-virus software would be the first step towards protecting your privacy.

Installing an anti-virus software
Every such software has a social network control option that prompts users when any unsolicited cookie is installed. By using this option, a user holds the right to refuse such installations.

Read the original article published in MidDay here

For more details visit https://cis-india.org/news/facebook-tracking-footprints

Is Facebook too powerful without legal safeguards?

Admin — 2018-03-25T01:38:57Z

The absence of a data protection law and a competition watchdog to oversee Internet companies are key shortcomings, according to some experts.

The article by Vidhi Choudhary was published in Hindustan Times on March 24, 2018

It’s time India moves to put in place legal safeguards to contain the potential harm that Internet giants like Facebook Inc. can cause, experts say, amid a raging scandal over access gained by political marketing firm Cambridge Analytica to user data on the social media network. India is a key market for Facebook with 217 million people using the platform every month.

Concerns centre around protection of user privacy and freedom of speech, harassment by Internet trolls, spread of misinformation and fake news, said Apar Gupta, a Delhi-based lawyer who is part of Save The Internet , a group of individuals and non-government organisations fighting to preserve net neutrality. It’s time to take stock of the concerns and the sufficiency of India’s legal framework to address them, Gupta said.

“Companies like Facebook have grown too big and too powerful without adequate legal safeguards,” he said.

On Thursday, Facebook founder and CEO Mark Zuckerberg pledged to stop the misuse of user data on its site to manipulate voters in India,Brazil and the US. The social media network is under scrutiny after a whistleblower alleged that London-based Cambridge Analytica accessed user data to prepare voter profiles that helped Donald Trump win the US presidential election in 2016.

Information technology and law minister Ravi Shankar Prasad on Wednesday warned social media platforms such as Facebook of “stringent action” in case of any attempt to sway the country’s electoral process. The government is considering a new regulatory framework for online content, including on social media and websites, Union minister for information and broadcasting Smriti Irani said on 17 March at the News18 Rising India Summit , conceding that the law is not clear about online news and broadcast content.

“We remain strongly committed to protecting people’s information. We have announced that we are planning to introduce improvements to our settings and give people more prominent controls ,” an India-based Facebook spokesperson said in response to an emailed query from Hindustan Times .” We have a lot of work to do to regain people’s trust and are working hard to tackle past abuse, prevent future abuse and will continue to engage with the Election Commission of India and relevant stakeholders to answer any questions they may have.”

The absence of a data protection law and a competition watchdog to oversee Internet companies are key shortcomings, said Sunil Abraham, founder of the think tank Centre for Internet and Society.

“Evil is a function of power. As internet giants get bigger and bigger, they’ll become more and more evil. In fact, in jurisdictions like India, where we don’t have a data protection law and a sufficiently agile competition commission to take on these Internet giants, they can do whatever they want to..,” said Abraham.

Internet networks have helped undermine the business model for real news and replace it with a vibrant fake news model, in the process cornering the lion’s share of the digital advertising revenue, said Abraham . Facebook and Google dominate the Rs 9,490 crore digital advertising market in India.

“Since they don’t see themselves as a media company, their primary objective is to maximize the amount of time their users spend on the platform,” he said, adding that social media networks aren’t concerned whether the content they present is the truth or lies

“It would be laziness on our part to just blame Facebook and then feel morally superior. We have to regulate them using competition law and a data protection law so that they behave themselves on our jurisdiction,” Abraham said.

The legal framework for Indian social media users is limited. Section 43 (A) of the IT Act operates merely as a data security law applicable only to someone whose privacy has been infringed and can demonstrate that he/she has suffered a financial loss in the process.

“Whatever is known from the Cambridge Analytica episode is that none of the users have lost money or property but democracy has been undermined. So we cannot use the IT Act in India to save our democracy,” he said.

Facebook operates in an opaque manner in the manner in which it regulates content, said Geeta Seshu, consulting editor for media website The Hoot.

“When complaints are launched, they are upheld if they meet Facebook’s so-called community standards. Often users who are dissenting voices against hate or discrimination or misogyny have found themselves blocked. The process to appeal back to Facebook is very arbitrary. Users spend months and years being blocked on the platform. Facebook manipulates user data, when it decides to use algorithms to push content or boost certain articles for a certain sum of money,” she added.

In December, Alex Hardiman, head of news products at Facebook, said restoring trust and credibility to news on Facebook is one of the biggest priorities for the company.

