We are anonymous, we are legion

Indians Call For More Stringent Data Protection Laws

praskrishna — 2017-07-18T13:36:49Z

The government is India is facing calls to establish better cybersecurity laws to protect consumers’ data after fears have crept up that Reliance Jio, the telecom startup in India, suffered a major data leak.

This report was published by PYMNTS on July 17, 2017. Pranesh Prakash was quoted.

According to a report in Reuters announcing the news, Jio denied the data leak took place, saying the names, telephone numbers and email addresses of Jio users that showed up on Magicpak, a website, were unauthentic. Its parent Reliance Industries said customers’ data was safe and protected.

But at the same time that it was issuing reassurances, Jio filed a complaint claiming unlawful access to its computer systems, reported Reuters. That discrepancy has led Indians to call for better laws for data protection for consumers.

“It raises questions of security and accountability,” said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), a research organization, in the report. “A rule to report breaches exists, but it is unenforceable. It says you’re not liable if you’re following reasonable security practices. What ‘reasonable’ means is not defined.”

Supporters of stronger data protection laws in India said that countries that have stronger cybersecurity laws on the books would have started an inquiry into what happened with Reliance Jio. They point to the data breach last week at Verizon. Verizon quickly responded with an explanation of what went down, how it occurred and how many customers’ data privacy it impacted.

“India is at a nascent stage. For good norms in Asia, look to Singapore. It’s been praised for not having cybersecurity issues by the UN,” Srinivas Kodali, an independent security researcher, said in the same Reuters report.

The report noted that in May there were two data privacy breaches of Indian companies with the records of 17 million Zomato customers being compromised. In another breach, as many as 135 million of India’s Aadhaar numbers had been stolen from government databases and placed online. Aadhaar numbers are similar to social security numbers.

For more details visit https://cis-india.org/internet-governance/news/pymnts-july-17-2017-indians-call-for-more-stringent-data-protection-laws

Indians Ask: Is Visiting a Torrent Site Really A Crime?

subha — 2016-09-06T14:09:26Z

India has banned various large-scale torrent sites for a long time — this is old news. But under a new federal policy in India, one can be jailed for three years and fined 300,000 Indian Rupees (~US $4464) for downloading content on any of these blocked websites.

The blog post was first published in Global Voices on September 5, 2016.

Netizens who regularly use these and similar services have become anxious about what the rule may mean for them. Last week, a new legal notice concerning copyright violations sparked widespread rumors that users could be penalized for simply viewing torrent sites.

The notice now appears when one visits any of the banned websites. It reads:

This URL has been blocked under the instructions of the Competent Government Authority or in compliance with the orders of a Court of competent jurisdiction. Viewing, downloading, exhibiting or duplicating an illicit copy of the contents under this URL is punishable as an offence under the laws of India, including but not limited to under Sections 63, 63-A, 65 and 65-A of the Copyright Act, 1957 which prescribe imprisonment for 3 years and also fine of upto Rs. 3,00,000/-. Any person aggrieved by any such blocking of this URL may contact at urlblock@tatacommunications.com who will, within 48 hours, provide you the details of relevant proceedings under which you can approach the relevant High Court or Authority for redressal of your grievance.

Soon after news of the notice began to circulate, the Chennai High Court – one of the oldest courts in India — issued a John Doe order to block as many as 830 websites, including several torrent websites such as thepiratebay.se, torrenthound.com, and kickasstorrents.come.in.

Indian tech news portal Medianama published a blog post arguing that it is the downloading of pirated content from certain banned websites and not accessing those website that should lead to the legal issues. The problem, it seems, lies in the poor wording of the notice. Medianama described this as “bizarre by any rational standard” and noted that, taken literally, it does not comply with the Indian Copyright Act. Digital piracy legislation in India has been modified quite a lot in the recent times in general and over last five years in particular (Sections 63, 63A and 65 of the Indian Copyright Act of 1957 in particular.) But it has not been implemented with such force in the past.	What is a torrent? A torrent is part of a system that enables peer-to-peer file sharing (“P2P”) that is used to distribute data and electronic files over the Internet. Known as BitTorrent, this file distribution system is one of the most common technical protocols for transferring large files, such as digital audio files containing TV shows or video clips or digital audio files containing songs. Within this system, files labeled with the .torrent extension contain meta data about files — e.g. file names, their sizes, folder structure and cryptographic hash value for integrity verification. They do not contain the content to be distributed, but without them, the system does not work. (via Wikipedia)

This is not the first time India has put a blanket ban on such sites. In December 2014, 32 websites — including including code repository Github, video streaming sites Vimeo and Dailymotion, online archive Internet Archive, free software hosting site Sourceforge — were banned in India. They were later unblocked after agreeing to remove some ISIS-related content.

As they have in the past, tech-savvy netizens began suggesting hacks to mask or fake one's IP address. Sumiteshwar Choudhary, a practicing criminal and matrimony lawyer, described on Quora how the law had existed for quite some time but the government had never fully enforced it:

[..] The only reason that India has not been able to successfully ban these services is because the servers rest outside India and we don’t have any law to extend our jurisdiction to that extent today. As an end user if you download a pirated version of things you are not entitled to, you can be booked criminally under this Act and can face prison for up to 2 years…

Twitter user Prisma Mama Thakur criticized the ban, arguing that it should be a low priority in a moment when India has many other important problems to solve:

For more details visit https://cis-india.org/internet-governance/blog/global-voices-september-5-2016-subhashish-panigrahi-indians-ask-is-visiting-a-torrent-site-really-a-crime

Indian Telegraph Act, 1885, 419A Rules and IT (Amendment) Act, 2008, 69 Rules

jdine — 2013-04-30T10:04:38Z

Jadine Lannon has performed a clause-by-clause comparison of the 419A Rules of the Indian Telegraph Act, 1885 and the 69 Rules under Section 69 of the Information Technology (Amendment) Act, 2008 in order to better understand how the two are similar and how they differ. Though they are from different Acts entirely, the Rules are very similar. Notes have been included on some changes we deemed to be important.

