Centre for Internet and Society

Indian Govt looks to provide free access to publicly-funded research works

praskrishna — 2014-07-28T05:34:37Z

Sunil Abraham gave his inputs to the blog entry published in Medianama on July 23, 2014.

Department of Biotechnology (DBT) and Department of Science and Technology (DST), under the Ministry of Science and Technology recently released (pdf) the draft of what is termed as Open Access Policy and has invited comments from the public until July 25, reports The Times of India. Comments can be submitted to madhan@dbt.nic.in.

The objective of this policy is to provide unrestricted access to research work funded by the departments. The draft states that since all funds disbursed by DBT and DST are public funds, it is important that the information and knowledge generated through the use of these funds are made publicly available as soon as possible.

As per the draft, DBT/DST will be creating a central repository wherein grantees can either publish their papers in an open-access journal or post the final accepted manuscript to an online repository. This includes papers funded by the two departments in 2012-13 as well as review articles invited by DBT/DST or author initiated that received funding from these departments.

The draft suggests that the full text of the research paper and metadata of all research projects fully or partially funded by DBT/DST or the projects that utilised infrastructure built with the support of DBT/DST will have to be made publicly available, failing which they wouldn’t be considered for future grants or fellowship opportunities among others.

The department believes that providing free access to these publications through gratis open access repository will enable increasing the distribution of these publications and will ensure that these research can be read and built upon.

Copyright of research papers: The draft also sheds light on copyright issues. It states that research work produced by a scientist as an employee of a government body or private institution the copyright would remain with the respective government body or private institution. However, following the final acceptance of the paper by any journal, it has to be deposited in an open access repository within a period of one week.

The author of the research paper will retain the right to reproduce, distribute, publicly perform, and publicly display the article in any medium for non-commercial purposes. They can also prepare derivative works from the article, and authorise others to make any non-commercial use of the article with credit.

Implications: This is a godsend for students, teachers and institutions that don’t have the means to purchase expensive academic journals. Sunil Abraham, executive director of Centre for Internet and Society (CIS) told TOI that the idea is that taxpayers shouldn’t pay twice to access research funded by taxpayers’ money.

Earlier developments in Open Data

In August 2013 the Department of School Education and Literacy, Ministry of Human Resource Development, the Central Institute of Educational Technology (CIET), and National Council of Educational Research and Training (NCERT) had launched an initiative called National Repository of Open Educational Resources (NROER). The objective was to provide free educational resources to school students under the Creative Common license.

The Union Cabinet had cleared the DST formulated National Data Sharing and Accessibility Policy (NPDSA) back in February 2012. NPDSA was supposed to increase accessibility and ease sharing of non-sensitive data amongst the registered users and their availability for scientific, economic and social developmental purposes. However, very little has been reported on how NPDSA was utilised since then.

Click to read the article published in Medianama here.

For more details visit https://cis-india.org/news/medianama-july-23-2014-riddhi-mukherjee-indian-govt-looks-to-provide-free-access-to-public-funded-research-works

Indian govt blocks 40 smut sites, forgets to give reason

praskrishna — 2013-07-01T09:04:26Z

Don't mind us, we're just censoring your content for you...

The article by Phil Muncaster was published in "The Register" on June 27, 2013. Sunil Abraham is quoted.

The Indian government has ordered ISPs to block 39 smut flick web sites hosted outside the country without giving any explanation, stoking further fears of online censorship by the back door.

Most of the sites are web forums and so allow for the uploading of naughty images and URLs where smut-seekers can download their grumble flicks, according to Times of India.

However, the sites claim to operate under the 18 USC 2257 rule, meaning actors are (supposedly) over 18 years of age, and there is apparently no indication from the Department of Telecom's order why ISPs are being asked to comply.

The message greeting web users who try to visit a blocked site now reads as follows:

This website has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications.

While the law, updated in 2011, does forbid production, transmission and sharing of smutty content in India - therefore requiring internet cafes, for example, to block such content - there is no ban on consumption, especially from sites hosted outside India.

Sunil Abraham, director of Indian not-for-profit the Centre for Internet and Society, told ToI that the government is probably interpreting the law to serve its own ends, and that its ISP order “is a clear overreach”.

The Union government has certainly been quick in the past to order blocks on any content deemed inappropriate.

Facebook and Google were forced to remove “objectionable content” from their Indian sites last year after complaints it was offensive to Muslims, Hindus and Christians.

The government was also one of many across the globe to force Google to block notorious YouTube video Innocence of Muslims.

A controversial anti-piracy ruling last June, meanwhile, led to a clumsy, large-scale block on a number of legitimate sites in the country – drawing the ire of hacktivist group Anonymous.

The government also closed hundreds of sites and social media accounts in August last year in a bid to prevent the escalation of sectarian violence across the country.

In fact, the number of content removal requests received by Google increased by 90 per cent from July-December 2012 compared with the previous six months.

For these reasons, India only enjoys “Partly Free” status, according to the Freedom on the Net 2012 report from not-for-profit Freedom House.

For more details visit https://cis-india.org/news/the-register-phil-muncaster-june-27-2013-indian-govt-blocks-40-smut-sites-forgets-to-give-reason

Indian government websites: Gold mine for cybercriminals

praskrishna — 2014-01-31T06:18:12Z

If you are a cybercriminal trying to commit identity theft or digitally impersonate a citizen, you have help from the unlikeliest of sources — the Government of India.

