We are anonymous, we are legion

Indian PM Narendra Modi’s digital dream gets bad reception

praskrishna — 2015-09-29T15:23:04Z

As Indian Prime Minister Narendra Modi told Silicon Valley’s most powerful chief executives this week how his government “attacked poverty by using the power of networks and mobile phones’’, the entire population of the state of Kashmir remained offline — by order of the state.

The article by Amanda Hodge was published in the Australian on September 29, 2015. Sunil Abraham gave inputs.

“I see technology as a means to empower and as a tool that bridges the distance between hope and opportunity,” Mr Modi said yesterday on a trip in which he will also discuss development at the UN.

Earlier, in a “town hall” meeting with Facebook chief Mark Zuckerberg Mr Modi hailed the power of social media networks that gave governments the opportunity to correct themselves “every five minutes”, rather than every five years.

His remarks during his Digital India tour of the US west coast sparked a storm of Twitter protest.

The northern state’s former chief minister Omar Abdullah, who noted the “irony of listening to Prime Minister Modi lecturing about connected digital India, while we are totally disconnected”.

The ban on mobile and broadband internet in Jammu and Kashmir was imposed last Friday, the beginning of the Muslim holiday of Eid-ul-Zuha during which animals are slaughtered and the meat fed to the poor, for fear social media could inflame tensions over the state government’s decision to enforce a beef ban.

It was to have lasted 24 hours but — notwithstanding Twitter feedback — was extended twice as a “precautionary” measure.

As Mr Modi outlined his dreams of a broadband network connecting the country’s most remote communities, millions of New Delhi mobile phone users continued their daily wrestle with line dropouts.

“We are bringing technology, transparency, efficiency, ease and effectiveness in governance,” he said, as in New Delhi the government talked of pulling down more mobile towers.

Centre for Internet and Society director Sunil Abraham said yesterday: “Schizophrenia between rhetoric and reality (on digital policy) is the global standard for all world leaders.

“Politicians in opposition are invariably opposed to surveillance and in favour of free speech but the very day that politician assumes office even if it is someone as splendid as Barack Obama, they change their opinions on these topics and become pro-surveillance and pro-censorship.”

Certainly successive Indian governments have had a patchy record on such issues. Last March India’s activist Supreme Court struck down a controversial section of the Information Technology Act which made posting information of a “grossly offensive or menacing character” punishable by up to three years’ jail.

That month police in northern Uttar Pradesh arrested a teenager for a Facebook post, which they said “carried derogatory language against a community”.

Previous cases under the former Congress-led government include that of a university professor detained for posting a cartoon about the chief minister of West Bengal and the arrest of two young women over a Facebook post criticising the shutdown of Mumbai following the death of a Hindu right politician.

While Mr Modi’s government welcomed the Supreme Court ruling as a “landmark day for freedom of speech and expression”, last month it attempted to block 857 random porn sites.

Notwithstanding the gulf between Mr Modi’s digital dream rhetoric and the reality at home, his second US visit in 17 months has reaped dividends. Google has committed to a joint initiative to roll out free Wi-Fi to 500 railway stations across the country, and Qualcomm has pledged a $US150 million ($213m) tech startup fund.

But Mr Abraham warned of the potential for such investments to compromise net neutrality — the principle of allowing internet users access to all content and applications.

For more details visit https://cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception

Indian Netizens Criticize Online Censorship of ‘Jihadi’ Content

subha — 2015-02-10T02:43:17Z

The article on online censorship by Subhashish Panigrahi was published in Global Voices on January 6, 2015.

Click to view the article on Global Voices here.

Indian Netizens Criticize Online Censorship of ‘Jihadi’ Content · Global Voices


Mock-up of a blocked URL (Image: Subhashish Panigrahi, CC-by-SA 3.0)

The Government of India in the last week of 2014 asked Internet service providers (ISPs) to block 32 websites including code repository Github, video streaming sites Vimeo and Dailymotion, online archive Internet Archive, free software hosting site Sourceforge and many other websites on the basis of hosting anti-India content from the violent extremist group known as ISIS.

The blanket block on many resourceful sites has been heavily criticized on social media and blogs by reviving the hashtag #GoIblocks that evolved in the past against internet censorship by the government.

Nikhil Pahwa at MediaNama notes that this time many ISPs published the list of the blocked sites:

Typically, users are not informed about which websites are blocked, so this was a welcome move from the ISP.

“Say No to Censorship. #GOIBlocks” (taken from Facebook page of Free Software Foundation, Tamil Nadu)

In 2012, opposition party leader Narendra Modi (who is now India's Prime Minister) tweeted against the URL blocks by the earlier ruling of India's National Congress when then-Minister of Communications and Information Technology Kapil Sibal ordered to block 300 websites. Many eyebrows were raised when Modi repeated the move this time around.

Internet censorship in India has been increasingly prominent since 1999 when Pakistani newspaper Dawn was blocked by the Videsh Sanchar Nigam Limited for post-Kargil War views against India. These caught heavy criticism from netizens, often under the hashtag #IdiotKapilSibal. Since then there have been many instances of government-mediated censorship, particularly with the enactment of India's Information Technology Act of 2000.

Arvind Gupta, head of Information Technology for India's ruling Bharatiya Janata Party, tweeted to clarify that the sites were blocked as advised by the Anti-Terrorism Squad.

Arvind Gupta ✔ @buzzindelhi
Follow

The websites that have been blocked were based on an advisory by Anti Terrorism Squad, and were carrying Anti India content from ISIS. 1/2

3:11 PM - 31 Dec 2014

362 Retweets 82 favorites

After agreeing to remove anti-India content posted by accounts that appeared to have some association with ISIS, weebly.com, vimeo.com, Pastebin, dailymotion.com and gist.github.com were unblocked.

These websites have undertaken not to allow pasting of such propaganda information on their website and also work with the government to remove such material as per the compliance with the laws of land.

- Ministry of Communications and Information Technology, Government of India (posted in Business Standard)

Arvind Gupta ✔ @buzzindelhi
Follow

Action has been initiated to unblock -- http://weebly.com , http://vimeo.com , http://dailymotion.com and (1/2)

12:36 AM - 1 Jan 2015

63 Retweets 25 favorites

Arvind Gupta ✔ @buzzindelhi

gist.github.com :: http://wap.business-standard.com/article/news-ians/government-decides-to-unblock-four-websites-out-of-32-114123101162_1.html … (2/2)

12:36 AM - 1 Jan 2015

39 Retweets 12 favorites

For more details visit https://cis-india.org/internet-governance/blog/global-voices-january-6-2015-subhashish-panigrahi-indian-netizens-criticize-online-censorship-of-jihadi-content

Indian net service providers too play censorship tricks

praskrishna — 2013-02-13T04:20:53Z

The study by a Canadian university has found that some major Indian ISPs have deployed web-censorship and filtering technology.

The article by T Ramachandran was published in the Hindu on February 9, 2013. Sunil Abraham is quoted.

Your internet service provider (ISP) could be blocking some content. A study conducted by a Canadian university has found that some major Indian ISPs have deployed web-censorship and filtering technology widely used in China and some West Asian countries.

