We are anonymous, we are legion

Watch out for fettered speech

praskrishna — 2012-09-02T09:30:50Z

The constant attempts at censorship in the name of national security should give all right-thinking Indians pause.

This article by Rohit Pradhan was published in the Business Standard on September 1, 2012. Pranesh Prakash is quoted.

It was always predictable. That the Indian government’s war against social media “hate mongers” would turn farcical and begin targeting all and sundry: from random parodies of Prime Minister Manmohan Singh’s Twitter account to prominent journalists like Kanchan Gupta and Shiv Aroor. And then Communication Minister Milind Deora discovered that his own Twitter account had been blocked.

The government blames social media for hosting objectionable content and rumour-mongering that allegedly contributed to the exodus of people of northeastern origin from cities like Bangalore and Hyderabad. Despite its best attempts, the government argues, it was unable to control the mass hysteria and was left with little alternative but to block 300 websites as well as ask Twitter and Facebook to delete “objectionable” content.

It is hardly the first time that social media has been blamed for facilitating riots. The role of BlackBerry’s instant messenger during the London riots of 2011 was constantly highlighted and there was even talk of banning the popular service before saner heads prevailed. Clearly, while rumours and doctored images have always been part of riots, the instantaneous nature of social media and the relative anonymity it affords offer additional challenges.

Nevertheless, the government’s constant attempts at censorship in the name of social harmony and national security should give all right-thinking Indians pause. Four simple reasons.

First, it is astounding how quickly the attention has shifted away from the governance failures that were largely responsible for the Assam riots and the mass departure of people of northeastern origin from India’s major metropolitan centres. The local government’s laggardly response to the initial bursts of violence allowed the riots to rage for days while the government dithered over calling the army. Social media had little, if any, role to play. And while panic is admittedly difficult to control, it is the poor record of the Indian state in responding to politically motivated violence that contributed to the panic-stricken reaction of people of northeastern origin. What should worry the Indian state are not the ravings of some anonymous Twitter account but the utter lack of faith in its ability to secure the safety of some of its most vulnerable citizens.

Second, while all governments wish to control the flow of information, the track record of the Indian state in the matter of free speech has been spectacularly poor. At the slightest allegation of “hurting religious sentiments”, books are banned, movies censored, and violence is threatened. Lacking an explicit First Amendment protection, Indian citizens are virtually powerless when the government wishes to quell free speech. The draconian Information Technology Act, 2008, orders internet providers to immediately remove content that may be “grossly harmful”, “blasphemous”, “obscene”, or even disparaging with little oversight and virtually no due process of law. As the Centre for Internet and Society’s Pranesh Prakash has demonstrated, internet providers are ready to remove “objectionable” content even in the case of frivolous complaints originating from ordinary citizens. What is particularly disconcerting is that the disregard for free speech extends even to some of India’s most prominent media personalities who can often be heard exhorting the government to regulate the internet or scrub off “hate mongers”. Given this history and the government’s demonstrated contempt for free speech, its attempts at censorship should be strongly scrutinised and vigorously resisted except in the most extenuating of circumstances.

Third, the Luddites in the Indian government may not yet comprehend it, but the internet is virtually impossible to police. The government may be able to threaten giant companies like Facebook and Twitter into cooperating, but that simply means the “objectionable” content would move to darker corners of the Net. Indeed, it is surprising that the government has not considered using technology to counter malicious rumours or to reach a mass audience with a message of reassurance. Technology can be a powerful tool for doing good and it is high time the government properly harnessed its potential. As a first step, the government has to recognise that the days when it had a monopoly on information are long gone and it has to compete for people’s attention.

Finally, even the most ardent supporter of free speech should have no qualms about admitting that it can offer a platform to the bigoted or can indirectly lead to social unrest. That may be especially true for a country like India where passions run high and an ambivalent attitude towards political violence prevails. That, however, is simply the price of liberty. Yes, a society that lacks free speech may be more stable, but it would lack the spirit of rambunctious discussion, criticism and argument — the hallmarks of a liberal democracy.

India can adopt a China-lite model, which emphasises social stability over freedom. Or India can go down the path of other liberal democracies and understand that freedom – of speech, thought and behaviour – is an ideal worth cherishing and protecting. As a constitutional republic with genuine claims of being a liberal democracy, it is clear which path India should embrace.

The writer is a fellow at the Takshashila Institution. These views are personal.

For more details visit https://cis-india.org/news/www-business-standard-rohit-pradhan-sep-1-2012-watch-out-for-fettered-speech

Watch out for cyber bullies

praskrishna — 2012-06-05T06:08:19Z

It's time to take a closer look at this form of cyber crime in India, writes KV Kurmanath in an article published in the Hindu Business Line on June 4, 2012.

The suicide of Tyler Clementi, the 18-year-old New Jersey student in 2010, had triggered a strong debate on invasion of privacy in the cyber age.

His roommate, an Indian student, captured the boy kissing another man in their hostel using his web camera.

The boy jumped into a river unable to take the humiliation, when the former tried to circulate the clip. Though the court refused to link the recording with the death, it sentenced the Indian youth to 30 days in prison last month.

What Clementi was subjected to is cyber bullying, argued those who campaigned for the Indian student's deportation.

Along with other cyber crimes, cyber bullying is on the rise in India too. The fledgling cyber police wings in different states are being flooded with complaints of invasion of privacy, blackmail and circulating electronic messages that cause annoyance.

Ms Aparna (name changed) was aghast when a close friend called her up about a nude picture of her being circulated on the web. A quick check pointed the needle of suspicion at a friend who she had just spurned. Angered by her rejection, the boy morphed her picture, checked into her email account and sent it to all the people in the contact list.

After finding Facebook not so amusing, Sujatha (name changed) decided to close her account and discussed this with a few friends too. A few days later, she found both her FB and gmail accounts compromised. She also found obscene pictures posted on the same.

Legal Issues

Incidents like these are growing sharply with poor knowledge among users abut how to protect accounts. Sharing one's passwords with others too is proving dangerous.

Prof. Madabhushi Sridhar, a cyber laws expert at NALSAR University, says the crimes cited above come under the bracket of invasion of privacy.

He says Section 66A in the amended IT Act deals with these crimes. Sending any message (through a computer or a communication device) that is grossly offensive or has menacing character; any communication which he knows to be false, but for the purpose of causing insult, annoyance, criminal intimidation comes under this section. This crime, he says, is punishable up to three years with a fine.

