The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 11 to 25.
Regulating the Internet: The Government of India & Standards Development at the IETF
https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf
<b>The institution of open standards has been described as a formidable regulatory regime governing the Internet. Given the regulatory and domestic policy implications that technical standards can have, there is a need for Indian governmental agencies to focus adequate resources geared towards achieving favourable outcomes at standards development fora.</b>
<p>This brief was authored by Aayush Rathi, Gurshabad Grover and Sunil Abraham. Click <a class="external-link" href="http://cis-india.org/internet-governance/files/regulating-the-internet">here</a> to download the policy brief.</p>
<hr />
<h2>Executive Summary</h2>
<div> </div>
<p style="text-align: justify;">The institution of open standards has been described as a formidable regulatory regime governing the Internet. As the Internet has moved to facilitate commerce and communication, governments and corporations find greater incentives to participate and influence the decisions of independent standards development organisations.</p>
<p style="text-align: justify;">While most such bodies have attempted to systematise fair and transparent processes, this brief highlights how they may still be susceptible to compromise. Documented instances of large private companies like Microsoft, and governmental instrumentalities like the US National Security Agency (NSA) exerting disproportionate influence over certain technical standards further the case for increased Indian participation.</p>
<p style="text-align: justify;">The debate around Transport Layer Security (TLS) 1.3 at the Internet Engineering Task Force (IETF) forms an important case for studying how a standards body responded to political developments, and how the Government of India participated in the ensuing discussions. Lasting four years, the debate ended in favour of greater communications security. One of the security improvements in TLS 1.3 over its predecessor is that is makes less information available to networking middleboxes. Considering that Indian intelligence agencies and government departments have expressed fears of foreign-manufactured networking equipment being used by foreign intelligence to eavesdrop on Indian networks, the development is potentially favourable for the security of Indian communication in general, and the security of military and intelligence systems in particular. India has historically procured most networking equipment from foreign manufacturers. While there have been calls for indigenised production of such equipment, achieving these objectives will necessarily be a gradual process. Participating in technical standards can, then, be an effective interim method for intelligence agencies, defence wings and law enforcement for establishing trust in critical networking infrastructure sourced from foreign enterprises.</p>
<p style="text-align: justify;">Outlining some of the existing measures the Indian government has put in place to build capacity for and participate in standard setting, this brief highlights that while these are useful starting points, they need to be harmonised and strengthened to be more fruitful. Given the regulatory and domestic policy implications that technical standards can have, there is a need for Indian governmental agencies to focus adequate resources geared towards achieving favourable outcomes at standards development fora.</p>
<hr />
<p>Click <a class="external-link" href="http://cis-india.org/internet-governance/files/regulating-the-internet">here</a> to download the policy brief.</p>
<p style="text-align: justify;">Note: The recommendations in the brief were updated on 17 December 2018 to reflect the relevance of technical standard-setting in the recent discussions around Indian intelligence concerns about foreign-manufactured networking equipment.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf'>https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf</a>
</p>
No publisherAayush Rathi, Gurshabad Grover and Sunil AbrahamOpen StandardsCryptographyCybersecurityInternet GovernanceSurveillanceIETFEncryption Policy2019-01-22T07:29:39ZBlog EntryAmutha Arunachalam - Stand Shielded of Digital Rights (Delhi, May 05, 4 pm)
https://cis-india.org/internet-governance/events/firstfridayatcis-amutha-arunachalam-stand-shielded-of-digital-rights-may-05
<b>We are proud to announce that Amutha Arunachalam will be the speaker at the May #FirstFriday event at the CIS Delhi office. Amutha is Principal Technical Officer in the Council Of Scientific and Industrial Research. The talk will be on digital signatures, traceability of time-stamps, and setting up an Indian Standard (Digital) Time. If you are joining us, please RSVP at the soonest as we have only limited space in our office.</b>
<p> </p>
<h3><strong>Amutha Arunachalam</strong></h3>
<h4>Principal Technical Officer, Council of Scientific and Industrial Research</h4>
<p> </p>
<p><img src="https://cis-india.org/internet-governance/files/amutha-arunachalam/image" alt="Amutha Arunachalam" class="image-inline" title="Amutha Arunachalam" /></p>
<p> </p>
<p>Amutha Arunachalam entered the Indian Government service as an Intelligence Officer in Ministry of Home Affairs in 1988 after working at the Indian Institute of Technology Madras in Fibre Optic communication Laboratory. She later moved to the Council of Scientific and Industrial Research in the field of Information Technology. She managed the IT infrastructure of the CSIR lab (Central Road Research Institute) till 2006 and moved to CSIR Head Quarters and contributed in the ICT refurbishment drive, mainly in the IT with a major contribution in establishing DATA Centre, implementing network security, linking CSIR HQ to the National Knowledge Network facility extended by National Information Centre(NIC) before joining UIDAI.</p>
<p>In UIDAI (National Identity Project) she managed the Data Center operations that includes critical CIDR (Central Identification Repository) and was responsible for setting up Infrastructure to roll out Disaster recovery centre, Aadhaar Enrolment Service, Benchmarking of UIDAI Enrolment , Authentication Applications and setting up of Backend infrastructure of the Authentication Service for Roll out to citizens. After the five year Deputation at UIDAI (Feb 2016), she is currently posted in the Council of Scientific and Industrial Research working in the Area of Policy in Cyber Security for CSIR, Enhancing Research with collaborative, networking and Building unified CSIR Ecosystem with Enterprise platform.</p>
<p> </p>
<h3><strong>RSVP</strong></h3>
<iframe src="https://docs.google.com/forms/d/e/1FAIpQLSfWGNDezfJOi3UU7GpAWkrKn0uOMlCsV2P_6QEHqPWCb6JSqA/viewform?embedded=true" frameborder="0" marginwidth="0" marginheight="0" height="666" width="600">Loading...</iframe>
<p> </p>
<h3><strong>Location</strong></h3>
<iframe src="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d876.157470894426!2d77.20553462919722!3d28.550842498903158!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x834072df81ffcb39!2sCentre+for+Internet+and+Society!5e0!3m2!1sen!2sin!4v1493818109951" frameborder="0" height="450" width="600"></iframe>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/events/firstfridayatcis-amutha-arunachalam-stand-shielded-of-digital-rights-may-05'>https://cis-india.org/internet-governance/events/firstfridayatcis-amutha-arunachalam-stand-shielded-of-digital-rights-may-05</a>
</p>
No publishersumandroCybersecurityInternet GovernanceDigital India#FirstFridayAtCISE-Governance2017-05-03T13:30:32ZEventMapping of Sections in India’s MLAT Agreements
https://cis-india.org/internet-governance/blog/india-mlat-agreements-sections-map-dec-2016
<b>This set of infographics by Leilah Elmokadem and Saumyaa Naidu maps out and compares the various sections that exist in the 39 MLATs (mutual legal assistance treaty) between India and other countries. An MLAT is an agreement between two or more countries, drafted for the purpose of gathering and exchanging information in an effort to enforce public or criminal laws.
</b>
<p> </p>
<h4>Download: <a href="https://github.com/cis-india/website/raw/master/docs/CIS_IndiaMLATAgreementsSectionsMap_Dec2016.pdf">Infographic</a> (PDF) and <a href="https://github.com/cis-india/website/raw/master/docs/CIS_IndiaMLATAgreementsSectionsMap_Dec2016.xlsx">data</a> (XLSX)</h4>
<hr />
<p>We have found that India’s 39 MLAT documents are worded, formatted and sectioned differently. At the same time, many of the same sections exist across several MLATs. This diagram lists the sections found in the MLAT documents and
indicates the treaties in which they were included or not included. To keep the list of sections concise and to more easily pinpoint the key differences between the agreements, we have merged sections that are synonymous in meaning but
were worded slightly differently. For example: we would combine “Entry into force and termination” with “Ratification and termination” or “Expenses” with “Costs”.</p>
<p>At the same time, some sections that seemed quite similar and possible to merge were kept separate due to potential key differences that could be overlooked as a result. For example: “Limitation on use” vs. “Limitation on compliance” or “Serving of documents” vs. “Provision of (publicly available) documents/records/objects” remained separate for further analysis and comparison.</p>
<p>These differences in sectioning can be analysed to facilitate a thorough comparison between the effectiveness, efficiency, applicability and enforceability of the various provisions across the MLATs. The purpose of this initial mapping is to provide an overall picture of which sections exist in which MLAT documents. There will be further analysis of these sections to produce a more holistic content-based comparison of the MLATs.</p>
<p> </p>
<h2>Aggregated Analysis of Sections of MLAT Agreements</h2>
<img src="https://github.com/cis-india/website/raw/master/img/CIS_IndiaMLATAgreementsSectionsMap_Dec2016_Aggregate_01.png" alt="Aggregated analysis of sections of MLAT agreements by India" />
<img src="https://github.com/cis-india/website/raw/master/img/CIS_IndiaMLATAgreementsSectionsMap_Dec2016_Aggregate_02.png" alt="Aggregated analysis of sections of MLAT agreements by India" />
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/india-mlat-agreements-sections-map-dec-2016'>https://cis-india.org/internet-governance/blog/india-mlat-agreements-sections-map-dec-2016</a>
</p>
No publisherLeilah Elmokadem and Saumyaa NaiduInternational RelationsCybersecurityBilateral AgreementInternet GovernanceMLATCyber Security2016-12-31T06:52:46ZBlog EntryMapping of India’s Cyber Security-Related Bilateral Agreements
https://cis-india.org/internet-governance/blog/india-cyber-security-bilateral-agreements-map-dec-2016
<b>With the rapid spread of cloud computing and the growth of cyber spaces, large masses of information are now easily transmittable transnationally, necessitating the ratification of new agreements and cooperation efforts amongst states in order to secure cyber spaces and regulate exchanges of information. In an attempt to understand the nature and extent of current international collaborative efforts in cyber security, we have compiled the following data regarding India’s cyber security-related bilateral agreements. The intention of this exercise is to offer a dynamic visualization that demonstrates which countries India has collaborated with on cyber security efforts and initiatives. This is an ongoing map that we will be updating as our research continues.</b>
<h4 style="text-align: justify; ">Download: <a class="external-link" href="http://cis-india.org/internet-governance/files/CyberSecurityAgreements_Infographic_04.pdf">Infographic</a> (PDF) and <a href="https://github.com/cis-india/website/raw/master/docs/CIS_IndiaCyberSecBilateralAgreementMap_Dec2016.xlsx">data</a> (XLSX)</h4>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><br /> The data used for the info-graphic consists of India’s MLATs, cyber security-related MoUs and Joint Statements, and Cyber Frameworks. An MLAT is an agreement between two or more countries, drafted for the purpose of gathering and exchanging information in an effort to enforce public or criminal laws. A MoU (Memorandum of Understanding) is a nonbinding agreement between two or more states outlining the terms and details of an understanding, including each party’s requirements and responsibility; it is often the first stage in the formation of a formal contract. For the purpose of this research, we have grouped Joint Statements with MoUs, as they both generally entail the informal agreement between two states to strengthen cooperation on certain issues. Lastly, a Cyber Framework consists of standards, guidelines and practices to promote protection of critical infrastructure. The data accounts for agreements centered on cyber security as well as any agreements mentioning cooperation efforts in Cyber Security, information security or cybercrime.</p>
<p style="text-align: center; "><img src="https://cis-india.org/home-images/MLATAgreement.png/@@images/169c25c6-57a4-48c8-a33e-71aa36ea97ea.png" alt="MLAT Agreement" class="image-inline" title="MLAT Agreement" /></p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The Mapping of India’s Cybersecurity-related bilateral agreement has been updated on April 12, 2017 with the following changes:</p>
<ol style="text-align: justify; ">
<li>A new MoU was signed between Australia and India in April 2017, focusing on combating terrorism and civil aviation security. Cybersecurity cooperation is mentioned in the MoU<a href="#_ftn1" name="_ftnref1">[1]</a>.</li>
<li>A new MoU was signed between Bangladesh and India in April 2017. The Indian Computer Emergency Response Team (CERT-In), Indian Ministry of Electronics and Information Technology and the ICT Division of Bangladesh are the signing parties of the MoU. The agreement focuses on Cooperation in the area of Cyber Security<a href="#_ftn2" name="_ftnref2">[2]</a>.</li>
<li>A preexisting MoU between France and India was added to the mapping, signed in January of 2016. Officials of both countries agreed to intensify cooperation between the Indian and French security forces in the fields of homeland security, cyber security, Special Forces and intelligence sharing to fight against criminal networks and tackle the common threat of terrorism<a href="#_ftn3" name="_ftnref3">[3]</a>.</li>
<li>A new MoU was signed between Indonesia and India in March 2017. It focuses on enhancing cooperation in cyber security and intelligence sharing<a href="#_ftn4" name="_ftnref4">[4]</a>.</li>