The findings, published on January 15, were the result of a search for censorship software and hardware on public networks like those operated by ISPs.

A research team at Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, found a software-hardware combo package called PacketShaper being used in many parts of the world, including India.

The study identified the presence of four PacketShaper installations on the networks of three major ISPs in India during the period of study in late 2012. These ISPs had been earlier “implicated in filtering to some degree,” the report said.

The deployment of such traffic management technologies by ISPs could threaten privacy, freedom of expression and competition, said Sunil Abraham, Executive Director of the Bangalore-based NGO, Centre for Internet and Society.

He said tools like PacketShaper could be used by ISPs for two types of censorship —“to block entire websites or choke traffic on certain services or destinations in a highly granular fashion.”

The U.S.-based producers of the technology, Blue Coat Systems, are quite open about the product features on the company’s website. They say it could be used to control and weed out undesirable content. It could also be used to slow down or speed up the operation of programmes and content flow to achieve the goals set by the operators of the networks.

Transparency is the key

Technology experts said such products could be used to exercise legitimate control over the internet traffic and prioritise the use of bandwidth and resources, if used ethically.

“If done in a transparent manner that does not discriminate against different actors within a class it does benefit the collective interest of the ISP’s clients. However, it could also be used to engage in hidden censorship against legitimate speech and also for anti-competitive behaviour,” said Mr. Abraham.

The study focussed on countries where concerns exist over “compliance with international human rights law, legal due process, freedom of speech, surveillance, and censorship.”

For more details visit https://cis-india.org/news/the-hindu-feb-9-2013-t-ramachandran-indian-net-service-providers-too-play-censorship-tricks

Indian music streaming service Gaana hacked, millions of users’ details exposed

praskrishna — 2015-08-22T16:44:25Z

Indian music streaming service Gaana, which has over 7.5 million monthly visitors, has been compromised by a hacker and its user information database is now exposed.

The hacker, who goes by the moniker Mak Man and appears to be based in Lahore, Pakistan, posted a link to a searchable database of Gaana user details on his Facebook page. Enter a user’s email address and it spits out their full name, email address, MD5-hashed password, date of birth Facebook and Twitter profiles and more.

The hack appears to be a SQL injection-based exploit of Gaana’s systems, but the intention behind it is unknown. The database shows more than 12.5 million users are currently registered on Gaana.

Mak Man also posted images of the service’s admin panel.

It’s worrying that an online service from one of India’s biggest internet companies (Times Internet) is vulnerable to attacks like this.

With user details exposed, it may not do much good to simply change your Gaana password, as it will reflect in the hacker’s database. You’re better off deactivating your account until the issue is resolved, and changing your email, Facebook and Twitter passwords if they’re the same as on Gaana right away.

Update: Since our story broke, Gaana has taken its site offline and the exposed database isn’t returning search results when we queried it with test data.

The hacker has updated his database page with the following message: “The vulnerable parameter I was using here, has been patched by the Admin
Now the question is, Was this the only vulnerable parameter I had .. ? ;)”

Update 2: Times Internet CEO Satyan Gajwani tweeted that only login credentials were accessed and no financial or sensitive personal data was leaked.

Gajwani attempted to contact the hacker on Facebook and acknowledged the issue. He added that the attack was the hacker’s way of highlighting Gaana’s vulnerability.

The exposed database has since been removed on Gajwani’s request. All Gaana users’ passwords have been reset.

Gajwani also sought to reassure his followers that no user data was stored and that the passwords were hashed. Hacker

Mak Man also confirmed this in a Facebook post. However, that can’t be confirmed and you’d best change your passwords for any social accounts and email addresses associated with your Gaana profile.

According to Pranesh Prakash, Policy Director at Center for Internet and Society in Bangalore, India, the MD5 hashing algorithm which appears to have been used for securing passwords isn’t very strong and could easily be unscrambled using a rainbow table to get the plain-text version of the data.

Prakash also says that for added security, Gaana should:

Stop using MD5 as its password hashing function and instead look at stronger password derivation functions like scrypt, bcrypt, or PBKDF2.
Sanitize its SQL inputs to prevent against malicious SQL injections.
Enable two-factor authentication for users to log in securely.
Urge its users to use long passphrases instead of short complicated passwords and to never to reuse a password.

➤ Gaana [via The Geek Byte]

For more details visit https://cis-india.org/internet-governance/news/tnwnews-may-28-2015-abhimanyu-ghoshal-indian-music-streaming-service-gaana-hacked-millions-of-users-details-exposed

Indian mobiles go quiet amid SMS curbs

praskrishna — 2012-08-27T07:15:01Z

India’s 900m-plus mobile telephones have fallen unusually quiet since Saturday, when the government curbed text and multimedia messages for 15 days in an attempt to dispel panic among north-easterners fearing attacks from angry Muslims.

This article written by Victor Mallet in New Delhi and James Crabtree in Mumbai was published in Financial Times on August 21, 2012. Additional reporting by Jyotsna Singh in New Delhi. Pranesh Prakash is quoted.

The order limiting the number of SMS and MMS messages to five a day from each pre-paid account – which comprise 97 per cent of the market – has disrupted personal communications and threatens to squeeze the revenues of the mobile operating companies.

The government has also urged social media websites including Facebook and Twitter to remove “inflammatory” content it said had helped spread rumours that caused an exodus of migrants from some cities last week. Access to 245 web pages containing doctored videos and images had been blocked, the government claimed, and the relevant sites told to take the pages down.

Indians send more than a billion text messages a day, although it is not clear how many people have been affected by the restrictions or how many of the messages are mass mailings.

Akshat Dwivedi, 20, an undergraduate student at Delhi University, said the restrictions were “a stupid idea”.

“How can the government take away something that has become a basic, fundamental need today?” he said. “The ban has affected mostly students who use pre-paid connections because pre-paid connections are cheaper and more affordable for students like us. The ban has hugely disrupted our life. There are many people who rely on text messages because you can’t always call everybody.”

Civil rights activists wary of censorship accept that the ban may have been necessary to ease ethnic and religious tensions.

“There is the fear that the state will exercise inordinate powers,” said Akila Shivdas, a civil and consumer rights activist. “But regulation and state control are two different things … This is an opportunity to look at regulation seriously.”

India’s mobile industry earned about $20bn in revenue last year, of which 15-18 per cent was from data services, according to the Cellular Operators Association of India, a trade body. This suggests operators are set to suffer a loss of about $133m for the 15-day period, according to COAI figures.

“When we are going through the trauma of increased costs, being challenged on revenues does not help,” said Rajan Matthew, COAI director-general. “The government’s heart is in the right place in trying to address this issue ... But when we are fighting for every nickel and dime, this loss is not a small amount.”

Other analysts cautioned that the likely revenue impact would be much smaller, noting that most customers bought pre-paid SMS packages. “I’m not saying there will be no loss, but it will not be dramatic”, said Rohit Chordia, a telecoms analyst at Kotak, a Mumbai-based brokerage.

Industry sources and analysts also questioned the government’s decision to impose an extended nationwide ban, rather than experimenting with more limited short-term restrictions targeted to particular trouble spots.

