We are anonymous, we are legion

Cyber Dialogue Conference 2014

praskrishna — 2014-04-08T05:09:54Z

The Cyber Dialogue conference, presented by the Canada Centre for Global Security Studies at the Munk School of Global Affairs, University of Toronto, will convene an influential mix of global leaders from government, civil society, academia and private enterprise to participate in a series of facilitated public plenary conversations and working groups around cyberspace security and governance.

Malavika Jayaram is participating in this event being held on March 30 and 31, 2014. Full event details here.

After Snowden, Whither Internet Freedom?

A recent stream of documents leaked by former NSA contractor Edward Snowden has shed light on an otherwise highly secretive world of cyber surveillance. Among the revelations — which include details on mass domestic intercepts and covert efforts to shape and weaken global encryption standards — perhaps the most important for the future of global cyberspace are those concerning the way the U.S. government compelled the secret cooperation of American telecommunications, Internet, and social media companies with signals intelligence programs.

For American citizens, the NSA story has touched off soul-searching discussions about the legality of mass surveillance programs, whether they violate the Fourth and Fifth Amendments of the U.S. Constitution, and whether proper oversight and accountability exist to protect American citizens' rights. But for the rest of the world, they lay bare an enormous “homefield advantage” enjoyed by the United States — a function of the fact that AT&T, Verizon, Google, Facebook, Twitter, Yahoo!, and many other brand name giants are headquartered in the United States.

Prior to the Snowden revelations, global governance of cyberspace was already at a breaking point. The vast majority of Internet users — now and into the future — are coming from the world’s global South, from regions like Africa, Asia, Latin America, and the Middle East. Of the six billion mobile phones on the planet, four billion of them are already located in the developing world. Notably, many of the fastest rates of connectivity to cyberspace are among the world’s most fragile states and/or autocratic regimes, or in countries where religion plays a major role in public life. Meanwhile, countries like Russia, China, Saudi Arabia, Indonesia, India, and others have been pushing for greater sovereign controls in cyberspace. While a US-led alliance of countries, known as the Freedom Online Coalition, was able to resist these pressures at the Dubai ITU summit and other forums like it, the Snowden revelations will certainly call into question the sincerity of this coalition. Already some world leaders, such as Brazil’s President Rousseff, have argued for a reordering of governance of global cyberspace away from U.S. controls.

For the fourth annual Cyber Dialogue, we are inviting a selected group of participants to address the question, “After Snowden, Whither Internet Freedom?” What are the likely reactions to the Snowden revelations going to be among countries of the global South? How will the Freedom Online Coalition respond? What is the future of the “multi-stakeholder” model of Internet governance? Does the “Internet Freedom” agenda still carry any legitimacy? What do we know about “other NSA’s” out there? What are the likely implications for rights, security, and openness in cyberspace of post-Snowden nationalization efforts, like those of Brazil’s?

As in previous Cyber Dialogues, participants will be drawn from a cross-section of government (including law enforcement, defence, and intelligence), the private sector, and civil society. In order to canvass worldwide reaction to the Snowden revelations, this year’s Cyber Dialogue will include an emphasis on thought leaders from the global South, including Africa, Asia, Latin America, and the Middle East.

For more details visit https://cis-india.org/news/cyber-dialogue-conference-2014

Cyber criminals hide in the ‘dark web’ to remain anonymous

Tushar Kaushik — 2019-05-02T13:55:39Z

An increasing number of cyber criminals are using the dark web — the encrypted part of the internet that cannot be tracked — to shop for software that helps them remain anonymous while carrying out their crimes.

The article by Tushar Kaushik was published in Economic Times on May 2, 2019. Karan Saini was quoted.

The dark web is a part of the deep web, the non-indexed part of the world wide web that cannot be accessed by standard search engines such as Google and requires encrypted networks such as Tor browser.

The most significant feature of this world is that the identity of its users is hidden and cannot be tracked, which is why several illicit products such as weapons and drugs are available here. Cyber criminals, too, appear to be shopping here.

According to app developer and cofounder of TBG Labs Harsha Halvi, the deep web makes up as much as about 65- 75% of the world wide web. “Many tools that can be used to commit cyber frauds are available on the dark web,” said cyber crime police station inspector M Chandrappa. Deputy superintendent at the cyber crime police station of CID MD Sharath said it was difficult to ascertain the frequency of usage of such applications by criminals.

Those fighting cyber crime in Bengaluru say that as most cases are not detected, chances are that more and more criminals are using the dark web. While investigating a case recently, a suspect admitted to having downloaded a software from the dark web that enabled him to disguise his number and also prevent it from being traced, the police said. “If a person has used tools from the dark web to hide his number, the investigation ends right there, as we do not have the necessary tools and software to trace the person,” a senior police officer said.

Experts say that while there are ways to trace activity on the dark web, police officials would require special training and specific information about the activity. Security researcher and policy officer at the Centre for Internet and Society Karan Saini said, “Attempting to track unconventional online behaviour would call for development of new methods, along with formal training for those involved, especially if malicious actors are using the Tor network to carry out illicit activities instead of the clear web.”

Halvi said some agencies like the FBI deploy ethical hackers to track specific websites on the dark web. “But they, too, have to rely on getting specific information from people to investigate the dark web. It is a time-consuming process.”

Bitcoin transactions are the preferred mode of payment for purchases on the dark web as they cannot be traced. However, Saini said some US-based researchers have written academic papers on how bitcoin exchanges can be tracked.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-2-2019-tushar-kaushik-cyber-criminals-hide-in-the-dark-web-to-remain-anonymous

Cyber crimes shoot up 52% in India over last year

praskrishna — 2014-07-03T10:14:26Z

There has been a sharp increase in the incidence of cyber crime in the country. The number of cases registered in 2013 under the IT Act has gone up by 52 per cent to 4,192 as against 2,761 in the previous year.

