Centre for Internet and Society

'Privacy Matters', Ahmedabad: Conference Report

praskrishna — 2011-04-04T04:45:49Z

On 26 March 2011, civil society, lawyers, judges, students and NGO’s, gathered together at the Ahmedabad Management Association to take part in 'Privacy Matters' – a public conference organised by Privacy India in partnership with IDRC and Research Foundation for Governance in India (RFGI) — to discuss the challenges of privacy in India, with an emphasis on national security and privacy. The conference was opened by Prashant Iyengar, head researcher at Privacy India and Kanan Drhu, director of RFGI. Mr. Iyengar explained Privacy India’s mandate to raise awareness of privacy, spark civil action, and promote democratic dialogue around privacy challenges and violations in India. RFGI is a think tank established in 2009 which aims to research, promote, and implement various reforms to improve the legal and political process in Gujarat and across India. ‘Privacy Matters – Ahmedabad’ is the third conference out of the eight that Privacy India will be hosting across India. The next conference will take place in Hyderabad on 9 April 2011. It will focus on human rights and privacy.

The keynote speech, delivered by Usha Ramanathan, focused on links not often made between privacy and social phenomenon.

Ms. Usha Ramanathan opened the conference by examining the links not often made between privacy and personal security, between databases and national security, and the centrality of dislodging privacy in projects of social control. In her presentation she spoke about the inverse relationship between national and personal security, making the point that an important part of privacy is the ability of an individual to secure their own person. Today, because national security follows a policy of ubiquitous surveillance, it is almost impossible for an individual to secure their person from the state. Ms. Ramanathan also traced the beginnings of ubiquitous surveillance to the increasing global fear of terrorism, and the national break down of the criminal justice system in India. Instead of looking to the roots of terrorism and the roots of failure in the criminal justice system, the Indian State has responded to both these factors by superimposing a system of surveillance on top of the existing rule. Consequently, the state has become pan-optical — closely following the movement of its entire population. The state has been able to achieve this level of surveillance through technology, which it has used to create identifiers for its population. The use of technology by the state mediates a link between corporate interest and state interest. Thus, by facilitating the easy and ubiquitous creation of identifiers and surveillance, technology is changing the idea and the nature of privacy. For example, it is now important that a privacy law allows for individuals to protect and secure their identity, something that every individual has and every individual controls, while regulating the creation and external use of identifiers — something that is used by another (not you) to distinguish a person from the rest of the population.

Questions to Consider

How can privacy legislation work to positively regulate the use of technology by the government, so that invasion of privacy does not consequently become state policy?

How can privacy legislation distinguish between and work to protect an identity while regulating the creation and use of personal information as identifiers?

Session I of the Conference featured a Judicial Perspective of Privacy and a Presentation on the Connections between Privacy and the Federal Income Tax Regime in India.

Privacy and the Constitution

J N Bhatt, the former Chief Justice of Gujarat and Bihar, and currently the head of the Gujarat State Law Commission, spoke about privacy as a fundamental right that has been written into articles 19 and 21 of the Constitution of India. Important points from his presentation include:

As privacy is already a recognized fundamental right, the question at hand is not if there is a right to privacy, but instead how can the right to privacy be best proliferated.

Within the question of how a privacy can best be proliferated, is a question about rights and duties. Wherever there is a right to privacy there is also a corresponding duty to privacy — as rights and duties are interdependent.

Though privacy has been recognized as a fundamental right in India, when looking at the actual assertion of the right, it is important to be aware of the cultural realities of India. India is a country with 39 per cent of her population living below the poverty line, with an even lower literacy rate, and there is a direct connection between the assertion of civil liberties, an individual’s civic sense, and education.

When looking at how to best proliferate the right to privacy, governance and common law, a methodology to reach the poorest of the poor should be laid out first.

Questions to Consider

What is the best way to proliferate the right to privacy ?

What legal structures need to be in place to ensure that the poor can assert their right to privacy?
What social structures need to be in place to ensure that the poor can assert their right to privacy?

Privacy and the Indian Tax Regime

Professor Amal Dhru, visiting professor from the Indian Institute of Management, Ahmedabad and a practicing Chartered Accountant spoke on the connections between privacy and the federal income tax regime in India. In his presentation he explained how the information collected by the federal income tax regime in India can be both useful in holding a citizen accountable, and invasive of one’s personal privacy if mis-used. Important points from his presentation include:

The Indian tax regime highlights the tension between public interest as tax evasion is considered an exception to the right to privacy as it is a matter of public interest.

