We are anonymous, we are legion

Govt orders blocking of 300 specific URLs including 16 Twitter accounts

praskrishna — 2012-08-24T13:29:40Z

The government stepped up its efforts to stop what it feels is an online campaign of misinformation and rumour mongering in the wake of lower Assam riots and ordered blocking of 16 Twitter accounts, including two belonging to journalists, considered sympathetic to the right in India.

Published in the Times of India on August 24, 2012. Pranesh Prakash is quoted.

The department of telecommunications (DoT) ordered blocking of the accounts on August 20. The blocked accounts include those maintained by a columnist and a journalist working for a TV channel. Twitter accounts @sanghparivar, @drpraveentogadia and @i_panchajanya are also mentioned.

The 16 Twitter accounts are part of a list containing over 300 specific URLs that internet service providers (ISPs) in India have been told to block. The list is dominated by URLs belonging to Facebook and Youtube. Indian government allegedly found 102 URLs on Facebook and 85 URLs on YouTube where communally sensitive content was posted. According to a blogpost at Centre for Internet and Society (CIS), a non-profit organization that got hold of the list on Wednesday, almost "all of the blocked items have content that are related to communal issues and rioting".

At the same time, Pranesh Paraksh, a CIS official, noted on the blog that it was unclear if the government exercised its powers responsibly in this case. "The blocking of many of the items on the list are legally questionable and morally indefensible, even while a large number of the items ought to be removed," he wrote.

According to the leaked list, Indian government also blocked 30 Twitter URLs, 3 Wikipedia URLs, 11 Blogger URLs and 8 Wordpress URLs. Some URLs belong to Pakistani websites. The list also contained URLs belonging to several mainstream media websites, including The Telegraph and Al Jazeera.

The blocking of Twitter accounts was partial due to technical challenges. The accounts have been blocked with the help of ISPs and not Twitter. Accessing them from India shows web users a message, saying "This website/URL has been blocked until further notice either pursuant to Court orders or on the Directions issued by the Department of Telecommunications". Also, the block works only if the accounts are accessed using HTTP and not HTTPS protocol. Twitter allows users to force HTTPS, which is a secure protocol and doesn't let ISPs see the content that a user is accessing.

Due to the partial block, accounts remained active. When Nirupama Rao, India's ambassador to the US, talked on Twitter about a discussion on a news channel on the subject of social media and government's current policy, one of the "blocked" accounts tweeted back to her saying, "@NMenonRao Is that why UPA Govt has blocked my Twitter handle? Is that the reason? A reply would help." Following the Twitter profile ban, which was reported around midnight on Wednesday, several Twitter users in India started hashtag #Emergency2012. A few hours later, #Emergency2012 and #GOIBlocks were among the top trending topics on Twitter for India.

For more details visit https://cis-india.org/news/times-of-india-aug-24-2012-govt-orders-blocking-of-300-specific-urls-including-16-twitter-accounts

Govt narrative on Aadhaar has not changed in the last six years: Sunil Abraham

praskrishna — 2016-03-16T16:37:19Z

The bill is basically the same as the UPA version, with some cosmetic changes, and some tokenism towards the right to privacy, says Abraham.

Shreeja Sen interviewed Sunil Abraham. The article was published in Livemint on March 8, 2016.

The government’s bid to push financial inclusiveness and access to government services has received a fresh boost, with finance minister Arun Jaitley introducing a proposed law to give legislative backing to Aadhaar, being implemented by the Unique Identification Authority of India (UIDAI).

This project, which uses a person’s biometric data like fingerprints and iris scans to authenticate identity of people receiving subsidies and other state benefits, will move India towards a cashless economy and help digital initiatives such as biometric attendance, Pradhan Mantri Jan Dhan Yojana, digital certificates, pension payments and the proposed introduction of payments banks.

Sunil Abraham, 42

Abraham is executive director of Centre for Internet and Society, a Bengaluru-based think tank focusing on accessibility, access to knowledge, telecom and Internet governance. He has written extensively on the UID scheme, and the intersection of privacy and security. He founded Mahiti—an enterprise that aims to reduce the cost and complexity of information and communications technology for the voluntary sector by using free software.

The Aadhaar project has faced its share of roadblocks with cases challenging it pending before the Supreme Court. A constitution bench of the court will decide whether the right to privacy is a fundamental right and if Aadhaar violates it.

Sunil Abraham, the executive director of Centre for Internet and Society, a Bengaluru-based policy research institute, is a critic of Aadhaar for several reasons. He explained his concerns in an interview. Edited excerpts:

Have any of the concerns regarding the Aadhaar project since its inception in 2009 been addressed?

Whatever we complained about six or seven years ago, whatever complaints were made by the civil society...all of those complaints remain in the exact same situation.

Nothing has changed.

What kind of concerns?

The first thing to remember is that privacy and security are just two sides of the same coin. You cannot have one without the other.

Our first concern with the project is centralization. Whenever you build an information system, and you create a central point of failure, then it will fail because the possibility of failure exists. The Internet has no central point of failure. That is why it is so difficult for you to bring the Internet down. Complaint number 2 is the opaque technology.

UIDAI keeps saying that “we have built a technology using a free software and open standard stack”. The first is a de-duplication software and the second one is the authentication software—those are the most important pieces of software.

This software is proprietary and nobody knows how they work and nobody can independently audit them.

The third complaint is the use of an irrevocable and non-consensual authentication factor. In the UID scheme, the biometrics serve two purposes: it can be used to identify a citizen and it can be used to authenticate a transaction. Authentication factors, commonly known as passwords, should always be revocable. That means if the password is compromised, you should be able to change the password or at least say that this password is no longer valid. The use of biometrics eliminates those two important requirements.

Further, in most other authentication, the process of authentication ensures that you are consenting. For example, PIN (personal identity number) authentications. But suppose I am authenticating you through your irises, then as long as your eyes are open, the machine will think you’re authenticating. There’s no way of saying I don’t want to authenticate. Or if you’re sleeping, somebody can hold your fingers over a biometric reader and open your iPhone. So that’s complaint number three.