Prof. Sridhar, who has just completed a book on cyber laws, feels that punishments under the IT Act are insufficient. "They should be read with the Indian Penal Code. This will be an effective method to check cyber crimes," he says.

Prof. Sridhar also represents the Institute of Global Internet Governance and Advocacy (GIGA) at the Law University. GIGA conducts research on the Internet and takes up advocacy and training programmes on Internet Governance.

"We already have anti-voyeurism provisions in the IT Act under Sec. 66E," Mr Sunil Abraham, Executive Director of Centre for Internet and Security, says.

This offence is punishable with ‘imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both.'

Repeated harassment aka cyber bullying can be addressed using the already over-broad provisions under Sec. 66A. Unfortunately this Section goes too far and can be used to censor legitimate speech.

"Security and privacy awareness in India is very poor. It would be very useful if both the government and civil society was more aggressive in awareness raising and triggering change in behaviour. Unfortunately this is a bit like smoking - even though people are aware of the issues - they engage in risky behaviour online," he says.

Lack of Data

Mr.Pavan Duggal, Chairman of Cyber Law Committee and Cyber laws expert, said there is no specific data on cyber crime in India and the data available with the NCRB (National Crimes Records Bureau) of around 900 cases for overall cybercrime is also doubtful.

"The solution is to make cyber laws more strict as current law under IT Act 2000 is a bailable offence with three years imprisonment and a fine," he points out.

"IT Act 2000 has to be re-amended to specific provisions pertaining to cyber bullying. Further, cyber bullying needs to be made a serious offence with minimum five years imprisonment and a fine of Rs 10 lakh. Unless you have deterrence in law it will be a continuing offence," he observes.

Fortunately, there are some safeguards which can help prevent such acts of cyber offences. In most cases, the acts of bullying or blackmailing are done by someone close to the victims. People should make it a point to keep their Internet identities very safe.

One should not disclose their identities such as passwords or hint questions to anyone – no matter how close they are. Parents should keep an eye on their children who are addicted to the Internet. They should inform and educate their children on the clear and present dangers that lurk on the Net.

They should also teach the importance of respecting others' privacy apart from taking precautions to keep their private space very safe.

(with inputs from Ronendra Singh)

Click to read the original published in the Hindu Business Line. Sunil Abraham is qouted in this article.

For more details visit https://cis-india.org/news/watch-out-for-cyber-bullies

Was there an Unofficial Internet Shutdown in BHU & NTPC?

Saurabh Sharma — 2017-12-19T16:05:58Z

Strap: In Varanasi and Raebareli, residents allege internet bans, while govt denies it all.

Varanasi/ Rae Bareli: , Uttar Pradesh: During the student-led protests at Banaras Hindu University in September, anger over how the university handled a sexual harassment complaint was exacerbated by the police brutality that rained down the protesting female students. Amidst this chaos, many students inexplicably found that they unable to communicate with their parents and peers because they couldn’t connect online.

Shraddha Singh, a second-year fine arts student at BHU, had to walk three kilometres to reserve her train ticket home and couldn’t call her mother to talk about the injuries she sustained during the lathi-charge on September 23. The 21-year-old student said, “First, the police came into the hostel to beat us up. Then the internet was blocked. Neither was the hostel WiFi working, nor the mobile internet. Forget about booking tickets, we weren’t even able to make calls.” She felt this was a deliberate attempt to disrupt the protest by those who were “afraid” of where it would lead.

Worse still, the hostel warden had asked the girls to vacate their dorms immediately, and the students were cast into the streets without access to the Internet. Tanjim Haroom, a Bangladeshi political science student at the university, found herself stranded in Varanasi like many of her classmates. "I go home only once in a year but this time, I was forced to vacate the hostel and I could not get in touch with any of my relatives or family due to this sudden shutdown of internet and phone services. I was helpless in this city and just had some Rs 700 ($11) with me. I finally got shelter at the Mumukshu Ashram and was able to contact my family from their landline phone.”

Predictably, officials from the university insisted that there wasn’t any clampdown on the internet. The then vice-chancellor, Professor Girish Chandra Tripathi, when asked about this unofficial shutdown, said that there was none. "There could have been a network issue because the internet was working fine in our office. I cannot say what the students have alleged. Making allegations is very easy," he said over the phone to 101reporters. Varanasi district magistrate Yogeshwar Ram Mishra also denied that internet or phone services were suspended during the protests.

But a worrying number of first-person accounts do prove otherwise. According to Avinash Ojha, a first-year post-graduate student at the university, internet and phone services were restricted in the varsity campus soon after the lathi-charge on the students. They weren’t able to get online from the night of September 23 to 25.

The students had to go to Assi Ghat or other far-flung places to talk to their families and make travel arrangements out of the city. Ojha also suspected the hand of the university’s vice-chancellor behind this move.

Another case of suspected unofficial shutdown might have occurred on November 1, when a boiler explosion occurred at the National Thermal Power Corporation plant in Rae Bareili, that has since killed 34 people.

A senior officer of NTPC, on the condition of anonymity, told 101reporters that Reliance Jio was asked to cap their services in the area until things settled down. "I had heard my seniors discussing the need for this in order to avoid panic. There are a large number of Jio users here, so that specific service was asked to restrict its internet speed and calling facility for a while.”

Here too, there is evidence that the outage affected several people in the area. Amresh Singh, a property dealer hailing from Baiswara area of Rae Bareli was in Unchahar when the explosion occurred. He discovered that his phone network was not working. "There was no internet on my mobile phone after 4pm. I was able to access internet only after reaching Jagatpur, which is around 10 kilometres away from Unchahar," said Singh. “It felt like the phone lines were deliberately disrupted. I initially thought something was wrong with my phone, but the people with me were also not able to use their phones. Maybe the government quietly shut down the network to prevent panic.”

Mantu Baruah, a labourer from Jharkhand working at the NTPC, had a near-identical experience. His Jio network stopped working after 4pm that day, and he was unable to contact his family on WhatsApp to tell them that he was safe. "I tried many times, maybe over a hundred times, to send an image but it didn’t work. Jio network was down. Neither video calls nor phone calls were working. The authorities had made this happen so people outside wouldn’t know what was going on here.”

But Ruchi Ratna, AGM (HR) at NTPC’s North Zone office in Lucknow, tells us that there was a network congestion that day, not a shutdown. "Even we were unable to talk to our officers and were getting our information through the media," she said. Sanjay Kumar Khatri, Rae Bareily's district magistrate said over the phone, "There is no question of an 'unofficial shutdown'. I myself faced issues in sending messages on WhatsApp but my BSNL mobile was working fine and even journalists here were sending images and videos real time.”

