We are anonymous, we are legion

Analytics to help govt read public mood online

praskrishna — 2015-03-09T16:57:14Z

The Union government is in the process of commissioning a project to analyse public sentiment about it on various online platforms.

The article by Surabhi Talwar published in the Business Standard quotes Pranesh Prakash.

The project will cover state-owned MyGov.in, social media portals such as Facebook and Twitter, and the top 10 news websites in the country. The analysis will also extend to Twitter and Facebook accounts of government ministries and departments, according to a document evincing interest from companies and defining scope of work that has been posted on the website of the electronics and information technology department. The Centre expects the platform to be ready in two months.

This is the first time that the Centre is deploying a tool to 'officially' listen in on social media conversations and monitor media reports as well as subsequent public reaction. The idea is not to see which journalist is saying what and tell the government "inhe ad dena band kar do" (don't give them ads), said a government official familiar with the plans. It has also got "nothing to do with politics or elections", the official added.

The stated objective is to gauge public opinion related to policy matters and get a "comprehensive picture of the larger issues concerning the people", the official said. According to the mandate, the company will analyse comments posted on MyGov.in, which sees about 50,000 responses every week. It will also scan through social media sites, articles posted on news portals and the comments section, and categorise these into three "tag clouds" - negative, positive and neutral.

"Analytics are not strong if you are looking at it with a tunnel vision," said the government official, adding they needed to be comprehensive and corroborated across different platforms. The idea behind extending the mandate to social media websites and news organisations, according to the official, is to make sure the government's policies and initiatives are in sync with the people's wishes.

However, the government claimed it would only study posts that are "public" and not build backend access into the network of social media companies to get a look at all content.

According to the official, the Centre was not interested in "listening to everything that people are talking about", rather it will restrict its queries that relate to its business of policymaking. "Anything beyond that is not our mandate," the official clarified.

According to Mahesh Murthy, founder of digital media firm Pinstorm, these kinds of sentiment-analysis tools have become quite popular lately with both companies and political parties, who use these to gauge public mood before elections.

"They can cost anywhere between Rs 2 lakh and Rs 10 lakh a month," he said, adding there were hardly any privacy implications since the data being analysed was in public domain.

Pranesh Prakash of the Centre for Internet and Society said, "Privacy concerns aren't as acute if there is no profiling that is happening." Prakash added the concept might be worrisome if algorithms became the determining factor for policymaking, as they could be dangerous for democratic functioning. "They are like black boxes and you don't how they function."

Launched about six months ago, MyGov.in is the National Democratic Alliance government's citizen-engagement platform through which it solicits ideas and inputs from the public on government business.

Once the sentiment-analysis project is implemented, the government will be able to automate the process of providing summary of inputs on discussion topics to the government agencies concerned.

The volume of comments received on the platform is making it difficult for the Centre to manually sift through these for the most relevant ones.

"The solution would display two sets of dashboards. One would be in public domain. The other would be restricted through the multi-level role-based access system provisioned by the solution," said the document evincing expression of interest from companies.

Those interested will have to provide a proof of concept before being selected.

For more details visit https://cis-india.org/internet-governance/news/business-standard-february-20-2015-surabhi-agarwal-analytics-to-help-govt-read-public-mood-online

A Selection of Tweets on How to Make Crowdmaps Effectual for Mapping Violence against Women

rohini — 2015-03-12T00:42:08Z

This is a collection of tweets by Rohini Lakshane on making crowdmaps more effective for mapping gender violence. The compilation of tweets has been republished by GenderIT.org.

For more see the original published on the website of Gender IT.org on February 19, 2015.

For more details visit https://cis-india.org/internet-governance/blog/gender-it-february-19-2015-selection-tweets-how-make-crowdmaps-effectual-mapping-violence-against-women

The Surveillance Industry in India – An Analysis of Indian Security Expos

divij — 2015-03-08T12:25:15Z

The author talks about the surveillance industry in India and analyses Indian security expos.

Introduction

The 'Spy Files', a series of documents released by whistleblower website WikiLeaks over the last few years, exposed the tremendous growth of the private surveillance industry across the world - a multi-billion dollar industry thriving on increasing governmental and private capabilities for mass surveillance of individuals.[1] These documents showed how mass surveillance is increasingly made possible through new technologies developed by private players, often exploiting the framework of nascent but burgeoning information and communication technologies like the internet and communication satellites. Moreover, the unregulated and undiscerning nature of the industry means that it has enabled governments (and also private agencies) across the world - from repressive dictatorships to governments in western democracies with a growing track record of privacy and civil liberties infringements - to indulge in secretive, undemocratic and often illegal surveillance of their citizens. The Spy Files and related research have revealed how the mass surveillance industry utilizes the rhetoric of national security and counter-terrorism to couch technologies of surveillance.

'Security' and the Normalization Of Surveillance

New technologies undoubtedly create a potential for both malicious as well as beneficial use for society. Surveillance technologies are a prime example, having both enabled improvements in law enforcement and security, but at the same time creating unresolved implications for privacy and civil liberties. These technologies expose what Lawrence Lessig describes as 'latent ambiguities' in the law - ambiguities that require us to assess the implications and effects of new technologies and how to govern them, and most importantly, to choose between conflicting values regarding the use of technologies, for example, increased security as against decreased privacy.[2]

Unfortunately, In India, the ambiguity seems to have been resolved squarely in favour of surveillance - under the existing regulatory regime, surveillance is either expressly mandated or unregulated, and requires surveillance to be built into the architecture and design of public spaces like internet and telephone networks, or even public roads and parks. Most of these regulations or mechanisms are framed without democratic debate, through executive mechanisms and private contracts with technology providers, without and public accountability or transparency.

For example, under the telecom licensing regime in India, the ISP and UASL licenses specifically require lawful interception mechanisms through hardware or software to be installed by the licensees, for information (Call Data Records, Packet Mirroring, Call Location) to be provided to 'law enforcement agencies', as specified by the Government.[3] Section 69 of the Information Technology Act, the main legislation governing the Internet in India, read with the rules framed under the Act, makes it incumbent upon 'intermediaries' to provide surveillance facilities at the behest of government agencies.[4]

Beyond this, the State and its agencies Section 69 and 69B of the IT Act empower the government to intercept and monitor any data on the Internet. The Telegraph Act also permits wiretapping of telephony.[5] The proposed Central Monitoring System by the Central Government would give state agencies centralized access to all telecommunications in real time, on telephony or on the Internet. Other surveillance schemes include the Keyword Tracking system NETRA, as well as several state government proposed comprehensive CCTV-surveillance schemes for cities. [6] Clearly, therefore, there is a massive market for surveillance technologies in India.

Tracking the Surveillance Market

The Mass surveillance industry by its very nature is closed, secretive and without democratic oversight, Insights into the prevalence, nature and scope of the companies that form this industry, or the technologies that are utilized are far and few. No democratic debate about surveillance can take place in such a paradigm. In this context, security expos and exhibitions provide critical insight into this industry. Several of the important revelations about the industry in the past have been from examinations of large exhibitions in which the various governmental and industry actors participate, and therefore, such analysis is critical to the debate surrounding mass surveillance. Such exhibitions are a logical starting point because they are one of the few publically accessible showcases of surveillance-ware, and are also a congregation of most major players who are part of this market both as suppliers and purchasers.

Our research identified at least 13 exhibitions in India that specifically cater to the surveillance industry. A brief outline of each of these exhibitions is provided below:

1. Secutech India (Brochures: 2015 -http://www.secutechindia.co.in/pdf/secutech%20brochure.pdf)

The Secutech Expo is an exhibition held in Bombay and Delhi since 2011, to showcase Information Security, Electronic Security and Homeland Security technologies. Secutech also organizes the Global Digital Surveillance Forum, a conference amongst the stakeholders of digital surveillance industry in India.[7]

Exhibitors: Ivis; Matrix Comsec; Neoteric; Smartlink; Kanoe; Micro Technologies; Aditya Infrotech; CoreTech Solutions; Merit Lilin; Schneider Electric; Pash systems; Nettrack Technologies Pvt Ltd.; QNAP; Axxonsoft; Hk Vision (China); Alhua; Axis; Vivotech (Taiwan); Endroid (USA); Vantge (UK); Pelco (France); Advik; Hi Focus (UK); ESMS; Keeper (China); Neoteric; Vizor, etc

Visitors: The visitor profile and target audience consists of government and defense agencies, besides private agencies.

Technologies on display: Digital surveillance, biometrics, CCTV and RFID are some categories of the technologies which are showcased here.

2. IFSEC India (Brochures: 2013 - http://www.ifsecindia.com/uploads/IFSEC%20INDIA%20brochure%202013.pdf; 2014 - http://www.ubmindia.in/ifsec_india/uploads/IFSEC_INDIA_Brochure_CS5_new_low.pdf.)

IFSEC India, an extension of IFSEC UK, the 'worlds largest security exhibition', proclaims to be South Asia's largest security exhibition with 15,000 participants in its latest edition, including a special segment on surveillance. It has been held in either Bombay or Delhi since 2007.

Exhibitors: Honeywell; Infinova; Radar Vision; QNAP; Ensign; Winposee; Bosch; Comguard; Verint; ACSG; Ensign etc.

Visitors: Visitors include government agencies such as the Central Industrial Security Force, Border Security Force, Department of Internal Security, Railway Protection Force and the Department of Border Management.

Technologies on display: RFID, Video Surveillance, Surveillance Drones, IP Surveillance, Digital Surveillance and Monitoring were some of the categories of technologies on display.

3. India International Security Expo (Brochures: 2014 - http://www.indiasecurityexpo.com/images/e_brochure.pdf)

Held in New Delhi since 1996, and organized by the Ministry of Home Affairs, the expo is described as "India's largest show case of goods and services related to Homeland Security, Fire Safety, Traffic Management, Industrial Safety and Public Safety, Hospitality and Reality Security." With specific reference to the changing 'modus operandi of crime by using technology', the Expo focuses on using surveillance technologies for law enforcement purposes.

Exhibitors: Intellivision (USA); Intex (India); ESC Baz (Israel); Sparsh Securitech; Source Security (USA); Intellivision (USA); Interchain Solutions; ESSI; Kritikal; Matrix; Pace Solutions etc.

Visitors: According to the show's brochure, visitors include Central & State Police Organisations, Paramilitary Forces, Policy-makers from the Government, Industrial Establishments, Security Departments of Educational, Retail, Hospitality, Realty & other sectors, Colonisers, Builders, RWAs, System Integrators Large business houses and PSU's.

Technologies on display: Access control systems, surveillance devices, RFID, traffic surveillance and GPS Tracking.

4. Secure Cities Expo (Brochures: 2013 - http://securecitiesindia.com/Secure_Cities_2013_Brochure.pdf; 2014 - http://securecitiesindia.com/images/2014/SC_2014_Brochure.pdf.)

