We are anonymous, we are legion

Guidelines for the Protection of National Critical Information Infrastructure: How Much Regulation?

jon — 2013-08-01T04:48:01Z

July has been a busy month for cyber security in India. Beginning with the release of the country’s first National Cyber Security Policy on July 2 and followed just this past week by a set of guidelines for the protection of national critical information infrastructure (CII) developed under the direction of the National Technical Research Organization (NTRO), India has made respectable progress in its thinking on national cyber security.

Yet the National Cyber Security Policy, taken together with what little is known of the as-yet restricted guidelines for CII protection, raises troubling questions, particularly regarding the regulation of cyber security practices in the private sector. Whereas the current Policy suggests the imposition of certain preferential acquisition policies, India would be best advised to maintain technology neutrality to ensure maximum security.

According to Section 70(1) of the Information Technology Act, Critical Information Infrastructure (CII) is defined as a “computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.” In one of the 2008 amendments to the IT Act, the Central Government granted itself the authority to “prescribe the information security practices and procedures for such protected system[s].” These two paragraphs form the legal basis for the regulation of cyber security within the private sector.

Such basis notwithstanding, private cyber security remains almost completely unregulated. According to the Intermediary Guidelines [pdf], intermediaries are required to report cyber security incidents to India’s national-level computer emergency response team (CERT-In). Other than this relatively small stipulation, the only regulation in place for CII exists at the sector level. Last year the Reserve Bank of India mandated that each bank in India appoint a chief information officer (CIO) and a steering committee on information security. The finance sector is also the only sector of the four designated “critical” by the Department of Electronics and Information Technology (DEIT) Cyber Security Strategy to have established a sector-level CERT, which released a set of non-compulsory guidelines [pdf] for information security governance in late 201

The new guidelines for CII protection seek to reorganize the government’s approach to CII. According to a Times of India article on the new guidelines, the NTRO will outline a total of eight sectors (including energy, aviation, telecom and National Stock Exchange) of CII and then “monitor if they are following the guidelines.” Such language, though vague and certainly unsubstantiated, suggests the NTRO may ultimately be responsible for enforcing the “[mandated] security practices related to the design, acquisition, development, use and operation of information resources” described in the Cyber Security Policy. If so, operators of systems deemed critical by the NTRO or by other authorized government agencies may soon be subject to cyber security regulation—with teeth.

To be sure, some degree of cyber security regulation is necessary. After all, large swaths of the country’s CII are operated by private industry, and poor security practices on the part of one operator can easily undermine the security of the rest. To quote security expert Bruce Schneier, “the externalities in cybersecurity are so great that even the freest free market would fail.” In less academic terms, networks are only as secure as their weakest links. While it is true that many larger enterprises take cyber security quite seriously, small and medium-sized businesses either lack immediate incentives to invest in security (e.g. no shareholders to answer to) or more often lack the basic resources to do so. Some form of government transfer for cyber security related investments could thus go a long way toward shoring up the country’s overall security.

Yet regulation may well extend beyond the simple “fiscal schemes and incentives” outlined in section IV of the Policy and “provide for procurement of indigenously manufactured ICT products that have security implications.” Such, at least, was the aim of the Preferential Market Access (PMA) Policy recently put on hold by the Prime Minister’s Office (PMO). Under pressure from international industry groups, the government has promised to review the PMA Policy, with the PMO indicating it may strike out clauses “regarding preference to domestic manufacturer[s] on security related products that are to be used by private sector.” If the government’s aim is indeed to ensure maximum security (rather than to grow an infant industry), it would be well advised to extend this approach to the Cyber Security Policy and the new guidelines for CII protection.

Although there is a national security argument to be made in favor of such policies—namely that imported ICT products may contain “backdoors” or other nefarious flaws—there are equally valid arguments to be made against preferential acquisition policies, at least for the private sector. First and foremost, it is unlikely that India’s nascent cyber security institutions will be able to regulate procurement in such a rapidly evolving market. Indeed, U.S. authorities have been at pains to set cyber security standards, especially in the past several years. Secondly, by mandating the procurement of indigenously manufactured products, the government may force private industry to forgo higher quality products. Absent access to source code or the ability to effectively reverse engineer imported products, buyers should make decisions based on the products’ performance records, not geo-economic considerations like country of origin. Finally, limiting procurement to a specific subset of ICT products likewise restricts the set of security vulnerabilities available to hackers. Rather than improve security, however, a smaller, more distinct set of vulnerabilities may simply make networks easier targets for the sorts of “debilitating” attacks the Policy aims to avert.

As India broaches the difficult task of regulating cyber security in the private sector, it must emphasize flexibility above all. On one hand, the government should avoid preferential acquisition policies which risk a) overwhelming limited regulatory resources, b) saddling CII operators with subpar products, and/or c) differentiating the country’s attack surface. On the other hand, the government should encourage certain performance standards through precisely the sort of “fiscal schemes and incentives” alluded to in the Cyber Security Policy. Regulation should focus on what technology does and does not do, not who made it or what rival government might have had their hands in its design. Ultimately, India should adopt a policy of technology neutrality, backed by the simple principle of trust but verify. Only then can it be truly secure.

For more details visit https://cis-india.org/internet-governance/blog/guidelines-for-protection-of-national-critical-information-infrastructure

GSMA Research Outputs

elonnai — 2015-04-06T14:18:18Z

This is a collection of research under our GSMA project that we have undertaken in collaboration with Privacy International. The research has sought to understand different legal and regulatory aspects of security and surveillance in India and consists of blog entries and reports. Any feedback or comment is welcome.

Indian Law and the Necessary Proportionate Principles

The presentation shows that there are no comprehensive provisions for the principles of legitimate aim, competent judicial authority, proportionality, transparency, etc. whereas these are partially present for the principles of legality, necessity, adequacy, public oversight, safeguards for international cooperation, etc. The presentation also looks at the Indian intelligence agencies and shows us that there are nine agencies authorized to intercept communications along with at least eleven additional agencies. It further dwelves into the establishment and structure of Indian intelligence agencies and whom they report to, the sharing of information internationally as well as nationally. It shows us that India has MLAT agreements with 36 countries and request to CBI can be initiated informally or formally through court order. It then lists out the various regulatory and important bodies responsible for national security. Some cases of unlawful interception / leaks have been discussed along with examples of arrests based on digital evidence. The various government schemes, the telecommunication companies in India, telecom licenses requirements, government developed security and surveillance solutions, private security companies, security expos, export, import and selling of security and surveillance equipment, and the way forward are also discussed.

Click to download the PDF

Security, Surveillance and Data Sharing Schemes and Bodies in India

Following the 2008 Mumbai terrorist attacks, India had implemented a wide range of data sharing and surveillance schemes. Though developed under different governments the purpose of these schemes has been to increase public safety and security by tackling crime and terrorism. As such, two data sharing schemes have been proposed - the National Intelligence Grid (NATGRID) and the Crime and Criminal Tracking Network & Systems (CCTNS), as well as several surveillance systems, such as the Lawful Intercept and Monitoring (LIM) system, the Network Traffic Analysis system (NETRA), state Internet Monitoring Systems and the Central Monitoring System (CMS). This chapter details the various schemes and provides policy recommendations for their improvement, with regards to the protection of the right to privacy and other human rights.

