We are anonymous, we are legion

Securing The Digital Payments Ecosystem

Admin — 2017-11-28T15:27:20Z

Udbhav Tiwari attended a consultation organized by NITI Aayog and Observer Research Foundation on October 9, 2017 in NITI Aayog office in New Delhi.

Since demonetisation, the Indian government has taken several steps to enable digital payments adoption across the country. With initiatives like the Digidhan Mission, setting a target of 25 billion digital transactions in 2017-18, the Modi government is setting high benchmarks which necessitate appropriate ecosystem support. Indeed, the Digidhan Mission’s ‘Objectives and Functions’, recognise that securing India’s digital payments landscape is critical.

In light of the exponential rise in e-commerce and digital payments, this imperative could not have come any sooner. India's digital transformation has not only highlighted the need for increased financial inclusion but also the emergent cyber security threats that it brings with it. This transformation, however, also represents an opportunity - not only to modernize India's laws and regulations to respond to global changes but also influence these changes and set a trajectory of growth for other emerging markets.

Keeping in mind these realities, NITI Aayog, in association with ORF, is preparing a cyber-security White Paper that will highlight best practices for the Integrity of Payments Systems and help enhance trust of the users in the payments ecosystem. The White Paper, through consultations with relevant stakeholders, will provide policy inputs to modernise standards for transaction security, hardware security and information security.

In this context a meeting was convened constituting experts and practitioners, who can help develop a comprehensive strategy to secure the digital payments ecosystem. The discussion was chaired by Dr. VK Saraswat, Hon’ble Member, NITI Aayog.

For more details visit https://cis-india.org/internet-governance/news/securing-the-digital-payments-ecosystem

Sex, drugs and the dark web

Admin — 2018-01-02T16:13:14Z

Blend anonymity and bitcoins for a ‘guaranteed safe’ cocktail of terrifying potential.

The article was published in the Hindu on October 7, 2017.

It’s hardly a secret that marijuana’s quite easy to get nowadays. Cigarette shop owners, paanwaalas, and otherwise innocuous dealers of innocuous goods hide their stash just out of sight of the unaware. Rustom Juneja is just another marijuana-smoking adult in one of India’s biggest cities. He used to get his ‘stuff’ from local dealers. Till he “got bored of Indian produce,” as he says. So, in 2015, he decided to go to the dark web.

“I brought strains of marijuana from the U.S. and Canada, from a marketplace on the dark web,” Juneja says. The packages were shipped from their respective countries, they traversed borders, bypassed stringent security and checks, crossed continents, and landed at Juneja’s doorstep.

That is the dark web for you. Completely unpoliced, willing users can find anything, from the aforementioned marijuana, to “hard” drugs, to military grade-weaponry and even sex workers. All delivered to your doorstep just like books or designer watches from Amazon, Flipkart, or Snapdeal. And yes, some even offer cash-on-delivery. Returns might not be as simple, though.

Earlier this year, a group of students were arrested in Hyderabad on charges of purchasing LSD (also called ‘acid’) on the dark web. But they weren’t arrested because they had made the transaction on the dark web; they were arrested because the purchase and/ or use of LSD is illegal under Indian law (Narcotic Drugs and Psychotropic Substances Act, 1985).

In India, transactions on the dark web belong to a legal grey area. More importantly, the transactions here are mostly untraceable.

So, just what is the dark web?

Shadow world

The world wide web is a Brobdingnagian mass of data, parts of which are ‘indexed’ so that they may be found by users through search engines (Google, Bing, etc). The parts of the web that aren’t indexed, and therefore available for public access, are known as the ‘deep web’. This was the part initially known as the dark web, with the ‘dark’ being more an allusion to being kept away from the light of regular access than its now more nefarious association. While it’s near impossible to put a number to it, unofficial estimates mostly concur that the vast majority of the web is unindexed.

Then, in the early 2000s, programmers began developing techniques that would be able to offer anonymous access to these hidden bits of the web. In 2002, the U.S. Naval Laboratory released one of the earliest versions of The Onion Router (TOR), a software that would allow anonymous communication between American intelligence agents and operatives on foreign soil.

This didn’t go quite according to plan, though. Tor was soon appropriated by cyberpunks, who began using the protocol to give access to websites that would host, share, and trade illicit goods. Today, the dark web is a sub-section of the deep web, accessed using specialised software like Tor that ensures absolute anonymity.

The onion protocol

“If you want to track anything on the Internet, it can happen at three levels — the level of the person who sends a request, at the level of the person responding to this request, or it can happen in between these two ends,” says Udbhav Tiwari, Policy Officer at the Centre for Internet and Society.

“Because of this structure, it is easy to track actions and resources across the Internet, using the same terminology that makes it so easy to index and search. So, people began thinking this might become a problem.”

Most of us have heard of the Hyper Text Transfer Protocol Secure or HTTPS, a protocol that ensures that information is encrypted and secure the moment it leaves a computer till the time it reaches a destination computer. But this protocol only protects one of the three levels on which information might be tracked. The dark web is built to ensure that the remaining levels are also protected and kept anonymous.

“The reason it’s called the ‘onion’ protocol is because there are bits of information that are encrypted over and over again. So, when something leaves one computer, it is encrypted with a layer, then it hits another computer and is encrypted with another layer, and it hits another computer, where it is encrypted yet again. When this information returns, each layer is peeled off, so that you get the information you requested, with none of the encryption,” Tiwari says.

This kind of encryption makes it borderline impossible to figure out who is communicating with who and what they are talking about, unless the physical machines at either end are compromised, or a vulnerability on these machines is exploited by setting up a fake website on the Internet — a technique the FBI uses to track child pornography.

And what does it all mean? A level of guaranteed secrecy with terrifying potential. A 2015 study found that light drugs were the most traded commodity on the dark web, and that as much as 26% of its content could be classified as ‘child exploitation’.

A 2016 study found that almost 57% of live websites on the dark web hosted illicit material. The ease of access and the minimal chances of being caught has meant a steady rise in the use of the dark web and the murk it peddles.