“There is a lot that we are doing to make sure that we eradicate any false news or misinformation on Facebook. We’ve found that false news is actually a very small percentage of content. But there were a lot of financial motivations for posting false news,” she said in an interview to Mint when he was in Delhi to attend the Hindustan Times Leadership Summit. “So, one of the first things we have done is remove any financial incentives. We have also done a lot to make sure we can quickly identify and remove fake accounts. Also, we have been doing a lot to better understand clickbait content and train classifiers to identify and downlink it.We have also started third-party fact-checking. We have partnered with third-party organizations in the US, France, Germany and a few other countries,” said Hardiman.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-march-24-2018-vidhi-choudhary-is-facebook-too-powerful-without-legal-safeguards

Is Data Protection Enough?

elonnai — 2012-03-22T05:28:51Z

The following note looks briefly at different sides of the privacy debate, and asks the question whether a Data Protection law is enough privacy protection for India.

In a recent article, Rahul Matthan explained how many threats to personal privacy come from a lack of data protection laws – particularly in the context of the UID – and he thus urges India to pass a law that is focused on data protection. He said, “We don’t question this lack of personal space. It is part of the compromise we make when we choose to live in India.” Though his argument has a surface appeal, there are also many cases emerging in the news today that suggest that India is concerned with a much broader scope of privacy than just data protection. In the DNA, a news article covered a recent court decision that concluded that watching pornography at home is not an obscenity and does not qualify as a public exhibition, even when there are visitors to the home. In that case, police arrested persons who hosted a party under section 292 (obscenity) of the Indian Penal Code for watching pornography and housing strippers. The judge ruled that the activities that were taking place were done in private and thus did not amount to an offense under section 292. This is an important decision about the protections of spatial privacy being afforded to individuals. The bungalow was considered a private space, and the computer a private possession. In other words, India does have a greater understanding of privacy and the need for its protection, and it extends beyond data protection. In another news item, the Hindu reported that 5,000 to 6,000 phones are tapped on average daily. The article speculated that this number could increase in response to the 2G scam and other scams that are coming out. The type of privacy violation that wiretapping poses is likewise not a question of data protection, but of how a nation guards against an unwanted invasion of personal space and when security takes precedence over privacy. Are Indian citizens willing to subject themselves to phone taps to try to eliminate – or at least minimize – the number of scams that are occurring? In yet another news item, it was reported that in the North, councils are attempting to ban the sale of cell phones to unmarried women to help prevent unsolicited affairs with members from different castes. This again raises questions not of data protection or informational privacy, but of personal privacy. How will phone companies know that a woman is married? Will parents suddenly begin regulating their daughters’ phones? Does an existing legislation afford protection to women in this situation? Though data protection is a component of privacy, it is only one component. There are many definitions of privacy, and privacy in itself is somewhat of a difficult word to define, but India should recognize that there are privacy protections and privacy debates that extend beyond data protection. It is too easy to characterize India as large and communal and overlook these important questions.

Returning to Rahul Matthan’s article, Matthan says, “The vast majority of our country that remains under-served by the government will gladly exchange personal privacy for better public service.” I was particularly intrigued by this statement, because it suggests that privacy is an expendable right, and that government service cannot improve without privacy compromises. The logical extension of this concept is that privacy is not a fundamental right but only a consumer issue, and that policymakers can always trade off privacy in exchange for better public benefits, for better security, and for cheaper products. A legal system needs to address the case at hand, but it needs to be mindful of the larger consequences as well. There is no doubt that the UID project demands a data protection law, but India is facing questions of privacy that extend beyond data protection, and the steps that are being taken to answer those questions need to be applauded and brought into the current debate. If we legislate away rights, we must do so by weighing the cost and finding it acceptable.

Sources

http://www.thehindu.com/news/national/article905944.ece

http://is.gd/hJWD8 http://is.gd/hJWSX

http://news.yahoo.com/s/afp//lifestyleindiatelecommarriage

Matthan, Rahul. The Mint:Technology. Nov. 24 2010

For more details visit https://cis-india.org/internet-governance/blog/privacy/is-data-protection-enough

Is CMS a Compromise of Your Security?

praskrishna — 2013-07-15T06:27:05Z

By secretly monitoring and recording all Indians through a Central Monitoring System, our government will end up making citizens and businesses less safe.

This article appeared in the Forbes India magazine of 12 July, 2013. Sunil Abraham is quoted.

Are you reading this article on your PC or smartphone? No? Do you own a smartphone? Surely a phone then?