The fourth complaint from the privacy perspective is: there is a very important database that they don’t talk about. I call it the transactions database. Suppose there is somebody who is using the UIDAI service to authenticate a transaction, then UIDAI should keep a record of that successful or unsuccessful transaction authentication. That means you have been registered into the database.

You go to a fair price shop to purchase subsidized grain and at that fair price shop or ration shop, you use your finger on the biometric reader, and then the UIDAI system says “yes you are indeed who you say you are”.

So, at that point, later the shop should not be able to say X never came here, or X came twice. So, in order for them to not say all those things, a record should be made on the UID database, that on this day, from this geographical location, this particular biometric reader sent us X’s biometric template and asked if the template matched against X’s UID number...the transaction database can be used for profiling. They never talk about it.

They never tell us what that database holds and how long they’re keeping all those records. None of that is clear.

Does Aadhaar bill help assuage your doubts about the project?

The government narrative has not changed in the last six years; the bill is basically the same as the UPA (United Progressive Alliance) version, with some cosmetic changes, and some tokenism towards the right to privacy. The proof that the technology is fallible is in the bill.

If the technology was infallible, as the UIDAI would like us to believe, then the bill would not criminalize the following: (1) impersonation at the time of enrolment; (2) unauthorized access to the Central Identities Data Repository.

Imagine that the bill admits that every Indian’s biometric can be stolen from one single centralized database. Now why don’t we have a similar offence for stealing all private keys from the Internet—we don’t because that is technical impossibility thanks to decentralization.

Therefore we don’t need a law to make (it) illegal. We’ve suggested changes to both the technology and the law. We’ve written seven open letters to the UIDAI, and we’ve never gotten any response. Very few of our concerns have been addressed. We’ve seen dogs getting UID, various other things getting UID, so there’s a lot of evidence that the system does not work. From Kerala we have stories of one person getting several UIDs, so we have no idea about technological feasibility of the project.

One of our distinguished fellows, Hans Varghese Mathews, has published an academic paper in the latest EPW (Economic and Political Weekly), by extrapolating UIDAI field trial data to national scale. He predicts that by the time the number crosses 1 billion, every time UIDAI tries to register someone new, they will match with about 850 people already in the database positively. So, the unique identification capability of the UIDAI will not scale above the billion. The consequence of the technology failing is not trivial. If someone replaces your biometrics in the central database, then the onus is on you to prove that you are a resident of India.

Previously, human beings determined the answer to this question, and they had to find proof that you were not a resident. Now, a fallible technology will be asked to answer this important question.

Isn’t the basic function of the Aadhaar project to ensure that benefits reach the person they are meant for, and it’s easier for people to get an identity proof for those who have no other ID, like migrant workers?

Two responses: is it good anti- corruption technology? Unfortunately not, because it is intended at retail fraud. The person under surveillance is very poor. But the person responsible for corruption is not poor. So, I believe you should be surveilling those responsible for corruption.

What I had said is UID should be first given to every single bureaucrat and every single politician in the country. From Delhi till the Panchayat office, till the ration shop in the village, that supply chain must be monitored and documented using cryptography, so that nobody can deny anything. We need non-repudiatable audit trail from New Delhi to the village because according to all analyses, that is where the theft is happening—in the supply chain. The villager who is taking false benefits, that is called retail fraud.

The bulk of the fraud is actually wholesale fraud. Please tackle wholesale fraud using non-repudiatable public audit trail from New Delhi to the village first, before you start surveilling the poor.

The second point is that people find it easy to get the UID. That is fine, but there is a problem; that it’s not uniquely identifying anybody. So, people will keep registering and the UID system will keep giving them more and more UIDs because there are no human checks and balances. Because you’ve gone with a pure technological solution, it’s very easy to fool (the system).

So, the ease of registration has not served the purpose.

For more details visit https://cis-india.org/internet-governance/news/livemint-march-8-2016-shreeja-sen-govt-narrative-on-aadhaar-has-not-changed-in-last-six-years-sunil-abraham

Govt mulls advisory on privacy issues related to Google, Facebook

praskrishna — 2013-07-02T14:31:48Z

The Government is set to harden its stand against foreign Internet firms in asking them to comply with Indian laws.

The article by Thomas K Thomas was published in the Hindu Business Line on June 10, 2013. Sunil Abraham is quoted.

According to a top Government source, an advisory may be issued in the interest of general public to make them aware of the privacy issued while using services offered by foreign Internet companies such as Google and Facebook.

This follows an international media expose on how US agencies were getting access to user data from Internet companies such as Google and Facebook.

Final Strategy Soon

Top official in the Ministry of Telecom and IT told Business Line that the National Security Advisor, under the Prime Minister’s Officer, is discussing the issue and will outline the final strategy on Wednesday.

The key concern is that the US security agencies may have collected data from key Indian accounts using services from any of the Internet companies. A number of Government officials also use email service from Google and MS Outlook, which may have been accessed by the US agencies.

The other major concern is that Indian security agencies have also been seeking access to data from these foreign companies but so far they have not obliged on grounds that they do not come under the purview of Indian laws.

“If the US Government can get access to data from these companies, why can’t the Indian Government be given access,” posed a top functionary of the telecom ministry.

While Google and other companies have denied knowledge to how the US agencies got access to their networks, industry experts said that it’s time India starts taking concrete steps to address the issue.

B.K. Syngal, Former Chairman, Videsh Sanchar Nigam Ltd, said, “If we believed that our privacy is sacred then we would have taken effective domestic measures, years ago, to ensure that the information of our citizens remains private. To now say that multiple US companies have betrayed our trust is meaningless.”

Double Standards

Syngal said that there are double standards in the way organisations and Government is handling the issue. “As a start, lets stop giving too much time and space to the so called “Foreign Funded NGOs” teaching us on privacy. Our problem is that we are not China. We are so ill equipped that the third party interests aided and abetted by these NGOs would prevail,” said Syngal.

According to Sunil Abraham, Executive Director, Centre for Internet and Society, companies such as Google and Facebook are foes when it comes to privacy issues and friends when it comes to freedom of speech. “An Indian consumer using any of these foreign websites has no privacy rights whatsoever. The Indian Government also cannot force these companies to follow Indian laws,” said Abraham.

