The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 81 to 95.
CIS Cybersecurity Series (Part 23) – Justin Searle
http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle
<b>CIS interviews Justin Searle, security expert, as part of the Cybersecurity Series.</b>
<p><em>"I think that people here in India, just like everywhere else, are broadening the areas where security can be applied. We see elsewhere, like in the United States and in Europe, that a lot of security researchers are starting to get into not just control systems, but also embedded devices and hardware and wireless... And we are seeing the same trends here in India as well. It is fun to see that growth and continual development, and not only that, but we are seeing security projects and research coming out of India, that's unqiue and fresh and contributing back to what originally came more from the United States and Europe."</em></p>
<p>Centre for Internet and Society presents its twenty
third installment of the CIS Cybersecurity Series.</p>
<p>The CIS Cybersecurity Series seeks to address hotly
debated aspects of cybersecurity and hopes to encourage wider public discourse
around the topic. </p>
<p>Justin Searle is the managing partner for Utilisec.
Utisix provides security services to the energy sector. They also assist oil,
water, gas, and manufacturing companies. Justin specializes in security
assessments and finding vulnerabilities in systems. </p>
<iframe src="https://www.youtube.com/embed/ufOV8DXzQuA" frameborder="0" height="315" width="560"></iframe>
<p> </p>
<p><strong>This work was carried out as part of the Cyber
Stewards Network with aid of a grant from the International Development
Research Centre, Ottawa, Canada.</strong></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle'>http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-23-2013-justin-searle</a>
</p>
No publisherpurbaPrivacyCybersecurityInternet GovernanceCyber Security FilmCyber SecurityCyber Security Interview2015-07-15T14:44:38ZBlog EntryCIS Cybersecurity Series (Part 22) - Anonymous
http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous
<b>CIS interviews a Tibetan security researcher and information activist, as part of the Cybersecurity Series. He prefers to remain anonymous.</b>
<p><em>"I
don't know technology but I am aware of the information people share with me.
So yes, they can track you down through your mobile phone. The last time I was
in Nepal, I met a westerner. We went to this restaurant and she asked me to
take the battery out of the phone. That was the first time I had heard of this
and so when I asked why she said that it is possible that people had followed
us and it has happened to other Tibetans in Nepal..."</em></p>
<p>Centre for Internet and Society presents its twenty second installment of the CIS Cybersecurity Series.</p>
<p>The CIS Cybersecurity Series seeks to address hotly
debated aspects of cybersecurity and hopes to encourage wider public discourse
around the topic.</p>
<p><iframe src="https://www.youtube.com/embed/glsAFfj7tV4" frameborder="0" height="315" width="560"></iframe></p>
<p><em>This work was carried out as part of the Cyber
Stewards Network with aid of a grant from the International Development Research
Centre, Ottawa, Canada.</em></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous'>http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-22-anonymous</a>
</p>
No publisherpurbaPrivacyCybersecurityInternet GovernanceCyber Security FilmCyber SecurityCyber Security Interview2015-07-13T13:40:42ZBlog EntryMost emerging firms low on cyber security: Experts
http://editors.cis-india.org/internet-governance/news/economic-times-june-24-2015-malavika-murali-and-payal-ganguly-most-emerging-firms-low-on-cyber-security-experts
<b>When Pavitra Badrinath saw that the upgrade to a shopping application on her smartphone asked access to her contacts and messages, she decided against it. "Laws on privacy are not clear in India. So I am doing what I can to protect my information," the 26-year-old technology firm employee said.</b>
<p style="text-align: justify; ">The article by Malavika Murali and Payal Ganguly was <a class="external-link" href="http://articles.economictimes.indiatimes.com/2015-06-24/news/63783278_1_cyber-security-data-security-council-google-india">published in the Economic Times</a> on June 24, 2015. Sunil Abraham gave his inputs.</p>
<hr />
<p style="text-align: justify; ">Are users taking a risk by allowing applications to gain access to personal data shadowed by an upgrade? "Most definitely ," said Bikash Barai, cofounder and chief executive of security firm iViz Security .<br /><br />With at least 10 alleged breaches and hacks into the databases of startups such as Ola and Gaana this year, the alarm bells are going off.<br /><br />Experts warn that emerging businesses are lax with security frameworks, which is especially worrying as millions more Indians are shopping online, including on their phones, exposing crucial personal and financial data to fraud.<br /><br />More than 70 per cent of Indian companies are under-prepared when it comes to cyber security, according to a report by CISO Platform, a social platform for security experts where Barai is chief adviser.<br /><br />India's largest cab-hailing company, Ola denied hackers' claims in an email response to ET, stating that its data were not compromised.<br /><br />Music service Gaana.com, in response to being hacked by a person in Pakistan calling himself MakMan, said it had strengthened its security team and offerings in recent weeks. "In addition, we are working on a `bug bounty' program, which will allow individuals to point out any potential vulnerability in a safe way," said Pawan Agarwal, business head at Gaana.com.<br /><br />According to Google India, the number of online shoppers is expected to cross 100 million by the end of next year, from 35 million ear, from 35 million n 2014. But lack of roust regulations and ata privacy laws as ell as the fragmentd nature of the starup ecosystem, do not llow much scope for esearch on cyber seurity , said experts."Under the Indian "Under the Indian regime, there are no self-regulatory mechanisms for putting out breach notifications," said Sunil Abraham, executive director of the Centre for Internet and Society. "The numbers available with a central body like Data Security Council of India will be a gross underestimation of the cases of breach."<br /><br />"Most of the startups in India want to do everything in-house. This can lead to a potential compromise or lack of expertise on the security front, even if it is made priority," said Harshit Agarwal, founder and chief executive of Singapore-based Appknox, which provides security services to Paytm, Freecharge and Myntra among other clients.<br /><br />Jabong founder and managing director Praveen Sinha said the online fashion retailer spends 15-20 per cent of its revenue on cyber security. But other startups contended that budgets and teams sizes are not accurate indicators of security preparedness.<br /><br />"We do not work with any external security firms as we have realised that the average report is as good as our internal team can make," said Mukesh Singh, chief executive officer of online grocer ZopNow.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/economic-times-june-24-2015-malavika-murali-and-payal-ganguly-most-emerging-firms-low-on-cyber-security-experts'>http://editors.cis-india.org/internet-governance/news/economic-times-june-24-2015-malavika-murali-and-payal-ganguly-most-emerging-firms-low-on-cyber-security-experts</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2015-06-29T16:02:51ZNews ItemDesiSec: Cybersecurity and Civil Society in India
http://editors.cis-india.org/internet-governance/blog/desi-sec-cybersecurity-and-civil-society-in-india
<b>As part of its project on mapping cyber security actors in South Asia and South East Asia, the Centre for Internet & Society conducted a series of interviews with cyber security actors. The interviews were compiled and edited into one documentary. The film produced by Purba Sarkar, edited by Aaron Joseph, and directed by Oxblood Ruffin features Malavika Jayaram, Nitin Pai, Namita Malhotra, Saikat Datta, Nishant Shah, Lawrence Liang, Anja Kovacs, Sikyong Lobsang Sangay and, Ravi Sharada Prasad.</b>
<p style="text-align: justify; ">Originally the idea was to do 24 interviews with an array of international experts: Technical, political, policy, legal, and activist. The project was initiated at the University of Toronto and over time a possibility emerged. Why not shape these interviews into a documentary about cybersecurity and civil society? And why not focus on the world’s largest democracy, India? Whether in India or the rest of the world there are several issues that are fundamental to life online: Privacy, surveillance, anonymity and, free speech. DesiSec includes all of these, and it examines the legal frameworks that shape how India deals with these challenges.</p>
<p style="text-align: justify; ">From the time it was shot till the final edit there has only been one change in the juridical topography: the dreaded 66A of the IT Act has been struck down. Otherwise, all else is in tact. DesiSec was produced by Purba Sarkar, shot and edited by Aaron Joseph, and directed by Oxblood Ruffin. It took our team from Bangalore to Delhi and, Dharamsala. We had the honour of interviewing: Malavika Jayaram, Nitin Pai, Namita Malhotra, Saikat Datta, Nishant Shah, Lawrence Liang, Anja Kovacs, Sikyong Lobsang Sangay and, Ravi Sharada Prasad. Everyone brought something special to the discussion and we are grateful for their insights. Also, we are particularly pleased to include the music of Charanjit Singh for the intro/outro of DesiSec. Mr. Singh is the inventor of acid house music, predating the Wikipedia entry for that category by five years. Someone should correct that.</p>