However, a senior communication manager at Reliance Jio's Vibhuti Khand office in Lucknow revealed to this reporter that the internet was indeed restricted in both these instances for 12 hours each. "This was only done on the order of the government. I do not hold any written information, but it must be with the head office," the communication manager said. At the time of publishing, our requests for comments from the official spokespeople of Jio had not received a response.

Arvind Kumar, principal secretary (Home), Uttar Pradesh government, said that there were no restrictions or shutdowns during either incident. "There could have been network issues. The government did not ask any service provider to restrict its services. I will look into the matter, about where the orders to restrict Jio were issued from, but it did not come from the Uttar Pradesh government," he said.

While activists have roundly criticised the Temporary Suspension of Telecom Services (Public Emergency of Public Safety) Rules, notified in August without public consultation, there is now a better-defined (albeit still vague) protocol for implementation of internet blackouts. For instance, only the central or state home secretary can issue the orders. Prior to this, internet restrictions were issued by various authorities, along with section 144 of the Criminal Procedure Code, aimed at preventing “obstruction, annoyance or injury”. This wide berth has allowed the administration to quietly get away with short-term internet bans without proper explanation. In fact, those monitoring these shutdowns are only able to maintain such records by tracking media reports; no official records are available to the public. Without official transparency, often, if there is no news story, it is like there was no internet ban.

Saurabh Sharma is a Lucknow-based freelance writer and a member of 101Reporters.com, a pan-India network of grassroots reporters.

Shutdown stories are the output of a collaboration between 101 Reporters and CIS with support from Facebook.

For more details visit https://cis-india.org/internet-governance/blog/was-there-an-unofficial-internet-shutdown-in-bhu-ntpc

WannaCry: ATMs not to shut down, clarifies RBI, but how safe are our machines?

praskrishna — 2017-05-19T06:30:49Z

SBI has denied there was any compromise in its ATMs.

The blog post by Soumya Chatterjee was published by Newsminute on May 16, 2017. Udbhav Tiwari was quoted.

In the wake of the onslaught by ransomware WannaCry across the globe, the Reserve Bank of India has denied that it has asked banks in the country to shut down ATMs despite multiple conflicting reports on the same.

Speaking to The News Minute, the central bank’s spokesperson clarified, “The RBI has not passed any circulars to banks on the issue. All circulars sent to banks by the RBI is on the official website if it’s not on the website that means there is no such circular.”

The State Bank of India, the largest consumer bank of India also denied any compromise in its ATMs.

“All our systems are updated as required. Some of those, we do it daily. There are two types of updates, one is at the server level and one at the machine level. Generally, server level updates are done on a daily basis because patches are released and these are managed centrally in addition to local firewalls. The ATM machines are updated typically once in 15 days that is when the maintenance engineers visit the sites, they carry the latest software patch with them. So, everything is updated, there is no problem regarding this. We have additional surveillance but none of the ATM networks in the world has been impacted," Mrityunjoy Mahapatra, CIO of SBI told TNM.

However, a cyber security expert working with the Centre for Internet and Society, Udbhav Tiwari working on vulnerabilities such as these, said as most ATMs in the country especially of the public-sector banks run on outdated operating systems, or are not updated regularly, they can be easily compromised.

“This particular vulnerability was exposed by the WikiLeaks in March saying that the US' NSA was using this vulnerability in Windows operating systems to target individuals. Following this, Microsoft had sent patches in its update in March itself to counter this particular form of threats,” Udhav told TNM.

Udhav said WannaCry is one of the viruses which exploits this vulnerability adding,"No operating system is completely secure be it Windows, Mac or Linux or others, but there are certain OSs that are more susceptible to such attacks due to their popular usage and subsequent research carried on them. Once such attacks come out in the public domain and they usually get patched by the maintainers of the OS."

“In my personal experience, I have come across that most of the ATMs run on customised versions/ embeds of Windows XP or better Windows 7 which came out in 2001 and 2009 respectively. The support period for XP has already lapsed which means that it is more susceptible to malicious attacks than patched versions of other OSs,” Udhav said.

"However, Microsoft made an exception for this current threat and issued patches just for this,” added Udhav, noting if the patches were not installed they remain open to the WannaCry threat.

He also says that as there is no central repository to know what operating system many ATMs run, it would be hard to get the number of machines which are prone to this particular attack.

The cyber security expert draws parallels with the data security breaches last September and October, where a malware attack forced Indian banks to replace or request users to change the security codes of 3.2 million debit cards.

Udhav explained, “The malware had propagated in a very similar manner, they propagated via the internal networks of the bank because of a vulnerability of the ATM machines and then started recording details stored in the magnetic strips of the card."

Apart from invading some systems in departments of some state government in India, WannaCry has penetrated high profile systems across the globe including UK’s health services, Germany’s railway.

For more details visit https://cis-india.org/internet-governance/news/newsminute-may-16-2017-soumya-chatterjee-wannacry-atms-not-to-shut-down-clarifies-rbi

Vulnerabilities in the UIDAI Implementation Not Addressed by the Aadhaar Bill, 2016

Pooja Saxena and Amber Sinha — 2016-03-21T08:33:53Z

In this infographic, we document the various issues in the Aadhaar enrolment process implemented by the UIDAI, and highlight the vulnerabilities that the Aadhaar Bill, 2016 does not address. The infographic is based on Vidushi Marda’s article 'Data Flow in the Unique Identification Scheme of India,' and is designed by Pooja Saxena, with inputs from Amber Sinha.

Download the infographic: PDF and PNG.

Credits: The illustration uses the following icons from The Noun Project - Thumpbrint created by Daouna Jeong, Duplicate created by Pham Thi Dieu Linh, Copy created by Mahdi Ehsaei.

License: It is shared under Creative Commons Attribution 4.0 International License.

For more details visit https://cis-india.org/internet-governance/blog/vulnerabilities-in-the-uidai-implementation-not-addressed-by-the-aadhaar-bill-2016

Vox Pol Workshop on the Role of Social Media and Internet Companies in Responding to Violent Online Extremism

praskrishna — 2015-04-03T15:51:08Z

On March 5-6, 2015, the VOX-Pol network convened a workshop at Central European University in Budapest on the role of social media and internet companies in responding to violent online political extremism and the impacts on freedom of expression.