Secure Cities Expo has been organized since 2008, on the platform of providing homeland security solutions and technologies to government and private sector participants.

Exhibitors: Dell; Palo Alto Networks; Motorola; Konnet; Vian Technologies; Quick Heal; Intergraph, GMR, Tac Technologies, Steria, Teleste, Elcom, Indian Eye Security; Mirasys; CBC Group; Verint (USA); IBM (USA); Digitals; EyeWatch; Kanoe; NEC (Japan); ACSG Corporate; ESRI (USA), etc.

Visitors: Visitors include government and law enforcement agencies including the Ministry of Home Affairs as well as systems integrators and private firms including telecom firms.

Technologies on display: CCTV, Biometrics, Covert Tracking and Surveillance Software, Communication Interception, Location and Tracking systems, and IT Security.

5. Defexpo India (Brochures: No publically available brochures)

By far India's largest security exposition, the Ministry of Defense has organized Defexpo India since 1999, showcasing defense, border, and homeland security systems from technology providers internationally.

Exhibitors: Aurora Integrated; Airbus Defence (France); Boeing (USA); Hacking Team (Italy); Kommlabs (Germany); Smoothwall; Atlas Electronik; Cyint; Audiotel International; Cobham; Tas-Agt; Verint; Elsira (Elbit) (Israel); IdeaForge; Comint; Controp; Northrop Gruman; Raytheon; C-DoT; HGH Infrared (Israel); Okham Solutions (France); Septier (Israel); Speech Technology Centre (Russia); Aerovironment (USA); Textron; Sagem (France); Amesys (France); Exelis; ITP Novex (Israel), etc.

Visitors: The latest edition of the Expo saw participation from governmental delegations from 58 countries, besides Indian governmental and law enforcement authorities.

Technologies on display: The entire spectrum of surveillance and homeland security devices is on display at Defexpo, from Infrared Video to Mass Data Interception.

6. Convergence India Expo (Brochures: 2012 - http://convergenceindia.org/download/CI2012-PSR.pdf; 2014 -http://www.convergenceindia.org/pdf/CI-2014-Brochure.pdf; 2015 - http://www.convergenceindia.org/pdf/brochure-2015.pdf.)

Convergence India, being held in New Delhi since 1991, is a platform for interaction between Information and Communication Technology providers and purchasers in the market. In recent years, the expo has catered to the niche market for IT surveillance.

Exhibitors: ELT (UK); Comguard; Fastech; Synway (China); Saltriver; Anritsu (Japan); Cdot; Fastech; Rahul Commerce; Deviser Electronics; RVG Diginet; Blue Coat (USA); Cyberoam (USA); ZTE (China); Net Optics (USA); Controp; Comint etc.

Visitors: Visitors include Paramilitary Forces, Cable Operators, Government Ministries and PSU's and Telecom and Internet Service Providers.

Technologies on Display: Biometrics, Content Filtering, Data Mining, Digital Forensics, IP-Surveillance, Embedded Softwares, Network Surveillance and Satellite Monitoring were some of the technologies on display.

7. International Police Expo (Brochures: 2014 - http://www.nexgengroup.in/exhibition/internationalpoliceexpo/download/International_Police_Expo_2014.pdf.)

The International Police Expo held in New Delhi focuses on providing technologies to police forces across India, with specific focus on IT security and communications security.

Exhibitors: 3G Wireless Communications Pvt Ltd; Motorola Solutions; Cyint; Matrix Comsec; Cellebrite; Hayagriva; MKU; CP Plus etc.

Visitors: Visitors include State Police, Procurement Department, CISF, CRPF, RAF, BSF, Customs, GRPF, NDRF, Special Frontier Force, Para Commandos, Special Action Group, COBRA and PSU's and educational institutes, stadiums and municipal corporations, among others.

Technologies on display: Technologies include RFID and surveillance for Internal Security and Policing, CCTV and Monitoring, Vehicle Identification Systems, GPS, Surveillance for communications and IT, Biometrics and Network surveillance.

8. Electronics For You Expo (EFY Expo) ( 2014 - http://2013.efyexpo.com/wp-content/uploads/2014/03/efy_PDFisation.pdf; 2015 - http://india.efyexpo.com//wp-content/uploads/2014/03/5th%20EFY%20Expo%20India_Brochure.pdf.)

EFY Expo is a electronics expo which showcases technologies across the spectrum of electronics industry. It has been held since 2010, in New Delhi, and is partnered by the Ministry of Communications and IT and the Ministry of Electronics and IT.

Exhibitors: Vantage Security; A2z Securetronix; Avancar Security; Digitals security; Securizen Systems; Vision Security; Mangal Security Systems, etc.

Visitors: The visitors include Government Agencies and ministries as well as systems integrators and telecom and IT providers.

Technologies on display: Identification and Tracking Products and Digital Security Systems are a specific category of the technologies on display.

9. Indesec Expo (Brochures: 2009 - http://www.ontaero.org/Storage/14/897_INDESEC_Oct11-13_2009.pdf. )

An exhibition focused on homeland security, and sponsored by the Ministry of Home Affairs, the expo has been held since 2008 in New Delhi, which includes a specific category for cyber security and counter terrorism.

Exhibitors: Rohde and Schwarz; Salvation Data; AxxonSoft; KritiKal; Shyam Networks; Teledyne Dalsa; Honeywell; General Dynamics; Northrop Grumman; Interchain Solutions, etc.

Visitors: Visitors include officials of the central government, central police and paramilitary forces, Ministry of Defence, central government departments, institutes and colleges, state government and police and ports and shipping companies.

10. Next Generation Cyber Threats Expo

Held since 2012 in New Delhi and Mumbai, the Next Generation Cyber Threats Expo focuses on securing cyber infrastructure and networks in India.

Exhibitors: Ixia, CheckPoint, etc.

Visitors: Visitors include Strategic Planning Specialists, Policy Makers and Law Enforcement among others.

11. SmartCards/RFID/e-Security/Biometrics expo (Brochures: 2013 - http://cis-india.org/internet-governance/blog/brochures-from-expos-in-india-2013 ; 2015 - http://www.smartcardsexpo.com/pdf/SmartCards_Expo_2015_Brochure_$.pdf)

These expos are organized by Electronics Today in Delhi or Mumbai since 1999 and supported by the Ministries of Commerce, Home Affairs and External Affairs. They showcase various identification solutions, attended by hundreds of domestic and international exhibitors.

Visitors: Target audiences include central and local level law enforcement and government organizations, Colleges and Universities, and defense forces.

12. Com-IT Expo (Brochure: 2014 - http://www.comitexpo.in/doc/Brochure.pdf)

This expo has been organized by the Trade Association of Information and Technology in Mumbai since 2008, and focuses on software and hardware Information Technology, with specific focus on IT security and surveillance.

Visitors: Visitors include Government Agencies, Airport Authorities, Police and Law Enforcement, Urban Planners, etc.

Technologies Displayed: CCTV's, Surveillance Devices and IP Cameras, etc.

13. GeoIntelligence India (Brochures: 2013 - http://www.geointelligenceindia.org/2013/Geointelligence%20India%20Brochure.pdf; 2014 - http://geointworld.net/Documents/GeoInt_Brochure_2014.pdf.)

It is an exposition held in New Delhi since 2014, organized by Geospatial Media and Communications Pvt Ltd, and is 'dedicated to showcasing the highest levels of information exchange and networking within the Asian defense and security sector.'

Exhibitors: ESRI (USA); BAE Systems (UK); Leica (Switzerland); Helyx (UK); Digital Globe; Intergraph; Trimble (USA); RSI Softech; Silent Falcon etc.

Visitors: Visitors included the Director General of Information Systems, CRPF, Manipur, Delhi, Haryana and Nagaland Police, CBI, ITBP, NSDI, SSB, National Investigation Agency, Signals Intelligence Directorate among others.

Surveillance Wares in India - The Surveillance Exhibits and what they tell us about the Indian Surveillance Industry

An analysis of the above companies and their wares give us some insight into what is being bought and sold in the surveillance industry, and by whom. Broadly, the surveillance technologies can be grouped in the following categories:

Video Surveillance and Analysis

IP Video Surveillance and CCTV are quickly becoming the norm in public spaces. Emerging video surveillance tools allow for greater networking of cameras, greater fields of vision, cheaper access and come with a host of tools such as facial recognition and tracking as well as vehicle tracking. For example, IBM has developed an IP Video Analytics system which couples monitoring with facial recognition.[8] USA's Intellivision also offers analytics systems which enable licence plate tracking, facial recognition and object recognition.[9] HGH Infrared's Spynel system allows infrared wide-area surveillance,[10] and CBC's GANZ allows long-range, hi-resolution surveillance. [11]

Video surveillance is gradually infiltrating public spaces in most major cities, with Governments promoting large-scale video surveillance schemes for security, with no legal sanctions or safeguards for protecting privacy.

Companies showcasing Video Surveillance: 3G Wireless Communications Pvt Ltd, Motorola Solutions (USA), Bosch, CP Plus, Ivis, Aditya Infotech, Micro technologies, Core Tech (Denmark), Merit Lilin , Schneider Electric, Shyam Systems, Dalsa, Honeywell, Teleste, Mirasys, CBC Group, Infinova, Radar Vision, QNAP, Ensign, Winposee, Bosch, Hik Vision (China), Alhua, Axis Communications, Vivotech (Taiwan), Endroid (USA), Vantge (UK), Pelco (France), Advik, Hi Focus (UK), ESMS, Keeper (China), Neoteric, Vizor, Verint (USA), IBM (USA), Digitals Security, Intellivision (USA), Intex, Esc Baz (Israel), Sparsh Securitech, A2zsecuretronix, Avancar Security, Securizen Systems, Vision Security, HGH Infrared (Israel).

RFID/Smart Cards/Biometric Identification

India has begun the implementation of the Unique Identification Programme for its 1.2 billion strong population, combining a host of identification technologies to provide a unique identification number and Aadhar Card - promoted as an all-purpose ID. However, this remains without legislative sanction, and continues in the face of severe privacy concerns. Such centralized, accessible databases of ostensibly private information present a grave threat to privacy. RFID, Smart Cards and Biometric Identification technologies (like the Aadhar) all make individual monitoring and surveillance significantly easier by enabling tracking of individual movements, consumer habits, attendance, etc.

Companies showcasing Identification Technologies:

AxxonSoft, Matrix Comsec, Ensign, Hi focus, Intellivision (USA), Interchain solutions, Inttelix, Kanoe, NEC (Japan), Pace, Realtime, Secugen, Source Security (USA), Spectra, Speech technology centre (Russia), BioEnable Technologies.