It’s a market where both buyer and vendor are rated, like Uber. This establishes trust, and authenticates the veracity of a potential transaction. Thus, for instance, buyers are obviously more inclined to buy an assault rifle from a highly-rated seller. And you will be sold grenades only if your ratings assure the vendor you’ll fulfil your end of the transaction.

Once a transaction is finalised, the payment is held ‘in escrow’ — a third party arbitration system which ensures the buyer is paid only after they have met their end of the bargain. The third parties also arbitrate in the event of a dispute.

As easy as pie

Juneja bought marijuana three times, all from the same vendor, but only two shipments reached him. The third time, the parcel never landed, but the arbiters decided in favour of the vendor because he had a much better rating and Juneja lost his money.

With no proper method to find out whether the vendor has shipped a product or the buyer has received it, this adjudication is seen as the best stop-gap arrangement. For Juneja, as for many others, the loss was a deal breaker, and he didn’t go back to the dark web.

When the first two shipments did arrive though, they came with absolute swagger and nonchalance. “The product was sealed and flattened out, as if it were a magazine or postcard.” It does say something of international security that it can’t differentiate between a shipment of The New Yorker and marijuana.

Dark web transactions were initially carried out using legal state-issued currencies. However, the simplicity of tracking online transactions made with property monitored by the government led to the rise of cryptocurrencies — digital or virtual currency that uses cryptographic techniques for security and which would be beyond state control. Besides the need to go underground, there was a political angle.

“These people see money as a state incursion into private affairs,” says Jyotirmoy Bhattacharya, economics professor at Delhi’s Ambedkar University.

The first, and still most popular, cryptocurrency was released in 2009 — bitcoin. Created by an unknown person or group of people, going only by the pseudonym Satashi Nakamoto, bitcoin was intended as a ‘peer-to-peer electronic cash system’, which would be completely decentralised, with no central server or state authority. This meant that the value and proliferation of bitcoin would be determined by its creators and users.

The idea of a virtual currency has been around since before Nakamoto, but a large problem was in limiting creation and supply. Bitcoin was the first to solve this problem. “Bitcoin uses a technique known as the ‘proof-of-work’ (POW). So, to create a new set of this currency, you have to spend some amount of computational resources. This limits how much currency you can generate, thus ensuring that the currency has a value,” says Bhattacharya.

What is bitcoin?

“A bitcoin is simply a solution to a puzzle. If there are a set of puzzles that are a part of the bitcoin protocol, one bitcoin is simply one of the solved puzzles of that set, along with a digital signature of who solved the puzzle,” says Bhattacharya. A public ledger tracks the ownership of bitcoins, which ensures that the same one is not used again by the same person.

“Since there is no central authority, your transaction has to match the globally agreed ledger.” To ensure that ownership of bitcoin is legitimate, every transaction is published in the ledger, thus creating a ‘chain of transactions’ known as a blockchain.

Over the past few years, the value of bitcoin has skyrocketed, so much so that people have begun investing in it, as an asset. When bitcoin was first used as tender in early 2010, it was valued at around $0.003. For a brief while in August, one bitcoin was valued at $4,500, a record high.

In the everyday world of eggs and bread, though, bitcoin has limited use. It is still unrecognised by several nations, and deemed illegal in many others. It’s in the dark web that it finds its most votaries. While it would be flippant to suggest that bitcoin is used on the dark web solely for illicit uses, it is difficult to deny its origins for that purpose, and its continuing use there.

Bedavyasa Mohanty, an Associate Fellow at Observer Research Foundation Cyber Initiative, says that there are Indian users transacting on the dark web using bitcoin and claims that this number is only likely to increase as accessibility increases. “Bitcoin cannot be tracked,” says Mohanty. “With the ledger and the blockchain, you can trace the trail of a certain bitcoin, but it is anonymised. You can’t point out who owns that bitcoin.”

This, in effect, means an entirely anonymous transaction may be made on the dark web for any number of illegal goods or services using a currency that leaves a trail which goes nowhere and leaves no fingerprints. This, in a nutshell, is the danger when bitcoin combines with the dark web.

Several users I spoke to either claimed that fears about the dark web were mostly unfounded, or that the freedom it offered was an essential facet of the Internet. But it can’t be denied that the sheer possibility that somebody can deal in child porn or hard drugs or deadly weapons right under the nose of the law is a terrifying one.

From the perspective of Indian law enforcement, given the technical knowhow they have to track down owners and users of bitcoins, the chances of discovery are minimal, says Mohanty. The currency uses a system of public and private ‘keys’, ensuring that an intercepted bitcoin transmission is useless without those keys. To top it, India does not have any clear laws to regulate cryptocurrencies.

“For India to regulate cryptocurrencies, it would need to legally recognise their existence,” says Mohanty. “And if you do recognise them, what do you treat them as? As a security? Or as a currency that can be traded openly, and so on. That’s part of the reason why the Reserve Bank hasn’t formally recognised cryptocurrencies.”

Flagging illegal trades

Bitcoin exchanges in India insist that they follow strict guidelines and e-KYC (Know Your Customer) rules, ensuring that the identity of every customer on the exchange is verified. “If somebody tries to use a bitcoin from Zebpay or any other recognised exchange, they will definitely be tracked down,” says Saurabh Agrawal, co-founder of Zebpay, one of India’s largest bitcoin exchanges.

“We use strong software; if any of our users use bitcoins for illegal purposes, we close their accounts. We’ve done this in the past and will do so in future as well.” He claims their software maintains a list of web addresses deemed ‘red alert’ sites, and the moment a bitcoin is sent to such a site, the transaction is flagged.

Others are less positive. “While we can track whether a transaction is made through illegal routes, to some extent it’s true that we cannot track all transactions in real time as this takes a large amount of data,” says Sathvik Vishwanath, CEO, Unocoin.

“But if someone is trying to buy or sell from illegal marketplaces, we have a mechanism where we can — and do — stop it.” Given that customers are KYC-verified, “they don’t try to indulge in malicious activities,” he says.

Pan to Rustom Juneja. Juneja made three transactions in 2015, using bitcoins purchased entirely legally from an exchange. “You have to create an account on any of the markets online, and transfer your bitcoins to that account,” Juneja informs me. His account too was KYC-verified, and they had all his details — PAN number, Aadhar, and so on. He had no clue then that the exchanges had tracking methods. “Look, if these actually worked, there’s no way we wouldn’t have been caught,” he says.