The article by Srutijith KK was published in the Times of India on January 3, 2014. Sunil Abraham is quoted.

Various government agencies have put vast amount of personal information online, often with little barrier to access and with hardly any provision to prevent their misuse.

Combine a few of these databases and you have a gold mine of information on India's citizens, including some of its wealthiest residents, whose bank accounts are of special interest to thieves. "If I want to target someone, I now have access to so much detail that shouldn't have been in public. Hackers with good social engineering skills will be able to call a call centre and impersonate a person. And from a stalking perspective, it has implications for not just celebrities, but anybody with a jilted lover, a political rival, and so on," said Binoo Thomas, a digital security expert at McAfee Labs.

For example, if somebody wants to get personal details of some of India's richest people, he would simply need to click on the LPG transparency links on Indane, Bharat Gas and HP portals and narrow the search to the South Mumbai region. Many gas agencies have their area of service in their names, such as Bandra Gas Agency or Colaba Gas Agency.

Select one of these gas agencies and you have a list of all the customers, with their consumer number, address and, in many cases, a mobile number. This database is also searchable by name. You can quickly search for any famous surname and be rewarded with a consumer number, residence address and in many cases, a mobile phone number.

A cursory search gave ET the mobile number and full residential address of the well-known matriarch of a famous business family. A search under the Bandra Gas Agency promptly showed the full residential address of a famous Bollywood actress. Your next stop could be the website of the Election Commission of India, which has asked all state Election Commissions to place the entire voter rolls online.

The voter roll also has the full residential address, age and gender of a person. A quick search on the MTNL Mumbai directory online will reveal the landline number for a person. With a little bit of luck and time to troll social networks such as Facebook and LinkedIn, a skilled cybercriminal can discern your date of birth and professional details.

Date of birth, phone number, alternate number and billing address are the details many telephone companies and banks use to determine whether a person calling its customer helpline is indeed who she says she is. This kind of information also allows a hacker to design effective phishing attacks, which lures a person into revealing information such as passwords or credit card numbers. An email that lists accurate personal information appears authoritative and has greater likelihood of being trusted by a recipient.

Thread of identity theft
This kind of crime has been on the rise. In December, US Department of Justice estimated that $24.7 billion were lost to identity theft in 2012, as 11.5 million Americans found themselves defrauded. Similar data is unavailable for India. "Privacy has become a matter of personal security. As the state has been pushed to function in a more transparent manner, authorities are making the details about us transparent instead! The data protection principles are well evolved all over the world.

All of these data controllers are in violation of every good principle. We don't need to wait for a law to observe these principles," said Usha Ramanathan, an independent law researcher specialising in privacy, surveillance and related issues. The ministry of rural development, which administers the Mahatma Gandhi National Rural Employment Guarantee Scheme, goes a step further, and places online the bank account numbers and IFSC codes for all its beneficiaries.

RTI requirements
The justification for publishing this kind of data online is typically section 4 of the RTI Act, which requires all government departments to proactively publish details of subsidy programmes, including details of the subsidy availed. However, section 8(1) of the same Act says that personal information that invades privacy of an individual need not be published unless an appellate authority decides that a larger public interest is served by it. It's unclear what public interest is served by the publication of full residential address, mobile number or bank accounts by various agencies.

In some cases, like the MNREGS and the voter rolls, sector-specific laws also apply. "Going by the provisions of the MGNREGA, which mandates proactive disclosures, we keep all processes in the public view... We have not perceived any threat in displaying bank account numbers of wage seekers, most of which have been opened for receiving wages," said R Subrahmanyam, the joint secretary at the ministry of rural development who heads the MNREGA division.

The petroleum ministry did not respond to an email requesting comment. In an emailed response, Chief Election Commissioner VS Sampath referred to Rule 33 of the Registration of Elector Rules, 1960, to establish that the voter roll was a public document. "Thus it can be seen that Electoral Roll is a public document which is available to the public for inspection. The Commission has, therefore, given instructions to put this public document on the website to facilitate inspection by public. When law stipulates that it is a public document, the public has a right to access it," he said. But no law states that anonymising techniques or relevant barriers to accessing private information should not be deployed.

Legal vacuum
India does not have an omnibus privacy law that overrides sector specific legislation. According to Sunil Abraham of the Bangalore-based thinktank Centre for Internet and Society, there are some 50 different laws that have a privacy element in India. The Department of Personnel and Training has been working on a draft privacy law for three years now.

"We need to think of this problem in the light of the privacy law that is being drafted. Traditionally and culturally our view of privacy has been different. A more explicit understanding of the privacy needs of the citizens is certainly welcome. Section 43A of the IT Act has provisions for data protection," said J Satyanarayana, secretary at the department of information technology.

But 43A applies only to corporations, and government agencies are not bound by it. Apart from the central government agencies, several state government agencies and schemes also collect and store personal information. But no standard protocol binds them in deciding who shall have access and who shall not.