(For a more detailed list, see the Smart Cards Expo Brochures, linked above)

Mass Data Gathering, Monitoring and Analysis

The age of Big Data has led to big surveillance. Information and communication technologies now host significant amounts of individual data, and the surveillance industry makes all of this data accessible to a surveyor. Government mandated surveillance means any and all forms of communication and data monitoring are being implemented in India - there are network taps on telephony and deep packet inspection on internet lines, which makes telephone calls, SMS, VoIP, Internet searches and browsing and email all vulnerable to surveillance, constantly monitored through systems like the Central Monitoring System. Moreover, centralized information stores enable data mining - extracting and extrapolating data to enable better surveillance, which is what India's NATGRID aims to do.

Hacking Team Italy, Blue Coat USA and Amesys France, three of the five companies identified as 'enemies of the internet' for enabling dictatorships to use surveillance to quell dissent and violate human rights,[12] have all presented surveillance solutions at Defexpo India. Cyberoam USA and ZTE China also market Deep Packet Inspection technology,[13] while ESRI's Big Data suite allows analysis through mass surveillance and analysis of social media and publically available sources. [14]

Indian companies showcasing mass data monitoring technologies include Cyint, Fastech DPI tools,[15] Kommlabs VerbaProbe packet switching probes,[16] and ACSG's OSINT, which allows Big Data social media surveillance and Call Data Record analysis.[17]

Companies showcasing Data Gathering and Monitoring technologies:

Cobham, Comguard, Cyint, ELT (UK), Fastech, Hacking Team (Italy), Smoothwall (USA), Verint Systems (USA), Cyint technologies, Atlas Electronik (Germany), Audiotel International (UK), Avancar, Cobham (UK), ELT (UK), Eyewatch, Kommlabs, Mangal Security Systems, Merit Lilin (Taiwan), Ockham Solutions (France), Septier (Israel), Synway (China), ACSG Corporate, Amesys (France), Anritsu (Japan), Axis (Sweden), BAE Systems (UK), Blue Coat (USA), C-dot, Comint, Cyberoam (USA), Deviser Electronics, Elsira (Elbit) (Israel), Esri (USA), Exelis, General Dynamics (USA), Helyx (UK), ITP Novex (Israel), Leica (Switzerland), Net Optics (Ixia) (USA), Northrop Gruman (USA), Rahul Commerce, Rohde And Schwarz (Germany), RVG Diginet, Tas-Agt, Trueposition (USA), Zte Technologies (China).

Cell-Phone Location Tracking and Vehicle Monitoring

A number of technologies enable location tracking through vehicle GPS, GLONASS or other location technologies. RFID or optical character recognition further enables Automatic Number Plate Recognition, which can be exploited to enable vehicle surveillance to track individual movements. Embedded hardware and software on mobile phones also allows constant transmission of location data, which is exploited by surveillance agencies to track individual movements and location.

Companies showcasing Cell-Phone Location Tracking technologies: Verint, Eyewatch, Septier (Israel), True Position (USA),

Companies showcasing Vehicle Monitoring technologies: Hi-techpoint technologies pvt ltd, Axxonsoft, Essi, Fareye, Intellivision (USA), Interchain Solutions, ITP Novex (Israel), Kaneo, Kritikal, NEC (Japan), Saltriver Infosystems, Vision Security Systems.

Air/Ground Drones and Satellite Surveillance

The use of unmanned drones for security purposes is being adopted for law enforcement and surveillance purposes across the world, and India is no exception, using UAV's for surveillance in insurgency-hit areas,[18] amongst other uses, while still having no regulations for their use.[19] Drones, both aerial and ground level, are capable of large-scale territorial surveillance, often equipped with high-technology video surveillance that allows for efficient monitoring at the ground level.

Digital Globe offers satellite reconnaissance surveillance coupled with Big Data analysis for predictive monitoring. [20] Controp offers cameras specifically for aerial surveillance, while Sagem's Patroller Drone and Sperwer, and Silent Falcon's Solar Powered surveillance drone are Unmanned Aerial Vehicles (UAV's) for aerial video surveillance. Auruora Integrated, [21] and IdeaForge are Indian companies which have developed UAV surveillance drones in collaboration with Indian agencies.[22]

Companies showcasing Drone Surveillance: Aurora Integrated, Controp (Israel), Aerovironment (USA), Digital Globe (USA), ESRI (USA), Intergraph (USA), RSI Softech, Sagem (France), Silent Falcon (UAS), Textron (USA), Trimble (USA), Northrop Grumman (USA).

[1] Wikileaks, The Spy Files, available at https://www.wikileaks.org/the-spyfiles.html.

[2] Lawrence Lessig, Code V 2.0.

[3] For more information on the licensing regime, see 'Data Retention in India', available at http://cis-india.org/internet-governance/blog/data-retention-in-india.

[4] Rule 13, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

[5] Section 5, Indian Telegraph Act, 1885.

[6] See, for example, the Bangalore Traffic Police CCTV Scheme, http://www.bangaloretrafficpolice.gov.in/index.php?option=com_content&view=article&id=66&btp=66 ; the surveillance scheme supported by the MPLAD Scheme, http://mplads.nic.in/circular08112012.pdf; Mumbai's proposed video surveillance scheme, http://www.business-standard.com/article/companies/wipro-tata-ibm-reliance-among-31-bids-for-cctv-scheme-in-mumbai-112112600160_1.html.

[7] Information on the Forum is available at http://gdsf-india.com/Global-Digital-Surveillance-Forum1/images/GDSF-Bengaluru-Conference-program.pdf.

[8] http://www-01.ibm.com/support/knowledgecenter/SS88XH_1.6.0/iva/int_i2frs_intro.dita

[9] http://www.intelli-vision.com/products/recognition-suite

[10] http://www.hgh-infrared.com/Products/Optronics-for-security

[11] http://www.ifsecglobal.com/cbc-high-end-surveillance-tech-on-display-at-ifsec-india/

[12] http://surveillance.rsf.org/en/category/corporate-enemies/

[13] http://www.cyberoam.com/firewall.html

[14] http://www.esri.com/products/arcgis-capabilities/big-data

[15] http://www.fastech-india.com/packetBrokers.html

[16] http://www.kommlabs.com/products-verbaprobe.asp

[17] http://www.acsgcorporate.com/osint-software.html

[18] http://timesofindia.indiatimes.com/india/UAV-proves-ineffective-in-anti-Maoist-operations/articleshow/20400544.cms

[19] http://dronecenter.bard.edu/drones-in-india/

[20] https://www.digitalglobe.com/products/analytic-services

[21] http://www.aurora-is.com/

[22] http://www.ideaforge.co.in/home/

For more details visit https://cis-india.org/internet-governance/blog/surveillance-industry-in-india-analysis-of-indian-security-expos

Preliminary Submission on "Internet Governance Issues" to the Associated Chambers of Commerce & Industry of India

geetha — 2015-02-12T14:52:04Z

On January 30, 2015, Associated Chambers of Commerce & Industry of India (ASSOCHAM) held a consultation on Internet governance. A committee was set up to draft a report on Internet governance, with a focus on issues relevant to India. The Centre for Internet and Society (CIS) is represented on the committee, and has provided its preliminary comments to ASSOCHAM.

ASSOCHAM convened a meeting of its members and other stakeholders, at which CIS was represented. At this meeting, inputs were sought on Internet governance issues relevant for India, on which the industry body proposed to make comments to the Ministry of External Affairs, Government of India. Such a discussion, proposing to consolidate the views of ASSOCHAM members in consultation with other stakeholders, is a commendable move. This submission presents preliminary comments from the Centre for Internet and Society (CIS) in light of ASSOCHAM's consultation on Internet governance.

I. About CIS

1. CIS is a non-profit research organization that works, inter alia, on issues relating to privacy, freedom of expression, intermediary liability and internet governance, access to knowledge, open data and open standards, intellectual property law, accessibility for persons with disabilities, and engages in academic research on the budding Indian disciplines of digital natives and digital humanities.

2. CIS engages in international and domestic forums for Internet governance. We are a Sector-D member of the International Telecommunications Union (ITU),[1] and participated in the World Conference on International Telecommunications (WCIT), 2012 (Dubai) [2] and the Plenipotentiary Conference, 2014 (Busan).[3] We have also participated in the WSIS+10 Multistakeholder Preparatory Platform (MPP)[4] and the WSIS+10 High Level Event, organized by the ITU.[5]

3. CIS is also a member of the Non-Commercial Users Constituency (NCUC) at ICANN. Pranesh Prakash, our Policy Director, held a position on the NCUC Executive Committee from December 2013 to November 2014.[6]

4. CIS has been engaging at the Internet Governance Forum (IGF) since 2008, and has organized and participated in over 60 panels to date.[7] We have also organized panels at the Asia-Pacific Regional IGF (APrIGF). [8] Our Executive Director Sunil Abraham is a member of the Multistakeholder Advisory Group (MAG) for the India-IGF, and has attended in its meetings.[9] We are also in the process of developing international principles for intermediary liability, in collaboration with international civil society organisations like EFF and Article19. [10]

II. Structure of Submission

5. In this submission, we identify issues in Internet governance where engagement from and within India is necessary. In particular, brief descriptions of issues such as freedom of expression and privacy online, cyber-security, critical Internet resources and ICANN, multistakeholderism and net neutrality are provided.

III. Internet Governance Issues

6. The history of the Internet is unique, in that it is not exclusively government-regulated. Though governments regulate the Internet in many ways (for instance, by ordering website blocking or filtering, licensing of ISPs, encryption controls, investment caps, etc.), the running of the Internet is largely in the hands of private businesses, technical organisations and end-users.

7. International processes like the World Summit on Information Society (WSIS), and forums such as ICANN, the ITU, the IGF and the UN are involved in governing in the Internet in many ways. Regional organisations like the OECD, APEC and the Shanghai Cooperation Organisation (SCO) are also involved (for instance, in cyber-security matters).

8. The issues surrounding Internet governance are many, and range from telecom infrastructure and technical coordination to human rights and access to information.

Rights Online

9. The status of 'human rights online' has come under discussion, with the NETmundial Outcome Document affirming that offline rights must also be protected online. These issues are important in the context of, among others, the large scale violations of privacy in light of the Snowden Revelations,[11] and increased instances of website blocking and takedowns in different parts of the world.[12]

10. Internationally, issues of freedom of speech, privacy and access or the digital divide (though it is debatable that the latter is a human right) are discussed at the UN Human Rights Council, such as the resolution on human rights and the Internet, and the UN Human Rights Commissioner's report on the right to privacy in the digital age , which discusses the need for checks and balances on digital mass surveillance. During the Universal Periodic Review of India in 2012, India noted a recommendation from Sweden to " ensure that measures limiting freedom of expression on the internet is based on clearly defined criteria in accordance with international human rights standard ".