Though they are from different Acts entirely, the 419A Rules from the Indian Telegraph Act of 1885 and the 69 Rules from the Information Technology (Amended) Act, 2008 are very similar. In fact, much of the language that appears in the official 69 rules is very close, if not the same in many places, as the language found in the 419A rules. The majority of the change in language between the 419A Rules and the equivalent 69 Rules acts to clarify statements or wordings that may appear vague in the former. Aside from this, it appears that many of the 69 Rules have been cut-and-pasted from the 419A Rules.

Arguably the most important change between the two sets of rules takes place between Clause (3) of the 419A Rules and Clause (8) of the 69 Rules, where the phrase “while issuing directions [...] the officer shall consider possibility of acquiring the necessary information by other means” has been changed to “the competent authority shall, before issuing any direction under Rule (3), consider possibility of acquiring the necessary information by other means”. This is an important distinction, as the latter requires other options to be looked at before issuing the order for any interception or monitoring or decryption of any information, whereas the former could possibly allow the interception of messages while other options to gather the “necessary” information are being considered. It seems unreasonable that the state and various state-approved agencies could possibly be intercepting the personal messages of Indian citizens in order to gather “necessary” information without having first established that interception was a last resort.

Another potentially significant change between the rules can be found between Clause (15) of the 419A Rules, which states, in the context of punishment of a service provider, the action taken shall include “not only fine but also suspension or revocation of their licenses”, whereas Clause (21) of the 69 Rules states that the punishment of an intermediary or person in-charge of computer resources “shall be liable for any action under the relevant provisions of the time being in force”. This is an interesting distinction, possibly made to avoid issues with legal arbitrariness associated with assigning punishments that differ for those punishments for the same activities laid out under the Indian Penal Code. Either way, the punishments for a violation of the maintenance of secrecy and confidentiality as well as unauthorized interception (or monitoring or decryption) could potentially be much harsher under the 69 Rules.

In the same vein, the most significant clarification through a change in language takes place between Clause (10) of the 419A and Clause (14) of the 69 Rules: “the service providers shall designate two senior executives of the company” from the 419A Rules appears as “every intermediary or person in-charge of computer resource shall designate an officer to receive requisition, and another officer to handle such requisition” in the 69 Rules. This may be an actual difference between the two sets of Rules, but either way, it appears to be the most significant change between the equivalent Clauses.

The addition of certain clauses in the 69 Rules can also give us some interesting insights about what was of concern when the 419A rules were being written. To begin, the 419A rules provide no definitions for any of the specific terms used in the Rules, whereas the 69 Rules include a list of definitions in Clause (2). Clause (4) of 69 Rules, which deals which the authorisation of an agency of the Government to perform interception, monitoring and decryption, is sorely lacking in the 419A rules, which alludes to “authorised security [agencies]” without ever providing any framework as to how these agencies become authorised or who should be doing the authorising.

The 69 Rules also include Clause (5), which deals with how a state should go about obtaining authorisation to issue directions for interception, monitoring and/or decryption in territories outside of its jurisdiction, which is never mentioned in 419A rules, lamely sentencing states to carry out the interception of messages only within their own jurisdiction.

Lastly, Clause (24), which deals with the prohibition of interception, monitoring and/or decryption of information without authorisation, and Clause (25), which deals with the prohibition of the disclosure of intercepted, monitored and/or decrypted information, have fortunately been added to the 69 Rules.

For more details visit https://cis-india.org/internet-governance/blog/indian-telegraph-act-419-a-rules-and-it-amendment-act-69-rules

Indian surveillance laws & practices far worse than US

pranesh — 2013-07-12T11:09:39Z

Explosive would be just the word to describe the revelations by National Security Agency (NSA) whistleblower Edward Snowden.

Pranesh Prakash's column was published in the Economic Times on June 13, 2013. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Now, with the American Civil Liberties Union suing the Obama administration over the NSA surveillance programme, more fireworks could be in store. Snowden's expose provides proof of what many working in the field of privacy have long known. The leaks show the NSA (through the FBI) has got a secret court order requiring telecom provider Verizon to hand over "metadata", i.e., non-content data like phone numbers and call durations, relating to millions of US customers (known as dragnet or mass surveillance); that the NSA has a tool called Prism through which it queries at least nine American companies (including Google and Facebook); and that it also has a tool called Boundless Informant (a screenshot of which revealed that, in February 2013, the NSA collected 12.61 billion pieces of metadata from India).

Nothing Quite Private

The outrage in the US has to do with the fact that much of the data the NSA has been granted access to by the court relates to communications between US citizens, something the NSA is not authorised to gain access to. What should be of concern to Indians is that the US government refuses to acknowledge non-Americans as people who also have a fundamental right to privacy, if not under US law, then at least under international laws like the Universal Declaration of Human Rights and the ICCPR.

US companies such as Facebook and Google have had a deleterious effect on privacy. In 2004, there was a public outcry when Gmail announced it was using an algorithm to read through your emails to serve you advertisements. Facebook and Google collect massive amounts of data about you and websites you visit, and by doing so, they make themselves targets for governments wishing to snoop on you, legally or not.

Worse, Indian-Style

That said, Google and Twitter have at least challenged a few of the secretive National Security Letters requiring them to hand over data to the FBI, and have won. Yahoo India has challenged the authority of the Controller of Certifying Authorities, a technical functionary under the IT Act, to ask for user data, and the case is still going on.

To the best of my knowledge, no Indian web company has ever challenged the government in court over a privacy-related matter. Actually, Indian law is far worse than American law on these matters. In the US, the NSA needed a court order to get the Verizon data. In India, the licences under which telecom companies operate require them to provide this. No need for messy court processes.