<p>DesiSec is released under the Creative Commons License Attribution 3.0 Unported (CC by 3.0). You can watch it on Vimeo: <a href="https://vimeo.com/123722680" target="_blank">https://vimeo.com/123722680</a> or download it legally and free of charge via torrent. Feel free to show, remix, and share with your friends. And let us know what you think!</p>
<hr />
<h2>Video</h2>
<p><iframe frameborder="0" height="315" src="https://www.youtube.com/embed/8N3JUqRRvys" width="560"></iframe></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/desi-sec-cybersecurity-and-civil-society-in-india'>http://editors.cis-india.org/internet-governance/blog/desi-sec-cybersecurity-and-civil-society-in-india</a>
</p>
No publisherLaird BrownCensorshipPrivacyFreedom of Speech and ExpressionInternet GovernanceCyber Security FilmFeaturedChilling EffectCyber SecurityHomepageCyber Security Interview2015-06-29T16:25:43ZBlog EntryWWW: The Hackers’ Haven
http://editors.cis-india.org/internet-governance/news/business-world-9-2-2015-abraham-c-mathews-www-the-hackers-haven
<b>In an increasingly connected world, it pays to be careful when sharing personal information </b>
<p style="text-align: justify; ">This story by Abraham C. Mathews was published in <a class="external-link" href="http://www.businessworld.in/news/business/it/www-the-hackers%E2%80%99-haven/1707848/page-1.html">BW | Businessworld Issue Dated 09-02-2015</a>. Sunil Abraham gave his inputs.</p>
<hr />
<p style="text-align: justify; ">Last year, Whatsapp changed its encryption algorithm several times and, every time, it was breached,” says Saket Modi, hacker, entrepreneur and CEO of Lucideus Technologies, which just created an app that monitors wayward activity on your smartphone. That’s geekspeak for: “Your WhatsApp chats, including deleted ones, would have been accessible to any hacker worth his salt”. And we are talking about a company that was valued at $19 billion at some point during the year. Only in November 2014 did WhatsApp finally embrace end-to-end encryption, which will ostensibly address the issue.<br /> <br />Or take the sales claim that every smartphone purchaser has heard — “Android is safe from virus.” That’s not, however, what a joint study by security solutions company Kaspersky and Interpol found. In the first half of 2014, 1,75,442 unique malicious programmes targeted at Android were discovered. Clearly a tribute to the platform on which 85 per cent of smartphones run.<br /> <br />In a TEDx talk last year titled ‘What’s physically possible in the virtual world’, Modi demonstrated how, with access to your smartphone for barely 20 seconds, he can see everything that has ever happened on your phone — text messages, call log, browsing history, and so on. He also showed how fraudulent emails could be disguised so as to appear to have come from a yahoo.com email address, and how you could be hacked even without being connected to the Internet. “There are only two kinds of people in the world,” he says. “Those who know they have been hacked and those who don’t.”<br /> <br /><b>Epidemic Proportions</b><br />For cyber security, 2014 was annus horribilis. From celebrities whose intimate pictures were dumped on the Internet, to corporates such as Sony, JP Morgan and Target whose records were hacked into and personal information of millions of their customers compromised, it was the year when the proverbial shit hit the fan. Details (names, numbers, even favourite pizza toppings) of six lakh customers of Domino’s Pizza in France and Belgium were stolen for a $40,000 ransom. One hundred and ten million records (credit card details, social security numbers, along with addresses) from Target were stolen. The company later admitted that its sales were “meaningfully weaker” after the data theft was disclosed. One hundred and forty-five million records were stolen from eBay, 109 million from Home Depot and 83 million from JP Morgan during the year.<br /> <br />In 2013, a group that calls itself the Syrian Electronic Army hacked into Swedish company TrueCaller’s database. TrueCaller, an app, allows you to identify phone numbers. The data is collected from the contact list of those who download the app, which means, it even has details of those who haven’t downloaded or used the app in any way. Estimates put the number of Indians whose numbers could have been stolen at a million.<br /> <br />Cyber security is not yet a boardroom topic, says Anil Bhasin, MD, India & Saarc, Palo Alto Networks, which claims to create comprehensive security solutions for users but is fast becoming one with the increase in security breach incidents. Enterprises still use legacy technology that at times is 20 years old, he says, giving the example of banks that sometimes have a layer-3 staple inspection firewall, when they should ideally be running on layer-7.<br /> <br />When companies store your information, you also benefit. For example, when an e-commerce company does so, online shopping becomes faster and easier. But these companies should invest in measures to protect the information, says Sunil Abraham, executive director of the Centre for Internet and Society in Bangalore. But then again, he says, a lot of breaches, like the celebrity iCloud hack, happen because users are negligent with measures designed to protect them. Passwords, for instance.<br /> <br />A Pew Research report found that only four out of 10 Internet users changed passwords after the ‘heartbleed’ virus (which found a way to unlock encrypted data) was uncovered in April 2014. Only 6 per cent thought their information was stolen. But, in August, it emerged that a Russian crime ring had amassed 1.2 billion user name-password combinations of 500 million email addresses from 4,20,000 websites. A Kaspersky study found that the number of malicious programmes detected rose 10 times in just six months to 6,44,000 in March 2014. This shows the call for vigil cannot not be more critical.</p>
<p style="text-align: justify; ">Interestingly, your online financial payments may be relatively more secure, thanks to Reserve Bank of India’s dogged persistence in continuing with the two-step verification process for electronic payments (a one-time password and PIN verification). The central bank drew a lot of flak for barring taxi app Uber from storing payment information and automatically deducting charges at the end of a ride. But Modi isn’t impressed. He likens the two-step verification to a batsman going onto the pitch wearing just a helmet. “The rest of your body is still exposed,” he says.<br /> <br /><b>Easy Targets</b><br />Here’s one easy hack that Modi describes. Any app that you download from the app store on your phone asks for a set of permissions, which mostly come as an ‘all or nothing’ option. You either grant all the access it asks for, or you can’t download the app. Suppose, you grant a scrabble app access to your text messages. Your number can then be accessed by the app provider. Now think about how your banking transactions are verified — with a one-time password sent as a text message. With access to your text messages, entering that password would hardly be a challenge for hackers, says Modi. Or, suppose you were to set up a new WhatsApp account with that same number. The verification, like we all know, comes through a one-time password sent to your number. With access to your text messages, the hacker is given a virtual key to your entire WhatsApp history.<br /> <br />Or, take for instance, an app that requests access to your SD card (the storage card in your phone). With that permission, the app gets access to everything on your SD card, including your most private photos. Modi’s company Lucideus recently came out with an app, UnHack, that scans your phone to see which apps can access what data. If you use the app, you will find that not only can Facebook access the call logs on your phone, but apps like Wunderlist (which organises to-do lists) and Pocket (which stores articles for future offline reading) can access your contacts as well. The apps from TED (of TED Talks fame) as well as Flipkart can see as well as edit your personal photos and documents.<br /> <br />Companies —Uber, for instance — have in the past been found to be frivolous with data collected. Late last year, Uber greeted a Buzzfeed reporter who had arrived at the company’s New York headquarters with “There you are — I was tracking you”. No prior permission was sought. A venture capitalist, Peter Sims, had written earlier that his exact whereabouts in New York were displayed to a room full of people as part of a demonstration at a company event in Chicago.<br /> <b><br />Information Overload</b><br />Adam Tanner, a Harvard fellow and a Forbes columnist, was at an annual conference of the Direct Marketers Association, where he noticed a list of names of 1.8 million people with erectile dysfunction (ED), along with their email addresses and numbers. The organisers claimed the details were volunteered by the people themselves. Knowing that ED is something that men rarely admit to, he made the organisers an offer — “Let me purchase a list of a thousand people, and write to them to see if they know that they are on such a list.” The organisers refused, saying it would be an immoral use of their data. From this, one can tell that the information came from websites that took their details, promising a cure.<br /> <br />This, and other similar anecdotes made their way to his recent book, What Stays in Vegas, which deals with the world of personal data and the end of privacy as we know it. When Tanner meets Indians, he brings up matrimonial websites. What surprises him is the volume of information that people disclose. To westerners, details such as sub-caste or blood type, as well as in many cases the admission that a person is HIV+ is an outright breach of privacy. That people would volunteer to put this out in public is shocking. “When you are looking for a suitable match, giving the information may be important at the moment, but you must not forget that once something is on the Internet, it can never be completely deleted,” he warns.</p>