Click to download the PDF

Export and Import of Security Technologies in India: QA

The write-up examines in question-answer format the standards regulating the export of technologies that can be used for surveillance purposes, the department and legislation that governs exports and imports of security technologies in India, the procedure for obtaining an export licence for the export of SCOMET items, what is ITC (HS) and why is it important, and examples of ITC codes for technologies that can facilitate security or surveillance. The research finds answers to all these queries.

Click to download the PDF

Regulation of CCTV’s in India

In light of the increasing use and installation of CCTV’s in cities across India, and the role that CCTVs play in the Home Ministry's plans for implementing "Mega Policing Cities", this blog seeks to review various attempts to regulate the use of CCTV's in India, review international best practices, and provide preliminary recommendations for the regulation of CCTV's in India.

Click to download the PDF

Mutual Legal Assistance Treaties (MLATs) and Cross Border Sharing of Information in India

It is unclear the exact process that intelligence agencies in India share information with other agencies internationally. India is a member of Interpol and the Central Bureau of Investigation, which is a Federal/Central investigating agency functioning under the Central Government, Department of Personnel & Training is designated as the National Central Bureau of India.

Click to download the PDF

Composition of Service Providers in India

Telecom, at present, is one of the fastest-growing industries in India. As of January 2014, according to the Telecom Regulatory Authority of India (TRAI) there are 922 million wireless and over the wire subscribers in India, and 56.90 million broadband subscribers including wired, wireless and wimax subscribers. India’s overall wireless teledensity was quoted as having 893.31million subscribers, with a 0.79% (7.02 million) monthly addition.

Click to download the PDF

The Surveillance and Security Industry in India - An Analysis of Indian Security Expos

The ‘Spy Files’, a series of documents released by whistleblower website WikiLeaks over the last few years, exposed the tremendous growth of the private surveillance industry across the world – a multi-billion dollar industry thriving on increasing governmental and private capabilities for mass surveillance of individuals. These documents showed how mass surveillance is increasingly made possible through new technologies developed by private players, often exploiting the framework of nascent but burgeoning information and communication technologies like the internet and communication satellites.

Click to download the PDF

An Analysis of News Items and Cases on Surveillance and Digital Evidence in India

In a technologically advanced era, with preponderance of electronic communications in both professional and social interactions and the ability to store such information in digital form, digital evidence has gained significance in civil as well as criminal litigation in India. In order to match the pace with the progressive technology, the Indian Courts have embarked on placing more and more reliance on the digital evidence and a portion of such digital evidence is obtained through electronic surveillance.

Click to download the PDF

Policy Recommendations for Surveillance Law in India and an Analysis of Legal Provisions on Surveillance in India and the Necessary & Proportionate Principles

The Government of India has created a legal framework which supports the carrying out of surveillance by authorities through its various laws and license agreements for service providers. The Centre for Internet and Society (CIS) acknowledges that lawful, warranted, targeted surveillance can potentially be a useful tool in aiding law enforcement agencies in tackling crime and terrorism. However, current Indian laws and license agreements appear to overextend the Government's surveillance capabilities in certain cases, while inadequately safeguarding individuals' right to privacy and data protection.

Click to download the PDF

The Surveillance Industry in India

India has the world's second largest population, an expanding middle class and undoubtedly a huge market which attracts international investors. Some of the world's largest corporations have offices in India, such as Google Incorporated and BlackBerry Limited. In the Information Age, the market revolves around data and companies which produce technologies capable of mining such data are on the rise. Simultaneously, companies selling surveillance technologies appear to be on the peak too, especially since the global War on Terror requires law enforcement agencies around the world to be equipped with the latest surveillance gear.

Click to download the PDF

State of Cyber Security and Surveillance in India: A Review of the Legal Landscape

The issue of cyber security and surveillance, especially unauthorised surveillance, though traditionally unprioritised, has recently gained much traction due to the increasing number of news reports regarding various instances of unauthorised surveillance and cyber crimes. In the case of unauthorised surveillance, more than the frequency of the instances, it is their sheer magnitude that has shocked civil society and especially civil rights groups. In the background of this ever increasing concern regarding surveillance as well as increasing concerns regarding cyber security due to the increased pervasiveness of technology in our society, this paper tries to discuss the legal and regulatory landscape regarding surveillance as well as cyber security.

Click to download the PDF

For more details visit https://cis-india.org/internet-governance/blog/gsma-research-outputs

Growing Wikipedia: The India Chronicles

praskrishna — 2011-10-14T09:17:08Z

Tory Read, a professional researcher, writer and journalist was commissioned by the Wikimedia Foundation to create a vivid description of its work in India. This was done in the interest of transparency and to ensure that it captured lessons from this new approach. Tory travelled for a couple of weeks across Mumbai, Pune, Bangalore and some towns in Kerala — attending community meet-ups speaking with a host of individual community members in these cities. Tory has given a journalistic account and analysis, based on document review, interviews and observations conducted between November 2010 and June 2011, including 16 days in India in June 2011.The views expressed herein are his own and do not necessarily reflect the views of Wikimedia Foundation.

Sunil Abraham, Executive Director of the Centre for Internet and Society has been quoted in this report. The following are some direct quotes extracted out from this report:

"Feuding and flaming is an integral part of free software culture.” “You can’t imagine a mailing list without flaming." [The Chapter and the Community Tangle, page 16]

"The crisis on the mailing list was ultimately a great thing.” “There was conflict, dozens of offline conversations, private and public negotiation and airing of views and doubts, followed by a public commitment to work together for a shared purpose." [Necessity Breeds Collaboration, page 19]

"The Foundation’s job is having meetings and growing and holding the consensus." "It should be creating situations in which trust is gained, and you do this through radical transparency and participation. The point of the Foundation’s work is to build the community." [For the Foundation, page 24]

Download the entire report here [PDF, 2.9 MB]

For more details visit https://cis-india.org/news/the-india-chronicles

Ground Zero Summit 2014

praskrishna — 2014-12-05T00:42:17Z

Geeta Hariharan participated in this event organized by India Infosec Consortium on November 13 and 14, 2014 in New Delhi.

Living from the successes of last year and our recent conference in Colombo, Ground Zero Summit 2014, in its second year promises to be Asia's largest information security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. The event will feature a panel discussion on cyber diplomacy.

Click to read more about the event

For more details visit https://cis-india.org/internet-governance/news/ground-zero-summit-2014

Ground Zero Summit

Amber Sinha — 2016-01-03T06:06:56Z

The Ground Zero Summit which claims to be the largest collaborative platform in Asia for cyber-security was held in New Delhi from 5th to 8th November. The conference was organised by the Indian Infosec Consortium (IIC), a not for profit organisation backed by the Government of India. Cyber security experts, hackers, senior officials from the government and defence establishments, senior professionals from the industry and policymakers attended the event.

Keynote Address

The Union Home Minister, Mr. Rajnath Singh, inaugurated the conference. Mr Singh described cyber-barriers that impact the issues that governments face in ensuring cyber-security. Calling the cyberspace as the fifth dimension of security in addition to land, air, water and space, Mr Singh emphasised the need to curb cyber-crimes in India, which have grown by 70% in 2014 since 2013. He highlighted the fact that changes in location, jurisdiction and language made cybercrime particularly difficult to address. Continuing in the same vein, Mr. Rajnath Singh also mentioned cyber-terrorism as one the big dangers in the time to come. With a number of government initiatives like Digital India, Smart Cities and Make in India leveraging technology, the Home Minister said that the success of these projects would be dependent on having robust cyber-security systems in place.