For more details visit https://cis-india.org/news/hindu-businessline-thomas-k-thomas-june-10-2013-govt-mulls-advisory-on-privacy-issues-related-to-google-facebook

Govt may turn to supercomputing for better use of Aadhaar database

praskrishna — 2015-03-08T05:53:03Z

Technology experts working with the Aadhaar project have spotted other potential uses for it, all to be powered by a string of supercomputers.

The article by Moulishree Srivastava was published in Livemint on February 10, 2015. Sunil Abraham is quoted.

When India launched a scheme in 2009 to give every one of its residents a unique identity number called Aadhaar, there were two main objectives: an efficient delivery of welfare services, and a tool for monitoring government schemes.

Six years on, as the government moves a step closer to covering all 1.25 billion citizens with Aadhaar, technology experts working with the project have spotted other potential uses, all to be powered by a string of supercomputers. With Aadhaar having crossed the 700 million milestone in 2014, the government is preparing to launch supercomputing applications to make more sense of the scheme’s massive database. These will help link the database to public services by running data analytics, which in turn will throw up trends that can help promote better-informed policy-making.

“We are talking about the Aadhaar database and the huge population data associated with it. Right now it is only a collection of data, but once we start rolling out applications, the amount of information that will be generated and the amount of usage that will happen will be enormous,” said Rajat Moona, director general of the Pune-based Centre for Development of Advanced Computing (CDAC), the research and development arm of the department of electronics and information technology responsible for the National Supercomputing Mission.

“Big data analysis and big data visualization, these are supercomputing problems. It (handling Aadhaar database) is actually visualization of huge data that can help in the planning,” he added. “When you have that much amount of information, you can do a lot of data analysis and figure out trends. We can thus see what are the policies needed to be defined. Therefore proactive policymaking based on previous trends is possible provided we have data,” he said.

Aadhaar is being used by the government for transferring cash subsidies directly into the bank accounts of beneficiaries in order to plug leakages. It is used to identify beneficiaries for transferring funds under scholarship schemes, pension money, cooking gas subsidy as well as seeding of bank accounts to weed out multiple beneficiaries under the government’s financial inclusion programme.

There are also plans to use Aadhaar to curb black money in real estate transactions. Developing these applications further, says Moona, needs supercomputers, which will give far better results. “In order to develop these applications we need to understand supercomputing and use of supercomputing,” he said. “We don’t have such applications developed…we usually take larger applications developed elsewhere and customize it according to our needs. So applications that are developed for solving India-centric problems will actually give a better output,” he said.

“We are talking about creating related applications that can run on supercomputing cloud of million cores (cloud supported by million-core supercomputers),” he added. “It will be a platform, where we can solve a large number of problems using shared model.” “It (supercomputing cloud) will not be a public cloud. There will be research institutes, research organizations, security agencies, government departments and each of them will have its own data and access pattern.

This is going to be a part of our application-centric usage of (the proposed) supercomputing (grid).” The million-core supercomputing cloud is a part of the government’s Rs.4,500 crore project aimed at setting up a grid of more than 70 supercomputers to be hooked up across these institutions and organizations over the next five to seven years. This will enable Indian researchers to build applications on the network, as well as to harness the power of supercomputers for research and development. India has 12 of the world’s 500 most powerful supercomputers, the largest currently deployed being a 500 teraflops (equivalent to half a petaflop) computer, administered by the CDAC. To work on supercomputing applications in areas such as the Aadhaar database, terrorism, advanced weather monitoring— including cyclone and flood prediction—and geo exploration, the government plans to train 22,000 high-quality professionals over 5-7 years.

Some experts point out that a centralized Aadhaar database faces cybersecurity risks that can threaten people’s privacy. Centralization is a terrible idea from the perspective of cybersecurity, said Sunil Abraham, executive director of the Bengaluru-based research organization Centre for Internet and Society. “This is a honeypot (a computer system that is set up to attract and trap people who attempt to penetrate other people’s computer systems) and variety of bad actors, i.e. criminals, terrorists, as well as states and corporations, will target this database hoping to compromise it.”

A petition filed by former Justice K.S. Puttaswamy in 2012 said that Aadhaar scheme infringes citizens’ privacy as applicants need to provide personal information on biometrics, iris and fingerprints, which infringes their right to privacy that is a part of the fundamental right to life under Article 21 of the Constitution. Security experts have been raising concerns about lack of secure and foolproof system to ensure that all the data will be safe and will not be misused. “How do we address the security and innovation imperative without compromising on the right to privacy? We must build individual transaction databases for each government department/ministry and (have) decentralised authentication. Only anonymized dataset should be made available to the supercomputing applications that are being built,” Abraham said. “For innovation and improved e-governance, anonymized data is sufficient.”

For more details visit https://cis-india.org/internet-governance/news/livemint-february-10-2015-moulishree-srivastava-govt-may-turn-to-supercomputing-for-better-use-of-aadhaar-database

Govt may have made 135 million Aadhaar numbers public: CIS report

praskrishna — 2017-05-03T15:43:37Z

CIS report says Aadhaar numbers leaked through government databases could be 100-135 million and bank accounts numbers leaked about 100 million.

The article by Komal Gupta was published in Livemint on May 2, 2017.

A central government ministry and a state government may have made public up to 135 million Aadhaar numbers, according to a research report issued by Bengaluru-based think tank Centre for Internet and Society (CIS) late on Monday.

The report titled Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar numbers with sensitive personal financial information studied four government databases.

The first two belong to the rural development ministry—the National Social Assistance Programme (NSAP)’s dashboard and the National Rural Employment Guarantee Act’s (NREGA) portal.

The other two databases deal with Andhra Pradesh—the state’s own NREGA portal and the online dashboard of a government scheme called “Chandranna Bima”.

“Based on the numbers available on the websites looked at, the estimated number of Aadhaar numbers leaked through these four portals could be around 130-135 million and the number of bank account numbers leaked at around 100 million from the specific portals we looked at,” said Amber Sinha and Srinivas Kodali, the authors of the research report.