<p style="text-align: justify; ">But what is the problem if somebody has all the details, you may ask. Is the potential risk greater than the possibility of a perfect match? A PTI report from 2009 talks about a confession by an Indian Mujahideen operative who used information from such sites to get a student identity card as well as a driving licence. Mukul Shrivastava, a partner in the forensic practice at EY, gives you another alarming scenario. Let’s say somebody trawls your Facebook, what is the amount of information that such a person can get access to? Your daily routine, your physical movement, your favourite restaurant or whether you will be at home at a certain time (from a status message like “Can’t wait to watch the Devils trouncing Liverpool at ManU Café tonight!”). Even if a physical attack is not on the agenda, much of the information can be used to guess security questions (favourite cat, first school) and find out required details for phone banking (date of birth, email address, mother’s name). An HDFC Bank official says there is a rise in vishing (the voice equivalent of phishing) attacks, where people with access to bank account numbers as well as personal details pose as bank executives and lure customers with special benefits and convince them to divulge their banking passwords. <br /> <br />Security is an individual’s responsibility, says Sunil Abraham. “You have to remember that you have volunteered to put the information online,” he says. Information once put online is not private anymore. It’s like making an announcement in a large hall that is broadcast on TV. That’s what the Internet is. And once the Internet gets to know, it can never really be forgotten, says Vishnu Gopal, chief technology officer at MobME, a mobile value-added services provider. It will be available on some weblink or at least on archive.org, which claims to have ‘435 billion pages saved over time’.<br /> <br />While reclaiming lost information might be difficult, one can still reclaim privacy. Both Facebook and Gmail have options to disable monitoring by other applications. It might be worthwhile to pay the permissions page a visit. Routine password changes, as well as keying them in every time (rather than saving them on the system) might be worth the trouble. That said, nothing works like caution.</p>
<p style="text-align: justify; "><b>An Attacking Refrigerator!</b><br />A year ago, Proofpoint, a US-based security solutions provider, noticed an unusual type of cyber attack. Emails were sent in batches of about a lakh, thrice a day, aimed at slowing down large enterprises. What was unique about this attack was that upto 25 per cent of the volume was sent by devices other than computers, laptops, mobile phones or such devices. Instead, the emails came from everyday consumer electronic items like network routers, televisions, and at least one refrigerator, according to the company, with not more than 10 emails from any one device, making the attack difficult to block. This is now known as the first Internet of Things or IoT-based attack, where connected everyday-use devices are hacked into and used as cyber weaponry.</p>
<p style="text-align: justify; "> </p>
<div>With the IoT, you have devices talking to one another, opening up multiple places to be breached, says MobME’s Gopal. From your shoe to T-shirt, everything becomes a potential bot. India should be concerned. Research by securities provider Symantec says India tops the list of countries wherein Distributed Denial of Service (DDoS) attacks originate. DDoS attacks are those where hundreds of bots target a website (say, an e-commerce company) on its big discount day, thereby slowing down traffic to the site. The report says a bot’s services can be bought for as low as Rs 300 to bring down a site for a few minutes. Monthly subscription plans are available for lengthier attacks.</div>
<div>Corporates can never be too careful, feels Shrivastava who, as part of his investigations, comes across several instances where companies are hacked into because of lack of best practices. How many companies have blocked pen drives on office machinery, he asks. In a tiny device, a humungous amount of data can be stolen. Till the first incident happens, nobody realises the importance of security, he says. For example, at EY, the IT security does not permit copying of the text of emails by the recipient. Recent reports suggest that the JP Morgan security breach was the result of neglect of one of its servers in terms of a security upgrade.</div>
<div></div>
<div>According to a study by Microsoft, the estimated loss to enterprises from lost data in 2014 was $491 billion.</div>
<div></div>
<div><b>You Against The Mafia</b><br />The fight really is about who’s weaker, says Altaf Halde, managing director, Kaspersky Lab-South Asia. “The problem here is the consumer.” Nothing excuses us from not protecting ourselves. That includes getting an anti-virus installed, but most people often disable it when it flags a particular activity that we want to pursue online. <br /> <br />Halde also brings up the BYOD (bring your own device) culture that is taking root. Asking employees to bring their own devices could help cut costs for a company, but that also brings in their inadequate protection, which could potentially translate into a much higher cost to the company, he says. <br /> <br />On the other side of the ring is the virtual underground mafia that profits from all types of data that get compromised — details of one’s sexual preferences, favourite restaurants or credit card details. Modi says in underground circles, the going rate for a stolen credit card number is $2.2 for a Visa, $2.5 for a MasterCard and $3 for an AmEx number. Transactions are made through crypto-currencies such as bitcoins, making them virtually untraceable.<br /> <br />As Modi says, the ideal scenario would be for all of us to throw away our smartphones and live an entirely offline existence. “But since that isn’t feasible, let’s embrace the risk, but with adequate measures to ensure that we are not affected.”</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-world-9-2-2015-abraham-c-mathews-www-the-hackers-haven'>http://editors.cis-india.org/internet-governance/news/business-world-9-2-2015-abraham-c-mathews-www-the-hackers-haven</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2015-02-05T02:20:04ZNews ItemNational Seminar on Cyber Security & Cyber Laws - Issues and Concerns
http://editors.cis-india.org/internet-governance/news/national-seminar-cyber-security-and-cyber-laws
<b>Sharath Chandra Ram was a panelist at this seminar organized by the Advanced Centre for Research, Development & Training in Cyber Laws & Forensics on December 27 and 28, 2014 at the National Law School of India University in Bangalore.</b>
<p style="text-align: justify; ">Sharath was part of a plenary session on "Multi-Disciplinary Challenges in Ensuring Cyber Security". He spoke about 'multi-stakeholderim in cyber security and CERT programs of nations'.</p>
<hr />
<p style="text-align: center; "><b><span style="text-decoration: underline;">PROGRAMME SCHEDULE </span></b></p>
<table class="grid listing">
<tbody>
<tr>
<td colspan="5">
<p align="center"><b>Day 1 - 27<sup>th</sup> December 2014 </b> <b> </b></p>
</td>
</tr>
<tr>
<td>
<p><b>09:00- 10:00</b></p>
</td>
<td colspan="4">
<p align="center">REGISTRATION</p>
</td>
</tr>
<tr>
<td>
<p><b><span style="text-decoration: underline;">10:00- 11:00</span></b></p>
<p><b><span style="text-decoration: underline;">INAUGURAL </span></b></p>
<p><b><span style="text-decoration: underline;">SESSION</span></b></p>
<p>AT</p>
<p>SHRI.</p>
<p>KRISHNAPPA</p>
<p>MEMORIAL HALL</p>
<p>[ACADEMIC BLOCK]</p>
</td>
<td colspan="4">
<p>Welcome & Introduction:<b> Dr. Nagarathna. A., </b> Seminar Director</p>
<p><b> </b></p>
<p>Inaugural Address:<b> Shri. Pratap Reddy,</b> IPS, IGP, Internal Security Division, Karnataka Police, Bangalore</p>
<p><b> </b></p>
<p>Key Note Address:<b> Dr. R. Venkata Rao, </b>Vice Chancellor, NLSIU</p>
<p><b> </b></p>
<p>Vote of Thanks:<b> Dr. T. V. Subba Rao, </b>Senior Professor, NLSIU</p>
</td>
</tr>
<tr>
<td>
<p><b>11:00-11:45</b></p>
</td>
<td colspan="4">
<p align="center">GROUP PHOTO & TEA BREAK</p>
</td>
</tr>
<tr>
<td>
<p><b><span style="text-decoration: underline;">11:45-01:00</span></b></p>
<p><b><span style="text-decoration: underline;">PLENARY</span></b></p>
<p><b><span style="text-decoration: underline;">SESSION</span></b></p>
<p>AT</p>
<p>SHRI.</p>
<p>KRISHNAPPA</p>
<p>MEMORIAL HALL</p>
<p>[ACADEMIC BLOCK]<b> </b></p>
</td>
<td colspan="4">
<p align="center">THEME: <b> </b><b>"MULTI-DISCIPLINARY CHALLENGES IN ENSURING CYBER SECURITY"</b></p>
<p><b><span style="text-decoration: underline;">Members of the Panel:</span></b></p>
<p><b>1. </b> <b>Mr. Subrahmanya Boda, </b> CISO, GMR</p>
<p><b>2. </b> <b>Mr. Sunil Varkey, </b> CISO, WIPRO</p>
<p><b>3. </b> <b>Mr. Ramesh Kauta</b> , CISO, GE [India]</p>
<p><b>4. </b> <b>Mr. T T Thomas, </b> CTO Synergia Technologies,</p>
<p><b>5. </b> <b>Mr. Rahul Matthan, </b> Partner, Trilegal.<b> </b></p>
<p><b>6. </b> <b>Sharath Chandra Ram (Sharathchandra Ramakrishnan), </b> Researcher at Centre for Internet & Society</p>
<p><b>7. </b> <b>Mr. Srinivas P, </b> CISO, Infosys & Anchor, DSCI Bangalore Chapter [Moderator of the session]</p>
</td>
</tr>
<tr>
<td>
<p><b>01:00-02:00</b></p>
</td>
<td colspan="4">
<p align="center">LUNCH BREAK</p>
</td>
</tr>
<tr>
<td>
<p><b>venue </b> <b> </b></p>
</td>
<td colspan="2">
<p align="center"><b>Shri Krishnappa Memorial Hall (Academic Block)</b></p>
</td>
<td colspan="2">
<p align="center"><b>International Training Centre</b></p>
</td>
</tr>
<tr>
<td>
<p><b>02:00-03:30</b></p>
</td>
<td colspan="2">
<p align="center"><b>Technical Session 1</b></p>
</td>
<td colspan="2">
<p align="center"><b>Technical Session 2</b></p>
</td>
</tr>
<tr>
<td>
<p><b>03:30-04:00</b></p>