Part of the problem, of course, is that Indian law does not recognise the dark web as a separate entity from the ‘surface’ web; there are no special laws for it. Yet, even if laws were put in place, there are few ways in which states can monitor or block the use of the dark web owing to a host of technical and legal reasons.

“A sense of urgency [regarding the dark web], especially relating to the use of bitcoin for illicit activities, hasn’t been instilled in the government yet,” says Mohanty. “What they are worried about is terrorism, and the use of anonymous technologies and chatrooms for radicalisation, terror planning, or buying and selling weapons.”

Juneja is one of a few thousand active Indian users on the dark web. Nothing stops them from buying a strain of marijuana from Canada. But nothing stops them from buying a Kalashnikov either.

Sunny side up

The dark web isn’t necessarily only a marketplace for all of the world’s nefarious practices. The very anonymity and shrouds that the dark web offers can be used for general practices by users looking merely for privacy.

Aritra Ghosh, a Ph.D student of Computational Astrophysics at Yale University says, “(The dark web is) possibly the only way to do something in “secret” away from any kind of surveillance. Onion routing still hasn’t been broken. So, it can play a substantial role in movements against companies, governments and so on.”

And this is a quality that many frequenters of the dark web swear by. Even the ability to use anonymous messenger service with a near-complete guarantee of not being ‘watched’ drives a lot of people here.

Akarsh Pandit, 24, says unrestricted access to many resources including books and documents is an area of huge potential. “Another significant pro is the avoidance of national firewalls that exist in some countries. Moreover, you gain access to unindexed search results,” he says.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-saurya-sengupta-sex-drugs-and-the-dark-web

CyFy 2017

Admin — 2017-11-26T09:36:25Z

CyFy is a conference on internet governance and cyber security organised by the Observer Research Foundation (ORF) in New Delhi between 2 and 4 October 2017. Sunil Abraham was a speaker.

Sunil Abraham was a speaker on a panel titled "Security Through Identity?" on the 4 October 2017 and chaired an invite only session titled "Encryption: The End of Surveillance?" on the 3rd of October, 2017. Saikat Dutta and Udbhav Tiwari also participated in the encryption session. Saikat was a speaker in a session titled "Digital Vulnerabilities: Capacity Building for Tackling Cyber Crime" on 3 October 2017. Udbhav Tiwari chaired a session titled "Dangerous Disclosures: Cyber Security Incident Reporting" on 4 October 2017.

Conference agenda here

For more details visit https://cis-india.org/internet-governance/news/cy-fy-2017

Revisiting Per Se vs Rule of Reason in Light of the Intel Conditional Rebate Case

Shruthi Anand — 2017-10-04T13:45:51Z

Recent developments in the European Union (EU) regarding the antitrust case against Intel have brought back into focus two rules of competition law analysis- the per se rule and the rule of reason. In light of the decision by the Court of Justice of the European Union in the matter, this Note examines the application of the two rules to the case in detail. Additionally, it analyzes the statutory and judicial basis for the rules in the context of the EU and Indian competition law regimes, and concludes by identifying some areas in which these concepts would be relevant.

Click on the link below to read the full article:

Revisiting Per Se vs Rule of Reason in Light of the Intel Conditional Rebate Case

For more details visit https://cis-india.org/internet-governance/blog/revisiting-per-se-vs-rule-of-reason-in-light-of-the-intel-conditional-rebate-case

Attempted data breach of UIDAI, RBI, ISRO and Flipkart is worrisome

Admin — 2018-01-02T16:20:58Z

Perhaps, we got lucky this time, but the ongoing problem of massive cyber-security breaches wouldn't stop at one thwarted attempt to steal sensitive information from the biggest and most important databases.

This was published by DailyO on October 4, 2017.

An alarming report on a potential data breach impacting almost 6,000 Indian organisations — including the Unique Identification Authority of India (UIDAI) that hosts Aadhaar numbers, Reserve Bank of India, Bombay Stock Exchange and Flipkart — has surfaced and supposedly been contained.

A cyber security firm in Pune, Seqrite, had found in its Cyber Intelligence Labs that India's national internet registry, IRINN (Indian Registry for Internet Names and Numbers), which comes under NIXI (National Internet Exchange of India), was compromised, though the issue has reportedly been "addressed".

Sequite tracked an advertisement on the "dark net" — the digital underworld — offering access to servers and database dump of more than 6,000 Indian businesses and public assets, including the big ones such as UIDAI, RBI, BSE and Flipkart.

The report states that the "dealer could have had access to usernames, email ids, passwords, organisation name, invoices and billing documents, and few more important fields, and could have potentially shut down an entire organisation".

The UIDAI has denied the security breach of Aadhaar data in the IRINN attacks, in an expected move. "UIDAI reiterated that its existing security controls and protocols are robust and capable of countering any such attempts or malicious designs of data breach or hacking," said the report, which is basically a rebuttal from the powerful organisation at the heart of centralising all digital information of all Indians.

Though the aggrieved parties have been notified, and the NCIIPC (National Critical Information Infrastructure Protection Centre) is looking at the issue, what this means is that digital information is a minefield susceptible to all kinds of threats from criminals as well as foreign adversaries, along with being commercially exploited by major conglomerates.

Till August 2017 alone, around 37 incidents of ransomware attacks have been reported, including the notorious WannaCry attacks. But what makes the attacks very, very threatening is the government's insistence — illegal at that — to link Aadhaar with every service, and create a centralised nodal, superior network of all networks.

This "map of maps" has been rightly called out as a potential national security threat, as it makes a huge reservoir of data vulnerable to cyberthreats from mercenaries, the digital underworld and foreign adversaries.

A widely circulated report prepared by the Centre for Internet and Society (CIS) underlined the major flaws in the 2016 Aadhaar Act, that makes it vulnerable to several digital threats. Photo: Reuters

That the data dump in the digital black market provides access to entire servers for a meagre sum of Rs 42 lakh, as mentioned in the report, is a sign of how insecure our personal information could be on the servers of the biggest government organisations and commercial/online retail giants. This includes the likes of Flipkart, which store our passwords, emails, phone numbers and other important information linked to our bank details and more.