If you also happen to live in Delhi, Haryana or Karnataka, then from April this year nearly all your electronic communication—telephony, emails, VOIP, social networking—has been sucked up under an innocuous sounding programme called the Central Monitoring System, or CMS.

There’s no way to tell if you are being watched really, because telecom service providers aren’t part of the set-up. In most cases, they may not even be aware which of their users is being monitored. Neither can you approach a government agency or court to find out more, because there’s practically very little oversight or disclosure. What the government does with the data—how it is stored, secured, accessed or deleted—we don’t know.

Unlike the US and other Western democracies where even for a large scale programme like Prism (leaked recently by 29-year-old whistleblower and now fugitive Edward Snowden), surveillance orders need to be signed by a judge. But in India most orders are signed by either the Central or state home secretary, says Sunil Abraham, executive director for Centre for Internet and Society, Bangalore. This leads to a conflict of interest as the executive branch is both undertaking law enforcement and providing oversight on its own work.

In most cases, the officials are overwhelmed with other work, and don’t have the time to apply their minds to each request. “There is supposed to be an oversight committee that reviews the decisions of home secretaries, but we don’t have any idea about that committee either,” says Abraham.

Meanwhile, government bodies like the R&AW, Central Bureau of Investigation, National Investigation Agency, Central Board of Direct Taxes, Narcotics Control Bureau and the Enforcement Directorate will have the right to look up your data. Starting next year, all mobile telephony operators will also need to track and store the geographical location from which subscribers make or receive calls.

“I see it as the rise of techno-determinism in our security apparatus. Previously, our philosophy was to avoid infringing on individual privacy, and monitor a small set of individuals directly suspected of engaging in illegal activities. Now, thanks to the Utopianism being offered up by ‘Big Data’ infrastructure, putting everybody under blanket surveillance seems like a better way to serve our security and law enforcement agendas more effectively,” says Abraham.

There is a real risk that CMS and the numerous other monitoring programmes that will subsequently connect to it will end up harming more Indians than protecting them.

The biggest risk is that these programmes will turn into lucrative ‘honey pots’ for hackers, criminals and rival countries. Why bother hacking individuals and companies if you can attack the CMS? We’ve seen private corporations and government agencies in the US, Israel and the UK getting hacked. So let’s not have any illusions that India is going to fare much better.

Another consequence is that sooner or later innocent citizens will be wrongly accused of being criminals based on mistaken data patterns. While searching for matches in any database with hundreds of millions of records, the risk of a ‘false positive’ increases disproportionately because there are exponentially more innocents than there are guilty. And in the near-Dystopian construct of the CMS, it will take months or years for such errors to be rectified.

As more Indians become aware of these programmes, they will adopt encryption and masking tools to hide their digital selves. In the process, numerous ‘unintended consequences’ of failing to differentiate law-abiding citizens from criminals will be created. What answer will a normal citizen offer to a law enforcement official who wants to know why he or she has encrypted all communications and hosted a personal server in, say, Sweden?

But arguably the biggest threat of 24x7 surveillance is to businesses. Security and trust are the foundations atop which most modern businesses are built. From your purchase of a gadget on an ecommerce site to a large conglomerate’s secret bid in a government auction to discussions within a company on future business strategies to patent applications—everything requires secrecy and security. All an unscrupulous competitor, whether it be a company or a country, has to do to go one-up on you is to attack the CMS and other central databases.

“The reason why the USA historically decided not to impose blanket surveillance wasn’t because of human rights, but to protect its businesses and intellectual property. Because while we may be able to live in a society without human rights, we cannot be in one without functional markets,” says Abraham.

He goes on to say that the recent disclosures around the various spying programmes run by the US have made the private surveillance and security industry very happy. “Each incident becomes a case-study to pit one country against another, forcing each one to cherry-pick the worst global practices in a dangerous race to the bottom. Civil society and privacy activists don’t have the resources to fight large vendors and so the only thing that will stop this is the leak of large databases, like that of 9 million Israeli biometric records a few years back.”

Recollecting the news about a family-business break-up some years ago, where two brothers agreed to split their businesses, the net result was one brother opted out of telephony services offered by the other. All of that is now moot. “There are no more shadows now. Nobody will have refuge and everybody will be exposed,” says Abraham.

For more details visit https://cis-india.org/news/forbesindia-article-real-issue-july9-2013-rohin-dharmakumar-is-cms-a-compromise-of-your-security