The Home Minister outlined some initiatives that Government of India is planning to take in order to address concerns around cyber security - such as plans to finalize a new national cyber policy. Significantly, he referred to a committee headed by Dr. Gulshan Rai, the National Cyber Security Coordinator mandated to suggest a roadmap for effectively tackling cybercrime in India. This committee has recommended the setting up of Indian Cyber Crime Coordination Centre (I-4C). This centre is meant to engage in capacity building with key stakeholders to enable them to address cyber crimes, and work with law enforcement agencies. Earlier reports about the recommendation suggest that the I-4C will likely be placed under the National Crime Records Bureau and align with the state police departments through the Crime and Criminal Tracking and Network Systems (CCTNS). I-4C is supposed to be comprised of high quality technical and R&D experts who would be engaged in developing cyber investigation tools.

Other keynote speakers included Alok Joshi, Chairman, NTRO; Dr Gulshan Rai, National Cyber Security Coordinator; Dr. Arvind Gupta, Head of IT Cell, BJP and Air Marshal S B Dep, Chief of the Western Air Command.

Technical Speakers

There were a number of technical speakers who presented on an array of subjects. The first session was by Jiten Jain, a cyber security analyst who spoke on cyber espionage conducted by actors in Pakistan to target defence personnel in India. Jiten Jain talked about how the Indian Infosec Consortium had discovered these attacks in 2014. Most of these websites and mobile apps posed as defence news and carried malware and viruses. An investigation conducted by IIC revealed the domains to be registered in Pakistan. In another session Shesh Sarangdhar, the CEO of Seclabs, an application security company, spoke about the Darknet and ways to break anonymity on it. Sarangdhar mentioned that anonymity on Darknet is dependent on all determinants of the equation in the communication maintaining a specific state. He discussed techniques like using audio files, cross domain on tor, siebel attacks as methods of deanonymization. Dr. Triveni Singh. Assistant Superintendent of Police, Special Task Force, UP Police made a presentation on the trends in cyber crime. Dr. Singh emphasised the amount of uncertainty with regard to the purpose of a computer intrusion. He discussed real life case studies such as data theft, credit card fraud, share trading fraud from the perspective of law enforcement agencies.

Anirudh Anand, CTO of Infosec Labs discussed how web applications are heavily reliant on filters or escaping methods. His talk focused on XSS (cross site scripting) and bypassing regular expression filters. He also announced the release of XSS labs, an XSS test bed for security professionals and developers that includes filter evasion techniques like b-services, weak cryptographic design and cross site request forgery. Jan Siedl, an authority on SCADA presented on TOR tricks which may be used by bots, shells and other tools to better use the TOR network and I2P. His presentation dealt with using obfuscated bridges, Hidden Services based HTTP, multiple C&C addresses and use of OTP. Aneesha, an intern with the Kerala Police spoke about elliptical curve cryptography, its features such as low processing overheads. As this requires elliptic curve paths, efficient Encoding and Decoding techniques need to be developed. Aneesha spoke about an algorithm called Generator-Inverse for encoding and decoding a message using a Single Sign-on mechanism. Other subjects presented included vulnerabilities that remained despite using TLS/SSL, deception technology and cyber kill-chain, credit card frauds, Post-quantum crypto-systems and popular android malware.

Panels

There were also two panels organised at the conference. Samir Saran, Vice President of Observer Research Foundation, moderated the first panel on Cyber Arms Control. The panel included participants like Lt. General A K Sahni from the South Western Air Command; Lt. General A S Lamba, Retired Vice Chief Indian Army, Alok Vijayant, Director of Cyber Security Operation of NTRO and Captain Raghuraman from Reliance Industries. The panel debated the virtues of cyber arms control treaties. It was acknowledged by the panel that there was a need to frame rules and create a governance mechanism for wars in cyberspace. However, this would be effective only if the governments are the primary actors with the capability for building cyber-warfare know-how and tools. The reality was that most kinds of cyber weapons involved non state actors from the hacker community. In light of this, the cyber control treaties would lose most of their effectiveness.

The second panel was on the Make for India’ initiatives. Dinesh Bareja, the CEO of Open Security Alliance and Pyramid Cyber Security was the moderator for this panel which also included Nandakumar Saravade, CEO of Data Security Council of India; Sachin Burman, Director of NCIIPC; Dr. B J Srinath, Director General of ICERT and Amit Sharma, Joint Director of DRDO. The focus of this session was on ‘Make in India’ opportunities in the domain of cyber security. The panelist discussed the role the government and industry could play in creating an ecosystem that supports entrepreneurs in skill development. Among the approaches discussed were: involving actors in knowledge sharing and mentoring chapters which could be backed by organisations like NASSCOM and bringing together industry and government experts in events like the Ground Zero Summit to provide knowledge and training on cyber-security issues.

Exhibitions

The conference was accompanied by a exhibitions showcasing indigenous cybersecurity products. The exhibitors included Smokescreen Technologies, Sempersol Consultancy, Ninja Hackon, Octogence Technologies, Secfence, Amity, Cisco Academy, Robotics Embedded Education Services Pvt. Ltd., Defence Research and Development Organisation (DRDO), Skin Angel, Aksit, Alqimi, Seclabs and Systems, Forensic Guru, Esecforte Technologies, Gade Autonomous Systems, National Critical Information Infrastructure Protection Centre (NCIIPC), Indian Infosec Consortium (IIC), INNEFU, Forensic Guru, Event Social, Esecforte Technologies, National Internet Exchange of India (NIXI) and Robotic Zone.

The conference also witnessed events such Drone Wars, in which selected participants had to navigate a drone, a Hacker Fashion Show and the official launch of the Ground Zero’s Music Album.

For more details visit https://cis-india.org/internet-governance/blog/ground-zero-summit

Grooming the geek

praskrishna — 2012-02-28T09:16:29Z

Generation 2.0, the iPad child, is enriched by technology, and many parents are embracing it wholeheartedly. But can technology transform the way a child’s abilities develop?

The article by Gopal Sathe was published in Livemint on 24 February 2012. Sunil Abraham is quoted in it.

Gauri Uttam, 11, loves reading books. Her room houses a huge number of books that her parents have collected for her over the years. But her favourite books are not in these piles. They are on her iPad. Ask her what her favourite book is, and pat comes the reply: The Pedlar Lady, downloaded on the family iPad 2.

The Pedlar Lady app, by Moving Tales Inc., is a beautifully animated story for children. Background images move, the text flows in and out, and the app reads the text aloud as well. “The book looks beautiful, and whenever you turn the page, it reads the words,” says Gauri. “You can carry it around anywhere, it’s not like sitting on the computer, but it’s much more fun than reading a book. There are pictures and if you get bored and want to draw something, you can, right there.”

Gauri’s father Sachin Uttam, 44, a director (consulting) with the Gurgaon-based technology start-up Enabling Dimensions, has also introduced her to software such as FaceTime on their iMac to teleconference with her cousins for homework. “Computers are a part of everything now,” Sachin says. “When children grow up, we try and teach them to sing, paint, write stories... In the same way, we need to teach them to be able to use computers. I’m a techie, so is my wife. We both have iPads and iPhones, and so it wasn’t surprising that Gauri started to use them too.”

