We are anonymous, we are legion

Panel Discussion on Internet Intermediaries, Law and Innovation

jyoti — 2015-06-14T16:37:56Z

CII, Google and Centre For Communications Governance, NLU Delhi hosted a panel discussion on June 2 in New Delhi. Jyoti Panday attended.

The Centre for Internet & Society (CIS) participated in the panel discussion on 'Internet Intermediaries, Law and Innovation' hosted by CII, Google and Centre For Communications Governance, NLU Delhi. The panel discussed the impact of the existing provisions on intermediary liability and innovation and sought suggestions and the way forward.

The panel was moderated by Dr Subho Ray, President, IAMAI

Other panelists included:

Mr Anupam Chander, Eminent Global Lawyer & Academician
Mr Apar Gupta, Advocate
Ms Mishi Choudhary, Founding Director , Software Freedom Law Centre
Mr J Sai Deepak, Associate Partner, Litigation Team, Saikrishna & Associates

Mr Indranil Choudhury, Founder and CEO, Lexplosion

Click to download the presentation.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-on-internet-intermediaries-law-and-innovation

Can Uber, Ola apps be blocked? Govt fighting cyber odds

praskrishna — 2015-06-14T09:52:28Z

The Delhi government is trying to block taxi hailing apps like Uber and Ola Cabs, but is it really possible?

The article by Siladitya Ray published in the Hindustan Times on June 4, 2015 quotes Sunil Abraham.

Taxi aggregators are in the firing line over passenger safety again after a 21-year-old Delhi woman alleged she was molested by a driver in an Uber cab near Gurgaon on Saturday morning.

The allegation came just six months after a 25-year-old financial analyst was allegedly raped in an Uber cab in Delhi, over which the victim took the cab aggregator's parent company to court in the US.

Following an order from the Delhi government, the Department of Telecommunication had issued an order to Internet Service Providers to block the websites and apps of taxi hailing aggregators like Uber, TaxiForSure and Ola Cabs.

But Internet Service Providers (ISP) have apparently expressed inability to block Uber, Ola as the web services feature strong end-to-end encryption.

How ISPs block sites

Often when an ISP blocks a website it severs your connection with the domain name. For example if ISPs want to block Google they simply block your access to www.google.com (i.e. Google's domain name), pretty simple. But if you are using an app like Google Now there is no domain name involved here the app talks directly to the server through using some form of encryption.

If we were to use an analogy, think of the ISP as a bridge that connects you to the web. The sites can be thought of as cars and their domain names as license plates. If the ISP wants to block a car with a certain license plate from going through it can do so with ease. But if a car's number plates are obscured (encryption) then ISP cannot block the car from passing through.

Uber and Ola

Most users book cabs from Ola or Uber using the company's apps, which use strong encryption effectively making their data virtually undetectable to ISPs.

"It's possible to block apps but it's much more difficult than before. Earlier you had to deal with a finite set of IP addresses but now these services are hosted on multiple cloud servers," said Sunil Abraham, the executive director of Bangalore based research organisation, the Centre for Internet and Society. "The ISPs themselves don't want to go through the pain of blocking these apps so they are asking the government to give them a solution," he added.

The government and the Department of Telecommunication are fighting near improbable odds in their endeavor to block these services on the web.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-siladitya-ray-june-4-can-uber-ola-apps-be-blocked

The Perils and Prospects of Bringing the Next Billion Online

praskrishna — 2015-08-23T08:04:01Z

Sunil Abraham is the executive director of the Centre for Internet & Society, Bangalore. In his PDF talk, he explains the fight for net neutrality in India and how many solutions fall under the category of walled garden.

Video

For more see Personal Democracy Media

For more details visit https://cis-india.org/internet-governance/news/perils-and-prospects-of-bringing-next-billion-online

Only digital sex, please

praskrishna — 2015-06-15T01:38:12Z

Many Indian men are getting so dependent on digital sex and online pornography that they can’t handle real relationships. And a new book says this is happening the world over. Prasun Chandhuri and Avijit Chatterjee turn the spotlight on the trend

The article was published in the Telegraph on May 31. Rohini is quoted.

P. Sharath doesn't know how to handle women. The 31-year-old software engineer, who works for a multinational company in Bangalore, thinks he doesn't need them either. The man who grew up in Hubli in Karnataka and now earns an eight-figure annual salary has his virtual world. That gives him his sexual satisfaction.

Socially awkward, Sharath did try to date a woman, but the relationship broke within a few months because he found that she was getting to be "clingy" and "boring". An attempt by his family to fix a marriage with a woman failed when he groped her in a cinema hall. His online women, on the other hand, need no pampering, and do not complain.

Sharath, however, is not happy. "He no longer gets any gratification from online sex and has been suffering from anxiety and depression," says Dr Ali Khwaja, a Bangalore-based psychologist and founder of the Banjara Academy, a counselling centre.

Increasingly, counsellors in urban India are coming across such cases of people who are so used to digital sex that they can't cope with real relationships any more. Khwaja refers to them as "hollow men" - people who go through despair after relations fail because of their dependence on digital pornography.

"Almost every week I meet a young man addicted to porn," says Mumbai-based counsellor Shefali Batra, author of the recently published book Teen Matters.

It's a pattern that many counsellors have noticed. As teenagers, young boys get hooked on to digital sex. "But it becomes a vicious addiction over time, playing havoc with their social and sexual development," Batra says. The women they meet do not match up to the large breasted and oversexed digital women - and the boys become men who cannot sustain marriages and relationships.