“Some kind of limitation on communication was a reasonable step, but restricting everyone to just five per day I don’t think is reasonable at all,” said Pranesh Prakash, programme manager at the Centre for Internet and Society, a Bangalore-based think tank.

Thousands of north-easterners – physically similar to the Bodo people who have been fighting Muslim migrants over land and political power in Assam – fled from cities such as Bangalore and Hyderabad last week after threats of violence sent by SMS.

Muslims in Mumbai had previously been inflamed by media messages purportedly showing brutality towards their fellow followers of Islam, though the Indian government said some pictures were doctored and had been uploaded from Pakistan.

Events in Bangalore, said Pavan Duggan, a lawyer specialising in IT issues, were “a classic case of mobile cyberterrorism”. He backed the government’s measures despite concerns about censorship. “Obviously there are some rumblings, but these are still small murmurs because everyone is very clear that the national interest will come over [mobile] revenues.”

For more details visit https://cis-india.org/news/www-ft-com-aug-21-2012-victor-mallet-james-crabtree-indian-mobiles-go-quiet-amid-sms-curb

Indian IT firms not ready for European Union's proposed privacy laws, only a few compliant with GDPR

Admin — 2018-04-18T00:56:20Z

Only a third of Indian IT firms are compliant with the European Union's General Data Protection Regulation (GDPR), which will come into force on 25 May, according to a media report.

The article was published in First Post on March 26, 2018.

The GDPR, the EU's new online privacy rules, is designed to protect users' online privacy. The European Parliament has adopted the regulation but European governments have yet to approve the text.

“Only 30-35 percent of all IT/ITeS companies have started their journey to work towards GDPR compliance,” Jaspreet Singh, Cyber Security Partner at EY, was quoted as saying by The Economic Times.

The GDPR is applicable to companies globally, and has significant potential financial penalties. Damages of any breach of privacy of user data from Europe could cost companies as much as four percent of their revenue, according to The Economic Times. For the Indian IT sector, Europe ranks number two in terms of the amount of business it drives, with US still taking the lead.

Indian firms, according to Business Standard, are struggling to understand the GDPR policies. A survey by EY had shown that 60 percent of Indian respondents were unfamiliar with the new regulation.

"When asked to describe their company’s current status with respect to complying with the GDPR, only 33 percent of respondents said that they have a plan, while 39 percent said that they are not familiar with the GDPR at all and 17 percent said that they have heard of the GDPR but have not yet taken any action," EY’s Global Forensic Data Analytics Survey 2018 had said.

What the GDPR is all about?

The GDPR attempts to unify data protection laws across the EU. It applies to all companies, regardless of location, that process the personal data of people living in the European Union. It aims to strengthen the protection of EU citizens' personal details. It will apply to all companies, including those outside of the EU.

The GDPR is considered the biggest shake-up of personal data privacy rules since the birth of the internet. It is intended to give European citizens more control over their online information.

Under the new regulation, users will be asked once and for all whether to accept cookies, rather than every time they visit a new website. Users will have the option of going invisible online, while the rules enshrine the so-called "right to be forgotten" legislation. The industries most deeply affected will be those that collect large amounts of customer data and include technology companies, retailers, healthcare providers, insurers and banks.

Companies must be able to provide European customers with a copy of their personal data and under some circumstances delete it at their behest. They will also be required to report data breaches within 72 hours.

How Indian firms will be affected?

According to a study published by The Centre for Internet and Society, as a result of GDPR, data protection procedures like breach notification; excessive documentation and appointment of data protection officer may have to be incorporated in the Indian laws as well.

"As non – compliance involves high fines, inability of India or the organizations situated in India to qualify as data secure destinations is likely to divert business opportunities to safer locations," the study said.

(With inputs from agencies)

For more details visit https://cis-india.org/internet-governance/news/first-post-march-26-2018-indian-it-firms-not-ready-for-european-unions-proposed-privacy-laws-only-a-few-compliant-with-gdpr

Indian Internet Lawsuit Puts Spotlight on Freedom of Expression

praskrishna — 2012-01-19T08:59:15Z

In India, Internet giants such as Google and Facebook are fighting a lawsuit after the government authorized their prosecution for online content on their sites deemed to be offensive. The case has put the spotlight on free speech in the world’s largest democracy.

The criminal lawsuit filed by the editor of New Delhi-based Urdu weekly Akbari accuses 21 Internet companies of violating Indian law. Vinay Rai alleged that online material on their websites has the potential to incite religious conflict.

Rai said his colleagues brought to his attention images of Prophet Muhammad which could offend Muslims. He cited other images and text which could hurt sentiments of Hindus and Christians. Rai wants Internet companies to screen content before it is posted.

Google and Facebook have asked the Delhi High Court to dismiss the case against them. In an appeal, they said it is impossible to filter all content or stop individuals from posting material online.

Editor Rai filed the case after the government indicated its approval for the prosecution. The official go-ahead came weeks after the government also raised a similar demand.

Voluntary framework

Telecommunications Minister Kapil Sibal told Internet company representatives to come up with a voluntary framework to keep offensive material off the net. After confronting them with photos and material derogatory of Indian Prime Minister Manmohan Singh and Congress Party leader Sonia Gandhi, he said the companies had not cooperated.

Both the court case and the government’s demands have stoked fears of net censorship in the world’s largest democracy.

Advocacy groups say the dispute between authorities and websites began simmering last year when India tightened laws to block content which could be deemed offensive. Citizens and officials can ask sites to block objectionable material and failure to comply within 36 hours can attract penalties or imprisonment of up to seven years.

Sunil Abraham, with the Center for Internet and Society in India, said these rules have the potential to curtail debate and discussion on the net.

“These limits are vague. They allow for all sorts of subjective tests by private parties and we predicted they would have a chilling effect on freedom of expression online," Abraham said. "Policy in India has been headed in a very worrisome direction."

Abraham pointed out that one of his organization’s recent studies indicates that, faced with the threat of stiff penalties, most service providers removed content when asked to do so, even when it was not offensive or controversial.

Free media?

The government insists its objective is not to encroach on the fundamental right of free speech guaranteed by India’s democratic constitution. The clarification came from Minister Kapil Sibal after his meetings with Internet companies last month.

"This government does not believe in censorship," noted Sibal. "This government does not believe in either directly or indirectly interfering in the freedom of the press, and we have demonstrated that time and again."

India does have a vibrant free media and Internet access is largely free, unlike in China. But in a country with a history of religious violence, authorities have long tussled with the dilemma of balancing free speech with the need to not inflame sentiments among religious groups. India was one of the first countries to ban Salman Rushdie’s “The Satanic Verses.”

Other books and articles have also faced bans. Many are challenged in courts and several have been overturned. Now the focus is on the Internet and questions are being raised about whether the web should or can be policed.

Online freedom

In a remark widely quoted in the domestic media, a judge hearing the case had warned websites that like China, India might be compelled to block some of them if they did not create means to curb material seen as offensive.

However, Abraham from the Center of Internet and Society hopes that, as the latest case navigates its way through Indian courts, online freedom will come up the winner.