Whilst UIDAI was declared a "protected system" under Section 70 of the Information Technology Act, and a critical information infrastructure, in practice, there are way too many breaches and leaks of Aadhaar data to merit that tag.

Because the current (officially thwarted) attempt to hack into these nodal databases involved the data of hundreds of millions of Indians, the matter has been dealt with the required seriousness. However, as the report states, "among the companies whose emails they found were Tata Consultancy Services, Wipro, Indian Space Research Organisation, Mastercard/Visa, Spectranet, Hathway, IDBI Bank and EY".

This is a laundry list of the biggest and most significant organisations, with massive digital footprints, which are sitting on enormous databanks. Hacking into ISRO, for example, could pose a formidable risk to India's space programmes as well as jeopardise information safety of crucial space projects that are jointly conducted with friendly countries such as Russia, China and the US.

A widely circulated report prepared by the Centre for Internet and Society (CIS) on the Aadhaar Act and its non-compliance with data protection law in India underlined the major flaws in the 2016 Aadhaar Act, that makes it vulnerable to several digital threats.

Moreover, CIS also reported how government websites, especially "those run by National Social Assistance Programme under Ministry of Rural Development, National Rural Employment Guarantee Act (NREGA) run by Ministry of Rural Development, Daily Online Payment Reports under NREGA (Governemnt of Andhra Pradesh) and Chandranna Bima Scheme (also run by Government of Andhra Pradesh) combined were responsible for publicly exposing personal and Aadhaar details of over 13 crore citizens".

The government has been rather lackadaisical about the grave security threats posed by India's shaky digital infrastructure, saying it's robust when it's not: the UIDAI itself has been brushing the allegations of exclusion, data breach and leaking of data from various government and private operators' servers and there have been several documentations of the security threat as well as the human rights violations that the digital breaches pose for India's institutions and its citizens.

As noted welfare economist Jean Dreze says, "With Aadhaar immensely reinforcing the government's power to reward loyalty and marginalise dissenters, the embers of democracy are likely to be further smothered."

Even as India's jurisprudence held privacy and autonomy as supreme, Indians remain vulnerable to institutional failures and an abject lack of awareness on the gravity of digital destabilisation.

For more details visit https://cis-india.org/internet-governance/news/daily-o-october-4-2017-attempted-data-breach-of-uidai-rbi-isro-and-flipkart

Emerging Issues in the Internet of Things

Admin — 2017-10-03T01:53:25Z

Andrew Rens will give a talk about research that he is doing at the Internet Governance Lab on October 23, 2017 at the Centre for Internet & Society in Bengaluru.

It seems almost anything can be connected to the Internet: 3D printers, cars, traffic lights and even toasters. This proliferation of Internet enabled devices, the Internet of Things (IoT), raises a cloud of complex problems, of ownership and control, privacy and surveillance, ubiquity and network fragility. IoT doesn't just promise efficiency; cheap sensors and printers might put scientific research and customized manufacturing in the hands of millions more people. The governance of the IoT, exhibits the same super complexity as Internet governance generally; with multiple sites of governance and actors operating across legal borders. Legal regulation, standards and the architecture of technology determine how the IoT is configured and how it will be reconfigured in response to these problems. Where is the technology governance of the IoT currently taking shape? What forces will likely bear on the governance of the IoT? What role will permissionless innovation play, and what its limits? How will intellectual property laws complicate the IoT?"

The event, overall, is expected to be a thought provoking one for discussion on things related to IoT.

For more details visit https://cis-india.org/internet-governance/events/emerging-issues-in-the-internet-of-things

The Fundamental Right to Privacy: Part III SCOPE

amber — 2017-10-02T04:14:00Z

This is the third paper in a series on the recent judgment on the right to privacy by the nine judge constitution bench of the Supreme Court in a reference matter in Puttaswamy and others v. Union of India. The first two papers on the Sources and Structure of the constitutional right to privacy are available here, and here, respectively. While the previous papers dealt with the sources in the Constitution and the interpretive tools used by the bench to locate the right to privacy as a constitutional right, as well as the structure of the right with its various dimensions, this paper will look at the judgment for guidance on principles to determine what the scope of the right of privacy may be.

For more details visit https://cis-india.org/internet-governance/the200b-200bfundamental200b-200bright200b-200bto200b-200bprivacy-200b-200bpart200b-200biii-scope

September 2017 Newsletter

Admin — 2017-11-21T15:19:25Z

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS filed a request under the Right to Information Act in March 2016 as part of research for the paper: Patent Working Requirements and Complex Products: An Empirical Assessment of India's Form 27 Practice and Compliance (July 2017). Rohini Lakshané has captured the developments in a blog post. Last month’s judgment by the nine judge referral bench was an emphatic endorsement of the the constitutional right to privacy. Amber Sinha has dissected the various aspects of the right to privacy as put forth by the nine judge constitutional bench in the Puttaswamy matter. The papers on fundamental right to privacy can be accessed here. With offline as the theme of the third Internet Researchers' Conference (IRC18), CIS has invited teams of two or more members to submit sessions proposals by Sunday, October 22, 2017. The conference is expected to be held in Himachal Pradesh during February 22-24, 2018. The venue and dates will be confirmed soon. Anonymity-based internet apps like Sarahah may not be as vicious for those surrounded by the comfort of social status. If your experience of Sarahah has been positive, it might be good to reflect on your own cultural and social capital, wrote Nishant Shah in an article in the Indian Express, dated September 10, 2017.

CIS in the news:

Privacy is now a right in India. Here's what that means for the tech industry (Rishi Iyengar; CNN Tech; August 29, 2017).
Russian social network VKontakte temporarily blocked in India for Blue Whale threat (Kim Arora; The Times of India; September 12, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

RTI request to Indian Patents Office for Form 27 (Statement of Working of patents), March 2016 (Rohini Lakshané; September 9, 2017).
RTI request to Indian Patents Office for Form 27 (Statement of Working of patents), 2015 (Rohini Lakshané; September 9, 2017).