The report claims these government dashboards and databases revealed personally identifiable information (PII) due to a lack of proper controls exercised by the departments.

“While the availability of aggregate information on the Dashboard may play a role in making government functioning more transparent, the fact that granular details about individuals including sensitive PII such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away suggest how poorly conceived these initiatives are,” said the report.

The report said the NSAP portal lists 94,32,605 bank accounts and 14,98,919 post office accounts linked with Aadhaar.

“While the UIDAI (Unique Identification Authority of India) has been involved in proactively pushing for other databases to get seeded with Aadhaar numbers, they take little responsibility in ensuring the security and privacy of such data,” said the report.

UIDAI did not respond to an email from Mint seeking comments.

For more details visit https://cis-india.org/internet-governance/news/livemint-may-2-2017-komal-gupta-govt-may-have-made-135-million-aadhaar-numbers-public-cis-report

Govt likely to issue guidelines to clarify IT rules soon

praskrishna — 2012-12-20T05:24:14Z

Norms relate to the role of intermediaries such as telcos, Web service providers, others on hosting content online, writes Surabhi Agarwal.

The article was first published in LiveMint on December 16, 2012.

After the government issued guidelines on the controversial Section 66A of the Information Technology Act, it is expected to soon come out with similar guidelines to clarify the Information Technology (Intermediaries Guidelines) Rules, 2011, that have also been heavily criticised.

A senior official of the department of electronics and information technology said that even though the government is not looking at amending the overall Act as the legislative process for that would be time consuming, it is hoping to issue guidelines within a week.

The rules were notified in April 2011 with the aim of clearly defining the role of intermediaries—including telcos, Internet and web-hosting service providers and search engines—while hosting content on their networks and websites along with ensuring some level of due diligence by them.

However, this led to outrage among the Internet community as the rules mandated hosts or owners of the websites to take action against “objectionable content” within 36 hours of receiving a complaint. Experts argued that the rules could lead to censorship attempts with some intermediaries complying with illegitimate requests to remove content from websites in a bid to avoid litigation.

The government official said that there had been some confusion about what it meant to take action within 36 hours.

“While the intent was to ensure that intermediaries take cognizance of the request and initiate some proceeding on it, it has been misconstrued as removing content within 36 hours in some cases,” this person said.

The official added that the government was looking at clarifying issues such as this. “We are currently studying the representations sent by different stakeholders on the rules.”

Subho Ray, president, Internet and Mobile Association of India (IAMAI), said that the term “act” should be replaced by “acknowledge” to ensure that it is not wrongly interpreted as removing content within 36 hours.

“We have also requested the time period to be extended to 72 hours as 36 hours is sometimes too short a period if it falls during the weekend,” he said.

While only some clauses address issues such as national interest, public order and security restrictions under which content can be removed, “the remainder of grounds includes private claims such as content which ‘belongs to another person’, or otherwise infringes proprietary rights, or is ‘defamatory’,” said Bangalore-based think tank Centre for Internet and Society (CIS) in its representation, of which Mint has a copy. Moreover, other terms, such as ‘grossly harmful’, ‘harassing’ and ‘disparaging’, are “terminologically indeterminate and purely subjective”, the representation said. It also said that “the intermediary guidelines create a two-track system by which private censorship is legitimized online”.

IAMAI’s recommendations include clearly defining who can qualify as the ‘affected person’ eligible to post a complaint on content, which has currently been left to the discretion and determination of the intermediary.

Ray’s representation also said the rules put the burden of interpretation and acting upon third-party content on the intermediary. “This, we believe is the function of the judiciary and not the intermediaries,” it said.

Guidelines, while bringing some initial clarity, may not be enough, said an executive at a top technology firm who did not want to be identified. “To ensure long-term solutions to some of the issues highlighted, the Act needs to be amended eventually,” he said.

Late last month, the government promised to issue guidelines to the states that complaints under the controversial Section 66A of the IT Act, which criminalizes “causing annoyance or inconvenience” online or electronically, can be registered only with the permission of an officer at or above the rank of deputy commissioner of police, and inspector general in metro cities. However, even in the case of Section 66A, it did not amend the terms in the Section that are said to be vague and subject to interpretation.

For more details visit https://cis-india.org/news/livemint-december-16-2012-surabhi-agarwal-govt-likely-to-issue-guidelines-to-clarify-it-rules-soon

Govt in line of fire over web censorship

praskrishna — 2012-08-25T03:13:19Z

Social media abuzz with allegations of government gagging free speech in the garb of curbing hate messages.

This article by Surabhi Agarwal was published in LiveMint on August 24, 2012. Pranesh Prakash is quoted.

The government is once again in the line of fire over web censorship, with allegations rampant on social media Thursday that it was gagging free speech in the garb of containing hate messages that had led to communal violence and a panic exodus by people from the north-eastern states in some cities.

According to a list first published on its website by The Economic Times, Twitter accounts of some journalists including Kanchan Gupta, a former columnist of the Pioneer newspaper, Shiv Aroor, deputy editor at the Headlines Today news channel, and those of some individuals associated with and sympathetic to right-wing causes have been blocked.

The block wasn’t in place for some of the accounts late Thursday, although this could have been because some internet service providers were slow to follow the government’s orders.

There was outrage on social media, especially on Twitter where #Emergency2012 and #GOIBlocks quickly became top trending topics on the micro-blogging website for India.

“Was it wrong to seek help of Indians for the victims of Assam Riots? Is it a crime in India if you help your fellow citizens in need?” tweeted Anil Kohli, whose account Twitanic is also on the list of blocked Twitter accounts.

Pravin Togadia, international working president of the right-wing Vishwa Hindu Parishad, tweeted: “Some say Gvt blocked my twitter account, some say this, some say that! It is my REAL twitter account. Block TRUTH & there will be 1000M Togadias!”

The government has issued four orders over the last one week to block over 300 web pages. According to a post by Pranesh Prakash of the Centre for Internet and Society, 33% of them were on Facebook, 28% on Google Inc.’s YouTube and around 10% on Twitter.com.