<li>A new MoU was signed between Kenya and India in January 2017, with “cyber security” mentioned as one of the key areas of cooperation<a href="#_ftn5" name="_ftnref5">[5]</a>.</li>
<li>A preexisting MoU between Malaysia and India was added to the mapping, signed in November of 2015. Both sides agreed to promote cooperation and the exchange of information regarding cyber security incident management, technology cooperation and cyber attacks, prevalent policies and best practices and mutual response to cyber security incidents<a href="#_ftn6" name="_ftnref6">[6]</a>.</li>
<li>A preexisting MoU between Mauritius and India, signed July 2016, was added to the mapping. This is a non-governmental MoU. Leading bourse BSE signed an agreement with Stock Exchange of Mauritius (SEM) for collaboration in areas including cyber security<a href="#_ftn7" name="_ftnref7">[7]</a>.</li>
<li>A new joint statement between India and Portugal was signed in March 2017. The two countries agreed to set up an institutional mechanism to collaborate in the areas of electronic manufacturing, ITeS, startups, cyber security and e-governance.<a href="#_ftn8" name="_ftnref8">[8]</a></li>
<li>A preexisting MoU, signed between Qatar and India in December of 2016, was added to the mapping. The agreement was regarding a protocol on technical cooperation in cyberspace and combatting cybercrime<a href="#_ftn9" name="_ftnref9">[9]</a>.</li>
<li>A new MoU was signed between Serbia and India in January 2017, focusing on cooperation in the field of IT, Electronics. The MoU itself does not explicitly mention cybersecurity. However, the MoU calls for cooperation and exchanges in capacity building institutions, which should entail cyber security strengthening<a href="#_ftn10" name="_ftnref10">[10]</a>.</li>
<li>A preexisting MoU between Singapore and India was added to the mapping. The MoU was signed in January 2016, focusing on the establishment of a formal framework for professional dialogue, CERT-CERT related cooperation for operational readiness and response, collaboration on cyber security technology and research related to smart technologies, exchange of best practices, and professional exchanges of human resource development<a href="#_ftn11" name="_ftnref11">[11]</a>.</li>
<li>A new joint statement was signed between UAE and India in January 2017, following up on their previous Technical Cooperation MoU signed in February 2016. To further deepen cooperation in this area, they agreed to set up joint Research & Development Centres of Excellence<a href="#_ftn12" name="_ftnref12">[12]</a>.</li>
<li>A preexisting MoU has been included in the mapping, signed in May of 2016. CERT-In agreed with the UK Ministry of Cabinet Office to promote close cooperation between both countries in the exchange in knowledge and experience in detection, resolution and prevention of security related incidents<a href="#_ftn13" name="_ftnref13">[13]</a>.</li>
<li>A new MoU between India and the US was signed in March 2017. CERT-In and CERT-US signed a MoU agreeing to promote closer co-operation and exchange of information pertaining to cyber security in accordance with relevant laws, rules and regulations and on the basis of equality, reciprocity and mutual benefit<a href="#_ftn14" name="_ftnref14">[14]</a>.</li>
<li>A new MoU was signed between Vietnam and India in January 2017, agreeing to promote closer cooperation for exchange of knowledge and experience in detection, resolution and prevention of cyber security incidents between both countries<a href="#_ftn15" name="_ftnref15">[15]</a>.</li>
</ol>
<p style="text-align: justify; ">NOTE: Some preexisting MoUs were added as we were initially only including the most recent agreements in the mapping. Upon adding newly signed MoUs, we decided to also keep the preexisting ones and revisit the other entries to include any preexisting MoUs that were initially excluded due to not being the most-recent. In this respect, the visualization will be adjusted to indicate the number of MoUs per country.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1">[1]</a><a href="http://www.dnaindia.com/india/report-india-australia-sign-mous-on-combating-terrorism-civil-aviation-security-2393843">http://www.dnaindia.com/india/report-india-australia-sign-mous-on-combating-terrorism-civil-aviation-security-2393843</a></p>
<p style="text-align: justify; "><a href="#_ftnref2" name="_ftn2">[2]</a><a href="http://www.theindependentbd.com/arcprint/details/89237/2017-04-09">http://www.theindependentbd.com/arcprint/details/89237/2017-04-09</a></p>
<p style="text-align: justify; "><a href="#_ftnref3" name="_ftn3">[3]</a><a href="http://www.thehindu.com/news/resources/Full-text-of-Joint-Statement-issued-by-India-France/article14019524.ece">http://www.thehindu.com/news/resources/Full-text-of-Joint-Statement-issued-by-India-France/article14019524.ece</a></p>
<p style="text-align: justify; "><a href="#_ftnref4" name="_ftn4">[4]</a><a href="http://indianexpress.com/article/india/indianhome-ministry-indonesian-ministry-of-security-and-coordination/">http://indianexpress.com/article/india/indianhome-ministry-indonesian-ministry-of-security-and-coordination/</a></p>
<p style="text-align: justify; "><a href="#_ftnref5" name="_ftn5">[5]</a><a href="https://telanganatoday.news/india-kenya-focus-defence-security-cooperation-pm">https://telanganatoday.news/india-kenya-focus-defence-security-cooperation-pm</a></p>
<p style="text-align: justify; "><a href="#_ftnref6" name="_ftn6">[6]</a><a href="http://economictimes.indiatimes.com/news/economy/foreign-trade/india-and-malaysia-sign-3-mous-including-cyber-security/articleshow/49891897.cms">http://economictimes.indiatimes.com/news/economy/foreign-trade/india-and-malaysia-sign-3-mous-including-cyber-security/articleshow/49891897.cms</a></p>
<p style="text-align: justify; "><a href="#_ftnref7" name="_ftn7">[7]</a><a href="http://indiatoday.intoday.in/story/bse-mauritius-stock-exchange-tie-up-to-promote-financial-mkts/1/723635.html">http://indiatoday.intoday.in/story/bse-mauritius-stock-exchange-tie-up-to-promote-financial-mkts/1/723635.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref8" name="_ftn8">[8]</a><a href="http://www.tribuneindia.com/news/business/india-portugal-to-collaborate-in-ites-cyber-security/373666.html">http://www.tribuneindia.com/news/business/india-portugal-to-collaborate-in-ites-cyber-security/373666.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref9" name="_ftn9">[9]</a><a href="http://naradanews.com/2016/12/india-qatar-sign-agreements-on-visa-cybersecurity-investments/">http://naradanews.com/2016/12/india-qatar-sign-agreements-on-visa-cybersecurity-investments/</a></p>
<p style="text-align: justify; "><a href="#_ftnref10" name="_ftn10">[10]</a><a href="http://ehub.newsforce.in/cabinet-approves-mou-india-serbia-cooperation-field-electronics/">http://ehub.newsforce.in/cabinet-approves-mou-india-serbia-cooperation-field-electronics/</a></p>
<p style="text-align: justify; "><a href="#_ftnref11" name="_ftn11">[11]</a><a href="http://www.businesstimes.com.sg/government-economy/singapore-and-india-strengthen-cooperation-on-cyber-security">http://www.businesstimes.com.sg/government-economy/singapore-and-india-strengthen-cooperation-on-cyber-security</a></p>
<p style="text-align: justify; "><a href="#_ftnref12" name="_ftn12">[12]</a><a href="http://mea.gov.in/bilateral-documents.htm?dtl/27969/India++UAE+Joint+Statement+during+State+visit+of+Crown+Prince+of+Abu+Dhabi+to+India+January+2426+2017">http://mea.gov.in/bilateral-documents.htm?dtl/27969/India++UAE+Joint+Statement+during+State+visit+of+Crown+Prince+of+Abu+Dhabi+to+India+January+2426+2017</a></p>
<p style="text-align: justify; "><a href="#_ftnref13" name="_ftn13">[13]</a><a href="http://www.bestcurrentaffairs.com/india-uk-mou-cyber-security/">http://www.bestcurrentaffairs.com/india-uk-mou-cyber-security/</a></p>
<p style="text-align: justify; "><a href="#_ftnref14" name="_ftn14">[14]</a><a href="http://www.dqindia.com/india-cert-signs-an-mou-with-us-cert/">http://www.dqindia.com/india-cert-signs-an-mou-with-us-cert/</a></p>
<p style="text-align: justify; "><a href="#_ftnref15" name="_ftn15">[15]</a><a href="http://pib.nic.in/newsite/PrintRelease.aspx?relid=157458">http://pib.nic.in/newsite/PrintRelease.aspx?relid=157458</a></p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/india-cyber-security-bilateral-agreements-map-dec-2016'>https://cis-india.org/internet-governance/blog/india-cyber-security-bilateral-agreements-map-dec-2016</a>
</p>
No publisherLeilah Elmokadem and Saumyaa NaiduInternational RelationsCybersecurityBilateral AgreementInternet GovernanceMLAT2017-04-27T15:14:55ZBlog EntryNASSCOM-DSCI Annual Information Security Summit 2015 - Notes
https://cis-india.org/internet-governance/blog/nasscom-dsci-annual-information-security-summit-2015-notes
<b>NASSCOM-DSCI organised the 10th Annual Information Security Summit (AISS) 2015 in Delhi during December 16-17. Sumandro Chattapadhyay participated in this engaging Summit. He shares a collection of his notes and various tweets from the event.</b>
<p> </p>
<h2>Details about the Summit</h2>
<p>Event page: <a href="https://www.dsci.in/events/about/2261">https://www.dsci.in/events/about/2261</a>.</p>
<p>Agenda: <a href="https://www.dsci.in/sites/default/files/Agenda-AISS-2015.pdf">https://www.dsci.in/sites/default/files/Agenda-AISS-2015.pdf</a>.</p>
<p> </p>
<h2>Notes from the Summit</h2>
<blockquote class="twitter-tweet">
<p dir="ltr">Mr.G.K.Pillai ,Chairman DSCI addressing the audience @ 10th Annual Information Security Summit '15 <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/JVcwct3HSF">pic.twitter.com/JVcwct3HSF</a></p>
— DSCI (@DSCI_Connect) <a href="https://twitter.com/DSCI_Connect/status/676979952277987328">December 16, 2015</a></blockquote>
<p>Mr. G. K. Pillai, Chairman of Data Security Council of India (DSCI), set the tone of the Summit at the very first hour by noting that 1) state and private industries in India are working in silos when it comes to preventing cybercrimes, 2) there is a lot of skill among young technologists and entrepreneurs, and the state and the private sectors are often unaware of this, and 3) there is serious lack of (cyber-)capacity among law enforcement agencies.</p>
<p>In his Inaugural Address, Dr. Arvind Gupta (Deputy National Security Advisor and Secretary, NSCS), provided a detailed overview of the emerging challenges and framework of cybersecurity in India. He focused on the following points:</p>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/India?src=hash">#India</a> Dy NSA Dr Arvind Gupta calls 4 <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a> by <a href="https://twitter.com/hashtag/design?src=hash">#design</a> in <a href="https://twitter.com/hashtag/ICT?src=hash">#ICT</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/79kq9lWGtk">pic.twitter.com/79kq9lWGtk</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/676980799347023872">December 16, 2015</a></blockquote>
<ul>
<li>Security is a key problem in the present era of ICTs as it is not in-built. In the upcoming IoT era, security must be built into ICT systems.</li>
<li>In the next billion addition to internet population, 50% will be from India. Hence cybersecurity is a big concern for India.</li>
<li>ICTs will play a catalytic role in achieving SDGs. Growth of internet is part of the sustainable development agenda.</li>
<li>We need a broad range of critical security services - big data analytics, identity management, etc.</li>
<li>The e-governance initiatives launched by the Indian government are critically dependent on a safe and secure internet.</li>
<li>Darkweb is a key facilitator of cybercrime. Globally there is a growing concern regarding the security of cyberspace.
</li><li>On the other hand, there exists deep divide in access to ICTs, and also in availability of content in local languages.</li>
<li>The Indian government has initiated bilateral cybersecurity dialogues with various countries.</li>
<li>Indian government is contemplating setting up of centres of excellence in cryptography. It has already partnered with NASSCOM to develop cybersecurity guidelines for smart cities.</li>
<li>While India is a large global market for security technology, it also needs to be self-reliant. Indian private sector should make use of government policies and bilateral trust enjoyed by India with various developing countries in Africa and south America to develop security technology solutions, create meaningful jobs in India, and export services and software to other developing countries.</li>
<li>Strong research and development, and manufacturing base are absolutely necessary for India to be self-reliant in cybersecurity. DSCI should work with private sector, academia, and government to coordinate and realise this agenda.</li>
<li>In the line of the Climate Change Fund, we should create a cybersecurity fund, since it is a global problem.</li>
<li>Silos are our bane in general. Bringing government agencies together is crucial. Trust issues (between government, private sector, and users) remain, and can only be resolved over time.</li>
<li>The demand for cybersecurity solutions in India is so large, that there is space for everyone.</li>
<li>The national cybersecurity centre is being set up.</li>
<li>Thinktanks can play a crucial role in helping the government to develop strategies for global cybersecurity negotiations. Indian negotiators are often capacity constrained.</li></ul>
<p>Rajendra Pawar, Chair of the NASSCOM Cyber Security Task Force, NASSCOM Cybersecurity Initiative, provided glimpses of the emerging business opportunity around cybersecurity in India:</p>
<ul>
<li>In next 10 years, the IT economy in India will be USD 350 bn, and <a href="https://blogs.dsci.in/building-usd-35-billion-cyber-security-industry-how-do-we-do-it/">10% of that will be the cybersecurity pie</a>. This means a million job only in the cybersecurity space.</li>
<li>Academic institutes are key to creation of new ideas and hence entrepreneurs. Government and private sectors should work closely with academic institutes.
<blockquote class="twitter-tweet">
<p dir="ltr">'Companies+Govt+Academia= High growth of the cybersecurity industry' - Rajendra Pawar at <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a></p>
— Shivangi Nadkarni (@shivanginadkarn) <a href="https://twitter.com/shivanginadkarn/status/676995090955530246">December 16, 2015</a></blockquote>
</li>
<li>Globally, cybersecurity innovation and industries happen in clusters. Cities and states must come forward to create such clusters.</li>
<li>2/3rd of the cybersecurity market is provision of services. This is where India has a great advantage, and should build on that to become a global brand in cybersecurity services.</li>
<li>Everyday digital security literacy and cultures need to be created.</li>
<li>Publication of cybersecurity best practices among private companies is a necessity.