Elonnai Hickok attended the workshop. More details can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/vox-pol-workshop-on-the-role-of-social-media-and-internet-companies-in-responding-to-violent-online-extremism-5-6-march-budapest

Vote: Will Social Media Impact the Election?

praskrishna — 2013-04-15T08:30:59Z

As India enters election mode, social media has become one of many platforms where possible prime ministerial candidates are being scrutinized.

The article by R. Jai Krishna was published in the Wall Street Journal on April 15, 2013. Sunil Abraham is quoted.

On top of the list are Rahul Gandhi and Narendra Modi, who recently acquired the Twitter monikers #Pappu (“naïve”) and #Feku (“boastful”), respectively, following a string of public appearances observers saw as evidence they will be leading their respective parties in the upcoming national election.

A recent study found that social media could influence the electoral outcome in as many as 160 out of 543 seats in the Lok Sabha, the lower house of Parliament.

(These are constituencies where 10% of the voting population uses Facebook, or where the number of Facebook users is higher than the winning candidate’s margin of victory at the last election.)

	“No contestant can afford to ignore social media in the next Lok Sabha elections,” argued the study, put together by IRIS Knowledge Foundation, a Mumbai-based research group, and the Internet and Mobile Association of India, a trade body. Others are more skeptical. “The study assumes that users will behave homogenously, which isn’t true,” says Sunil Abraham, executive director at the Bangalore-based Centre for Internet and Society. While calling the study’s findings “ambitious,” Mr. Abraham said it was important to recognize the political power of Facebook, which could be used as a social platform but also to “plan a revolution.” But India’s Internet penetration is low: only 150 million people out a population of 1.2 billion go online, according to the IRIS-IAMAI study. The study estimates the number of social media users in the country is around 62 million, and that it may increase up to 80 million by time of national elections, which have to happen by May 2014.

“No contestant can afford to ignore social media in the next Lok Sabha elections,” argued the study, put together by IRIS Knowledge Foundation, a Mumbai-based research group, and the Internet and Mobile Association of India, a trade body.

Others are more skeptical. “The study assumes that users will behave homogenously, which isn’t true,” says Sunil Abraham, executive director at the Bangalore-based Centre for Internet and Society.

While calling the study’s findings “ambitious,” Mr. Abraham said it was important to recognize the political power of Facebook, which could be used as a social platform but also to “plan a revolution.”

But India’s Internet penetration is low: only 150 million people out a population of 1.2 billion go online, according to the IRIS-IAMAI study. The study estimates the number of social media users in the country is around 62 million, and that it may increase up to 80 million by time of national elections, which have to happen by May 2014.

Indian political parties have started wising up to the power of online campaigning. Ahead of state elections in Uttar Pradesh last year, for instance, parties including the winning Samajwadi Party, Congress and the Bharatiya Janata Party turned to social media ranging from Facebook to YouTube as well as to blogs and smartphone apps to promote their candidates and their agenda.

For more details visit https://cis-india.org/news/wall-street-journal-april-15-2013-r-jai-krishna-vote-will-social-media-impact-the-election

Vodafone Report Explains Government Access to Customer Data

joe — 2014-06-19T10:38:01Z

Vodafone Group PLC, the world’s second largest mobile carrier, released a report on Friday, June 6 2014 disclosing to what extent governments can request their customers’ data.

The Law Enforcement Disclosure Report, a section of a larger annual Sustainability Report began by asserting that Vodafone "customers have a right to privacy which is enshrined in international human rights law and standards and enacted through national laws."

However, the report continues, Vodafone is incapable of fully protecting its customers right to privacy, because it is bound by the laws in the various countries in which it operates. "If we do not comply with a lawful demand for assistance, governments can remove our license to operate, preventing us from providing services to our customers," The report goes into detail about the laws in each of the 29 nations where the company operates.

Vodafone’s report is one of the first published by a multinational service provider. Compiling such a report was especially difficult, according to the report, for a few reasons. Because no comparable report had been published before, Vodafone had to figure out for themselves, the “complex task” of what information they could legally publish in each country. This difficulty was compounded by the fact that Vodafone operates physical infrastructure and thus sets up a business in each of the countries where it provides services. This means that Vodafone is subject to the laws and operating licenses of each nation where it operates, unlike as a search engine such as Google, which can provide services across international borders but still be subject to United States law – where it is incorporated.

The report is an important step forward for consumer privacy. First, the Report shows that the company is aware of the conflict of interest between government authorities and its customers, and the pivotal position that the company can play in honoring the privacy of its users by providing information regarding the same in all cases where it legally can. Additionally, providing the user insight into challenges that the company faces when addressing and responding to law enforcement requests, the Report provides a brief overview of the legal qualifications that must be met in each country to access customer data. Also, Vodafone’s report has encouraged other telecom companies to disclose similar information to the public. For instance, Deutsche Telekom AG, a large European and American telecommunications company, said Vodafone’s report had led it consider releasing a report of it’s own.

Direct Government Access

The report revealed that six countries had constructed secret wires or “pipes” which allowed them access to customers’ private data. This means that the governments of these six countries have immediate access to Vodafone’s network without any due process, oversight, or accountability for these opaque practices. Essentially, the report reveals, in order to operate in one of these jurisdictions, a communications company must ensure that authorities have, real time and direct access to all personal customer data at any time, without any specific justification. The report does not name these six nations for legal reasons.

"These pipes exist, the direct access model exists,” Vodafone's group privacy officer, Stephen Deadman, told the Guardian. “We are making a call to end direct access as a means of government agencies obtaining people's communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used."

Data Organization

Vodafone’s Report lists the aggregate number of content requests they received in each country where it operates, and groups these requests into two major categories. The first is Lawful Interceptions, which is when the government directly listens in or reads the content of a communication. In the past, this type of action has been called wiretapping, but now includes reading the content of text messages, emails, and other communications.

The second data point Vodafone provides for each country is the number of Communications Data requests they receive from each country. These are requests for the metadata associated with customer communications, such as the numbers they have been texting and the time stamps on all of their texts and calls.

It is worth noting that all of the numbers Vodafone reports are warrant statistics rather than target statistics. Vodafone, according to the report, has chosen to include the number of times a government sent a request to Vodafone to "intrude into the private affairs of its citizens, not the extent to which those warranted activities then range across an ever-expanding multiplicity of devices, accounts and apps."

Data Construction

However, in many cases, laws in the various companies in which Vodafone operates prohibit Vodafone from publishing all or part of the aforementioned data. In fact, this is the rule rather than the exception. The majority of countries, including India, prohibit Vodafone from releasing the number of data requests they receive. Other countries publish the numbers themselves, so Vodafone has chosen not to reprint their statistics either. This is because Vodafone wants to encourage governments to take responsibility for informing their citizens of the statistics themselves.