Prakash told Mint that there may be a case of excessive censorship in the damage-control exercise following the communal violence and the scaremongering that followed but the motives do not seem political. “Both Kanchan Gupta and Swapan Dasgupta seem to be having a right wing ideology, but while the former’s account is blocked the latter’s is not,” Prakash said. “The difference is on the kind of content which has been posted.”

While he would accuse the government of not taking sufficient care while drawing up the list, he couldn’t accuse it of trying to curb media freedom. “It is too far (fetched) an accusation and I am not making it.”

For more details visit https://cis-india.org/news/www-livemint-com-aug-24-2012-surabhi-agarwal-govt-in-line-of-fire-over-web-censorship

Govt goes after porn, makes ISPs ban sites

praskrishna — 2013-07-01T10:11:29Z

The government has decided to put a blanket ban on several websites that allow users to share pornographic content.

The article by Javed Anwer was published in the Times of India on June 26, 2013. Sunil Abraham is quoted.

In an order dated June 13, department of telecom (DoT) has directed internet service providers (ISPs) to block 39 websites. Most of them are web forums, where internet users share images and URLs to download pornographic files. But some of these websites are also image hosts and file hosts, mostly used to store and share files that are non-pornographic.

While watching or distributing child pornography is illegal in India, watching adult pornography is not banned. The blocked websites are hosted outside India and claim to operate under the 18 USC 2257 rule enforced by the US. The rule specifies that producers of pornographic material are required to retain records showing performers were over 18 years of age at the time of video or image shoot.

The DoT order doesn't specify any reason or law under which the websites have been blocked. It says, "It has been decided to immediately block the access to the following URLs... you are accordingly directed to immediately block the access to above URLs."

If a user visits the blocked website, he/she is either shown a blank page or a message telling "this website has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications".

A senior DoT official, who pleaded anonymity because he is not authorized to speak to the media, said the department was just following the orders issued by cyber security coordination committee and hence could not talk about the specific reasons behind the block.

Centre for Internet and Society (CIS), a Bangalore-based organization, says blocking of pornographic website is overreach on the part of the government.

"In the case of file hosts and image hosts, which people use for various purposes including for storing personal files, the DoT order is a clear overreach," said Sunil Abraham, director of CIS. "Even in the case of pornography, there is nothing in the IT Act that can be used to block websites hosted outside in India."

He added, "There is a possibility that government is interpreting some sections of the IT Act to suit its purpose but I feel that is wrong and should be challenged in the court by ISPs if they care about the rights of their users."

Rajesh Chharia, president of Internet Service Providers Association of India, said that it was not possible for ISPs to pushback orders from DoT. "We are the licensee and we have to operate under the laws... we can't pushback," he said.

"But I feel ideally the government should ask the people who have produced objectionable content to remove it from the web if these people are in India... If they are outside, the websites should be blocked at the international cable landing stations. Involving 150-odd ISPs to implement an order is not the right way to do it," added Chharia.

Though IT Act doesn't criminalize watching porn, the new rules notified in 2011 have certain provisions that show the government wants to dictate what people watch or do not watch on the web. For example, the rules ask an intermediary like an ISP to "inform users of computer resources not to host, display, upload, modify, publish, and transmit any information that is obscene and pornographic".

The rules meant for cyber cafe owners specify that they "shall display a board, clearly visible to the users, prohibiting them from viewing pornographic sites as well as copying or downloading information which is prohibited under the law".

Abraham says that going after pornographic websites, and that too in a non-transparent manner, serves no purpose.

"I have travelled to China and Middle East and have seen that people access pornographic websites using various web tools. In fact, by banning websites the governments have made it more alluring for users to watch and access pornography," he said. None of the western democracies have explicit ban on pornography.

Abraham added that Indian government should also be more transparent about blocking websites because the current method was prone to abuse. "They should notify owner of the blocked website, clearly tell web users why a website is getting blocked and tell public how many websites they have blocked."

For more details visit https://cis-india.org/news/times-of-india-javed-anwer-june-26-2013-govt-goes-after-porn-makes-isps-ban-sites

Govt cracks down on Twitter

praskrishna — 2012-08-25T02:09:42Z

India’s crackdown on social media platforms for hosting “inflammatory” content — following the violence in Assam and the exodus of northeastern people from several cities — seems to have been a little reckless.

Published in the Hindustan Times on August 24, 2012. Pranesh Prakash is quoted.

The government’s order to internet service providers to block 310 webpages between August 18-21 goes beyond blocking doctored images and videos uploaded to incite passions. Instead, it seeks to block 16 Twitter handles, including those of VHP leader Pravin Togadia and two journalists and even reportage of sectarian violence in international and domestic news websites.

“Block TRUTH & there will be 1000M Togadias!” Togadia tweeted, as the virtual world erupted in protests.

The home ministry insisted it had not asked for individual Twitter handles to be blocked, only for removal of malicious content.

Earlier in the day, the micro-blogging site opened dialogue with the government but sought clarifications before taking a call on blocking content.

"Twitter has promised to cooperate on handles resembling the PMO's," said communications adviser to the PM Pankaj Pachouri, emphasising that the PMO's only demand is that Twitter handle the case in accordance with its rules.

Also on the government's block list are blogs in India and Pakistan that tried to educate web surfers about the morphed photos. One was apparently written by a government officer in Mumbai.

Critics slammed the government for its "ham-handed" and "artless" handling of the situation, which they said came after the morphed images and videos had already done damage.

The Bangalore-headquartered Centre for Internet & Society said the "goodness of the government's intentions seems unquestionable" but it appears to have gone overboard and not by the book.

"The blocking was done without due process of law," Pranesh Prakash at CIS observed. He argued that the government should have engaged with the social media platforms since a majority —217 out of 310 —of the block orders were aimed at Facebook, YouTube, and Twitter.

For more details visit https://cis-india.org/news/www-hindustantimes-com-aug-24-2012-govt-cracks-down-on-twitter

Govt cracks down on cyber jehad network, blocks access to 32 websites

praskrishna — 2015-01-03T03:29:21Z

The Modi government is starting the New Year with the resolve to wipe out terror and it has cracked down on websites that have been carrying anti-India views and spreading the propaganda of the Islamic State (IS).