The article by K.V.Kurmanath was published in the Hindu Businessline on July 2, 2014. Bhairav Acharya gave his inputs.

If you add the cases registered under the IPC, the total number of cyber crime cases crosses the 5,500-mark. Police across the country arrested 3,301 persons in connection with these cases.

Maharashtra and Andhra Pradesh (undivided) have topped the list with 681 and 635 cases respectively under the IT Act, both showing an almost 50 per cent growth in cyber crimes over the previous year. In the previous year, Maharashtra had registered 471 and Andhra Pradesh 429.

Cyber security experts have been cautioning people to be careful while using the Internet. Besides increasing the security of the networks they are using, users must be careful while engaging with strangers.

A recent Microsoft report said many customer infections involve users tricked to install secondary offers, indicating a shift in malware proliferation. According to the latest data provided by the National Crime Records Bureau, the official chronicler of crime in the country, cyber crime registered under the Indian Penal Code (IPC) has shown a much higher growth rate of 122 per cent in 2013 over the previous year’s figure. IPC cases went up to 1,316 in 2013 from 595 in the previous year. Maharashtra topped the list here too with the cops booking 226 cases in this category.

Wrong nomenclature?

Bhairav Acharya of the Centre for Internet and Society feels that the term cyber crime has not been defined well. “It is time we do away with the practice of calling any crime a ‘cyber crime’ just because the person who does it uses a computer,” he said.

“Instead, I think the term ‘cyber crime’ should only be used in relation to offences that can only be committed by using information and communications technology (ICT) such as the internet (which is comprised of the world wide web, email protocols, file transfer protocols, and more) as well as network infrastructure that is not the internet,” he said.

Hence, only if there is a direct causal link between the crime and ICT and network technology should a crime be called a cyber crime, Acharya says.

Other States with a high number of cases booked under the IT Act include Karnataka (513), Kerala (349), Madhya Pradesh (282) and Rajasthan (239). Gujarat showed a decline with the number coming down to 61 from 68 in the previous year.

For more details visit https://cis-india.org/news/the-hindu-business-line-july-2-2014-kv-kurmanath-cyber-crimes-shoot-up-in-india-over-last-year

Cyber Crime & Privacy

merlin — 2011-09-01T09:36:11Z

India is a growing area in the field of active Internet usage with 71 million Internet users.

Introduction

India is a growing area in the field of active Internet usage with 71 million Internet users.[1] “Cyberspace is shorthand for the Web of consumer electronics; computers and communication networks that interconnect the World”. [2] The recent incidents of hacking into various popular websites of Yahoo, CNN, Sony, the CBI and the Indian Army raise the very pertinent issue of online data privacy. This blog will examine the growing instances of hacking websites and its impact on data privacy.

Cyber Crime

“Cybercrime is a criminal offence on the Web, a criminal offence regarding the Internet, a violation of law on the Internet, an illegality committed with regard to the Internet, breach of law on the Internet, computer crime, contravention through the Web, corruption regarding Internet, disrupting operations through malevolent programs on the Internet, electric crime, sale of contraband on the Internet, stalking victims on the Internet and theft of identity on the Internet.”[3]

The computer age gave rise to a new field of crime namely “cybercrime” or “computer crime”. During the 1960s and 1970s cybercrime involved physical damage to the consumer system. Gradually computers were attacked using more sophisticated modus operandi where individuals would hack into the operating system to gain access to consumer files. The 1970s - through to the present - saw cybercrimes taking different trajectories like impersonation, credit card frauds, identity theft, and virus attacks, etc.[4]

The IT Act 2000 was enacted by the government to punish such acts of cyber crime. The Act was amended in the year 2008[5].

Cybercrime — An Overview: India

The IT Act 2000 was enacted by the government in 2000 to punish acts of cyber crime. The Act was amended in the year 2008[5]. According to the National Crime Records Bureau, cyber crime is on the rise. The Bureau reported that 420 cases were reported under the IT Act in the year 2009 alone, which was a 45.8 per cent increase from the year 2008. [6] The NCRB data on cyber crime also provides a useful insight as to the growing awareness of the IT Act. The data clearly shows an increase in the number of cases reported from the years 2005 to 2009.[7]. Hacking and obscene [8] publication/transmission are the highest reported crimes with the highest rate of conviction under the IT Act 2008.

Cyber Attack: No One is Safe!!

In February 2000 the many ‘busy’ Internet websites were jammed shut by hackers causing a national upheaval in the USA with the then President Clinton calling in a high level meeting with experts from around the world. Websites like Yahoo.com were forced to shut down for three hours after they were ‘smurfed’ by hackers [9]. Many other websites like Amazon.com and CNN.com were also attacked by the same hackers. Hacking such popular websites within a span of few hours was unprecedented which left many, including the FBI, clueless. By far these are the most serious cyber attacks in the history of Internet. The attacks not only shut down important sites, but also highlighted a very disturbing growing trend. If such popular websites were shut down by unknown perpetrators then how in the world will these and similar sites be able to protect scores of personal data and credit card information of the customers they pledge to serve?

More recently cyber vandals attacked the US Senate website on the 14 June 2011, causing a huge security scare [10]. This instance again brings us to the pertinent question of the safety of our personal data held by these websites. If the personal data of the US Senators can be breached by somebody, then certainly we as consumers should be very wary of the cyberspace and its ability to protect our data.