The report also makes note of the process Vodafone went through to determine the legality of publishing these statistics. It was not always straightforward. For example, in Germany, when Vodafone’s legal team went to examine the legislation governing whether or not they could publish statistics on government data requests, they concluded that the laws were unclear, and asked German authorities for advice on how to proceed. They were informed that publishing any such statistics would be illegal, so they did not include any German numbers in their report. However, since that time, other local carriers have released similar statistics, and thus the situation remains unresolved.

Other companies have also recently released reports. Twitter, a microblogging website, Facebook, a social networking website, and Google a search engine with social network capabilities have all released comparable reports, but their reports differ from Vodafone’s in a number of ways. While Twitter, Google, and Facebook all specified the percent of requests granted, Vodafone released no similar statistics. However, Vodafone prepared discussions of the various legal constraints that each country imposed on telecom companies, giving readers an understanding of what was required in each country for authorities to access their data, a component that was left out of other recent reports. Once again, Vodafone’s report differed from those of Google Facebook and Twitter because while Vodafone opens businesses in each of the countries where it operates and is subject to their laws, Google, Facebook, and Twitter are all Internet companies and so are only governed by United States law.

Google disclosed that it received 27,427 requests over a six-month period ending in December, 2013, and also noted that the number of requests has increased consistently each six-month period since data began being compiled in 2009, when fewer than half as many requests were being made. On the other hand Google said that the percentage of requests it complied with (64% over the most recent period) had declined significantly since 2010, when it complied with 76% of requests.

Google went into less detail when explaining the process non-American authorities had to go through to access data, but did note that a Mutual Legal Assistance Treaty was the primary way governments outside of the United States could force the release of user data. Such a treaty is an agreement between the United States and another government to help each other with legal proceedings. However, the report indicated that Google might disclose user information in situations when they were not legally compelled to, and did not go into detail about how or when it did that. Thus, given the difficulty of obtaining a Mutual Legal Assistance Treaty in addition to local warrants or subpoenas, it seems likely that Google complies with many more non-American data requests than it was legally forced to.

Facebook has only released two such reports so far, for the two six month periods in 2013, but they too indicated an increasing number of requests, from roughly 26,000 to 28,147. Facebook plans to continue issuing reports every six months.

Twitter has also seen an increase of 22% in government requests between this and the previous reporting period, six months ago. Twitter attributes this increase in requests to an increase in users internationally, and it does seem that the website has a similarly growing user base, according to charts released by Twitter. It is worth noting that while large nations such as the United States and India are responsible for the majority of government requests, smaller nations such as Bulgaria and Ecuador also order telecom and Internet companies to turn over data.

Vodaphone’s Statistics

Though Vodafone’s report didn’t print statistics for the majority of the countries the report covered, looking at the few numbers they did publish can shed some light on the behavior of governments in countries where publishing such statistics is illegal. For the countries where Vodafone does release data, the numbers of government requests for Vodafone data were much higher than for Google data. For instance, Italy requested Vodafone data 605,601 times, while requesting Google data only 896 times. This suggests that other countries such as India could be looking at many more customers’ data through telecom companies like Vodafone than Internet companies like Google.

Vodafone stressed that they were not the only telecom company that was being forced to share customers’ data, sometimes without warrants. In fact, such access was the norm in countries where authorities demanded it.

India and the Reports

India is one of the most proliferate requesters of data, second only to the United States in number of requests for data from Facebook and fourth after the United States, France and Germany in number of requests for data from Google. In the most recent six-month period, India requested data from Google 2,513 times, Facebook 3,598 times, and Twitter 19 times. The percentage of requests granted varies widely from country. For example, while Facebook complies with 79% of United States authorities’ requests, it only grants 50% of India’s requests. Google responds to 83% of US requests but only 66% of India’s.

Facebook also provides data on the number of content restrictions each country requests. A content restriction request is where an authority asks Facebook to take down a particular status, photo, video, or other web content and no longer display it on their site. India, with 4,765 requests, is the country that most often asks Facebook to remove content.

While Vodafone’s report publishes no statistics on Indian data requests, because such disclosure would be illegal, it does discuss the legal considerations they are faced with. In India, the report explains, several laws govern Internet communications. The Information Technology Act (ITA) of 2000 is the parent legislation governing information technology in India. The ITA allows certain members of Indian national or state governments order an interception of a phone call or other communication in real time, for a number of reasons. According to the report, an interception can be ordered “if the official in question believes that it is necessary to do so in the: (a) interest of sovereignty and integrity of India; (b) the security of the State; (c) friendly relations with foreign states; (d) public order; or (e) the prevention of incitement of offences.” In short, it is fairly easy for a high-ranking official to order a wiretapping in India.

The report goes on to detail Indian authorities’ abilities to request other customer data beyond a lawful interception. The Code of Criminal Procedure allows a court or police officer to ask Vodafone and other telecom companies to produce “any document or other thing” that the officer believes is necessary for any investigation. The ITA extends this ability to any information stored in any computer, and requires service providers to extend their full assistance to the government. Thus, it is not only legally simple to order a wiretapping in India; it is also very easy for authorities to obtain customer web or communication data at any time.

It is clear that Indian laws governing communication have very little protections in place for consumer privacy. However, many in India hope to change this reality. The Group of Experts chaired by Justice AP Shah, the Department of Personnel and Training, along with other concerned groups have been working towards the drafting of a privacy legislation for India. According to the Report of the Group of Experts on Privacy, the legislation would fix the 50 or so privacy laws in India that are outdated and unable to protect citizen’s privacy when they use modern technology.

On the other hand, the Indian government is moving forward with a number of plans to further infringe the privacy of civilians. For example, the Central Monitoring System, a clandestine electronic surveillance program, gives India’s security agencies and income tax officials direct access to communications data in the country. The program began in 2007 and was announced publicly in 2009 to little fanfare and muted public debate. The system became operational in 2013.

Conclusion

Vodafone’s report indicates that it is concerned about protecting its customer’s privacy, and Vodafone’s disclosure report is an important step forward for consumer web and communication privacy. The report stresses that company practice and government policy need to come together to protect citizen’s privacy and –businesses cannot do it alone. However, the report reveals what companies can do to effect privacy reform. By challenging authorities abilities to access customer data, as well as publishing information about these powers, they bring the issue to the government’s attention and open it up to public debate. Through Vodafone’s report, the public can see why their governments are making surveillance decisions. Yet, in India, there is still little adoption of transparent business practices such as these. Perhaps if more companies were transparent about the level of government surveillance their customers were being subjected to, their practices and policies for responding to requests from law enforcement, and the laws and regulations that they are subject to - the public would press the government for stronger privacy safeguards and protections.