There is a lack of confidence in the existing banking and tax system in India. For example in the business sector, Indian investors have deposited over 700 billion dollars abroad as they are given complete privacy and security over their money.

Though there is a lack of confidence in the current banking and tax system, a tighter law is not necessarily the solution. For example, studies have found that tighter tax regimes lead to greater evasion, while looser tax regimes have higher compliance rates.

On April 1, 2011 the new tax codes for India will be implemented. The reform will give enormous power to tax offices, and as the tax authorities will become equipped to do taxes smarter – this will come at a cost to citizen’s privacy.

Questions to Consider

Just as a tighter tax law leads to a higher percentage of tax evasion, will a tight privacy law simply lead to greater numbers of privacy violations?

What creates public confidence in a law?

Should a privacy legislation be responsible for defining the public good?

Should privacy protection of tax-related information be incorporated into a privacy legislation or contained only in tax law?

To what extent should tax authorities be allowed to investigate potential tax evasion i.e., one’s computer, house or e-mail?

How does one balance the private vs. the public good?

Session II of the Conference focused on National Security and Privacy, and Cultural Conceptions of Privacy

National Security and Privacy

In the second session on Privacy and National Security, Colonel Mathew Thomas spoke on privacy and national security. Colonel Thomas is a management consultant and activity leader for development centers and has held top positions in the Indian Army, and the Defence Research and Development Organisation, where he headed the missile manufacturing facility. Sharing his personal experiences in the army he explained the connection between privacy and national security. Important points from his presentation include:

National Security is often not an internal threat, but instead an external threat.

There is a connection between the increase in surveillance and liberalization of Government.

More surveillance does not bring more security.

Foreign software poses as a threat to national security.

Greater security is gained through intelligent use and analysis of data.

A strong national security plan should not rely solely on surveillance of its citizens. Instead national security should be brought about through strong economic policies, non-reliance on foreign software, neutrality in foreign policy, fair trade policies, rural development and prevention of migration to cities, and having a politically honest and accountable governance.

Questions to Consider

Is it effective for privacy to be compromised in the name of anti- terror laws?
Can the development and distribution of indigenous software protect national privacy?
How can strong economic policies indirectly protect an individual's privacy?
How can a strong foreign policy protect an Indian citizen's privacy when it is stored or sent abroad?

Privacy as a Cultural Construct

Gagan Sethi from the Centre for Social Justice, Ahmedabad shared his opinion on privacy. Important points from his presentation include:

Privacy is a cultural construct that changes with context, perspective, and time.
When considering a privacy policy it is important to create a policy that does not strictly define what privacy is and what it is not, but instead create a policy that defines and promotes a common respect for human dignity.

Questions to Consider

If a privacy policy is developed to promote a common respect for human dignity – will it be effective?

Can you develop a policy that has a loose definition and mandate, but has strong legal teeth?

Session III of the Conference focused on Minority Identities and Privacy, Prisoner Rights, and Cyber Security.

Privacy and Minority Identities

Bobby Kuhnu, a lawyer and activist, presented in the third session on Privacy, Minority Identities, and Security. In his talk Mr. Kuhnu through the use of three examples examined the ideological underpinnings of the discourse on privacy and its bearings on socially marginalized identities in the context of the Indian State and the constitutional right to privacy. Important points from his presentation include:

In India, names can be sensitive and personal information like one’s religion, family, caste, and background can all be known through a name.
Because of the sensitivity of a person’s name, many people do not feel safe or comfortable in their own identity.
Reservation lists and public postings of information, can and have been used to discriminate and violate another’s privacy.

Questions to Consider

Should a privacy legislation requirement throughout institutions and government bodies that names should not be publicly displayed to the point of identification?
What is the most effective way of legally protecting an individual from discrimination based on their name?

Perspectives of Privacy

In the last portion of the day, Yash Sampat and Aditya Yagnik spoke on the origins of privacy and privacy in the cyber world. Vimmi Surti spoke on prisoner's rights and privacy and Ramswaroop Chaudhary presented on minority identities in South Asia and privacy. Important points from their presentation include:

Internet has led to an increase in privacy violations.
The result of privacy infringements is often the deprivation of individuals from safe access to services availed to them.
When looking at privacy as the protection of human dignity, prisoner’s rights are violated through overcrowding in prisons, poor health, and poor sanitation.