</td>
<td colspan="4">
<p align="center">TEA BREAK</p>
</td>
</tr>
<tr>
<td>
<p><b>04:00-05:30</b></p>
</td>
<td colspan="2">
<p align="center"><b>Technical Session 3</b></p>
</td>
<td colspan="2">
<p align="center"><b>Technical Session 4</b></p>
</td>
</tr>
<tr>
<td>
<p><b>6:00 to 7. 00</b></p>
</td>
<td colspan="4">
<p align="center"><b>CULTURAL EVENING </b></p>
<p align="center"><b>Venue: Quad, Academic Block </b></p>
</td>
</tr>
<tr>
<td colspan="5">
<p align="center"><b>Day 2 - 28<sup>th</sup> December 2014</b> <b> </b></p>
</td>
</tr>
<tr>
<td>
<p><b>08:00-09:00</b></p>
</td>
<td colspan="4">
<p align="center">BREAK FAST</p>
</td>
</tr>
<tr>
<td>
<p><b>venue</b> <b> </b></p>
</td>
<td>
<p align="center"><b>Shri Krishnappa Memorial Hall (Academic Block)</b></p>
</td>
<td colspan="2">
<p align="center"><b>International Training Centre</b></p>
</td>
<td>
<p><b>MPP Class Room (Academic Block)</b></p>
<p><b> </b></p>
</td>
</tr>
<tr>
<td>
<p><b>09:30- 11:00</b></p>
</td>
<td>
<p align="center"><b>Technical Session 5</b></p>
</td>
<td colspan="2">
<p align="center"><b>Technical Session 6</b></p>
</td>
<td>
<p><b>Technical Session 7</b></p>
</td>
</tr>
<tr>
<td>
<p><b>11:00- 11:30</b></p>
</td>
<td colspan="4">
<p align="center">TEA BREAK</p>
</td>
</tr>
<tr>
<td>
<p><b> </b></p>
</td>
<td>
<p><b>Shri Krishnappa Memorial Hall (Academic Block)</b></p>
</td>
<td colspan="2">
<p><b>International Training Centre</b></p>
</td>
<td>
<p><b>MPP Class Room (Academic Block)</b></p>
<p><b> </b></p>
</td>
</tr>
<tr>
<td>
<p><b>11:30-1:30</b></p>
</td>
<td>
<p align="center"><b>Technical Session 8</b></p>
</td>
<td colspan="2">
<p align="center"><b>Technical Session 9</b></p>
</td>
<td>
<p align="center"><b>Technical Session 10</b></p>
</td>
</tr>
<tr>
<td>
<p><b>01:30-02:30</b></p>
</td>
<td colspan="4">
<p align="center">LUNCH BREAK</p>
</td>
</tr>
<tr>
<td>
<p><b>02:30-03. 45</b></p>
<p><b> </b></p>
<p><b>PLENARY</b></p>
<p><b>SESSION</b></p>
<p><b> </b></p>
<p><b>AT </b></p>
<p><b>SHRI. </b></p>
<p><b>KRISHNAPPA </b></p>
<p><b>MEMORIAL HALL</b></p>
<p><b>[ACADEMIC BLOCK]</b></p>
</td>
<td colspan="4">
<p align="center">THEME: <b>"SECURING CYBER SPACE THROUGH INSTITUTIONAL INVOLVEMENT" </b><b> </b></p>
<p><b><span style="text-decoration: underline;">Members of the Panel:</span></b></p>
<p>1. <b>Dr. Kamble, </b>Director, Computer Emergency Response Team [CERT] India, Dept of Electronics & IT, Ministry of IT, Government of India</p>
<p>2. <b>Dr. S.B.N. Prakash, </b>Senior Professor of Law, NLSIU</p>
<p>3. <b>Mr. Naa Vijay Shankar,</b> Cyber Law Consultant, Bangalore</p>
<p>4. <b>Mr. Balasubramanya, </b>Vice President, Tata Consultancy Services, Bangalore</p>
<p><b>5. </b> <b>Mr. Ranganath,</b> Delivery Project Executive, IBM, Bangalore</p>
<p><b>6. </b> <b>Mr. Venkatesh Murthy, </b> Senior Manager, Cyber Forensics, Data Security Council of India [DSCI], Bangalore.<b> </b></p>
<p>7. <b>Mr. M. D. Sharath, </b>Dy. S. P., Cyber Police, Bangalore</p>
<p>8. <b>Dr. Nagarathna. A.,</b> Senior Assistant Prof of Law, NLSIU [Moderator]</p>
</td>
</tr>
<tr>
<td>
<p><b>3. 45 to 4. 00 </b></p>
</td>
<td colspan="4">
<p>TEA BREAK</p>
</td>
</tr>
<tr>
<td>
<p><b>04:00-05:00 AT </b></p>
<p><b>SHRI. </b></p>
<p><b>KRISHNAPPA </b></p>
<p><b>MEMORIAL HALL</b></p>
<p><b>[ACADEMIC BLOCK]</b></p>
</td>
<td colspan="4">
<p align="center"><b><span style="text-decoration: underline;">VALEDICTORY SESSION </span></b></p>
<p>Seminar Resolutions:<b> Dr. T. V. Subba Rao, Senior Professor, NLSIU</b></p>
<p><b> </b></p>
<p>Valedictory Address & Distribution of Certificates: : <b>Dr. R. Venkata Rao,</b> Vice Chancellor, NLSIU</p>
<p>Vote of thanks:<b> Dr. Nagarathna. A., </b>Seminar Director</p>
</td>
</tr>
<tr>
<td><br /></td>
<td><br /></td>
<td><br /></td>
<td><br /></td>
<td><br /></td>
</tr>
</tbody>
</table>
<p align="center"> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/national-seminar-cyber-security-and-cyber-laws'>http://editors.cis-india.org/internet-governance/news/national-seminar-cyber-security-and-cyber-laws</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2014-12-31T02:04:37ZNews ItemCIS Cybersecurity Series (Part 21) – Gyanak Tsering
http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-21-gyanak-tsering
<b>CIS interviews Gyanak Tsering, Tibetan monk in exile, as part of the Cybersecurity Series.</b>
<p style="text-align: justify; "><i>“I have three mobile phones but I use only one to exchange information to and from Tibet. I don't give that number to anyone and nobody knows about it. High security forces me to use three phones. Usually a mobile phone can be tracked easily in many ways, especially by the network provider but my third mobile phone is not registered so that makes sure that the Chinese government cannot track me. The Chinese have a record of all mobile phone numbers and they can block them at anytime. But my third number cannot be traced and that allows me to communicate freely. This is only for security reasons so that my people in Tibet don't get into trouble.”</i></p>
<p style="text-align: justify; ">Centre for Internet and Society presents its twenty-first installment of the CIS Cybersecurity Series.</p>
<p style="text-align: justify; ">The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.</p>
<p style="text-align: justify; ">Gyanak Tsering is a Tibetan monk in exile, studying at Kirti Monastery, Dharamshala. He came to India in 1999, and has been using the internet and mobile phone technology, since 2008, to securely transfer information to and from Tibet. Tsering adds a new perspective to the cybersecurity debate and explains how his personal security is interlinked with internet security and mobile phone security.</p>
<h3 style="text-align: justify; ">Video</h3>
<table class="plain">
<tbody>
<tr>
<th><iframe frameborder="0" height="315" src="http://www.youtube.com/embed/mqSw3cy7MEc?list=UUwD4YvZvns0xOedAnzt6CYA" width="560"></iframe></th>
</tr>
</tbody>
</table>
<p><i>This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada</i>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-21-gyanak-tsering'>http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-21-gyanak-tsering</a>
</p>
No publisherpurbaCyber SecurityInternet GovernanceCyber Security InterviewPrivacy2014-09-06T05:08:44ZBlog EntryCIS Cybersecurity Series (Part 20) – Saumil Shah
http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-20-saumil-shah
<b>CIS interviews Saumil Shah, security expert, as part of the Cybersecurity Series.</b>
<blockquote class="quoted" style="text-align: justify; "><i>“If you look at the evolution of targets, from the 2000s to the present day, the shift has been from the servers to the individual. Back in 2000, the target was always servers. Then as servers started getting harder to crack, the target moved to the applications hosted on the servers, as people started using e-commerce applications even more. Eventually, as they started getting harder to crack, the attacks moved to the user's desktops and the user's browsers, and now to individual user identities and to the digital personas.”</i></blockquote>
<p style="text-align: justify; ">Centre for Internet and Society presents its twentieth installment of the CIS Cybersecurity Series.</p>
<p style="text-align: justify; ">The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.</p>
<p style="text-align: justify; ">Saumil Shah is a security expert based in Ahmedabad. He has been working in the field of security and security related software development for more than ten years, with a focus on web security and hacking.</p>
<h3 style="text-align: justify; ">Video</h3>
<table class="plain">
<tbody>
<tr>
<th><iframe frameborder="0" height="315" src="http://www.youtube.com/embed/2V39K8y68mc?list=UUwD4YvZvns0xOedAnzt6CYA" width="560"></iframe></th>
</tr>
</tbody>
</table>
<p><i>This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada</i>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-20-saumil-shah'>http://editors.cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-20-saumil-shah</a>
</p>
No publisherpurbaCyber SecurityInternet GovernanceCyber Security InterviewPrivacy2014-09-06T05:03:00ZBlog EntryThe trouble with trolls
http://editors.cis-india.org/news/livemint-july-22-2014-vishal-mathur-the-trouble-with-trolls
<b>Social networking sites give trolls the ability to hide their real identity and cause grief to others. Here is what you need to do if you face an online attack.</b>
<p style="text-align: justify; ">The article by Vishal Mathur was <a class="external-link" href="http://www.livemint.com/Leisure/5biF5tW7enAmzp0jsYrRGK/The-trouble-with-trolls.html">published in Livemint</a> on July 22, 2014. Sunil Abraham gave his inputs.</p>
<hr />
<p style="text-align: justify; ">Social networking sites give trolls the ability to hide their real identity and cause grief to others. Here is what you need to do if you face an online attack.</p>