Pornography has always existed, and some counsellors do not believe that it is always harmful. But the spread of the Internet, the easy availability of smartphones and the profusion of sophisticated sex games and other platforms have led to a situation where men merely log on for sexual satisfaction.

The Internet is bursting at the seams with sex sites. There are various types of sex games, including cartoon sex games, 3D sex games, virtual reality sex games and so on where the viewer can indulge in sex with three or four imaginary characters. Some online games offer virtual simulation sex. In a new genre of digital porn, users can enjoy 3D porn with a special virtual reality headset that allows them to step inside their favourite games and completely immerse themselves in a sexual fantasy.

And this is happening across the world. In a recently released book, Men (Dis)Connected: How technology has sabotaged what it means to be male, psychologist Philip Zimbardo holds that "masculinity" is being destroyed by online pornography and gaming technology.

"We have surveyed over 20,000 young people in many countries. Even though we don't have data on Indian men, we assume that the impact of freely available porn is creating a new breed of addicts in every country," he says in an email interview. "These men prefer to masturbate to visual images than have live sexual relations with real women."

Nikita Coulombe, co-author of Men (Dis)Connected, adds that it is an "endless novelty" and a "virtual harem" for the men. "In 10 minutes you can see more 'mates' than your ancestors would have seen in their lifetime."

There was a time when people shrugged and said, it's just a phase. But Zimbardo believes that this addiction has gone beyond that and will have a "permanent negative impact" on young men everywhere because the porn industry is big business.

The professor emeritus at Stanford discovered this phenomenon when he found that many of his male students were shy and spent too much time poring over screens. Closer home, academic and writer Shiv Visvanathan had a similar experience while teaching at the O.P. Jindal University in Haryana.

"Many of these guys do not know how to talk to a girl - they'd rather convey their feelings through text messages or through social networks or mobile phones. Sometimes you'll even see two people sitting close together but talking over the phone, just to avoid a face-to-face conversation," Visvanathan says.

What this means is that young men are not just wary of getting into relationships - they are not missing them either. "Porn gives them instant gratification which can be repeated, say, 200 times. Moreover, the virtual body seems more transformable than the actual body and it's fast," Visvanathan points out.

It is an addiction that draws men more than women, primarily because the majority of Internet porn is male-centric and, more than teenage women, boys are addicted to computer games and associated thrills. "Research has affirmed that this is truer for the male brain in comparison to the female brain," explains Batra. "The male brain is more thrill and pleasure seeking and these exciting virtual realities provide an immense rush of pleasure in the brain."

Zimbardo's survey underlines this. It found that three out of five men expressed a "lack of interest in pursuing and maintaining a romantic relationship" while three out of four women between the ages of 18 and 30 said they were concerned about the "emotional immaturity or the unavailability" of men.

While the celebrated psychologist plans to conduct a similar survey in India, concerns are already rising because the lack of sex education in schools and colleges - coupled with repressed backgrounds and exaggerated pornographic images - gives the young a warped idea of sex and relationships.

"In a society where talking about sex is taboo, their only avenue to satisfy sexual curiosities becomes porn," says Rohini Lakshane, researcher, Centre for Internet and Society, Bangalore.

This is why sexologist Prakash Kothari often encounters young men who yearn for a "14-inch organ" and suffer from performance anxiety and depression. "Proper sex education can teach them just two inches and oodles of erotic love are enough to satisfy your female partner," says Kothari.

The experts stress that they are not against pornography. "One should not shoot the messenger," contends Audrey D'Mello, programme director, Majlis, a legal counselling centre in Mumbai. "If used properly it can be an aphrodisiac," Kothari adds.

But many of the images that the young today see are violent and bestial. "These twisted forms of sex are being consumed by young men and boys through smartphones across the country," laments Ira Trivedi, author of India in Love. Lakshane believes that easy access to violent pornography "degrades and objectifies women", giving men and boys a "skewed view of sex and intimacy".

Calcutta-based Subhrangshu Aditya counselled a woman who wanted a divorce because her husband forced her to replicate all that he watched on porn. "It was torture for her, devoid of romantic love or eroticism," Aditya says.

Indeed, the effect on men has an impact on women as well. Trivedi points out that as men devote themselves to porn, women go for measures such as vaginal beautification to attract men.

Or women go off sex altogether.

"These women have an extreme phobia about sex," says Aindri Sanyal, an infertility specialist at a Calcutta-based fertility centre. "Some haven't even got their marriage consummated. So they want to conceive through artificial insemination."

Is there a way out? Experts such as Khwaja are doing what they can. "I am trying to help Sharath socialise in mixed groups, then spend a few minutes at a time doing a favour for a woman, or showing a gesture. I want him to focus on understanding the emotions that girls go through and eventually make him understand how to interact with another flesh-and-blood person who has her own romantic and sexual needs," he says. "The process will take quite a long time."

Zimbardo, 82, wants the "socially crippled generation" to hit the Escape button on their digital devices. He wants to remind them that real sex involves communicating with a real person, feeling their pain, earning their trust and making a real connection to their heart. Like people did, once upon a time.