Questions to Consider

Are there legal mechanisms that can be put in place to ensure the least amount of deprivation to services when an individual’s privacy is invaded?

To what extent should prisoners be availed the right to privacy?

The concluding session was a time for discussion and opinion sharing

From the closing session, and the above sessions many themes and questions pertaining to privacy came out that will need to be addressed when considering the way forward for a privacy legislation including:

Regulation of ubiquitous surveillance in the name of national security
Regulation over public display of names and personal information
The need to distinguish between identity and identifier.
The need to protect an individual's identity while regulating the production and use of identifiers.
Privacy rights and prisoners: what does the right to privacy mean to a prisoner, i.e., clean facilities and health care.
Can the right to privacy be a platform for individuals to claim sanitary/safe working and living conditions.
Recognize the changing nature of privacy rights in a technological society.
Privacy implications of biometric usage.
Creation of a definition of when privacy rights will supersede identification needs.
How can government institutions, like the tax department, incorporate and protect the right to privacy with the collection of large amounts of data for more efficient services.
Privacy and the family

Download the report and agenda here [pdf - 452kb]

Also see Matthew's presentation [powerpoint file 116kb]

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-matters-report-from-ahmedabad

'IRCTC’s Aadhaar play can violate SC order and derail National Security'

praskrishna — 2015-07-07T15:10:08Z

Your online railway bookings are going to become a wee bit more difficult if they aren’t already so.

The blog entry by Shubhra Rishi was published by CIO.IN on July 1, 2015. Sunil Abraham gave his inputs.

That is, if the IRCTC makes Aadhaar card compulsory during the registration process for e-ticketing. The move, according to a recent announcement by IRCTC, will ensure that users registering on the IRCTC website are properly identified of their identity and address through the Aadhaar card number verification.

So in case, you already have an Aadhaar card, then you need not worry. For those who don't have it yet or are reluctant to apply for it, are in for a tough time.

According to Sandip Dutta, public relations officer at IRCTC, the plan, although still in the preliminary state, is to make Aadhaar compulsory which will prevent touts from further exploiting the e-ticketing platform.

IRCTC which already has around three crore registered users, adds 15,000 new registrations every day. Just to give you the scale of an IRCTC website, a 15-minute tatkal window has about 1,000,000 people trying to log on to the IRCTC website. This means a new user won't be able to book a railway ticket on the IRCTC site until he owns an Aadhaar card.

Also Read: Indian CISO don’t trust UID with their data

"This is a complete overkill and will only result in harassment of an ordinary citizen," says Sunil Abraham, executive director at The Centre for Internet & Society. "Aadhaar, he says, should be used to prevent politicians and bureaucrats from engaging in big-ticket fraud or whole-sale corruption. It should be used to make the state more accountable to citizens and not the other way around. It is unfortunate that techno-utopians are using biometric technology to fight retail corruption or small-ticket fraud.

If IRCTC makes Aadhaar mandatory for user registrations, they will be in direct violation of the Supreme Court's interim order of September 23, 2013 where it has ordered that no person should suffer for not getting the Aadhaar card in spite of the authority making it mandatory, since government says it is voluntary.

On March 24, 2014 again, the Supreme Court reiterated its earlier order of 2013 and directed all government authorities and departments to modify their forms/circulars, etc., so as to not compulsorily require an Aadhaar number. In the same order the Supreme Court also restrained the UIDAI from transferring any biometric data to any agency without the consent of the person in writing as an interim measure.

According to cyber law expert and Supreme Court Lawyer, Pavan Duggal, till the time Aadhaar has been brought to a legislative sanctity, no government agency must make it compulsory and if they do so, they will be in gross violation of the order and will be held for contempt of court. "The National Identification Authority of India Bill that intends to give statutory backing to UIDAI (introduced in Rajya Sabha in 2010) is yet to be passed by the Parliament. Aadhaar is also non-compliant with the Information Technology Act 2000," says Duggal. Aadhaar, he says, is the unwanted child that hasn't proven legitimacy yet.

The illegitimacy, which continues to prevail due to several anomalies in the UIDAI’s Aadhaar allotment process. In March this year, about 20 million people enrolled in Delhi for an Aadhaar identification number, according to Census. However, the UIDAI generated about 17.7 million unique numbers in Delhi, about a million more than the city population.

In another incident, Aadhaar numbers were assigned to adult residents in 13 of the country's 36 states, and union territories surpassed their respective population as per 2011 census figures. However, the UIDAI blames that ‘gaps’ in census evaluation may have resulted in inaccuracy of the population data.