Closer Home

On June 8, a group claiming to be “anonymous” hacked into the government’s National Information Centre to protest against the anti-graft agitation [11]. The same group was accused of hacking into the Indian Army’s website although no report of data theft was claimed by the government. Last year in December a Pakistani hacker group named Predators PK hacked into various websites including the website of the CBI.[12]

Cyber Crime: Its Implications to Privacy

Internet security has become an important issue. Recent cyber attacks on various important websites has placed many consumers at risk and vulnerable to cyber criminals. The hacking attack on the Sony website on April 16 and 17 led to the theft of 26.4 million SOE (Sony Online Enterprise) Accounts. The criminals even hacked into a 2007 database which held credit and debit card information of 23,400 customers.[13]

Attacks such as these demonstrate the vulnerability of websites, and the possibility of serious harm to a countries economy and security. Furthermore, consumers’ personal data can be used by hackers to extort and blackmail individuals.

The Internet has become a huge stakeholder in facilitating trade and e-commerce, subsequently cyberspace has become a large network of communication and commerce. We carry out a number of tasks on the Internet — from e-shopping and e-ticketing to e-banking. Though the recent attacks on the CBI website, and the Indian Army website did catch some attention from the media, and the government did make some noise about it, the issue slowly faded away. The government cannot seem to protect its own websites which houses sensitive details of national security, but seems confident about putting personal data and biometrics of a billion plus population under the AADHAR scheme [14] onto a web server which can be hacked anytime by almost anybody with a personal computer in China or Pakistan.[15]

Privacy: No More?

Data generated in cyberspace are a fingerprint of an individual which is detailed, processed, and made permanent.[16] The cyberspace generates a blue print of our whole personality as we navigate through a health site, pay our bills, or shop for books at Amazon.com. The data collected by surfing through all these domains creates a fitting profile of who we are. [17] When hackers and cyber vandals steal this very information, it becomes a gross violation of our privacy.

Conclusion

Privacy does not exist in cyber space. The various websites that offer varied services to its consumers fail to protect their personal data time and again. The Sony website including its play station and music website was hacked at least three times this year. Scores of personal data was stolen and the consumers were kept in dark regarding the breach for almost a week. Speaking as a consumer, if a large corporate company like Sony cannot protect its website from being hacked into, it is hard to imagine other websites protecting itself from attacks.

The rise of the Internet has brought with it a new dimension of crime. The IT Act 2000 has brought some reprieve to the aggrieved according to the NCRB. Despite this, the IT Act clearly will not completely deter criminals from hacking into websites, as was demonstrated in the NCRB report. The cyber criminals of the February 2000 cyber attacks have yet to be apprehended and the attacks on various websites have been increasing every year.

Despite progress being made on enacting cyber laws and implementing them, cyber crime is still not nipped in the bud. Governments can do precious little to stop it and only hope that a cyber criminal can be traced back and be punished. Hence, Internet users need to more careful of the sites they visit; know the privacy policy of these websites to protect their personal data as much as possible.

Notes

[1] According to an annual survey conducted by IMRB and Internet and Mobile Association of India for the year 2009 – 2010.

[2] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

[3] http://legal-dictionary.thefreedictionary.com/cybercrime

[4] http://www.mekabay.com/overviews/history.pdf

[5]http://www.cyberlaws.net/itamendments/index1.htm

[6] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[7] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[8] http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf

[9] http://www.pbs.org/newshour/extra/features/jan-june00/hackers_2-17.html

[10] http://in.reuters.com/article/2011/06/14/idINIndia-57677720110614

[11] http://www.thinkdigit.com/General/Anonymous-hacks-Indian-govt-website-to-support_6933.html

[12] http://www.deccanherald.com/content/117901/pakistan-hackers-wage-cyber-war.html

[13] http://mashable.com/2011/05/03/sony-another-hacker-attack/

[14] http://uidai.gov.in/

[15] http://www.securitywatchindia.org.in/selected_Article_Cyber_warfare.aspx

[16] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

[17] http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true

For more details visit https://cis-india.org/internet-governance/cyber-crime-privacy

Cyber bullying is a crime, but open to interpretation: Expert

praskrishna — 2014-12-07T10:54:32Z

The social media attack on a Doordarshan anchor who made a series of gaffes at the recent Goa film festival would qualify as cyber bullying, experts say, but hasten to add there is not much that can be done to prevent such behaviour online, given the humungous size of the virtual universe.

The article by Neha Alawadhi was published in the Times of India on December 2, 2014. Pranesh Prakash gave his inputs.

The anchor reportedly shut down all her online accounts following the slew of unflattering and personal comments that she was bombarded with after the video of the event went viral and was shared across Facebook, Twitter and YouTube, among other such platforms.

Under Section 66 (A) of the IT Act, 2000, cyber bullying is a bailable offence, punishable with three years of imprisonment and fine. However, the complainant and police can interpret what constitutes offensive behaviour, said cyber law expert Pavan Duggal.

"Just as we don't regulate jeering and taunting of adults when it happens in person, as opposed to a threat of violence, unless there is a special case made out for the harm of online taunting, I don't think there is a case for a legislative response," said Pranesh Prakash, policy director at Bengaluru-based Centre for Internet and Society.

According to a recent report by McAfee, part of Intel Security, half of Indian youths have had some experience with cyber bullying and of these over a third (36%) have been bullied themselves online.

IT and cybersecurity expert Rakshit Tandon recalled the trauma a young professor at one of the top colleges underwent when an old picture of her, from one of her social media accounts, went viral and became the butt of unflattering comments by students. "Once it goes viral, you can't track who is sharing or sending it," he said.

"We don't have one personality anymore," said Adhvith Dhuddu, founder and CEO of digital marketing agency Alive-Now, which handles social and digital for brands online. "We have an offline personality and we have an online personality, and this is true for anyone —whether you are a brand, person, book or a movie," he added.

Several schools, NGOs and individuals are working towards educating children and young people about the dangers of sharing information online, but often find themselves at a loss when confronted with real situations every day.

The approach AliveNow's Dhuddu takes is to "engage first and ban later". He said, "We try to reason with people. We always take any grievance offline, we don't try to solve a grievance online."