11. Freedom of speech and privacy are also relevant for discussion at the ITU.[13] For instance, at the Plenipotentiary meeting in 2014 (Busan), India proposed a resolution that sought, among other things, complete traceability of all Internet communications. [14] This has implications for privacy that are not yet addressed by our domestic laws. A Privacy Bill and such other protections are only in the pipeline in India.[15]

12. At ICANN as well, the root zone management function may affect freedom of expression. If, for instance, a top level domain (TLD) such as .com is erased from the root zone file, hundreds of thousands of websites and their content can be wiped from the World Wide Web. A TLD can be erased by Verisign if a request to that effect is raised or accepted by ICANN, and signed off on by the National Telecommunications and Information Administration (NTIA) of the US government. Similarly,the WHOIS database, which contains information about the holders of domain names and IP addresses, has implications for privacy and anonymity.

13. In India, the judiciary is currently adjudicating the constitutionality of several provisions of the Information Technology Act, 2000 (as amended in 2008), including S. 66A, S. 69A and S. 79. A series of writ petitions filed, among others, by the Internet Service Providers Association of India (ISPAI) and Mouthshut.com, relate to the constitutionality of the nature of content controls on the Internet, as well as intermediary liability. [16]

14. A judgment on the constitutionality of Ss. 66A, 69A and 79 are crucial for end-users and citizens, as well as companies in the Internet ecosystem. For instance, an uncertain intermediary liability regime with penalties for intermediaries - S. 79, IT Act and Intermediaries Guidelines Rules, 2011 - disincentivises ISPs, online news websites and other content providers like Blogger, Youtube, etc. from allowing free speech to flourish online. [17] The ongoing cases of Kamlesh Vaswani v. UOI and Sabu George v. UOI also have consequences for ISPs and search engines, as well as for fundamental rights.[18] International and domestic engagement is desirable, including in consultations with the Law Commission of India (for instance, the consultation on media laws).

Critical Internet Resources

15. Critical Internet Resources form the backbone of the Internet, and include management of IP addresses, the domain name system (DNS) and the root zone. [19] ICANN, a global non-profit entity incorporated in California, manages the IANA functions (Internet Assigned Numbers Authority) for the global Internet. These functions include allocating the global pool of IP addresses (IPv4 and IPv6) to Regional Internet Registries (RIRs), administering the domain name system and maintaining a protocol registry.

16. At present, the IANA functions are performed under a contract with the NTIA. On March 14, 2014, the NTIA announced its intention to transition oversight of the IANA functions to an as-yet-undetermined "global multi-stakeholder body". The deadline for this transition is September 30, 2015, though the NTIA has expressed its willingness to renew the IANA contract and extend the deadline. ICANN was charged with convening the transition process, and set up the IANA Coordination Group (ICG), a team of 30 individuals who will consolidate community input to create a transition proposal. At the moment, thenames (CWG-Names),numbers (CRISP) and protocols (IETF) communities are debating existing draft proposals. A number of new entities with which ICANN will have contractual arrangements have been proposed. At ICANN's meetings in Singapore (February 7-12, 2015) and Buenos Aires (June 2015), these proposals will be discussed.

17. At the same time, a parallel track to examine ICANN's own transparency and accountability has been introduced. The CCWG-Accountability is considering ICANN's accountability in two Workstreams: first, in light of the IANA transition and second, a revision of ICANN's policies and by-laws to strengthen accountability. ICANN's accountability and transparency are crucial to its continued role in Internet governance.

18. Several issues arise here: Should ICANN continue to remain in the US? Should the IANA Functions Department be moved into a separate entity from ICANN? Ought ICANN's by-laws be amended to create oversight over the Board of Directors, which is now seen to have consolidated power? Ought ICANN be more transparent in its financial and operational matters, proactively and reactively?

19. It is, for instance, beneficial to the stability of the Internet and to India if the IANA department is separate from ICANN - this will ensure aseparation of powers. Second, stronger transparency and accountability mechanisms are necessary for ICANN; it is a growing corporate entity performing a globally Internet function. As such, granular information about ICANN's revenues and expenses should be made public. See, for ex.,CIS' request for ICANN's expenses for travel and meetings, and ICANN's response to the same.

20. The most ideal forum to engage in this is ICANN, and within India, working groups on Internet governance at the Ministry level. As such, ASSOCHAM may seek open, transparent and inclusive consultations with the relevant departments of the Government (the Ministry of External Affairs, DeitY, Department of Telecommunications). At ICANN, industry bodies can find representation in the Business Constituency or the Commercial Stakeholders Group. Additionally, comments and proposals can be made to the ICG and the CCWG-Accountability by anyone.

Cyber-security

21. Cyber-security is often used as an umbrella-term, covering issues ranging from network security (DNSSEC and the ICANN domain), cyber-crime, and cyber-incidents such as the Distributed Denial of Service attacks on Estonian public institutions and the Stuxnet virus that attacked Iran's nuclear programme. Within the ITU, spam and child safety online are also assessed as security issues (See Study Group 17 under ITU-T).

22. At the international level, the UN Group of Governmental Experts has published three reports to date, arguing also that in cyber-security incidents, international humanitarian law will apply. International humanitarian law applies during armed attacks on states, when special rules apply to the treatment of civilians, civilian and military buildings, hospitals, wounded soldiers, etc.

23. The ITU also launched a Global Cybersecurity Agenda in 2007, aiming at international cooperation. Such cooperative methods are also being employed at the OSCE, APEC and the SCO, which have developed drafts of Confidence Building Measures. The Global Conferences on Cyberspace (London 2011, Budapest 2012, Seoul 2013, The Hague 2015) resulted in, inter alia, the Budapest Convention on Cybercrime. India has not ratified the Convention, and remains tight-lipped about its security concerns.

24. Surveillance and monitoring of online communications is a crucial issue in this regard. In India, the surveillance power finds its source in S. 5, Telegraph Act, 1888, and the Rule 419A of the Telegraph Rules, 1951. Further, S. 69 of the Information Technology Act, 2000 and the Interception Rules, 2009 enable the government and authorized officers to intercept and monitor Internet traffic on certain grounds. Information regarding the implementation of these Rules is scant.

25. In any event, the applicability of targeted surveillance should be subject to judicial review , and a balance should be struck between fundamental rights such as freedom of speech and privacy and the needs of security. An accountability model such as that present in the UK for the Interception of Communications Commissioner may provide valuable insight.

26. In India, the government does not make public information regarding its policies in cyber-security and cybercrime. This would be welcome, as well as consultations with relevant stakeholders.

Models of Internet Governance

27. Multi-stakeholderism has emerged as one of the catchphrases in Internet governance. With the display of a multi-stakeholder model at NETmundial (April 2014), controversies and opinions regarding the meaning, substance and benefits of multi-stakeholderism have deepened.

28. The debates surrounding stakeholder-roles in Internet governance began with ¶49 of the Geneva Declaration of Principles and ¶35 of the Tunis Agenda, which delineated clear roles and responsibilities. It created a 'contributory' multi-stakeholder model, where states held sovereign authority over public policy issues, while business and civil society were contributed to 'important roles' at the 'technical and economic fields' and the 'community level', respectively.

29. As the WGEC meeting (April 30-May 2, 2014) demonstrated, there is as yet no consensus on stakeholder-roles. Certain governments remain strongly opposed to equal roles of other stakeholders, emphasizing their lack of accountability and responsibility. Civil society is similarly splintered, with a majority opposing the Tunis Agenda delineation of stakeholder-roles, while others remain dubious of permitting the private sector an equal footing in public policy-making.

30. The positions in India are similarly divided. While there is appears to be high-level acceptance of "multi-stakeholder models" across industry, academia and civil society, there exists no clarity as to what this means. In simple terms, does a multi-stakeholder model mean that the government should consult industry, civil society, academia and the technical community? Or should decision-making power be split among stakeholders? In fact, the debate is more specific.

31. In India, the Multistakeholder Advisory Group (MAG) for the India-IGF was established in February 2014, and some meetings were held. Unfortunately, neither the minutes of the meetings nor action points (if any) are publicly available.

32. The Indian government's position is more complex. At the 68^th UN General Assembly session in 2011, India argued for a (multilateral) 50-member UN Committee on Internet-related Policies (CIRP). However, the Ministry for Communications and Information Technology (MCIT) has, over the years, presented differing views at the IGF and ITU through its two departments: DeitY and DoT. Further, at the meetings of the Working Group on Enhanced Cooperation (WGEC), India has presented more nuanced views, suggesting that certain issues remain within the governmental domain (such as cyber-security and child online protection). At the 9^th IGF (Istanbul, September 2014), Mr. R.S. Sharma of the DeitY echoed such a view of delineated roles for stakeholders.

33. A clear message from the Indian government, on whether it favours multistakeholderism or governmental policy authority for specific issues, would be invaluable in shaping opinion and domestic processes. In any event, a transparent consultative procedure to take into account the views of all stakeholders is desirable.

Emerging Issues

Net Neutrality

34. In simple terms, net neutrality concerns differential treatment of packets of data by carriers such as ISPs, etc. over networks. The issue has gained international attention following the U.S. FCC's regulatory stance, and the U.S. Court of Appeal's 2014 decision in Verizon v. FCC. Though this decision turned on the interpretation of 'broadband providers' under the Communications Act, 1934, net neutrality has since been debated in the US, both by the FCC and other stakeholders. There is no international consensus in sight; the NETmundial Outcome Document recognized net neutrality as an emerging issue (page 11, no. IV).

35. In India, a TRAI consultation on Over-The-Top Services on August 5, 2014 brought concerns of telecom and cellular operators to light. OTTs were seen as hijacking a portion of telcos' revenues, and as lacking consumer protection and privacy safeguards. While these concerns are legitimate, net neutrality regulation is not yet the norm in India. In any event, any such regulation must take into account the consequences of regulation on innovation, competition, and consumer choice, as well as on the freedom of the medium (which may have detrimental impacts freedom of expression).

36. Though net neutrality regulation is being mooted, there is as yet anarray of definitions of 'net neutrality'. The views of telcos themselves differ in India. Further study on the methods of identifying and/or circumventing net neutrality is necessary before a policy position can be taken.

IV. Conclusions

37. CIS welcomes ASSOCHAM's initiative to study and develop industry-wide positions on Internet governance. This note provides brief descriptions of several issues in Internet governance where policy windows are open internationally and domestically. These issues include freedom of expression and privacy under Part III (Fundamental Rights) of the Constitution of India. The Supreme Court's hearing of a set of cases alleging unconstitutionality of Ss. 66A, 69, 69A and 79 (among others) of the IT Act, 2000, as well as consultations on issues such as pornography by the Rajya Sabha Parliamentary Committee and media laws by the Law Commission of India are important in this regard.