Technology is revolutionizing the way children grow up. Parents put the Internet and technology to a variety of uses. It is not uncommon to see toddlers gurgling to a touch screen that tiny fingers don’t find daunting. In December, the Podar International School in Mumbai announced that from its next term, lessons for classes VI to XII would be on iPads.

The shake-up

For some parents, it is a way to help their children hone their creativity. Bangalore-based Viswanath Poosala, 41, head of Bell Labs Research India, has two children, a daughter (9) and a son (7) (names withheld on request), and he has been teaching them programming for the last year and a half. Poosala wanted to show his children how computers can be fun. “The key is to find ways to relate your children’s interests to computers. If you make a computer a tool that helps them do what they want, then they will learn enthusiastically,” he says.

Poosala’s son uses a tool called Scratch, a free MIT software for children, to make simple games that he can share with friends; his daughter uses Scratch to make animated, interactive versions of the stories she writes.

To teach his children programming, Poosala first introduced them to a free online game called Light-Bot. “In the game, you have to click on a set of commands, and once you are done, the robot will follow your choices to try and clear an obstacle course. It’s a fun game so children are keen to play it, and it shows them how a computer follows inputs.”

But in Light-Bot, commands are limited, and it is not possible to add custom elements. So Poosala downloaded Scratch. “It’s a visual programming language. You can add images and sounds, but it’s still completely visual, with no actual programming. You just click and choose from different icons,” he adds.

By engaging children with their own creations around their interests, they become more involved in what they are doing, and are keen to share their work with friends. They are more likely to finish projects and start new ones. Using such tools also helps them understand logic as a concept, which can then be applied to any field.

Sachin believes the iPad, especially, is a powerful reading resource that can make books far more attractive to children. He says, “Ever since Gauri discovered iBooks, she’s reading so much more than before. When she gets stuck on a difficult word, she just needs to tap it with her finger to get a definition.”

One such book is the Alice’s Adventures in Wonderland app. The book is presented with big, interactive illustrations on every page. Give Alice different bottles when she falls down the rabbit hole, and she will become bigger or smaller, depending on the bottle. Tilt your iPad on another screen, she will fall down and stand up.

New avenues

Enhanced books, such as Alice’s Adventures in Wonderland and The Pedlar Lady, are more advanced, redefining our expectations of children’s books. Take, for instance, Khoya, an iPad app illustrated by Shilo Shiv Suleman and written by Avijit Michael. The app has been showcased at TEDGlobal 2011 in Scotland, the Wired conference in the UK in 2011, and launched at the INK conference in Jaipur in 2011. Khoya has artwork, animated pages, quests that have to be completed in the real world, that require children to help the two protagonists navigate various worlds.

Bangalore-based Suleman says, “People are so excited about how technology is functional and useable that they forget how technology is also magical. Sure, it’s useful to be able to fly to London in 10 hours, but the idea that we are actually floating in the clouds, flying around the world is forgotten.”

Khoya uses technology to get children to explore the natural world along with a screen. While the protagonists of the story undertake their quests, readers are given their own quests such as collecting flower seeds and making photo collections of these seeds. “It’s a real problem that children in the last 10 years have been glued to computers, but now with mobile technology we can get them outside their houses. Photo quests, augmented reality in the garden, are just two examples of how we’re trying to find the links between the earth, magic and technology,” Suleman says.

Technology can also help children find their passions, and guide them through life. Aveek, the son of Bangalore-based media expert Arun Katiyar (56), found his passion through technology. Lego blocks helped Aveek, now 23, develop an interest in mechanical engineering.

Katiyar says Aveek, now studying industrial design at the National University of Singapore, was a fan of Legos since he was 6. When Aveek turned 15, he was gifted Lego Technic, a programmable Lego set. Katiyar says, “The Technic was exceedingly advanced for its time. You take a programmable microchip, and connect it to a computer. You can then program commands in the remote to control the chip. Then you remove the chip, and put it in your Lego creation that is a lot more advanced than the coloured bricks most will be familiar with, as a Technic set includes moving parts, pistons, engines and much more.”

The Technic is not available any more, but Lego now sells the more advanced Mindstorm. Legos are particularly useful as learning tools because of how versatile they are. Children can fit the pieces together to make almost anything they can imagine. By fitting joints and gears, they can create a small machine, entirely by themselves.

Rajesh S. (full name not given on request), runs an environmental NGO in Bangalore, and has worked in the US with several leading IT firms. His two sons, Parthiv, 14, and Tarang, 11, have picked up their parents’ interest in technology and gone with it in different ways. Parthiv learnt about film-making thanks to a discarded video camera, Tarang experiments with circuits around the house, and knows his way around capacitors and resistors.

Rajesh says, “When my elder son was 8, I had an old video camera that no one was using any more. Instead of throwing it away, I gave it to my son. It was an expensive gift, but it didn’t matter even if he broke it.”

Parthiv became fascinated by the camera, and would find new ways to keep using it. Rajesh says Parthiv would write short poems and then make small videos for them. Since he didn’t have a track or a dolly, he mounted the camera on an old toy truck and made his younger brother pull it to take panned shots.

“As he experimented with it, we also encouraged him. He was quickly teaching himself how to make the best use of it. Using their computers, the boys learnt to edit their footage, and put it up themselves as well. Parthiv is interested in the media, and is determined to either direct, or write, or act, undoubtedly because he had access to the right technology in his childhood.”

Tarang used the Internet and a lot of trial and error to find his way around a circuit board—a skill many adults lack. Rajesh says, “I don’t know what got him started. He’s fascinated by circuits, always experimenting and we are happy to buy circuits and capacitors too.”

At the same time, as an environmentalist, Rajesh also wants the boys to experience the outdoors. “My role has actually not been to support them but to discourage them. I want them to spend more time outdoors, and find more interests. Play sports and explore the world as well as their hobbies,” he says.

The points of debate

Expert opinion on the use of technology is divided. Chennai-based child psychologist Lakshmi Rajaram says parents need to monitor how their children are using technology and moderate the amount of time they spend with it. “While it can look harmless, these Internet-connected devices can be a gateway to pornography, violence and all kinds of disturbing and harmful content,” she says.

Sunil Abraham, executive director of the Centre for Internet and Society, Bangalore, also feels that it’s important that younger children at least be given limited access to technology. He says children have to learn fine motor and social skills; tablets and other technology hinder the development of these skills. “For young children, this is counter-productive—if your two-year-old can scroll and zoom on an iPad, that’s nothing to be proud of. You’re underestimating your child, who should be capable of much greater dexterity. New technology is too simple, and doesn’t give the child enough feedback to develop their skills.”

Ramya Somashekhar and her husband, both doctors, live in the UK, but grew up in India. They have a two-year-old son, whom they have kept away from new technology. Somashekhar says, “There’s an information overload in the world today. We want our son to grow up at his own pace, and let him stay a kid for as long as we can. Just because he thinks an iPad is pretty doesn’t mean we want our two-year-old playing with something that expensive. He thinks that a teddy bear and a singing toy truck are equally fascinating. A gadget doesn’t begin to compare to the real world, and we want to keep it that way, so he grows up the way we did.”

At Podar International School in Mumbai, though, students have started using iPads, and Vandana Lulla, director of the school, says only around 10% of the parents have not opted for it. While the school is not providing the iPads, they are offering a financing scheme for them.