The law we currently have â€” sections 69 and 69B of the Information Technology Act â€” is far worse than the surveillance law the British imposed on us. Even that lax law has not been followed by our intelligence agencies.

Keeping it Safe

Recent reports reveal India's secretive National Technical Research Organisation (NTRO) â€” created under an executive order and not accountable to Parliament â€” often goes beyond its mandate and, in 2006-07, tried to crack into Google and Skype servers, but failed. It succeeded in cracking Rediffmail and Sify servers, and more recently was accused by the Department of Electronics and IT in a report on unauthorised access to government officials' mails.

While the government argues systems like the Telephone Call Interception System (TCIS), the Central Monitoring System (CMS) and the National Intelligence Grid (Natgrid) will introduce restrictions on misuse of surveillance data, it is a flawed claim. Mass surveillance only increases the size of the haystack, which doesn't help in finding the needle. Targeted surveillance, when necessary and proportional, is required. And no such systems should be introduced without public debate and a legal regime in place for public and parliamentary accountability.

The government should also encourage the usage of end-to-end encryption, ensuring Indian citizens' data remains safe even if stored on foreign servers. Merely requiring those servers to be located in India will not help, since that information is still accessible to American agencies if it is not encrypted. Also, the currently lax Indian laws will also apply, degrading users' privacy even more.

Indians need to be aware they have virtually no privacy when communicating online unless they take proactive measures. Free or open-source software and technologies like Open-PGP can make emails secure, Off-The-Record can secure instant messages, TextSecure for SMSes, and Tor can anonymise internet traffic.

http://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us

For more details visit https://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us

Indian Supreme Court Overturns Law Barring ‘Offensive Messages’ Online

praskrishna — 2015-03-25T16:18:29Z

India’s Supreme Court on Tuesday struck down legislation barring “offensive messages” online, saying it violated constitutional guarantees of free expression.

The article by Niharika Mandhana published by Wall Street Journal on March 24, 2015 quotes Sunil Abraham.

A two-judge panel voided a part of India’s Information Technology Act that made it a crime to share information through computers or other communications devices that could cause “annoyance, inconvenience” and “enmity, hatred or ill will.”

Announcing the ruling in a crowded courtroom in the Indian capital, Justice Rohinton Nariman said the law’s provisions were too vague and didn’t provide “clearly defined lines” for law-enforcement officials. “What is offensive to one person may not be offensive to another,” he said.

The court also ruled that Internet companies, such as Facebook and Google, could be required to remove or block access to online content only if ordered to do so by a court or by a notification from the government. Previously, they were expected to act when they had “actual knowledge” of allegedly illegal materials.

Free-speech activists had long argued against the broad language in the law, which was enacted in part as an effort to prevent the incitement of violence among different religious and ethnic groups in the world’s second-most-populous nation.

On Tuesday they applauded the decision.

“This provision was hugely problematic for anyone using the Internet in India and that is gone,” said Sunil Abraham, head of the Bangalore-based Center for Internet and Society. “The court has removed the additional, unconstitutional limits to free speech.”

India’s Information Technology minister, Ravi Shankar Prasad, said in a televised interview after the ruling that the government “supports free social media.”

“If the security establishment needs a response in cases of terrorism, extremism, communal violence, the government will take a view after wider consultations,” Mr. Prasad said. “But only with adequate safeguards.”

Enforcement of the law has sparked controversy for years. In 2012, a 21-year-old was detained after complaining on Facebook about the effective shutdown of Mumbai for the funeral of a right-wing Hindu leader. Another person was also detained for “liking” her comment.

That year, political cartoonist Aseem Trivedi was also charged under this law for his work lampooning Parliament. Mr. Trivedi said Tuesday that the court’s decision would “put a stop to years of misuse of the law by the government and politicians.”

“It sends a strong message that Indian law is with free speech,” Mr. Trivedi said.

According to a recent report by Facebook, the U.S. social media company blocked 5,832 pieces of content in the second half of 2014 on requests from Indian law-enforcement agencies and the government.

That was up from 4,960 pieces blocked from January to June last year. Facebook said it restricted access in India to a lot of “anti-religious content” and “hate speech that Indian officials reported could cause unrest and disharmony.”

J. Sai Deepak, a New Delhi-based lawyer involved in the case, said Tuesday’s decision was a significant victory for Internet companies in India. He said the law’s implementation—which earlier was “subject to the vagaries of the political winds of the state,” he said—would now be guided only by the free-speech rules laid down in the Indian constitution.

The order, however, rejected an argument by free-speech advocates that information shared on the Internet must be treated the same way as other kinds of speech, such as a live address or printed material. The court said lawmakers could create a separate law to deal with online speech because such content, unlike others, “travels like lightning and can reach millions of persons all over the world.”

But the current law, the court said, was too vague and included terms which “take into the net a very large amount of protected and innocent speech.” The law “is cast so widely that virtually any opinion on any subject would be covered by it,” the order said.

—Newley Purnell contributed to this article.

For more details visit https://cis-india.org/internet-governance/news/wall-street-journal-niharika-mandhana-march-24-2015-indian-supreme-court-overturns-law-barring-hate-speech-online

Indian student in Cornell University hacks into ICSE, ISC database

praskrishna — 2013-07-02T07:39:45Z

A 20-year-old Indian student from Cornell University hacked into the database of ICSE (Class X) and ISC (Class XII) school exam results, exposed glaring anomalies in the marking system and went on to merrily write about his exploits in an online post.

The article by Kim Arora was published in the Times of India on June 6, 2013. Pranesh Prakash is quoted.

Kolkata-born Debarghya Das, majoring in computer science, says that all he had to do was run a simple program that entered all roll numbers after defining a range to get access to all the results. "It is shocking they haven't implemented a more secure system," Das told TOI on phone from New York.

