Centre for Internet and Society

Comments on the Draft Second Protocol to the Convention on Cybercrime (Budapest Convention)

vipul — 2019-02-25T16:48:18Z

Following consultations with data protection, civil society, industry and others, during the Cybercrime Convention Committee (T-CY) meeting from 29 November 2018 onwards, the Cybercrime Convention Committee has sought additional contributions regarding the provisional draft text for a Second Additional Protocol to the Budapest Convention on Cybercrime (“Budapest Convention”).

The Centre for Internet and Society, (“CIS”), is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, artificial intelligence, freedom of expression, and cyber-security. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the rights of stakeholders. CIS is thankful to the Cybercrime Convention Committee for this opportunity to provide feedback to the Draft.

The draft text addresses three issues viz. language of requests, emergency multilateral cooperation and taking statements through video conferencing. Click to download the entire submission here.

For more details visit https://cis-india.org/internet-governance/blog/vipul-kharbanda-february-25-2019-comments-on-draft-second-protocol-to-convention-on-cybercrime-budapest-convention

CIS Cybersecurity Series (Part 24) – Shantanu Ghosh

purba — 2015-07-15T14:58:50Z

CIS interviews Shantanu Ghosh, Managing Director, Symantec Product Operations, India, as part of the Cybersecurity Series.

“Remember that India is also a land where there are a lot of people who are beginning to use computing devices for the first time in their lives. For many people, their smartphone is their first computing device because they have never had computers in the past. For them, the challenge is how do you make sure that they understand that that can be a threat too. It can be a threat not only to their bank accounts, with their financial information, but even to their private lives.”

Centre for Internet and Society presents its twenty fourth installment of the CIS Cybersecurity Series.”

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Shantanu Ghosh is the Managing Director of Symantec Product Operations, India. He also runs the Data Centre Security Group for Symantec globally.

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-24-2013-shantanu-ghosh

CIS Cybersecurity Series (Part 23) – Justin Searle

purba — 2015-07-15T14:44:38Z

CIS interviews Justin Searle, security expert, as part of the Cybersecurity Series.

"I think that people here in India, just like everywhere else, are broadening the areas where security can be applied. We see elsewhere, like in the United States and in Europe, that a lot of security researchers are starting to get into not just control systems, but also embedded devices and hardware and wireless... And we are seeing the same trends here in India as well. It is fun to see that growth and continual development, and not only that, but we are seeing security projects and research coming out of India, that's unqiue and fresh and contributing back to what originally came more from the United States and Europe."

Centre for Internet and Society presents its twenty third installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Justin Searle is the managing partner for Utilisec. Utisix provides security services to the energy sector. They also assist oil, water, gas, and manufacturing companies. Justin specializes in security assessments and finding vulnerabilities in systems.

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle

CIS Cybersecurity Series (Part 22) - Anonymous

purba — 2015-07-13T13:40:42Z

CIS interviews a Tibetan security researcher and information activist, as part of the Cybersecurity Series. He prefers to remain anonymous.

"I don't know technology but I am aware of the information people share with me. So yes, they can track you down through your mobile phone. The last time I was in Nepal, I met a westerner. We went to this restaurant and she asked me to take the battery out of the phone. That was the first time I had heard of this and so when I asked why she said that it is possible that people had followed us and it has happened to other Tibetans in Nepal..."

Centre for Internet and Society presents its twenty second installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous

CIS Cybersecurity Series (Part 21) – Gyanak Tsering

purba — 2014-09-06T05:08:44Z

CIS interviews Gyanak Tsering, Tibetan monk in exile, as part of the Cybersecurity Series.

“I have three mobile phones but I use only one to exchange information to and from Tibet. I don't give that number to anyone and nobody knows about it. High security forces me to use three phones. Usually a mobile phone can be tracked easily in many ways, especially by the network provider but my third mobile phone is not registered so that makes sure that the Chinese government cannot track me. The Chinese have a record of all mobile phone numbers and they can block them at anytime. But my third number cannot be traced and that allows me to communicate freely. This is only for security reasons so that my people in Tibet don't get into trouble.”