For more details visit https://cis-india.org/news/the-times-of-india-january-3-2014-sruthijit-kk-indian-govt-websites-gold-mine-for-cybercriminals

Indian government wakes up to risk of Hotmail, Gmail

praskrishna — 2013-12-30T04:24:57Z

Worried by US spying revelations, India has begun drawing up a new email policy to help secure government communications, but the man responsible for drafting the rules still regularly uses Hotmail.

This was originally published by AFP on December 7, 2013, was also mirrored by the Times of India, Livemint, Reuters, Dawn, NDTV, Yahoo News, The Malaysian Insider and Asia One Digital. A slightly modified version was published by Silicon India on December 11. Sunil Abraham is quoted.

Like many of his peers in ministries across New Delhi, IT Minister Kapil Sibal's office recently sent an email inviting journalists to the launch of his new personal website using the free email service.

Others, including senior foreign ministry officials, the information and broadcasting minister and the health ministry secretary, also use Gmail, Hotmail or Yahoo instead of their government accounts.

When asked why he continued to use his Hotmail for official use, Sibal declined to comment, but a senior bureaucrat in his ministry admitted that he personally preferred Gmail because it is "just a lot easier".

"We keep moving, get different designations, go different places and with that, our emails change. You lose contacts and important emails, which you don't need to worry about with a Gmail account," the bureaucrat told AFP.

"To be honest, the quality of our official mail isn't that great yet. It still needs some work," he added on condition of anonymity.

Security concerns

IT security expert Sunil Abraham said the use of Gmail and the like was highly risky since the American services had their servers in the US and the National Security Agency has been known to tap into their database systems.

It is unclear how many state and federal public workers actively use popular email services for office, but some of the estimates are startling.

"As much as 90 percent of government officials use private email (services) for official use... that's because their official email is not as stable or speedy," said Abraham, executive director of the Bangalore-based Centre for Internet and Society.

In September Sibal's ministry announced a new "Email Policy of the Government of India" in the wake of spying allegations about the NSA revealed by former NSA contractor Edward Snowden.
NSA's tentacles not only crept into the Indian embassy in Washington and its UN office in New York, but also accessed email and chat messenger contact lists of hundreds of millions of ordinary citizens worldwide, according to media reports.

During a single day last year, the NSA's Special Source Operations branch collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, The Washington Post said, according to an internal NSA presentation.

The $11 million Indian project aims to bring some five million public employees onto the government's email domain powered by the National Informatics Centre (NIC) as early as mid-December.

It is awaiting clearances and suggestions from all ministries before the proposal goes to the cabinet this month.

J. Satyanarayana, secretary of the department of electronics and IT, dismissed claims that the policy was too late and was a response to the Snowden scandal.

"The policy is not a reaction to any global spying revelations, it was already in the works. It is just a mere coincidence that both came around the same time," he said.

Fresh doubts

Some cyber security experts say bringing millions aboard a centralised server could make a hacker's job easier, with all critical government information available on a single platform.
More than 11,000 Indian websites were hacked or defaced between May and August this year, with a large number of attacks on the ".in" domain whose servers are in India, the Times of India reported last month.

"Making the use of a centralised government server is not the best way to proceed. Having everything on one platform makes it even more vulnerable to cyber attacks and hacking," said Abraham.

"It also brings about new worries of the NIC becoming the local snoop."

Some also predict that the ambitious policy would eventually fizzle out for lack of attention from ministers and bureaucrats, who work in government offices where stacks of yellowing files and papers are still a common sight.

"It's sad but most of these officials don't understand much about technology, so mastering email is something that is miles and miles away," said Vijay Mukhi, a Mumbai-based cyber security expert.

"These guys saw all the snooping news and suddenly they woke up and said 'lets make an email policy'. Enforcing this is not possible on a practical basis."

The IT ministry also plans to conduct workshops to teach employees about email security such as when to change passwords and user names and how to use email.

"Every employee should know how, what and when critical data can be vulnerable... with most work still done on paper, it is important to know the nitty-gritty of using email," Satyanarayana said.

For more details visit https://cis-india.org/news/afp-december-7-2013-annie-banerjee-indian-government-wakes-up-to-risk-of-hotmail-gmail

Indian government to bar politicians from using Gmail for official business

praskrishna — 2013-09-05T09:52:17Z

US-based email services seen as too risky.

This article by Neil McAllister was published in the Register on August 30, 2013. Sunil Abraham is quoted.

The government of India is reportedly planning to bar its employees from using Gmail and other foreign-based email services, amid concerns over surveillance by US spy agencies.

"Gmail data of Indian users resides in other countries as the servers are located outside," J Satyanarayana, India's secretary of electronics and information technology, told the Times of India. "Currently, we are looking to address this in the government domain, where there are large amounts of critical data."

The Indian government currently employs some 500,000 people, many of whom use Gmail for their primary email addresses. A quick glance at the contact page for the country's Department of Electronics and Information Technology reveals at least eight senior officials using Gmail, and still others with Yahoo! addresses.

Under the new directive, government employees will be asked to stick to official email addresses provided by India's National Informatics Centre (NIC). But an unnamed senior government IT official told the Times of India that many government workers choose Gmail and other foreign services because they are easier to use, and setting up accounts is much faster than working within the bureaucratic process of the NIC.

The move toward locally run email for Indian government workers comes in the wake of a string of revelations from documents leaked by Edward Snowden. Among the recent disclosures has been details of US electronic surveillance of foreign governments on US soil, where the National Security Agency even went as far as to snoop encrypted communications from United Nations headquarters in New York City.