<p style="text-align: justify; ">Though social networks were not designed with the intention of letting someone anonymously abuse another online, the reality is that people utilize the ability to hide behind online identities to threaten other users. These could be veiled attacks, direct abuse, or even threats to “cause bodily harm”. What can you do if you’re trolled and threatened on any social network? Follow our five-step guide. Avoid conversation if you can The responses could come in relation to something you may have just posted online. Or perhaps it could be just a random trolling attempt, to get a response from you. It is important to understand and identify such intentions. And as difficult as it may be, do not respond. Getting into a direct interaction with a bully only makes things worse. Report to the social network You should report any instance of cyber bullying or harassment to the host social network—the website or forum on which the interaction happened. There are various methods of getting in touch with the moderators—customer support email, contact submission forms or even via phone, in certain locations. Describe the problem in detail, and persist till the offending account is blocked from the platform. “Most social networks have systems that allow you to report abusive content and users. However, there is great variance in the speed with which they respond across different platforms, jurisdictions, etc.,” says Sunil Abraham, executive director at the Bangalore-based non-profit research organization Centre for Internet and Society. New Delhi-based Anja Kovacs, project director, at civil society organization Internet Democracy Project, adds: “Blocking and reporting an account can be two ways to stop harassment on some social networks, but on other platforms, such as Twitter, it is possible for the person to immediately make a new account under a different username, meaning that these measures do not necessarily stop the harassment.” Ankhi Das, director, public policy, India and South Asia at social network Facebook, says: “Every reported piece of content is reviewed. Serial offenders are notified for non-compliance.” Facebook’s Community Standards, that prevent harassment and offensive posts, have an 11-point categorization for reported content—violence and threats, hate speech, graphic content, bullying and harassment, to name some. Raheel Khursheed, head of news, politics and government at Twitter India, did not respond to our mail about how Twitter handles trolls at the time of going to press. On blogs and forums, it may be a bit easier to deal with trolling and abuse. If it is your own blog, you can delete comments and block users. If it is a forum, the administrator can do it for you. But, with social networks having millions of users, it is not possible to have one administrator managing it all. And it is not just Facebook and Twitter, all social networks have a method by which you can register your complaint. LinkedIn, for example, automatically blocks a user who gets multiple “I don’t know” responses to invitations to connect. There is a strong monitoring policy where any reported content (recommendations or direct messages) is examined and immediate warnings are sent out to offending parties. Keep a copy of the offensive posts Be it a post, or a series of posts, direct message or even an offending photograph, always save it for future reference. Never assume that the matter will end soon, and always prepare for the worst. Don’t ignore privacy settings Most people start using Facebook, Twitter and other social networks without paying much attention to the privacy settings—what content people can see on your page, and who can directly contact you. Be conservative in sharing information—the less you share, the lower the chances of someone picking on you. “Avoid friending or linking to people whom you don’t know in real life unless you are certain of the chain of trust that exists between you and the unknown person,” says Abraham. New Delhi-based cyber lawyer Apar Gupta, adds: “The privacy settings on most social networking platforms allow users to prevent (restrict) the audience for their posts as well as strangers from contacting them. This will prevent most cases of online harassment.” Get help from the law In case social networks are not able to effectively block a user, or are in some way unwilling to do so, take help from the law-enforcement authorities. File an FIR in the nearest police station. Unfortunately, the progress may not be very smooth. The reality is that not every law-enforcement officer may know about social networking sites. “You could try and go to the police, but without support from the social network platform, they are often at a loss to do much themselves,” warns Kovacs. The police may look for hints of threat to cause bodily harm or worse still, to life. In such cases, they may recommend the case to the Cyber Crime Cell of the Central Bureau of Investigation. “Generally, while the substantive offences do exist under law, the process for having them enforced is deficient. These are deeper structural problems of delay, investigation and conviction which are prevalent across criminal justice or civil litigation,” clarifies Gupta. Officials at the Cyber Crime Cell say they take up cases after reference from the local police, who file the report first and do a preliminary level of investigation. But it is important to realize that only the police and the law-enforcement agencies have the right to demand further details about the perpetrator from the social networks, starting with profile details and Internet Protocol (IP) addresses, which will help track the person down. Das clarifies: “Facebook has a point-of-contact system through which the law-enforcement agencies tell us what the actual case is, depending on severity. The police may ask us to take down particular content, or even ask for user information like IP info, to prevent real crime.” According to Facebook’s Government Requests Report for July-December 2013, the network restricted access to 4,765 pieces of content after requests from the Indian government and law-enforcement agencies.</p>
<div style="text-align: left; ">Read more at: <a href="http://www.livemint.com/Leisure/5biF5tW7enAmzp0jsYrRGK/The-trouble-with-trolls.html?utm_source=ref_article">http://www.livemint.com/Leisure/5biF5tW7enAmzp0jsYrRGK/The-trouble-with-trolls.html?utm_source=copy</a></div>
<div style="text-align: justify; "></div>
<p style="text-align: justify; ">Though social networks were not designed with the intention of letting someone anonymously abuse another online, the reality is that people utilize the ability to hide behind online identities to threaten other users. These could be veiled attacks, direct abuse, or even threats to “cause bodily harm”. What can you do if you’re trolled and threatened on any social network? Follow our five-step guide. <br /> <br /> <b>Avoid conversation if you can </b><br /> The responses could come in relation to something you may have just posted online. Or perhaps it could be just a random trolling attempt, to get a response from you. It is important to understand and identify such intentions. And as difficult as it may be, do not respond. Getting into a direct interaction with a bully only makes things worse. <br /> <br /> <b>Report to the social network </b><br /> You should report any instance of cyber bullying or harassment to the host social network—the website or forum on which the interaction happened. There are various methods of getting in touch with the moderators—customer support email, contact submission forms or even via phone, in certain locations. Describe the problem in detail, and persist till the offending account is blocked from the platform. “Most social networks have systems that allow you to report abusive content and users. However, there is great variance in the speed with which they respond across different platforms, jurisdictions, etc.,” says Sunil Abraham, executive director at the Bangalore-based non-profit research organization Centre for Internet and Society. New Delhi-based Anja Kovacs, project director, at civil society organization Internet Democracy Project, adds: “Blocking and reporting an account can be two ways to stop harassment on some social networks, but on other platforms, such as Twitter, it is possible for the person to immediately make a new account under a different username, meaning that these measures do not necessarily stop the harassment.” Ankhi Das, director, public policy, India and South Asia at social network Facebook, says: “Every reported piece of content is reviewed. Serial offenders are notified for non-compliance.” Facebook’s Community Standards, that prevent harassment and offensive posts, have an 11-point categorization for reported content—violence and threats, hate speech, graphic content, bullying and harassment, to name some. Raheel Khursheed, head of news, politics and government at Twitter India, did not respond to our mail about how Twitter handles trolls at the time of going to press. On blogs and forums, it may be a bit easier to deal with trolling and abuse. If it is your own blog, you can delete comments and block users. If it is a forum, the administrator can do it for you. But, with social networks having millions of users, it is not possible to have one administrator managing it all. And it is not just Facebook and Twitter, all social networks have a method by which you can register your complaint. LinkedIn, for example, automatically blocks a user who gets multiple “I don’t know” responses to invitations to connect. There is a strong monitoring policy where any reported content (recommendations or direct messages) is examined and immediate warnings are sent out to offending parties. <br /> <br /> <b>Keep a copy of the offensive posts </b><br /> Be it a post, or a series of posts, direct message or even an offending photograph, always save it for future reference. Never assume that the matter will end soon, and always prepare for the worst. <br /> <br /> <b>Don’t ignore privacy settings </b><br /> Most people start using Facebook, Twitter and other social networks without paying much attention to the privacy settings—what content people can see on your page, and who can directly contact you. Be conservative in sharing information—the less you share, the lower the chances of someone picking on you. “Avoid friending or linking to people whom you don’t know in real life unless you are certain of the chain of trust that exists between you and the unknown person,” says Abraham. New Delhi-based cyber lawyer Apar Gupta, adds: “The privacy settings on most social networking platforms allow users to prevent (restrict) the audience for their posts as well as strangers from contacting them. This will prevent most cases of online harassment.” <br /> <br /> <b>Get help from the law </b><br /> In case social networks are not able to effectively block a user, or are in some way unwilling to do so, take help from the