There have also been bizarre instances in the past where some Aadhaar cards displayed pictures of an empty chair, a tree, and a dog instead of the actual applicant.

So how does it aid unscrupulous elements in misusing the flaws of the Aadhaar card system?

To start with, Aadhaar captures biometrics of a user, which is neither permanent nor immovable, says Dr. Anupam Saraph, innovator, professor and an advisor in governance, informatics and strategic planning.

"Biometrics change during the life of a person, sometimes even within a year, or without warning. Biometrics can be easily stolen, replicated or misused as has been demonstrated by instances of fingerprints and iris scans of high profile targets being hacked. The enrollment agencies that have captured the biometric have the entire demographic and biometric database in their possession and as such it can be misused or stolen. Once the biometric fails or is stolen, all the functions that have crept to link access to the biometric are denied with little or no recourse to the victim," says Saraph.

“Another benign scenario may be large scale fake bookings to make tickets pricier, the malignant scenario will be entire trains used to transfer armies of anti-nationals and terrorists. Therefore, the Railway Minister must rise to cancel any such plans," says Saraph, and the Home Minister and Defence Minister must immediately scrap the linkage of Aadhaar to any database, require that the entire UID is destroyed as was done in the UK. “This kind of compromise requires the initiation of a time-bound judicial probe by a retired CAG and Supreme Court Judge supported by the CBI to investigate the exposure of the country to serious threats to national security due to UID,” he says.

And therefore, the bigger question isn't whether Aadhaar should be made compulsory or not, but whether it is a foolproof method to validate someone's identity. If it isn’t, then why is IRCTC playing the Aadhaar card?

For more details visit https://cis-india.org/internet-governance/news/cio-july-1-2015-irctc-aadhaar-play-can-violate-sc-order-and-derail-national-security

'I'm going to ruin you, dear'

praskrishna — 2014-09-09T09:55:47Z

Revenge porn is sweeping across the developed world. And now it's being seen in India. The culprit, says Prasun Chaudhuri, is often a former friend, partner, relative or colleague.

This article by Prasun Chaudhuri with additional reporting by Varuna Verma in Bangalore was published in the Telegraph on August 3, 2014. Rohini Lakshane gave her inputs.

How would you feel if you casually opened a mail and found the link to a pornographic site — and it turned out to contain pictures of yourself naked? That's what Kalpana did. She clicked on a link sent to her and, to her horror, found that the face of the girl who "was available for sex" was hers. Her stomach lurched when she saw that the pictures showed her own bedroom. The site also contained her personal and contact details.

Kalpana was shattered. The subject line of the mail had said "I'm going to ruin you, dear". It had seemed like a prank. Only, it wasn't. It was a very real and malevolent attempt to destroy her reputation.

The 24-year-old Mumbai-based bank executive had become a victim of revenge porn — a new form of cybercrime in which ex-lovers or boyfriends upload intimate photos and videos of their former partners for the world to see. Mostly, the sexually explicit pictures are of women posted by jilted or spurned men.

Kalpana's photos, it was later found, were posted by her recently divorced husband, Pranay. They were taken when the two lived together.

Revenge porn is a trend sweeping across the developed world — from the US and Japan to countries in Europe. And now it's being seen in India, fuelled by the growing access to the Internet and camera-wielding mobile phones — all that is needed for taking and posting offensive pictures.

"Now that you have gadgets you tend to capture every moment of your life in pictures or videos," Calcutta-based psychiatrist J.R. Ram points out. "Not only that, you want to share these images through networking apps in your mobile phone or the Internet — without ever thinking of the consequences."

National Crimes Record Bureau (NCRB) figures — released on July 1, 2014 — show a 63.7 per cent rise in cyber offences from 2012 to 2013. During this period, the category "transmission of obscene content in electronic form" reflects a quantum jump —104.2 per cent — with 1,203 cases registered and 737 people arrested. "The data show cyber offences against women have increased sharply," NCRB director-general R.R. Verma says. "But we do not have any specific data on revenge crimes."

More and more such cases, however, are now coming to light. Kalpana lodged a complaint with the Navgarh police station in Mumbai. Ashish was arrested under a number of sections of the Indian Penal Code and the Information Technology Act.