For more details visit https://cis-india.org/internet-governance/blog/vodafone-report-explains-govt-access-to-customer-data

Virtual Aadhaar ID: too little, too late?

Admin — 2018-01-16T23:59:21Z

Problems persist as many have already shared their 12-digit number with various entities, say experts

The article by Yuthika Bhargava was published in the Hindu on January 11, 2018

The move to introduce an “untested” virtual ID to address security concerns over Aadhaar database is a step in the right direction, but may be a case of too little, too late, according to experts, as many of the 119 crore Aadhaar holders have already shared their 12-digit numbers with various entities.

“What about all the databases that are already linked up with our Aadhaar number? Virtual ID will therefore not attack the root of the problem. At best, it is band-aid,” said Reetika Khera, faculty, Indian Institute of Technology-Delhi.

“Can we realistically expect rural folks to use this to protect themselves? Or are we pushing the barely literate into the hands of middlemen who will ‘help’ them navigate it?” she questioned.

The Unique Identification Authority of India (UIDAI) on Wednesday introduced the concept of a virtual ID that can be used in lieu of the Aadhaar number at the time of authentication, thus eliminating the need to share and store Aadhaar numbers. It can be generated only by the Aadhaar number-holder via the UIDAI website, Aadhaar enrolment centre, or its mobile application.

Experts pointed out that the virtual ID is voluntary and the Aadhaar number will still need to be used at some places.

“Unless all entities are required to use virtual IDs or UID tokens, and are barred from storing Aadhaar numbers, the new measures won’t really help,” said Pranesh Prakash, Policy Director, Centre for Internet and Society, Bengaluru.

Kiran Jonnalagadda, co-founder of the Internet Freedom Foundation, agreed. “The idea is good but it should have been done in 2010, as now all the data is already out. Now, what can be done is revoke everybody’s Aadhaar and give new IDs.”

Mr. Jonnalagadda added that Authentication User Agencies (AUAs) categorised as ‘global AUAs’ by the UIDAI will be exempted from using the virtual IDs. “These are likely to be entities which require de-duplication for subsidy transfer, such as banks and government agencies. All the leaks have happened till now from these entities. So, basically, the move will exempt the parties that are the problem,” he said.

Vipin Nair, one of the advocates representing the petitioners who have challenged the Aadhaar Act in the Supreme Court said, “It is potentially a case of unmitigated chaos purely from an Information Technology perspective.”

For more details visit https://cis-india.org/internet-governance/news/hindu-yuthika-bhargava-january-11-2018-virtual-aadhaar-id-too-little-too-late

Violence call key to 'sedition'

praskrishna — 2016-02-28T03:06:47Z

Words, whether spoken or shouted, that question or even malign the government cannot be labelled as sedition, unless they specifically incite violence, lawyers and human rights experts familiar with fundamental rights and sedition laws have said.

The article was published in the Telegraph on February 18, 2016

The experts say courts hearing allegations of sedition would be expected to analyse the context and intent to determine whether actions claimed by the prosecution as sedition fit its definition under the Indian Penal Code#(IPC) and various Supreme Court rulings.

Under Section 124A of the IPC, "whoever by words.... or by signs or visible representation or otherwise brings or attempts to bring into hatred, contempt or excites or attempts to excite disaffection towards the government established by law in India" may be punished. The section defines disaffection as "disloyalty and all feelings of enmity", but clarifies that comments that express even strong disapproval of government actions through lawful means without exciting or attempting to excite hatred, contempt, or disaffection are not an offence.

"It is not the actions alone that count, they have to be seen along with the mental ingredients behind those actions - it is the motive that determines the character of the actions," N.R. Madhava Menon, honorary professor at Bangalore's National Law School, told The Telegraph.

"The court would be expected to examine the facts and the evidence presented," he said. "It would ask questions such as, is there evidence for a conspiracy, who was behind the actions, was it an organised event, was it intended to subvert a legally established government?"

Experts say Supreme Court rulings over the decades have narrowed the scope of the sedition law. In a 1995 judgment, the court held that casual raising of slogans by individuals cannot be held as exciting or attempting to excite hatred or disaffection towards the government.

The court has ruled that only speeches intended to create disorder or disturbance or call for resorting to violence could be punishable under the section, said Ravi Nair, executive director of the South Asia Human Rights Documentation Centre, New Delhi.

In a 1962 judgment, the Supreme Court had limited the scope of Section 124A to incitement to violence or fostering public disorder, Gautam Bhatia, a Delhi-based lawyer and author of Offend, Shock, or Disturb, a book on free speech under the Indian Constitution has pointed out.

In a report for the non-government Centre for Internet and Society, Bhatia said other Supreme Court rulings had clarified#that that there needed to be a "direct and imminent degree of proximity" between the speech and expression and the breach of public order, and that the relation between the two should be like a "spark in a powder keg".

"Something the court has clearly rejected is the argument that it is permissible to criminalise speech and expression simply because its content might lower the authority of the government in the eyes of the public which, in turn, could foster a disrespect for law and the state, and lead to breaches of public order," Bhatia wrote.Human rights analysts point out historical episodes in other countries where citizens have expressed intense opposition to government actions, without having charges of sedition filed against them.

"The protests in the US against the Vietnam War during the late 1960s and protests in the UK against the Falkland War in 1982 or more recently British involvement in the Gulf war are examples," Nair said. "Supreme Court rulings in India have narrowed the scope of the section on sedition to cover only actions that actually call for violence."

Nair said sedition should be seen as an anachronism in any mature democracy. India's sedition law was written during British rule, but the UK abolished its own sedition and seditious libel law in 2009.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-february-18-2016-violence-call-key-to-sedition

Vimeo, DailyMotion, Pastebin Among Sites Blocked In India For 'Anti-India' Content From ISIS

praskrishna — 2015-01-02T16:43:20Z

The Indian government has convinced ISPs to block dozens of popular websites accused of hosting “anti-India” content posted by members of the Islamic State group, also known as ISIS or ISIL.

The story was published by IB Times on December 31. Pranesh Prakash is quoted.

GitHub, Pastebin, as well as the video sites Vimeo and DailyMotion were among those rendered inaccessible to many of India’s nearly 250 million Internet users.