Centre for Internet and Society presents its twenty-first installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Gyanak Tsering is a Tibetan monk in exile, studying at Kirti Monastery, Dharamshala. He came to India in 1999, and has been using the internet and mobile phone technology, since 2008, to securely transfer information to and from Tibet. Tsering adds a new perspective to the cybersecurity debate and explains how his personal security is interlinked with internet security and mobile phone security.

Video

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-21-gyanak-tsering

CIS Cybersecurity Series (Part 20) – Saumil Shah

purba — 2014-09-06T05:03:00Z

CIS interviews Saumil Shah, security expert, as part of the Cybersecurity Series.

“If you look at the evolution of targets, from the 2000s to the present day, the shift has been from the servers to the individual. Back in 2000, the target was always servers. Then as servers started getting harder to crack, the target moved to the applications hosted on the servers, as people started using e-commerce applications even more. Eventually, as they started getting harder to crack, the attacks moved to the user's desktops and the user's browsers, and now to individual user identities and to the digital personas.”

Centre for Internet and Society presents its twentieth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Saumil Shah is a security expert based in Ahmedabad. He has been working in the field of security and security related software development for more than ten years, with a focus on web security and hacking.

Video

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-20-saumil-shah

CIS Cybersecurity Series (Part 14) – Menaka Guruswamy

purba — 2014-07-21T10:39:03Z

CIS interviews Menaka Guruswamy, lawyer at the Supreme Court of India, as part of the Cybersecurity Series.

"The courts have rarely used privacy to stop the Indian state from getting into someone's business. So jurisprudentially, it is a weak challenge when you mount a rights based or a privacy right challenge against surveillance by the state. Because the answer of the state to that has always been, and as has been Obama's answer in the United States, that there are national security concerns. And usually national security will trump individual privacy."

Centre for Internet and Society presents its fourteenth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Menaka Guruswamy practices law at the Supreme Court of India. She was a Rhodes Scholar at Oxford University, and a Gammon Fellow at Harvard Law School, and a gold medalist from the National Law School of India. She has law degrees from all three schools, with a focus on Constitutional Law and Public International Law. Guruswamy has worked at the Office of the Attorney General of India, the highest office that represents the federal government of India in the Supreme Court of India.

http://youtu.be/GCDD6Z-UrGI

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/cis-cybersecurity-series-part-14-2013-menaka-guruswamy

CIS Cybersecurity Series (Part 13) - Pranesh Prakash

purba — 2014-01-20T06:20:44Z

CIS interviews Pranesh Prakash, lawyer and policy director with Centre for Internet and Society, as part of the Cybersecurity Series.

"When it comes to things cyber we completely lose our sense of proportion. While killing someone by negligence only attracts two years of punishment, saying something that people can define "offensive" attracts even more under 66A of the Information Technology Act. Something that can be a nuisance, under the Criminal Laws, can attract up to six months punishment, whereas under the IT act, it is up to three years..." - Pranesh Prakash, lawyer and policy director, Centre for Internet and Society

Centre for Internet and Society presents its thirteenth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Pranesh is a Policy Director with the Centre, and is a graduate of the National Law School of India University, Bangalore, with a degree in Arts and Law.

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/cis-cybersecurity-series-part-13-pranesh-prakash

CIS Cybersecurity Series (Part 12) - Namita Malhotra

purba — 2013-11-18T10:03:29Z

CIS interviews Namita Malhotra, researcher and lawyer at Alternative Law Forum, Bangalore, as part of the Cybersecurity Series.