Sneha, a 22-year-old college student from Udupi in Karnataka, also went to the police with the complaint that her ex-boyfriend had put up her photographs and videos on the Internet. M.B. Boralingaiah, superintendent of police, Manipal district, says the boy was arrested and sent to judicial custody.

"There has been an exponential rise in the number of cases of cyber revenge being reported to the police," Boralingaiah says. "This could also be because of increasing awareness of cyber laws, which prompts more people to approach the police." The Karnataka police are now setting up cyber crime police stations at regional levels across the state. Currently, only one police station, in Bangalore, deals with such crimes.

The profile of the criminal in revenge porn, Boralingaiah adds, is different from that of the average criminal plotting a scam using the Internet. In all the cases that have been reported, the accused is a former friend, partner, relative or colleague with no criminal history. They are also educated, intelligent and technologically savvy.

And that is why, despite suspicions, it is not always easy to catch the offender. The police say they have to first track down the origin of the pornographic site where the pictures are posted. "When we receive a complaint we try to locate the IP address (the unique identifier for the computer)," says Siddhartha Chakraborty, in charge of Cyber Police Station, Lalbazar, Calcutta. "But these crooks are clever enough to use some fake IP address of a distant country."

Once the police zero in on the IP address, it asks the web hosts to remove the offensive images, which they normally do. "But the procedure can take weeks or even months," Chakraborty adds.

Debarati Halder, a lawyer and cyber victim counsellor based at Tirunelvelli, Tamil Nadu, says she comes across 10-15 cases of revenge porn every month across the country, mostly involving college students. Often, the victims themselves take pictures while taking a shower or in their inner wear and share them with their boyfriends.

Many young women, Halder says, see such acts as symbols of independence or defiance.

"Taking 'sexy' images of themselves offers them a false sense of liberty, bypassing the repression imposed upon them in the real world," she says. "They feel relatively uninhibited in cyberspace and tend to experiment with their looks and sexuality, but are unable to determine where to draw the line."

The young are not greatly concerned with privacy and security on the Internet, Canada-based Internet safety expert Terry Cutler stresses. "They don't understand that once you send out an inappropriate photo or video, you no longer control it."

There are, according to some estimates, at least 3,000 voyeuristic websites where such pictures can be posted. The visuals are often copied and replicated across multiple porn sites, making it virtually impossible for the authorities to wipe off the digital prints. "Often these clips are available on mirror sites, web archives and caches. Video footage can also go viral on social networks and porn buffs even share these images offline," Chakraborty warns.

But people seldom think that the intimate pictures that they shoot with their lovers may one day become public. "When you're in love you trust your partner. You don't expect him to use these pictures to humiliate you when things fall apart," says Antara, a 32-year-old IT analyst in a government agency who has been a victim of revenge porn. She says that her husband, to seek a quick divorce, uploaded intimate pictures on porn sites to show that she was a woman of "bad character".

Also worrying is that a large number of women are victims of non-consensual and amateur pornography. Abir Atarthy, a Calcutta-based cyber-security expert, recently solved a case in which a college student found her pictures, shot in her bedroom, circulating on a social networking site.

"She was shocked because she not taken those pictures, nor had anybody else," Atarthy says. A thorough check revealed that a boy whose advances she had spurned had installed a hidden spy program in her laptop. "The program — capable of switching on the webcam even if the machine was offline — had been taking her snaps from her private life and sending the visuals to the youth whenever she connected to the Internet," he says.

Rohini Lakshané, a researcher at the Bangalore-based Centre for Internet and Society, describes such non-consensual acts as sexually violent crimes. "I don't like to use the term 'revenge porn', for it's an act of violence against women," she says. "Sometimes women are even raped and coerced into sex, filmed, threatened and blackmailed over the release of the footage online," Lakshané says.

The intention is to humiliate the woman and make her life miserable is the equivalent of throwing acid on her face, holds Dr Subhrangshu Aditya, a student counsellor at Jadavpur University, Calcutta. "These men can't accept rejection and it's their way to settle scores."

The victim, the experts say, doesn't just feel betrayed but often falls into depression — not just because of the ex-partner's action but because she sees herself as a partner in the crime, for the pictures uploaded may have been shot with her consent. "Their guardians also blame her for this and avoid reporting the matter to the police apprehending a bigger scandal," Halder adds.

The lawyer urges victims of such crimes to always approach the police. "Indian women have a strong legal recourse against perpetrators of revenge porn," she says. The amended 354 [C] of the Criminal Law (Amended) Act 2013, also known as the "voyeurism section", criminalises capturing and sharing images of a woman in private space. Section 66(E) of the IT Act criminalises the publication and transmission of images of an individual's private parts without his or her consent.