law-enforcement authorities. File an FIR in the nearest police station. Unfortunately, the progress may not be very smooth. The reality is that not every law-enforcement officer may know about social networking sites. “You could try and go to the police, but without support from the social network platform, they are often at a loss to do much themselves,” warns Kovacs. The police may look for hints of threat to cause bodily harm or worse still, to life. In such cases, they may recommend the case to the Cyber Crime Cell of the Central Bureau of Investigation. “Generally, while the substantive offences do exist under law, the process for having them enforced is deficient. These are deeper structural problems of delay, investigation and conviction which are prevalent across criminal justice or civil litigation,” clarifies Gupta. Officials at the Cyber Crime Cell say they take up cases after reference from the local police, who file the report first and do a preliminary level of investigation. But it is important to realize that only the police and the law-enforcement agencies have the right to demand further details about the perpetrator from the social networks, starting with profile details and Internet Protocol (IP) addresses, which will help track the person down. Das clarifies: “Facebook has a point-of-contact system through which the law-enforcement agencies tell us what the actual case is, depending on severity. The police may ask us to take down particular content, or even ask for user information like IP info, to prevent real crime.” According to Facebook’s Government Requests Report for July-December 2013, the network restricted access to 4,765 pieces of content after requests from the Indian government and law-enforcement agencies.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/livemint-july-22-2014-vishal-mathur-the-trouble-with-trolls'>http://editors.cis-india.org/news/livemint-july-22-2014-vishal-mathur-the-trouble-with-trolls</a>
</p>
No publisherpraskrishnaCyber SecuritySocial MediaInternet GovernancePrivacy2014-07-28T05:42:36ZNews ItemCyber crimes shoot up 52% in India over last year
http://editors.cis-india.org/news/the-hindu-business-line-july-2-2014-kv-kurmanath-cyber-crimes-shoot-up-in-india-over-last-year
<b>There has been a sharp increase in the incidence of cyber crime in the country. The number of cases registered in 2013 under the IT Act has gone up by 52 per cent to 4,192 as against 2,761 in the previous year. </b>
<p style="text-align: justify; ">The article by K.V.Kurmanath was <a class="external-link" href="http://www.thehindubusinessline.com/news/cyber-crimes-shoot-up-52-in-india-over-last-year/article6168812.ece?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication">published in the Hindu Businessline</a> on July 2, 2014. Bhairav Acharya gave his inputs.</p>
<hr />
<p style="text-align: justify; ">If you add the cases registered under the IPC, the total number of cyber crime cases crosses the 5,500-mark. Police across the country arrested 3,301 persons in connection with these cases.</p>
<p style="text-align: justify; ">Maharashtra and Andhra Pradesh (undivided) have topped the list with 681 and 635 cases respectively under the IT Act, both showing an almost 50 per cent growth in cyber crimes over the previous year. In the previous year, Maharashtra had registered 471 and Andhra Pradesh 429.</p>
<p style="text-align: justify; ">Cyber security experts have been cautioning people to be careful while using the Internet. Besides increasing the security of the networks they are using, users must be careful while engaging with strangers.</p>
<p style="text-align: justify; ">A recent Microsoft report said many customer infections involve users tricked to install secondary offers, indicating a shift in malware proliferation. According to the latest data provided by the National Crime Records Bureau, the official chronicler of crime in the country, cyber crime registered under the Indian Penal Code (IPC) has shown a much higher growth rate of 122 per cent in 2013 over the previous year’s figure. IPC cases went up to 1,316 in 2013 from 595 in the previous year. Maharashtra topped the list here too with the cops booking 226 cases in this category.</p>
<h3 style="text-align: justify; ">Wrong nomenclature?</h3>
<p style="text-align: justify; ">Bhairav Acharya of the Centre for Internet and Society feels that the term cyber crime has not been defined well. “It is time we do away with the practice of calling any crime a ‘cyber crime’ just because the person who does it uses a computer,” he said.</p>
<p style="text-align: justify; ">“Instead, I think the term ‘cyber crime’ should only be used in relation to offences that can only be committed by using information and communications technology (ICT) such as the internet (which is comprised of the world wide web, email protocols, file transfer protocols, and more) as well as network infrastructure that is not the internet,” he said.</p>
<p style="text-align: justify; ">Hence, only if there is a direct causal link between the crime and ICT and network technology should a crime be called a cyber crime, Acharya says.</p>
<p style="text-align: justify; ">Other States with a high number of cases booked under the IT Act include Karnataka (513), Kerala (349), Madhya Pradesh (282) and Rajasthan (239). Gujarat showed a decline with the number coming down to 61 from 68 in the previous year.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/the-hindu-business-line-july-2-2014-kv-kurmanath-cyber-crimes-shoot-up-in-india-over-last-year'>http://editors.cis-india.org/news/the-hindu-business-line-july-2-2014-kv-kurmanath-cyber-crimes-shoot-up-in-india-over-last-year</a>
</p>
No publisherpraskrishnaCyber SecurityInternet GovernanceSocial Media2014-07-03T10:14:26ZNews ItemConsultation to Frame Rules under the Whistle Blowers Protection Act, 2011
http://editors.cis-india.org/news/consultation-to-frame-rules-under-whistle-blowers-protection-act-2011
<b>The National Campaign for People's Right to Information (NCPRI) and Centre for Communication Governance at National Law University, Delhi (CCG at NLUD) invite you to a consultation to draft rules under the Whistle Blowers Protection Act, 2011. </b>
<p style="text-align: justify; ">The consultation will bring together various stakeholders to discuss the initial stages of framing the draft rules for the legislation. It will take place from 10:00 a.m. to 5:00 p.m. on July 5, 2014 at National Law University, Delhi. Bhairav Acharya will be participating in this event.</p>
<p style="text-align: justify; ">Click to download:</p>
<ul>
<li><a href="http://editors.cis-india.org/internet-governance/blog/consultation-to-frame-rules-under-whistle-blowers-protection-act-2014.pdf" class="internal-link">Consultation to Frame Rules under the Whistle Blowers Protection Act, 2014</a></li>
<li><a href="http://editors.cis-india.org/internet-governance/blog/whistle-blowers-protection-act-2014.pdf" class="internal-link">The Whistle Blowers Protection Act, 2014</a></li>
</ul>
<p>
For more details visit <a href='http://editors.cis-india.org/news/consultation-to-frame-rules-under-whistle-blowers-protection-act-2011'>http://editors.cis-india.org/news/consultation-to-frame-rules-under-whistle-blowers-protection-act-2011</a>
</p>
No publisherpraskrishnaCyber SecurityInternet GovernancePrivacy2014-07-02T08:03:55ZNews ItemCIS Cybersecurity Series (Part 14) – Menaka Guruswamy
http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-14-2013-menaka-guruswamy
<b>CIS interviews Menaka Guruswamy, lawyer at the Supreme Court of India, as part of the Cybersecurity Series.</b>
<div><em>"The courts have rarely used privacy to stop the Indian state from getting into someone's business. So jurisprudentially, it is a weak challenge when you mount a rights based or a privacy right challenge against surveillance by the state. Because the answer of the state to that has always been, and as has been Obama's answer in the United States, that there are national security concerns. And usually national security will trump individual privacy."</em></div>
<div> </div>
<div>Centre for Internet and Society presents its fourteenth installment of the CIS Cybersecurity Series. </div>
<div>The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic. </div>
<div> </div>
<div>Menaka Guruswamy practices law at the Supreme Court of India. She was a Rhodes Scholar at Oxford University, and a Gammon Fellow at Harvard Law School, and a gold medalist from the National Law School of India. She has law degrees from all three schools, with a focus on Constitutional Law and Public International Law. Guruswamy has worked at the Office of the Attorney General of India, the highest office that represents the federal government of India in the Supreme Court of India.</div>
<div> </div>
http://youtu.be/GCDD6Z-UrGI
<div> </div>
<div> </div>
<iframe src="//www.youtube.com/embed/GCDD6Z-UrGI" frameborder="0" height="315" width="560"></iframe>
<div>
<div><strong><br /></strong></div>
<div><strong>This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.</strong></div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-14-2013-menaka-guruswamy'>http://editors.cis-india.org/internet-governance/cis-cybersecurity-series-part-14-2013-menaka-guruswamy</a>
</p>
No publisherpurbaCyber SecurityInternet GovernanceCyber Security Interview2014-07-21T10:39:03ZBlog Entry India needs better cyber police
http://editors.cis-india.org/news/business-standard-may-23-2014-surabhi-agarwal-india-needs-better-cyber-police
<b>On Wednesday, one of the largest online shopping and auction portals, eBay, revealed that earlier this year, cybercriminals accessed details of 145 million of its customers.</b>