If it’s May, it’s got to be India

Some porn stats

In 2014, India ranked among the highest consumers of pornographic content in the world, according to Pornhub, an online video hub
Around 25 per cent of Indian visitors on Pornhub.com were women, 2 per cent higher than the worldwide average of 23 per cent
Indians seek out pornography most in May and least in October
More Indians surf porn on their smartphones than on desktops
On an average, Indians spend 8 minutes and 22 seconds per visit to Pornhub, 30 seconds less than the rest of the world
Of all states, people from Andhra Pradesh spend the least time on Pornhub — 6 min and 40 sec; people from West Bengal spend 9 min and 5 sec; people from Assam spend 9 min and 55 sec
Sunny Leone is India’s favourite porn star
In most places in the world, porn is viewed most on Monday, but in India, it’s on Saturday
Porn viewing in India dips by over 25 per cent on Diwali, Dussehra, New Year’s Eve and Gandhi Jayanti.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-may-31-2015-only-digital-sex-please

Digital India launch likely in July

praskrishna — 2015-05-31T16:08:07Z

The article by Jochelle Mendonca and Neha Alawadhi was published in the Times of India on May 29, 2015. Sunil Abraham gave his inputs.

The National e-Governance Division (NeGD), under the Department of Electronics and Information Technology ( DeitY), has empanelled agencies for a messaging campaign, gamification, printing and merchandise, advertising and creatives, including advertising for rural outreach and social media.

Working directly with the Prime Minister's Office, NeGD has been tasked with preparing for the launch since February. Though no formal dates have been fixed yet, the Digital India Week (DIW) is likely to take off in July, and will involve stakeholders across state governments and ministries, and is expected to be the flagship programme for the second year of the BJP government, EThas learnt.

"They really want to make this the biggest programme of the second year. The idea is that many things have been done in the digital space that need to get highlighted," an individual with knowledge of the plans told ET.

The event is certainly being planned on a grand scale, according to the tender documents issued by the government. The government has asked for merchandise such as t-shirts, caps, trophies, pen drives and leather cloth and plastic bags. A gamification agency will work on the portals, mobile applications and social media handles to boost participation.

The messaging agency must be able to carry out, track, record and analyze 50 lakh to one crore messages a day. The event will be launched by the Prime Minister through a radio address on 'Mann ki Baat,' which will be followed by events at gram panchayats, block and sub divisional headquarters, district and state levels, eventually culminating in a national event, according to a presentation seen by ET.

As part of the run-up to the DIW, events such as hackathons, training programmes and webinars would be held in schools and colleges, followed by crowd-sourcing ideas through the government's portal MyGov, as well as a new Digital India portal that is being designed.

"It is a typical BJP-style campaign. The Prime Minister does not want to hold the final day event in Delhi and the location is being finalized. All state and line ministries have been involved, and are being asked to showcase e-services and best practices, along with the launch of some programmes like digital locker," said another person familiar with the plans being rolled out for the DIW.

The watch words of the campaign will be "inform, educate and engage", which will include taking the message of Digital India to the masses through educational institutions, industry and government agencies.

"It will educate people on various important services such as digital literacy, cyber-hygiene and e-waste management, and also look at engaging a large number of people, especially youth on a continuous basis," said a person familiar with the ongoing preparation.

NeGD is looking at using the principles of gamification to gather feedback. Experts on e-governance say this is a good move as most e-governance projects, across the world, fail because there's not enough buy-in from stakeholders or the goals aren't communicated widely to the public.

"E-governance needs evangelizing. That is what this campaign looks like it will do. Some parts are dated — such as posters and the print elements. But this is a good idea. Whether it works or not depends on the participation they see at the end," Sunil Abraham, director at the Centre for Internet and Society, said.

For more details visit https://cis-india.org/internet-governance/news/times-of-india-jochelle-mendonca-neha-alawadhi-may-29-2015-digital-india-launch-likely-in-july

Mastering the Art of Keeping Indians Under Surveillance

bhairav — 2015-08-23T12:26:48Z

In its first year in office, the National Democratic Alliance government has been notably silent on the large-scale surveillance projects it has inherited. This ended last week amidst reports the government is hastening to complete the Central Monitoring System (CMS) within the year.

The article was published in the Wire on May 30, 2015.

In a statement to the Rajya Sabha in 2009, Gurudas Kamat, the erstwhile United Progressive Alliance’s junior communications minister, said the CMS was a project to enable direct state access to all communications on mobile phones, landlines, and the Internet in India. He meant the government was building ‘backdoors’, or capitalising on existing ones, to enable state authorities to intercept any communication at will, besides collecting large amounts of metadata, without having to rely on private communications carriers.

This is not new. Legally sanctioned backdoors have existed in Europe and the USA since the early 1990s to enable direct state interception of private communications. But the laws of those countries also subject state surveillance to a strong regime of state accountability, individual freedoms, and privacy. This regime may not be completely robust, as Edward Snowden’s revelations have shown, but at least it exists on paper. The CMS is not illegal by itself, but it is coloured by the compromised foundation of Indian surveillance law upon which it is built.

Surveillance and social control

The CMS is a technological project. But technology does not exist in isolation; it is contextualised by law, society, politics, and history. Surveillance and the CMS must be seen in the same contexts.

The great sociologist Max Weber claimed the modern state could not exist without monopolising violence. It seems clear the state also entertains the equal desire to monopolise communications technologies. The state has historically shaped the way in which information is transmitted, received, and intercepted. From the telegraph and radio to telephones and the Internet, the state has constantly endeavoured to control communications technologies.