The article published in India Today on January 1, 2015 quotes Pranesh Prakash.

Reacting to an alert from the antiterror squad of a state police department, the Department of Telecom (DoT) has blocked access to 32 websites. The DoT order that was tweeted by Pranesh Prakash, policy director of the Bangalore-based research organisation, said that 32 URLs have been blocked under section 69 of the Information and Technology Act, 2000.

The order was reportedly issued on December 16 and it was shared on Twitter on Wednesday. GitHub, Archive.org, Imgur, Vimeo, Daily Motion, Pastebin, sourceforge, justpaste, cryptbin were among the sites that were blocked.

As reports emerged on the ban of these sites, there was outrage on Twitter on the issue of internet censorship. However, most of the websites mentioned in the list that were to be blocked were accessible. Pastebin and Internet Archive, two websites that have reportedly been blocked, tweeted their views.

"If you are from India and unable to visit Pastebin, please email us," Pastebin tweeted on December 19. Internet Archive tweeted on December 31 that they too received complaints from users in India who can't access its website.

Reacting to the outrage, Arvind Gupta, national head of the BJP IT Cell took to Twitter and said that these sites have been blocked after an alert from an anti-terrorism squad that most of them were carrying anti-India content from the Islamic State (IS).

"We should congratulate the government for taking a preventive and precautionary step in a proactive manner based on an advisory," Gupta told Mail Today.

He added that he does not have any details of the Department of Telecommunications (DoT) order and only reacted to the Twitter debate on the subject.

Intelligence agencies have been struggling to monitor terror activities on cyber space. There have been reports of terror groups using social media to attract young minds to jehadi ideology.

The recent arrest of Bangalore-based executive Mehdi Masroor Biswas, who was operating a Twitter handle under the the name @ShamiWitness and promoting the views of the Islamic State, has come as a wake-up call for security agencies. Biswas, an engineer working as a "manufacturing executive" with ITC Foods, was nabbed from his rented oneroom apartment after a news report stated that his was the most popular IS Twitter account with close to 17,000 followers, and his tweets were getting viewed over two lakh times a month.

Sources said there are close to 30,000 such Twitter handles and other social media forums along with websites that are spewing venom, and little can be done to monitor all of them and act on time. With cyber threat becoming a clear and present danger, the Centre has decided to set up a highlevel committee to only monitor social media and cyber space. Counter-terror officials believe that the jehadi nexus has a huge bearing on India as youth active on social media are vulnerable to the propaganda being carried out online.

Other than @ShamiWitness, there are Twitter handles such as @MagnetGas with radical views and pro-IS tone that are now under the lens. What is disturbing is that many such sites are India-specific and some are believed to be handled by Indians.

"If there is misuse of Internet and social media, it needs to be dealt with legally. The Internet is like a public place, so if there are extreme views, the state needs to exercise its powers," says D.C. Pathak, former chief of the Intelligence Bureau.

This is not the first time that the DoT has clamped down on websites for promoting "objectionable" content. In June 2013, 39 websites that allowed users to share pornographic content were reportedly blocked.

For more details visit https://cis-india.org/internet-governance/news/india-today-january-1-2015-govt-cracks-down-on-cyber-jehad-network-blocks-access-to-32-websites

Govt blocks 32 websites, including Vimeo and Github

praskrishna — 2015-01-02T16:09:24Z

The websites that have been blocked were based on an advisory by Anti Terrorism Squad, and were carrying anti-India content from ISIS.

The article by Moulishree Srivastava was published in Livemint on December 31, 2014. Pranesh Prakash gave his inputs.

The Indian government has blocked access to 32 websites based on the advice of an anti-terrorism team. The blocked URLs (uniform resource locator, an address to any website on the Internet) include files, videos and source code-sharing websites such as dailymotion.com, github.com, vimeo.com and archive.org.

In an order, tweeted by Pranesh Prakash, policy director at the Bengaluru-based research organization Centre for Internet and Society on Wednesday, the department of telecom said the 32 URLs had been blocked under Section 69 of the Information Technology Act, 2000, and under Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009. “The websites that have been blocked were based on an advisory by Anti Terrorism Squad, and were carrying anti-India content from ISIS (Islamic State of Iraq and Syria),” Arvind Gupta, head of the ruling Bharatiya Janata Party’s information technology cell, said in a message on Twitter.

His tweet came in response to a backlash to the move from Internet users. “The sites that have removed objectionable content and/or cooperated with the ongoing investigations, are being unblocked,” he added. If Internet service providers (ISPs) don’t comply with the demand, they are liable to being penalized, the order said.

The rules give the central government powers to block access to information if it is in the interest of the “sovereignty and integrity of India, defence of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above.” Intermediaries failing to comply with the rules are punishable with fines and prison terms of up to seven years, it notes. “Pastebin is still blocked in India.

We are getting many reports about this. The Indian government has blocked us...,” said one of the source code sharing websites, Pastebin.com, in a tweet. This is not the first time the government has cracked down on websites. A recent report by Freedom House, an independent watchdog, said the information ministry received a total of 130 court orders to block Web content between February 2009 and December 2013.

In February 2014, the then minister of communication and information technology told Parliament that 62 URLs were blocked in 2013 under Section 69A for hosting objectionable information with the potential to disturb public order. As many as 82 URLs were blocked on 18 September 2013 in addition to 26 blocked a week earlier after violence escalated between Hindu and Muslim communities in Muzaffarnagar district of Uttar Pradesh. A total of 362 URLs were blocked in response to communal violence in the northeast, the report said. “The problem isn’t just about the specific sites that are blocked; the prob(lem) always about the bad law...,” tweeted Prakash. “The 69A rules don’t allow for transparency, accountability, time-limits on blocks, etc. So easily misused by govt. + courts + individuals.”

For more details visit https://cis-india.org/internet-governance/news/livemint-december-31-2014-moulishree-srivastava-govt-blocks-32-websites

Govt asks CBI to probe Cambridge Analytica in data breach case

Admin — 2018-07-29T01:47:01Z

Centre directs social media platforms to take prompt action against fake messages

The article by Komal Gupta was published in Livemint on July 27, 2018. Pranesh Prakash was quoted.