<p style="text-align: justify; ">The article by Surabhi Agarwal was <a class="external-link" href="http://www.business-standard.com/article/international/india-needs-better-cyber-police-114052201689_1.html">published in the Business Standard</a> on May 23, 2014. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">Even though eBay's customers' financial details are said to be safe, the incident is being termed a "historic breach" given the enormity of the data compromised. Globally, eBay is being criticised not just for its laxity in securing the digital perimeter but also for reacting too late. The company has said that it first came to know of the breach "two weeks" ago. Records that have been accessed contain passwords as well as email addresses, birth dates, mailing addresses and other personal information.</p>
<p style="text-align: justify; ">The situation is worse when it comes to reporting such instances in <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=India" target="_blank">India</a>, say <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Cyber+Security" target="_blank">cyber security</a> experts. The Indian Information Technology Act requires companies to adopt "reasonable security measures" to protect consumers' sensitive personal information such as passwords and financial details. It also makes companies duty bound to report breaches and also defines liabilities in case a firm is found not to be adhering to best data security practices. However, implementation is patchy and most such instances go unreported.</p>
<p style="text-align: justify; ">Pavan Duggal, an advocate specialising in cyber security, says most users do not come to know if there has been a breach. "Awareness is also low among consumers about the legal recourse available in case their data has been compromised," he adds. Unlike in the West, lack of a proper data protection and privacy law in India is to be blamed for this. "Companies, too, are inclined not to report such instances as they fear being negatively impacted in the market," he points out.</p>
<p style="text-align: justify; ">In case of a breach, a user can contact the adjudicating officer, which is the state infotech secretary, for legal recourse. However, the onus is on the user to prove the breach. In the US, a consumer can get a subpoena (court order) issued against a company that makes it duty bound to provide details of the breach. "In India, the regime is too lax. It is very difficult to notify the government," says Sunil Abraham, executive director of the Centre for Internet and Society.</p>
<p style="text-align: justify; ">"There are stringent compliance requirements in countries such as the US. The laws in India need to come tougher if we want companies to become more serious about this," adds Duggal.</p>
<p style="text-align: justify; ">eBay has advised consumers, many of whom could be Indians, to immediately change their passwords. While people tend to use the same password across many sites, emails and phones numbers act as verifying tools for several financial transactions and could be misused. Moreover, unlike India, the US does not require additional authentication apart from credit card and CVV number, which makes transactions slightly more vulnerable. "It may be a good idea to include a one-time password as a security layer," says Abraham.</p>
<p style="text-align: justify; ">Over 200 million Indians are online. The Indian <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=E-commerce" target="_blank">e-commerce</a> market is estimated at $2 billion (Rs 12,000 crore) and is expected to cross $20 billion over the next four years.</p>
<p style="text-align: justify; ">"There is no such thing as 100 per cent protection in the digital world. The choice is between transacting online or not," says Akhilesh Tuteja, executive director of consulting firm KPMG. "Technology is becoming so sophisticated that what was good yesterday is not good today." A bigger dialogue is needed on people treating theft of digital assets just as they would physical assets, he adds.</p>
<p style="text-align: justify; ">The last big breach was reported at software maker Adobe Systems in October 2013, when it was uncovered that hackers accessed about 152 million user accounts. Last December Target said some 40 million payment card numbers and another 70 million customer records were hacked into.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/business-standard-may-23-2014-surabhi-agarwal-india-needs-better-cyber-police'>http://editors.cis-india.org/news/business-standard-may-23-2014-surabhi-agarwal-india-needs-better-cyber-police</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2014-06-04T07:56:33ZNews ItemCyber Dialogue Conference 2014
http://editors.cis-india.org/news/cyber-dialogue-conference-2014
<b>The Cyber Dialogue conference, presented by the Canada Centre for Global Security Studies at the Munk School of Global Affairs, University of Toronto, will convene an influential mix of global leaders from government, civil society, academia and private enterprise to participate in a series of facilitated public plenary conversations and working groups around cyberspace security and governance.</b>
<p style="text-align: justify; ">Malavika Jayaram is <a class="external-link" href="http://www.cyberdialogue.ca/2014-participants/">participating in this event</a> being held on March 30 and 31, 2014. Full event <a class="external-link" href="http://www.cyberdialogue.ca/">details here</a>.</p>
<hr style="text-align: justify; " />
<h2 style="text-align: justify; ">After Snowden, Whither Internet Freedom?</h2>
<p style="text-align: justify; ">A recent stream of documents leaked by former NSA contractor Edward Snowden has shed light on an otherwise highly secretive world of cyber surveillance. Among the revelations — which include details on mass domestic intercepts and covert efforts to shape and weaken global encryption standards — perhaps the most important for the future of global cyberspace are those concerning the way the U.S. government compelled the secret cooperation of American telecommunications, Internet, and social media companies with signals intelligence programs.</p>
<p style="text-align: justify; ">For American citizens, the NSA story has touched off soul-searching discussions about the legality of mass surveillance programs, whether they violate the Fourth and Fifth Amendments of the U.S. Constitution, and whether proper oversight and accountability exist to protect American citizens' rights. But for the rest of the world, they lay bare an enormous “homefield advantage” enjoyed by the United States — a function of the fact that AT&T, Verizon, Google, Facebook, Twitter, Yahoo!, and many other brand name giants are headquartered in the United States.</p>
<p style="text-align: justify; ">Prior to the Snowden revelations, global governance of cyberspace was already at a breaking point. The vast majority of Internet users — now and into the future — are coming from the world’s global South, from regions like Africa, Asia, Latin America, and the Middle East. Of the six billion mobile phones on the planet, four billion of them are already located in the developing world. Notably, many of the fastest rates of connectivity to cyberspace are among the world’s most fragile states and/or autocratic regimes, or in countries where religion plays a major role in public life. Meanwhile, countries like Russia, China, Saudi Arabia, Indonesia, India, and others have been pushing for greater sovereign controls in cyberspace. While a US-led alliance of countries, known as the Freedom Online Coalition, was able to resist these pressures at the Dubai ITU summit and other forums like it, the Snowden revelations will certainly call into question the sincerity of this coalition. Already some world leaders, such as Brazil’s President Rousseff, have argued for a reordering of governance of global cyberspace away from U.S. controls.</p>
<p style="text-align: justify; ">For the fourth annual Cyber Dialogue, we are inviting a selected group of participants to address the question, “After Snowden, Whither Internet Freedom?” What are the likely reactions to the Snowden revelations going to be among countries of the global South? How will the Freedom Online Coalition respond? What is the future of the “multi-stakeholder” model of Internet governance? Does the “Internet Freedom” agenda still carry any legitimacy? What do we know about “other NSA’s” out there? What are the likely implications for rights, security, and openness in cyberspace of post-Snowden nationalization efforts, like those of Brazil’s?</p>
<p style="text-align: justify; ">As in previous Cyber Dialogues, participants will be drawn from a cross-section of government (including law enforcement, defence, and intelligence), the private sector, and civil society. In order to canvass worldwide reaction to the Snowden revelations, this year’s Cyber Dialogue will include an emphasis on thought leaders from the global South, including Africa, Asia, Latin America, and the Middle East.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/cyber-dialogue-conference-2014'>http://editors.cis-india.org/news/cyber-dialogue-conference-2014</a>
</p>
No publisherpraskrishnaFreedom of Speech and ExpressionCyber SecurityInternet GovernancePrivacy2014-04-08T05:09:54ZNews ItemElectoral Databases – Privacy and Security Concerns
http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns
<b>In this blogpost, Snehashish Ghosh analyzes privacy and security concerns which have surfaced with the digitization, centralization and standardization of the electoral database and argues that even though the law provides the scope for protection of electoral databases, the State has not taken any steps to ensure its safety.</b>
<p></p>
<p> </p>
<p style="text-align: justify; ">The recent move by the Election Commission of India (ECI) to tie-up with Google for providing electoral look-up services for citizens and electoral information services has faced heavy criticism on the grounds of data security and privacy.<a href="#_edn1" name="_ednref1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[i]</span></span></a> After due consideration, the ECI has decided to drop the plan.<a href="#_edn2" name="_ednref2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a></p>