Law is the vehicle of this control. When the first telegraph line was laid down in India, its implications for social control were instantly realised; so the law swiftly responded by creating a state monopoly over the telegraph. The telegraph played a significant role in thwarting the Revolt of 1857, even as Indians attempted to destroy the line; so the state consolidated its control over the technology to obviate future contests.

This controlling impulse was exercised over radio and telephones, which are also government monopolies, and is expressed through the state’s surveillance prerogative. On the other hand, because of its open and decentralised architecture, the Internet presents the single greatest threat to the state’s communications monopoly and dilutes its ability to control society.

Interception in India

The power to intercept communications arises with the regulation of telegraphy. The first two laws governing telegraphs, in 1854 and 1860, granted the government powers to take possession of telegraphs “on the occurrence of any public emergency”. In 1876, the third telegraph law expanded this threshold to include “the interest of public safety”. These are vague phrases and their interpretation was deliberately left to the government’s discretion.

This unclear formulation was replicated in the Indian Telegraph Act of 1885, the fourth law on the subject, which is currently in force today. The 1885 law included a specific power to wiretap. Incredibly, this colonial surveillance provision survived untouched for 87 years even as countries across the world balanced their surveillance powers with democratic safeguards.

The Indian Constitution requires all deprivations of free speech to conform to any of nine grounds listed in Article 19(2). Public emergencies and public safety are not listed. So Indira Gandhi amended the wiretapping provision in 1972 to insert five grounds copied from Article 19(2). However, the original unclear language on public emergencies and public safety remained.

Indira Gandhi’s amendment was ironic because one year earlier she had overseen the enactment of the Defence and Internal Security of India Act, 1971 (DISA), which gave the government fresh powers to wiretap. These powers were not subject to even the minimal protections of the Telegraph Act. When the Emergency was imposed in 1975, Gandhi’s government bypassed her earlier amendment and, through the DISA Rules, instituted the most intensive period of surveillance in Indian history.

Although DISA was repealed, the tradition of having parallel surveillance powers for fictitious emergencies continues to flourish. Wiretapping powers are also found in the Maharashtra Control of Organised Crime Act, 1999 which has been copied by Karnataka, Andhra Pradesh, Arunachal Pradesh, and Gujarat.

Procedural weaknesses

Meanwhile, the Telegraph Act with its 1972 amendment continued to weather criticism through the 1980s. The wiretapping power was largely exercised free of procedural safeguards such as the requirements to exhaust other less intrusive means of investigation, minimise information collection, limit the sharing of information, ensure accountability, and others.

This changed in 1996 when the Supreme Court, on a challenge brought by PUCL, ordered the government to create a minimally fair procedure. The government fell in line in 1999, and a new rule, 419A, was put into the Indian Telegraph Rules, 1951.

Unlike the United States, where a wiretap can only be ordered by a judge when she decides the state has legally made its case for the requested interception, an Indian wiretap is sanctioned by a bureaucrat or police officer. Unlike the United Kingdom, which also grants wiretapping powers to bureaucrats but subjects them to two additional safeguards including an independent auditor and a judicial tribunal, an Indian wiretap is only reviewed by a committee of the original bureaucrat’s colleagues. Unlike most of the world which restricts this power to grave crime or serious security needs, an Indian wiretap can even be obtained by the income tax department.

Rule 419A certainly creates procedure, but it lacks crucial safeguards that impugn its credibility. Worse, the contours of rule 419A were copied in 2009 to create flawed procedures to intercept the content of Internet communications and collect metadata. Unlike rule 419A, these new rules issued under sections 69(2) and 69B(3) of the Information Technology Act 2000 have not been constitutionally scrutinised.

Three steps to tap

Despite its monopoly, the state does not own the infrastructure of telephones. It is dependent on telecommunications carriers to physically perform the wiretap. Indian wiretaps take place in three steps: a bureaucrat authorises the wiretap; a law enforcement officer serves the authorisation on a carrier; and, the carrier performs the tap and returns the information to the law enforcement officer.

There are many moving parts in this process, and so there are leaks. Some leaks are cynically motivated such as Amar Singh’s lewd conversations in 2011. But others serve a public purpose: Niira Radia’s conversations were allegedly leaked by a whistleblower to reveal serious governmental culpability. Ironically, leaks have created accountability where the law has failed.

The CMS will prevent leaks by installing servers on the transmission infrastructure of carriers to divert communications to regional monitoring centres. Regional centres, in turn, will relay communications to a centralised monitoring centre where they will be analysed, mined, and stored. Carriers will no longer perform wiretaps; and, since this obviates their costs of compliance, they are willing participants.

In its annual report of 2012, the Centre for the Development of Telematics (C-DOT), a state-owned R&D centre tasked with designing and creating the CMS, claimed the system would intercept 3G video, ILD, SMS, and ISDN PRI communications made through landlines or mobile phones – both GSM and CDMA.

There are unclear reports of an expansion to intercept Internet data, such as emails and browsing details, as well as instant messaging services; but these remain unconfirmed. There is also a potential overlap with another secretive Internet surveillance programme being developed by the Defence R&D Organisation called NETRA, no details of which are public.

Culmination of surveillance

In its present state, Indian surveillance law is unable to bear the weight of the CMS project, and must be vastly strengthened to protect privacy and accountability before the state is given direct access to communications.