She says, “Moving to iPads was a natural step because they are easier for students to use than laptops. We had observed how tech-savvy and comfortable they were, and had gone through studies that show the use of computers makes the learning of science more effective. We can also block access to games on the iPads, so the devices would allow students to work more effectively.”

Mumbai-based writer and freelance journalist Manisha Lakhe almost bought an iPad last year, but her then 13-year-old son Agni Murthy was able to talk her out of it. She says, "Agni told me to buy the Acer Iconia instead, because it was better. I was sure I needed a 3G tablet. He convinced me to get the Wi-Fi one, then sat with it, entered its programming and was able to change it so that it worked using my old 3G dongle, saving me a lot of money."

By looking up a lot of different methods, Agni was able to find the best way to change the installed operating system on the Iconia, and instead run a routed version which would support the function his mother needed, without buying the more expensive 3G model. He says, “I use my laptop to study, to work with my friends on chat, to do homework and Photoshop. I used to draw but now I do a lot of that on Photoshop. I look up a lot of tech stories on the Net, because that’s really interesting. I read about how to make the Iconia work on 3G so I could give my mother advice.”

This positive view is also supported by a study carried out by the US department of education. The 2010 study, Young Children, Apps and iPad, concluded that touch-screen technology allows younger children to play productively with a sophisticated media technology platform. The study found that “the use of touch-screen devices improved tacit and explicit learning, and was easy to pick up for children.”

It continues, “Children are fascinated and engaged by touch-screen devices, and the engagement goes up over time. Using such devices, children learn ‘motor skills, exploration, game concepts and generalization of skills’, where the learning from one app can transfer to another app.” The study also says, “Well-designed apps give children the opportunity to play/learn independently, and to participate in activities that would be messy in the real world, for example, finger painting.”

As Gauri says, “You can do everything with the iPad. You don’t need to carry anything else. I have books, cartoons, and games and we can take them in the car, or outside, or in any room, all the time.”

CHILD-FRIENDLY APPS

The App Store has a lot of child-friendly apps available—some are meant to entertain, while others have an educational component. We hand-picked five of the best apps that have launched this year, for different age groups. We have focused only on iOS apps that offer something over and above real-world analogues.

ALPHATOTS: $0.99(around Rs. 48)

Learning the alphabet is a slow process that involves a lot of repetition and trial and error. The AlphaTots app uses funny sounds and cute animations to make this more fun, and also demonstrates things that a

standard “A is for Apple” style book can’t. For example, F is for Flower is accompanied by a picture of a flower, and turning the page shows G is for Grow, and the flower gets bigger.

GRIMM’S RAPUNZEL POP-UP BOOK: $3.99
This version of Rapunzel’s story is simple, beautifully animated, and from time to time, the angle changes from a 2D view to a 3D angle, where parts of the book pop out of the page and can be played with.

SPARKY THE SHARK: $3.99

This funny e-book is meant

for children above six years of age, and tries to impart lessons of self-confidence, and the importance of being yourself through the adventures of ‘Sparky the Shark’. There’s clever animation work mixed with text and read-aloud sections as well.
FREDDI FISH AND THE STOLEN SHELL: $2.99
Somewhere between a game and an interactive book, ‘Freddi Fish and the Stolen Shell’ tasks children with solving a mystery. There are various touchable elements on each screen and by following the clues, it’s easy to go through the story. Unlike similar games, the app follows consistent logic, so it’s a fun way of teaching children critical thinking.

For more details visit https://cis-india.org/news/grooming-the-geek

Govt working to set up financial CERT to tackle cyber threats

Admin — 2017-11-25T02:28:18Z

IT secretary Ajay Prakash Sawhney says the government is getting the framework in place for financial CERT, which will be followed by other sectoral CERTs later.

The article by Komal Gupta was published in Livemint on November 16, 2017

The government is working to set up a financial Computer Emergency Response Team (CERT) to tackle a rise in cyber threats to India’s financial institutions.

This will be the first sectoral CERT to be introduced in India, said IT secretary Ajay Prakash Sawhney on Wednesday.

“Right now, the one which is directly being worked on is the financial CERT. We are getting the framework in place and once that is there, we will look at other sectors, said Sawhney, responding to a question on the progress of setting up of sectoral CERTs in the country. “It will oversee the entire financial sector including banks and financial institutions,” he added.

He was addressing the Asia Pacific Computer Emergency Response Team (APCERT) Open Conference in the capital on Wednesday.

In March, the power ministry had announced setting up of four sectoral CERTs for cyber security in power systems—CERT (Transmission), CERT (Thermal), CERT (Hydro) and CERT (Distribution).

According to Sawhney, as of now, there is a national CERT and no other sectoral CERTs. While addressing the conference, he said one of the themes to be discussed will be “How sectoral CERTs can function in conjunction with the national CERT.”

CERT-In is the national nodal agency under the ministry of electronics and IT (MeitY), which deals with cyber security threats such as hacking and phishing. The agency is tasked with the collection, analysis and dissemination of information on cyber incidents and even taking emergency measures for handling cyber security incidents.

“The biggest task of sectoral CERT is to share information with the others in the industry. For example, if a bank undergoes an attack; normally the bank will perform all the necessary actions to limit the attack and to prevent it from happening in the future. But the obligation of sharing how the attack happened with all the other banks in India to make sure that they can protect their respective systems from such an attack, can be carried out by a financial CERT,” said Udbhav Tiwari, programme manager at the Centre for Internet and Society, a Bengaluru-based think tank

“From April to October 2017, around 50,000 cyber security incidents have been handled by CERT-In; including phishing, malware attacks, attacks on digital payments and targeted attacks on some of the critical industries,” said cyber security chief Gulshan Rai, who was also present at the event.

A total of 50 incidents of cyber attacks affecting 19 financial organizations have been reported from 2016 till June 2017, PTI reported in August.

For more details visit https://cis-india.org/internet-governance/news/livemint-november-16-2017-komal-gupta-govt-working-to-set-up-financial-cert-to-tackle-cyber-threats

Govt websites to get new addresses

praskrishna — 2012-06-11T03:27:19Z

The government today said by December all its websites would switch over to IPv6 — the next generation Web standard that enables the creation of trillions of new Internet addresses and provides higher levels of security.

Click to read the original published by the Telegraph on June 7, 2012. Nishant Shah is quoted.

Internet protocol version 6 (IPv6) went live across the globe today, with leading online giants, including Google, Facebook, Yahoo! and Microsoft (Bing), introducing the new standard on their products and services.

Experts said Internet users would not feel any impact because of the shift.

At present, websites run on IPv4, a 27 year-old standard that allows just over four billion unique IP addresses, which are the sequence of numbers used to identify a device.

Each Internet-enabled device — computer, tablet or smartphone — needs its own IP address to connect to the Internet. However, because of the shortage of addresses, many devices have to share them, limiting the ability of the security agencies to track the exact device involved in a security breach.

Networking giant Cisco has predicted that 18.9 billion devices will be online by 2016.

Switching to IPv6 will ensure a unique IP address for each device.

“IPv6 is designed to handle security issues better... All government websites will be IPv6-compatible by December. For the country as a whole, the road map for transitioning to IPv6 is by 2020,” telecom secretary R. Chandrashekhar said.