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Participation in Event

Praja - Enhancing Democracy Through Access to Open Data: What Are the Roles of Government and Civil Society? (Organized by Praja; September 8, 2017; New Delhi). Sumandro Chattapadhyay was a speaker.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Blog Entries

Rethinking National Privacy Principles: Evaluating Principles for India's Proposed Data Protection Law (Amber Sinha; September 11, 2017).
The Fundamental Right to Privacy: An Analysis (Amber Sinha; September 27, 2017).

►Big Data

Upcoming Event

Emerging Issues in the Internet of Things (CIS, Bangalore; October 23, 2017). Andrew Rens will give a talk on the research that he is doing at the Internet Governance Lab.

-----------------------------------

Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Revamp Telecom Sector & Revive The Economy (Shyam Ponappa; Business Standard; September 7, 2017).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Article

Digital native: What’s in a name? Privilege (Indian Express, September 10, 2017).

Announcement

Internet Researchers' Conference 2018 (IRC18): Offline - Call for Session (P.P. Sneha; September 20, 2017). Teams of two or more members to submit sessions proposals by Sunday, October 22, 2017.

Blog Entry

The Digital Humanities from Father Busa to Edward Snowden (P.P. Sneha; September 4, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/september-2017-newsletter

The Fundamental Right to Privacy: An Analysis

amber — 2017-10-04T11:19:46Z

Last month’s judgment by the nine judge referral bench was an emphatic endorsement of the the constitutional right to privacy. In the course of a 547 page judgment, the bench affirmed the fundamental nature of the right to privacy reading it into the values of dignity and liberty. In the course of a few short papers, we will dissect the various aspects of the right to privacy as put forth by the nine judge constitutional bench in the Puttaswamy matter. The papers will focus on the sources, structure, scope, breadth, and future of privacy. Here are the first three papers, authored by Amber Sinha and edited by Elonnai Hickok.

The Fundamental Right to Privacy - Part I: Sources

Much of the debate and discussion in the hearings before the constitutional bench was regarding where in the Constitution a right to privacy may be located. In this paper, we analyse the different provisions and tools of interpretations use by the bench to read a right to privacy in Part III of the Constitution.

Download: PDF

The Fundamental Right to Privacy - Part II: Structure

In the previous paper, we delved into the sources in the Constitution and the interpretive tools used to locate the right to privacy as a constitutional right. This paper follows it up with an analysis of the structure of the right to privacy as articulated by the bench. We will look at the various facets of privacy which form a part of the fundamental right, the basis for such dimensions and what their implications may be.

Download: PDF

The Fundamental Right to Privacy - Part III: Scope

While the previous papers dealt with the sources in the Constitution and the interpretive tools used by the bench to locate the right to privacy as a constitutional right, as well as the structure of the right with its various dimensions, this paper will look at the judgment for guidance on principles to determine what the scope of the right of privacy may be.

Download: PDF

For more details visit https://cis-india.org/internet-governance/blog/the-fundamental-right-to-privacy-an-analysis

Should you worry about identity theft?

Admin — 2017-11-26T11:24:56Z

Laws in India regarding data protection may be weak, but following basic cyber hygiene rules can make your own defences stronger.

The article by Shaikh Zoaib Saleem was published in Livemint on September 20, 2017. Pranesh Prakash quoted.

Earlier this month, US-based credit information company Equifax Inc. said its systems had been struck by a cybersecurity incident that may have affected about 143 million US consumers. A report by Bloomberg said the incident could be ranked among one of the largest data breaches in history. The intruders accessed names, social security numbers, birth dates, addresses, driver’s licence numbers and also credit card numbers, Equifax said in a statement.

While this reiterates what cyber security professionals say, that nothing is hack proof, it does remind us of the range of cyber crimes, which revolve around identity theft and frauds. It gives us a chance to reflect upon how well prepared we are, if a cyber attack strikes us, or if our personally identifiable data gets leaked.

According to the Norton Cyber Security Insights Report 2016, 49% of India’s online population, or more than 115 million Indians, are affected by cybercrime at some point with the country ranking second in terms of highest number of victims. “No government or organisation creates something that is designed to fail deliberately. People find the gaps in that system and then try to misuse it,” said Ritesh Chopra, country manager, consumer business unit, Symantec India, a cyber security company.

While it can be debated as to who should take the blame in different instances, one underlying theme is following basic cyber hygiene. “There are several mobile apps that leak data. While downloading and installing an app, you may give out access to several other things in your device,” said Chopra.

Most cyber crimes involve leak or breach of public information, which leads to identity fraud. Let’s take a look at what an identity fraud could mean.

Identity theft and frauds

Everything that we do online is linked to a digital identity—an email ID, a phone number or even an IP address of a device. Harshil Doshi, strategy security consultant, Forcepoint India, a cyber security firm, said that as long as the leaked information is limited to names, email addresses, addresses and mobile numbers, there may not be a reason for worrying. “There needs to be a distinction between what information is publicly available and what can be used only privately. People also talk about Aadhaar leaks. As long as it is not my fingerprint and retina scan, there is no cause of concern, because information like name and address are anyway public,” he said.

However, not everyone agrees with this point of view. Pranesh Prakash, policy director at advocacy group Centre for Internet and Society, said email addresses, date of birth and mobile phone number of an individual are not necessarily public information. “Work-related email addresses may be publicly available online but personal ones are not,” he said. Prakash, however, added that our notion of public information keeps changing.

Identity fraud impact

The concept of identity theft has become complicated as our digital lives expand. “Everything about you as an individual is your identity, including something personal like blood group and medical history. Your social media profile, bank transactions, blogs or online comments are also a part of this. From a fraud perspective, it is equally complex,” said Chopra.

Your identity can be impersonated in several ways. “The most common methods of identity fraud all require collecting publicly-available information about you,” said Prakash. For example, celebrity leaks in the US (cloud storage was hacked) happened also because there is more information about celebrities publicly available than for an average individual, he said.

Another example could be misuse of information regarding foreign exchange. “In India, there is a limit of buying foreign exchange worth $30,000 for an individual in a year. If information on how many times you exhaust that limit falls in the wrong hands, it can be used for money laundering in your name. How many people think about how PAN and passport copy that one shares to buy foreign exchange, can be misused?” said Chopra.