No doubt equally concerning was a motion filed by Google in a US district court earlier this month, in which the Chocolate Factory asserted that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties" such as Gmail.

But Sunil Abraham of the Bangalore-based think tank the Centre for Internet and Society said that foreign spying wasn't the only reason why government officials should be required to use a homegrown email.

"Use of official government email would also make it easier to achieve greater transparency and anti-corruption initiatives," Abraham told the paper. "Ministers, intelligence and law enforcement officials should not be allowed to use alternate email providers under any circumstance."

When contacted for comment, a spokeswoman for Google India said the company had not been informed of the proposed ban, adding, "Nothing is documented so far, so for us, it is still speculation." ®

For more details visit https://cis-india.org/internet-governance/news/the-register-neil-mc-allister-august-30-2013-indian-govt-to-bar-politicians-from-using-gmail-for-official-business

Indian Government still blocks 20+ websites – Indian Censorship on Internet

praskrishna — 2015-01-03T03:47:16Z

Indian Government has blocked 20+ major websites to counter ISIS propaganda. The government has removed blocking of github.com, vimeo.com and other 10+ websites blocked till December 31, 2014.

The article was published in the Times of Assam on January 2, 2015. Pranesh Prakash is quoted.

A confidential department of telecom order – dated December 17, 2014 – instructing all internet service licensees to block the websites appeared online on Wednesday.

When contacted to verify the news, Dr Gulshan Rai – Director of the Indian Computer Emergency Response Team (CERT-In) – told, the directions had been issued to internet service providers following a Mumbai Additional Chief metropolitan magistrate’s November order directing the government’s Department of Electronics and Information Technology (DeitY) to implement the same.

Pranesh Prakash – Policy Director at Bengaluru-based Center for Internet and Society – questioned the lack of transparency around the practice of blocking websites under the Indian law. “Qn for govt: Why does the law require secrecy of web blocking orders when it doesn’t allow such secrecy for books, films? #GoIBlocks,” he tweeted, adding, “The 69A Rules don’t allow for transparency, accountability, time-limits on blocks, etc. So easily misused by govt. + courts + individuals.” The websites were blocked under section 69 A of the IT Act, 2000 and the IT (Procedure and sdafeguards for Blocking of Access of Information by Public) rules, 2009.

Currently, the Supreme Court is in the middle of hearing a clutch of petitions challenging several IT Act provisions, including blocking and takedown of websites.

For more details visit https://cis-india.org/internet-governance/news/times-of-assam-january-2-2015-indian-govt-still-blocks-websites-india-censorship-on-internet

Indian Government says it is still drafting privacy law, but doesn’t give timelines

praskrishna — 2017-05-15T02:10:26Z

Read the original published by Medianama here

The Government is drafting a legislation to protect privacy of individuals breached through unlawful means in consultation with stakeholders, the minister for communications and information technology Ravi Shankar Prasad said in the Rajya Sabha. However, no timeline was provided, which is really the problem: Is the Indian government even interested in a privacy law?

In August last year, the Government of India had said in the Supreme Court of India that had said that “violation of privacy doesn’t mean anything because privacy is not a guaranteed right”, actually arguing that the citizens of India do not have a fundamental right to privacy.
In September last year, the DeitY had also sought to make encryption (and personal and business security) weaker via a draft policy on encryption, requiring all users to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable plain-text to Law and Enforcement Agencies if required. After a public outcry, the paper was withdrawn.
Last month, the DoT made it mandatory to have GPS on all phones by 2018.

We’re in a situation where the country doesn’t have a privacy law on one hand, and is setting up surveillance systems like the Centralized Monitoring System, NETRA, NATGRID (for collecting data from across databases), and linking citizens and databases across the unique identity number in Aadhaar on the other.

What happened to the old Privacy bill?

While India does not yet have a comprehensive privacy policy, back in 2014, the Centre for Internet and Society received a leaked version of the draft Privacy Bill 2014 that the Department of Personnel and Training, Government of India had drafted. A comparison of the draft bill from 2014 and the draft privacy bill of 2011 can be found here.

As per Prasad, as of now, the Section 43, 43A and 72A of the IT Act of 2000 provide the legal framework for digital privacy and security, mandating that agencies collecting personal data must provide a privacy policy, and compensations must be paid to the victim in case of unauthorized access or leakage of information.

Questions asked in Rajya Sabha:

Whether Government intends to bring a specific legislation to address the concerns regarding privacy in the country, if so, the details thereof, if not, the reason therefore; and

Whether the legislation would provide for protection of ‘personal data’ along the lines of the European Union’s Data Protection Directive, if so, the details thereof, if not, the reasons therefor

EU Privacy Bill

Interestingly, the question posed to the minister asked if the legislation would provide for protection of personal data along the lines of European Union’s General Data Protection Directive (GDRP), which were approved just last month. EU’s directive defines “any information relating to an identified or identifiable natural person directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”, as personal data.

The GDRP has a pretty wide scope and is pretty consumer friendly. The laws require users to provide explicit consent for data collection, companies to report as soon as they have a data breach, and a ‘right to erasure’ that lets users request all personal data related to them to be deleted. It also imposes a significant fine of up to 4% of annual worldwide turnover of a company in the previous financial year, in case of non compliance. For a comprehensive overview of the policy read handbook on European data protection law (pdf).