"These are watertight laws, strong enough to book an offender," she says, adding that the law also protects a victim's identity.

Across the world, laws are now being framed to punish cyber porn offenders. In January, Israel voted to define posting of images without consent as sexual harassment, punishable by up to five years in jail. Many states in the US already have laws against revenge porn and Britain may bring in one soon.

But perhaps the best way to prevent such crimes is by safeguarding privacy — at home and in the virtual world (see box). Cyber security expert Cutler sums it up aptly: "Just think this before you click the send button: If I were to post the visual on the Internet, would I care if it landed on the front page of a newspaper or the 8pm news?"

Some names have been changed to protect identities

How to Safeguard Your Privacy?

Get acquainted with the privacy settings of the social networks, dating and matrimonial websites you use
Do not upload any single close-shot picture on the Internet; this can be morphed and misused
Never film yourself during sexually intimate acts; even if you delete the pictures and videos these can be recovered from your device
Watch out for weird webcam activity; malicious software can easily infect your computer or phone and control the webcam
Remove your memory card from your mobile or format the hard disc of your computer before giving the device to service centres
Don't give your device to others and always lock your applications (especially picture galleries) in your mobile
Install and update antivirus and antimalware in your device

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-august-3-2014-i-am-going-to-ruin-you-dear

'Ethical Hacker' Saket Modi Calls for Stronger Cyber Security Discussions

kovey — 2013-08-05T13:11:08Z

Twenty-two year old Saket Modi is the CEO and co-founder of Lucideus, a leading cyber security company in India which claims to have worked with 4 out of 5 top global e-commerce companies, 4 out of 10 top IT companies in the world, and 3 out of 5 top banks of the Asia Pacific.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

At the Confederation of Indian Industry (CII) conference on July 13, titled “ACT – Achieving Cyber-Security Together,” Modi as the youngest speaker on the agenda delivered an impromptu talk which lambasted the weaknesses of modern cyber security discussions, enlightened the audience on modern capabilities and challenges of leading cyber security groups, and ultimately received a standing ovation from the crowd. As a later speaker commented, Modi’s controversial opinions and practitioner insight had "set the auditorium ablaze for the remainder of the evening". Since then the Centre for Internet and Society (CIS) has had the pleasure of interviewing Saket Modi over Skype.

It is quite easy to find accounts of Saket Modi's introduction into hacking just by typing his name in the search engine. Faced with the pressure of failing, a teenage Saket discovered how to hack into his high school Chemistry teacher’s test and answer database. After successfully obtaining the answers, and revealing his wrong doings to his teacher, the young man grew intrigued by the possibilities of hacking. "I thought, if I could do this in a couple hours, four hours, then what might I be able to do in four days, four weeks, four months?"

Nowadays, Modi describes himself and his Lucideus team as "ethical hackers", a term recently espoused by hacker groups in the public eye. As opposed to "hacktivists", who utilize hacking methods (including attacks) to achieve or bring awareness to political issues, ethical hackers claim to exclusively use their computer skills to support defenses. At first, incorporation of ethics into a for-profit organization’s game plan may seem confusing, as it leaves room for key questions, like how does one determine which clients constitute ethical business? When asked, however, Modi clarifies by explaining how the ethics are not manifest in the entities Lucideus supports, but instead inherent in the choice of building defensive networks as opposed to using their skills for attack or debilitation. Nevertheless, considerations remain as to whether supporting the cyber security of some entities can lead to the insecurity of others, for example, strengthening the agencies which work in covert cyber espionage. On this point, Modi seems more ambivalent, saying "it depends on a case by case basis". But he still believes cyber security is a right that should be enjoyed by all, "entitled to [you] the moment you set foot on the internet".

As an experienced professional in the field who often gives input on major cyber policy decisions, Modi emphasizes the necessity of youth engagement in cyber security practice and policy. He calls his age bracket the “web generation,” those who have “grown with technology.” According to Modi, no one over 50 or 60 years of age can properly meet the current challenges of the cyber security realm. It is "a sad thing" that those older leaders carry the most power in policy making, and that they often have problems with both understanding and acceptability of modern technological capabilities. For the public, businesses, and also government, there are misconceptions about the importance of cyber security and the extent of modern cyber threats, threats which Modi and his company claim to combat regularly. "About 90 per cent of the crimes that take place in cyber space are because of lack of knowledge, rather than the expertise of the hacker,” he explains. Modi mentions a few basic misconceptions, as simple as, "if I have an anti-virus, my system is secured" or "if you have HTTPS certificate and SSL connection, your system is secured". “These are like wearing an elbow guard while playing cricket,” Modi tells. “If the ball comes at the elbow then you are protected, but what about the rest of the body?”