The government has written to the Central Bureau of Investigation (CBI) seeking an enquiry into London-based political consultancy Cambridge Analytica, and asked all social media platforms to take prompt action against fake messages, including tracing their origin. Cambridge Analytica is at the centre of a Facebook data breach row, including those of around 562,000 Indian users.

“It is suspected that Cambridge Analytica may have been involved in illegally obtaining data of Indians which could be misused. The government has entrusted this issue to be investigated by the CBI for possible violation of Information Technology Act, 2000 and IPC,” said Ravi Shankar Prasad, electronics and IT minister in response to a calling attention motion in the Rajya Sabha on “Misuse of social media platforms and propagation of fake news causing unrest and violence.”

Media platforms have been directed to work with Indian officials to receive grievance in real time and also inform law enforcement agencies.

“They (social media platforms) will have to ensure that their platforms do not become vehicles of promoting hatred, terrorism money laundering, mob violence and rumour mongering,” said Prasad.

Over the last couple of months, there have been several instances of data breach and fake messages being circulated through social media platforms.

In March, after the data of Indians was allegedly compromised through Facebook by Cambridge Analytica, the government issued notices to the two companies and sought their response. According to Prasad, Facebook responded that it will streamline its internal processes on handling of personal data and Cambridge Analytica violated its platform policies. Cambridge Analytica had said that data of Indians was not breached but this was not in conformity with what was reported by Facebook.

After initial responses, Cambridge Analytica stopped responding to letters from the IT ministry after which the government ordered a CBI probe into the matter. Over the last month, a spate of mob lynchings has been reported from several states, including Assam, Maharashtra, Karnataka, Tripura, Jharkhand and West Bengal, following fake messages spread through Facebook-owned messaging service WhatsApp.

According to Prasad, the government is initiating measures to increase awareness about fake news with the support of all stakeholders.

On 19 July, the government directed WhatsApp to come out with more effective solutions that can bring in accountability and facilitate enforcement of law in addition to their efforts to label forwards and identify fake news. After this, the social media giant limited forward messages to five chats at once instead of multiple chats at once.

“It now plans to the remove forward button (icon) adjacent to a video or audio message. They also plan to bring fact checking and fake news verification mechanism,” added Prasad.

Earlier this month, WhatsApp rolled out a new feature that would clearly mark forwarded messages in a move aimed at curbing the spread of rumours.

As of March, there were more than 460 million Indian users of social media platforms, including Facebook, Twitter, YouTube and WhatsApp.

The ministry of home affairs (MHA) has issued a number of advisories on incidents of lynching by mobs fuelled by rumours of lifting/kidnapping of children and cyber crime prevention and control. It has also constituted a group of ministers and a high level committee to formulate appropriate measures to address mob violence and lynchings in the country.

“The government doesn’t seem to have understood the meaning of ‘abetment’ under the IPC, nor does it seem to understand the protections afforded to intermediaries like messaging platforms under section 79 of the Information Technology Act. Messaging platforms like WhatsApp cannot legally be held to be abettors, plain and simple,”said Pranesh Prakash, fellow at the Centre for Internet and Society, a Bengaluru-based think tank.

For more details visit https://cis-india.org/internet-governance/news/livemint-july-27-2018-komal-gupta-govt-asks-cbi-to-probe-cambridge-analytica-in-data-breach-case

Government's stand on internet governance draws applause from civil society organisations

praskrishna — 2015-06-29T15:40:07Z

India's decision to support the multistakeholder model of internet governance has drawn mostly applause from civil society organisations and individuals who have been following the issue, even as they cautioned that implementation will determine the success of the model.

The article by Neha Alawadhi was published in Economic Times on June 24, 2015. Sunil Abraham gave his inputs.

A day after communications and IT minister Ravi Shankar Prasad said India will support the multistakeholder model, reactions poured in on Tuesday, largely hailing the move to break the longstanding status quo on the issue.

"What matters now is how the approach articulated by the minister is translated into coordinated action across various fora, including ICANN, BRICS, and perhaps most crucially the UN WSIS+10 Review Process, which culminates in the meeting of the UN General Assembly in December 2015," said Vinay Kesari, a lawyer specialising in ICT and internet governance.

Not just at international fora, India also needs to figure out tistakeholder stand within the country, said Arun Mohan Sukumar, senior fellow at the Centre for Communication Governance, National Law University. "Multistakeholderism is very attractive in principle but, as the ICANN experience shows, it is susceptible to concerns like elite capture and lack of accountability to the general public," he said.

Prasad made the announcement in a video address during the opening ceremony of the Internet Corporation for Assigned Names and Numbers (ICANN)'s 53rd public meeting in Buenos Aires on Monday. ICANN manages the Domain Name System (DNS), which helps organise the internet with the allotment of domain names such as .com, .org and .net and has often come under the scanner for not being transparent enough.

The multistakeholder model involves all stakeholders such as businesses, civil society, governments, research institutions and non-governmental organisations in the dialogue, decision-making and implementation of policymaking and governance.

The external affairs ministry, telecom department and the department of electronics and IT have long held divergent views on issues of internet governance, with no clear stand being made at international platforms. While welcoming the announcement, Sunil Abraham, executive director at the Centre for Internet and Society, said the minister could have explained in greater detail, especially the ongoing transition of internet governance control from US government to a multistakeholder model.

"He also spoke about government being responsible for security and human rights over the internet, which adds to the confusion over whether India will really let the internet be a fair and free medium," he said.

Prasanth Sugathan, counsel for the Software Freedom Law Centre, said the government should seek the views of other stakeholders as well on the issue. "When you talk of multistakeholderism, it should not be only at an international level. It should also happen at a national level. The government should have other parties also contributing to issues of internet governance," he said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-june-24-2015-neha-alawadhi-govts-stand-on-internet-governance-draws-applause-from-civil-society-organisations

Government washes hands of Google's new privacy policy

praskrishna — 2012-04-10T09:40:55Z

The government has more or less washed its hands of internet giant Google's new privacy policy that is being criticised in Europe and elsewhere, but wants Indian residents to watch out for themselves, writes Jayadevan in this article published in the Economic Times on April 10, 2012.