Email privacy bill US

The US does not have a comprehensive digital privacy law like the EU and mostly relies on the the privacy act of 1974. However, recently the US House of Representatives unanimously passed the Email Privacy Act that would require investigators to get a warrant before forcing companies to hand over customer email or other electronic communications, no matter how old the communication.

For more details visit https://cis-india.org/internet-governance/news/medianama-vivek-pai-may-4-2017-indian-govt-says-it-is-still-drafting-privacy-law

Indian Government Quietly Brings In Its 'Central Monitoring System': Total Surveillance Of All Telecommunications

praskrishna — 2013-07-02T09:12:49Z

There's a worrying trend around the world for governments to extend online surveillance capabilities to encompass all citizens -- often justified with the usual excuse of combatting terrorism and/or child pornography.

The blog post was published in tech dirt on June 8, 2013. Pranesh Prakash is quoted.

The latest to join this unhappy club is India, which has put in place what sounds like a massively intrusive system, as this article from The Times of India makes clear:

The government last month quietly began rolling out a project that gives it access to everything that happens over India's telecommunications network -- online activities, phone calls, text messages and even social media conversations. Called the Central Monitoring System, it will be the single window from where government arms such as the National Investigation Agency or the tax authorities will be able to monitor every byte of communication.

This project has been under development for two years, but in almost total secrecy:

"In the absence of a strong privacy law that promotes transparency about surveillance and thus allows us to judge the utility of the surveillance, this kind of development is very worrisome," warned Pranesh Prakash, director of policy at the Centre for Internet and Society. "Further, this has been done with neither public nor parliamentary dialogue, making the government unaccountable to its citizens."

That combination of total surveillance and zero transparency is a dangerous one, providing the perfect tool for monitoring and controlling political and social dissent. If India wishes to maintain its claim to be "the world's largest democracy", its government would do well to introduce some safeguards against abuse of the new system, such as strong privacy laws, as well as engaging the Indian public in an open debate about what exactly such extraordinary surveillance powers might be used for.

For more details visit https://cis-india.org/news/tech-dirt-june-8-2013-indian-govt-quietly-brings-central-monitoring-system

Indian government defends Internet blocking

praskrishna — 2012-08-28T10:07:50Z

India on Friday defended itself against accusations of heavy-handed online censorship, saying it had been successful in blocking content blamed for fuelling ethnic tensions.

Published by AFP on August 23, 2012. Pranesh Prakash is quoted.

The government over the past week has ordered Internet service providers to block 309 webpages, images and links on sites including Facebook, Twitter, Wikipedia, news channel ABC of Australia and Qatar-based Al-Jazeera.

The orders were an effort to halt the spread of "hateful" material and rumours that Muslims planned to attack students and workers who have migrated from the northeast region to live in Bangalore and other southern cities.

"We have met with success. These pages were a threat to India's national security and we demanded their immediate deletion," Kuldeep Singh Dhatwalia, a spokesman for India's home ministry, told AFP.

"Spreading rumours to encourage violence or cause tension will not be tolerated. The idea is not to restrict communication."

The government has blamed Internet activity for fanning fears that resulted in tens of thousands of migrants fleeing back to the northeast last week from Bangalore and elsewhere.

But Twitter users, legal experts and analysts criticised the government's approach, which appeared to have resulted in only partial blocking of material, much of which was still accessible.

"The officials who are trusted with this don't know the law or modern technology well enough," Pranesh Prakash, programme manager at the Centre for Internet and Society research group, told AFP.

"I hope that this fiasco shows the folly of excessive censorship and encourages the government to make better use of social networks and technology to reach out to people."

Among the blocked content were photographs by AFP and other news agencies from Myanmar in the British Daily Telegraph, a parody Twitter account pretending to be from Prime Minister Manmohan Singh and dozens of YouTube videos.

ABC issued a statement saying it was "surprised by the action" after content on its website about unrest in Myanmar between Muslims and Buddhists was included on the blocking list.

India's Home Minister Sushil Kumar Shinde insisted in a statement the government was "only taking strict action against those accounts or people which are causing damage or spreading rumours."

Shinde added that the government sought to block the Myanmar online photos because they were "disturbing the atmosphere here in India."

The government said photographs of clashes in Myanmar were circulating on the Internet with fake captions claiming the scenes were from the northeastern Indian state of Assam, where 80 people have died in recent ethnic violence.

Vivek Sood, senior Supreme Court lawyer and an author on Internet legalisation, called the government's step "a gross abuse of power."

"It's completely illegal under the Indian IT Act," he told The Economic Times.

Indian journalist Kanchan Gupta, who is often critical of the government, had his Twitter account targeted by a government blocking order in a move he called a "political vendetta".

Al Jazeera webpages on the blocking list, including a report on the exodus from Bangalore, appeared unaffected by the government orders, the channel's Delhi bureau chief Anmol Saxena told AFP.

Ministers earlier complained they had not received cooperation from websites and social network groups.

The government on Thursday said Twitter had agreed to remove six fake accounts parodying Prime Minister Singh.