The text repository Pastebin first tweeted on Dec. 19 that it had been blocked, confirming on Dec. 26 that the blockade was at the behest of India’s Department of Telecom. Pranesh Prakash, the policy director at the Center for Internet and Society in Bangalore, posted a list of the blocked sites Wednesday. Notice the list was issued Dec. 17.

Insane! Govt orders blocking of 32 websites including @internetarchive @vimeo @github @pastebin #censorship #FoEx pic.twitter.com/F75ngSGohJ

â€” Pranesh Prakash (@pranesh_prakash) December 31, 2014

Hours later Arvind Gupta, the national head of information technology at India’s Bharatiya Janata Party, confirmed on Twitter that a block had indeed been put in place. Other than referencing “ongoing investigations,” Gupta did not provide specific details on the type of threats being made.

The websites that have been blocked were based on an advisory by Anti Terrorism Squad, and were carrying Anti India content from ISIS. 1/2

â€” Arvind Gupta (@buzzindelhi) December 31, 2014

The sites that have removed objectionable content and/or cooperated with the on going investigations, are being unblocked. 2/2

â€” Arvind Gupta (@buzzindelhi) December 31, 2014

The move comes after it was discovered that the operator of a prominent pro-ISIS Twitter account was based in Bangalore. Mehdi Masroor Biswas, 24, was arrested earlier this month after a Channel 4 News investigation determined he was behind @ShamiWitness, an account with more than 17,700 followers and 2 million tweets seen each month.

Indian Prime Minister Narendra Modi unveiled the “Make in India” campaign earlier this year in an attempt to encourage international businesses to invest in India. The campaign specifically mentions information technology as a sector in which India wishes to improve.

For more details visit https://cis-india.org/internet-governance/news/ib-times-jeff-stone-december-31-2014-sites-blocked-in-india-for-anti-india-content-from-isis

Vimeo Ban: More Web Censorship

praskrishna — 2012-05-24T09:19:38Z

When Indian users logged on to Vimeo and some other video-sharing websites Thursday morning, they were greeted by a rather unusual message: "Access to this site has been blocked as per Court Orders."

This article by Preetika Rana published in the Wall Street Journal on May 18, 2012. Pranesh Prakash is quoted in it.

When Indian users logged on to Vimeo and some other video-sharing websites Thursday morning, they were greeted by a rather unusual message: "Access to this site has been blocked as per Court Orders."

The websites were blocked by private telecom operators following a ruling by Chennai’s High Court in March.

The story began when Chennai-based Copyrights Labs, a firm specializing in copyright infringement, petitioned the High Court to take pre-emptive action against people who might illegally upload two Tamil-language films: "3" and "Dammu."

The court ruled that Internet service providers, or ISPs, could block video-sharing sites where those films were illegally available.

The court named 15 prominent ISPs who were covered by the order.

But the court did not name any particular video-sharing websites to be taken down. And it remains unclear if any of those affected this week even carried the two films in question.

Two major Indian ISPs, Bharti Airtel and Reliance Communications, blocked content sharing websites including U.S.-based Vimeo and France-based Dailymotion and Pastebin.

They cited the court order as a reason but without proof the sites were carrying the movies. Other ISPs named in the court order did not attempt to block any websites.

The two telecom giants offered little further clarity on why these websites were blocked. “Access to certain sites has been blocked by Airtel pursuant to and in compliance with Court orders,” Bharti Airtel said in a statement.

Reliance Communication’s statement said: "Under Section 79 of the IT Act, an ISP has to adhere to any copyright infringement notice and court orders."

Responding to reports of the ban, Harish Ram, chief executive of Copyrights Labs said Thursday: "We have been fighting for this for long and it seems the ISPs are finally responding."

By Friday, the ISPs had restored services for Vimeo, Dailymotion and Pastebin, although some users still reported access problems.

It is still unclear why the March order came into effect only now or why Reliance and Airtel decied to unblock the websites. The telecom firms did not immediately respond to request for comment.

Experts attacked ISPs for clamping down on free speech on the web.

"Why and how did telecom giants target select websites," said Pranesh Prakash, a program manager at Bangalore based-Centre for Internet and Society, a non-profit group advocating free speech on the web. He pointed out that the High Court did not spell out the names of websites that should be blocked.

"Shutting websites merely on the basis of suspicion amounts to private crackdown on free speech of the web," he said. "Why didn’t the telecom ministry repeal or object to the move, knowing that the court didn’t spell out the websites to be blocked?"

Bhupendra Kainthola, a spokesman for the telecom ministry, noted that the "government or the telecom ministry had nothing to do with the high court ruling.” When asked why the ministry did not intervene, Mr. Kainthola responded: “What can we do? If an order has been passed, we have to follow it… that is the law of the land."

The move comes only a few months after the central government issued an official sanction to prosecute internet giants Facebook Inc. and Google Inc., alleging that they host "blasphemous" content on their websites. A criminal case against the two companies is ongoing.

For more details visit https://cis-india.org/news/vimeo-ban

Vijay Mallya cries foul after his Twitter and email accounts are hacked

praskrishna — 2016-12-10T13:50:25Z

The attackers said they were able to access over a gigabyte of data from Mallya's email.

The article by Alnoor Peermohamed was published in Business Standard on December 10, 2016. Sunil Abraham was quoted.

Liquor baron Vijay Mallya on Friday cried foul over his Twitter account being hacked by a group calling itself ‘Legion’. The group is believed to be the same as the one behind the hack of Congress vice-president Rahul Gandhi’s Twitter and e-mail servers last week.

Several tweets alleging that Mallya’s e-mail had been compromised and documents related to his offshore investments and bank accounts had been stolen were made from his official Twitter account in early on Friday.

“Outfit called Legion has hacked my e-mail accounts and are blackmailing me!! What a joke,” Mallya tweeted after seemingly taking back control of his account.

The attackers said they were able to access over a gigabyte of data from Mallya’s e-mail and shared a link for the public to gain access to it. They also tweeted the rest of the information on Mallya would be made public in the coming weeks, targeted at bringing him to justice for committing fraud.

The Twitteratti (the general public on the social networking platform), including several of Mallya’s 5.51 million followers, emerged in support of the hackers, who they proclaimed were working in the interest of the Indian people. Mallya has defaulted Rs 7,200 crores in loans and is being investigated for it.

“The e-mail hack is interesting because it’s the same global pattern. People are following Julian Assange’s advice — transparency should be directly proportional to power. What one really means is, public interest should be preserved,” says Sunil Abraham, executive director at Bengaluru-based Centre for Internet and Society.