After the result's data was crunched, analysed and plotted in graphs, Das discovered an interesting incongruity in the marking system: there are 33 different scores unattained between the passing mark of 35 and the maximum of 100 by the nearly 1,50,000 who appeared for the ICSE (Class X) exam. According to Das' findings, not a single student got the following marks: 36, 37, 39, 41, 43, 45, 47, 49, 51, 53, 55, 56, 57, 59, 61, 63, 65, 67, 68, 70, 71, 73, 75, 77, 79, 81, 82, 84, 85, 87, 89, 91, 93. Similarly, in the case of ISC (Class XII exam) a set of 24 marks between 40 and 100 were found to be unattained.

When contacted, chairperson of the CI SCE (Council for the Indian School Certificate Examinations) Gerry Arathoon, refused to comment on both data security and the unattained marks. "I can't say anything until I have had a look at things myself," he said.

Das says that the missing marks indicate that perhaps they were tampered with. He offers mathematical and statistical arguments to defend his position in his online post. He says that the ISC anomaly appears to be a case of awarding "grace marks" and writes -- "Everything from 35 onwards, and most things from 23 onward seem blindly promoted to a pass mark."

	Pranesh Prakash, policy director at the Center for Internet and Society, says one needn't even be a techie to execute such a hack. "You don't need real technical skills to do this. You just need to figure out the ranges and feed them in. It is an interesting revelation that the website does nothing to obfuscate the javascript for security, but one can still retrieve data without that information. Once you have the data, it requires two minutes of programming to get it in a spreadsheet," says Prakash. In his post, titled "Hacking into the Indian Education System", Das wrote that he was doing this to "demonstrate how few measures our education board takes to hide such sensitive information".

Pranesh Prakash, policy director at the Center for Internet and Society, says one needn't even be a techie to execute such a hack. "You don't need real technical skills to do this. You just need to figure out the ranges and feed them in. It is an interesting revelation that the website does nothing to obfuscate the javascript for security, but one can still retrieve data without that information. Once you have the data, it requires two minutes of programming to get it in a spreadsheet," says Prakash. In his post, titled "Hacking into the Indian Education System", Das wrote that he was doing this to "demonstrate how few measures our education board takes to hide such sensitive information".

The student also told the TOI that it wasn't possible to change any values in marks and upload fudged data again, and that he made any significant progress in this direction only about 3-4 days after the results were announced. His online post says he also has the data for CBSE class XII. Though he hasn't yet made it public, he does admit it was harder to crack than CISCE, though not altogether difficult.

Schooled in Kolkata, Das is curren tly interning at Google, working on YouTube's captioning system. He is also working on a tongue-controlled game and has earlier been active in game and applet design. The idea to hack the results came to him fo llowing a desire to help two close friends who had recently taken the exams.

Das, nicknamed Deedy, told ToI that he worked on the ICSE and ISC results off and on for a week, but it essentially took about 4-5 hours to get all the data."It took me more time to write the blog post," says Das, referring to his 19-page post with all the graphs, data and explanations that is currently online.

For Das, there was only one other takeaway from the whole exercise. "Regardless of any tampering, it would be nice to see a transparent exam scheme. SAT (Scholastic Assessment Test) publishes everything related to the exam results every year. It is inconceivable that a national level exam board doesn't do that," he says.

For more details visit https://cis-india.org/news/the-times-of-india-kim-arora-june-6-2013-indian-student-in-cornell-university-hacks-icse-isc-databas

Indian public concerned about fingerprint payment scheme

praskrishna — 2017-02-12T15:10:23Z

The Guardian is reporting that a prominent think tank has found that the prospect of using fingerprint authentication for everyday payments is raising privacy concerns among the Indian public.

The blog post by Rawlson King was published by Biometric Update.com on February 9, 2017. Sumandro Chattapadhyay was quoted.

The Centre for Internet and Society says that many Indians are concerned about the “privacy implications” of using Aadhaar as a payment scheme.

Aadhaar is the 12-digit unique identification number issued by the Indian government to every individual resident of India. The Aadhaar project aims to provide a single, unique identifier which captures all the demographic and biometric details of every Indian resident. Currently, Aadhaar has issued over 900 million Aadhaar numbers. BiometricUpdate.com recently reported that over one billion people have now been enrolled.

The Indian government is intent on expanding the use of Aadhaar beyond the provision of social services to include financial transactions. The government’s “Digital India” initiative aims to create a “cradle-to-grave digital identity” that can enable a digital economy. Moving towards a digital economy will allow low income people to access the banking system. The use of Aadhaar for most transactions however would also allow the government to reduce the cash supply, which would work to eliminate untaxed cash transactions.

The government took a big step towards reducing the cash supply last November by removing 500 and 1,000 rupee notes, thereby eliminating 85 percent of the country’s circulating currency. Indian residents responded by setting up three million, enabled by fingerprint verification. BiometricUpdate.com has reported that banks, including DCB Bank, have introduced Aadhaar enhanced services, and that financial service firms including YES Bank and Spice Money are introducing Aadhaar-enabled payment systems.

The unveiling of this biometric-based payment ecosystem however is creating consternation among the general public. Sumandro Chattapadhyay, a director at the Centre for Internet and Society told the Guardian that Indian residents are concerned about the “data-sharing possibilities opened up by Aadhaar.”

He noted that Aadhaar “makes it easier for companies not only to share information on individuals’ consumption and mobility habits, but also to link this data up with public records like the electoral register. Both lead to significant threats to privacy of individuals.”

Chattapadhyay also told the Guardian that “the law governing use of the biometric database, fast-tracked through parliament last year, is flimsy when it comes to the private sector. Since India lacks a general privacy or data protection law, this leaves corporate use of Aadhaar services effectively unregulated.”

He told the UK newspaper that his greatest fear is that “private companies could eventually gain access to government-held personal data, such as income or medical records, while the government could use company data like phone records to target specific individuals in political campaigns.”