The prime minister's office issued a statement on Friday quoting Twitter that they have "removed the reported profiles from circulation due to violation of our Terms of Service regarding impersonation".

United States State Department spokeswoman Victoria Nuland said as India "seeks to preserve security, we are urging them also to take into account the importance of freedom of expression in the online world".

The above was carried in the following places as well:

The National (August 25, 2012)
MSN News (August 24, 2012)
StarAfrica.com (August 24, 2012)
Jakarta Globe (August 24, 2012)

For more details visit https://cis-india.org/news/afp-com-aug-23-2012-indian-govt-defends-internet-blocking

Indian government at second position after U.S.A for demanding user data from Google

praskrishna — 2012-11-30T05:05:01Z

The Indian government has secured 2nd position in the list of the governments demanding for Web user information. It is behind only from the United States government.

This blog entry was published in WHDI Reviews on November 22, 2012. Pranesh Prakash is quoted.

This fact came to light in the ‘Transparency Report’ published by web services major. The report covers the time period from January to June in the present year. During this time period, the Govt. of India has asked Google for user information 2,319 times over 3,647 user accounts.

This has been done by the way of court orders and requests made by police. Google has allowed the disclosure of the information sometimes partially and sometimes completely. The U.S.A government on the other hand requested for more information 7,969 requests over 16,281 accounts. The compliance rate by Google to Indian and U.S requests was 64% and 90% respectively. The report gives details about two categories of interactions: firstly to divulge data and secondly to pull down content. India now ranks 7th in the list of countries which had made requests to pull down data. India could have achieved even a better rank but owing to the lack of any constitutional power which backs its action, it has to be satisfied with the seventh position. According to Pranesh, (policy director with Bangalore-based Centre for Internet and Society) these requests for pulling down data are an attempt made by the government so that its criticism is not able to reach a wide audience.

Google (which is banned in China) supports the cause of disclosure of the information related to governments. The other net service providers which put out similar transparency reports are twitter, Linkedin and Cloud storage service Dropbox. These content pull down request made by the government is not healthy for a democratic country like India.

For more details visit https://cis-india.org/news/whdi-reviews-nov-22-2012-indian-government-at-second-position-after-usa-for-demanding-user-data-from-google

Indian Express Article

praskrishna — 2015-12-29T01:54:33Z

Indian Express Article

For more details visit https://cis-india.org/home-images/IndianExpressMangaluruDec122015.jpg

Indian experts doubt government ban on porn sites will be effective

praskrishna — 2016-07-01T15:00:32Z

The Indian government directed service providers to block 240 websites but doubts have surfaced over the legality of such an order.

This was published in ZDNet on June 20, 2016.

Last year, the Indian government identified more than 850 websites that provided escort services but action has been initiated only with respect to 240 such websites after a Mumbai court issued an order to ban them last week.

These sites were banned under the provision of Section 79(3)(b) of the Information Technology Act, 2000 -- as their content relate to morality and decency as given in Article 19(2) of the Constitution of India -- on June 13 after a committee of experts in the Indian Home Ministry recommended action against them.

But experts doubt whether the government can proscribe them in view of a lack of adequate legislation. Jaspreet Grewal, programme officer with the Centre for Internet and Society, said that though the websites offering escort services may potentially be in violation of the law, they cannot be banned under the existing provisions of the IT Act.

Even the government appears to be in a dilemma, as although it notified internet service providers to disable 857 websites on July 31, 2015, it modified the orders four days later, saying that the service providers were free "not to disable" any of the 857 sites if they did not have child pornographic content.

Following an uproar, with netizens lashing out at the government on the social media platforms such as Reddit and Twitter saying that it was trying to impose censorship and also curb freedom of expression, the government decided to rescind its July 31 directives.

According to a report in Delhi-based English daily Hindustan Times, Indian Minister for Communication and Information Technology Ravi Shankar Prasad rejected that the present government was a Talibani government, as being said by some of the critics. "Our government supports free media, respects communication on social media, and has respected freedom of communication always," he said.

The minister, while making a statement in Parliament last month, admitted that it was a significant challenge to filter the sites with pornographic content as most of the pornographic sites were hosted outside the country, where viewing pornography is legal.

"These websites keep on changing the names, domain addresses, and hosting platforms from time to time, making it difficult to filter or block such websites using technical tools available in the market," he added.

The minister also said that the government was asking the service providers regularly to upgrade their infrastructure and technology to effectively address the shortcomings with regard to identifying and blocking encrypted websites. "The government is also in regular touch with social networking sites, having their offices in India, to disable objectionable contents at the source from their websites," he added.

However, the government seems to be treading cautiously and an indication to this effect was given by a senior official in the Department of Electronics and Information Technology (DeitY). "Though a debate is taking place for a long time, the government is now taking a calibrated approach," DeitY Joint Secretary Rajiv Bansal said at an ICANN event held in Delhi on Thursday.

He also felt that banning the websites was not a solution as new sites were sprouting to replace the blocked ones.

For more details visit https://cis-india.org/internet-governance/news/zdnet-vl-srinivasan-june-20-2016-indian-experts-doubt-government-ban-on-porn-sites-will-be-effective

Indian Court Strikes Down Section of Law Punishing Offensive Posts

praskrishna — 2015-03-26T15:40:06Z

The Indian Supreme Court on Tuesday struck down a section of a law that allowed the authorities to jail people for offensive online posts, in a judgment that was regarded as a landmark ruling on free speech in India.