<blockquote class="twitter-tweet">
<p dir="ltr">Corporate disclosures of breaches being considered with Nasscom under cybersec task force: Rajendra Pawar <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a> <a href="https://twitter.com/ETtech">@ETtech</a></p>
— Neha Alawadhi (@NehaAlawadhiET) <a href="https://twitter.com/NehaAlawadhiET/status/676994553799417856">December 16, 2015</a></blockquote>
</li>
<li>Dedicated cybersecurity spending should be made part of the e-governance budget of central and state governments.</li>
<li>DSCI should function as a clearing house of cybersecurity case studies. At present, thought leadership in cybersecurity comes from the criminals. By serving as a use case clearing house, DSCI will inform interested researchers about potential challenges for which solution needs to be created.</li></ul>
<p>Manish Tiwary of Microsoft informed the audience that India is in the top 3 positions globally in terms of malware proliferation, and this ensures that India is a big focus for Microsoft in its global war against malware. Microsoft India looks forward to work closely with CERT-In and other government agencies.</p>
<blockquote class="twitter-tweet">
<p dir="ltr">RSA's Kartik Shahani <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> Adopt a Deep & Pervasive Level of True Visibility Everywhere <a href="https://t.co/2U8J8WkWsI">pic.twitter.com/2U8J8WkWsI</a></p>
— Debjani Gupta (@DebjaniGupta1) <a href="https://twitter.com/DebjaniGupta1/status/676999786722156544">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Data localization; one of the stumbling blocks that undermine investments in <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a>. <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/vrff3Amcv0">pic.twitter.com/vrff3Amcv0</a></p>
— Appvigil (@appvigil_co) <a href="https://twitter.com/appvigil_co/status/677043180731301888">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Trust verification 4 embedded devices isnt complex bt much desired as people lives r dependent on that-cld cause physical damage <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677057992831860736">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">"Most compromised OS in 2k15: iOS"-Riyaz Tambe, Palo Alto Networks <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Indira Sen (@drealcharbar) <a href="https://twitter.com/drealcharbar/status/677015382356533249">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Security by default in IOS architecture tho' can't verify code as noṭ open - is it security by obscurity? <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/kbPZgH8oA0">pic.twitter.com/kbPZgH8oA0</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677055086611173376">December 16, 2015</a></blockquote>
<p>The session on <strong>Catching Fraudsters</strong> had two insightful presentations from Dr. Triveni Singh, Additional SP of Special Task Force of UP Police, and Mr. Manoj Kaushik, IAS, Additional Director of FIU.</p>
<p>Dr. Singh noted that a key challenge faced by police today is that nobody comes to them with a case of online fraud. Most fraud businesses are run by young groups operating BPOs that steal details from individuals. There exists a huge black market of financial and personal data - often collected from financial institutions and job search sites. Almost any personal data can be bought in such markets. Further, SIM cards under fake names are very easy to buy. The fraudsters are effective using all fake identity, and is using operational infrastructures outsourced from legitimate vendors under fake names. Without a central database of all bank customers, it is very difficult for the police to track people across the financial sector. It becomes even more difficult for Indian police to get access to personal data of potential fraudsters when it is stored in a foreign server. which is often the case with usual web services and apps. Many Indian ISPs do not keep IP history data systematically, or do not have the technical expertise to share it in a structured and time-sensitive way.</p>
<blockquote class="twitter-tweet">
<p dir="ltr">Mr. Triveni Singh talks about raiding fake call centres in Delhi NCR that scam millions every year <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/EmE4y3jux2">pic.twitter.com/EmE4y3jux2</a></p>
— pradyumn nand (@PradyumnNand) <a href="https://twitter.com/PradyumnNand/status/677063276442738689">December 16, 2015</a></blockquote>
<p>Mr. Kaushik explained that no financial fraud is uniquely committed via internet. Many fraud begin with internet but eventually involve physical fraudulent money transaction. Credit/debit card frauds all involve card data theft via various internet-based and physical methods. However, cybercrime is continued to be mistakenly seen as frauds undertaken completely online. Further, mobile-based frauds are yet another category. Almost all apps we use are compromised, or store transaction history in an insecure way, which reveals such data to hackers. FIU is targeting bank accounts to which fraud money is going, and closing them down. Catching the people behind these bank accounts is much more difficult, as account loaning has become a common practice - where valid accounts are loaned out for a small amount of money to fraudsters who return the account after taking out the fraudulent money. Better information sharing between private sector and government will make catching fraudsters easier.</p>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/AkhileshTuteja">@AkhileshTuteja</a> With data overload and big data being prevalent are we considering privacy elements <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/hashtag/KpmgIndiaCyber?src=hash">#KpmgIndiaCyber</a></p>
— Atul Gupta (@AtulGup15843145) <a href="https://twitter.com/AtulGup15843145/status/677082045701488640">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">'Tech solns today designed to protect security - solns for privacy need to evolve'- <a href="https://twitter.com/Mayurakshi_Ray">@Mayurakshi_Ray</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a></p>
— Shivangi Nadkarni (@shivanginadkarn) <a href="https://twitter.com/shivanginadkarn/status/677066470325534721">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">In-house tools important but community collaboration critical to fight security threats <a href="https://twitter.com/tata_comm">@tata_comm</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/ZjbCnaROXC">pic.twitter.com/ZjbCnaROXC</a></p>
— aparna (@aparnag14) <a href="https://twitter.com/aparnag14/status/677067260268187648">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">'Orgns in India have a long way to go b4 they internalise privacy principles' Subhash S, CISO ICICI <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a></p>
— Shivangi Nadkarni (@shivanginadkarn) <a href="https://twitter.com/shivanginadkarn/status/677066928880410624">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Prof PK giving an interesting brief on Academia role in Cyber Security. <a href="https://twitter.com/ponguru">@ponguru</a> <a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a> at <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/MEiO6sCJwu">pic.twitter.com/MEiO6sCJwu</a></p>
— Vikas Yadav (@VikasSYadav) <a href="https://twitter.com/VikasSYadav/status/677088566871101440">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Potential for interaction between Academia, Government and Industry but not an established reality yet. <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/hashtag/MappingCyberEducation?src=hash">#MappingCyberEducation</a></p>
— Indira Sen (@drealcharbar) <a href="https://twitter.com/drealcharbar/status/677089590717517824">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">I have figured out why information security is not in any boardroom discussions. Cause there are no good speakers / orators . <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Virag Thakkar (@viragthakkar) <a href="https://twitter.com/viragthakkar/status/677078491699871745">December 16, 2015</a></blockquote>
<p>The session on <strong>Smart Cities</strong> focused on discussing the actual cities coming up India, and the security challenges highlighted by them. There was a presentation on Mahindra World City being built near Jaipur. Presenters talked about the need to stabilise, standardise, and securitise the unique identities of machines and sensors in a smart city context, so as to enable secured machine-to-machine communication. Since 'smartness' comes from connecting various applications and data silos together, the governance of proprietary technology and ensuring inter-operable data standards are crucial in the smart city.</p>
<p>As Special Purposed Vehicles are being planned to realise the smart cities, the presenters warned that finding the right CEOs for these entities will be critical for their success. Legacy processes and infrastructures (and labour unions) are a big challenge when realising smart cities. Hence, the first step towards the smart cities must be taken through connected enforcement of law, order, and social norms.</p>
<p>Privacy-by-design and security-by-design are necessary criteria for smart cities technologies. Along with that regular and automatic software/middleware updating of distributed systems and devices should be ensured, as well as the physical security of the actual devices and cables.</p>
<p>In terms of standards, security service compliance standards and those for protocols need to be established for the internet-of-things sector in India. On the other hand, there is significant interest of international vendors to serve the Indian market. All global data and cloud storage players, including Microsoft Azure cloud, are moving into India, and are working on substantial and complete data localisation efforts.</p>
<blockquote class="twitter-tweet">
<p dir="ltr">Session - Why should you hire Women Security Professionals?... Balancing gender diversity
<a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://twitter.com/hashtag/DSCI_Connect?src=hash">#DSCI_Connect</a> <a href="https://t.co/uIMfG9PvAb">pic.twitter.com/uIMfG9PvAb</a></p>
— Jagan Suri (@jsuri90) <a href="https://twitter.com/jsuri90/status/677109792679157760">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">gender Diversity in cybersecurity critical 4 India's future. <a href="https://twitter.com/symantec">@symantec</a> partnered with <a href="https://twitter.com/nasscom">@nasscom</a> via 1000 women scholarships <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677118674197602304">December 16, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Dialogue with CERT-In
.. Starting 2nd Day of <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a>
.. B J Srinath, DG, CERT
<a href="https://twitter.com/DSCI_Connect">@DSCI_Connect</a> <a href="https://twitter.com/hashtag/security?src=hash">#security</a> <a href="https://twitter.com/hashtag/privacy?src=hash">#privacy</a> <a href="https://t.co/cvDcrgkein">pic.twitter.com/cvDcrgkein</a></p>
— Vinayak Godse (@godvinayak) <a href="https://twitter.com/godvinayak/status/677342972170493952">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">New <a href="https://twitter.com/hashtag/problems?src=hash">#problems</a> can't b solved w old <a href="https://twitter.com/hashtag/solutions?src=hash">#solutions</a>: <a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT DG BJ Srinath <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677341246281539585">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">17 entities within <a href="https://twitter.com/hashtag/Indian?src=hash">#Indian</a> <a href="https://twitter.com/hashtag/government?src=hash">#government</a> engaged in <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a>: <a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT head <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677341728282533888">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Scope of activities by CERT in <a href="https://twitter.com/hashtag/India?src=hash">#India</a> way more than its counterparts elsewhere <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677342193854451712">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT looks 8 prediction & <a href="https://twitter.com/hashtag/prevention?src=hash">#prevention</a> <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a> <a href="https://twitter.com/hashtag/emergency?src=hash">#emergency</a> not just <a href="https://twitter.com/hashtag/response?src=hash">#response</a> <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677343140630540288">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT willing to <a href="https://twitter.com/hashtag/share?src=hash">#share</a> <a href="https://twitter.com/hashtag/information?src=hash">#information</a> rather than just receiving <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677343512833101824">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Savita CERTin outlines drill initiatives taken 4 preparedness-detect (protect), defend attacks wth response <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/wXrkgoLzr2">pic.twitter.com/wXrkgoLzr2</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677346822449303553">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">CERTin also offers incident predicatibility,Crisis mgmt plans, <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a> assurance ladder (7 levels) besides 24 x 7 prevention <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677348506869239809">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/India?src=hash">#India</a> has 7.2 million bot infected <a href="https://twitter.com/hashtag/machines?src=hash">#machines</a>: <a href="https://twitter.com/hashtag/India?src=hash">#India</a> CERT DG Srinath <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Deepak Maheshwari (@dmcorpaffair) <a href="https://twitter.com/dmcorpaffair/status/677355051308871680">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">Seizure & protection of electronic devices as admissible evidence (certificate u Sec 65B) imperative under Forensics investigation <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a></p>
— Lokesh Mehra (@lokesh_mehra) <a href="https://twitter.com/lokesh_mehra/status/677364713005576192">December 17, 2015</a></blockquote>
<blockquote class="twitter-tweet">
<p dir="ltr">'Law enforcement agency&corporate world must collaborate to fight cybercrime'-Atul Gupta,Partner-Risk Adv. @ <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> <a href="https://t.co/GwAQWhYMmK">pic.twitter.com/GwAQWhYMmK</a></p>
— KPMG India (@KPMGIndia) <a href="https://twitter.com/KPMGIndia/status/677373217711919104">December 17, 2015</a></blockquote>
<p>Mr. R. Chandrasekhar, President of NASSCOM, foregrounded the recommendations made by the Cybersecurity Special Task Force of NASSCOM, in his Special Address on the second day. He noted:</p>
<ul>
<li>There is a great opportunity to brand India as a global security R&D and services hub. Other countries are also quite interested in India becoming such a hub.</li>
<li>The government should set up a cybersecurity startup and innovation fund, in coordination with and working in parallel with the centres of excellence in internet-of-things (being led by DeitY) and the data science/analytics initiative (being led by DST).</li>
<li>There is an immediate need to create a capable workforce for the cybersecurity industry.</li>
<li>Cybersecurity affects everyone but there is almost no public disclosure. This leads to low public awareness and valuation of costs of cybersecurity failures. The government should instruct the Ministry of Corporate Affairs to get corporates to disclose (publicly or directly to the Ministry) security breeches.</li>
<li>With digital India and everyone going online, cyberspace will increasingly be prone to attacks of various kinds, and increasing scale of potential loss. Cybersecurity, hence, must be part of the core national development agenda.</li>
<li>The cybersecurity market in India is big enough and under-served enough for everyone to come and contribute to it.</li></ul>
<p>The Keynote Address by Mr. Rajiv Singh, MD – South Asia of Entrust Datacard, and Mr. Saurabh Airi, Technical Sales Consultant of Entrust Datacard, focused on trustworthiness and security of online identities for financial transactions. They argued that all kinds of transactions require a common form factor, which can be a card or a mobile phone. The key challenge is to make the form factor unique, verified, and secure. While no programme is completely secure, it is necessary to build security into the form factor - security of both the physical and digital kind, from the substrates of the card to the encryption algorithms. Entrust and Datacard have merged in recent past to align their identity management and security transaction workflows, from physical cards to software systems for transactions. The advantages of this joint expertise have allowed them to successfully develop the National Population Register cards of India. Now, with the mobile phone emerging as a key financial transaction form factor, the challenge across the cybersecurity industry is to offer the same level of physical, digital, and network security for the mobile phone, as are provided for ATM cards and cash machines.</p>
<p>The following Keynote Address by Dr. Jared Ragland, Director - Policy of BSA, focused on the cybersecurity investment landscape in India and the neighbouring region. BSA, he explained, is a global trade body of software companies. All major global software companies are members of BSA. Recently, BSA has produced a study on the cybersecurity industry across 10 markets in the Asia Pacific region, titled <a href="http://cybersecurity.bsa.org/2015/apac/">Asia Pacific Cybersecurity Dashboard</a>. The study provides an overview of cybersecurity policy developments in these countries, and sector-specific opportunities in the region. Dr. Ragland mentioned the following as the key building blocks of cybersecurity policy: legal foundation, establishment of operational entities, building trust and partnerships (PPP), addressing sector-specific requirements, and education and awareness. As for India, he argued that while steady steps have been taken in the cybersecurity policy space by the government, a lot remains to be done. Operationalisation of the policy is especially lacking. PPPs are happening but there is a general lack of persistent formal engagement with the private sector, especially with global software companies. There is almost no sector-specific strategy. Further, the requirement for India-specific testing of technologies, according to domestic and not global standards, is leading to entry barrier for global companies and export barrier for Indian companies. Having said that, Dr. Ragland pointed out that India's cybersecurity experience is quite representative of that of the Asia Pacific region. He noted the following as major stumbling blocks from an international industry perspective: unnecessary and unreasonable testing requirements, setting of domestic standards, and data localisations rules.</p>
<blockquote class="twitter-tweet">
<p dir="ltr">The Policy Makers' panel in <a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a> in progress. Arvind Gupta, Head, BJP IT cell (<a href="https://twitter.com/buzzindelhi">@buzzindelhi</a>) speaks. <a href="https://t.co/9yWR0gMwf5">pic.twitter.com/9yWR0gMwf5</a></p>
— Nandkumar Saravadé (@saravade) <a href="https://twitter.com/saravade/status/677437443356798977">December 17, 2015</a></blockquote>
<p>One of the final sessions of the Summit was the Public Policy Dialogue between <a href="https://twitter.com/rajeevgowda">Prof. M.V. Rajeev Gowda</a>, Member of Parliament, Rajya Sabha, and <a href="https://twitter.com/buzzindelhi">Mr. Arvind Gupta</a>, Head of IT Cell, BJP.</p>
<p>Prof. Gowda focused on the following concerns:</p>
<ul>
<li>We often freely give up our information and rights over to owners of websites and applications on the web. We need to ask questions regarding the ownership, storage, and usage of such data.</li>
<li>While Section 66A of Information Technology Act started as a anti-spam rule, it has actually been used to harass people, instead of protecting them from online harassment.</li>
<li>The bill on DNA profiling has raised crucial privacy concerns related to this most personal data. The complexity around the issue is created by the possibility of data leakage and usage for various commercial interests.</li>
<li>We need to ask if western notions of privacy will work in the Indian context.</li>
<li>We need to move towards a cashless economy, which will not only formalise the existing informal economy but also speed up transactions nationally. We need to keep in mind that this will put a substantial demand burden on the communication infrastructure, as all transactions will happen through these.</li></ul>
<p> Mr. Gupta shared his keen insights about the key public policy issues in <em>digital India</em>:</p>
<ul>
<li>The journey to establish <em>the digital</em> as a key political agenda and strategy within BJP took him more than 6 years. He has been an entrepreneur, and will always remain one. His approached his political journey as an entrepreneur.