But there is a larger way to understand the CMS in the context of Indian surveillance. Christopher Bayly, the noted colonial historian, writes that when the British set about establishing a surveillance apparatus in colonised India, they came up against an established system of indigenous intelligence gathering. Colonial rule was at its most vulnerable at this point of intersection between foreign surveillance and indigenous knowledge, and the meeting of the two was riven by suspicion. So the colonial state simply co-opted the interface by creating institutions to acquire local knowledge.

The CMS is also an attempt to co-opt the interface between government and the purveyors of communications; because if the state cannot control communications, it cannot control society. Seen in this light, the CMS represents the natural culmination of the progression of Indian surveillance. No challenge against it that does not question the construction of the modern Indian state will be successful.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-may-30-2015-bhairav-acharya-mastering-the-art-of-keeping-indians-under-surveillance

IANA Transition & ICANN Accountability Process and India' s Position

jyoti — 2015-08-23T09:26:06Z

Jyoti Panday participated in the workshop organized by CCAOI on "IANA Transition & ICANN Accountability Process and India' s Position" on May 30, 2015.

Dr Ajay Kumar launched the IANA Transition Report and set the context for the workshop. Dr Mahesh Uppal was the moderator of the panel and other participants included Mr Samiran Gupta, ICANN providing an overview of the current status on the transition, Mr Parminder Singh, IT for Change and Mr Rahul Sharma, DSCI sharing concerns of different stakeholders.

The panel also saw discussion on issues in the transition process that are of relevance to India and what should their position going forward including ensuring the efficiency of ICANN Functions included in the CWG draft proposal.

CIS raised issues around financial accountability and the role of ICANN in shaping markets therefore the urgent need for improving transparency and accountability measures.

The report launched at the workshop is available here.

For more details visit https://cis-india.org/internet-governance/news/iana-transition-icann-accountability-process-indian-position

The Four Parts of Privacy in India

bhairav — 2015-08-23T13:04:50Z

Privacy enjoys an abundance of meanings. It is claimed in diverse situations every day by everyone against other people, society and the state.

Traditionally traced to classical liberalism’s public/private divide, there are now several theoretical conceptions of privacy that collaborate and sometimes contend. Indian privacy law is evolving in response to four types of privacy claims: against the press, against state surveillance, for decisional autonomy, and in relation to personal information. The Indian Supreme Court has selectively borrowed competing foreign privacy norms, primarily American, to create an unconvincing pastiche of privacy law in India. These developments are undermined by a lack of theoretical clarity and the continuing tension between individual freedoms and communitarian values.

This was published in Economic & Political Weekly, 50(22), 30 May 2015. Download the full article here.

For more details visit https://cis-india.org/internet-governance/blog/economic-and-political-weekly-bhairav-acharya-may-30-2015-four-parts-of-privacy-in-india

Digital India: PM Modi to launch BJP's flagship programme likely in July

pranesh — 2015-08-22T16:45:33Z

The article by Jochelle Mendonca and Neha Alawadhi was published in the Economic Times on May 29, 2015.

The Modi government, which completed one year at the Centre, is preparing for a big-ticket launch of Digital India, taking technology to the villages and block levels, through merchandise, hackathons and games spread over a week-long initiative across the country.

The National e-Governance Division (NeGD), under the Department of Electronics and Information Technology (DeitY), has empanelled agencies for a messaging campaign, gamification, printing and merchandise, advertising and creatives, including advertising for rural outreach and social media.

The event is certainly being planned on a grand scale, according to the tender documents issued by the government. The government has asked for merchandise such as t-shirts, caps, trophies, pen drives and leather cloth and plastic bags. A gamification agency will work on the portals, mobile applications and social media handles to boost participation.

The messaging agency must be able to carry out, track, record and analyse 50 lakh to one crore messages a day. The event will be launched by the Prime Minister through a radio address on "Mann ki Baat", which will be followed by events at gram panchayats, block and sub divisional headquarters, district and state levels, eventually culminating in a national event, according to a presentation seen by ET.

As part of the run-up to the DIW, events such as hackathons, training programmes and webinars would be held in schools and colleges, followed by crowdsourcing ideas through the government's portal MyGov, as well as a new Digital India portal that is being designed. "It is a typical BJP-style campaign.

The Prime Minister does not want to hold the final day event in Delhi and the location is being finalised. All state and line ministries have been involved, and are being asked to showcase e-services and best practices, along with the launch of some programmes like digital locker," said another person familiar with the plans being rolled out for the DIW. The watch words of the campaign will be "inform, educate and engage", which will include taking the message of Digital India to the masses through educational institutions, industry and government agencies.

"It will educate people on various important services such as digital literacy, cyber hygiene and e-waste management, and also look at engaging a large number of people, especially youth on a continuous basis," said a person familiar with the ongoing preparation.

NeGD is looking at using the principles of gamification to gather feedback. Experts on e-governance say this is a good move as most e-governance projects, across the world, fail because there's not enough buy-in from stakeholders or the goals aren't communicated widely to the public.

"E-governance needs evangelising. That is what this campaign looks like it will do. Some parts are dated — such as posters and the print elements. But this is a good idea. Whether it works or not depends on the participation they see at the end," Sunil Abraham, director at the Centre for Internet and Society, said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-29-2015-jochelle-mendonca-and-neha-alawadhi-digital-india

Indian music streaming service Gaana hacked, millions of users’ details exposed

praskrishna — 2015-08-22T16:44:25Z

Indian music streaming service Gaana, which has over 7.5 million monthly visitors, has been compromised by a hacker and its user information database is now exposed.