Despite these fears, the government continues to move ahead with link Aadhaar with more elements of the financial system. Recent reports have stated that the Indian government may allow citizens to use Aadhaar to file their income tax returns.

For more details visit https://cis-india.org/internet-governance/news/biometric-update-february-9-2017-rawlson-king-indian-public-concerned-about-fingerprint-payment-scheme

Indian Porn Ban is Partially Lifted But Sites Remain Blocked

pranesh — 2015-09-13T09:00:03Z

The Indian government made a quick about-face on its order to block hundreds of pornography websites on Tuesday, partially lifting the ban after political backlash against the moral policing.

The article was published in Wall Street Journal on August 5, 2015. Pranesh Prakash gave his inputs.

But the websites remained blocked because Internet service providers were afraid of legal trouble.

The new order from the Department of Telecommunications said that Internet service providers could unblock any of the 857 websites, so long as they don’t contain child pornography. However, the websites remain blocked because service providers say they have no way of knowing whether they contain child porn, and no control over whether they will in the future.

Ravi Shankar Prasad, the IT minister, said Tuesday night that the government would trim down the list of banned sites, to focus only on those that contain child porn.

“A new notification will be issued shortly. The ban will be partially withdrawn. Sites that do not promote child porn will be unbanned,” said Mr. Prasad on the TV news channel India Today.

The wording of the new order created confusion, because it appears to put the responsibility for policing the Internet for child pornography on service providers.

“How can we go ahead? What if something comes up tomorrow [on one of these sites], which has child porn, or something else?,” said an executive at an Indian service provider who asked not to be named.

“The onus cannot be put on the service providers. What the government is doing is inherently unfair, it is not what the law requires,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bangalore-based civil liberties advocacy group. It is the government’s job to determine what violates the law, not private companies, Mr. Prakash said.

For more details visit https://cis-india.org/internet-governance/news/the-wall-street-journal-august-5-2015-sean-mclain-indian-porn-ban-is-partially-lifted-but-sites-remain-blocked

Indian politicians yet to tap voters online: CIS’s Abraham

praskrishna — 2013-10-23T05:31:34Z

Sunil Abraham talks about the role online media will play in forthcoming elections and the behaviour of online readers of news.

The interview (taken by Venkatesh Upadhyay) was published in Livemint on October 22, 2013.

Sunil Abraham, 40, is executive director of the Centre for Internet and Society, a not-for-profit research organization that works on issues related to freedom of expression and privacy. Abraham was in New Delhi to speak on the impact of media, social media and technology on governance and democracy, organized by the Observer Research Foundation together with the Rosa Luxemburg Stiftung. On the sidelines of the conference, he talked about the role that online media will play in forthcoming elections as well the behaviour of online readers of news.

Edited excerpts from the interview:

How important will digital media be for the forthcoming elections?

I think the Internet in India is very different from, say, the one found in the US. So, our capacity to read from similar experience in their elections is limited. If you take the extensive exposure that the (Barack) Obama campaign had on the online space and the manner in which it supposedly helped the campaign, I don’t see that happening here.

Politicians and political parties very active on social media. You don’t think that will have an effect on elections?

I think the missing part of the equation till now is that there has not been any devising—to my knowledge—of targeting of voters through Facebook or Twitter. Our digital footprint leads to immense big-data opportunities, which I do not see politicians in India being able to exploit. Again, to give an example from the United States, there were certain instances there from where if you were member of a particular community, you could be targeted by political campaigns. Here, I don’t see that happening that easily.


Above: Sunil Abraham on the role of digital media in elections

So our politicians are wasting their time on social media?

Not entirely. In my view, one of the good things that the Internet does is that it has the capacity to democratize public opinion. One must also keep in mind that networks such as the ones available through social media are not homogenous. So nodes such as users who are opinion-makers and journalists are active on these networks, and so politicians can use these methods to reach out to more people.

Does the traditional media still have a role?
Of course. Traditional media is more likely to determine political outcomes in comparison to social media because most of the links that we see in social media are related to content that is created on traditional media. Now, of course, we can be sceptical of the role that traditional media plays in influencing the general mood of the country, but that is a different question.

Is there something peculiar about the manner in which readers interact with newspaper reports online?
I think one can usually see the comments section of some news sites littered with hurtful and hateful comments. So, some readers such as myself basically go through these comments to look at trolling and also sometimes for comic relief. But again, every news organization seems to be dealing with this differently. The Times of India, doesn’t, in my view, regulate its comments section. But one can see, say, in The Hindu, that readers’ comments are regulated and are usually very thoughtful.

Is there any particular reason why certain news readers respond the way they do?

Well, a part of the reason why people consuming news online comment and interact the way they do is that anonymity produces a level of freedom that allows people to be more brutal in their behaviour online.

At the same time, you can also see, in some instances, the chilling effects of surveillance, where people end up censuring their thoughts on issues. Of course, surveillance is not the answer. Societies need to deal with hateful threats on their own terms.

What will it take for politicians and public figures to get their message across, given the idiosyncrasies of the Indian digital media?
I think two components are crucial: trust and authenticity. For example, in the case of Wikipedia, there is an assumed amount of trust that the user has. The trust relationship between public figures who are active online and the public also is a two-way street. Politicians must also trust their common party members to use their social media presence as and when they want to. For example, why don’t they allow each and every member of the political party to man their Twitter handle for a day?

As for authenticity, the human mind can say whether an act by someone online is authentic or not.

Finally, what is your view on the role that larger Internet monopolies such as Facebook and Google are playing across the digital plane?

The Internet has also changed over the past 15 years. It used to be a decentralized network. Everybody was hopeful that it would have democratizing potential and, therefore, techno-utopianism was born. Now, it is increasingly clear that a small proportion of websites have 90% of the traffic and large corporations such as Google and Facebook play a significant role in configuring the attention economy. They are now also beginning to take this role very seriously themselves. In the case of Google, increasingly Google is using its power over the attention economy to play a role in the electoral process in India. They have been holding Google Hangouts and what they have been able to do is bring the public to the politicians.