Further, health insurance can be fudged and somebody can use the benefit under your name or buy restricted medicines misusing your medical prescription.

What the law says

There are provisions in the Indian Penal Code that deal with issues like cheating by impersonation to some extent. “There isn’t anything that adequately covers activities such as getting access to your personal data, which leads to identity fraud, or sufficiently penalizes things like data breaches or data leaks that facilitate identity fraud,” said Prakash.

The government is working towards data protection laws. A committee for data protection framework has been constituted under Justice B.N. Srikrishna, former judge of Supreme Court.

But it needs to be seen what comes out of these deliberations. “I am quite apprehensive, yet hopeful, about what the committee will produce, especially because they will need to deal with protection of biometric data, leaks of which will be far worse than any other leaks because biometrics is something that cannot be changed at will subsequent to a leak, unlike one’s phone number, email address or password,” said Prakash.

According to cyber security professionals, prevention seems the only way out. “We have forgotten the difference between the real and virtual worlds. In the real world, if somebody knocks at your door, you will check before opening the door ,” said Chopra. The problem for individuals starts when we click on a malicious link or download a file like a song or an image which could have a malware loaded on it. Once it enters our system, it immediately starts stealing information.

While the law may take some time to evolve and address the issues arising out of larger data breaches from corporate entities or even from the government, it is important to be vigilant, which includes having complex passwords, not sharing passwords, being aware of suspicious emails and messages and downloading files and software only from reputed sources. While this alone may not guarantee you protection online, it certainly minimises the risk.

For more details visit https://cis-india.org/internet-governance/news/livemint-shaikh-zoaib-saleem-september-20-2017-should-you-worry-about-identity-theft

Point of View wins Laadli Media Award: “An encouragement to keep fighting for gender equality”

Admin — 2017-09-14T12:10:21Z

The first season of Deep Dives - Sexing the Interwebs won the South Asian Laadli Media Award for Gender Sensitivity 2017 in the “Best web series" /"Special edition” category. Rohini Lakshané was one of ten contributors to the series of long form essays on the intersection of gender, sexuality and the Internet.

Rohini's essay titled "The trouble with being a woman in FOSS" shines a light on women's experiences of facing sexism and abuse in the FOSS domain.

URL: https://deepdives.in/the-trouble-with-being-a-woman-in-foss-75181981bfdd

The series contributors, who Point of View congratulated as “the real stars of this award”, are:

Neha Mathews, for a piece on the lives of gamer girls in India
Nishita Jha, who reported behind the lens of women’s nudies
Nadika Nadja, for a personal essay on dating as a transwoman
Priya-Alika Elias, for a heartbreaking poem on young love and revenge porn
Sheena D’Lima, who explored what schoolgirls use social media for
P. Mani, for an essay on the joys of Literotica
Rohini Lakshane, who took a hard look at what it means to be a woman in FOSS
Afrah Shafiq, for an illustrated piece on lesbian women finding love online
Amba Salelkar, for a piece on asking Google sex questions
Shreya Ila Anasuya, for a report on India’s kinky social networks.

Read more about the award and the series on APC website

For more details visit https://cis-india.org/internet-governance/news/apc-june-14-2017-point-view-wins-laadli-media-award

Russian social network VKontakte temporarily blocked in India for Blue Whale threat

Admin — 2017-09-14T01:17:51Z

Russian social network Vkontakte, where the suicidal online "game" Blue Whale+ is believed to have originated, was blocked on certain internet service provider networks on Tuesday.

The article by Kim Arora was published in the Times of India on September 12, 2017.

Internet users accessing the website through ACTFibernet in Bengaluru and Chennai, as well as YouBroadband in Bengaluru reported that visiting the its URL vk.com resulted in a page bearing the message: "The URL has been blocked as per the instructions of the Competent Government Authority/in compliance to the orders of the Court of Law." A senior official in the union ministry of electronics and information technology (MeitY) confirmed the block.

"Vkontakte has been blocked temporarily. We understand that it has been used for Blue Whale+ in the past, and are trying to ascertain its current usage. Law enforcement agencies are investigating the suspected cases of Blue Whale suicides and the modus operandi. We have held meeting with internet companies. We are taking several multi-dimensional ways of containing the Blue Whale threat in India," says Dr Ajay Kumar, additional secretary at the MeitY.

While blocked on some networks, vk.com was accessible on several other mobile internet networks such as Idea, Airtel, Vodafone, Jio etc on Tuesday afternoon.

The Blue Whale challenge involves a "curator" or "administrator" guiding a participant through a set of tasks involving self-harm culminating in suicide. These interactions happen through various online channels, like messaging apps or social networks, and allegedly involve participants uploading pictures after completing tasks like inflicting cuts on their bodies. In the last two to three months, India has seen several cases of young persons and teenagers attempting or committing suicide allegedly as part of the Blue Whale challenge.

Rohini Lakshane, program officer at Bengaluru's Centre for Internet and Society points to the lack of hard evidence definitively connecting the suicides to the Blue Whale game in India, and also to hoax-debunking websites that have questioned the veracity of the game. "If the game is so clandestine, then URL-level blocking will not work. Suicide is a mental health issue. Since the affected group here is teenagers, it would make sense for parents and school counselors to educate the children about the evils that exist online," she says.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-kim-arora-russian-social-network-vkontakte-temporarily-blocked-in-india-for-blue-whale-threat

Rethinking National Privacy Principles: Evaluating Principles for India's Proposed Data Protection Law

amber — 2017-09-11T02:22:01Z

This report is intended to be the first part in a series of white papers that CIS will publish which seeks to contribute to the discussions around the enactment of a privacy legislation in India. In subsequent pieces we will focus on subjects such as regulatory framework to implement, supervise and enforce privacy principles, and principles to regulate surveillance in India under a privacy law.