Internet traffic that moves over to the new protocol is encrypted. Systems in IPv6 ensure that the traffic gets to the correct destination without being intercepted, analysts said.

To ensure a smooth transition and avert an abrupt disruption, both systems (IPv4 and IPv6) will work simultaneously for the next few years.

“The future of our connected networks is IPv6. Not only is it more efficient and faster than IPv4, which we are currently working with, it is also more reliable and secure,” said Nishant Shah, director (research) at the Bangalore-based Centre for Internet and Society.

India has 35 million IPv4 addresses against a data user base of about 360 million.

In addition, with the government targeting 160 million and 600 million broadband customers by the year 2017 and 2020, respectively, the need to move to IPv6 becomes more crucial. Moreover, there is a strong security requirement to provide unique IP address to each individual user.

The IT department has taken various steps, including organising workshops, to encourage state governments to hold pilot projects.

Twenty-seven government websites have been brought under IPv6 platform.

For more details visit https://cis-india.org/news/govt-websites-to-get-new-addresses

Govt websites face major outage; hacking ruled out

Admin — 2018-04-07T16:17:55Z

Defence Minister orders probe.

The article was published in the Hindu Businessline on April 6, 2018. Sunil Abraham was quoted.

In a sudden outage on Friday, a few key government websites went down, sending officials into a tizzy as rumours of a widespread hacking of portals created panic across the corridors of power.

The Ministry of Defence website was the first to go down, with Chinese characters being displayed on the portal’s homepage. Thereafter, one after another, the websites of the Ministries of Home Ministry, Law and Labour and of Central Bureau of Investigation (CBI) went down.

All the sites were restored by late evening. Late in the day, the National Informatics Centre confirmed that the sites were not hacked. “The site showed what appeared to be a Chinese character and it was understandable that the site was perceived to be hacked . However, it has since been identified that the sites have not been hacked,” an NIC release said.

‘Technical snag’

While the IT Ministry tried to downplay the issue and said that the websites had not been hacked, and that it was a “technical snag”, Defence Minister Nirmala Sitharaman said she had ordered a probe into the matter, hinting that it may have been a case of hacking.

“Action is initiated after the hacking of MoD website (http://mod.nic.in). The website shall be restored shortly. Needless to say, every possible step required to prevent any such eventuality in the future will be taken,” Sitharaman said in a tweet.

This is not first time that Indian government websites faced an outage. The government had informed the Lok Sabha earlier this year that over 700 websites linked to the Central and State governments were hacked in the past four years. In February last year, the website of the Ministry of Home Affairs was hacked.

“Compromising a government website is a low-value attack, but results in a big win for the attackers in the battle over perception,” Sunil Abraham, Executive Director, Centre for Internet and Society told BusinessLine. “This usually happens because the server administrator has not configured the software stack properly or is not installing all the security updates in a timely fashion.”

For more details visit https://cis-india.org/internet-governance/news/hindu-businessline-april-6-2018-govt-websites-face-major-outage-hacking-ruled-out

Govt warns Facebook of stringent legal action if found misusing data

Admin — 2018-03-25T03:14:28Z

IT minister Ravi Shankar Prasad says that under the IT Act, Facebook’s chief executive officer, Mark Zuckerberg, can be summoned to India if required.

The article by Komal Gupta was published by Livemint on March 21, 2018.

The government on Wednesday warned Facebook of stringent legal action if it is found misusing data, with law and information technology (IT) minister Ravi Shankar Prasad saying that under the IT Act, the social media giant’s chief executive officer, Mark Zuckerberg, can be summoned to India if required.

The warning came after the ruling Bharatiya Janata Party (BJP) alleged that the Congress party was associated with London-based analytics firm Cambridge Analytica, which is at the centre of a global storm on the alleged misuse of data from 50 million Facebook users.

Prasad said the Congress indulged in “theft of online data” to help with its election campaigns, a charge that the opposition party denied.

“Will the Congress party depend on data manipulation and theft to woo voters? What is Cambridge Analytica’s role in (Congress president) Rahul Gandhi’s social media profile,” Prasad, who is also a senior BJP spokesperson, said in an interaction with reporters.

“Indian National Congress or the Congress president have never used and never hired the services of the company called Cambridge Analytica mentioned by the Union law minister. This is a fake agenda, a white lie being dished out on fake facts by the law minister unfortunately, and this has become a daily order,” Randeep Surjewala, the Congress party’s chief spokesperson, said.

Cambridge Analytica’s chief executive Alexander Nix—who was suspended on Tuesday—was secretly recorded in a Channel 4 sting claiming that the company ran Donald Trump’s campaign during the 2016 US presidential election. The firm is accused of harvesting private data from millions of Facebook profiles to influence and identify voter behaviour.

As of January, there were around 250 million Facebook users in India.

According to security experts, the incident yet again highlights the need for a stronger data protection law in the country.

“It has been almost six years since the report of the Justice AP Shah group of experts on privacy, but India still doesn’t have a data protection law. We urgently need a law that enshrines privacy by design — that would prevent entities like Truecaller from gaining access to third parties’ data without their consent, and entities like Facebook from providing it— as well as a liability regime that would enable an Indian data protection authority to hold accountable those who violate the law,” said Pranesh Prakash, policy director at think tank Centre for Internet and Society

For more details visit https://cis-india.org/internet-governance/news/livemint-komal-gupta-march-21-2018-govt-warns-facebook-of-stringent-legal-action-if-found-misusing-data

Govt wants to scrub the Internet clean

praskrishna — 2011-12-07T04:07:03Z

Web advocacy groups, experts say govt’s move to evolve content guidelines amounts to censorship. This article by Surabhi Agarwal & Leslie D’monte was published in Livemint on 7 December 2011. Sunil Abraham has been quoted in this article.

India, the world’s largest democracy, may force companies such as Google Inc., Microsoft Corp., Yahoo Inc. and Facebook Inc. to take down online content that it deems offensive because they haven’t been able to come up with an effective self-censorship mechanism governing millions of users.

The Congress-led United Progressive Alliance government had no option but to "evolve guidelines" to ensure that "blasphemous content on the Internet or television is not allowed", with Internet and social networking sites such as those above "failing to respond to and cooperate with" the government’s request to keep "objectionable" content out of their websites, Kapil Sibal, minister of communications and information technology (IT), said in New Delhi on Tuesday.

His comments unleashed a firestorm of criticism by Internet advocacy groups and experts, who said the move amounted to censorship and was anti-democratic, impractical and unwarranted since existing laws were comprehensive enough to remove "objectionable" content. The move, they argued, would also stem the growth of user-generated content sites, and thus the Internet itself.

The government has been battling a series of corruption scandals and criticism of its inability to move forward on policy reforms. A campaign against corruption fuelled by online support has also challenged the government’s authority to legislate, forcing its own version of an anti-graft legislation onto the agenda.

The latest move by the government follows the introduction of new rules to the Information Technology Act, 2008, that were published earlier this year, also heavily criticized, that called on Internet service providers (ISPs) along with other entities to police online postings, including blogs.

Sibal referred to what he considered objectionable content as a "matter of grave concern", which affects the "sensibility of our people and is against our cultural ethos".

Once the new policy framework is implemented, companies “will be duty-bound to share information about those who post content, even if it (the content) is posted outside India”. He didn’t say by when the policy would be put in place.