Other concerns such as Facebook and Twitter through their walled-garden arrangements with telecom companies also play a similar role in configuring the attention economy. One is more innocuous—like the manner in which their algorithms are structured determining who shows up in their feeds.

For more details visit https://cis-india.org/news/livemint-venkatesh-upadhyay-october-22-2013-indian-politicians-yet-to-tap-voters-online

Indian police set up lab to monitor social media

praskrishna — 2013-03-19T09:23:12Z

Mumbai police have set up India's first "social media lab" to monitor Facebook, Twitter and other networking sites, sparking concerns about freedom of speech online.

This was published by AFP on March 18, 2013. This was also carried in Global Post on the same day. Sunil Abraham is quoted.

A specially-trained team of 20 police officers will staff the lab, which was launched over the week end and will work around the clock to keep an eye on issues being publicly discussed and track matters relating to public order.

"They will work under Special Branch. They will monitor and find out which topics are trending among the youth so we can plan law and order in a good way," police spokesman Satyanarayan Choudhary told AFP on Monday.

In November police sparked outrage and fierce debate about India's Internet laws by arresting two young women over a Facebook post criticising the shutdown of Mumbai after the death of a local hardline politician.

The pair were arrested under laws including section 66a of the Information Technology Act, which forbids "sending false and offensive messages through communication services" and can lead to three years in jail.

The case followed several arrests across the country for political cartoons or comments made online.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society research group, said the "natural reaction" was to worry about the new police lab given the way the law has been used.

"Police in the last four years have acted in an arbitrary and random fashion, often using the IT Act to settle political scores," he told AFP.

"When there's no crisis for the police, proactively keeping an eye on what people are saying or doing is overkill," he said.

Choudhary said the lab was not set to censor comments, echoing a statement made by police commissioner Satyapal Singh at the launch.

"By reading the mindset of what people are writing on various modes of communication, we will try to provide better and improved safety and security to the Mumbai citizens," Singh said.

For more details visit https://cis-india.org/news/afp-march-18-2013-indian-police-set-up-lab-to-monitor-social-media

Indian PM Narendra Modi’s digital dream gets bad reception

praskrishna — 2015-09-29T15:23:04Z

As Indian Prime Minister Narendra Modi told Silicon Valley’s most powerful chief executives this week how his government “attacked poverty by using the power of networks and mobile phones’’, the entire population of the state of Kashmir remained offline — by order of the state.

The article by Amanda Hodge was published in the Australian on September 29, 2015. Sunil Abraham gave inputs.

“I see technology as a means to empower and as a tool that bridges the distance between hope and opportunity,” Mr Modi said yesterday on a trip in which he will also discuss development at the UN.

Earlier, in a “town hall” meeting with Facebook chief Mark Zuckerberg Mr Modi hailed the power of social media networks that gave governments the opportunity to correct themselves “every five minutes”, rather than every five years.

His remarks during his Digital India tour of the US west coast sparked a storm of Twitter protest.

The northern state’s former chief minister Omar Abdullah, who noted the “irony of listening to Prime Minister Modi lecturing about connected digital India, while we are totally disconnected”.

The ban on mobile and broadband internet in Jammu and Kashmir was imposed last Friday, the beginning of the Muslim holiday of Eid-ul-Zuha during which animals are slaughtered and the meat fed to the poor, for fear social media could inflame tensions over the state government’s decision to enforce a beef ban.

It was to have lasted 24 hours but — notwithstanding Twitter feedback — was extended twice as a “precautionary” measure.

As Mr Modi outlined his dreams of a broadband network connecting the country’s most remote communities, millions of New Delhi mobile phone users continued their daily wrestle with line dropouts.

“We are bringing technology, transparency, efficiency, ease and effectiveness in governance,” he said, as in New Delhi the government talked of pulling down more mobile towers.

Centre for Internet and Society director Sunil Abraham said yesterday: “Schizophrenia between rhetoric and reality (on digital policy) is the global standard for all world leaders.

“Politicians in opposition are invariably opposed to surveillance and in favour of free speech but the very day that politician assumes office even if it is someone as splendid as Barack Obama, they change their opinions on these topics and become pro-surveillance and pro-censorship.”

Certainly successive Indian governments have had a patchy record on such issues. Last March India’s activist Supreme Court struck down a controversial section of the Information Technology Act which made posting information of a “grossly offensive or menacing character” punishable by up to three years’ jail.

That month police in northern Uttar Pradesh arrested a teenager for a Facebook post, which they said “carried derogatory language against a community”.

Previous cases under the former Congress-led government include that of a university professor detained for posting a cartoon about the chief minister of West Bengal and the arrest of two young women over a Facebook post criticising the shutdown of Mumbai following the death of a Hindu right politician.

While Mr Modi’s government welcomed the Supreme Court ruling as a “landmark day for freedom of speech and expression”, last month it attempted to block 857 random porn sites.

Notwithstanding the gulf between Mr Modi’s digital dream rhetoric and the reality at home, his second US visit in 17 months has reaped dividends. Google has committed to a joint initiative to roll out free Wi-Fi to 500 railway stations across the country, and Qualcomm has pledged a $US150 million ($213m) tech startup fund.

But Mr Abraham warned of the potential for such investments to compromise net neutrality — the principle of allowing internet users access to all content and applications.

For more details visit https://cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception

Indian Netizens Criticize Online Censorship of ‘Jihadi’ Content

subha — 2015-02-10T02:43:17Z

The article on online censorship by Subhashish Panigrahi was published in Global Voices on January 6, 2015.

Click to view the article on Global Voices here.