This highlights another problem evident in India’s current cyber security scene, the problem of lacking “quality institutes to produce good cyber security experts.” For example, Modi takes offence at there not being “a single institute which is providing cyber security at the undergraduate level [in India].” He alludes to the recently unveiled National Cyber Security Policy, specifically the call for five lakh cyber security experts in upcoming years. He calls this “a big figure,” but agrees that there needs to be a lot more awareness throughout the nation. “You really have to change a lot of things,” he says, “in order to get the right things in the right place here in India.”

When considering citizen privacy in relation to cyber security, and the relationship between the two (be it direct or inverse), Saket Modi says the important factor is the governing body, because the issue ultimately resolves to trust. Citizens must trust the “right people with the right qualifications” to store and protect their sensitive data, and to respect privacy. Modi is no novice to the importance of personal data protection, and his company works with a plethora of extremely sensitive information relating to both their clients and their clients’ clients data, so it operates with due care lest it create a “wikileaks part two.”

On internationalization and cyber security, he views the connection between the two as natural, intrinsic. “Cyberspace has added a new dimension to humanity,” says Modi, and tells how former constructs of physical constraints and linear bounds no longer apply. International cooperation is especially pertinent, according to Modi, because the greatest challenge for catching today’s criminal hackers is their international anonymity, “the ability to jump from one country to the other in a matter of milliseconds.”

With the extent of the challenges facing cyber defense specialists, and with the somewhat disorderly current state of Indian cyber security, it is curious to see that Saket Modi has devoted himself to the "ethical" side of hacking. Why hasn’t he or the rest of the Lucideus team resorted to offensive hacking, since Modi claims the majority of cyber attacks of the world who are committed by people also fall between the ages of 15 and 24? Apparently, the answer is simple. “We believe in the need for ethical hacking,” he defends. “We believe in the purpose of making the internet safer.”

For more details visit https://cis-india.org/internet-governance/blog/saket-modi-calls-for-stronger-cyber-security-discussions

'Attempts to censor the web ill-advised'

praskrishna — 2012-06-17T07:11:39Z

Amid concerted government attempts to censor the internet and the recent blocking of file-sharing websites due to a court order based on a petition by producers of a Tamil film, speakers at a discussion on Saturday felt that there was a fear of freedom of expression among those affected by it, primarily the powerful.

Article by Krish Fernandes published in the Times of India on June 3, 2012

At the discussion on 'freedom of expression and privacy: Proposition' held at Goa University, senior journalist Paranjoy Guha Thakurta felt the increasing attempts at online censorship were a consequence of the government being unable to formulate coherent responses to the widening of the limits to freedom of expression on the internet.

He was of the view that all stakeholders should be consulted before any legislation in this regard.

Vickram Crishna of Privacy International spoke about "the fear of freedom of expression". While stating that the internet access had jumped due to the increased usage of smartphones, he observed that "there were concerted moves to make these things (censorship) happen in India".

"What use is access, if we don't have freedom of expression?" Crishna questioned.

Geeta Seshu of The Hoot was of the opinion that the world was also seeing the rise of powerful web players such as search engines and social networks with no obligations to permit free speech.

Chinmayi Arun of the National University of Juridical Sciences echoed this view. She felt freedom of speech and expression were vulnerable because they receive very little protection from non-state factors. She felt surveillance may soon become as serious a threat to free speech as censorship.

Advocate Apar Gupta felt there are better safeguards against banning books, while web content bans see almost no safeguards.

Touching on the ban on file-sharing sites, Lawrence Liang of Alternative Law Forum felt private bodies such as ISPs were being given powers of the state.

Anja Kovacs of Internet Democracy Project was critical of the government instructing internet service providing companies to setup servers in the country. The internet as we know it will stop to exist if we have server requirements in all countries, she said.

Frederick Norohna of publishing house Goa 1556, Siddhart Narrain and Danish Sheikh of the Alternative Law Forum, Paromita Vohra of Devi Pictures and Werner Souza also spoke on the occasion.