For individuals, however, the offline route may be impractical or infeasible. Tandon believes the only way is to "sensitise people", while CIS's Prakash says a person can "block abusive users, set one's account in private mode and just get off such social networks for a while till the situation cools off".

For more details visit https://cis-india.org/internet-governance/news/economic-times-december-2-2014-neha-alawadhi-cyber-bullying-is-a-crime-but-open-to-interpretation

Cyber Appellate Tribunal in Bengaluru

praskrishna — 2012-05-30T05:47:48Z

Bengaluru will be home to the southern chapter of the Cyber Appellate Tribunal (CAT), which will reach out to victims of cyber crime, the state government announced at the Cyber Security Summit here on Tuesday.

Pranesh Prakash is quoted in this article published in the Deccan Herald on May 9, 2012.

But on the other hand, the IT Secretary, who is the state adjudicator, has held in all the cases that he has no jurisdiction to pass orders against the banks and that no complaint can be admitted under Section 43 of the IT Act against any corporate entity.

"The state IT secretary has passed more than 80 orders. They include both cases of phishing and orders against cyber cafes for not adhering to rules under the IT Act. The Adjudicator has held that ‘section 43 of IT Act is not applicable to a body or Corporate’, after the amended IT Act came into force in 2008," said Pranesh Prakash of the Centre for Internet Society "I feel Section 43 has been mis used . The definition given in this section cannot be understood either by lawyers or technical people. If there is a genuine case of phishing and a user has suffered losses over the internet then there should be no ambiguity in passing the order," he said.

For more details visit https://cis-india.org/news/cyber-appellate-tribunal-bengaluru

Cyber 360

praskrishna — 2015-10-14T02:22:27Z

Synergy Foundation organized the Cyber 360 conference in Bangalore on September 29 and 30, 2015. Sunil Abraham participated in the event.

As part of Cyber 360 Degree, a two-day conference on cyber security continuing Wednesday in Bangalore, experts from around the world gathered to discuss global threats to information security, particularly focusing on open wifi, which poses a huge threat to information security. The conference aimed to bring together strategic security practitioners, policymakers, media and business enterprises on a single platform to obtain a 360o perspective on cybersecurity. It was an endeavour to create a holistic security strategy that will help to achieve resilience against modern cyber-threats. A range of keynote presentations and panel discussions will give participants a rare chance to interact and learn from leading cyber security experts and solution providers from around the world.

The Participants

 CEOs, Members of Board and CIOs of more than 60 companies
 Security practitioners
 Policy-makers
 Leading Academia
 International think tanks & media

Download the agenda

For more details visit https://cis-india.org/internet-governance/news/cyber-360

Curating Genderlog India's Twitter handle

Admin — 2019-05-14T14:40:08Z

Shweta Mohandas has been nominated to curate Genderlog's Twitter handle (@genderlogindia).

Shweta Mohandas will be tweeting about topics related to gender and data, more specifically around AI, big data, privacy and surveillance. To view the tweets, click here

For more details visit https://cis-india.org/internet-governance/news/curating-genderlog-indias-twitter-handle

Cultivating India’s Cyber Defense Strategy

Admin — 2019-11-13T14:39:19Z

For more details visit https://cis-india.org/internet-governance/files/cultivating-india2019s-cyber-defense-strategy

Cryptocurrency Regulation in India – A brief history

vipul — 2020-03-05T18:36:09Z

In March 2020, the Supreme Court of India quashed the RBI order passed in 2018 that banned financial services firms from trading in virtual currency or cryptocurrency. Keeping this policy window in mind, the Centre for Internet & Society will be releasing a series of blog posts and policy briefs on cryptocurrency regulation in India

The story of cryptocurrencies started in 2008 when a paper titled “Bitcoin: A Peer to Peer Electronic Cash System” was published by a single or group of pseudonymous developer(s) by the name of Satoshi Nakamoto. The actual network took some time to start with the first transactions taking place only in January 2009. The first actual sale of an item using Bitcoin took place a year later with a user swapping 10,000 Bitcoin for two pizzas in 2010, which attached a cash value to the cryptocurrency for the first time. By 2011 other cryptocurrencies began to emerge, with Litecoin, Namecoin and Swiftcoin all making their debut. Meanwhile, Bitcoin the cryptocurrency that started it all started getting criticised after claims emerged that it was being used on the so-called “dark web”, particularly on sites such as Silk Road as a means of payment for illegal transactions. Over the next five years cryptocurrencies steadily gained traction with increased number of transactions and the price of Bitcoin, the most popular cryptocurrency shot up from around 5 Dollars in the beginning of 2012 to almost 1000 Dollars at the end of 2017.

Riding on the back of this wave of popularity, a number of cryptocurrency exchanges started operating in India between 2012 and 2017 providing much needed depth and volume to the Indian cryptocurrency market. These included popular exchanges such as Zebpay, Coinsecure, Unocoin, Koinex, Pocket Bits and Bitxoxo. With the price of cryptocurrencies shooting up and because of its increased popularity and adoption by users outside of its traditional cult following, regulators worldwide began to take notice of this new technology; in India the RBI issued a Press Release cautioning the public against dealing in virtual currencies including Bitcoin way back in 2013. However, the transaction volumes and adoption of cryptocurrencies in India really picked up in earnest only after the demonetisation of high value currency notes in November of 2016, with the government’s emphasis on digital payments leading to alternatives to traditional online banking such as cryptocurrencies forcing their way into the public consciousness. Indian cryptocurrency exchanges started acquiring users at a much higher pace which drove up volume for cryptocurrency transactions on all Indian exchanges. The growing popularity of cryptocurrencies and its adoption by large numbers of Indian users forced the RBI to issue another Press Release in February 2017 reiterating its concerns regarding cryptocurrencies raised in its earlier Press Release of 2013.