"I think the executive in India has always been very conservative in freedom of expression. It is usually the courts in India that protect freedom of expression, the precedent," Abraham said. "So we are every hopeful that the current case is in the appropriate venue, and we are confident that, as in the past, the judiciary in India will stand on the side of freedom of expression."

With 100 million people surfing the web, India has the world’s third largest number of Internet users after China and the United States.

Published in the Voice of America on 19 January 2012. Sunil Abraham is quoted in this.

For more details visit https://cis-india.org/news/indian-internet-lawsuit-puts-spotlight-on-freedom-of-expression

Indian Intermediary Liability Regime: Compliance with the Manila Principles on Intermediary Liability

divij — 2018-05-20T15:14:21Z

This report assesses the compliance of the Indian intermediary liability framework with the Manila Principles on Intermediary Liability, and recommends substantive legislative changes to bring the legal framework in line with the Manila Principles.

The report was edited by Elonnai Hickok and Swaraj Barooah

The report is an examination of Indian laws based upon the background paper to the Manila Principles as the explanatory text on which these recommendations have been based, and not an assessment of the principles themselves. To do this, the report considers the Indian regime in the context of each of the principles defined in the Manila Principles. As such, the explanatory text to the Manila Principles recognizes that diverse national and political scenario may require different intermediary liability legal regimes, however, this paper relies only on the best practices prescribed under the Manila Principles.

The report is divided into the following sections

Principle I: Intermediaries should be shielded by law from liability for third-party content
Principle II: Content must not be required to be restricted without an order by a judicial authority
Principle III: Requests for restrictions of content must be clear, be unambiguous, and follow due process
Principle IV: Laws and content restriction orders and practices must comply with the tests of necessity and proportionality
Principle V: Laws and content restriction policies and practices must respect due process
Principle VI: Transparency and accountability must be built into laws and content restriction policies and practices
Conclusion

Download the Full report here

For more details visit https://cis-india.org/internet-governance/blog/indian-intermediary-liability-regime

Indian ID crisis unveils Aadhaar doubts

praskrishna — 2013-03-15T04:52:49Z

Two separate organizations are capturing biometric data of over 1 billion Indians, creating fresh doubts in the government's justification to catalogue citizens.

The blog post by Mahesh Sharma was published in ZD Net on March 14, 2013. Sunil Abraham is quoted.

A new US$1 billion national identity card project has undermined the Indian government's ambitious "Aadhaar" project to catalogue the biometric details of over 1 billion citizens.

Indians' biometric details are being captured by two separate organizations: the National Population Register, to develop the resident identity card (RIC); and the Unique Identification Authority of India (UIDAI), to create a unique identifier (UID), commonly referred to as "Aadhaar" number.

Both projects are designed to streamline the distribution of welfare and social services to citizens--a process that is currently mired in corruption.

In an interview with ZDNet, Centre for Internet and Society's India executive director, Sunil Abraham, said the ID smartcard and ID number are fundamentally different, not complementary, as the government has previously said.

"Those are two very separate visions. You cannot mix them up and make some kind of salad and have a little bit of this and a little bit of that. You have to go the whole hog in one direction," Abraham said.

He said it was easier for the government to proceed with both projects, rather than cancel Aadhaar, which has been criticized over reports there were duplicate biometric information and data abuse.

"The government is afraid it made a mistake," Abraham said. "It could just continue to create a hodgepodge of both ideas, both visions, and continue making big mistakes and have ghosts [in the UID system] and large scale corruption."

On March 12, India's house of representatives, the Lok Sabha, Member of Parliament, P. Karunakaran asked the Minister of State, R.P.N. Singh, to clarify the overlap between the proposed biometric identity card and UID. Singh confirmed the government would spend over US$1 billion (55.52 billion rupees) to issue a resident identity card (RIC) that featured the Aadhaar number.

"The RIC would enable both online and offline authentication of identity in a secure manner and will complement the efforts of Aadhaar," Singh said in a written response. To avoid duplication, he explained that if citizen biometric data was already captured by the UIDAI, then the Aadhaar number would be recorded on the RIC smart card.

Independent lawyer Usha Ramanathan told ZDNet the government had overstepped its legal bounds. She said the UIDAI has demonstrated biometrics are imperfect but the government has persisited with the project.

"The UID is lawless. Now we will have an RIC which will be lawless," Ramanathan said. "All we are offered is the UIDAI 'confidence' that the project will work."

"Privacy and personal security continue to be unprotected. And there seems to be an inexhaustible amount of money to experiment on the whole population," she noted.

For more details visit https://cis-india.org/news/zdnet-mahesh-sharma-march-14-2013-indian-id-crisis-unveils-aadhar-doubts

Indian govt blocks 40 smut sites, forgets to give reason

praskrishna — 2013-07-01T09:04:26Z

Don't mind us, we're just censoring your content for you...

The article by Phil Muncaster was published in "The Register" on June 27, 2013. Sunil Abraham is quoted.

The Indian government has ordered ISPs to block 39 smut flick web sites hosted outside the country without giving any explanation, stoking further fears of online censorship by the back door.

Most of the sites are web forums and so allow for the uploading of naughty images and URLs where smut-seekers can download their grumble flicks, according to Times of India.

However, the sites claim to operate under the 18 USC 2257 rule, meaning actors are (supposedly) over 18 years of age, and there is apparently no indication from the Department of Telecom's order why ISPs are being asked to comply.

The message greeting web users who try to visit a blocked site now reads as follows:

This website has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications.

While the law, updated in 2011, does forbid production, transmission and sharing of smutty content in India - therefore requiring internet cafes, for example, to block such content - there is no ban on consumption, especially from sites hosted outside India.

Sunil Abraham, director of Indian not-for-profit the Centre for Internet and Society, told ToI that the government is probably interpreting the law to serve its own ends, and that its ISP order “is a clear overreach”.

The Union government has certainly been quick in the past to order blocks on any content deemed inappropriate.

Facebook and Google were forced to remove “objectionable content” from their Indian sites last year after complaints it was offensive to Muslims, Hindus and Christians.

The government was also one of many across the globe to force Google to block notorious YouTube video Innocence of Muslims.

A controversial anti-piracy ruling last June, meanwhile, led to a clumsy, large-scale block on a number of legitimate sites in the country – drawing the ire of hacktivist group Anonymous.

The government also closed hundreds of sites and social media accounts in August last year in a bid to prevent the escalation of sectarian violence across the country.

In fact, the number of content removal requests received by Google increased by 90 per cent from July-December 2012 compared with the previous six months.

For these reasons, India only enjoys “Partly Free” status, according to the Freedom on the Net 2012 report from not-for-profit Freedom House.

For more details visit https://cis-india.org/news/the-register-phil-muncaster-june-27-2013-indian-govt-blocks-40-smut-sites-forgets-to-give-reason

Indian Government's Submission to ITU

pranesh — 2012-12-09T00:48:10Z

The following is the text of the submission made by the Government of India to the World Conference of International Telecommunications, Dubai on November 3, 2012. This is the final version of a draft that was circulated earlier.