38. International and domestic engagement is necessary in the transition of stewardship of the IANA functions, as well as ICANN's own accountability and transparency measures. Similarly, in the area of cyber-security, though several initiatives are afoot internationally, India's engagement has been cursory until now. A concrete position from India's stakeholders, including the government, on these and the question of multi-stakeholderism in Internet governance would be of immense assistance.

39. Finally, net neutrality is an emerging issue of importance to industry's revenues and business models, and to users' rights such as access to information and freedom of expression.

[1] CIS gets ITU-D Sector Membership, goo.gl/PBGKWt (l.a. 8 Feb. 2015).

[2] Letter for Civil Society Involvement in WCIT, goo.gl/gXpYQD (l.a. 8 Feb. 2015).

[3] See, ex., Hariharan, What India's ITU Proposal May Mean for Internet Governance, goo.gl/hpWaZn (l.a. 8 Feb. 2015).

[4] Panday, WSIS +10 High Level Event: Open Consultation Process MPP: Phase Six: Fifth Physical Meeting, goo.gl/3XR24X (l.a. 8 Feb. 2015).

[5] Hariharan, WSIS+10 High Level Event: A Bird's Eye Report, goo.gl/8XkwyJ (l.a. 8 Feb. 2015).

[6] Pranesh Prakash elected as Asia-Pacific Representative to the Executive Committee of NonCommercial Users Constituency, goo.gl/iJM7C0 (l.a. 8 Feb. 2015).

[7] See, ex., CIS@IGF 2014, goo.gl/Werdiz (l.a. 8 Feb. 2015).

[8] Multi-stakeholder Internet Governance: The Way Ahead , goo.gl/NuktNi; Minimising legal risks of online Intermediaries while protecting user rights, goo.gl/mjQyww (l.a. 8 Feb. 2015).

[9] First Meeting of the Multistakeholder Advisory Group for India Internet Governance Forum, goo.gl/NCmKRp (l.a. 8 Feb. 2015).

[10] See Zero Draft of Content Removal Best Practices White Paper, goo.gl/RnAel8 (l.a. 8 Feb. 2015).

[11] See, ex., UK-US surveillance regime was unlawful 'for seven years', goo.gl/vG8W7i (l.a. 9 Feb. 2015).

[12] See, ex., Twitter: Turkey tops countries demanding content removal, goo.gl/ALyO3B (l.a. 9 Feb. 2015).

[13] See, ex., The ITU convenes a programme on Child Online Protection, goo.gl/qJ4Es7 (l.a. 9 Feb. 2015).

[14] Hariharan, Why India's Proposal at the ITU is Troubling for Internet Freedoms, goo.gl/Sxh5K8 (l.a. 9 Feb. 2015).

[15] Hickok, Report of the Group of Experts on Privacy vs. The Leaked 2014 Privacy Bill, goo.gl/454qA6 (l.a. 9 Feb. 2015).

[16] See, Supreme Court Of India To Hear Eight IT Act Related Cases On 11th April 2014 - SFLC, goo.gl/XLWsSq (l.a. 9 Feb. 2015).

[17] See, Dara, Intermediary Liability in India: Chilling Effects on Free Expression on the Internet, goo.gl/bwBT0x (l.a. 9 Feb. 2015).

[18] See, ex., Arun, Blocking online porn: who should make Constitutional decisions about freedom of speech?,goo.gl/NPdZcK; Hariharan & Subramanian, Search Engine and Prenatal Sex Determination: Walking the Tight Rope of the Law, goo.gl/xMj4Zw (l.a. 9 Feb. 2015).

[19] CSTD, The mapping of international Internet public policy issues, goo.gl/zUWdI1 (l.a. 9 Feb. 2015).

For more details visit https://cis-india.org/internet-governance/blog/preliminary-submission-on-internet-governance-issues-to-assocham

NetGain: Working Together for a Stronger Digital Society

praskrishna — 2015-03-13T02:32:38Z

Sunil Abraham made a presentation at this event.

Join the conversation on Twitter using the hashtag #NetGain. This was published by the Ford Foundation.

We need everyone’s help to identify the biggest challenges that lie ahead of us. How do we balance security and privacy? How will we connect the entire world’s population? How will we archive all information and make this knowledge accessible? How can technology make democracies more participatory and responsive? Think big, and take the Netgain Challenge: Submit your ideas and help us focus on the most significant challenges at the intersection of the Internet and philanthropy.

Event Information

The Internet has transformed how we work, learn, and express ourselves. It has connected us with each other and sparked bold thinking about how to create a more fair and just world. Building that better world—and living in it—depends on an open, secure, and equitable Internet.

What is philanthropy’s role in addressing the challenges and potential of our digital society? Can we collaborate, as we have in the past on other crucial issues, to bend the arc of progress and ensure that everyone shares in the tremendous opportunity the Internet offers? Have we thought big—really big—about what the digital revolution can mean for the common good?

On Feb. 11, the presidents of the Knight, Open Society, Mozilla, and Ford Foundations—along with a special surprise guest—will come together with leading figures from government, philanthropy, business, and the tech world to launch a major new partnership, explore shared principles, and get ambitious about the next generation of innovation for social change and progress.

Read the press release.

8:45 – 9:30 am
Registration and Breakfast

9:30 – 9:45 am
Welcome
Darren Walker President, Ford Foundation

9:45 – 10:00 am
Keynote Address: New York City Mayor Bill de Blasio

10:00 – 10:45 am
The Internet, Philanthropy, and Progress: Principles for Future Work
Read the principles 139 KB

Introduction by Jenny Toomey Director, Internet Rights, Ford Foundation
Mitchell Baker Executive Chairwoman, Mozilla Foundation
Chris Stone President, Open Society Foundations
Darren Walker President, Ford Foundation
Moderator Gwen Ifill Managing Editor, “Washington Week”

10:45 – 11:00 am
Break

11:00 am – 12:20 pm
NetGain Challenges
Hosted by:
John Palfrey Head of School, Phillips Academy
Ethan Zuckerman Director, MIT Center for Civic Media

Presenters:
Ethan Zuckerman Director, MIT Center for Civic Media
Emily Bell Director, Tow Center for Digital Journalism, Columbia University Graduate School of Journalism
Alicia Garza Co-Founder, #BlackLivesMatter; Special Projects Director, National Domestic Workers Alliance
Sunil Abraham Executive Director, Centre for Internet & Society
Chip Pickering CEO, Comptel
Laura Poitras Filmmaker, “Citizenfour”
Chris Soghoian Principal Technologist, Speech, Privacy, & Technology Project, ACLU
Brewster Kahle Digital Librarian and Founder, Internet Archive
Joi Ito Director, MIT Media Lab

12:20 – 12:45 pm
Break

12:45 – 1:30 pm
Lunch Discussion: Celebrating 25 Years of the World Wide Web
Introduction by Alberto Ibargüen President and CEO, Knight Foundation
Tim Berners-Lee Inventor, World Wide Web
Susan Crawford Co-Director, Berkman Center for Internet & Society, Harvard University

1:30 – 2:00 pm
Break

2:00 – 4:30 pm
Citizenfour Screening and Discussion
Introduction by Eric Sears Program Officer, Human Rights, MacArthur Foundation
Laura Poitras Filmmaker, “Citizenfour”
Ben Wizner Director, Speech, Privacy & Technology Project, ACLU
Moderator Brian Lehrer Host, “The Brian Lehrer Show,” WNYC

For more details visit https://cis-india.org/internet-governance/news/net-gain-working-together-for-stronger-digital-society

Facebook launches Internet.org in India

praskrishna — 2015-03-13T02:27:14Z

Joins hands with Reliance Communications. Move spurs neutrality concerns.

The article by Lalatendu Mishra and Sriram Srinivasan was published in the Hindu on February 11, 2015. Pranesh Prakash was quoted.

Facebook on Tuesday announced a tie-up with Reliance Communications to launch Internet.org in India, bringing to the land of a billion-plus people a service that the social media giant says helps affordable Internet access but whose critics disapprove its restrictiveness.

India now becomes the sixth destination for Internet.org, a Facebook-led initiative envisaged about a year-and-a-half back with six other founding partners, including Samsung and Qualcomm. The service has already been launched in Zambia, Tanzania, Kenya, Colombia and Ghana.

Facebook’s 30-year-old founder and CEO Mark Zuckerberg announced the development on his social network. He posted, “More than a billion people in India don’t have access to the internet. That means they can’t enjoy the same opportunities many of us take for granted, and the entire world is robbed of their ideas and creativity.”

The tie-up gives subscribers of the Anil Ambani-led Reliance Communications who have Internet-enabled handsets free access to 38 Websites – a mix of news, music, education, weather and health sites. The list includes Facebook, Wikipedia, and Reliance Astrology. The lone search option available is Microsoft’s Bing. They can be accessed via an Android app.

For the time being, the service has gone live in Maharashtra, Gujarat, Andhra Pradesh, Tamil Nadu, and Kerala. The pan-India launch is planned in three months. Nearly 70% of Reliance’s customers who have Internet-enabled phones but are now offline are expected to avail themselves of this service.

Gurdeep Singh, CEO, Consumer Business, Reliance Communications, said during the launch in Mumbai, “This partnership will not only accelerate internet penetration In India, it will also open new socioeconomic opportunities to users in fields like education, information and commerce.”

Chris Daniels, Vice President of Internet.org at Facebook, said, “This is a big step forward in our efforts to connect every one in India to the internet and help people discover new tools and information that can create more jobs and opportunities.”

Critics, however, see little altruism in Internet.org. Rather, what they see is a huge challenge to the neutrality of the Internet. Their point is that a selective access to the Internet makes it extremely difficult for rivals not part of the service.

Lawyer Prashant Reddy said, “It will be interesting to see how Trai (the regulator Telecom Regulatory Authority of India) handles such deals, and whether the market will accuse both these players of violating network neutrality.”

He said, “Also one needs to see how public understands the principles of Net neutrality.” His point is: there is no outcry when data packs are offered free but controversy erupts when a service provider tries to charge subscribers for services, as in the case of Airtel recently.

Internet activist and director of the Center for Civic Media at MIT, Ethan Zuckerman, told The Hindu in an email interview that "If Facebook were donating millions or billions to upgrade infrastructure - or even to lobby mobile phone carriers for cheaper data services for all - it would be less troubling. But instead, they're offering a limited version of the internet, one that centers on Facebook, to low-income internet users. That raises real concerns that this is not a charitable effort, but a customer acquisition strategy."

Pranesh Prakash, Policy Director of the Bengaluru-based research and advocacy organisation The Centre for Internet & Society, said he is worried about the long-term consequences. “The Internet.org model violates most definitions of net neutrality, as it provides access to a limited menu of services claiming to be the Internet — being based on a cable TV model — rather than providing actual access to the Internet at a low cost.”