"In a strange mix of how both capitalism and state control work, what is happening is that more and more of these places that one could access, for various reasons, whether it is for ones own pleasure or for political conversations, are getting further and further away from us. And I think that that mix of both corporate interests and state control is particularly playing a role in this regard." - Namita Malhotra, researcher and lawyer, Alternative Law Forum

Centre for Internet and Society presents its twelfth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Namita Malhotra is a researcher and lawyer at Alternative Law Forum (ALF). She has a keen interest in working on law, technology and media through legal research, cultural studies, new media practices and film making.

ALF homepage: www.altlawforum.org

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-12-namita-malhotra

CIS Cybersecurity Series (Part 11) - Anja Kovacs

purba — 2013-10-15T15:25:07Z

CIS interviews Anja Kovacs, researcher and activist, and director of the Internet Democracy, Project as part of the Cybersecurity Series.

"Having the cyber security debate become more and more important was a real challenge for civil society. I think in part because many of us who were focused on human rights aren't necessarily techies. And so, when you have a conversation with a government bureaucrat, and ask questions about the kind of decisions they decided to take, very often they will come up with a technical answer in response. And then, if you don't have that expertise, it is difficult to react. In the meantime though, I think it has become clear that this is one of the biggest issues in the internet field at the moment. It is also one of the big issues that is driving the desires of governments to have a bigger role to play in internet governance. So it is an area that is unavoidable for activists. What has happened slowly is that we have come to realize that the first thing, as in most other areas, is not the technical details, but principles, and those principles are fairly similar to how they are in many other fields." - Anja Kovacs, Internet Democracy Project

Centre for Internet and Society presents its eleventh installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

In this installment, CIS speaks to Anja Kovacs, director of the Internet Democracy Project. Her work focuses on a wide range of questions regarding freedom of expression, cybersecurity and the architecture of Internet governance as they relate to the Internet and democracy. Anja is currently also a member of the of the Investment Committee of the Digital Defenders Partnership and of the interim Steering Group of Best Bits, a global network of civil society members.

(Bio from internetdemocracy.in)

Internet Democracy Project homepage: http://internetdemocracy.in/

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-11-anja-kovacs

CIS Cybersecurity Series (Part 10) - Lawrence Liang

purba — 2013-09-10T08:31:31Z

CIS interviews Lawrence Liang, researcher and lawyer, and co-founder of Alternative Law Forum, Bangalore, as part of the Cybersecurity Series.

"The right to privacy and the right to free speech have often been understood as distinct rights. But I think in the ecology of online communication, it becomes crucial for us to look at the two as being inseparable. And this is not entirely new in India. But, interestingly, a lot of the cases that have had to deal with this question in the Indian context, have pitted one against the other. Now, India doesn't have a law for the protection of whistle-blowers. So how do we now think of the idea of whistle-blowers being one of the subjects of speech and privacy coming together? How do we use the strong pillars that have been established, in terms of a very rich tradition that Indian law has, on the recognition of free speech issues but slowly start incorporating questions of privacy?" - Lawrence Liang, researcher and lawyer, Alternative Law Forum.

Centre for Internet and Society presents its tenth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Lawrence Liang is one of the co-founders of the Alternative Law Forum where he works on issues of intellectual property, censorship, and the intersection of law and culture. He is also a fellow with the Centre for Internet and Society and serves on its board.

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-10-lawrence-liang

CIS Cybersecurity Series (Part 6) - Lhadon Tethong

purba — 2013-08-01T09:54:46Z

CIS interviews Lhadon Tethong, Tibetan human rights activist, as part of the Cybersecurity Series

"In authoritarian states, and in this case, in Tibet, I think that every person that we can teach and pass knowledge to, that can help them stay out of jail, stay in the streets, for one, two, three days longer, one week longer, that is a valuable time of time and resources. And I think we cannot rely on only tools and technology solutions to protect people. I think we can't just rely on government policies at the highest levels, and on export controls... the approach to digital security has to be comprehensive and we have to engage citizens. And not just in cases like the Tibetans or for activists or for people living under repression, but for people in free and open societies too." - Lhadon Tethong, Tibetan human rights activist.