While a lot of hacks continue to be carried out for monetary gain through extortion, several Internet vigilante groups have cropped up over the past decade, the most famous being WikiLeaks and more recently Anonymous. As India’s politicians, businessmen and the general public increasingly use technology and the Internet, they too are becoming targets for such hackers.

“If Mallya’s email account is hacked and all we get out of it is gossip, then it’s of no use. But if we as a nation ensure that the law is followed, or laws are improved, or corporate governance is evolved, all of that is positive impact of such an event. So hacktivists have to be very responsible when they do this, otherwise they spoil the name of whistleblowers and so on,” added Abraham.

Mallya is currently wanted by Indian law enforcement agencies and has a non-bailable warrant issued against his name by the court. He has currently exiled himself in the UK and refuses to travel to the country unless offered amnesty. While often denying any wrongdoing, the general public perception among Indians is that the billionaire playboy Mallya portrayed himself to be is guilty.

For more details visit https://cis-india.org/internet-governance/business-standard-alnoor-peermohamed-december-10-2016-vijay-mallya-cries-foul-after-his-twitter-and-email-accounts-are-hacked

VII NLSIR Symposium

praskrishna — 2014-01-09T07:08:33Z

The National Law School of India Review (NLSIR) - the flagship journal of the National Law School of India University (NLSIU), Bangalore is pleased to announce the seventh NLSIR Symposium on “Bridging the Security-Liberty Divide” scheduled to be held on December 21 and December 22, 2013 at the National Assessment and Accreditation Council (NAAC, opposite NLSIU Campus, Nagarhavi) Conference Hall, Bangalore.

This was published by NLSIR on December 20, 2013.

The decade following September 11 has been dubbed “liberty’s lost decade”, not just for the United States of America but for the world at large, marked by increasing tension between State interests in national security and individual liberty. As we continue to grapple with the implications of this clash, one clear winner seems to be emerging, best observed by examining changes in legal systems throughout this decade. The recent upsurge of criticism against NSA activity globally, however, could be seen as indicative of a changing trend. The VIIth NLSIR Symposium seeks to trace this dialogue between competing notions of security and liberty, and hopes to assess and analyse similar developments in India Confirmed speakers for the symposium include renowned legal experts such as Hon’ble Justice Muralidhar, Menaka Guruswamy, Mrinal Satish, Bharat Karnad, Aparna Chandra, Chinmayi Arun, Shyam Diwan, Bhairav Acharya, Roshni, Yug Mohit Chaudhary and Saikat Datta.

This year, the discussions will be divided into four panels:

Session I: Securing Liberty from the State - Redefining Criminal Thresholds in Law
(Forenoon, December 21, 2013, Saturday)

Session II: Intrusive Intelligence - Surveillance Programs and Privacy in India
(Afternoon, December 21, 2013, Saturday)

Session III: Beyond Borders - Extradition, Asylum and Concerns of State Security
(Forenoon, December 22, 2013, Sunday)

Session IV: Connecting the Dots
(Afternoon, December 22, 2013, Sunday)

For more details visit https://cis-india.org/news/nlsir-december-21-2013-nlsir-symposium

Views | Why the Left may for once be right

praskrishna — 2012-04-25T11:48:50Z

The article by Pramit Bhattacharya was published in LiveMint on April 23, 2012.

India’s information technology (IT) minister, Kapil Sibal appears to be running into rough weather over IT rules framed last year, which curb freedom of expression on the internet. The rules have incensed India’s growing blogging community and piqued at least a few of his fellow parliamentarians.

On the opening day of the upcoming parliamentary session on Tuesday, the Rajya Sabha is set to vote on an annulment motion against the IT rules, moved by P. Rajeeve of the Communist Party of India (Marxist), a rediff.com report said. Ironically, the party that still treats Stalin as a hero (quoting him unfailingly in its political resolutions) has become the first to stand up for internet freedom.
Rajeeve is of course not the only parliamentarian to take exception to the rules. Jayant Choudhry, a member of parliament (MP) from the Rashtriya Lok Dal, was the first to draw attention to the draconian rules late last year, and MPs from other regional parties such as the Samajwadi Party and the Asom Gana Parishad criticized the rules in a parliamentary discussion in December.

Two sets of rules, one governing cyber cafes and the other relating to intermediaries have attracted most criticism. The rules relating to intermediaries such as internet service providers, search engines or interactive websites such as Twitter and Facebook are the most disturbing. Intermediaries are required under the current rules to remove content that anyone objects to, within 36 hours of receiving the complaint, without allowing content creators any scope of defence.

The criteria for deciding objectionable content, laid down in the rules, are subjective and vague. For instance, intermediaries are mandated to remove among other things, ‘grossly harmful’ content, whatever that may mean.

This is a unique form of ‘private censorship’ that will endanger almost all online content. In this age of easily offended sensibilities, it is virtually impossible to write anything that does not “offend” anyone. For instance, even this piece may be termed ‘grossly harmful’ to the CPI(M) party.

However far-fetched this may sound, this has already become a reality. A researcher working with the Bangalore-based Centre for Internet and Society (CIS) tried out such a strategy with several different intermediaries, and was successful in six out of seven times, always with frivolous and flawed complaints, Pranesh Prakash of CIS wrote in a January blog-post. It has become much easier in India to ban an e-book than a book, Prakash pointed out.

The rules regulating cyber cafes are no better. Cyber cafes are required to keep a log detailing the identity of users and their internet usage, which has negative implications for privacy and personal safety of users, analysis of the rules by PRS legislative research said.

Internet freedom in India has declined over time and is only ‘partly free’, a 2011 report on internet freedom by US-based think tank, Freedom House said. India has joined a growing club of developing nations where, “internet freedom is increasingly undermined by legal harassment, opaque censorship procedures, or expanding surveillance,” the report noted.

The only saving grace is that some of the IT rules are drafted in a language so arcane that anyone will find it hard to decipher them, leave alone implementing them. Sample this: “The intermediary shall not knowingly deploy or install or modify the technical configuration of computer resource or become party to any such act which may change or has the potential to change the normal course of operation of the computer resource than what it is supposed to perform thereby circumventing any law for the time being in force: provided that the intermediary may develop, produce, distribute or employ technological means for the sole purpose of performing the acts of securing the computer resource and information contained therein.”

The first task at hand for Sibal may be to explain to fellow lawmakers what the above rule is supposed to mean, before he defends such rules.

Click for the original, Pranesh Prakash is quoted in this article.

For more details visit https://cis-india.org/news/left-may-for-once-be-right