The blog post by Nida Najar and Suhasini Raj was published on the website of NDTV on March 25, 2015. Sunil Abraham gave his inputs.

The law stipulated that a person could be jailed for up to three years for any communication online that was, among other things, "grossly offensive," "menacing" or "false," and for the purpose of causing "annoyance," "inconvenience" or "injury." The provisions, which led to highly publicized arrests in recent years, had been roundly criticised by legal experts who called them vague and argued that they had been used in some cases to stifle dissent.

Calling the wording so vague that "virtually any opinion on any subject would be covered by it," the court said "if it is to withstand the test of constitutionality, the chilling effect on free speech would be total."

Sunil Abraham, the executive director of the Center for Internet & Society, which is based in Bangalore, called the decision "amazing."
"It is in continuation of a great tradition in India: that of apex courts consistently, over the years, protecting the citizens of India from violations of human rights," he said.

India is considered by some to be one of the world's most freewheeling democracies, but the law reflected the ambivalence with which Indian officials have sometimes treated freedom of expression, occasionally citing the Constitution's allowance of "reasonable restrictions" on free speech in order to ban books, movies and other material about subjects like sex, politics and religion.

The government recently blocked the screening in India of the BBC documentary "India's Daughter," about the Delhi gang rape in 2012 that made international news.

The law, the Information Technology (Amendment) Act, was passed by parliament shortly after the three-day terrorist attacks on Mumbai in 2008. It granted the authorities more expansive powers to monitor electronic communications for reasons of national security. That section was not a part of the court case.

In the past, critics have been particularly worried that the section of the law that was struck down was ripe for misuse at the hands of police officials often beholden to political parties.

Last week, a young man in the northern Indian state of Uttar Pradesh became one of the latest people to be arrested under the law when the police said he incorrectly attributed a polarizing statement to the lawmaker Azam Khan on Facebook.

Other highly publicized cases include the arrest in 2012 of a professor accused of sharing cartoons mocking the chief minister of West Bengal state on Facebook and the arrest of two young women after one shared a Facebook post criticizing the virtual shutdown of Mumbai following the death of a revered right-wing political leader there. The professor is still contesting his case in court, while the case against the two young women was dropped in 2013, according to the Press Trust of India.

In a separate part of the Supreme Court judgment, the justices made it harder to force websites to take down content, although a legal expert said it remained to be seen how much of an impediment the ruling would be to blocking content.

For more details visit https://cis-india.org/internet-governance/news/ndtv-nida-najar-and-suhasini-raj-march-25-2015-indian-court-strikes-down-section-of-law-punishing-offensive-posts

Indian companies need to boost encrpytion adoption rate: experts

praskrishna — 2016-08-10T14:36:05Z

Most banks do not follow Reserve bank of India’s standard 64/128-bit encryption policy due to laxity and unavailability of funds.

The article by Koustav Das was published in the Deccan Chronicle on August 9, 2016. Sunil Abraham was quoted.

A recent report by security software firm Sophos highlighted the increasing number of online attacks on Indian businesses, suggesting strong encryption policies can change the existing scenario.

As per a SophosLab research, India’s threat exposure rate has been pegged at 16.7 per cent, ranking fifth in terms of highest percentage of endpoints exposed to malware attack.

The research said cyber-criminals have developed a keen sense of luring organisations on the basis of location, language and disguise, leading to an acute increase in the number of targeted attacks.

Global Experts have explained that digital attackers have taken the aid of advanced malware including deadly ransomwares, which involve locking or capturing an organisation’s valued data and demanding money to unlock it.

In future, ransomware have been predicted to become deadlier, allowing hackers to take control of an organisation’s entire network security.

Not only financial and IT companies but Government websites also face similar obstructions due to lack of updated security tools.

Mohit Puri, Head of Pre-sales, Sophos India and SAARC, said, "India faces increased risk from cyber-criminals due to its high economic growth, which has left several companies to re-think their security strategy."

Reactive to attacks, not proactive

Though Puri mentioned that Indian enterprises have been trying to prevent such attacks, large fissures in network security have made the task easier for online criminals.

One of the major reasons for companies failing to prevent advanced cyber-attacks can be attributed to the lack of pragmatic solutions, albeit their awareness about the situation.

Puri said, “While companies are aware about security threats to our systems, we are still not there in terms of how we are trying to mitigate these threats.”

According to Sunil Abraham, Director of The Centre For Internet and Society (CIS), there are manifold issues that have led to the scenario of India’s poor online security.

He said that Indian businesses and financial organisations recognize the situation but do not want to allocate budget for updating their security infrastructure.

“The problem with cyber-security is just like smoking; people are aware of it but they do not care about the warnings. Companies know about the looming threats but need an episode to make a move towards updating their network infrastructure,” Abraham added.

Enterprises also struggle due to the absence of sufficient cyber-security professionals in the country. Abraham said, “There are uncountable software professionals in India but the story is totally opposite when it boils down to cyber-security professionals.”

Weak encryption adoption

According to technology enthusiast Blaise Crowly, Co-Founder & Head Of Security Design Gladius & Schild, "Cryptography—a broader form of encryption—can be defined as a branch of mathematical algorithms that can be used to securely protect data."