He said, “Since it is an exclusive deal with a single mobile service provider, it also calls into question the genuineness of Mark Zuckerberg’s publicly-stated motive of bringing the Internet to a billion people and bridging the digital divide.”

It isn’t clear how Facebook and Reliance would bear the cost of the free service. What Facebook said in its annual report of 2013 is that it would continue to invest in projects even if it doesn’t have a clear path to monetisation, “such as our commitment to the Internet.org initiative to increase global Internet access.”

Even prior to the internet.org initiative, companies such as Facebook and Twitter have individually worked out deals with telecom companies in fast-growing markets to make their services free for subscribers. Research firm eMarketer had forecast India to be the fastest-growing geography for Facebook in terms of users in 2014.

(With inputs from Sanjay Vijayakumar)

For more details visit https://cis-india.org/internet-governance/news/hindu-lalatendu-mishra-sriram-srinivasan-february-11-2015-hindu-facebook-launches-internet-org-in-india

Govt may turn to supercomputing for better use of Aadhaar database

praskrishna — 2015-03-08T05:53:03Z

Technology experts working with the Aadhaar project have spotted other potential uses for it, all to be powered by a string of supercomputers.

The article by Moulishree Srivastava was published in Livemint on February 10, 2015. Sunil Abraham is quoted.

When India launched a scheme in 2009 to give every one of its residents a unique identity number called Aadhaar, there were two main objectives: an efficient delivery of welfare services, and a tool for monitoring government schemes.

Six years on, as the government moves a step closer to covering all 1.25 billion citizens with Aadhaar, technology experts working with the project have spotted other potential uses, all to be powered by a string of supercomputers. With Aadhaar having crossed the 700 million milestone in 2014, the government is preparing to launch supercomputing applications to make more sense of the scheme’s massive database. These will help link the database to public services by running data analytics, which in turn will throw up trends that can help promote better-informed policy-making.

“We are talking about the Aadhaar database and the huge population data associated with it. Right now it is only a collection of data, but once we start rolling out applications, the amount of information that will be generated and the amount of usage that will happen will be enormous,” said Rajat Moona, director general of the Pune-based Centre for Development of Advanced Computing (CDAC), the research and development arm of the department of electronics and information technology responsible for the National Supercomputing Mission.

“Big data analysis and big data visualization, these are supercomputing problems. It (handling Aadhaar database) is actually visualization of huge data that can help in the planning,” he added. “When you have that much amount of information, you can do a lot of data analysis and figure out trends. We can thus see what are the policies needed to be defined. Therefore proactive policymaking based on previous trends is possible provided we have data,” he said.

Aadhaar is being used by the government for transferring cash subsidies directly into the bank accounts of beneficiaries in order to plug leakages. It is used to identify beneficiaries for transferring funds under scholarship schemes, pension money, cooking gas subsidy as well as seeding of bank accounts to weed out multiple beneficiaries under the government’s financial inclusion programme.

There are also plans to use Aadhaar to curb black money in real estate transactions. Developing these applications further, says Moona, needs supercomputers, which will give far better results. “In order to develop these applications we need to understand supercomputing and use of supercomputing,” he said. “We don’t have such applications developed…we usually take larger applications developed elsewhere and customize it according to our needs. So applications that are developed for solving India-centric problems will actually give a better output,” he said.

“We are talking about creating related applications that can run on supercomputing cloud of million cores (cloud supported by million-core supercomputers),” he added. “It will be a platform, where we can solve a large number of problems using shared model.” “It (supercomputing cloud) will not be a public cloud. There will be research institutes, research organizations, security agencies, government departments and each of them will have its own data and access pattern.

This is going to be a part of our application-centric usage of (the proposed) supercomputing (grid).” The million-core supercomputing cloud is a part of the government’s Rs.4,500 crore project aimed at setting up a grid of more than 70 supercomputers to be hooked up across these institutions and organizations over the next five to seven years. This will enable Indian researchers to build applications on the network, as well as to harness the power of supercomputers for research and development. India has 12 of the world’s 500 most powerful supercomputers, the largest currently deployed being a 500 teraflops (equivalent to half a petaflop) computer, administered by the CDAC. To work on supercomputing applications in areas such as the Aadhaar database, terrorism, advanced weather monitoring— including cyclone and flood prediction—and geo exploration, the government plans to train 22,000 high-quality professionals over 5-7 years.

Some experts point out that a centralized Aadhaar database faces cybersecurity risks that can threaten people’s privacy. Centralization is a terrible idea from the perspective of cybersecurity, said Sunil Abraham, executive director of the Bengaluru-based research organization Centre for Internet and Society. “This is a honeypot (a computer system that is set up to attract and trap people who attempt to penetrate other people’s computer systems) and variety of bad actors, i.e. criminals, terrorists, as well as states and corporations, will target this database hoping to compromise it.”

A petition filed by former Justice K.S. Puttaswamy in 2012 said that Aadhaar scheme infringes citizens’ privacy as applicants need to provide personal information on biometrics, iris and fingerprints, which infringes their right to privacy that is a part of the fundamental right to life under Article 21 of the Constitution. Security experts have been raising concerns about lack of secure and foolproof system to ensure that all the data will be safe and will not be misused. “How do we address the security and innovation imperative without compromising on the right to privacy? We must build individual transaction databases for each government department/ministry and (have) decentralised authentication. Only anonymized dataset should be made available to the supercomputing applications that are being built,” Abraham said. “For innovation and improved e-governance, anonymized data is sufficient.”

For more details visit https://cis-india.org/internet-governance/news/livemint-february-10-2015-moulishree-srivastava-govt-may-turn-to-supercomputing-for-better-use-of-aadhaar-database

Facebook offers free but limited access to the Internet in India

praskrishna — 2015-03-08T07:42:19Z

Facebook-backed Internet.org is extending its offer of free but limited Internet access to India via a mobile app.

The blog post was published in PC World on February 10, 2015. Pranesh Prakash is quoted.

The launch of the app in India follows similar introductions in Ghana, Zambia, Colombia, Kenya and Tanzania, despite criticism from activists that the program does not meet its stated objective of providing free and unfettered Internet access to all.

The common thread in all these launches is that the app is available only to subscribers of one operator in the country. In India, for example, Internet.org has tied with Reliance Communications, the country’s fourth-largest mobile services provider.

Internet.org is a collaborative effort, launched in 2013 by Facebook and other tech companies including Ericsson and Samsung Electronics, that aims to provide Internet access to those who don’t yet have it.

“Connectivity can’t just be a privilege for some of the rich and powerful,” Facebook CEO Mark Zuckerberg said last year at the first meeting of Internet.org. “It needs to be something that everyone shares, and an opportunity for everyone.”

But the way the free service has been offered has come in for criticism from some social activists.

“This is a walled garden approach that undermines the infrastructure of free expression in India,” said Pranesh Prakash, policy director at Centre for Internet and Society, a Bangalore-based organization focused on research and policy advocacy, who pointed out that the app does not offer truly free access to the Internet.

Prakash is also critical that the service will only be available to subscribers of Reliance Communications, defeating the stated aim of Internet.org of providing free Internet access to all.

The free access is limited to 38 websites, including Facebook and its Messenger service, Bing Search, Dictionary.com, Wikipedia, BBC News, Reuters Market Lite for crop and farming information, and local jobs and news sites.

The service will only cover a few Indian states in South India. Reliance customers in the six states can access the free services through the Android app, from the start screen of the Opera Mini mobile web browser, and using the Android app UC Browser for Internet.org. The services will be available in English, Hindi, Tamil, Telugu, Malayalam, Gujarati and Marathi.

For more details visit https://cis-india.org/internet-governance/news/pc-world-john-riberio-february-10-2015-facebook-offers-free-but-limited-access-to-the-internet-in-india

Collection of Net Neutrality Definitions

tarun — 2015-02-09T13:33:38Z

As part of CIS's inquiry into 'Network Neutrality' in the developing world, we have collected a set of definitions of the term from different sources. The definitions were collated and compiled by Manoj Kurbet, Maitreya Subramaniam and Tarun Krishnakumar under the guidance of Sunil Abraham.

Collection of Net Neutrality Definitions

Please feel free to get in touch if you would like to suggest definitions to be added to this working database.

For more details visit https://cis-india.org/internet-governance/blog/collection-of-net-neutrality-definitions

Digital Security Workshop for Journalists

praskrishna — 2015-03-08T05:25:34Z

The Centre for Internet and Society and the Mumbai Press Club are jointly organizing a workshop for journalists on February 7, 2015, from 9.30 a.m. to 1.30 p.m. at Mumbai Press Club, Azad Maidan.

Event Flier

The event would cover these topics:

Why should journalists care about digital security?
The threat model: assessing digital security risks and responses.
Security measures and solutions: alternatives to unsecure software and tools, good security practices, computer hygiene etcetera.

Event Pictures

For more details visit https://cis-india.org/internet-governance/events/digital-security-workshop-for-journalists

TOI literary festival kicks off today

praskrishna — 2015-02-05T15:37:21Z

The Times Litfest 2015, Bengaluru, kicks off on Saturday at the Jayamahal Palace Hotel. The two-day festival is among the biggest such literary enclaves in Bengaluru. It'll see some of India's foremost creative minds talk, argue, debate, discuss and engage with vital topics which touch our lives.

Over two busy days, achievers from every field will talk about reading, writing, culture, journalism, food, comedy, sport, films and much, much more. Speakers on Day 1 include historian Ramachandra Guha, NR Narayana Murthy and Snapdeal CEO Kunal Bahl, star chef Manu Chandra, and comedians Radhika Vaz and Rubi Chakravarti.

It's not all fun and games. Our serious sessions include Raghavendra Joshi talking about his father Bhimsen Joshi's legacy; Rohan Murty (founder of the Murty Classical Library), author and historian Vikram Sampath and translator Arunava Sinha on preserving our cultural heritage; and Pranesh Prakash of Centre for Internet and Society, Lawrence Liang of Alternative Law Forum, and author and journalist Vivek Kaul on internet censorship and net neutrality.

Read the full coverage on the Times of India newspaper here

For more details visit https://cis-india.org/internet-governance/news/times-of-india-january-31-2015-toi-literary-kicks-off-today

‘Internet is an absolute human right’

praskrishna — 2015-02-05T15:10:58Z

The right to the internet is an absolute human right, Bengaluru-based lawyer Lawrence Liang said.

The article was published in the Times of India on February 1, 2015. Pranesh Prakash was quoted.

Pranesh Prakash, policy director, Centre for Internet and Society, said people should fight for this right "as we fight for the right to food".

There was vigorous espousal of the concept of net neutrality at the session on 'Is free internet a fantasy?' Net neutrality is the notion of keeping the internet free and open. It implies preventing broadband companies from blocking or deliberately slowing down legal content; and preventing them from collecting a higher fee from content providers to enable them to reach consumers faster.