Discussions with executives from the firms mentioned above had begun in September, Sibal said. They had been asked to come up with solutions to address the perceived problem in a month’s time and had failed to do so, he said.

According to local media reports, the move follows posts about some senior Congress leaders, including party president Sonia Gandhi. The minister, who is also one of India’s top lawyers, did not refer to any specific "objectionable" material during his press briefing, but rued that “the content has still not been removed".

Google India defended the right of free speech, while saying that it didn’t condone illegality.

"Even where content is legal but breaks our own terms and conditions, we take that down too, once we’ve been notified about it," Google India said in a release. "But it also means that when content is legal but controversial, we don’t remove it because people’s differing views should be respected, so long as they are legal."

Facebook India also said that it would remove any content that crossed the line.

It "has policies and onsite features in place that enable people to report abusive content", the company said. "We will remove any content that violates our terms, which are designed to keep material that is hateful, threatening, incites violence or contains nudity off the service."

While Yahoo India declined to comment, Microsoft did not respond to an email till press time.

Internet censorship is a rising trend, with approximately 40 countries filtering the Web in varying degrees, including democratic and non-democratic governments. Governments are using increasingly sophisticated censorship and surveillance techniques, including blocking social networks, to restrict a variety of types of content, says the 2010 Global Network Initiative (GNI) report. GNI seeks to protect freedom of speech online.

This August, for instance, the Centre had written to the department of telecommunications, asking it to "ensure effective monitoring of Twitter and Facebook", which minister of state for communications and IT Milind Deora acknowledged a few days later in a written reply to a question in the Rajya Sabha. He mentioned access to “encrypted data” on social networking sites, but did not elaborate on the subject.

Currently, the Indian Telegraph Act and the IT Act, 2008, (amendments were introduced in IT Act, 2000) give the government the power to monitor, intercept and even block online conversations and websites. The Centre for Internet and Society (CIS) has put up a list of 11 such websites blocked by a government order. The data was received from the department of information technology (DIT).

Moreover, under section 79 of the IT Intermediary (Rules and Guidelines), 2011, intermediaries (comprising telcos, ISPs, network services providers, search engines, cyber cafes, Web-hosting companies, online auction portals and online payment sites) are mandated to exercise "due diligence" and advise users not to share/distribute information violative of the law or a person’s privacy and rights. Intermediaries are expected to act on a complaint within 36 hours of receiving it, and remove such content when warranted.

In case the intermediary doesn’t find the content objectionable, the matter will have to be contested in a court of law.

"Currently, you need a court of law to direct a company in case something has to be removed. That takes a lot of time. So there has to be a mechanism that is faster in dealing with such content as (it) can be very damaging," said a DIT official, who did not want to be named.

"The Indian government can, and should, monitor conversations and websites if it believes the content can harm the security, defence, sovereignty and integrity of the country," said Pavan Duggal, a Supreme Court lawyer and cyber law expert. However, he wondered how the government would go about implementing the task of monitoring each and every conversation on an unstructured Internet.

Bangalore-based CIS, an Internet advocacy group, said "this pre-emptive manual screening of content, if implemented, would sound the death knell of freedom of expression in India".

"This screening is worrisome. Companies will err on the side of caution in a bid to please the government, and the courts will not be involved," said Sunil Abraham, executive director of CIS. “This is not only unconstitutional, but technically impossible too. Speech and words have nuances. Can humans decipher these with accuracy?"

The move will undermine key principles on which the Internet was built, said Nikhil Pahwa, editor and publisher of digital industry news and analysis blog MediaNama.

"It is completely impossible to enforce this. There is no way that content can be prescreened before it is placed online," he said. “It also kills the concept of immediate communication, which the Internet stands for."

Cyber law expert NA Vijayashankar, who runs cyber law information portal Naavi, said: "The government has valid reason to control anti-national activities on the Internet. But there are existing laws for it. The current proposition is impractical since pre-scrutiny of content on the Internet is not possible. It will affect the growth of user-generated content, which is helping Internet penetration grow in India."

Internet censorship happens frequently in countries such as Myanmar, Cuba, China (which had blocked keyword searches of the word "Egypt" on the Internet as well as on Weibo, the Chinese equivalent of Twitter), Iran, Egypt and Saudi Arabia. On the very day the Egyptian government set out to block Internet services in the country (in January), US Republican senator Susan Collins floated the COICA Bill, popularly called the "kill switch" Bill, which, if approved, would give the US president similar powers.

Read the original published in Livemint here

For more details visit https://cis-india.org/news/scrub-the-internet-clean

Govt wants to monitor Facebook, Twitter

praskrishna — 2011-08-09T09:21:55Z

The Union home ministry has written to the department of telecom asking it to "ensure effective monitoring of Twitter and Facebook".

Milind Deora, minister of state for communications and information technology, said in written reply to a question on Friday in the Rajya Sabha that DoT has received a letter from MHA to ensure monitoring of social networking websites like Facebook and Twitter in order to "strengthen cyber security paraphernalia".

He said that in cases where the data is encrypted, the department works with all concerned parties to obtain lawful access to it.

Citing security a reason, India in the recent months has sought more surveillance and monitoring from internet service providers as well as companies like Research In Motion, which sells BlackBerry phones capable of encrypted emails and messaging.

In April the government notified a new set of IT rules, virtually making intermediaries like internet service providers and web hosts and websites like Facebook and Twitter responsible for any wrongdoings on their networks. The rules were widely criticized by privacy activists.

Sunil Abraham, executive director of Centre for Internet and Society said these "blanket surveillance practices" are counterproductive.

"People advocating greater surveillance don't understand how the web works. In some cases, if there is evidence, targeted monitoring can be done but if governments wants to go through each tweet and every status update, it's just waste of money and resources. Agencies involved in monitoring can do better work by focusing on core issues. This will also save ordinary law-abiding citizens from unnecessary harassment," said Abraham.

According to their policies, Twitter and Facebook don't share any private information available on their servers without valid court order or subpoena. Twitter had said in the past that even if there was a court order, it would first inform the users in question before sharing information related to them.

This article was published in the Times of India on August 8, 2011. The original can be read here.

For more details visit https://cis-india.org/news/govt-to-monitor-facebook-twitter

Govt vs Tweeple: Has clampdown hit free speech?

praskrishna — 2012-08-24T12:46:27Z

Has the Government crossed the line by ordering the blocking of several Twitter accounts, many belonging to prominent journalists? The debate was featured in NDTV on August 23, 2012.

Sunil Abraham spoke to Sonia Singh of NDTV. Sunil said that "we should focus on designing of the censorship regime in the country and the lack of compliance with the principles of natural justice".

Watch the full video on NDTV here

For more details visit https://cis-india.org/news/www-ndtv-com-aug-23-2012-govt-vs-tweeple-has-clampdown-hit-free-speech

Govt tweaks enforcement of IT Act after spate of arrests

praskrishna — 2012-11-30T08:27:01Z

The government on Thursday tweaked the law to make it tougher for citizens to be arrested for online comments that are deemed offensive after recent arrests came in for heavy criticism by Internet activists, the media and other groups.

Surabhi Agarwal's article was published in LiveMint on November 29, 2012. Pranesh Prakash is quoted.

This took place just before the Supreme Court was to hear a public interest litigation seeking an amendment to the Information Technology (IT) Act.