The hacker, who goes by the moniker Mak Man and appears to be based in Lahore, Pakistan, posted a link to a searchable database of Gaana user details on his Facebook page. Enter a user’s email address and it spits out their full name, email address, MD5-hashed password, date of birth Facebook and Twitter profiles and more.

The hack appears to be a SQL injection-based exploit of Gaana’s systems, but the intention behind it is unknown. The database shows more than 12.5 million users are currently registered on Gaana.

Mak Man also posted images of the service’s admin panel.

It’s worrying that an online service from one of India’s biggest internet companies (Times Internet) is vulnerable to attacks like this.

With user details exposed, it may not do much good to simply change your Gaana password, as it will reflect in the hacker’s database. You’re better off deactivating your account until the issue is resolved, and changing your email, Facebook and Twitter passwords if they’re the same as on Gaana right away.

Update: Since our story broke, Gaana has taken its site offline and the exposed database isn’t returning search results when we queried it with test data.

The hacker has updated his database page with the following message: “The vulnerable parameter I was using here, has been patched by the Admin
Now the question is, Was this the only vulnerable parameter I had .. ? ;)”

Update 2: Times Internet CEO Satyan Gajwani tweeted that only login credentials were accessed and no financial or sensitive personal data was leaked.

Gajwani attempted to contact the hacker on Facebook and acknowledged the issue. He added that the attack was the hacker’s way of highlighting Gaana’s vulnerability.

The exposed database has since been removed on Gajwani’s request. All Gaana users’ passwords have been reset.

Gajwani also sought to reassure his followers that no user data was stored and that the passwords were hashed. Hacker

Mak Man also confirmed this in a Facebook post. However, that can’t be confirmed and you’d best change your passwords for any social accounts and email addresses associated with your Gaana profile.

According to Pranesh Prakash, Policy Director at Center for Internet and Society in Bangalore, India, the MD5 hashing algorithm which appears to have been used for securing passwords isn’t very strong and could easily be unscrambled using a rainbow table to get the plain-text version of the data.

Prakash also says that for added security, Gaana should:

Stop using MD5 as its password hashing function and instead look at stronger password derivation functions like scrypt, bcrypt, or PBKDF2.
Sanitize its SQL inputs to prevent against malicious SQL injections.
Enable two-factor authentication for users to log in securely.
Urge its users to use long passphrases instead of short complicated passwords and to never to reuse a password.

➤ Gaana [via The Geek Byte]

For more details visit https://cis-india.org/internet-governance/news/tnwnews-may-28-2015-abhimanyu-ghoshal-indian-music-streaming-service-gaana-hacked-millions-of-users-details-exposed

Your phone is a surveillance device, your ISP a surveillance provider…: Pranesh Prakash

praskrishna — 2015-06-17T14:53:40Z

“In India there is no special privilege for journalists over ordinary citizens,” Pranesh Prakash, Policy Director at the Centre for Internet and Society began at the workshop entitled ‘Digital Security for Journalists’ organised by the Mumbai Press Club and the Centre for Internet and Society.

The blog post was published by mxmindia.com on May 27, 2015. Pranesh Prakash gave his inputs.

“Even if you don’t care about your own security/privacy, think about you sources. Your sources want privacy,” Prakash said as he began the workshop on how to assess security threats, how to protect sources and how to prevent your ISP from leaking out information. With the growth of the internet since the 1980s, we know we can’t trust everyone; police stations, governments, all engage in surveillance of some sort, he pointed out. Prakash went on to explain the ‘Threat Model’, wherein journalists ought to ask questions like what are you protecting, who are you protecting yourself against, what do you hope to achieve and to what lengths are you willing to go? All of the measures you are going to take to protect your source are going to be inconvenient. Security is always at the cost of convenience he reiterated.

Data threat can be intercepted at two levels, Prakash explained; data in transit and data at rest. The important question to ask is which you wish to secure, because the means to secure both are very different.Emails being sent to someone can be intercepted by an outside source in transit. It is easier to secure you own data on your computer, but an email is so much more difficult to secure because there are multiple points where the information is stored. Targeted surveillance is much more difficult to protect yourself against than mass surveillance.

For WiFi, password protected networks form an encryption, one more barrier to protect you. However, a WEP encrypted network is easy to break through. You need at least a WPAII to be secure enough. Airport networks usually ask for a password after connecting to the WiFi. That too is easy to see through. Avoid using these networks for sensitive work.

One must keep in mind who they want to secure the data from; whether from a casual threat or an Intelligence Agency like the National Security Agency (NSA), National Technical Research Organisation (NTRO) or Intelligence Bureau (IB).Mass surveillance or non-targeted surveillance is not legal in India. However. the NTRO engages in mass surveillance, for which it was criticised in a Mint article, following which they shifted only to the national borders for surveillance. It is also possible for the NSA to tamper with your laptop before delivery.The NSA’s ANT catalogue has been working on a technology that has a device that can fit within the connector that connects to your keyboards and it can last there years and years without detection. Hence Prakash suggests that if a journalist is working on a sensitive story that if leaked could cause a ruckus, he/she would be safer buying a new computer and paying for it in hard cash.

The more important a source is, the less you must use your phone, Prakash pointed out. Phones leak information time and again, information of time and location. The NSA uses it, the police use it. If you are meeting with someone and you both have your phone, then information that you have met is transmitted. Even without GPS it can track your location, when you receive/send a call/message, as your mobile network needs to access the cell tower you are around in order to reach you.