Session moderator and writer Vivek Kaul noted that broadband companies had been arguing for the right to price internet services differentially on the grounds that they had made huge investments on their infrastructure. Prakash challenged that argument saying the companies were already highly profitable and their consumers were anyway paying for the internet. "Even the argument that large content providers like Google and Facebook are having a free ride on their networks is not true because they pay intermediaries who carry their traffic," he said.

Last November, US president Barack Obama upheld net neutrality, saying that for almost a century, "our law has recognized that companies who connect you to the world have special obligations not to exploit the monopoly they enjoy over access into and out of your home or business." He went on to say: "It is common sense that the same philosophy should guide any service that is based on the transmission of information — whether a phone call or a packet of data."

If broadband companies are allowed to charge content providers higher for faster internet services, it would discriminate against those who can't afford to pay such rates. This would mean lopsided availability of information - a fundamental resource for a democratic world.

For more details visit https://cis-india.org/internet-governance/news/times-of-india-february-1-2015-internet-is-an-absolute-human-right

ASSOCHAM National Council on IT / ITes

praskrishna — 2015-02-05T14:56:27Z

This meeting was held in New Delhi on January 30, 2015 at ASSOCHAM Corporate Office.

Draft Minutes of Meeting

Meeting Attended by:

Mr. Shashi Mal, Co-Chairman, ASSOCHAM National Council on IT/ ITES
Mr. T. V. Ramachandran, Chairman, ASSOCHAM National Council on Telecom
Mr. Anupam Aggarwal, TCS
Mr. Anthony Thomas, Vodafone India Ltd.
Ms. Geetha Hariharan, The Centre for Internet & Society
Mr. Sreedhar.C, Amara Raja
Mr. Naveen Tandon, AT&T India
Mr. Nripendra Singh , Ernst & Young LLP
Mr. S. Chandrasekhar, Microsoft
Mr. Akhilesh Tuteja, KPMG
Mr. Pankaj Sharma, CA Technologies
Mr. Sanjay Sarma, Design Worldwide
Mr. Subhodeep Jash, DUA Consultant
Mr. Ashok Sud, AUSPI
Mr. Ashis Mukherjee, WIPRO
Mr. Saurabh Joshi, Accenture
Ms. Ambika Khurana, IBM
Mr. Sumit Monga, R Com
Cmde Shyam Kaushal, wimax
Mr. Jitender Singh, Qualcomm
Mr. Vikram Tiwathia, COAI
Mr. Ranjeet Goshwami, TCS
Mr. Sant Pratap Singh Matta, Railtel Corporation
Mr. Kinshuk De, TCS
Mr. T R Dua, TAIPA
Mr. B B Anand, AUSPI
Mr. Dilip Sahay, AUSPI
Mr. Nitin Wali, Verisign
Mr. A.k. Gidwani, BPCL
Mr. Harsh Rastogi, TUV Rheinland India
Mr. Sanjeev Arora, Vodafone
Mr. Anil Prakash, ITU/APT Foundation
Mr. Avik Banerjee, DEN Networks
Ms. Neelima Agrawal, LUXURY CHRONICLE
Ms. Amrita Jagatdeo, Bihang Welfare Association
Mr. Minushri Madhumita, Bihang Welfare Association
Mr. Varun Aggarwal, ASSOCHAM
Mr. Parag Tripathi, ASSOCHAM
Mr. Ashish Malik, ASSOCHAM

The Meeting started with the Chairman of the Meeting Shri Shashi Mal, Co-Chairman, ASSOCHAM IT/ITes Council & Director & Industry Leader, IBM India welcoming the Members present.

Mr. Mal introduced the topic of discussion and its importance in the present context.

Mr. Mal pointed out that internet has touched every aspect of life and has significant stake in almost every business in the present times.

He further pointed out two main points, how internet can be managed and how do you legally govern the activities going on the internet. He suggested approaching all interest groups for their views before we make the recommendations.

He emphasized that the consensus has to be build within the stakeholders of the subject and informed that for this ASSOCHAM is planning to organize INDIA INTERNET GOVERNANCE SUMMIT (IIGS)-2015 on 26^th March, 2015 in New Delhi.

Mr. T. V. Ramachandran, Chairman, ASSOCHAM National Council on Telecommunications said that there are many opinions within the stakeholders. He said that India, with maximum numbers of users has the right to be heard in the international forums. He further said that Industry should have an active participation in the policy making.

Mr. Vikram Tiwathia, COAI asked why ASSOCHAM is organizing this program and who has mandated them to do so and why they want to send the recommendations to the Government.

It was informed that ASSOCHAM has already announced in the Ministry of External Affairs Meeting and the National Security Council Secretariat that ASSOCHAM will be creating a forum where all the stakeholders could present their point of view and proceedings of this Summit will be shared with the Government as the Recommendations.

Mr. Vikram Tiwathia to this replied that there are many stakeholders like civil society, academia, but ASSOCHAM should present the view of the Industry only.

Mr. Mal suggested that there might be different views within the Industry on Internet Governance.

Mr. Tiwathia informed the Members present that Department of Electronics and IT, Government of India has constituted a Multistakeholder Advisory Group (MAG) for the India Internet Governance Forum but had met only twice. He suggested taking MAG outside the Deity to a more autonomous body. He also suggested that India should sign the Budapest Convention (or what are the obstacles in signing the Budapest Convention).

One of the Members present suggested coming up with commercially accepted views for Internet Growth usage and Protection of Investors along with steps for Principle for Self Regulations.

One of the Members also brought out the Hygine Part of the Internet ie how internet is being used today.

It was decided that the following major issues in the Internet Governance will be discussed with Political, Technical & Economic aspects.

Cyber Security
Cyber Policy
Access
Diversity
Emerging issues like e-Commerce

It was decided that the Members will email their inputs on the above points to ASSOCHAM latest by Monday, 9th February, 2015. A core group is being constituted with the following Members to further develop on the issues from the inputs received by 14th February, 2015.

Core Group Members:

Mr. Anupam Agarwal, TCS
Mr. Anthony Thomas, Vodafone India
Ms. Geetha Hariharan, The Centre for Internet & Society
Mr. Akhilesh Tuteja, KPMG
Mr. Dilip Sahay, AUSPI
Mr. Jitendra Singh, Qualcomm
Mr. Vikram Tiwathia, COAI

It was suggested that ASSOCHAM should engage a Knowledge Partner to collate and make the Report/ Background Paper on the subject by 1st Week of March 2015.

There are Speakers and Sponsorship Opportunities for which you could also forward your suggestions to ASSOCHAM at the earliest.

It was decided that ASSOCHAM will prepare the rough draft of Program Agenda & Circulate among Members

The Meeting ended with thanks to the Chair.

For more details visit https://cis-india.org/internet-governance/news/assocham-national-council-on-it-ites

Section 66A not for curbing freedom of speech, govt says

praskrishna — 2015-02-05T13:59:12Z

Section designed to fight cybercrime and protect the right to life, central government tells Supreme Court.

The article by Akansha Seth and Apoorva was published in Livemint on February 3, 2015. Sunil Abraham gave his inputs.

The central government on Tuesday clarified to the Supreme Court that penal provisions of the Information Technology (IT) Act, 2000, were not intended to curb freedom of speech.

Instead, the controversial Section 66A of the IT Act, challenged in the apex court, is designed to fight cybercrime and has nothing to do with any citizen’s freedom of speech and expression, the government said, adding that these provisions seek to protect the right to life of Indian citizens.

The government’s clarification, made in a written submission to the Supreme Court, is significant because the argument made so far in the court by opponents of the controversial section is that they are misused to curb freedom of expression.

The penal provisions deal with online criminal offences like phishing, vishing (voice phishing), spoofing, spamming, and spreading viruses that have a serious potential to not only damage and destroy the computer system of an individual citizen but also bring the functioning of vital organizations and, in extreme cases, even the country to a standstill.

The stand of the government is interesting because it comes on a petition filed when police arrested a 21-year-old girl for questioning on Facebook Mumbai’s shutdown after Shiv Sena leader Bal Thackeray’s funeral in 2012. Another girl who “liked” the comment was also arrested. Last May, five students were detained by police for spreading an anti-Narendra Modi photo on WhatsApp.

“If 66A, as the government argues does not set any additional limits on freedom of speech and expression, then it is wholly unnecessary, serves no purpose and should be struck down by the honourable court. After all it has never been used to tackle the problem of spam which was the original intent,” said Sunil Abraham, executive director, Centre for Internet and Society, a Bengaluru-based think tank.

The central government has clarified that the phrases annoyance, inconvenience, danger, or obstruction as used in Section 66A have no correlation or connection with any citizen’s freedom of speech and expression. Consequently, if as a result of a citizen exercising his or her freedom of speech and expression, annoyance, inconvenience, danger or obstruction is caused while sending anything by way of a computer resource or a communication device, it will not be a penal offence under section 66A.

The government has also argued that if an individual chooses to misuse the provision for a purpose for which it is not intended or resorts to the expressions inconvenience or annoyance in a casual manner, it would be a case of abuse of the process of law. However, it would not be a ground for declaring the provisions unconstitutional if they are otherwise found to be constitutional.

Additional solicitor general Tushar Mehta, appearing for the central government, argued that no one can file a criminal complaint on grounds that they received an information that caused annoyance, inconvenience, etc.—grounds mentioned under section 66A.

Mehta also suggested that the court could come up with guidelines on how to interpret the section, or such regulations could be framed under section 89 of the IT Act which empowers the controller to make regulations to carry out the purposes of the Act, in consistency with it, after consultation with the Cyber Regulations Advisory Committee and with the previous approval of the central government.

Mehta argued that authoritative discretion was required because a precise and concise definition of grossly offensive or menacing character—terms used in section 66A—was not possible. “Nobody can allege that they are annoyed by the exercise of someone’s freedom of speech,” he added.

Gaurav Mishra contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/livemint-akansha-seth-apoorva-livemint-feb-3-2015-section-66a-not-for-curbing-freedom-of-speech-govt-says

WWW: The Hackers’ Haven

praskrishna — 2015-02-05T02:20:04Z

In an increasingly connected world, it pays to be careful when sharing personal information

This story by Abraham C. Mathews was published in BW | Businessworld Issue Dated 09-02-2015. Sunil Abraham gave his inputs.

Last year, Whatsapp changed its encryption algorithm several times and, every time, it was breached,” says Saket Modi, hacker, entrepreneur and CEO of Lucideus Technologies, which just created an app that monitors wayward activity on your smartphone. That’s geekspeak for: “Your WhatsApp chats, including deleted ones, would have been accessible to any hacker worth his salt”. And we are talking about a company that was valued at $19 billion at some point during the year. Only in November 2014 did WhatsApp finally embrace end-to-end encryption, which will ostensibly address the issue.