Centre for Internet and Society presents its sixth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

In this installment, CIS interviews Lhadon Tethong, Tibetan human rights activist. Lhadon is the Director of the Tibet Action Institute, where she leads a team of technologists and human rights advocates in developing and advancing open-source communication technologies, nonviolent strategies and innovative training programs for Tibetans and other groups facing heavy repression and human rights abuses.

Link for Tibet Action Institute: https://tibetaction.net/

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/cis-cybersecurity-series-part-6-lhadon-tethong

CIS contributes to the Research and Advisory Group of the Global Commission on the Stability of Cyberspace (GCSC)

Arindrajit Basu — 2018-07-05T16:00:02Z

The Global Commission on the Stability of Cyberspace (GCSC) is an initiative of the Hague Centre for Strategic Studies and the East West Institute that seeks to promote mutual awareness and understanding among various cyberspace communities. It seeks to develop norms and policies that advance the stability and security of cyberspace.

Chaired by Marina Kaljurand, and Co-Chaired by Michael Chertoff and Latha Reddy, the Commission comprises 26 prominent Commissioners who are experts hailing from a wide range of geographic regions representing multiple communities including academia industry, government, technical and civil society.

As a part of their efforts, the GCSC sent out a call for proposals for papers that sought to analyze and advance various aspects of the cyber norms debate.

Elonnai Hickok and Arindrajit Basu’s paper ‘ Conceptualizing an International Security Architecture for Cyberspace’ was selected by the Commissioners and published as a part of the Briefings of the Research and Advisory Group.

Arindrajit Basu represented CIS at the Cyberstability Hearings held by the GCSC at the sidelines of the GLOBSEC forum in Bratislava-a multilateral conference seeking to advance dialogue on various issues of international peace and security.

The published paper and the Power Point may be accessed here.

The agenda for the hearings is reproduced below

GCSC HEARINGS, 19 MAY 2018

HEARINGS: TOWARDS INTERNATIONAL CYBERSTABILITY

Venue: “Habsburg” room, Grand Hotel River Park 15:00-15:15

Welcome Remarks by Marina Kaljurand, Chair of the Global Commission on the Stability of Cyberspace (GCSC) and former Foreign Minister of Estonia 15:15-16:45

Hearing I: Expert Hearing

This session focuses on the topic Cyberstability and the International Peace and Security Architecture and includes scene settings, food-for-thought presentations on the new GCSC commissioned research, briefings and open statements by government and nongovernmental speakers.

“Scene setting: ”Cyber Diplomacy in Transition” by Carl Bildt, former Prime Minister of Sweden

“Commissioned Research I: Lessons learned from three historical case studies on establishing international norms” by Arindrajit Basu, Centre for Internet and Society, India

Commission Research II: The “pre-normative” framework and options for cyber diplomacy” by Elana Broitman, New America Foundation

“Some Remarks on current thinking within the United Nations”, by Renata Dwan, Director United Nations Institute for Disarmament Research (UNIDIR) (Registered Statements by Government Advisors) (Statements by other experts)

(Open floor discussion) 16:45-17:15

Coffee Break

For more details visit https://cis-india.org/internet-governance/blog/cis-contributes-to-the-research-and-advisory-group-of-the-global-commission-on-the-stability-of-cyberspace-gcsc

CII Conference on "ACT": Achieve Cyber Security Together"

kovey — 2013-07-26T08:17:40Z

The Confederation of Indian Industries (CII) organized a conference on facing cyber threats and challenges at Hotel Hilton in Chennai on July 13, 2013. Kovey Coles attended this conference and shares a summary of the event in this blog post.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

The conference hosted by CII in the Hotel Hilton, was well attended, and featured a range of industry experts, researches and developers, and members of the Indian armed forces.