In October and November, 2017 two Public Interest Petitions were filed in the Supreme Court of India, one by Siddharth Dalmia and another by Dwaipayan Bhowmick, the former asking the Supreme Court to restrict the sale and purchase of cryptocurrencies in India, and the latter asking for cryptocurrencies in India to be regulated. Both the petitions are currently pending in the Supreme Court.

In November, 2017 the Government of India constituted a high level Inter-ministerial Committee under the chairmanship of Shri Subhash Chandra Garg, Secretary, Department of Economic Affairs, Ministry of Finance and comprising of Shri Ajay Prakash Sawhney (Secretary, Ministry of Electronics and Information Technology), Shri Ajay Tyagi (Chairman, Securities and Exchange Board of India) and Shri B.P. Kanungo (Deputy Governor, Reserve Bank of India). The mandate of the Committee was to study various issues pertaining to Virtual Currencies and to propose specific actions that may be taken in relation thereto. This Committee submitted its report in July of 2019 recommending a ban on private cryptocurrencies in India.

In December 2017 both the RBI as well as the Ministry of Finance issued Press releases cautioning the general public about the dangers and risks associated with cryptocurrencies, with the Ministry of Finance Press Release saying that cryptocurrencies are like ponzi schemes and also declaring that they are not currencies or coins. It should be mentioned here that till the end of March 2018, the RBI and the Finance Ministry had issued various Press Releases on cryptocurrencies cautioning people against their risks, however none of them ever took any legal action or gave any enforceable directions against cryptocurrencies. All of this changed with the RBI circular dated April 6, 2018 whereby the RBI prevented Commercial and Co-operative Banks, Payments Banks, Small Finance Banks, NBFCs, and Payment System Providers not only from dealing in virtual currencies themselves but also directing them to stop providing services to all entities which deal with virtual currencies.

The effect of the circular was that cryptocurrency exchanges, which relied on normal banking channels for sending and receiving money to and from their users, could not access any banking services within India. This essentially crippled their business operations since converting cash to cryptocurrencies and vice versa was an essential part of their operations. Even pure cryptocurrency exchanges which did not deal in fiat currency, were unable to carry out their regular operations such as paying for office space, staff salaries, server space, vendor payments, etc. without access to banking services.

As a the operations of cryptocurrency exchanges took a severe hit and the number of transactions on these exchanges reduced substantially. People who had bought cryptocurrencies on these exchanges as an investment were forced to sell their crypto assets and cash out before they lost access to banking facilities. The cryptocurrency exchanges themselves found it hard to sustain operations in the face of the dual hit of reduced transaction volumes and loss of access banking services. Faced with such an existential threat, a number of exchanges who were members of the Internet and Mobile Association of India (IMAI), filed a writ petition in the Supreme Court on May 15, 2018 titled Internet and Mobile Association of India v. Reserve Bank of India, the final arguments in which were heard by the Supreme Court of India in January, 2020 and the judgment is awaited. If the Supreme Court agrees with the arguments of the petitioners, then cryptocurrency exchanges would be able to restart operations in India; as a result the cryptocurrency ecosystem in India may be revived and cryptocurrencies may become a viable investment alternative again.

For more details visit https://cis-india.org/internet-governance/blog/cryptocurrency-regulation-in-india-2013-a-brief-history

Crypto Night

praskrishna — 2013-08-06T06:04:05Z

Challenging government snooping at an all-night cryptography party.

This article by Rahul M was published in the Caravan on August 1, 2013. Pranesh Prakash and Bernadette Langle are quoted.

Satyakam Goswami sat in a conference hall in the Institute of Informatics & Communication in Delhi University's South Campus, furiously typing code into his laptop. He typed the string “/var/log/tor#”, into a Linux terminal, then turned to me and said, “I am one step away, man.” It was around midnight on a muggy July Saturday, and Goswami had been here for six hours. He resumed typing—and cursing under his breath in Telugu as he realised that the online instructions he was following weren’t helping.

Around him, the room bustled with the activity of around 25 other people, all participants at a Cryptoparty, a cryptography event at which programmers and non-programmers meet to share information and expertise on tools that can help thwart government spying.

Goswami was one of the organisers of the event, which was led by Bernadette Längle, a German ‘hacktivist’ who is a member of the Chaos Computer Club (CCC), Europe’s largest association of hackers. Längle was one of the organisers of the CCC’s Chaos Communication Congress in 2012, an international hackers’ meet held in Hamburg that year. While processing participant applications for the Congress, she came across a group that wanted to organise what they called a “Cryptoparty” at the meet. “I thought Cryptoparty would be a bunch of guys coming together, learning crypto and having a party,” she told me. Only at the event did she realise that Cryptoparties are rather more political affairs, at which participants experiment with ways of combating governmental intrusions into privacy and freedom.

After she graduated, Längle decided she wanted to travel. “I hadn’t been to America or Asia, and I don’t think I want to enter America,” she said. “I thought India might be a good point to start.” While she was exploring her options, she met Goswami online. “I first met Bernadette on an IRC channel, ‘hasgeek’, where she expressed her interest to come to India,” Goswami said. “I suggested that she write a proposal to CIS [the Centre for Internet and Society, in Bangalore].” Längle applied, and was accepted to work with the organisation for six months.

When Längle was teaching a one-week course on email cryptography at a CIS event, a participant suggested to her that she organise a Cryptoparty in the city. “I thought I was travelling anyway, and I can make a Cryptoparty everywhere I go,” Längle said. This led to the Bangalore Cryptoparty on 30 June, followed by the Delhi edition on 6 July. Längle then held a Cryptoparty in Dharamsala in the second week of July, and plans to hold another in Mumbai in October. At each of these, she gave tutorials on specific aspects of cryptography, such as the Pretty Good Privacy (PGP) encryption and decryption program, which Edward Snowden used to communicate with The Guardian’s Glenn Greenwald during their now-famous collaboration. Participants would then experiment with these tools, sending emails and messages to each other using secure channels. The Delhi edition, which saw around 70 participants, continued late into the night, with the last exhausted stragglers shutting off their gadgets and heading home at 4 am.