</li><li>While we are producing numerous digitally literate citizens, the companies offering services on the internet often unknowingly acquire data about these citizens, store them, and sometimes even expose them. India perhaps produces the greatest volume of digital exhaust globally.</li>
<li>BJP inherited the Aadhaar national identity management platform from UPA, and has decided to integrate it deeply into its digital India architecture.</li>
<li>Financial and administrative transactions, especially ones undertake by and with governments, are all becoming digital and mostly Aadhaar-linked. We are not sure where all such data is going, and who all has access to such data.</li>
<li>Right now there is an ongoing debate about using biometric system for identification. The debate on privacy is much needed, and a privacy policy is essential to strengthen Aadhaar. We must remember that the benefits of Aadhaar clearly outweigh the risks. Greatest privacy threats today come from many other places, including simple mobile torch apps.</li>
<li>India is rethinking its cybersecurity capacities in a serious manner. After Paris attack it has become obvious that the state should be allowed to look into electronic communication under reasonable guidelines. The challenge is identifying the fine balance between consumers' interest on one hand, and national interest and security concerns on the other. Unfortunately, the concerns of a few is often getting amplified in popular media.</li>
<li>MyGov platform should be used much more effectively for public policy debates. Social media networks, like Twitter, are not the correct platforms for such debates.</li></ul>
<p> </p>
<blockquote class="twitter-tweet">
<p dir="ltr"><a href="https://twitter.com/hashtag/AISS15?src=hash">#AISS15</a>: <a href="https://twitter.com/rajivgowda">@rajivgowda</a> & <a href="https://twitter.com/buzzindelhi">@buzzindelhi</a> are talking abt proactive disclosure as a key part of <a href="https://twitter.com/hashtag/cybersecurity?src=hash">#cybersecurity</a> strategy <a href="https://twitter.com/hashtag/openData?src=hash">#openData</a> <a href="https://twitter.com/DataPortalIndia">@DataPortalIndia</a></p>
— sumandro (@ajantriks) <a href="https://twitter.com/ajantriks/status/677447609502445568">December 17, 2015</a></blockquote>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/nasscom-dsci-annual-information-security-summit-2015-notes'>https://cis-india.org/internet-governance/blog/nasscom-dsci-annual-information-security-summit-2015-notes</a>
</p>
No publishersumandroCybersecurityNASSCOMDSCIInformation SecurityCyber Security2016-01-19T07:58:56ZBlog EntryPre-Budget Consultation 2016 - Submission to the IT Group of the Ministry of Finance
https://cis-india.org/openness/pre-budget-consultation-2016-submission-to-the-ministry-of-finance
<b>The Ministry of Finance has recently held pre-budget consultations with different stakeholder groups in connection with the Union Budget 2016-17. We were invited to take part in the consultation for the IT (hardware and software) group organised on January 07, 2016, and submit a suggestion note. We are sharing the note below. It was prepared and presented by Sumandro Chattapadhyay, with contributions from Rohini Lakshané, Anubha Sinha, and other members of CIS.</b>
<p> </p>
<p>It is our distinct honour to be invited to submit this note for consideration by the IT Group of the Ministry of Finance, Government of India, as part of the pre-budget consultation for 2016-17.</p>
<p>The Centre for Internet and Society is (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. We receive financial support from Kusuma Trust, Wikimedia Foundation, MacArthur Foundation, IDRC, and other donors.</p>
<p>We have divided our suggestions into the different topics that our organisation has been researching in the recent years.</p>
<p> </p>
<h3>Free/Libre and Open Source Software (FLOSS) is the Basis for Digital India</h3>
<p> </p>
<p>We congratulate the policies introduced by the government to promote use of free/libre and open source software and that of open APIs for all e-governance projects and systems. This is not only crucial for the government to avoid vendor lock-in when it comes to critical software systems for governance, but also to ensure that the source code of such systems is available for public scrutiny and do not contain any security flaws.</p>
<p>We request the government to empower the implementation of these policies by making open sharing of source code a necessity for all software vendors hired by government agencies a necessary condition for awarding of tenders. The 2016-17 budget should include special support to make all government agencies aware and capable of implementing these policies, as well as to build and operate agency-level software repositories (with version controlling system) to host the source codes. These repositories may function to manage the development and maintenance of software used in e-governance projects, as well as to seek comments from the public regarding the quality of the software.</p>
<p>Use of FLOSS is not only important from the security or the cost-saving perspectives, it is also crucial to develop a robust industry of software development firms that specialise in FLOSS-based solutions, as opposed to being restricted to doing local implementation of global software vendors. A holistic support for FLOSS, especially with the government functioning as the dominant client, will immensely help creation of domestic jobs in the software industry, as well as encouraging Indian programmers to contribute to development of FLOSS projects.</p>
<p>An effective compliance monitoring and enforcement system needs to be created to ensure that all government agencies are Strong enforcement of the 2011 policy to use open source software in governance, including an enforcement task force that checks whether government departments have complied with this or not.</p>
<p> </p>
<h3>Open Data is a Key Instrument for Transparent Decision Making</h3>
<p> </p>
<p>With a wider set of governance activities being carried out using information systems, the government is increasingly acquiring a substantial amount of data about governance processes and status of projects that needs to be effectively fed back into the decision making process for the same projects. Opening up such data not only allows for public transparency, but also for easier sharing of data across government agencies, which reduces process delays and possibilities of duplication of data collection efforts.</p>
<p>We request the 2016-17 budget to foreground the National Data Sharing and Accessibility Policy and the Open Government Data Platform of India as two key enablers of the Digital India agenda, and accordingly budget for modernisation and reconfiguration of data collection and management processes across government agencies, so that those processes are made automatic and open-by-default. Automatic data management processes minimise the possibility of data loss by directly archiving the collected data, which is increasingly becoming digital in nature. Open-by-default processes of data management means that all data collected by an agency, once pre-recognised as shareable data (that is non-sensitive and anonymised), will be proactively disclosed as a rule.</p>
<p>Implementation of the National Data Sharing and Accessibility Policy has been hindered, so far, by the lack of preparation of a public inventory of data assets, along with the information of their collection cycles, modes of collection and storage, etc., by each union government agency. Specific budgetary allocation to develop these inventories will be crucial not only for the implementation of the Policy, but also for the government to get an extensive sense of data collected and maintained currently by various government agencies. Decisions to proactively publish, or otherwise, such data can then be taken based on established rules.</p>
<p>Availability of such open data, as mentioned above, creates a wider possibility for the public to know, learn, and understand the activities of the government, and is a cornerstone of transparent governance in the digital era. But making this a reality requires a systemic implementation of open government data practices, and various agencies would require targeted budget to undertake the required capacity development and work process re-engineering. Expenditure of such kind should not be seen as producing government data as a product, but as producing data as an infrastructure, which will be of continuous value for the years to come.</p>
<p>As being discussed globally, open government data has the potential to kickstart a vast market of data derivatives, analytics companies, and data-driven innovation. Encouraging civic innovations, empowered by open government data - from climate data to transport data - can also be one of the unique initiatives of budget 2016-17.</p>
<p>For maximising impact of opened up government data, we request the government to publish data that either has a high demand already (such as, geospatial data, and transport data), or is related to high-net-worth activities of the government (such as, data related to monitoring of major programmes, and budget and expenditure data for union and state governments).</p>
<p> </p>
<h3>Promotion of Start-ups and MSMEs in Electronics and IT Hardware Manufacturing</h3>
<p> </p>
<p>In line with the Make in India and Digital India initiatives, to enable India to be one of the global hubs of design, manufacturing, and exporting of electronics and IT hardware, we request that the budget 2016-17 focus on increasing flow of fund to start-ups and Medium and Small-Scale Manufacturing Enterprises (MSMEs) in the form of research and development grants (ideally connected to government, especially defense-related, spending on IT hardware innovation), seed capital, and venture capital.</p>
<p>Generation of awareness and industry-specific strategies to develop intellectual property regimes and practices favourable for manufacturers of electronics and IT hardware in India is an absolutely crucial part of promotion of the same, especially in the current global scenario. Start-ups and MSMEs must be made thoroughly aware of intellectual property concerns and possibilities, including limitations and exceptions, flexibilities, and alternative models such as open innovation.</p>
<p>We request the budget 2016-17 to give special emphasis to facilitation of technology licensing and transfer, through voluntary mechanisms as well as government intervention, such as compulsory licensing and government enforced patent pools.</p>
<p> </p>
<h3>Applied Mathematics Research is Fundamental for Cybersecurity</h3>
<p> </p>
<p>Recent global reports have revealed that some national governments have been actively involved in sponsoring distortion in applied mathematics research so as to introduce weaknesses in encryption standards used in for online communication. Instead of trying to regulate key-length or mandating pre-registration of devices using encryption, as suggested by the withdrawn National Encryption Policy draft, would not be able to address this core emerging problem of weak cybersecurity standards.</p>
<p>For effective and sustainable cybersecurity strategy, we must develop significant expertise in applied mathematical research, which is the very basis of cybersecurity standards development. We request the budget 2016-17 to give this topic the much-needed focus, especially in the context of the Digital India initiative and the upcoming National Encryption Policy.</p>
<p>Along with developing domestic research capacity, a more immediately important step for the government is to ensure high quality Indian participation in global standard setting organisations, and hence to contribute to global standards making processes. We humbly suggest that categorical support for such participation and contribution is provided through the budget 2016-17, perhaps by partially channeling the revenues obtained from spectrum auctions.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/openness/pre-budget-consultation-2016-submission-to-the-ministry-of-finance'>https://cis-india.org/openness/pre-budget-consultation-2016-submission-to-the-ministry-of-finance</a>
</p>
No publishersumandroOpen StandardsOpen SourceCybersecurityOpen DataIntellectual Property RightsOpen Government DataFeaturedPatentsOpennessOpen InnovationEncryption Policy2016-01-12T13:34:41ZBlog EntryCIS Cybersecurity Series (Part 24) – Shantanu Ghosh
https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-24-2013-shantanu-ghosh
<b>CIS interviews Shantanu Ghosh, Managing Director, Symantec Product Operations, India, as part of the Cybersecurity Series.</b>
<p><em>“Remember
that India is also a land where there are a lot of people who are beginning to
use computing devices for the first time in their lives. For many people, their
smartphone is their first computing device because they have never had
computers in the past. For them, the challenge is how do you make sure that
they understand that that can be a threat too. It can be a threat not only to
their bank accounts, with their financial information, but even to their
private lives.”</em></p>
<p>Centre for Internet and Society presents its twenty fourth
installment of the CIS Cybersecurity Series.”</p>
<p>The CIS Cybersecurity Series seeks to address hotly
debated aspects of cybersecurity and hopes to encourage wider public discourse
around the topic.</p>
<p>Shantanu Ghosh is the Managing Director of Symantec
Product Operations, India. He also runs the Data Centre Security Group for
Symantec globally.</p>
<iframe src="https://www.youtube.com/embed/dFN2_R0HzbA" frameborder="0" height="315" width="560"></iframe>
<p><strong>This work was carried out as part of the Cyber
Stewards Network with aid of a grant from the International Development Research
Centre, Ottawa, Canada.</strong></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-24-2013-shantanu-ghosh'>https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-24-2013-shantanu-ghosh</a>
</p>
No publisherpurbaPrivacyCybersecurityInternet GovernanceCyber Security FilmCyber SecurityCyber Security Interview2015-07-15T14:58:50ZBlog EntryCIS Cybersecurity Series (Part 23) – Justin Searle
https://cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle
<b>CIS interviews Justin Searle, security expert, as part of the Cybersecurity Series.</b>
<p><em>"I think that people here in India, just like everywhere else, are broadening the areas where security can be applied. We see elsewhere, like in the United States and in Europe, that a lot of security researchers are starting to get into not just control systems, but also embedded devices and hardware and wireless... And we are seeing the same trends here in India as well. It is fun to see that growth and continual development, and not only that, but we are seeing security projects and research coming out of India, that's unqiue and fresh and contributing back to what originally came more from the United States and Europe."</em></p>
<p>Centre for Internet and Society presents its twenty
third installment of the CIS Cybersecurity Series.</p>
<p>The CIS Cybersecurity Series seeks to address hotly
debated aspects of cybersecurity and hopes to encourage wider public discourse
around the topic. </p>
<p>Justin Searle is the managing partner for Utilisec.