Indian Netizens Criticize Online Censorship of ‘Jihadi’ Content · Global Voices


Mock-up of a blocked URL (Image: Subhashish Panigrahi, CC-by-SA 3.0)

The Government of India in the last week of 2014 asked Internet service providers (ISPs) to block 32 websites including code repository Github, video streaming sites Vimeo and Dailymotion, online archive Internet Archive, free software hosting site Sourceforge and many other websites on the basis of hosting anti-India content from the violent extremist group known as ISIS.

The blanket block on many resourceful sites has been heavily criticized on social media and blogs by reviving the hashtag #GoIblocks that evolved in the past against internet censorship by the government.

Nikhil Pahwa at MediaNama notes that this time many ISPs published the list of the blocked sites:

Typically, users are not informed about which websites are blocked, so this was a welcome move from the ISP.

“Say No to Censorship. #GOIBlocks” (taken from Facebook page of Free Software Foundation, Tamil Nadu)

In 2012, opposition party leader Narendra Modi (who is now India's Prime Minister) tweeted against the URL blocks by the earlier ruling of India's National Congress when then-Minister of Communications and Information Technology Kapil Sibal ordered to block 300 websites. Many eyebrows were raised when Modi repeated the move this time around.

Internet censorship in India has been increasingly prominent since 1999 when Pakistani newspaper Dawn was blocked by the Videsh Sanchar Nigam Limited for post-Kargil War views against India. These caught heavy criticism from netizens, often under the hashtag #IdiotKapilSibal. Since then there have been many instances of government-mediated censorship, particularly with the enactment of India's Information Technology Act of 2000.

Arvind Gupta, head of Information Technology for India's ruling Bharatiya Janata Party, tweeted to clarify that the sites were blocked as advised by the Anti-Terrorism Squad.

Arvind Gupta ✔ @buzzindelhi
Follow

The websites that have been blocked were based on an advisory by Anti Terrorism Squad, and were carrying Anti India content from ISIS. 1/2

3:11 PM - 31 Dec 2014

362 Retweets 82 favorites

After agreeing to remove anti-India content posted by accounts that appeared to have some association with ISIS, weebly.com, vimeo.com, Pastebin, dailymotion.com and gist.github.com were unblocked.

These websites have undertaken not to allow pasting of such propaganda information on their website and also work with the government to remove such material as per the compliance with the laws of land.

- Ministry of Communications and Information Technology, Government of India (posted in Business Standard)

Arvind Gupta ✔ @buzzindelhi
Follow

Action has been initiated to unblock -- http://weebly.com , http://vimeo.com , http://dailymotion.com and (1/2)

12:36 AM - 1 Jan 2015

63 Retweets 25 favorites

Arvind Gupta ✔ @buzzindelhi

gist.github.com :: http://wap.business-standard.com/article/news-ians/government-decides-to-unblock-four-websites-out-of-32-114123101162_1.html … (2/2)

12:36 AM - 1 Jan 2015

39 Retweets 12 favorites

For more details visit https://cis-india.org/internet-governance/blog/global-voices-january-6-2015-subhashish-panigrahi-indian-netizens-criticize-online-censorship-of-jihadi-content

Indian net service providers too play censorship tricks

praskrishna — 2013-02-13T04:20:53Z

The study by a Canadian university has found that some major Indian ISPs have deployed web-censorship and filtering technology.

The article by T Ramachandran was published in the Hindu on February 9, 2013. Sunil Abraham is quoted.

Your internet service provider (ISP) could be blocking some content. A study conducted by a Canadian university has found that some major Indian ISPs have deployed web-censorship and filtering technology widely used in China and some West Asian countries.

The findings, published on January 15, were the result of a search for censorship software and hardware on public networks like those operated by ISPs.

A research team at Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, found a software-hardware combo package called PacketShaper being used in many parts of the world, including India.

The study identified the presence of four PacketShaper installations on the networks of three major ISPs in India during the period of study in late 2012. These ISPs had been earlier “implicated in filtering to some degree,” the report said.

The deployment of such traffic management technologies by ISPs could threaten privacy, freedom of expression and competition, said Sunil Abraham, Executive Director of the Bangalore-based NGO, Centre for Internet and Society.

He said tools like PacketShaper could be used by ISPs for two types of censorship —“to block entire websites or choke traffic on certain services or destinations in a highly granular fashion.”

The U.S.-based producers of the technology, Blue Coat Systems, are quite open about the product features on the company’s website. They say it could be used to control and weed out undesirable content. It could also be used to slow down or speed up the operation of programmes and content flow to achieve the goals set by the operators of the networks.

Transparency is the key

Technology experts said such products could be used to exercise legitimate control over the internet traffic and prioritise the use of bandwidth and resources, if used ethically.

“If done in a transparent manner that does not discriminate against different actors within a class it does benefit the collective interest of the ISP’s clients. However, it could also be used to engage in hidden censorship against legitimate speech and also for anti-competitive behaviour,” said Mr. Abraham.

The study focussed on countries where concerns exist over “compliance with international human rights law, legal due process, freedom of speech, surveillance, and censorship.”

For more details visit https://cis-india.org/news/the-hindu-feb-9-2013-t-ramachandran-indian-net-service-providers-too-play-censorship-tricks

Indian music streaming service Gaana hacked, millions of users’ details exposed

praskrishna — 2015-08-22T16:44:25Z

Indian music streaming service Gaana, which has over 7.5 million monthly visitors, has been compromised by a hacker and its user information database is now exposed.

The hacker, who goes by the moniker Mak Man and appears to be based in Lahore, Pakistan, posted a link to a searchable database of Gaana user details on his Facebook page. Enter a user’s email address and it spits out their full name, email address, MD5-hashed password, date of birth Facebook and Twitter profiles and more.

The hack appears to be a SQL injection-based exploit of Gaana’s systems, but the intention behind it is unknown. The database shows more than 12.5 million users are currently registered on Gaana.

Mak Man also posted images of the service’s admin panel.