I met Längle again the day after the Delhi event; with her was Pranesh Prakash, policy director at CIS, who is a commentator on issues related to surveillance and privacy. Both agreed that the Indian government’s Central Monitoring System programme, as well as Edward Snowden’s recent leaks, had resulted in a greater interest in cryptography in the country in recent months. “Without the PRISM stuff, there wouldn’t have been so many people attending,” Längle said. “People are concerned about that.” Prakash believes that the NSA leaks have served as a loud wake-up call about a longstanding state of affairs. “It’s this I-told-you-so moment for lots of people right now,” he said. “This isn’t the first time there have been revelations about the NSA spying beyond their authority. These revelations have been happening at least since 2006.”

For more details visit https://cis-india.org/news/caravan-magazine-august-1-2013-rahul-m-crypto-night

Cry, you nasty trolls

praskrishna — 2015-05-09T15:05:23Z

Micro-blogging site Twitter has introduced a tool that identifies abusive tweets and hides them from their targets. Will it stem the tide of viciousness online, asks Prasun Chaudhuri.

The article by Prasun Chaudhuri was published in the Telegraph on April 26, 2015. Rohini was quoted.

When India's star batsman Virat Kohli failed to perform at the India vs Australia semi-final match at the World Cup, a section of Indian fans started venting their fury on his girlfriend Anushka Sharma on Twitter. The actress, who had flown to Sydney to watch the match, was blamed for India's loss and her Twitter account was flooded with abusive posts. One Atul Khatri tweeted: Hey Anushka, can you please distract the Aussie fielders on the boundary by showing them your lip job? Plleeeaasee. One anonymous tweet requested the "public to boycott Anushka Sharma's films (sic)" while another by Bollywood producer Kamal R. Khan incited his followers to "stone Anushka's house".

The star couple are not alone. Media persons, scholars and celebrities - especially if they are women - often face such vicious attacks on Twitter. Ask Chinmayi Sripada, the Chennai-based singer, or Sagarika Ghose, a prime time TV anchor, or scholar and columnist Ramachandra Guha who have endured worse forms of assaults - ranging from threats of gang rape, torture and murder. Many Twitter users across the world have gone silent and even deactivated their Twitter accounts after being harassed on the platform.

With more and more people around the world facing such vitriolic attacks, Twitter - the San Francisco-based online social networking service - recently decided to protect its users from abusive tweets. It switched on an anti-abuse tool that automatically identifies abusive tweets and hides them from their intended target. According to Twitter, the tool will search for patterns of misuse and identify repeat offenders so as to enable the social media platform to impose account suspension on them. "Users must feel safe on Twitter in order to fully express themselves and we need to ensure that voices are not silenced because people are afraid to speak up," wrote Shreyas Doshi, director of product management at Twitter, in a blog post.

Dick Costolo, Twitter's CEO, admitted two months ago at an internal forum that his company "sucked" at dealing with bullies and abusers. He said he would "start kicking these [abusive] people off... and making sure that when they issue their ridiculous attacks, nobody hears them."

Hemanshu Nigam, former chief security officer of social media platform MySpace and software giant Microsoft in the US, hails Twitter's new move. "The new tools are meant to honour human dignity and safety. Now that online and offline persona of many social media users have converged, it's become essential for tech companies to take steps to protect people from assaults in the cyber world." Nigam, a founder of SSP Blue, a leading online security firm, had sifted through thousands of offensive comments and abusive images during his earlier avatar in social media companies. "People with such evil intentions are minuscule but their twisted expressions can have a profound impact not only on the victims but thousands of impressionable minds of young users," he says.

Abuse on social media platforms can be extremely brutal and traumatising. According to Debarati Halder, a lawyer and cyber victim counsellor based in Tirunelveli, Tamil Nadu, a large proportion of these attacks - especially those where explicit pictures and videos of sexual acts are sent - are perpetrated on women by their former boyfriends or husbands to seek revenge on their ex-partners.

She feels that social media giants have failed to protect their users and that these so-called "new tools" and automated systems fail to screen most cases of abuse. "They (social media platforms) also don't react to reports of abusive behaviour unless they are lodged by celebrities or other influential people," she adds.

While announcing the new policy, Twitter's general counsel Vijaya Gadde wrote in The Washington Post, "At times, this (tweet) takes the form of hateful speech directed at women or minority groups; at others, it takes the form of threats aimed to intimidate those who take a stand on issues. These users often hide behind the veil of anonymity on Twitter and create multiple accounts expressly for the purpose of intimidating and silencing people." She also wrote how technicians at Twitter are going to erect a "better framework to protect vulnerable users, such as banning the posting of non-consensual intimate images."

Rohini Lakshane, programme officer at the Bangalore-based Centre for Internet and Society, says that Twitter had simplified and enhanced its system of reporting abuse in December last year. "Measures such as muting and blocking users and manual review of reports were already in place. The changes included mechanisms for Twitter's review teams to expedite responses from dire forms of abuse," she says.

Evidently, these measures have not been too effective. Says Lakshane, "Women are still disproportionately targeted on Twitter and several users simply choose to leave rather than face the strain of dealing with abuse, rape and death threats, and insults."

Singer Sripada, however, is one of those few Twitter users who stood up against her abusers. When she tweeted in support of Tamil fishermen who were attacked by the Sri Lankan Navy, she was flooded with abusive tweets that were tantamount to sexual harassment. She says, "I took on the abusers - one of them a professor at a top fashion institute. I filed a case under Section 66A of the IT Act (which is now defunct) and they were jailed for two weeks. That was when I saw the worst face of online abuse."