Read the detailed comments on India's draft proposal on the Proposed Amendments to the ITU’s ITR’s – November 3, 2012

World Conference on International Telecommunications (WCIT-12) Dubai, 3-14 December 2012
PLENARY MEETING														Document 21-E 3 November 2012 Original: English

India (Republic of)

PROPOSALS FOR THE WORK OF THE CONFERENCE

Introduction

We recognise and appreciate the efforts of International Telecommunication Union in preparing the Draft on proposed ITRs for WCIT 2012.

The attached proposal is developed through a consultation process involving various stakeholder groups, both, in Indian Public and Private sectors. Due consideration has been given to the existing legislations and government policies in the preparation of this proposal. We acknowledge that since 1988, there have been significant changes and challenges in Telecommunications / ICTs in terms of Technological breakthroughs, New Services and Market Structure. Acknowledging this fact, India’s proposal is offered in the form of addition (ADD) or modification (MOD) only on some of the relevant proposals, by giving reference to the appropriate CWG/4/XXX number mentioned in the Annex 2 of the ITU Document 4(Add.2)-E. Considering the magnitude of issues in International Telecommunications, India may take appropriate stand on other provisions of the draft ITR document during the WCIT discussions.

Further, the proposals from different regions to the conference as well as its preparatory process were carefully studied. In order to help the conference achieve a consensus on the various issues being discussed, the content of this proposal has been largely drawn from the output of the Council Working Group on WCIT (WCIT/4 Add.2 ” Draft of the future ITRs”).

A new proposal on 5A: Confidence and Security of Telecommunications/ICTs is also included as India believes that an international framework on Security is of importance in today’s connected world.

INTERNATIONAL TELECOMMUNICATION
REGULATIONS
PREAMBLE

MOD	IND/21/1

1 While the sovereign right of each Member State to regulate its telecommunications is fully recognized, the provisions of the present International Telecommunication Regulations (hereinafter “Regulations”) complement the Constitution and Convention of the International Telecommunication Union, with a view to attaining the purposes of the International Telecommunication Union in promoting the development of telecommunication services and their most efficient operation while harmonizing the development of facilities for world-wide telecommunications.

Reasons: This Proposal is based on CWG /4 A 2/3.

Article 1

Purpose and Scope of the Regulations

ADD IND/21/2

3A c) These Regulations recognize that Member States should endeavour to take the necessary measures to prevent interruptions of services and ensure that no harm is caused by their operating agencies to the operating agencies of other Member States which are operating in accordance with the provisions of these Regulations.

Reasons: This Proposal is based on CWG /4 A 2/12.

ADD IND/21/3

3B d) These Regulations recognize the absolute priority for safety of life telecommunications, including distress telecommunications, emergency telecommunications services and telecommunications for disaster relief as provided in Article.

Reasons: This Proposal is based on CWG /4 A 2/14.

Article 2

Definitions

ADD IND/21/4

14A 2.1A Telecommunication/ICT: Any transmission, emission or reception, including processing, of signs, signals, writing, images and sounds or intelligence of any nature by wire, radio, optical or other electromagnetic systems, having a bearing on Telecommunication Technologies and Services.

Reasons: This Proposal is based on CWG /4 A 2/48.

ADD IND/21/5

27A 2.11 Transit rate: a rate set by the point of transit in a third country (indirect relation).

Reasons: This Proposal is based on CWG /4 A 2/74.

ADD IND/21/6

27C 2.13 Spam: information transmitted over telecommunication networks as text, sound, image, tangible data used in a man-machine interface bearing advertizing nature or having no meaningful message, simultaneously or during a short period of time, to a large number of particular addressees without prior consent of the addressee (recipient) to receive this information or information of this nature.

Reasons: This Proposal is based on CWG /4 A 2/78.

ADD IND/21/7

27D 2.14 Hub: a transit center (or network operator) that offers to other operators a telecommunication traffic termination service to nominated destinations contained in the offer.

Reasons: This Proposal is based on CWG /4 A 2/80.

ADD IND/21/8

27E 2.15 Hubbing: the routing of telecommunication traffic in hubbing mode consists in the use of hub facilities to terminate telecommunication traffic to other destinations.

Reasons: This Proposal is based on CWG /4 A 2/82.

ADD IND/21/9

27F 2.16 Network fraud: (fraud on international telecommunication networks): The causing of harm to operating agencies or to the public, the wrongful obtaining of gain in the provision of international telecommunication services through abuse of trust or deception, including through inappropriate use of numbering resources.

Reasons: This Proposal is based on CWG /4 A 2/87.

ADD IND/21/10

27G 2.17 Global telecommunication service (GTS): A service which enables communication to be established through a global number between subscribers whose physical location and national jurisdiction have no bearing on the tariff to be set for the service’s use; which satisfies and complies with recognized and accepted international standards; and which is provided over the public telecommunication network by operating agencies having obtained the relevant numbering resources from ITU-T.

Reasons: This Proposal is based on CWG /4 A 2/89.

ADD IND/21/11

27H 2.21 Originating Identification: The Originating Identification is the service by which the terminating party shall receive the identity information in order to identify the origin of the communication.

Reasons: This Proposal is based on CWG /4 A 2/81.

ADD IND/21/12

27L 2.25 Stability of the international telecommunication network: The capability of the international telecommunication network to carry international traffic in the event of failure of telecommunication nodes or links and also in the face of internal and external destructive actions and to return to its original state.

Reasons: This Proposal is based on CWG /4 A 2/99.

ADD IND/21/13

27M 2.26 Security of the international telecommunication network: The capability of the international telecommunication network to withstand internal and external destabilizing actions liable to compromise its functioning.

Reasons: This Proposal is based on CWG /4 A 2/101.

ADD IND/21/14

27N 2.27 International Roaming: Provision to the subscriber of the opportunity to use telecommunication services offered by other operating agencies of other member states, with which the subscriber has not concluded an agreement.

Reasons: This Proposal is based on CWG /4 A 2/103.

ADD IND/21/15

27O 2.28 IP interconnection: IP interconnection refers to means and rules employed to ensure the delivery of IP traffic through different networks.

Reasons: This Proposal is based on CWG /4 A 2/105.

ADD IND/21/16

27P 2.29 End to end quality of service delivery and best effort delivery: End to End quality of service delivery refers to the delivery of PDU (Packet Data Unit) with predefined end-to-end performance objectives; Best-effort delivery refers delivery to of a PDU without predefined performance targets.

Reasons: This Proposal is based on CWG /4 A 2/107.

Article 3

International Network

ADD IND/21/17

31A 3.5 Member States shall ensure that international naming, numbering, addressing and identification resources are used only by the assignees and only for the purposes for which they were assigned; and that unassigned resources are not used. The provisions of the relevant ITU-T Recommendations shall be applied.

Reasons: This Proposal is based on CWG /4 A 2/134.

ADD IND/21/18

31B 3.6 International calling party number delivery shall be provided in accordance with relevant ITU-T Recommendations.

Reasons: This Proposal is based on CWG /4 A 2/142.