Crowly added, “It is the one of the strongest form of all defence mechanisms against cyber attacks.”

However, a Sophos assessment—State of Encryption Today—where 1,700 Indian IT managers were surveyed, showed the ignorance of companies towards integrating strong encryption tools.

Out of the total number of participants, 61 per cent felt encryption holds significant importance in protecting a company’s proprietary data.

Others had peculiar reasons—18 per cent felt that encryption would help avoid incurring additional costs after a breach and 23 per cent just wanted to avoid negative publicity of the company.

Even in case of banks, reports suggested that most banks do not follow Reserve bank of India’s (RBI) standard 64/128 bit encryption policy due to laxity and unavailability of funds.

“Indian organisations need to take a second look at their security posture and deploy up-to-date synchronized security solutions that are able to combat today’s threats as well as tomorrows,” said Puri.

Government’s role

A 2015 CIS study, titled “How India Regulates Encryption” mentioned that under section 84A of the IT Act, the government has the sole authority to prescribe modes and methods of encryption.

Though the government has not yet issued any rules in exercise of these powers, it had released earlier released a draft encryption policy on September 21, 2015. However, it failed to pass it due to wide-spread criticism regarding certain mandates in the draft.

In addition, the Internet Service Providers (ISP) License Agreement, between the Department of Telecommunication (DoT) and Internet Service Providers (ISP), limit the use of encryption up to 40-bit key length in symmetric algorithms—an extremely weak standard.

Although it cannot be enforced if organisations employ third-party encryption systems, it becomes extremely expensive for them. In such a scenario, companies hesitate in using better encryption standards.

CIS Director Sunil Abraham said, “To solve the issue, the government should work towards incentivising and enforcing strong security infrastructure which will help companies get these features at a lower price.”

Adding to the aforementioned statement, Crowly highlighted that current security standards set by the government cannot adeptly counter advanced threats.

“OpenSSL, LibNaCl and similar protocols provide free implementation of encryption schemes that companies can use. The only issue is that companies and government agencies should show proper diligence in hiring experts in this field,” Crowly concluded.

For more details visit https://cis-india.org/internet-governance/news/deccan-chronicle-koustav-das-august-9-2016-indian-companies-need-to-boost-encryption-adoption-rate

Indian civil liberties groups are now geared to fight the draconian IT Rules

praskrishna — 2011-05-11T09:49:26Z

There is a price for liberty and that is eternal vigil against forces that seek to grab it from you. Civil Liberties groups are now coming to terms with the recently issued Information Technology Rules 2011 of the Government of India, which they fear would curtail the freedom of expression of Internet users in the country, writes Akash Bisht. This article was published in the Weekend Leader.com, Vol 2 Issue 18, 6 - 12 May, 2011.

The People’s Union for Civil Liberties (PUCL) is taking steps to bring the issue to public attention. Recently, Pushkar Raj, general secretary of PUCL, forwarded a mail that contained a couple of links of published articles on the subject to his contacts.

The Rules aim to restrict web content that can be considered ‘disparaging', ‘harassing', 'blasphemous' or 'hateful'. “We want to bring this issue to public attention,” Pushkar said.

India’s new IT Rules has already caught the attention of the international media, which sees it as an attempt to curb freedom of expression of internet users. The New York Times ran a story with the headline, ‘India puts tight leash on Internet free speech.’

The article pointed out that the new rules “allow officials and private citizens to demand that Internet sites and service providers remove content they consider objectionable on the basis of a long list of criteria.”

Lurking danger: Oblivious to many internet users, the IT Rules 2011 seeks to restrict their online freedom (Photo: Senthil Kumaran)

Pushkar expressed concern about these new rules and its impact on the debate and discussion on the internet that is gaining popularity among the estimated 100 million internet users in the country.

According to one of the rules, internet intermediaries – for example, internet publishers or popular websites like Facebook, You Tube etc - have to respond to any demand made by any individual or group to take down content that they consider offensive within 36 hours. “It is a dictatorial directive. Anybody can interpret this to his liking and demand any website to take down such ‘offensive content’,” says Pushkar.

According to the new rules, the objectionable content also includes anything that “threatens the unity, integrity, defense, security or sovereignty of India, friendly relations with foreign countries or public order''. An article in www.medianama.com reacted to this clause stating: “didn’t the Jan Lokpal protests threaten public order, and wasn’t a lot of the commentary online anti-government? Who decides whether ‘anti-government’ statements are ‘anti-national, or for that matter, statements criticizing a particular politician or political family?”

Centre for Internet and Society is also critical of these rules. “There are many areas of concern and it is a disservice to the freedom of expression. There is a clause wherein cybercafé owners can fine somebody watching pornography. Only courts can decide what is offensive and not cyber café owners,” says Sunil Abraham, Director, Centre for Internet and Society.

Pushkar sums it up: “Democracy helps nations evolve into greater civilisations, but once you restrict thoughts there is no possibility of going ahead. These new set of rules are problematic and can have wider interpretations and thus need to go. ”

Read the article published by the WeekendLeader.com here

Sunil Abraham has been misquoted in this article.

For more details visit https://cis-india.org/news/a-fight-against-draconian-IT-rules