Advocate Halder rues the recent scrapping of Section 66A of the IT Act to protect freedom of speech. "The act could have have been modified to protect victims of abuse." She believes the new Twitter policy to check abuse may not be able to check the spread of the meta data of a post as it is replicated across thousands of sites.

"If the visuals or texts depict explicit sex, these spread like wildfire in voyeuristic websites, mirror sites and caches before any law enforcer anywhere in the world can react," says Siddhartha Chakraborty, a cyber expert based in Calcutta. A single tweet, a Facebook comment or a YouTube video "gone viral" often causes significant damage to an individual or a company before they can even report the abuse, says Rajiv Pratap, a data analyst based in Calcutta and California.

The problem also lies with over 20 million robot users - or automated accounts, not actively operated by humans but remotely controlled by groups of anonymous people - who are difficult to track. "These bots generate a lot of spam and even abusive comments," says Harsh Ajmera, a social media expert based in New Delhi. "Twitter is not striking at all the nasty content, but putting various checks like limiting the reach, asking you to get rid of those tweets which can protect genuine users."

On the other hand, stresses Lakshane, using parameters such as the number of flags (reports of abuse) a tweet receives can have implications for free speech - an unpopular but non-abusive view could also be targeted. Moreover, it's essential for reviewers to understand cultural and linguistic connotations to be able to effectively address abuse.

Still, Nigam is hopeful. He says, "Social media companies are going through a learning curve. As they evolve they will learn how to rein in abusers."

Twitter's 288 million users worldwide are waiting for that to happen.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-april-26-2015-prasun-chaudhuri-cry-you-nasty-trolls

Crowdsourced innovation for government projects and services is easier said than done

praskrishna — 2017-02-07T15:36:38Z

Late January. The buzz was palpable at the MLR Convention Centre in South Bengaluru. Developers were streaming into 50p, a conference organised by HasGeek, which has curated technology forums since 2011. But this wasn't just one of the six HasGeek communions that the programmers attend annually. 50p put the spotlight on digital payments, which meant the gathering would be more diverse than anything before.

The article by Kunal Talgeri was published in the Times of India on February 3, 2017. Sunil Abraham was quoted.

Of the 250-plus attendees in two days, only 40% were developers. There were around 10 lawyers, an activist here, a social-impact investor there, product managers, and a 20-strong team from online payment systems company PayPal. There were managers from traditional banks too. "We realised early on that one thing the developer community really needs to know is how various payment-systems work, like who makes what percentage (in the value chain)?," said Zainab Bawa, cofounder of HasGeek. "It is a big mystery to them."

Kiran Jonnalagadda, co-founder of HasGeek and Bawa's husband, concurred: "A payment conference cannot primarily be centred on technology. Regulations make a bulk of the difference." So the interdisciplinary forum traversed areas as diverse as customer data and privacy, payment-systems unique to India, regulations, and the Watal Committee report apart from technology.

HasGeek got folks from the payments industry to converse with developers. At the outset, Bawa spelt out to the audience something about technology's role in society. "While we (coders) are here to bridge gaps, we also need to understand that technology is not necessarily the solution. Developers must have their ears to the ground." She had touched upon the divide between the coder community and the government.

Globally, governments are only just beginning to be exposed to the geeks. "The broader theme of digitisation and opening up of APIs (application programming interface) is happening across the world," said Sanjay Swamy, managing partner at Prime Venture Partners, and an Aadhaar volunteer with the Unique Identity Authority of India (UIDAI) until early 2011. APIs empower developers to build applications that access the features or data of an operating system or service. This requires developers to come together with, in this case, the government.

The digital dream has never showed more promise in India—the chance for a few developers to build a platform that can digitise government services for millions of users. "The government wants to use hackathons for digital disruption—leverage hackers to build solutions for them," says Subhendu Panigrahi, co-founder of Venturesity that helps companies find developers.

This is easier said than done. But how did India even get to this point?

CODE NAME: GENESIS
On 10 June 2016, the Indian Software Product Industry Round Table (iSPIRT) think-tank released a paper that took note of the country moving from "data poor to data rich."

This was a few weeks after the UIDAI platform Aadhaar crossed 1 billion enrolments. "The Aadhaar system can authenticate 100 million transactions per day in real time," iSPIRT stated. The paper also pointed to three national platforms - essentially services that would in time digitise government services on a national scale.

These were the Goods and Services Tax (GST) Network, the Bharat Bill Payment System which would cover utility services (electricity, water, gas, and so on), and the electronic toll collection system.

All three platforms come under the National Payments Corporation of India (NPCI), an umbrella organisation for retail payment systems in India. iSPIRT had helped NPCI organise a hackathon in Mumbai in February 2016 to build prototypes for harnessing the Unified Payment Interface (UPI) platform's application programming interface to digitise bank transfers in real time. Similarly, steps were being taken to open up APIs to large companies for the other NPCI platforms.

On its part, iSPIRT was drawing the attention of a breed of software developers to the national-scale opportunities ahead. It unequivocally stated: "Data flows benefit public services and governments." But even as India moves to being data rich, the outreach to developers - estimated to be more than 5 million in India - could be futile for two reasons.

First, government departments and traditional systems of, say, nationalised banks have a technology procurement culture that is at odds with how developers build digital solutions. While government is the largest technology procurer, procurement contracts typically have clauses that encourage lowest (cost) bidders, which rarely spawns innovation.

"Government needs to adopt and evangelise pro-challenger tools and policies that reduce barriers to experimentation, level-playing field and encourage innovating around national issues," wrote Swati T Satpathy for iSPIRT in a November 2015 paper titled 'Igniting Hundreds of Experiments'.

Second, independent developers still have to come out in larger numbers for the best solutions to shine. Sachin Gupta, CEO of HackerEarth, another developer platform, agrees: "Governments may still go ahead and give projects to a TCS and Wipro, but they want to crowdsource the innovation, prototype and the whole concept. They want to build an active relationship with the tech community."