Article 4

International Telecommunication Services

MOD IND/21/19

34 4.3 Subject to national law, Member States shall endeavour to ensure that operating agencies provide and maintain, to the greatest extent practicable, a satisfactory quality of service corresponding to the relevant ITU-T Recommendations with respect to:

Reasons: This Proposal is based on CWG /4 A 2/168.

MOD IND/21/20

35 a) access to the international network by users using terminals which are permitted to be connected to the network and which do not cause harm or diminish the level of safety and security of technical facilities and personnel;

Reasons: This Proposal is based on CWG /4 A 2/174.

MOD IND/21/21

36 b) international telecommunication facilities and services available to customers for their use;

Reasons: This Proposal is based on CWG /4 A 2/176.

MOD IND/21/22

37 c) at least a form of telecommunication service which is reasonably accessible to the public, including those who may not be subscribers to a specific telecommunication service; and

Reasons: This Proposal is based on CWG /4 A 2/179.

MOD IND/21/23

38 d) a capability for interworking between different services, as appropriate, to facilitate international telecommunication services.

Reasons: This Proposal is based on CWG /4 A 2/181.

ADD IND/21/24

38A 4.4 Member States shall ensure that operating agencies providing international telecommunication services, including roaming, make available to subscribers information on tariffs and taxes. Each subscriber should be able to have access to such information and receive it in a timely manner and free of charge when roaming (entering into roaming), except where the subscriber has previously declined to receive such information.

Reasons: This Proposal is based on CWG /4 A 2/188.

ADD IND/21/25

38B 4.5 Given the particular characteristics of GTS, which allows subscribers to have a worldwide number, implement GTSs in accordance with the National regulations.

Reasons: This Proposal is based on CWG /4 A 2/195.

ADD IND/21/26

38E 4.8 Member States, subject to national security requirements, may foster the establishment of mutual agreements on mobile services accessed within a predetermined border zone in order to prevent or mitigate inadvertent roaming charges.

Reasons: This Proposal is based on CWG /4 A 2/201.

Article 5

Safety of Life and Priority of Telecommunications

MOD IND/21/27

39 5.1 Safety of life telecommunications, including distress telecommunications, emergency telecommunication services and telecommunications for disaster relief, shall be entitled to transmission as of right and shall, where technically practicable, have absolute priority over all other telecommunications, in accordance with the relevant Articles of the Constitution, Convention and relevant ITU-T Resolutions and Recommendations.

Reasons: This Proposal is based on CWG /4 A 2/204.

ADD IND/21/28

41B 5.5 Member States should cooperate to introduce in addition to their existing national emergency numbers, a global number for calls to the emergency services globally.

Reasons: This Proposal is based on CWG /4 A 2/217.

ADD IND/21/29

41C 5.6 Member States shall ensure that operating agencies inform every roaming subscriber of the number to be used for calls to the emergency services, while entering into roaming, free of charge.

Reasons: This Proposal is based on CWG /4 A 2/219.

ADD IND/21/30

Article 5A

Confidence and security of telecommunications/ICTs

Reasons: This Proposal is based on CWG /4 A 2/221.

ADD IND/21/31

41D 5A1. Member‐States shall have the right to take appropriate measures to protect and Secure the ICT Network infrastructure and data contained in or flowing through the Network and also to prevent the misuse of ICT network and services within their state.

5A2. The Member States should endeavour to take appropriate measures, individually or in cooperation with other Member states, to ensure Security of the ICT Network and information, including user information, contained in or flowing through the ICT network within their jurisdiction.

5A3. Member‐States should endeavour to oversee that Operating Agencies in their territory do not engage in activities which impinge on the security and integrity of ICT network such as denial of service attack, unsolicited electronic communication (spam), unsolicited access to network elements and devices etc., to enable effective functioning of ICTs in secure and trustworthy conditions.

5A4. Member States should endeavour to cooperate to harmonize national laws, jurisdictions, and practices in the relevant areas.

Reasons: Combined proposal on clauses proposed from CWG /4 A 2/222 to 232 in 5A and 5B.

Article 6

Charging and Accounting

ADD IND/21/32

43A 6.1.1A Cost of International Roaming Services

a) Member States shall encourage competition in the international roaming market;

b) Member States are encouraged to cooperate to develop policies for reducing charges on international roaming services.

Reasons: This Proposal is based on CWG /4 A 2/243.

MOD IND/21/33

45 6.1.3 Member States are free to levy fiscal taxes on international telecommunication services in accordance with their national laws; however, the Member States should endeavour to avoid international double taxation on such services.

Reasons: This Proposal is based on CWG /4 A 2/249.

ADD IND/21/34

54E 6.10 Subject to national law, Member States shall ensure that Operating Agencies collaborate in preventing and controlling fraud in international telecommunications by:

– Identifying and transmitting to the transit and destination Operating Agencies the pertinent information required for the purposes of payment for the routing of international traffic, in particular the originating Country Code, National Destination Code and the Calling Party Number.

– Following up requests of other Member States or their Operating Agencies to investigate calls that cannot be billed, and helping to resolve outstanding accounts.

– Following up requests of other Member States or their Operating Agencies to identify the source of calls originated from their territories exerting potential fraudulent activity.

Reasons: This Proposal is based on CWG /4 A 2/287.

ADD IND/21/35

54F 6.11 The ITU Standardization Sector shall be responsible for disseminating the regulatory frameworks in place in administrations having an impact on matters related to fraud.

Reasons: This Proposal is based on CWG /4 A 2/289.

ADD IND/21/36

54H 6.12A Member States shall foster the establishment of international roaming mobile services prices based on principles of reasonability, competitiveness and non-discrimination relative to prices applied to local users of the visited country.

Reasons: This Proposal is based on CWG /4 A 2/293.

ADD IND/21/37

54K 6.14 Member States should foster continued investment in high-bandwidth infrastructures.

Reasons: This Proposal is based on CWG /4 A 2/299.

ADD IND/21/38

54L 6.15 Member States shall promote cost-oriented pricing. Regulatory measures may be imposed to the extent that this cannot be achieved through market mechanisms and to the extent that such measures do not hinder competition.

Reasons: This Proposal is based on CWG /4 A 2/301.

ADD IND/21/39

54N 6.17 Member States shall promote transparency of end-user prices, in particular to avoid surprising bills for international services (e.g mobile roaming and data roaming).

Reasons: This Proposal is based on CWG /4 A 2/305.

ADD IND/21/40

54S 6.D Member States should endeavour to take measures to ensure that an adequate return is provided on investments in network infrastructures in identified areas. If this cannot be achieved through market mechanisms, then other mechanisms may be used.

Reasons: This Proposal is based on CWG /4 A 2/315.

ADD IND/21/41

54O 6.18 Member States should consider measures to favour special interconnection rates for landlocked countries.

Reasons: This Proposal is based on CWG /4 A 2/307.

ADD IND/21/42

54P 6.18A Member States should endeavour that Recognized Operating Agencies establish charging units and parameters that bill telecommunication service consumers according to what is effectively consumed.

Reasons: This Proposal is based on CWG /4 A 2/309.