Complaints under the controversial Section 66A of the IT Act, which criminalizes “causing annoyance or inconvenience” online or electronically, can be registered only with the permission of an officer of or above the rank of deputy commissioner of police, and inspector general in metro cities, said a senior government official.

The government, however, has not amended the terms in the section that are said to be vague and subject to interpretation.

The public interest litigation against Section 66A filed by student Shreya Singhal came up in chief justice Altamas Kabir’s court on Thursday. The matter will be heard on Friday.

Two girls near Mumbai were arrested last week for criticizing on Facebook the shutdown in the city for Shiv Sena chief Bal Thackeray’s funeral. Earlier in November, a businessman in Puducherry was arrested for comments made on Twitter against finance minister P. Chidambaram’s son Karti Chidambaram.

According to people present at the meeting of the cyber regulatory advisory committee on Thursday, the Union government will issue guidelines to states with respect to the compliance of the new enforcement rules soon. The people didn’t want to be named. An official said the move was not related to the case.

Pranesh Prakash, policy director at the Centre for Internet and Society think tank, said that while the change in the law is a step in the right direction and will eliminate a lot of frivolous complaints, more needs to be done to make the legislation specific.

Chief justice Kabir said the apex court was considering taking suo motu cognisance of recent incidents.

Singhal contended in her plea that “the phraseology of section 66A of the IT Act, 2000, is so wide and vague and incapable of being judged on objective standards, that it is susceptible to wanton abuse and, hence, falls foul of Article 14, 19 (1)(a) and Article 21 of the Constitution.”

She submitted that “unless there is judicial sanction as a prerequisite to the setting into motion the criminal law with respect to freedom of speech and expression, the law as it stands is highly susceptible to abuse and for muzzling free speech in the country.”

The PIL was argued by Mukul Rohatgi, who said in his opening remarks that Section 66A was vague. Terms such as “offensive” and “annoyance” should be clearly defined as the section is part of criminal law, he said.

Senior advocate Harish Salve, who was also present during the hearing, said India guaranteed the right to “annoy” and there was no need to have a separate law.

Salve, who is in the process of filing an intervention on behalf of some technology companies, added that the section needed to be narrowed to specifically cater to private messages sent electronically and not social media communications.

He said the existing law of defamation should suffice and could be extended to include electronic communications. According to a lawyer who is part of the team representing Singhal, the petition also demanded that the law be made non-cognisable so that the police can’t make an arrest without an order from a magistrate.

“There has been a lot of misuse and abuse of the law recently and we want it to be struck down absolutely and also the court to issue guidelines,” he said.

Apart from the incident at Palghar in Thane district involving the two girls, Singhal’s PIL referred to an April incident in which a professor of chemistry from Jadavpur University in West Bengal, Ambikesh Mahapatra, was arrested for posting a cartoon concerning chief minister Mamata Banerjee on a social networking site.

She also referred to the Puducherry case as well as the May arrests of two Air India Ltd employees, V. Jaganatharao and Mayank Sharma, by the Mumbai Police under the IT Act for posting content on Facebook and Orkut against a trade union leader and some politicians.

Singhal has sought guidelines from the apex court to “reconcile Section 41 and 156 (1) of the Criminal Procedure Code (CPC) with Article 19 (1)(a) of the Constitution” and that offences under the Indian Penal Code and any other legislation, if they involve the freedom of speech and expression, be treated as a non-cognizable offences for the purposes of Sections 41 and 156 (1).

Section 41 of CPC empowers the police to arrest any person without an order from a magistrate and without a warrant in the event that the offence involved is a cognizable offence. Section 156 (1) empowers the investigation by the police into a cognizable offence without an order from a magistrate.

The government official present at the cyber regulatory advisory committee said the expressions used in Section 66A had been taken from different statutes around the world, including the UK and the US.

“There has been a broad consensus that the parameters of the law concerned might be in order but from a procedural standpoint there might be difficulty,” the official said.

Prakash said that while some of the terms in the section may be taken from legislation overseas, the penalty imposed under the Indian law is far more stringent at three years of imprisonment than, for instance, six months under the UK law. “Criminal offences can’t be put at the same level as something which causes insult.”

The cyber regulatory advisory committee meeting was attended by minister for communications and information technolgy Kapil Sibal, and secretaries of the department of telecommunications and information technology, besides representatives of technology companies such as Google and Facebook, industry associations and civil society.

The official also said that the situation will be reviewed every three to four months based on “ground realities”.

A government official said on condition of anonymity that the decision to revive the cyber regulatory advisory committee had been taken at a meeting in August. Section 66A was put on the agenda since it was the subject of much debate, he said. The meeting, however, was not a pre-emptive measure ahead of the PIL that was taken up in the Supreme Court. The official also said that the government will spell out its position in court in favour of the legislation.

For more details visit https://cis-india.org/news/livemint-politics-november-29-2012-surabhi-agarwal-govt-tweaks-enforcement-of-it-act-after-spate-of-arrests

Govt to keep Aadhaar record for 7 years, activists worried

praskrishna — 2016-10-17T01:53:24Z

The government will keep for seven years a record of all the services and benefits availed using the Aadhaar number, say new rules, prompting fears that the database could be used for surveillance.

The article by Aloke Tikku was published in the Hindustan Times on October 17, 2016. Sunil Abraham was quoted.

The Unique Identification Authority of India (UIDAI), which issues the 12-digit biometric identity to all Indian residents, will be required to preserve its record of verification of an Aadhaar number for the duration.

“This is an unprecedented centralised data retention provision,” said Sunil Abraham, director of the Bengaluru-based think tank, Centre for Internet and Society.

UIDAI chief executive officer ABP Pandey said the concerns were exaggerated. The agency was keeping records in case a dispute arose over a transaction.

The information will be retained online for two years and another five years in the offline archives, say the rules notified in September.

Users will be able to check the records but only for two years.

This restriction won’t apply to security agencies. Pandey, however, said the records would not be available to them without a district judge’s permission.

But, HT found that the rules allow designated joint secretary-level officers at the Centre to order access to information on the grounds of national security.

“Once Aadhaar becomes mandatory for all services, it can be used by benign and malignant actors to conduct a 360-degree surveillance on any individual,” Abraham said.

This is how the system, which will need millions of fingerprint-reading machines, works.

Every time a person fingerprints and quotes the Aadhaar number, the agency concerned sends the data to UIDAI to crosscheck the particulars.

The UIDAI authenticates about five million Aadhaar numbers, which are quoted to avail LPG subsidy, cheap ration and even passport, a day against a capacity to verify 100 million requests daily.

“You can think of it as Natgrid Plus,” Abraham said, a reference to the National Intelligence Grid being built by the government.

A one-stop database for counter-terrorism agencies, Natgrid will collate information real time from databases of various agencies such as bank, rail and airline networks.

“…we do not record the purpose for which an authentication request was received but only the details of the agency that sent it,” UIDAI’s Pandey said.

But seven years is a long time. Only a select category of government files are kept for longer than five years.

Asked about two-year deadline for users, Pandey said it would have been a logistic nightmare to let people access the records once the information was offline.

The Supreme Court has a ruled that Aadhaar is not a must for availing welfare schemes and is to decide if collecting biometric data for the 12-digit number infringed an individual’s privacy.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-17-2016-govt-to-keep-aadhaar-record-for-seven-years-activitsts-worried