Google's new privacy policy provides information on how personal information is collected, processed and secured, as required by relevant Indian laws. "The end users, however, need to fully understand the privacy policy of Google, the consequences of sharing their personal information and their privacy rights before they start using online services," Sachin Pilot, India's minister for information technology, stated in Rajya Sabha on March 30.

Ever since Google came out with a unified privacy policy in January, it has been facing criticism from many users and privacy advocates, especially in Europe where privacy is a fundamental right. The new policy unified separate privacy polices relating to nearly 60 of Google's services.

The new policy also lets the separate Google services, such as Gmail, Google Search or Youtube, share data among each other. In Europe, Google is facing potential sanctions or even fine over its new privacy policy.

Section 43A of the India's amended Information Technology Act (2000) has established a legal framework for data privacy protection in the country. The rules notified last year explain security practices to be followed and the need for guarding sensitive personal information. The Act also requires Indian corporations to publish a privacy policy.

"Google has published a Privacy Policy on their website," said the minister. "Any change in the privacy policy is not within the purview of amended Information Technology Act 2000," Pilot added. Venkatesh Hariharan (Venky), head of public policy and government affairs at Google India, has left the company last month and did not want to comment.

According to the Pilot, while France's independent privacy watchdog, the CNIL (nationale de I'informatique et des libertes) has said that the changes to Google's privacy policy do not comply with the European law, rectification of conflict between Google, an American company and European directive on data protection is not within the purview of the Indian government.

CNIL, the data protection watchdog in France had asked Google to answer 69 questions including what it does with the data collected from users and how long it is retained to better understand the consequences of the new policy for Google users.

Experts agree Google privacy policy is in compliance with Sec 43A of IT Act but cautioned that it may not be enough. "Section 43A does not have all the privacy safeguards that exist for citizen in developed countries," said Sunil Abraham, executive director at the Centre for Internet and Society.

Abraham advocates the creation of a privacy commissioner. "It is important to have a independent and autonomous regulator who can respond on a proactive basis when confronted with evidence of abusive practices," he said.

Legal provisions will have to enable the creation of such a regulator, says cyber law expert Vakul Sharma. "You can not create a regulator out of thin air. You should have legislation for privacy. In India we do not have any such legislation," said Sharma.

The IT act classifies information into two - personal information and sensitive personal information. Safeguards under the section 43A and rules apply to sensitive personal information which includes biometric information, information related to health, passwords, sexual orientation and financial information among others.

"Users must be aware that Google's new policy does not have room for categorization according to Indian laws," says Sharma. "It is a plain vanilla document. The users need more," he added.

Read the original published in the Economic Times on April 10, 2012. Sunil Abraham is quoted in it.

For more details visit https://cis-india.org/news/govt-washes-hands-of-google-privacy-policy

Government to hold talks with stakeholders on Internet censorship

praskrishna — 2012-09-04T03:39:32Z

In an unprecedented move, the government, through the Department of Telecommunications and the Department of Electronics and Information Technology, has agreed to initiate dialogue on Internet censorship with mega Internet companies, social media giants such as Google and Facebook, members of civil society, technical community, media, ISPs and legal experts.

This article by Shalini Singh was published in the Hindu on September 4, 2012. Pranesh Prakash's analysis is quoted.

The triggers for the discussion, which will be held on Wednesday, are the riots in Assam, Mumbai and Uttar Pradesh, as well as the mass exodus of north-east Indians from Bangalore, which resulted in bringing the government, civil society organisations and the media to a flashpoint.

Two of India’s seniormost officers in the area of Internet censorship, DoT Secretary R. Chandrashekhar and Director General, CERT-IN, Gulshan Rai will engage with a range of stakeholders in a two-hour meeting titled ‘Legitimate Restrictions on Freedom of Online Speech: The need for balance – from Deadlock to Dialogue.’

Other panellists include representatives from Google and Facebook; Pranesh Prakash from the Centre for Internet and Society (a civil society group); Prabir Purkayasta, Delhi Science Forum (technical community); Paranjoy Guha Thakurta, president, Foundation for Media Professionals; Rajesh Chharia, president, Internet Service Providers Association of India; and Apar Gupta, an advocate dealing with cyber issues.

One analysis by the CIS has shown that 309 specific items, including URLs, Twitter accounts, IMG tags, blog posts and blogs were blocked. Complaints arose when blocking a page resulted in the blocking of an entire website — which has scores or hundreds of web pages. The government maintained that this was necessary as there was a sense of crisis. Home Minister Sushil Kumar Shinde insisted that the government was “taking strict action only against those accounts or people which are causing damage or spreading rumours.” However, the collateral damage of the move was the Twitter accounts of several people, including journalists like Kanchan Gupta, being blocked.

“Mass censorship is like killing a fly with a sledgehammer. Rather than blocking the sites, the government should have used the same media, Facebook, Twitter and Google to counter terrorism and hate speech. I am glad that they are now open to dialogue,” says Mr. Thakurta.

“It is an extremely productive move as it will generate awareness among content providers, government and users. In the absence of any dialogue, everyone was just sticking to their own positions without listening to the other stakeholders’ point of view,” says Mr. Chharia.

The meeting is to bring several stakeholders in dialogue on a single platform.

Nearly 50 other experts from industry, mobile service providers, Internet companies, intermediaries, academia and some international organisations as well as multilaterals are expected to join the conference, which will be held at 2.30 p.m. on September 4 at FICCI.

While this is seen as a brave attempt by some, there are an equal number of sceptics who believe that the discussion may not yield the desired result given the national security objectives governing law enforcement agencies on the one hand and the desire of users, media and civil society to preserve free speech on the other. Clearly, ISPs, Internet companies and social media are in a tough spot since they face legal obligations on legitimate orders for blocking on one hand while needing to protect their user privacy and rights to unhindered access to information.

If successful, it is possible that this dialogue will ensure that legitimate restrictions do not slide into illegitimate censorship.

For more details visit https://cis-india.org/news/www-the-hindu-com-shalini-singh-sep-4-2012-govt-to-hold-talks-with-stakeholders-on-internet-censorship