Utisix provides security services to the energy sector. They also assist oil,
water, gas, and manufacturing companies. Justin specializes in security
assessments and finding vulnerabilities in systems. </p>
<iframe src="https://www.youtube.com/embed/ufOV8DXzQuA" frameborder="0" height="315" width="560"></iframe>
<p> </p>
<p><strong>This work was carried out as part of the Cyber
Stewards Network with aid of a grant from the International Development
Research Centre, Ottawa, Canada.</strong></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle'>https://cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle</a>
</p>
No publisherpurbaPrivacyCybersecurityInternet GovernanceCyber Security FilmCyber SecurityCyber Security Interview2015-07-15T14:44:38ZBlog EntryCIS Cybersecurity Series (Part 22) - Anonymous
https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous
<b>CIS interviews a Tibetan security researcher and information activist, as part of the Cybersecurity Series. He prefers to remain anonymous.</b>
<p><em>"I
don't know technology but I am aware of the information people share with me.
So yes, they can track you down through your mobile phone. The last time I was
in Nepal, I met a westerner. We went to this restaurant and she asked me to
take the battery out of the phone. That was the first time I had heard of this
and so when I asked why she said that it is possible that people had followed
us and it has happened to other Tibetans in Nepal..."</em></p>
<p>Centre for Internet and Society presents its twenty second installment of the CIS Cybersecurity Series.</p>
<p>The CIS Cybersecurity Series seeks to address hotly
debated aspects of cybersecurity and hopes to encourage wider public discourse
around the topic.</p>
<p><iframe src="https://www.youtube.com/embed/glsAFfj7tV4" frameborder="0" height="315" width="560"></iframe></p>
<p><em>This work was carried out as part of the Cyber
Stewards Network with aid of a grant from the International Development Research
Centre, Ottawa, Canada.</em></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous'>https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous</a>
</p>
No publisherpurbaPrivacyCybersecurityInternet GovernanceCyber Security FilmCyber SecurityCyber Security Interview2015-07-13T13:40:42ZBlog EntryGood Intentions, Recalcitrant Text - I: Why India’s Proposal at the ITU is Troubling for Internet Freedoms
https://cis-india.org/internet-governance/blog/good-intentions-going-awry-i-why-india2019s-proposal-at-the-itu-is-troubling-for-internet-freedoms
<b>The UN's International Telecommunications Union (ITU) is hosting its Plenipotentiary Conference (PP-14) this year in South Korea. At PP-14, India introduced a new draft resolution on ITU's Role in Realising Secure Information Society. The Draft Resolution has grave implications for human rights and Internet governance. Geetha Hariharan explores.</b>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; ">At the 2014 Plenipotentiary Conference (‘PP-14’ or ‘Plenipot’) of the International Telecommunications Union (ITU), India has tabled <a href="https://cis-india.org/internet-governance/blog/india-draft-resolution-itus-role-in-securing-information-security/at_download/file">a draft proposal</a> on “ITU’s Role in Realising Secure Information Society” [Document 98, dated 20 October 2014] (“<strong>Draft Resolution</strong>”). India’s proposal has incited a great deal of concern and discussion among Plenipot attendees, governments and civil society alike. Before offering my concerns and comments on the Draft Resolution, let us understand the proposal.</p>
<p style="text-align: justify; ">Our Draft Resolution identifies 3 security concerns with exchange of information and resource allocation on the Internet:</p>
<ul style="text-align: justify; ">
<li><i>First</i>, it is troubling for India that present network architecture has “<i>security weaknesses</i>” such as “<i>camouflaging the identity of the originator of the communication</i>”;<a href="#_ftn1">[1]</a> random IP address distribution also makes “<i>tracing of communication difficult</i>”;<a href="#_ftn2">[2]</a></li>
<li><i>Second</i>, India is concerned that under the present allocation system of naming, numbering and addressing resources on the Internet, it is impossible or at the very least, cumbersome to identify the countries to which IP address are allocated;<a href="#_ftn3">[3]</a> </li>
<li><i>Third</i>, India finds it insecure from the point of view of national security that traffic originating and terminating in the same country (domestic traffic) often routes through networks overseas;<a href="#_ftn4">[4]</a> similarly, local address resolution also routes through IP addresses outside the country or region, which India finds troubling.<a href="#_ftn5">[5]</a></li>
</ul>
<p style="text-align: justify; ">In an effort to address these concerns, the Draft Resolution seeks to instruct the ITU Secretary General:</p>
<ul style="text-align: justify; ">
<li><i>First</i>,<i> </i>to develop and recommend a ‘traffic routing plan’ that can “<i>effectively ensure the traceability of communication</i>”;<a href="#_ftn6">[6]</a></li>
<li><i>Second</i>, to collaborate with relevant international and intergovernmental organisations to develop an<i> </i>“<i>IP address plan</i>”<i> </i>which facilitates identification of locations/countries to which IP addresses are allocated and coordinates allocation accordingly;<a href="#_ftn7">[7]</a></li>
<li><i>Third</i>, to develop and recommend “<i>a public telecom network architecture</i>” that localizes both routing<a href="#_ftn8">[8]</a> as well as address resolution<a href="#_ftn9">[9]</a> for local/domestic traffic to “<i>within the country</i>”.</li>
</ul>
<p style="text-align: justify; ">Admittedly, our Draft Resolution is intended to pave a way for “<i>systematic, fair and equitable allocation</i>” of, <i>inter alia</i>, naming, numbering and addressing resources,<a href="#_ftn10">[10]</a> keeping in mind security and human rights concerns.<a href="#_ftn11">[11]</a> In an informal conversation, members of the Indian delegation echoed these sentiments. Our resolution does not, I was told, raise issues about the “<i>concentration of control over Internet resources</i>”, though “<i>certain governments</i>” have historically exercised more control. It also does not, he clarified, wish to make privacy or human rights a matter for discussion at the ITU. All that the Draft Resolution seeks to do is to equip the ITU with the mandate to prepare and recommend a “<i>roadmap for the systematization</i>” of allocation of naming, numbering and addressing resources, and for local routing of domestic traffic and address resolution. The framework for such mandate is that of security, given the ITU’s role in ‘building confidence and security in the use of ICTs’ under Action Line C5 of the <a href="http://www.itu.int/wsis/docs/geneva/official/poa.html">Geneva Plan of Action</a>, 2003.</p>
<p style="text-align: justify; ">Unfortunately, the text of our Draft Resolution, by dint of imprecision or lack of clarity, undermines India’s intentions. On three issues of utmost importance to the Internet, the Draft Resolution has unintended or unanticipated impacts. <strong><i>First</i></strong>, its text on tracing communication and identity of originators, and systematic allocation of identifiable IP address blocks to particular countries, has impacts on privacy and freedom of expression. Given Edward Snowden’s <a href="http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded">NSA files</a> and the absence of adequate protections against government incursions or excesses into privacy,<a href="#_ftn12">[12]</a> either in international human rights law or domestic law, such text is troublesome. <strong><i>Second</i></strong>, it has the potential to undermine multi-stakeholder approaches to Internet governance by proposing text that refers almost exclusively to sovereign monopolies over Internet resource allocation, and <strong><i>finally</i></strong>, displays a certain disregard for network architecture and efficiency, and to principles of a free, open and unified Internet, when it seeks to develop global architecture that facilitates (domestic) localization of traffic-routing, address resolution and allocation of naming, numbering and addressing.</p>
<p style="text-align: justify; ">In this post, I will address the first concern of human rights implications of our Draft Resolution.<span> </span></p>
<h3 style="text-align: justify; ">Unintended Implications for Privacy and Freedom of Expression:</h3>
<p style="text-align: justify; ">India’s Draft Resolution has implications for individual privacy. At two different parts of the preamble, India expresses concerns with the impossibility of locating the user at the end of an IP address:</p>
<ul style="text-align: justify; ">
<li>Pream. §(e): “<i>recognizing</i>… that the modern day packet networks, which at present have many security weaknesses, <i>inter alia</i>, camouflaging the identity of originator of the communication”;</li>
<li>Pream. §(h): “<i>recognizing</i>… that IP addresses are distributed randomly, that makes the tracing of communication difficult”.</li>
</ul>
<p style="text-align: justify; ">The concerns here surround difficulties in tracking IP addresses due to the widespread use of NATs, as also the existence of IP anonymisers like Tor. Anonymisers like Tor permit individuals to cover their online tracks; they conceal user location and Internet activity from persons or governments conducting network surveillance or traffic analysis. For this reason, Tor has caused much discomfort to governments. <a href="http://www.wired.com/2014/10/laura-poitras-crypto-tools-made-snowden-film-possible/">Snowden used Tor</a> while communicating with Laura Poitras. Bradley (now Chelsea) Manning of Wikileaks fame is<i> </i><a href="http://belfercenter.ksg.harvard.edu/files/maurer-dp-2011-10-wikileaks-final.pdf">reported</a> to have used Tor (page 24). Crypto is increasingly the safest – perhaps the only safe – avenue for political dissidents across the world; even Internet companies were <a href="http://gizmodo.com/the-nsa-was-going-to-fine-yahoo-250k-a-day-if-it-didnt-1633677548">coerced</a> into governmental compliance. No wonder, then, that governments are doing all they can to dismantle IP anonymisers: the <a href="http://arstechnica.com/security/2013/10/nsa-repeatedly-tries-to-unpeel-tor-anonymity-and-spy-on-users-memos-show/">NSA</a> and <a href="http://www.itproportal.com/2013/10/04/nsa-and-gchq-repeatedly-tried-infiltrate-tor-documents-reveal/">GCHQ</a> have tried to break Tor; the Russian government has <a href="http://www.bloomberg.com/news/2014-07-29/putin-sets-110-000-bounty-for-cracking-tor-as-anonymous-internet-usage-in-russia-surges.html">offered a reward</a> to anyone who can.</p>
<p style="text-align: justify; ">Far be it from me to defend Tor blindly. There are reports <a href="http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption">suggesting</a> that Tor is being <a href="http://news.softpedia.com/news/Tor-Attracts-More-and-More-Cybercriminals-Experts-Warn-430659.shtml">used by offenders</a>, and not merely those of the Snowden variety. But governments must recognize the very obvious trust deficit they face, especially after <a href="http://www.statewatch.org/news/2014/may/ep-LIBE-Inquiry-NSA-Surveillance.pdf">Snowden’s revelations</a>, and consider the implications of seeking traceability and identity/geolocation for every IP address, in a systematic manner. The implications are for privacy, a right guaranteed by Article 17 of the International Covenant on Civil and Political Rights (ICCPR). Privacy has been <a href="http://www.hrw.org/sites/default/files/related_material/UNGA_upload_0.pdf">recognized</a> by the UN General Assembly as applicable in cases of surveillance, interception and data collection, in Pream. §4 of its resolution <i>The Right to Privacy in the Digital Age</i>. But many states do not have robust privacy protections for individuals and data. And while governments may state the necessity to create international policy to further effective criminal investigations, such an aim cannot be used to nullify or destroy the rights of privacy and free speech guaranteed to individuals. Article 5(1), ICCPR, codifies this principle, when it states that States, groups or persons may not “<i>engage in any activity or perform any act aimed at the destruction of any of the rights and freedoms recognized herein…</i>”.</p>
<p style="text-align: justify; "><span>Erosion of privacy has a chilling effect on free speech [</span><i><a href="http://www.law.cornell.edu/supremecourt/text/376/254">New York Times v. Sullivan</a></i><span>, 376 U.S. 254], so free speech suffers too. Particularly with regard to Tor and identification of IP address location and users, anonymity in Internet communications is at issue. At the moment, most states already have anonymity-restrictions, in the form of identification and registration for cybercafés, SIM cards and broadband connections. For instance, Rule 4 of India’s </span><a href="http://deity.gov.in/sites/upload_files/dit/files/GSR315E_10511(1).pdf">Information Technology (Guidelines for Cyber Cafe) Rules, 2011</a><span>, mandates that we cannot not use computers in a cybercafé without establishing our identities. But our ITU Draft Resolution seeks to </span><i>dismantle</i><span> the ability of Internet users to operate anonymously, be they political dissidents, criminals or those merely acting on their expectations of privacy. Such dismantling would be both violative of international human rights law, as well as dangerous for freedom of expression and privacy in principle. Anonymity is integral to democratic discourse, held the US Supreme Court in </span><i><a href="http://www.law.cornell.edu/supct/html/93-986.ZO.html">McIntyre v. Ohio Elections Commission</a></i><span> [514 U.S. 334 (1995)].</span><a href="#_ftn13">[13]</a><span> Restrictions on Internet anonymity facilitate communications surveillance and have a chilling effect on the free expression of opinions and ideas, </span><a href="http://www.ohchr.org/Documents/HRBodies/HRCouncil/RegularSession/Session23/A.HRC.23.40_EN.pdf">wrote Mr. Frank La Rue</a><span>, Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression (¶¶ 48-49).</span></p>
<p style="text-align: justify; ">So a law or international policy for blanket identification and traceability of IP addresses has grave consequences for and <i>prima facie </i>violates privacy, anonymity and freedom of speech. But these rights are not absolute, and can be validly restricted. And because these human rights are implicated, the ITU with its lack of expertise in the area may not be the adequate forum for discussion or study.</p>