For more details visit https://cis-india.org/news/attempts-to-censor-the-web-ill-advised

'Aadhaar' Of Your Existence Or Card Of Controversy?

praskrishna — 2017-05-20T12:24:20Z

recent report estimates that details of 13 crore Aadhaar card holders have been leaked from four government websites. These include bank account details, income levels, addresses, even caste and religion details.

This was telecasted by NDTV on May 3, 2017. Amber Sinha was a panelist.

As the Supreme Court questioned the government about this, the centre admitted for the first time that the leaks had taken place but passed the onus on to state governments. It also argued that no technology was a 100 per cent foolproof but that couldn't be the basis for a constitutional challenge. Those who have petitioned against making Aadhar mandatory for filing income tax say no other democratic country has such a requirement and allege that it shows the sinisterness of the government.

Video

For more details visit https://cis-india.org/internet-governance/news/ndtv-may-3-2017-aadhaar-of-your-existence-or-card-of-controversy

"Will the Magic Number Deliver?" - Roundtable on Aadhaar at CSLG, JNU, April 26

sumandro — 2016-04-20T10:49:58Z

The Centre for the Study of Law and Governance (CSLG), Jawaharlal Nehru University (JNU), will organise a roundtable discussion on Tuesday, April 26, to discuss the Aadhaar project and Act. Along with Rajeev Chandrasekhar, Prasanna S, Apar Gupta, and Chirashree Dasgupta, Sumandro Chattapadhyay will be one of the discussants. It will take place in the CSLG Conference Room at 6 pm.

Discussion Note

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, was enacted by the Parliament on March 16. Thereafter it has been notified on March 26.

The Act empowers the UIDAI (Unique Identification Authority of India) to collect biometric and demographic information of residents to provide them with a unique number. This unique number is to be used for enumeration, identification and targeting of beneficiaries of government subsidies and services.

Since the creation of the UIDAI as an executive authority in 2009, this process of enumeration has been ongoing. Recently, it was announced that more than 100 crore residents have been given their aadhaar cards. Alongside, however, legal challenges have continued in the Supreme Court.

Given this context, this Roundatable Discussion will focus on the following set of questions (among others):

Can the Aadhaar Number enable better delivery of government subsidies and services?
How does the Act ensure data protection?
Is there a right to privacy in India? What are the implications in the context of Aadhaar?
Does the Act ensure public access to statutory remedies in case of violations?
Did the Aadhaar Bill fulfil the requirements of a money bill?

Discussion Format

Setting the Theme - Short Introduction to the Topic by Natasha Goyal

Speakers' comments, 15 minutes each, consecutive, no power points

Rajeev Chandrasekhar, Member of Parliament, Rajya Sabha
Sumandro Chattapadhyay, the Centre for Internet and Society
Prasanna S, Lawyer
Apar Gupta, Advocate, Delhi High Court
Dr. Chirashree Dasgupta, Centre for the Study of Law and Governance

Open Session (Moderated Q and A)

Followed by Tea

Directions to Venue

From JNU main gate, proceed straight until you get to a T-junction. Turn left. Continue until you reach a second T-junction. Turn right. Follow the road for just 0.7 km until you see a bus stop labelled “Paschimmabad.” About 50 m past the bus stop turn right at a sign that reads: “Centre for the Study of Law and Governance”. The CSLG building is on the right. The conference room is on the first floor.

Poster

For more details visit https://cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016

"Whatever happened to Privacy?" - International Activism Conference

praskrishna — 2014-02-03T05:56:27Z

Maria Xynou gave a keynote speech and participated as a panelist on the "Suspect Societies" panel. The event was organized by Heinrich Boell Foundation in Berlin on December 5 and 6, 2013.

"Whatever happened to privacy" brought together international activists on focal topics and combined bar camp style work sessions and political round tables with a classic public event, It focussed on an issue which has far reaching consequences for politically active people across the world - the issue of privacy and surveillance. The revelations around the NSA and GCHQ as well as other countries secret service digital surveillance activities have spurred political debate. This debate was intensified at "Whatever happened to Privacy?" formulating political demands, developing action strategies and debating questions such as:

What cultural and political value does privacy have today?
What are the societal implications of the wide spread "I have nothing to hide" attitude?
What political actions are necessary to protect citizens from mass surveillance and what tools exist for people to secure their communications, movements and lives?

For video and more info, click here

For more details visit https://cis-india.org/news/whatever-happened-to-privacy