Or take the sales claim that every smartphone purchaser has heard — “Android is safe from virus.” That’s not, however, what a joint study by security solutions company Kaspersky and Interpol found. In the first half of 2014, 1,75,442 unique malicious programmes targeted at Android were discovered. Clearly a tribute to the platform on which 85 per cent of smartphones run.

In a TEDx talk last year titled ‘What’s physically possible in the virtual world’, Modi demonstrated how, with access to your smartphone for barely 20 seconds, he can see everything that has ever happened on your phone — text messages, call log, browsing history, and so on. He also showed how fraudulent emails could be disguised so as to appear to have come from a yahoo.com email address, and how you could be hacked even without being connected to the Internet. “There are only two kinds of people in the world,” he says. “Those who know they have been hacked and those who don’t.”

Epidemic Proportions
For cyber security, 2014 was annus horribilis. From celebrities whose intimate pictures were dumped on the Internet, to corporates such as Sony, JP Morgan and Target whose records were hacked into and personal information of millions of their customers compromised, it was the year when the proverbial shit hit the fan. Details (names, numbers, even favourite pizza toppings) of six lakh customers of Domino’s Pizza in France and Belgium were stolen for a $40,000 ransom. One hundred and ten million records (credit card details, social security numbers, along with addresses) from Target were stolen. The company later admitted that its sales were “meaningfully weaker” after the data theft was disclosed. One hundred and forty-five million records were stolen from eBay, 109 million from Home Depot and 83 million from JP Morgan during the year.

In 2013, a group that calls itself the Syrian Electronic Army hacked into Swedish company TrueCaller’s database. TrueCaller, an app, allows you to identify phone numbers. The data is collected from the contact list of those who download the app, which means, it even has details of those who haven’t downloaded or used the app in any way. Estimates put the number of Indians whose numbers could have been stolen at a million.

Cyber security is not yet a boardroom topic, says Anil Bhasin, MD, India & Saarc, Palo Alto Networks, which claims to create comprehensive security solutions for users but is fast becoming one with the increase in security breach incidents. Enterprises still use legacy technology that at times is 20 years old, he says, giving the example of banks that sometimes have a layer-3 staple inspection firewall, when they should ideally be running on layer-7.

When companies store your information, you also benefit. For example, when an e-commerce company does so, online shopping becomes faster and easier. But these companies should invest in measures to protect the information, says Sunil Abraham, executive director of the Centre for Internet and Society in Bangalore. But then again, he says, a lot of breaches, like the celebrity iCloud hack, happen because users are negligent with measures designed to protect them. Passwords, for instance.

A Pew Research report found that only four out of 10 Internet users changed passwords after the ‘heartbleed’ virus (which found a way to unlock encrypted data) was uncovered in April 2014. Only 6 per cent thought their information was stolen. But, in August, it emerged that a Russian crime ring had amassed 1.2 billion user name-password combinations of 500 million email addresses from 4,20,000 websites. A Kaspersky study found that the number of malicious programmes detected rose 10 times in just six months to 6,44,000 in March 2014. This shows the call for vigil cannot not be more critical.

Interestingly, your online financial payments may be relatively more secure, thanks to Reserve Bank of India’s dogged persistence in continuing with the two-step verification process for electronic payments (a one-time password and PIN verification). The central bank drew a lot of flak for barring taxi app Uber from storing payment information and automatically deducting charges at the end of a ride. But Modi isn’t impressed. He likens the two-step verification to a batsman going onto the pitch wearing just a helmet. “The rest of your body is still exposed,” he says.

Easy Targets
Here’s one easy hack that Modi describes. Any app that you download from the app store on your phone asks for a set of permissions, which mostly come as an ‘all or nothing’ option. You either grant all the access it asks for, or you can’t download the app. Suppose, you grant a scrabble app access to your text messages. Your number can then be accessed by the app provider. Now think about how your banking transactions are verified — with a one-time password sent as a text message. With access to your text messages, entering that password would hardly be a challenge for hackers, says Modi. Or, suppose you were to set up a new WhatsApp account with that same number. The verification, like we all know, comes through a one-time password sent to your number. With access to your text messages, the hacker is given a virtual key to your entire WhatsApp history.

Or, take for instance, an app that requests access to your SD card (the storage card in your phone). With that permission, the app gets access to everything on your SD card, including your most private photos. Modi’s company Lucideus recently came out with an app, UnHack, that scans your phone to see which apps can access what data. If you use the app, you will find that not only can Facebook access the call logs on your phone, but apps like Wunderlist (which organises to-do lists) and Pocket (which stores articles for future offline reading) can access your contacts as well. The apps from TED (of TED Talks fame) as well as Flipkart can see as well as edit your personal photos and documents.

Companies —Uber, for instance — have in the past been found to be frivolous with data collected. Late last year, Uber greeted a Buzzfeed reporter who had arrived at the company’s New York headquarters with “There you are — I was tracking you”. No prior permission was sought. A venture capitalist, Peter Sims, had written earlier that his exact whereabouts in New York were displayed to a room full of people as part of a demonstration at a company event in Chicago.

Information Overload
Adam Tanner, a Harvard fellow and a Forbes columnist, was at an annual conference of the Direct Marketers Association, where he noticed a list of names of 1.8 million people with erectile dysfunction (ED), along with their email addresses and numbers. The organisers claimed the details were volunteered by the people themselves. Knowing that ED is something that men rarely admit to, he made the organisers an offer — “Let me purchase a list of a thousand people, and write to them to see if they know that they are on such a list.” The organisers refused, saying it would be an immoral use of their data. From this, one can tell that the information came from websites that took their details, promising a cure.

This, and other similar anecdotes made their way to his recent book, What Stays in Vegas, which deals with the world of personal data and the end of privacy as we know it. When Tanner meets Indians, he brings up matrimonial websites. What surprises him is the volume of information that people disclose. To westerners, details such as sub-caste or blood type, as well as in many cases the admission that a person is HIV+ is an outright breach of privacy. That people would volunteer to put this out in public is shocking. “When you are looking for a suitable match, giving the information may be important at the moment, but you must not forget that once something is on the Internet, it can never be completely deleted,” he warns.

But what is the problem if somebody has all the details, you may ask. Is the potential risk greater than the possibility of a perfect match? A PTI report from 2009 talks about a confession by an Indian Mujahideen operative who used information from such sites to get a student identity card as well as a driving licence. Mukul Shrivastava, a partner in the forensic practice at EY, gives you another alarming scenario. Let’s say somebody trawls your Facebook, what is the amount of information that such a person can get access to? Your daily routine, your physical movement, your favourite restaurant or whether you will be at home at a certain time (from a status message like “Can’t wait to watch the Devils trouncing Liverpool at ManU Café tonight!”). Even if a physical attack is not on the agenda, much of the information can be used to guess security questions (favourite cat, first school) and find out required details for phone banking (date of birth, email address, mother’s name). An HDFC Bank official says there is a rise in vishing (the voice equivalent of phishing) attacks, where people with access to bank account numbers as well as personal details pose as bank executives and lure customers with special benefits and convince them to divulge their banking passwords.

Security is an individual’s responsibility, says Sunil Abraham. “You have to remember that you have volunteered to put the information online,” he says. Information once put online is not private anymore. It’s like making an announcement in a large hall that is broadcast on TV. That’s what the Internet is. And once the Internet gets to know, it can never really be forgotten, says Vishnu Gopal, chief technology officer at MobME, a mobile value-added services provider. It will be available on some weblink or at least on archive.org, which claims to have ‘435 billion pages saved over time’.

While reclaiming lost information might be difficult, one can still reclaim privacy. Both Facebook and Gmail have options to disable monitoring by other applications. It might be worthwhile to pay the permissions page a visit. Routine password changes, as well as keying them in every time (rather than saving them on the system) might be worth the trouble. That said, nothing works like caution.

An Attacking Refrigerator!
A year ago, Proofpoint, a US-based security solutions provider, noticed an unusual type of cyber attack. Emails were sent in batches of about a lakh, thrice a day, aimed at slowing down large enterprises. What was unique about this attack was that upto 25 per cent of the volume was sent by devices other than computers, laptops, mobile phones or such devices. Instead, the emails came from everyday consumer electronic items like network routers, televisions, and at least one refrigerator, according to the company, with not more than 10 emails from any one device, making the attack difficult to block. This is now known as the first Internet of Things or IoT-based attack, where connected everyday-use devices are hacked into and used as cyber weaponry.

With the IoT, you have devices talking to one another, opening up multiple places to be breached, says MobME’s Gopal. From your shoe to T-shirt, everything becomes a potential bot. India should be concerned. Research by securities provider Symantec says India tops the list of countries wherein Distributed Denial of Service (DDoS) attacks originate. DDoS attacks are those where hundreds of bots target a website (say, an e-commerce company) on its big discount day, thereby slowing down traffic to the site. The report says a bot’s services can be bought for as low as Rs 300 to bring down a site for a few minutes. Monthly subscription plans are available for lengthier attacks.

Corporates can never be too careful, feels Shrivastava who, as part of his investigations, comes across several instances where companies are hacked into because of lack of best practices. How many companies have blocked pen drives on office machinery, he asks. In a tiny device, a humungous amount of data can be stolen. Till the first incident happens, nobody realises the importance of security, he says. For example, at EY, the IT security does not permit copying of the text of emails by the recipient. Recent reports suggest that the JP Morgan security breach was the result of neglect of one of its servers in terms of a security upgrade.

According to a study by Microsoft, the estimated loss to enterprises from lost data in 2014 was $491 billion.

You Against The Mafia
The fight really is about who’s weaker, says Altaf Halde, managing director, Kaspersky Lab-South Asia. “The problem here is the consumer.” Nothing excuses us from not protecting ourselves. That includes getting an anti-virus installed, but most people often disable it when it flags a particular activity that we want to pursue online.

Halde also brings up the BYOD (bring your own device) culture that is taking root. Asking employees to bring their own devices could help cut costs for a company, but that also brings in their inadequate protection, which could potentially translate into a much higher cost to the company, he says.

On the other side of the ring is the virtual underground mafia that profits from all types of data that get compromised — details of one’s sexual preferences, favourite restaurants or credit card details. Modi says in underground circles, the going rate for a stolen credit card number is $2.2 for a Visa, $2.5 for a MasterCard and $3 for an AmEx number. Transactions are made through crypto-currencies such as bitcoins, making them virtually untraceable.

As Modi says, the ideal scenario would be for all of us to throw away our smartphones and live an entirely offline existence. “But since that isn’t feasible, let’s embrace the risk, but with adequate measures to ensure that we are not affected.”

For more details visit https://cis-india.org/internet-governance/news/business-world-9-2-2015-abraham-c-mathews-www-the-hackers-haven