<p style="text-align: justify; "><span>To be valid and justified interference, any law, policy or order interfering with privacy and free speech must meet the standards of reasonableness and proportionality, even if national security were the government’s legitimate aim, laid down in Articles 19(3) and 17 of the Covenant on Civil and Political Rights (CCPR) [</span><i><a href="http://www1.umn.edu/humanrts/undocs/html/vws488.htm">Toonen v. Australia</a></i><span>, Communication No. 488/1992, U.N. Doc CCPR/C/50/D/488/1992 (1994), ¶6.4]. And as the European Court of Human Rights found in </span><i><a href="http://hudoc.echr.coe.int/sites/eng/pages/search.aspx?i=001-76586">Weber & Saravia v. Germany</a></i><span> [Application no. 54934/00, 29 June 2006 (ECHR), ¶95], law or executive procedure that </span><i>enables</i><span> surveillance without sufficient safeguards is </span><i>prima facie</i><span> unreasonable and disproportionate. Re: anonymity, in </span><i><a href="http://hudoc.echr.coe.int/sites/eng/pages/search.aspx?i=001-126635">Delfi AS v. Estonia</a></i><span> [Application no. 64569/09, 17 February 2014, ¶83], while considering the liability of an Internet portal for offensive anonymous comments, the ECHR has emphasized the importance of balancing freedom of expression and privacy. It relied on certain principles such as “</span><i>contribution to a debate of general interest, subject of the report, the content, form and consequences of the publication</i><span>” to test the validity of government’s restrictions.</span></p>
<p style="text-align: justify; ">The implications of the suggested text of India’s Draft Resolution should then be carefully thought out. And this is a good thing. For one must wonder why governments need perfect traceability, geolocation and user identification for <i>all</i> IP addresses. Is such a demand really different from mass or blanket surveillance, in scale and government tracking ability? Would this not tilt the balance of power strongly in favour of governments against individuals (citizens or non-citizens)? This fear must especially arise in the absence of domestic legal protections, both in human rights, and criminal law and procedure. For instance, India’s Information Technology Act, 2000 (amended in 2008) has Section 66A, which criminalizes offensive speech, as well as speech that causes annoyance or inconvenience. Arguably, arrests under Section 66A have been <a href="http://timesofindia.indiatimes.com/city/bangalore/Man-arrested-for-allegedly-sending-offensive-MMS-against-Modi-confirmed-innocent-by-police-released/articleshow/35624351.cms">arbitrary</a>, and traceability may give rise to a host of new worries.</p>
<p style="text-align: justify; "><span>In any event, IP addresses and users can be discerned under existing domestic law frameworks. Regional Internet Registries (RIR) such as APNIC allocate blocks of IP addresses to either National Internet Registries (NIR – such as IRINN for India) or to ISPs directly. The ISPs then allocate IP addresses dynamically to users like you and me. Identifying information for these ISPs is maintained in the form of </span><a href="http://www.irinn.in/whoisSearchform.action">WHOIS records</a><span> and </span><a href="file://localhost/pub/stats/apnic">registries</a><span> with RIRs or NIRs, and this information is public. ISPs of most countries require identifying information from users before Internet connection is given, i.e., IP addresses allocated (mostly by dynamic allocation, for that is more efficient). ISPs of some states are also regulated; in India, for instance, ISPs require a </span><a href="http://www.dot.gov.in/licensing/data-services">licence</a><span> to operate and offer services.</span></p>
<p style="text-align: justify; ">If any government wished, on the basis of some reasonable cause, to identify a particular IP address or its user, then the government could first utilize WHOIS to obtain information about the ISP. Then ISPs may be ordered to release specific IP address locations and user information under executive or judicial order. There are also technical solutions, such as <a href="http://traceroute.monitis.com/">traceroute</a> or <a href="http://ip-lookup.net/">IP look-up</a> that assist in tracing or identifying IP addresses. Coders, governments and law enforcement must surely be aware of better technology than I.</p>
<p style="text-align: justify; ">If we take into account this possibility of geolocation of IP addresses, then the Draft Resolution’s motivation to ‘systematize’ IP address allocations on the basis of states is unclear. I will discuss the implication of this proposal, and that of traffic and address localization, in my next post.</p>
<p style="text-align: justify; "> </p>
<hr size="1" style="text-align: justify; " width="33%" />
<p style="text-align: justify; "><a href="#_ftnref1">[1]</a> Pream. §(e), Draft Resolution: “recognizing… that the modern day packet networks, which at present have many security weaknesses, inter alia, camouflaging the identity of originator of the communication”.</p>
<p style="text-align: justify; "><a href="#_ftnref2">[2]</a> Pream. §(h), Draft Resolution: “recognizing… that IP addresses are distributed randomly, that makes the tracing of communication difficult”.</p>
<p style="text-align: justify; "><a href="#_ftnref3">[3]</a> Op. §1, Draft Resolution: “instructs the Secretary General… to collaborate with all stakeholders including International and intergovernmental organizations, involved in IP addresses management to develop an IP address plan from which IP addresses of different countries are easily discernible and coordinate to ensure distribution of IP addresses accordingly”.</p>
<p style="text-align: justify; "><a href="#_ftnref4">[4]</a> Pream. §(g), Draft Resolution: “recognizing… that communication traffic originating and terminating in a country also many times flows outside the boundary of a country making such communication costly and to some extent insecure from national security point of view”.</p>
<p style="text-align: justify; "><a href="#_ftnref5">[5]</a> Pream. §(f), Draft Resolution: “recognizing… that even for local address resolution at times, system has to use resources outside the country which makes such address resolution costly and to some extent insecure from national security perspective”.</p>
<p style="text-align: justify; "><a href="#_ftnref6">[6]</a> Op. §6, Draft Resolution: “instructs the Secretary General… to develop and recommend a routing plan of traffic for optimizing the network resources that could effectively ensure the traceability of communication”.</p>
<p style="text-align: justify; "><a href="#_ftnref7">[7]</a> Op. §1, Draft Resolution; <i>see</i> note 3.</p>
<p style="text-align: justify; "><a href="#_ftnref8">[8]</a> Op. §5, Draft Resolution: “instructs the Secretary General… to develop and recommend public telecom network architecture which ensures that effectively the traffic meant for the country, traffic originating and terminating in the country remains within the country”.</p>
<p style="text-align: justify; "><a href="#_ftnref9">[9]</a> Op. §4, Draft Resolution: “instructs the Secretary General… to develop and recommend public telecom network architecture which ensures effectively that address resolution for the traffic meant for the country, traffic originating and terminating in the country/region takes place within the country”.</p>
<p style="text-align: justify; "><a href="#_ftnref10">[10]</a> Context Note to Draft Resolution, ¶3: “Planning and distribution of numbering and naming resources in a systematic, equitable, fair and just manner amongst the Member States…”</p>
<p style="text-align: justify; "><a href="#_ftnref11">[11]</a> Context Note to Draft Resolution, ¶2: “…there are certain areas that require critical attention to move in the direction of building the necessary “Trust Framework” for the safe “Information Society”, where privacy, safety are ensured”.</p>
<p style="text-align: left; "><a href="#_ftnref12">[12]</a> <i>See, for instance</i>, Report of the Office of the High Commission for Human Rights (“OHCHR”), <i>Right to Privacy in the Digital Age</i>, A/HRC/27/37 (30 June 2014), ¶34-35, <a href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf">http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf</a>. <i>See esp. </i>note 30 of the Report, ¶35.</p>
<p style="text-align: justify; "><a href="#_ftnref13">[13]</a> Many thorny political differences exist between the US and many states (including India and Kenya, who I am told has expressed preliminary support for the Draft Resolution) with regard to Internet governance. Irrespective of this, the US Constitution’s First Amendment and judicial protections to freedom of expression remain a yardstick for many states, including India. India, for instance, has positively referred to the US Supreme Court’s free speech protections in many of its decisions; <i>ex. see</i> Kharak Singh v. State of Uttar Pradesh, 1963 Cri. L.J. 329; R. Rajagopal v. State of Tamil Nadu, AIR 1995 SC 264.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/good-intentions-going-awry-i-why-india2019s-proposal-at-the-itu-is-troubling-for-internet-freedoms'>https://cis-india.org/internet-governance/blog/good-intentions-going-awry-i-why-india2019s-proposal-at-the-itu-is-troubling-for-internet-freedoms</a>
</p>
No publishergeethaCryptographyPrivacyCybersecurityInternet GovernanceFreedom of Speech and ExpressionChilling EffectMulti-stakeholderAnonymityITU2014-11-02T15:13:45ZBlog EntryWSIS+10 High Level Event: A Bird's Eye Report
https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report
<b>The WSIS+10 High Level was organised by the ITU and collaborative UN entities on June 9-13, 2014. It aimed to evaluate the progress on implementation of WSIS Outcomes from Geneva 2003 and Tunis 2005, and to envision a post-2015 Development Agenda. Geetha Hariharan attended the event on CIS' behalf.</b>
<p style="text-align: justify; "><span>The World Summit on Information Society (WSIS) +10 </span><a href="http://www.itu.int/wsis/implementation/2014/forum/">High Level Event</a><span> (HLE) was hosted at the ITU Headquarters in Geneva, from June 9-13, 2014. The HLE aimed to review the implementation and progress made on information and communication technology (ICT) across the globe, in light of WSIS outcomes (</span><a href="http://www.itu.int/wsis/index-p1.html">Geneva 2003</a><span> and </span><a href="http://www.itu.int/wsis/index-p2.html">Tunis 2005</a><span>). Organised in three parallel tracks, the HLE sought to take stock of progress in ICTs in the last decade (High Level track), initiate High Level Dialogues to formulate the post-2015 development agenda, as well as host thematic workshops for participants (Forum track).</span><span> </span></p>
<h3 style="text-align: justify; ">The High Level Track:</h3>
<p style="text-align: justify; "><img src="https://cis-india.org/internet-governance/blog/copy2_of_HighLevelTrack.jpg/@@images/be5f993c-3553-4d63-bb66-7cd16f8407dc.jpeg" alt="High Level Track" class="image-inline" title="High Level Track" /></p>
<p style="text-align: justify; "><i>Opening Ceremony, WSIS+10 High Level Event </i>(<a class="external-link" href="https://twitter.com/ITU/status/334587247556960256/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The High Level track opened officially on June 10, 2014, and culminated with the endorsement by acclamation (as is ITU tradition) of two <a href="http://www.itu.int/wsis/implementation/2014/forum/inc/doc/outcome/362828V2E.pdf">Outcome Documents</a>. These were: (1) WSIS+10 Statement on the Implementation of WSIS Outcomes, taking stock of ICT developments since the WSIS summits, (2) WSIS+10 Vision for WSIS Beyond 2015, aiming to develop a vision for the post-2015 global information society. These documents were the result of the WSIS+10 <a href="http://www.itu.int/wsis/review/mpp/">Multi-stakeholder Preparatory Platform</a> (MPP), which involved WSIS stakeholders (governments, private sector, civil society, international organizations and relevant regional organizations).</p>
<p style="text-align: justify; ">The <strong>MPP</strong> met in six phases, convened as an open, inclusive consultation among WSIS stakeholders. It was not without its misadventures. While ITU Secretary General Dr. Hamadoun I. Touré consistently lauded the multi-stakeholder process, and Ambassador Janis Karklins urged all parties, especially governments, to “<i>let the UN General Assembly know that the multi-stakeholder model works for Internet governance at all levels</i>”, participants in the process shared stories of discomfort, disagreement and discord amongst stakeholders on various IG issues, not least human rights on the Internet, surveillance and privacy, and multi-stakeholderism. Richard Hill of the Association for Proper Internet Governance (<a href="http://www.apig.ch/">APIG</a>) and the Just Net Coalition writes that like NETmundial, the MPP was rich in a diversity of views and knowledge exchange, but stakeholders <a href="http://www.ip-watch.org/2014/06/16/what-questions-did-the-wsis10-high-level-event-answer/">failed to reach consensus</a> on crucial issues. Indeed, Prof. Vlamidir Minkin, Chairman of the MPP, expressed his dismay at the lack of consensus over action line C9. A compromise was agreed upon in relation to C9 later.<span> </span></p>
<p style="text-align: justify; ">Some members of civil society expressed their satisfaction with the extensive references to human rights and rights-centred development in the Outcome Documents. While governmental opposition was seen as frustrating, they felt that the <strong><span style="text-decoration: underline;">MPP had sought and achieved a common understanding</span></strong>, a sentiment <a href="https://twitter.com/covertlight/status/476748168051580928">echoed</a> by the ITU Secretary General. Indeed, even Iran, a state that had expressed major reservations during the MPP and felt itself unable to agree with the text, <a href="https://twitter.com/covertlight/status/476748723750711297">agreed</a> that the MPP had worked hard to draft a document beneficial to all.</p>
<p style="text-align: justify; ">Concerns around the MPP did not affect the <strong><span style="text-decoration: underline;">review of ICT developments</span></strong> over the last decade. High Level Panels with Ministers of ICT from states such as Uganda, Bangladesh, Sweden, Nigeria, Saudi Arabia and others, heads of the UN Development Programme, UNCTAD, Food and Agriculture Organisation, UN-WOMEN and others spoke at length of rapid advances in ICTs. The focus was largely on ICT access and affordability in developing states. John E. Davies of Intel repeatedly drew attention to innovative uses of ICTs in Africa and Asia, which have helped bridge divides of affordability, gender, education and capacity-building. Public-private partnerships were the best solution, he said, to affordability and access. At a ceremony evaluating implementation of WSIS action-lines, the Centre for Development of Advanced Computing (C-DAC), India, <a href="https://twitter.com/covertlight/status/476748723750711297">won an award</a> for its e-health application MOTHER.</p>
<p style="text-align: justify; "><span>The Outcome Documents themselves shall be analysed in a separate post. But in sum, the dialogue around Internet governance at the HLE centred around the success of the MPP. Most participants on panels and in the audience felt this was a crucial achievement within the realm of the UN, where the Tunis Summit had delineated strict roles for stakeholders in paragraph 35 of the </span><a href="http://www.itu.int/wsis/docs2/tunis/off/6rev1.html">Tunis Agenda</a><span>. Indeed, there was palpable relief in Conference Room 1 at the </span><a href="http://www.cicg.ch/en/">CICG</a><span>, Geneva, when on June 11, Dr. Touré announced that the Outcome Documents would be adopted without a vote, in keeping with ITU tradition, even if consensus was achieved by compromise.</span></p>