Edited by Elonnai Hickok and Vipul Kharbanda

This analysis intends to build on the substantial work done in the formulation of the National Privacy Principles by the Committee of Experts led by Justice AP Shah.1 This brief, hopes to evaluate the National Privacy Principles and the assertion by the Committee that right to privacy be considered a fundamental right under the Indian Constitution. The national privacy principles have been revisited in light of technological developments such as big data, Internet of Things, algorithmic decision making and artificial intelligence which are increasingly playing a greater role in the collection and processing of personal data of individuals, its analysis and decisions taken on the basis of such analysis. The solutions and principles articulated in this report are intended to provide starting points for a meaningful and nuanced discussion on how we need to rethink the privacy principles that should inform the data protection law in India.

Click to read the full blog post

For more details visit https://cis-india.org/internet-governance/blog/rethinking-national-privacy-principles

In our anxiety about the Blue Whale Challenge, are we missing the elephant in the room?

Admin — 2018-01-03T02:09:11Z

In the beginning, the Blue Whale Challenge seemed like it had all the hallmarks of an urban legend: an online self-harm game that instructed victims to commit increasing degrees of violence upon themselves, finally convincing them to commit suicide. While it was whispered about in schools, college corridors and Reddit forums, reporters found it difficult to trace.

The blog post by Karishma Attari was published by Scroll on September 9, 2017.

But since then, it appears to be accruing a body count: multiple suicides and suicide attempts in Russia, Kenya, Brazil, China, Spain, Italy, Chile and India have been attributed to people signing up for the challenge. The stories are often accompanied by images of a blue whale carved onto the victim’s skin or a last selfie taken before committing suicide.

The latest incident in India involves the last-minute rescue of a teenager in Jodhpur who attempted suicide twice – first by jumping into Kalina Lake on September 4, and then by overdosing on sleeping pills – within the same week. The teenager had carved the shape of a whale on her arm, and when interviewed, revealed that unless she completed the last task of the challenge, she believed that her mother would die.

Most victims of the Blue Whale Challenge across the world appear to have a few things in common – they are young and vulnerable to abuse online, and their connection with the game is hard to substantiate. While the stories speak to our wariness of technology-dependence, and send our parenting instincts into nervous overdrive, there is very little evidence on ground that the game even exists.

Ever since the challenge was first reported on a Russian news portal, news reports have debunked its existence, raising questions about the media’s responsibility in spreading unsubstantiated rumours and the manner in which the issue is being used to argue against the influence of the internet and promote panic. Much of the coverage regarding the challenge’s possible influence, begs the question: how can teens be raised in a way that makes them safe from the internet?

The Blue Whale Challenge in India

Cyber-lawyer Karnika Seth, who authored the book Protection of Children on Internet, admits that it is impossible to generate the kind of surveillance required to nip perceived online threats – both on account of privacy laws and the sheer scale of effort such an exercise would require. She calls the unregulated internet in India a “mammoth problem that cannot be overlooked anymore”.

While there is no specific law to be applied to a situation like the alleged Blue Whale Challenge, Seth pointed to acts relating to the cyber space like the IT Act and the Protection of Children from Sexual Offences Act, along with inbuilt provisions within the Indian Penal Code, such as Act 305, that could be applied.

There have been approximately 10 reported cases of suicide in India, which are believed to be related to the Blue Whale Challenge. Google Trends show that Indian interest in the phenomenon has been overwhelming – the most common searched phrases have been “Download Blue Whale Game”, which might suggest that people are keen to inflict self-harm, or just morbidly curious (particularly in Kochi and Calcutta).

Timely intervention appears to have saved at least a few lives, such as the case of an engineering student in Kolkata who claimed that having completed several levels of the game, he was pulled back from the brink of suicide by his teacher, parents and a CID officer who counselled him. He was quoted as saying: “My message to whoever is in this game is stop before it is too late. It is not a game…they give you challenges and they take you to places you cannot come back from. They drive you to suicide.”

But despite this, the police in India have found no direct link between the suicides and the existence of any virtual moderator, who according to the Blue Whale legend, instructs victims to inflict self-harm. A lot of the so-called links have been proved to be hearsay and hysteria as seen in the case of a 12-year-old from Indore, whose mother clarified that while he had admitted to “playing games”, he had never heard of Blue Whale.

A disturbing trend

Pranesh Prakash, Policy Director at the Centre for Internet and Society, concluded: “All the available evidence points to this being a hoax, including those situations where teenagers have actually engaged in self-harm by carving a whale on their arm and have blamed the ‘Blue Whale app’ and a stranger threatening them. The children have subsequently been found to be lying through hard evidence, for instance the mobile operator finds no records of any messages or calls at those timings to the child’s number.”

While the first suicide linked to the alleged challenge emerged in Russia in 2015, Prakash added: “[E]ven the Russian police haven’t revealed any evidence in their possession in the arrests they have made related to the Blue Whale Challenge, nor have those cases gone to trial. How else can one explain the fact that there hasn’t been evidence of a ‘tutor’ in even a single one of the cases reported in India?”

There is, however, a huge problem regardless of whether the game exists: “The harm caused by the media sensationalism is quite real thanks to what is known as the Werther effect, leading to copycat suicides,” Prakash said.

Authorities in most countries where victims have appeared have treated these claims seriously. In May, the Russian Duma or parliament made it an act of criminal responsibility to create a pro-suicide group on social media. Authorities in China and other countries are monitoring mentions of the game on forums and live broadcasts. The Delhi Police have issued an advisory after a cyber cell spotted related hashtags and messages on social networking sites. In India, the Ministry of Electronics and Information Technology directed several internet companies such as Google, Facebook, Instagram, WhatApp, Microsoft and Yahoo to remove all links which direct users to the Blue Whale Challenge.

The real problem

Teenage suicide is a growing concern worldwide and India has one of the world’s highest suicide rates for youth aged between 15 and 29. In the US, suicide is documented as the second leading cause of death for young people. The Netflix original series 13 Reasons Why was banned in several countries over accusations that it glamourised teen depressives and suicides.

The real conversation we need to be having with the youth is about their reasons for choosing self-harm – about mental health and depression. Dr Depeak Raheja, a senior psychiatrist and vice-president of the Delhi Psychiatric Society, suggested that parents who suspect their child might have suicidal urges should address not just the issue of the game, “but also the underlying causative factors – isolation, low self-worth, hopelessness and underlying or active depression”.