ADD IND/21/43

54R 6.20 Rendering and Settlement of Accounts

6.20.1 The settlement of international accounts shall be regarded as current transactions and shall be effected in accordance with the current international obligations of the Member States and Sector Members concerned in those cases where their governments have concluded arrangements on this subject. Where no such arrangements have been concluded, and in the absence of special agreements made under Article 42 of the Constitution, these settlements shall be effected in accordance with the Administrative Regulations.

6.20.2 Administrations of Member States and Sector Members which operate international telecommunication services shall come to an agreement with regard to the amount of their debits and credits.

6.20.3 The statement of accounts with respect to debits and credits referred to in No. 498 above shall be drawn up in accordance with the provisions of the Administrative Regulations, unless special arrangements have been concluded between the parties concerned.

Reasons: The text is taken from CV 497, 498 and 499. This proposal is based on CWG /4 A 2/313.

ADD IND/21/44

57B Member States shall encourage the provision of global services based on international standards that ensure accessible telecommunications and ICT services to persons with disabilities.

Reasons: This Proposal is based on HNG /5/2.

For more details visit https://cis-india.org/internet-governance/blog/indian-govts-submission-to-itu

Indian government websites: Gold mine for cybercriminals

praskrishna — 2014-01-31T06:18:12Z

If you are a cybercriminal trying to commit identity theft or digitally impersonate a citizen, you have help from the unlikeliest of sources — the Government of India.

The article by Srutijith KK was published in the Times of India on January 3, 2014. Sunil Abraham is quoted.

Various government agencies have put vast amount of personal information online, often with little barrier to access and with hardly any provision to prevent their misuse.

Combine a few of these databases and you have a gold mine of information on India's citizens, including some of its wealthiest residents, whose bank accounts are of special interest to thieves. "If I want to target someone, I now have access to so much detail that shouldn't have been in public. Hackers with good social engineering skills will be able to call a call centre and impersonate a person. And from a stalking perspective, it has implications for not just celebrities, but anybody with a jilted lover, a political rival, and so on," said Binoo Thomas, a digital security expert at McAfee Labs.

For example, if somebody wants to get personal details of some of India's richest people, he would simply need to click on the LPG transparency links on Indane, Bharat Gas and HP portals and narrow the search to the South Mumbai region. Many gas agencies have their area of service in their names, such as Bandra Gas Agency or Colaba Gas Agency.

Select one of these gas agencies and you have a list of all the customers, with their consumer number, address and, in many cases, a mobile number. This database is also searchable by name. You can quickly search for any famous surname and be rewarded with a consumer number, residence address and in many cases, a mobile phone number.

A cursory search gave ET the mobile number and full residential address of the well-known matriarch of a famous business family. A search under the Bandra Gas Agency promptly showed the full residential address of a famous Bollywood actress. Your next stop could be the website of the Election Commission of India, which has asked all state Election Commissions to place the entire voter rolls online.

The voter roll also has the full residential address, age and gender of a person. A quick search on the MTNL Mumbai directory online will reveal the landline number for a person. With a little bit of luck and time to troll social networks such as Facebook and LinkedIn, a skilled cybercriminal can discern your date of birth and professional details.

Date of birth, phone number, alternate number and billing address are the details many telephone companies and banks use to determine whether a person calling its customer helpline is indeed who she says she is. This kind of information also allows a hacker to design effective phishing attacks, which lures a person into revealing information such as passwords or credit card numbers. An email that lists accurate personal information appears authoritative and has greater likelihood of being trusted by a recipient.

Thread of identity theft
This kind of crime has been on the rise. In December, US Department of Justice estimated that $24.7 billion were lost to identity theft in 2012, as 11.5 million Americans found themselves defrauded. Similar data is unavailable for India. "Privacy has become a matter of personal security. As the state has been pushed to function in a more transparent manner, authorities are making the details about us transparent instead! The data protection principles are well evolved all over the world.

All of these data controllers are in violation of every good principle. We don't need to wait for a law to observe these principles," said Usha Ramanathan, an independent law researcher specialising in privacy, surveillance and related issues. The ministry of rural development, which administers the Mahatma Gandhi National Rural Employment Guarantee Scheme, goes a step further, and places online the bank account numbers and IFSC codes for all its beneficiaries.

RTI requirements
The justification for publishing this kind of data online is typically section 4 of the RTI Act, which requires all government departments to proactively publish details of subsidy programmes, including details of the subsidy availed. However, section 8(1) of the same Act says that personal information that invades privacy of an individual need not be published unless an appellate authority decides that a larger public interest is served by it. It's unclear what public interest is served by the publication of full residential address, mobile number or bank accounts by various agencies.

In some cases, like the MNREGS and the voter rolls, sector-specific laws also apply. "Going by the provisions of the MGNREGA, which mandates proactive disclosures, we keep all processes in the public view... We have not perceived any threat in displaying bank account numbers of wage seekers, most of which have been opened for receiving wages," said R Subrahmanyam, the joint secretary at the ministry of rural development who heads the MNREGA division.

The petroleum ministry did not respond to an email requesting comment. In an emailed response, Chief Election Commissioner VS Sampath referred to Rule 33 of the Registration of Elector Rules, 1960, to establish that the voter roll was a public document. "Thus it can be seen that Electoral Roll is a public document which is available to the public for inspection. The Commission has, therefore, given instructions to put this public document on the website to facilitate inspection by public. When law stipulates that it is a public document, the public has a right to access it," he said. But no law states that anonymising techniques or relevant barriers to accessing private information should not be deployed.

Legal vacuum
India does not have an omnibus privacy law that overrides sector specific legislation. According to Sunil Abraham of the Bangalore-based thinktank Centre for Internet and Society, there are some 50 different laws that have a privacy element in India. The Department of Personnel and Training has been working on a draft privacy law for three years now.

"We need to think of this problem in the light of the privacy law that is being drafted. Traditionally and culturally our view of privacy has been different. A more explicit understanding of the privacy needs of the citizens is certainly welcome. Section 43A of the IT Act has provisions for data protection," said J Satyanarayana, secretary at the department of information technology.

But 43A applies only to corporations, and government agencies are not bound by it. Apart from the central government agencies, several state government agencies and schemes also collect and store personal information. But no standard protocol binds them in deciding who shall have access and who shall not.

For more details visit https://cis-india.org/news/the-times-of-india-january-3-2014-sruthijit-kk-indian-govt-websites-gold-mine-for-cybercriminals

Indian government wakes up to risk of Hotmail, Gmail

praskrishna — 2013-12-30T04:24:57Z

Worried by US spying revelations, India has begun drawing up a new email policy to help secure government communications, but the man responsible for drafting the rules still regularly uses Hotmail.

This was originally published by AFP on December 7, 2013, was also mirrored by the Times of India, Livemint, Reuters, Dawn, NDTV, Yahoo News, The Malaysian Insider and Asia One Digital. A slightly modified version was published by Silicon India on December 11. Sunil Abraham is quoted.

Like many of his peers in ministries across New Delhi, IT Minister Kapil Sibal's office recently sent an email inviting journalists to the launch of his new personal website using the free email service.

Others, including senior foreign ministry officials, the information and broadcasting minister and the health ministry secretary, also use Gmail, Hotmail or Yahoo instead of their government accounts.