<h3 style="text-align: justify; ">The High Level Dialogues:</h3>
<p style="text-align: justify; "><img src="https://cis-india.org/internet-governance/blog/HighLevelDialogues.jpg/@@images/3c30d94f-7a65-4912-bb42-2ccd3b85a18d.jpeg" alt="High Level Dialogues" class="image-inline" title="High Level Dialogues" /></p>
<p style="text-align: justify; "><i>Prof. Vladimir Minkin delivers a statement.</i> (<a class="external-link" href="https://twitter.com/JaroslawPONDER/status/476288845013843968/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The High Level Dialogues on developing a post-2015 Development Agenda, based on WSIS action lines, were active on June 12. Introducing the Dialogue, Dr. Touré lamented the Millennium Development Goals as a “<i>lost opportunity</i>”, emphasizing the need to alert the UN General Assembly and its committees as to the importance of ICTs for development.</p>
<p style="text-align: justify; ">As on previous panels, there was <strong><span style="text-decoration: underline;">intense focus on access, affordability and reach in developing countries</span></strong>, with Rwanda and Bangladesh expounding upon their successes in implementing ICT innovations domestically. The world is more connected than it was in 2005, and the ITU in 2014 is no longer what it was in 2003, said speakers. But we lack data on ICT deployment across the globe, said Minister Knutssen of Sweden, recalling the gathering to the need to engage all stakeholders in this task. Speakers on multiple panels, including the Rwandan Minister for CIT, Marilyn Cade of ICANN and Petra Lantz of the UNDP, emphasized the need for ‘smart engagement’ and capacity-building for ICT development and deployment.</p>
<p style="text-align: justify; ">A crucial session on cybersecurity saw Dr. Touré envision a global peace treaty accommodating multiple stakeholders. On the panel were Minister Omobola Johnson of Nigeria, Prof. Udo Helmbrecht of the European Union Agency for Network and Information Security (ENISA), Prof. A.A. Wahab of Cybersecurity Malaysia and Simon Muller of Facebook. The focus was primarily on building laws and regulations for secure communication and business, while child protection was equally considered.<span> </span></p>
<p style="text-align: justify; ">The lack of laws/regulations for cybersecurity (child pornography and jurisdictional issues, for instance), or other legal protections (privacy, data protection, freedom of speech) in rapidly connecting developing states was noted. But the <strong><span style="text-decoration: underline;">question of cross-border surveillance and wanton violations of privacy went unaddressed</span></strong> except for the customary, unavoidable mention. This was expected. Debates in Internet governance have, in the past year, been silently and invisibly driven by the Snowden revelations. So too, at WSIS+10 Cybersecurity, speakers emphasized open data, information exchange, data ownership and control (the <a href="https://cis-india.org/internet-governance/blog/ecj-rules-internet-search-engine-operator-responsible-for-processing-personal-data-published-by-third-parties">right to be forgotten</a>), but did not openly address surveillance. Indeed, Simon Muller of Facebook called upon governments to publish their own transparency reports: A laudable suggestion, even accounting for Facebook’s own undetailed and truncated reports.</p>
<p style="text-align: justify; ">In a nutshell, the post-2015 Development Agenda dialogues repeatedly emphasized the importance of ICTs in global connectivity, and their impact on GDP growth and socio-cultural change and progress. The focus was on taking this message to the UN General Assembly, engaging all stakeholders and creating an achievable set of action lines post-2015.</p>
<h3 style="text-align: justify; ">The Forum Track:</h3>
<p><img src="https://cis-india.org/internet-governance/blog/copy_of_ForumTrack.jpg/@@images/dfcce68a-18d7-4f1e-897b-7208bb60abc9.jpeg" alt="Forum Track" class="image-inline" title="Forum Track" /></p>
<p><i>Participants at the UNESCO session on its Comprehensive Study on Internet-related Issues</i> (<a class="external-link" href="https://twitter.com/leakaspar/status/476690921644646400/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The HLE was organized as an extended version of the WSIS Forum, which hosts thematic workshops and networking opportunities, much like any other conference. Running in parallel sessions over 5 days, the WSIS Forum hosted sessions by the ITU, UNESCO, UNDP, ICANN, ISOC, APIG, etc., on issues as diverse as the WSIS Action Lines, the future of Internet governance, the successes and failures of <a href="http://www.internetgovernance.org/2012/12/18/itu-phobia-why-wcit-was-derailed/">WCIT-2012</a>, UNESCO’s <a href="http://www.unesco.org/new/internetstudy">Comprehensive Study on Internet-related Issues</a>, spam and a taxonomy of Internet governance.<span> </span></p>
<p style="text-align: justify; ">Detailed explanation of each session I attended is beyond the scope of this report, so I will limit myself to the interesting issues raised.<span> </span></p>
<p style="text-align: justify; ">At ICANN’s session on its own future (June 9), Ms. Marilyn Cade emphasized the <strong><span style="text-decoration: underline;">importance of national and regional IGFs</span></strong> for both issue-awareness and capacity-building. Mr. Nigel Hickson spoke of engagement at multiple Internet governance fora: “<i>Internet governance is not shaped by individual events</i>”. In light of <a href="http://www.internetgovernance.org/2014/04/16/icann-anything-that-doesnt-give-iana-to-me-is-out-of-scope/">criticism</a> of ICANN’s apparent monopoly over IANA stewardship transition, this has been ICANN’s continual <a href="https://www.icann.org/resources/pages/process-next-steps-2014-06-06-en">response</a> (often repeated at the HLE itself). Also widely discussed was the <strong><span style="text-decoration: underline;">role of stakeholders in Internet governance</span></strong>, given the delineation of roles and responsibilities in the Tunis Agenda, and governments’ preference for policy-monopoly (At WSIS+10, Indian Ambassador Dilip Sinha seemed wistful that multilateralism is a “<i>distant dream</i>”).<span> </span></p>
<p style="text-align: justify; ">This discussion bore greater fruit in a session on Internet governance ‘taxonomy’. The session saw <a href="https://www.icann.org/profiles/george-sadowsky">Mr. George Sadowsky</a>, <a href="http://www.diplomacy.edu/courses/faculty/kurbalija">Dr. Jovan Kurbalija</a>, <a href="http://www.williamdrake.org/">Mr. William Drake</a> and <a href="http://www.itu.int/wsis/implementation/2014/forum/agenda/session_docs/170/ThoughtsOnIG.pdf">Mr. Eliot Lear</a> (there is surprisingly no official profile-page on Mr. Lear) expound on dense structures of Internet governance, involving multiple methods of classification of Internet infrastructure, CIRs, public policy issues, etc. across a spectrum of ‘baskets’ – socio-cultural, economic, legal, technical. Such studies, though each attempting clarity in Internet governance studies, indicate that the closer you get to IG, the more diverse and interconnected the eco-system gets. David Souter’s diagrams almost capture the flux of dynamic debate in this area (please see pages 9 and 22 of <a href="http://www.internetsociety.org/sites/default/files/ISOC%20framework%20for%20IG%20assessments%20-%20D%20Souter%20-%20final_0.pdf">this ISOC study</a>).</p>
<p style="text-align: justify; ">There were, for most part, insightful interventions from session participants. Mr. Sadowsky questioned the effectiveness of the Tunis Agenda delineation of stakeholder-roles, while Mr. Lear pleaded that techies be let to do their jobs without interference. <a href="http://internetdemocracy.in/">Ms. Anja Kovacs</a> raised pertinent concerns about <strong><span style="text-decoration: underline;">including voiceless minorities in a ‘rough consensus’ model</span></strong>. Across sessions, <strong><span style="text-decoration: underline;">questions of mass surveillance, privacy and data ownership rose</span></strong> from participants. The protection of human rights on the Internet – especially freedom of expression and privacy – made continual appearance, across issues like spam (<a href="http://www.itu.int/ITU-D/CDS/sg/rgqlist.asp?lg=1&sp=2010&rgq=D10-RGQ22.1.1&stg=1">Question 22-1/1</a> of ITU-D Study Group 1) and cybersecurity.</p>
<h3 style="text-align: justify; ">Conclusion:</h3>
<p style="text-align: justify; ">The HLE was widely attended by participants across WSIS stakeholder-groups. At the event, a great many relevant questions such as the future of ICTs, inclusions in the post-2015 Development Agenda, the value of muti-stakeholder models, and human rights such as free speech and privacy were raised across the board. Not only were these raised, but cognizance was taken of them by Ministers, members of the ITU and other collaborative UN bodies, private sector entities such as ICANN, technical community such as the ISOC and IETF, as well as (obviously) civil society.<span> </span></p>
<p style="text-align: justify; ">Substantively, the HLE did not address mass surveillance and privacy, nor of expanding roles of WSIS stakeholders and beyond. Processually, the MPP failed to reach consensus on several issues comfortably, and a compromise had to be brokered.</p>
<p style="text-align: justify; "><span>But perhaps a big change at the HLE was the positive attitude to multi-stakeholder models from many quarters, not least the ITU Secretary General Dr. Hamadoun Touré. His repeated calls for acceptance of multi-stakeholderism left many members of civil society surprised and tentatively pleased. Going forward, it will be interesting to track the ITU and the rest of UN’s (and of course, member states’) stances on multi-stakeholderism at the ITU Plenipot, the WSIS+10 Review and the UN General Assembly session, at the least.</span></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report'>https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report</a>
</p>
No publishergeethaWSIS+10PrivacyCybersecurityHuman Rights OnlineSurveillanceFreedom of Speech and ExpressionInternet GovernanceFacebookData ProtectionMulti-stakeholderICANNInternet AccessITUInternet StudiesE-GovernanceICT2014-06-20T15:57:32ZBlog EntryElectoral Databases – Privacy and Security Concerns
https://cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns
<b>In this blogpost, Snehashish Ghosh analyzes privacy and security concerns which have surfaced with the digitization, centralization and standardization of the electoral database and argues that even though the law provides the scope for protection of electoral databases, the State has not taken any steps to ensure its safety.</b>
<p></p>
<p> </p>
<p style="text-align: justify; ">The recent move by the Election Commission of India (ECI) to tie-up with Google for providing electoral look-up services for citizens and electoral information services has faced heavy criticism on the grounds of data security and privacy.<a href="#_edn1" name="_ednref1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[i]</span></span></a> After due consideration, the ECI has decided to drop the plan.<a href="#_edn2" name="_ednref2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a></p>
<p style="text-align: justify; ">The plan to partner with Google has led to much apprehension regarding Google gaining access to the database of 790 million voters including, personal information such as age, place of birth and residence. It could have also gained access to cell phone numbers and email addresses had the voter chosen to enroll via the online portal on the ECI website. Although, the plan has been cancelled, it does not necessarily mean that the largest database of citizens of India is safe from any kind of security breach or abuse. In fact, the personal information of each voter in a constituency can be accessed by anyone through the ECI website and the publication of electoral rolls is mandated by the law.</p>
<p style="text-align: justify; "><b>Publication of Electoral Rolls</b><br />The electoral roll essentially contains the name of the voter, name of the relationship (son of/wife of, etc.), age, sex, address and the photo identity card number. The main objective of creation and maintenance of electoral rolls and the issue of Electoral Photo Identity Card (EPIC) was to ensure a free and fair election where the voter would have been able to cast his own vote as per his own choice. In other words, the main purpose of the exercise was to curtail bogus voting. This is achieved by cross referencing the EPIC with the electoral roll.</p>
<p style="text-align: justify; ">The process of creation and maintenance of electoral rolls is governed by the Registration of Electors Rules, 1960. Rule 22 requires the registration officer to publish the roll with list of amendments at his office for inspection and public information. Furthermore, ECI may direct the registration officer to send two copies of the electoral roll to every political party for which a symbol has exclusively been reserved by the ECI. It can be safely concluded that the electoral roll of a constituency is a public document<a href="#_edn3" name="_ednref3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a> given that the roll is published and can be circulated on the direction of the ECI.</p>
<p style="text-align: justify; ">With the computational turn, in 1998 the ECI took the decision to digitize the electoral databases. Furthermore, printed electoral rolls and compact discs containing the rolls are available for sale to general public.<a href="#_edn4" name="_ednref4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iv]</span></span></a> In addition to that, the electoral rolls for the entire country are available on the ECI website.<a href="#_edn5" name="_ednref5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[v]</span></span></a> However, the current database is not uniform and standardized, and entries in some constituencies are available only in the local language. The ECI has taken steps to make the database uniform, standardized and centralized.<a href="#_edn6" name="_ednref6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vi]</span></span></a></p>
<p style="text-align: justify; "><b>Security Concerns</b><br />The Registration of Electoral Rules, 1960 is an archaic piece of delegated legislation which is still in force and casts a statutory duty on the ECI to publish the electoral rolls. The publication of electoral rolls is not a threat to security when it is distributed in hard copies and the availability of electoral rolls is limited. The security risks emerge only after the digitization of electoral database, which allows for uniformity, standardization and centralization of the database which in turn makes it vulnerable and subject to abuse. The law has failed to evolve with the change in technology.</p>