One way in which this is already happening is through online mental health support groups which are promoted as alternatives to the Blue Whale Challenge. In Brazil, a designer has created a viral counter movement called the Pink Whale (Baleia Rosa), which relies on the collaboration of hundreds of volunteers and is based on positive tasks that combat depression. The British YouTuber HiggyPop has also set up an email service that sends daily Pink Whale challenges to participants. In the United States, a site called Blue Whale Challenge uses fifty days of tasks to promote mental health and well-being, while the Green Whale Challenge is a humorous version of the game in Argentina.

The fear and anxiety around the Blue Whale Challenge shows our willingness to project our fears of an unregulated internet onto anything that fits the profile, even as we override all evidence to the contrary. Instead, parents in particular must treat the tragic aftermath of popular suicide games as an opportunity to have a necessary, if belated, conversation about depression and mental health. The Blue Whale challenge may well turn out to be a hoax, but the challenge of keeping teenagers safe and healthy is a very real one.

Karishma Attari is the author of I See You and Don’t Look Down. She runs a workshop series called Shakespeare for Dummies and is currently writing a novel titled The Want Diaries. Her Twitter handle is @KarishmaWrites.

For more details visit https://cis-india.org/internet-governance/news/scroll-karishma-attari-september-9-2017-in-our-anxiety-about-the-blue-whale-challenge-are-we-missing-the-elephant-in-the-room

Twitter tweaks user policy a day after SC clampdown

Admin — 2018-01-03T02:00:02Z

This, when India is looking to crack down on global firms exporting customer data to servers.

The article by Alnoor Peermohamed and Raghu Krishnan was published in the Business Standard on September 8, 2017. Pranesh Prakash was quoted.

Microblogging platform Twitter on Thursday told its users in India that the data collected from them could be moved outside the country and were within the purview of using its service.

This comes as the government is considering making it mandatory for internet and mobile companies to store user data locally. Global internet giants such as Google, Facebook and Twitter aggressively use user data they gather for targeted advertising.

This is in the wake of the Supreme Court issuing notices to Twitter and Google on Wednesday seeking their legal views on a petition drawing the court’s attention to the lack of control over data-sharing with cross-border corporate entities in violation of a citizen’s right to privacy. The Bench also asked WhatsApp and Facebook to file sworn statements on whether they shared any data collected from users with third parties.

India provides the highest number of active daily users for Twitter, which told them on Thursday that its updated terms of service, effective October 2, allowed user data to be moved overseas and shared with affiliates. Twitter did not respond immediately to an email.

“If private data is located in servers outside India, it will be a violation of privacy,” said Pavan Duggal, cybersecurity expert and lawyer, adding, “India needs to quickly come up with privacy legislation. Data localisation is a distinct option that India should look at.”

Internet firms collect personal information, contacts and location, apart from activities users share. In India, it is also critical as most users access these platforms on their smartphones, which they also use to do financial transactions with banks and the government.

The government last month asked 21 smartphone handset makers, the majority of them Chinese, to declare whether the data they collected from users were hosted on servers outside India.

“The government can come up with rules under Section 83 of the Information Technology Act, mandating steps needed to protect data generated by computers in India. This should be a priority,” Duggal said.

Not all concur with data localisation. “One of the oft-quoted reasons for data localisation is security, but it doesn’t help improve security at all. The idea that the data taken out of the country somehow become insecure is wrong. It is very easy to copy the data in India as well. It’s not going to help reduce snooping in any way,” said Pranesh Prakash, policy director at the Centre for Internet and Society.

Instead he advocates India to frame laws similar to that of the European Union (EU), which mandates its laws apply to any data collected of an EU citizen.

“The question is not about whether your data is in India or not; it is about whether India’s laws are applicable to the data. This is the way laws in the EU work, by insisting on it wherever an EU citizen data is taken,” Prakash added.

“That’s what is most important when one is looking at security and privacy rather than where the data is stored. As long as they have a presence in the country, India should be able to take action against them if they’re breaking any Indian laws. With the internet, you can’t be sure of where the data is saved, and really, it shouldn’t matter,” Prakash said.

For more details visit https://cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-and-raghu-krishnan-september-8-2017-twitter-tweaks-user-policy-a-day-after-sc-clampdown

We are anonymous, we are legion

Securing The Digital Payments Ecosystem

Sex, drugs and the dark web

Shadow world

The onion protocol

As easy as pie

What is bitcoin?

Flagging illegal trades

Sunny side up

CyFy 2017

Revisiting Per Se vs Rule of Reason in Light of the Intel Conditional Rebate Case

Attempted data breach of UIDAI, RBI, ISRO and Flipkart is worrisome

Emerging Issues in the Internet of Things

The​ ​Fundamental​ ​Right​ ​to​ ​Privacy:​ ​Part​ ​III SCOPE

September 2017 Newsletter

The Fundamental Right to Privacy: An Analysis

The​ ​Fundamental​ ​Right​ ​to​ ​Privacy - Part​ ​I:​ ​Sources

Download: PDF

The​ ​Fundamental​ ​Right​ ​to​ ​Privacy - ​Part​ ​II:​ Structure

Download: PDF

The​ ​Fundamental​ ​Right​ ​to​ ​Privacy - Part​ ​III:​ Scope

Download: PDF

Should you worry about identity theft?

Identity theft and frauds

Identity fraud impact

What the law says

Point of View wins Laadli Media Award: “An encouragement to keep fighting for gender equality”

Rohini's essay titled "The trouble with being a woman in FOSS" shines a light on women's experiences of facing sexism and abuse in the FOSS domain.

URL: https://deepdives.in/the-trouble-with-being-a-woman-in-foss-75181981bfdd

Russian social network VKontakte temporarily blocked in India for Blue Whale threat

Rethinking National Privacy Principles: Evaluating Principles for India's Proposed Data Protection Law

In our anxiety about the Blue Whale Challenge, are we missing the elephant in the room?

The Blue Whale Challenge in India

A disturbing trend

The real problem

Twitter tweaks user policy a day after SC clampdown

The Fundamental Right to Privacy: Part III SCOPE

The Fundamental Right to Privacy - Part I: Sources

The Fundamental Right to Privacy - Part II: Structure

The Fundamental Right to Privacy - Part III: Scope