Participants focused on the importance of Indian entities reaching new, adequate levels of cyber security. It was stated early in the event that India is one of the world's most targeted areas for cyber-attacks, and its number of domestic internet users is known to be rapidly increasing in an age which many view as a new era of international information warfare. Despite this, the speakers considered India to be too far behind other countries in its understanding of cyber security. In the opening remarks, CII Chairman Santhanam implored "We need hard core techies in this field… we are not producing them." Another speaker, Savitha Kesav Jagadeesan, a practicing lawyer in Chennai, asked if India would wait until the "9/11 of cyberspace" occurrence before we establish the same level of precautionary measures online as it exists now in transportation security.

With the presence of both the government’s executive forces and the private industries, the aura circulating the conference room was that of a collective Indian defense, a secure nation only achieved through both secure governmental and industrial aspects. Similar to the previous day’s DSCI cyber security conference, many speakers discussed security issues pertinent to the financial and banking industries, and other cyber crimes which had pecuniary goals. For people seeking to avoid the array of scams and frauds online, some talks shared some of the most basic advice, like safe password practices. "Passwords are like toothbrushes," said A.S. Murthy of the CDAC, "use them often, never share them with anyone, change them often." Other talks went into the intricacies of various hacking schemes, including tab-nabbing and Designated Denial of Service (DDoS) attacks, describing their tactics and how to moderate them.

In the end, the conference had certainly informed the attendees of the goals, and the challenges, that India will face in the coming months and years. The speakers (all of them) showed how the world of cyber security was quickly evolving, and demonstrated the imperative in government and industry entities evolving their own practices and defenses in stride. The ambitions of several presentations matched the well-publicized "5 lakh cyber professionals in 5 years" plan, placing a strong emphasis in the current and future training of young students in cyber security. Ultimately, I think, the conference helped convince that cyber security is neither a futile, nor completely infallible concept. As CISCO Vice President Col. K.P.M. Das said towards the end of the evening, the most ideal form of cyber security is truly "all about trust, the ability to recover, and transparency/visibility."

For more details visit https://cis-india.org/internet-governance/blog/cii-conference-on-act

CERT-In's Proactive Mandate - A Report on the Indian Computer Emergency Response Team’s Proactive Mandate in the Indian Cyber Security Ecosystem

tiwari — 2016-11-19T04:14:51Z

CERT-IN’s proactive mandate is defined in the IT Act, 2000 as well as in the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Function and Duties ) Rules, 2013 (CERT-In Rules, 2013) both of which postdate the existence of the organisation itself, which has been operational since 2004.

Regarding the proactive mandate, the IT Act and CERT-In Rules include the following areas where CERT-In is required to carry out proactive measures in the interests of cyber security:

Forecast and alert cyber security incidents (IT Act, 2000) & Predict and prevent cyber security incidents (CERT-In Rules, 2013)
Issue guidelines, advisories and vulnerability notes etc. relating to information security practices, procedures, prevention, response and reporting (IT Act, 2000)
Information Security Assurance (CERT-In Rules, 2013)

This article will track and analyse the CERT-In’s operations in each of these areas over the past twelve years, by analysing the information available on CERT-In’s website as well as other media in the public domain.

The analysis will be carried out using a mixed methodology. The basic quantitative analysis of the information available on the CERT-In’ website will be carried out in the form of simple comparatives of updates, bulletins and other forms of publicly available interaction and critical information dispersal on CERT-In’s website. The qualitative sections, on the other hand, will contain a comparative analysis of the content present in the technical documents of the CERT-In with the equivalent documentation (where present) of similar bodies in the USA and EU. Each section will then illustrate normative suggestions as to how CERT-In’s performance of that respective obligation can be improved to better serve its cyber security mandate.

Read the full article

The image is published under Creative Commons License CC BY-SA. Anyone can distribute, remix, tweak, and build upon this document, even for commercial purposes, as long as they credit the creator of this document and license their new creations under the terms identical to the license governing this document.

For more details visit https://cis-india.org/internet-governance/blog/cert-ins-proactive-mandate-a-report-on-indian-computer-emergency-response-teams-proactive-mandate-in-indian-cyber-security-ecosystem