These can be government bodies at the state level, too, like the Department of Urban Land Transport in Karnataka, for whom Venturesity helped with a 'transit hack' to solve traffic in Bangalore with submissions like how to enable carpooling or track public transport.

"The government is really interested in the final product or an app they can use," Panigrahi said. For this, governments are willing to distribute their APIs to eventually own the app. "Developers participate in such hackathons to make it part of their portfolios or resumes, or because they love building products, or for the prize-money."

This is crowd sourced innovation. Yet, culturally, it is hard for developers and governments' interests to be aligned.

INSIDE THE DICHOTOMY
The API-driven approach is based on a philosophy in the United States that dates back to the 1960s. It a culture of giving powerful building blocks, as opposed to just building an actual solution, said Jonnalagadda. A 'solution' evolves into a platform if it can serve as 'building blocks' for the next set of developers to build on.

"A good product is also one on top of which something more can be built. That has been the principle on which the developer community has thrived," he said. This approach works well in technology. "It means you are slow, but also that you are a lot more mature and innovative."

The government has got this aspect right, by opening up secure APIs to nationalscale projects and systems. But while they have provided such building blocks, they have already decided the path to meet goals like financial inclusion. Mobile apps like BHIM (Bharat Interface for Money) are becoming the default mode of reaching the masses. Many observers agree with the smartphone as a medium for India, but developers feel web browsers are more secure than apps.

Jonnalagadda cites a 50p session, 'Everyone can see your credit card details. Seriously,' where the speaker Arnav Gupta described the flow of the web as independent websites that can't actually communicate with each other. As against this, every function of a mobile app is a subset of the parent app. "So whatever password you type for one 'function' can be visible to the parent, which never happens on the web," Jonnalagadda said. "If security is defined by the fact that it is tested against being broken, a mobile app is trusted on the basis of goodwill. For developers, this is a shitty way to do technology. It bothers the heck out of him when a security model assumes goodwill because government wants an app."

Also, solutions need a decentralised approach from governing bodies like local municipalities. Independent budgets and decision-making can lead to stronger links between government and local service providers. There are exceptions to this, like Singapore, a city nation. But in larger developed countries like the United States, local government bodies are stronger than in India. "Here, we are getting even more centralised over time," Jonnalagadda said. It makes the government look like a monolith in the eyes of developers. How can the two be compatible? "We haven't found a solution yet."

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-february-3-2017-kunal-talegri-crowdsourced-innovation-for-government-projects-and-services-is-easier-said-than-done

Cross-Border Data Sharing and India: A study in Processes, Content and Capacity

Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu — 2018-09-29T00:37:39Z

A majority of criminal investigations in the modern era necessitate law enforcement access to electronic evidence stored extra-territorially. The conventional methods of compelling the presentation of evidence available for investigative agencies often fail when the evidence is not present within the territorial boundaries of the state.

The crux of the issue lies in the age old international law tenet of territorial sovereignty.Investigating crimes is a sovereign act and it cannot be exercised in the territory of another country without that country’s consent or through a permissive principle of extra-territorial jurisdiction. Certain countries have explicit statutory provisions which disallow companies incorporated in their territory from disclosing data to foreign jurisdictions. The United States of America, which houses most of the leading technological firms like Google, Apple, Microsoft, Facebook, and Whatsapp, has this requirement.

This necessitates a consent based international model for cross border data sharing as a completely ad-hoc system of requests for each investigation would be ineffective. Towards this, Mutual Legal Assistance Treaties (MLATs) are the most widely used method for cross border data sharing, with letters rogatory, emergency requests and informal requests being other methods available to most investigators. While recent gambits towards ring-fencing the data within Indian shores might alter the contours of the debate, a sustainable long-term strategy requires a coherent negotiation strategy that enables co-operation with a range of international partners.

This negotiation strategy needs to be underscored by domestic safeguards that ensure human rights guarantees in compliance with international standards, robust identification and augmentation of capacity and clear articulation of how India’s strategy lines up with the existing tenets of International law. This report studies the workings of the Mutual Legal Assistance Treaty (MLAT) between the USA and India and identifies hurdles in its existing form, culls out suggestions for improvement and explores how recent legislative developments, such as the CLOUD Act might alter the landscape.

The path forward lies in undertaking process based reforms within India with an eye on leveraging these developments to articulate a strategically beneficial when negotiating with external partners.As the nature of policing changes to a model that increasingly relies on electronic evidence, India needs to ensure that it’s technical strides made in accessing this evidence is not held back by the lack of an enabling policy environment. While the data localisation provisions introduced in the draft Personal Data Protection Bill may alter the landscape once it becomes law, this paper retains its relevance in terms of guiding the processes, content and capacity to adequately manoeuvre the present conflict of laws situation and accessing data not belonging to Indians that may be needed for criminal investigations.As a disclaimer,the report and graphics contained within it have been drafted using publicly available information and may not reflect real world practices.

Click here to download the report With research assistance from Sarath Mathew and Navya Alam and visualisation by Saumyaa Naidu

For more details visit https://cis-india.org/internet-governance/blog/cross-border-data-sharing-and-india-a-study-in-processes-content-and-capacity

Cross Border Sharing of Data: Challenges and Solutions

Admin — 2017-11-20T15:20:18Z

Centre for Internet & Society (CIS) has been following the debates around MLAT process taking place globally and researching potential areas of tension in the tools that India uses to access data across borders. As part of this research, CIS is hosting a workshop on cross border sharing of data on December 8, 2017 at India Islamic Centre from 10.30 a.m. to 5.00 p.m.

For more details visit https://cis-india.org/internet-governance/events/cross-border-sharing-of-data-challenges-and-solutions