Encrypted emails still leak identities. If the police look into an encrypted email, they will still know who you are communicating with. Background information you are doing on a story can also give away a lot you don’t want to be given away. Even with an encrypted email, they have access to your location, IP address, the sender and the receiver of the email, time stamp, Mac id and IMEI.

End-to-end encryption is the way out here.This means that no one in the middle, including the company can read the emails you send from your company server. End-to-end encryption is the most inconvenient. End-to-end encryption means that you and the party concerned need to come up with a code that the other party needs to be able to decrypt. The software both parties use also needs to be compatible.

“I recommend using WhatsApp over Viber and Line, Skype over other alternatives and Twitter is also safe, but never use Facebook for sensitive conversations that you don’t want to get out,” Prakash said. WhatsApp is safer than normal text messaging he points out. Prakash recommended an app called Conversations to use for messaging on your phone. It is safer than both normal SMSing and WhatsApp. An SMS leaks metadata, he explains, that’s why it is preferable to use data or apps that use the internet.

In the 2G network space, only Airtel and Docomo use at least a weak encryption.All the rest use no encryption. Anyone can snoop in on your conversations. Instead one must use data-enabled apps for calling like RedPhone, he suggested. This is a great way to protect your source.

Most people are known to repeat passwords for various accounts. Never repeat a password, Prakash advised. Maintain different passwords for all your accounts. It is the safest. And if you are unable to remember them all, then use password managementsoftware like LastPass or KeyPass. These enable you to key in and store all your passwords in one place and you only have to remember the password to your LastPass/KeyPass account. But if you forget your master password, then there is no way to recover all your other passwords.

The session concluded with Prakash working hands-on with the journalists, helping them to download the required software on their laptops and mobile phones. This knowledge is vital for all journalists in order to protect themselves and their sources when doing a high profile, sensitive story, Prakash said.

For more details visit https://cis-india.org/internet-governance/news/mxmindia-may-27-2015-dyanne-coelho-your-phone-is-a-surveillance-device-your-isp-a-surveillance-provider

Consilience

praskrishna — 2015-06-19T01:55:12Z

Pranesh Prakash was a speaker at this event organized by the National Law School of India University on May 9 and 10, 2015 in Bangalore. The theme for this conference was "Net Neutrality".

For those of you who came in late, Net Neutrality refers to the idea that all data on the internet should be treated equally. What this means is that you shouldn't be charged more for using one website or less for another. The internet is meant to be equal for all to access. To access YouTube one should not have to pay extra, just because Airtel is trying to grow.

However, to maintain this network that we love so much, telecom operators argue they have to spend thousands of crores of rupees on licences and cable infrastructure without getting much return. Therefore they want to be able to charge differently for using different websites. This makes it is a very contentious issue as it involves a tricky balancing of business interests v. freedoms of the digital age. For a little more insight on the topic, see the document attached which explains net neutrality in a very simple manner.

The conference was graced by a host of experts in the field, such as Rajan Mathews (Director-General, Cellular Operators Association of India), T.V. Ramachandran (Resident Director, Regulatory Affairs and Govt. Relations, Vodafone Essar Ltd.), the Policy Director for Centre for Internet and Society, Mr. Pranesh Prakash, and the general counsel of CISCO India, Mr. Joginder Yadav. Students and experts alike gave differing opinions and facilitated a great debate.

For more details visit here.

For more details visit https://cis-india.org/internet-governance/news/consilience-nls-2015

Anti-harassment app wins hackathon for women

praskrishna — 2015-05-20T13:25:33Z

A team of four young women coders from Porta Allegra in Brazil has won the IGNITE International Girls Hackathon with an anti-harassment app called Não Me Calo, which means “I will not shut up”.

The blog entry was published in Sci Dev Net on May 15, 2015. Rohini Lakshané gave her inputs.

Não Me Calo allows users to review restaurants based on how they treat women. The data then helps other patrons decide which restaurants are safest for women, and publicly encourages restaurant owners and government officials to fix harassment hotspots.

The team competed against coders from India, Taiwan and the United States to create the best app addressing the challenge of creating safe spaces for women. They will now work with partners from the Global Fund for Women, which organised the hackathon, to fully develop the app.

Catherine King, the executive producer of the Global Fund for Women, says that the hackathon is meant to address the gender gap in access to information technology, and to encourage women to create and shape technologies.

“If girls aren’t accessing the internet and aren’t creating culture themselves online and using their own voices online, then that means other people are doing that,” Sara Baker, the coordinator of Take Back the Tech!, a global campaign to get more women online, told SciDev.Net.

The hackathon, which gave teams 24 hours to create their app, took place in February, and the winners were announced last month.

King says that the teams’ responses to the challenge were influenced by experiences in their own communities. For example, teams from India designed apps for learning self-defence and sex education.

Women’s safety apps or features are becoming increasingly popular, particularly in India where they are seen as a way to respond to public violence against women. Earlier this year, Uber, the taxi-hailing app, added a new ‘SOS button’ to their Indian version after a driver raped a passenger in December 2014.

But Rohini Lakshané, a researcher at the Centre for Internet and Society in India, points out that these technologies can only go so far towards preventing violence against women, and must be part of a broader approach that also addresses the underlying social and cultural causes of gender inequality.

She adds that many apps fail to protect women because they are designed by men who don’t understand the intricacies of women’s safety.