When asked why he continued to use his Hotmail for official use, Sibal declined to comment, but a senior bureaucrat in his ministry admitted that he personally preferred Gmail because it is "just a lot easier".

"We keep moving, get different designations, go different places and with that, our emails change. You lose contacts and important emails, which you don't need to worry about with a Gmail account," the bureaucrat told AFP.

"To be honest, the quality of our official mail isn't that great yet. It still needs some work," he added on condition of anonymity.

Security concerns

IT security expert Sunil Abraham said the use of Gmail and the like was highly risky since the American services had their servers in the US and the National Security Agency has been known to tap into their database systems.

It is unclear how many state and federal public workers actively use popular email services for office, but some of the estimates are startling.

"As much as 90 percent of government officials use private email (services) for official use... that's because their official email is not as stable or speedy," said Abraham, executive director of the Bangalore-based Centre for Internet and Society.

In September Sibal's ministry announced a new "Email Policy of the Government of India" in the wake of spying allegations about the NSA revealed by former NSA contractor Edward Snowden.
NSA's tentacles not only crept into the Indian embassy in Washington and its UN office in New York, but also accessed email and chat messenger contact lists of hundreds of millions of ordinary citizens worldwide, according to media reports.

During a single day last year, the NSA's Special Source Operations branch collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, The Washington Post said, according to an internal NSA presentation.

The $11 million Indian project aims to bring some five million public employees onto the government's email domain powered by the National Informatics Centre (NIC) as early as mid-December.

It is awaiting clearances and suggestions from all ministries before the proposal goes to the cabinet this month.

J. Satyanarayana, secretary of the department of electronics and IT, dismissed claims that the policy was too late and was a response to the Snowden scandal.

"The policy is not a reaction to any global spying revelations, it was already in the works. It is just a mere coincidence that both came around the same time," he said.

Fresh doubts

Some cyber security experts say bringing millions aboard a centralised server could make a hacker's job easier, with all critical government information available on a single platform.
More than 11,000 Indian websites were hacked or defaced between May and August this year, with a large number of attacks on the ".in" domain whose servers are in India, the Times of India reported last month.

"Making the use of a centralised government server is not the best way to proceed. Having everything on one platform makes it even more vulnerable to cyber attacks and hacking," said Abraham.

"It also brings about new worries of the NIC becoming the local snoop."

Some also predict that the ambitious policy would eventually fizzle out for lack of attention from ministers and bureaucrats, who work in government offices where stacks of yellowing files and papers are still a common sight.

"It's sad but most of these officials don't understand much about technology, so mastering email is something that is miles and miles away," said Vijay Mukhi, a Mumbai-based cyber security expert.

"These guys saw all the snooping news and suddenly they woke up and said 'lets make an email policy'. Enforcing this is not possible on a practical basis."

The IT ministry also plans to conduct workshops to teach employees about email security such as when to change passwords and user names and how to use email.

"Every employee should know how, what and when critical data can be vulnerable... with most work still done on paper, it is important to know the nitty-gritty of using email," Satyanarayana said.

For more details visit https://cis-india.org/news/afp-december-7-2013-annie-banerjee-indian-government-wakes-up-to-risk-of-hotmail-gmail

Indian government to bar politicians from using Gmail for official business

praskrishna — 2013-09-05T09:52:17Z

US-based email services seen as too risky.

This article by Neil McAllister was published in the Register on August 30, 2013. Sunil Abraham is quoted.

The government of India is reportedly planning to bar its employees from using Gmail and other foreign-based email services, amid concerns over surveillance by US spy agencies.

"Gmail data of Indian users resides in other countries as the servers are located outside," J Satyanarayana, India's secretary of electronics and information technology, told the Times of India. "Currently, we are looking to address this in the government domain, where there are large amounts of critical data."

The Indian government currently employs some 500,000 people, many of whom use Gmail for their primary email addresses. A quick glance at the contact page for the country's Department of Electronics and Information Technology reveals at least eight senior officials using Gmail, and still others with Yahoo! addresses.

Under the new directive, government employees will be asked to stick to official email addresses provided by India's National Informatics Centre (NIC). But an unnamed senior government IT official told the Times of India that many government workers choose Gmail and other foreign services because they are easier to use, and setting up accounts is much faster than working within the bureaucratic process of the NIC.

The move toward locally run email for Indian government workers comes in the wake of a string of revelations from documents leaked by Edward Snowden. Among the recent disclosures has been details of US electronic surveillance of foreign governments on US soil, where the National Security Agency even went as far as to snoop encrypted communications from United Nations headquarters in New York City.

No doubt equally concerning was a motion filed by Google in a US district court earlier this month, in which the Chocolate Factory asserted that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties" such as Gmail.

But Sunil Abraham of the Bangalore-based think tank the Centre for Internet and Society said that foreign spying wasn't the only reason why government officials should be required to use a homegrown email.

"Use of official government email would also make it easier to achieve greater transparency and anti-corruption initiatives," Abraham told the paper. "Ministers, intelligence and law enforcement officials should not be allowed to use alternate email providers under any circumstance."

When contacted for comment, a spokeswoman for Google India said the company had not been informed of the proposed ban, adding, "Nothing is documented so far, so for us, it is still speculation." ®

For more details visit https://cis-india.org/internet-governance/news/the-register-neil-mc-allister-august-30-2013-indian-govt-to-bar-politicians-from-using-gmail-for-official-business

Indian Government still blocks 20+ websites – Indian Censorship on Internet

praskrishna — 2015-01-03T03:47:16Z

Indian Government has blocked 20+ major websites to counter ISIS propaganda. The government has removed blocking of github.com, vimeo.com and other 10+ websites blocked till December 31, 2014.

The article was published in the Times of Assam on January 2, 2015. Pranesh Prakash is quoted.

A confidential department of telecom order – dated December 17, 2014 – instructing all internet service licensees to block the websites appeared online on Wednesday.

When contacted to verify the news, Dr Gulshan Rai – Director of the Indian Computer Emergency Response Team (CERT-In) – told, the directions had been issued to internet service providers following a Mumbai Additional Chief metropolitan magistrate’s November order directing the government’s Department of Electronics and Information Technology (DeitY) to implement the same.

Pranesh Prakash – Policy Director at Bengaluru-based Center for Internet and Society – questioned the lack of transparency around the practice of blocking websites under the Indian law. “Qn for govt: Why does the law require secrecy of web blocking orders when it doesn’t allow such secrecy for books, films? #GoIBlocks,” he tweeted, adding, “The 69A Rules don’t allow for transparency, accountability, time-limits on blocks, etc. So easily misused by govt. + courts + individuals.” The websites were blocked under section 69 A of the IT Act, 2000 and the IT (Procedure and sdafeguards for Blocking of Access of Information by Public) rules, 2009.

Currently, the Supreme Court is in the middle of hearing a clutch of petitions challenging several IT Act provisions, including blocking and takedown of websites.

For more details visit https://cis-india.org/internet-governance/news/times-of-assam-january-2-2015-indian-govt-still-blocks-websites-india-censorship-on-internet