It’s worrying that an online service from one of India’s biggest internet companies (Times Internet) is vulnerable to attacks like this.

With user details exposed, it may not do much good to simply change your Gaana password, as it will reflect in the hacker’s database. You’re better off deactivating your account until the issue is resolved, and changing your email, Facebook and Twitter passwords if they’re the same as on Gaana right away.

Update: Since our story broke, Gaana has taken its site offline and the exposed database isn’t returning search results when we queried it with test data.

The hacker has updated his database page with the following message: “The vulnerable parameter I was using here, has been patched by the Admin
Now the question is, Was this the only vulnerable parameter I had .. ? ;)”

Update 2: Times Internet CEO Satyan Gajwani tweeted that only login credentials were accessed and no financial or sensitive personal data was leaked.

Gajwani attempted to contact the hacker on Facebook and acknowledged the issue. He added that the attack was the hacker’s way of highlighting Gaana’s vulnerability.

The exposed database has since been removed on Gajwani’s request. All Gaana users’ passwords have been reset.

Gajwani also sought to reassure his followers that no user data was stored and that the passwords were hashed. Hacker

Mak Man also confirmed this in a Facebook post. However, that can’t be confirmed and you’d best change your passwords for any social accounts and email addresses associated with your Gaana profile.

According to Pranesh Prakash, Policy Director at Center for Internet and Society in Bangalore, India, the MD5 hashing algorithm which appears to have been used for securing passwords isn’t very strong and could easily be unscrambled using a rainbow table to get the plain-text version of the data.

Prakash also says that for added security, Gaana should:

Stop using MD5 as its password hashing function and instead look at stronger password derivation functions like scrypt, bcrypt, or PBKDF2.
Sanitize its SQL inputs to prevent against malicious SQL injections.
Enable two-factor authentication for users to log in securely.
Urge its users to use long passphrases instead of short complicated passwords and to never to reuse a password.

➤ Gaana [via The Geek Byte]

For more details visit https://cis-india.org/internet-governance/news/tnwnews-may-28-2015-abhimanyu-ghoshal-indian-music-streaming-service-gaana-hacked-millions-of-users-details-exposed

Indian mobiles go quiet amid SMS curbs

praskrishna — 2012-08-27T07:15:01Z

India’s 900m-plus mobile telephones have fallen unusually quiet since Saturday, when the government curbed text and multimedia messages for 15 days in an attempt to dispel panic among north-easterners fearing attacks from angry Muslims.

This article written by Victor Mallet in New Delhi and James Crabtree in Mumbai was published in Financial Times on August 21, 2012. Additional reporting by Jyotsna Singh in New Delhi. Pranesh Prakash is quoted.

The order limiting the number of SMS and MMS messages to five a day from each pre-paid account – which comprise 97 per cent of the market – has disrupted personal communications and threatens to squeeze the revenues of the mobile operating companies.

The government has also urged social media websites including Facebook and Twitter to remove “inflammatory” content it said had helped spread rumours that caused an exodus of migrants from some cities last week. Access to 245 web pages containing doctored videos and images had been blocked, the government claimed, and the relevant sites told to take the pages down.

Indians send more than a billion text messages a day, although it is not clear how many people have been affected by the restrictions or how many of the messages are mass mailings.

Akshat Dwivedi, 20, an undergraduate student at Delhi University, said the restrictions were “a stupid idea”.

“How can the government take away something that has become a basic, fundamental need today?” he said. “The ban has affected mostly students who use pre-paid connections because pre-paid connections are cheaper and more affordable for students like us. The ban has hugely disrupted our life. There are many people who rely on text messages because you can’t always call everybody.”

Civil rights activists wary of censorship accept that the ban may have been necessary to ease ethnic and religious tensions.

“There is the fear that the state will exercise inordinate powers,” said Akila Shivdas, a civil and consumer rights activist. “But regulation and state control are two different things … This is an opportunity to look at regulation seriously.”

India’s mobile industry earned about $20bn in revenue last year, of which 15-18 per cent was from data services, according to the Cellular Operators Association of India, a trade body. This suggests operators are set to suffer a loss of about $133m for the 15-day period, according to COAI figures.

“When we are going through the trauma of increased costs, being challenged on revenues does not help,” said Rajan Matthew, COAI director-general. “The government’s heart is in the right place in trying to address this issue ... But when we are fighting for every nickel and dime, this loss is not a small amount.”

Other analysts cautioned that the likely revenue impact would be much smaller, noting that most customers bought pre-paid SMS packages. “I’m not saying there will be no loss, but it will not be dramatic”, said Rohit Chordia, a telecoms analyst at Kotak, a Mumbai-based brokerage.

Industry sources and analysts also questioned the government’s decision to impose an extended nationwide ban, rather than experimenting with more limited short-term restrictions targeted to particular trouble spots.

“Some kind of limitation on communication was a reasonable step, but restricting everyone to just five per day I don’t think is reasonable at all,” said Pranesh Prakash, programme manager at the Centre for Internet and Society, a Bangalore-based think tank.

Thousands of north-easterners – physically similar to the Bodo people who have been fighting Muslim migrants over land and political power in Assam – fled from cities such as Bangalore and Hyderabad last week after threats of violence sent by SMS.

Muslims in Mumbai had previously been inflamed by media messages purportedly showing brutality towards their fellow followers of Islam, though the Indian government said some pictures were doctored and had been uploaded from Pakistan.

Events in Bangalore, said Pavan Duggan, a lawyer specialising in IT issues, were “a classic case of mobile cyberterrorism”. He backed the government’s measures despite concerns about censorship. “Obviously there are some rumblings, but these are still small murmurs because everyone is very clear that the national interest will come over [mobile] revenues.”

For more details visit https://cis-india.org/news/www-ft-com-aug-21-2012-victor-mallet-james-crabtree-indian-mobiles-go-quiet-amid-sms-curb