For more details visit https://cis-india.org/internet-governance/news/anti-harassment-app-wins-hackathon-for-women

Paper-thin Safeguards and Mass Surveillance in India

chinmayi — 2015-06-20T10:17:57Z

The Indian government's new mass surveillance systems present new threats to the right to privacy. Mass interception of communication, keyword searches and easy access to particular users' data suggest that state is moving towards unfettered large-scale monitoring of communication. This is particularly ominous given that our privacy safeguards remain inadequate even for targeted surveillance and its more familiar pitfalls.

This need for better safeguards was made apparent when the Gujarat government illegally placed a young woman under surveillance for obviously illegitimate purposes, demonstrating that the current system is prone to egregious misuse. While the lack of proper safeguards is problematic even in the context of targeted surveillance, it threatens the health of our democracy in the context of mass surveillance. The proliferation of mass surveillance means that vast amounts of data are collected easily using information technology, and lie relatively unprotected.

This paper examines the right to privacy and surveillance in India, in an effort to highlight more clearly the problems that are likely to emerge with mass surveillance of communication by the Indian Government. It does this by teasing out Indian privacy rights jurisprudence and the concerns underpinning it, by considering its utility in the context of mass surveillance and then explaining the kind of harm that might result if mass surveillance continues unchecked.

The first part of this paper threads together the evolution of Indian constitutional principles on privacy in the context of communication surveillance as well as search and seizure. It covers discussions of privacy in the context of our fundamental rights by the draftspersons of our constitution, and then moves on to the ways in which the Supreme Court of India has been reading the right to privacy into the constitution.

The second part of this paper discusses the difference between mass surveillance and targeted surveillance, and international human rights principles that attempt to mitigate the ill effects of mass surveillance.

The concluding part of the paper discusses mass surveillance in India, and makes a case for expanding our existing privacy safeguards to protect the right to privacy in a meaningful manner in face of state surveillance.

Download the paper here.

For more details visit https://cis-india.org/internet-governance/blog/paper-thin-safeguards-and-mass-surveillance-in-india

Definition of Net Neutrality should be flexible: Pranesh Prakash

pranesh — 2015-06-19T01:43:04Z

Critics argue that Facebook’s Internet.org violates the principle of Net Neutrality.

The article by Sanjay Vijaykumar was published in the Hindu on May 10, 2015. Pranesh Prakash is extensively quoted.

The definition of Net Neutrality should be flexible enough to allow for experimentation with different models of providing cheaper Internet access and such experimentation needs to be regulated by the telecom regulator, Telecom and Regulatory Authority of India (TRAI) according to Internet expert Pranesh Prakash.

Mr. Prakash was reacting to the business model of Boston-based start-up Jana, which said it had figured out a way to offer billions of people in the emerging world free access to the Internet, without violating the web’s open nature. The firm has launched Jana Loyalty, a product that seeks to reward its smartphone users in two ways. One, it reimburses users the cost of downloading and using an app of Jana’s clients. Two, it gives free additional data with which the user can access any content online.

“While Jana is like Internet.org, since it is Internet service-specific zero-rating, Jana Loyalty is what my colleague Sunil Abraham dubs a ‘leaky walled garden’. The walled garden (site-specific access) exists, but you also get free access to the whole of the Web in return. Given that there is no one universal definition of Net Neutrality, and given India currently doesn’t have a definition, I can’t answer if this is a violation of Net Neutrality,” said Mr. Prakash, who is Policy Director at The Centre for Internet and Society (CIS), a Bangalore-based, non-profit, research and policy advocacy.

Facebook’s attempts to provide a limited version of the Internet free has been attracting criticism from supporters of Net Neutrality, especially in India. Critics argue that Facebook’s Internet.org, which offers users free access to a bouquet of pre-selected Web sites, violates the principle of Net Neutrality by choosing what is accessible and what isn’t. Facebook has reacted to this by opening up Internet.org to all developers who meet its guidelines. Mr. Prakash said the definition of Net Neturality should be flexible enough to allow for experimentation with different models of providing cheaper Internet access, including Jana Loyalty.

“However, such experimentation ought to be regulated by the telecom regulator. To minimise harm, they should be allowed on a case-by-case basis after the regulator has had an opportunity to conduct risk-benefit analysis against four goals it should seek to promote — universal and affordable access; effective competition; protection of consumers against harm; and diversity that arises from the openness and interconnectedness of the Internet,” he added.

Net neutrality is a principle that says Internet Service Providers (ISPs) should treat all traffic and content on their networks equally.

Why now?

Late last month, Trai released a draft consultation paper seeking views from the industry and the general public on the need for regulations for over-the-top (OTT) players such as Whatsapp, Skype, Viber etc, security concerns and net neutrality. The objective of this consultation paper, the regulator said, was to analyse the implications of the growth of OTTs and consider whether or not changes were required in the current regulatory framework.

What is an OTT?

OTT or over-the-top refers to applications and services which are accessible over the internet and ride on operators' networks offering internet access services. The best known examples of OTT are Skype, Viber, WhatsApp, e-commerce sites, Ola, Facebook messenger. The OTTs are not bound by any regulations. The Trai is of the view that the lack of regulations poses a threat to security and there’s a need for government’s intervention to ensure a level playing field in terms of regulatory compliance.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-sanjay-vijaykumar-may-10-2015-pranesh-prakash-on-definition-of-net-neutrality