<p style="text-align: justify; ">In a recent article, Bill Davidow analyzes "the dark side of Moore’s Law" and argues that with the growth processing power there has been a growth in surveillance capabilities and on this note the article is titled, “<i>With Great Computing Power Comes Great Surveillance”</i><a href="#_edn7" name="_ednref7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vii]</span></span></a> Drawing from Davidow’s argument, with the exponential growth in computing power, search has become convenient, faster and cheap. A uniform, standardized and centralized database bearing the personal information of 790 million voters can be searched and categorized in accordance with the search terms. The personal information of the voters can be used for good, but it can be equally abused if it falls into the wrong hands. Big data analysis or the computing power makes it easier to target voters, as bits and pieces of personal information give a bigger picture of an individual, a community, etc. This can be considered intrusive on individual’s privacy since the personal information of every voter is made available in the public domain</p>
<p style="text-align: justify; ">For example, the availability of a centralized, searchable database of voters along with their age would allow the appropriate authorities to identify wards or constituencies, which has a high population of voters above the age of 65. This would help the authority to set up polling booths at closer location with special amenities. However, the same database can be used to search for density of members of a particular community in a ward or constituency based on the name, age, sex of the voters. This information can be used to disrupt elections, target vulnerable communities during an election and rig elections.</p>
<p style="text-align: justify; "><b>Current IT Laws does not mandate the protection of the electoral database</b><br />A centralized electoral database of the entire country can be considered as a critical information infrastructure (CII) given the impact it may have on the election which is the cornerstone of any democracy. Under Section 70 of the Information Technology Act, 2000 (IT Act) CII means “the computer resource, incapacitation or destruction of which, shall have debilitating impact on national security, economy.”<a href="#_edn8" name="_ednref8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[viii]</span></span></a> However, the appropriate Government has not notified the electoral database as a protected system<a href="#_edn9" name="_ednref9"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ix]</span></span></a>. Therefore, information security practices and procedures for a protected system are not applicable to the electoral database.</p>
<p style="text-align: justify; ">The Information Technology Rules (IT Rules) are also not applicable to electoral databases, <i>per se</i>. Since, ECI is not a body corporate, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011 (<i>hereinafter </i>Reasonable Security Practices Rules) do not apply to electoral databases. Ignoring that Reasonable Security Practices Rules only apply to a body corporate, the electoral database does fall within the ambit of definition of “personal information”<a href="#_edn10" name="_ednref10"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[x]</span></span></a> and should arguably be made subject to the Rules.</p>
<p style="text-align: justify; ">The intent of the ECI for hosting the entire country’s electoral database online <i>inter alia</i> is to provide electronic service delivery to the citizens. It seeks to provide “electoral look up services for citizens ... for better electoral information services.”<a href="#_edn11" name="_ednref11"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span></a> However, the Information Technology (Electronic Service Delivery) Rules, 2011 are not applicable to the electoral database given that it is not notified by the appropriate Government as a service to be delivered electronically. Hence, the encryption and security standards for electronic service delivery are not applicable to electoral rolls.</p>
<p style="text-align: justify; ">The IT Act and the IT Rules provide a reasonable scope for the appropriate Government to include electoral databases within the ambit of protected system and electronic service delivery. However, the appropriate government has not taken any steps to notify electoral database as protected system or a mode of electronic service delivery under the existing laws.</p>
<p style="text-align: justify; "><b>Conclusion</b><br />Publication of electoral rolls is a necessary part of an election process. It ensures free and fair election and promotes transparency and accountability. But unfettered access to electronic electoral databases may have an adverse effect and would endanger the very goal it seeks to achieve because the electronic database may pose threat to privacy of the voters and also lead to security breach. It may be argued that the ECI is mandated by the law to publish the electoral database and hence, it is beyond the operation of the IT Act. But Section 81 of the IT Act has an overriding effect on any law inconsistent, therewith. The appropriate Government should take necessary steps under the IT Act and notify electoral databases as a protected system.</p>
<p style="text-align: justify; ">It is recommended that the Electors Registration Rules, 1960 should be amended, taking into account the advancement in technology. Therefore, the Rules should aim at restricting the unfettered electronic access to the electoral database and also introduce purposive limitation on the use of the electoral database. It should also be noted that more adequate and robust data protection and privacy laws should be put in place, which would regulate the collection, use, storage and processing of databases which are critical to national security.</p>
<div>
<hr align="left" size="1" width="100%" />
<div id="edn1">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref1" name="_edn1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[i]</span></span></a> Pratap Vikram Singh, Post-uproar, EC’s Google tie-up plan may go for a toss, Governance Now, January 7, 2014 available at <a class="external-link" href="http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss">http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss</a></p>
</div>
<div id="edn2">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref2" name="_edn2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a> Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at <a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf">http://eci.nic.in/eci_main1/current/PN09012014.pdf</a></p>
</div>
<div id="edn3">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref3" name="_edn3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a> Section 74, Indian Evidence Act, 1872</p>
</div>
<div id="edn4">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref4" name="_edn4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iv]</span></span></a> <a class="external-link" href="http://eci.nic.in/eci_main1/the_function.aspx">eci.nic.in/eci_main1/the_function.aspx</a></p>
</div>
<div id="edn5">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref5" name="_edn5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[v]</span></span></a> <a class="external-link" href="http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx">http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx</a></p>
</div>
<div id="edn6">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref6" name="_edn6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vi]</span></span></a> “At present, in most States and UTs the Electoral Database is kept at the district level. In some cases it is kept even with the vendors. In most States/UTs it is maintained in MS Access, while in some cases it is on a primitive technology like FoxPro and in some other cases on advanced RDBMS like Oracle or Sql Server. The database is not kept in bilingual form in some of the States/UTs, despite instructions of the Commission. In most cases Unicode fonts are not used. The database structure not being uniform in the country, makes it almost impossible for the different databases to talk to each other” – Election Commission of India, Revision of Electoral Rolls with reference to 01-01-2010 as the qualifying date – Integration and Standardization of the database- reg., No. 23/2009-ERS, January 6, 2010 available at e<a class="external-link" href="http://eci.nic.in/eci_main/eroll&epic/ins06012010.pdf">ci.nic.in/eci_main/eroll&epic/ins06012010.pdf</a><span dir="RTL"></span></p>
</div>
<div id="edn7">
<p class="MsoEndnoteText"><a href="#_ednref7" name="_edn7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vii]</span></span></a><a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf"><span><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"> </span></span></span>http://www.theatlantic.com/technology/archive/2014/01/with-great-computing-power-comes-great-surveillance/282933/</a></p>
</div>
<div id="edn8">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref8" name="_edn8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[viii]</span></span></a> Section 70, Information Technology Act, 2000</p>
</div>
<div id="edn9">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref9" name="_edn9"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ix]</span></span></a> Computer resource which directly or indirectly affects the facility of Critical Information Infrastructure</p>
</div>
<div id="edn10">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref10" name="_edn10"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[x]</span></span></a> Rule 2(1)(i), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011</p>
</div>
<div id="edn11">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref11" name="_edn11"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span></a> Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at <a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf">http://eci.nic.in/eci_main1/current/PN09012014.pdf</a></p>
</div>
</div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns'>https://cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns</a>
</p>
No publishersnehashishDigital GovernancePrivacyCybersecurityData ProtectionInternet GovernanceSafetyInformation TechnologyCyber SecuritySecuritye-GovernanceTransparency, PoliticsE-Governance2014-01-16T11:07:21ZBlog EntryCIS Cybersecurity Series (Part 13) - Pranesh Prakash
https://cis-india.org/internet-governance/cis-cybersecurity-series-part-13-pranesh-prakash
<b>CIS interviews Pranesh Prakash, lawyer and policy director with Centre for Internet and Society, as part of the Cybersecurity Series.</b>
<div>
<div><i>"When it comes to things cyber we completely lose our sense of proportion. While killing someone by negligence only attracts two years of punishment, saying something that people can define "offensive" attracts even more under 66A of the Information Technology Act. Something that can be a nuisance, under the Criminal Laws, can attract up to six months punishment, whereas under the IT act, it is up to three years..." - Pranesh Prakash, lawyer and policy director, Centre for Internet and Society</i></div>
<div></div>
<div>Centre for Internet and Society presents its thirteenth installment of the CIS Cybersecurity Series.</div>
<div></div>
<div>The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.</div>
<div></div>
<div>Pranesh is a Policy Director with the Centre, and is a graduate of the National Law School of India University, Bangalore, with a degree in Arts and Law.</div>
<div></div>
</div>
<p><iframe frameborder="0" height="315" src="http://www.youtube.com/embed/gUDeTeQ6DAg" width="560"></iframe></p>
<div><b><i><br /></i></b></div>
<div><b><i>This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.</i></b></div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/cis-cybersecurity-series-part-13-pranesh-prakash'>https://cis-india.org/internet-governance/cis-cybersecurity-series-part-13-pranesh-prakash</a>
</p>
No publisherpurbaCyberspaceCybersecurityInternet GovernanceCyber Security FilmCyberculturesCyber SecurityCyber Security Interview2014-01-20T06:20:44ZBlog EntryDesiSec: Episode 1 - Film Release and Screening
https://cis-india.org/internet-governance/desisec-episode-1-film-release-and-screening
<b>The Centre for Internet and Society is pleased to to announce the release of the first documentary film on cybersecurity in India - DesiSec.
We hope you can join us for a special screening of the first episode of DesiSec, on 11th December, at CIS!</b>
<div>Early 2013, the Centre for Internet and Society began shooting its first documentary film project. After months of researching and interviewing activists and experts, CIS is thrilled to announce the release of the first documentary film on cybersecurity in India - <strong>DesiSec: Cybersecurity and Civi Society in India</strong>.</div>
<div> </div>
<div>Trailer link: <a href="https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer">http://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer</a></div>
<div> </div>
<div>CIS is hosting a special screening of <strong>DesiSec: Episode 1</strong> on <strong>11th December, 2013, 6 pm</strong> and invites you to this event. The first episode is centered around the issue of privacy and surveillance in cyber space and how it affects Indian society.</div>
<div> </div>
<div>We look forward to seeing you there!</div>
<div> </div>
<div>RSVP: <a href="mailto:purba@cis-india.org" target="_blank">purba@cis-india.org</a></div>
<div>Venue: http://osm.org/go/yy4fIjrQL?m=</div>
<div> </div>
<div><strong><em>This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.</em></strong></div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/desisec-episode-1-film-release-and-screening'>https://cis-india.org/internet-governance/desisec-episode-1-film-release-and-screening</a>
</p>
No publisherpurbaCyberspacePrivacyCybersecurityInternet GovernanceSurveillanceCyber Security FilmCyber SecurityEvent2013-12-17T08:13:32ZEventFirst Look: CIS Cybersecurity documentary film
https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer
<b>CIS presents the trailer of its documentary film DesiSec: Cybersecurity & Civil Society in India</b>
<p>The Centre for Internet and Society is pleased to release the trailer of its first documentary film, on cybersecurity and civil society in India. </p>
<p>The documentary is part of the CIS Cybersecurity Series, a work in progress which may be found <a class="external-link" href="http://cismetamedia.tumblr.com">here</a>.</p>
<iframe src="//www.youtube.com/embed/3134xVvMmfc" frameborder="0" height="315" width="560"></iframe>
<p><strong>DesiSec: Cybersecurity and Civil Society in India</strong></p>
<p>The trailer of <em>DesiSec: Cybersecurity and Civil Society in India</em> was shown at the Internet Governance Forum in Bali on October 24. It was a featured presentation at the Citizen Lab workshop, <em>Internet Governance For The Next Billion Users.</em></p>
<p>The transcript of the workshop is available here: <a href="http://www.intgovforum.org/cms/component/content/article/121-preparatory-process/1476-ws-344-internet-governance-for-the-next-billion-users">http://www.intgovforum.org/cms/component/content/article/121-preparatory-process/1476-ws-344-internet-governance-for-the-next-billion-users</a> </p>
<p><strong><em>This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.</em></strong></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer'>https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer</a>
</p>
No publisherpurbaCybersecurityInternet Governance ForumInternet GovernanceCyber Security FilmCyberculturesCyber Security2013-12-17T08:16:42ZBlog Entry