<p style="text-align: justify; ">The plan to partner with Google has led to much apprehension regarding Google gaining access to the database of 790 million voters including, personal information such as age, place of birth and residence. It could have also gained access to cell phone numbers and email addresses had the voter chosen to enroll via the online portal on the ECI website. Although, the plan has been cancelled, it does not necessarily mean that the largest database of citizens of India is safe from any kind of security breach or abuse. In fact, the personal information of each voter in a constituency can be accessed by anyone through the ECI website and the publication of electoral rolls is mandated by the law.</p>
<p style="text-align: justify; "><b>Publication of Electoral Rolls</b><br />The electoral roll essentially contains the name of the voter, name of the relationship (son of/wife of, etc.), age, sex, address and the photo identity card number. The main objective of creation and maintenance of electoral rolls and the issue of Electoral Photo Identity Card (EPIC) was to ensure a free and fair election where the voter would have been able to cast his own vote as per his own choice. In other words, the main purpose of the exercise was to curtail bogus voting. This is achieved by cross referencing the EPIC with the electoral roll.</p>
<p style="text-align: justify; ">The process of creation and maintenance of electoral rolls is governed by the Registration of Electors Rules, 1960. Rule 22 requires the registration officer to publish the roll with list of amendments at his office for inspection and public information. Furthermore, ECI may direct the registration officer to send two copies of the electoral roll to every political party for which a symbol has exclusively been reserved by the ECI. It can be safely concluded that the electoral roll of a constituency is a public document<a href="#_edn3" name="_ednref3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a> given that the roll is published and can be circulated on the direction of the ECI.</p>
<p style="text-align: justify; ">With the computational turn, in 1998 the ECI took the decision to digitize the electoral databases. Furthermore, printed electoral rolls and compact discs containing the rolls are available for sale to general public.<a href="#_edn4" name="_ednref4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iv]</span></span></a> In addition to that, the electoral rolls for the entire country are available on the ECI website.<a href="#_edn5" name="_ednref5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[v]</span></span></a> However, the current database is not uniform and standardized, and entries in some constituencies are available only in the local language. The ECI has taken steps to make the database uniform, standardized and centralized.<a href="#_edn6" name="_ednref6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vi]</span></span></a></p>
<p style="text-align: justify; "><b>Security Concerns</b><br />The Registration of Electoral Rules, 1960 is an archaic piece of delegated legislation which is still in force and casts a statutory duty on the ECI to publish the electoral rolls. The publication of electoral rolls is not a threat to security when it is distributed in hard copies and the availability of electoral rolls is limited. The security risks emerge only after the digitization of electoral database, which allows for uniformity, standardization and centralization of the database which in turn makes it vulnerable and subject to abuse. The law has failed to evolve with the change in technology.</p>
<p style="text-align: justify; ">In a recent article, Bill Davidow analyzes "the dark side of Moore’s Law" and argues that with the growth processing power there has been a growth in surveillance capabilities and on this note the article is titled, “<i>With Great Computing Power Comes Great Surveillance”</i><a href="#_edn7" name="_ednref7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vii]</span></span></a> Drawing from Davidow’s argument, with the exponential growth in computing power, search has become convenient, faster and cheap. A uniform, standardized and centralized database bearing the personal information of 790 million voters can be searched and categorized in accordance with the search terms. The personal information of the voters can be used for good, but it can be equally abused if it falls into the wrong hands. Big data analysis or the computing power makes it easier to target voters, as bits and pieces of personal information give a bigger picture of an individual, a community, etc. This can be considered intrusive on individual’s privacy since the personal information of every voter is made available in the public domain</p>
<p style="text-align: justify; ">For example, the availability of a centralized, searchable database of voters along with their age would allow the appropriate authorities to identify wards or constituencies, which has a high population of voters above the age of 65. This would help the authority to set up polling booths at closer location with special amenities. However, the same database can be used to search for density of members of a particular community in a ward or constituency based on the name, age, sex of the voters. This information can be used to disrupt elections, target vulnerable communities during an election and rig elections.</p>
<p style="text-align: justify; "><b>Current IT Laws does not mandate the protection of the electoral database</b><br />A centralized electoral database of the entire country can be considered as a critical information infrastructure (CII) given the impact it may have on the election which is the cornerstone of any democracy. Under Section 70 of the Information Technology Act, 2000 (IT Act) CII means “the computer resource, incapacitation or destruction of which, shall have debilitating impact on national security, economy.”<a href="#_edn8" name="_ednref8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[viii]</span></span></a> However, the appropriate Government has not notified the electoral database as a protected system<a href="#_edn9" name="_ednref9"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ix]</span></span></a>. Therefore, information security practices and procedures for a protected system are not applicable to the electoral database.</p>
<p style="text-align: justify; ">The Information Technology Rules (IT Rules) are also not applicable to electoral databases, <i>per se</i>. Since, ECI is not a body corporate, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011 (<i>hereinafter </i>Reasonable Security Practices Rules) do not apply to electoral databases. Ignoring that Reasonable Security Practices Rules only apply to a body corporate, the electoral database does fall within the ambit of definition of “personal information”<a href="#_edn10" name="_ednref10"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[x]</span></span></a> and should arguably be made subject to the Rules.</p>
<p style="text-align: justify; ">The intent of the ECI for hosting the entire country’s electoral database online <i>inter alia</i> is to provide electronic service delivery to the citizens. It seeks to provide “electoral look up services for citizens ... for better electoral information services.”<a href="#_edn11" name="_ednref11"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span></a> However, the Information Technology (Electronic Service Delivery) Rules, 2011 are not applicable to the electoral database given that it is not notified by the appropriate Government as a service to be delivered electronically. Hence, the encryption and security standards for electronic service delivery are not applicable to electoral rolls.</p>
<p style="text-align: justify; ">The IT Act and the IT Rules provide a reasonable scope for the appropriate Government to include electoral databases within the ambit of protected system and electronic service delivery. However, the appropriate government has not taken any steps to notify electoral database as protected system or a mode of electronic service delivery under the existing laws.</p>
<p style="text-align: justify; "><b>Conclusion</b><br />Publication of electoral rolls is a necessary part of an election process. It ensures free and fair election and promotes transparency and accountability. But unfettered access to electronic electoral databases may have an adverse effect and would endanger the very goal it seeks to achieve because the electronic database may pose threat to privacy of the voters and also lead to security breach. It may be argued that the ECI is mandated by the law to publish the electoral database and hence, it is beyond the operation of the IT Act. But Section 81 of the IT Act has an overriding effect on any law inconsistent, therewith. The appropriate Government should take necessary steps under the IT Act and notify electoral databases as a protected system.</p>
<p style="text-align: justify; ">It is recommended that the Electors Registration Rules, 1960 should be amended, taking into account the advancement in technology. Therefore, the Rules should aim at restricting the unfettered electronic access to the electoral database and also introduce purposive limitation on the use of the electoral database. It should also be noted that more adequate and robust data protection and privacy laws should be put in place, which would regulate the collection, use, storage and processing of databases which are critical to national security.</p>
<div>
<hr align="left" size="1" width="100%" />
<div id="edn1">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref1" name="_edn1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[i]</span></span></a> Pratap Vikram Singh, Post-uproar, EC’s Google tie-up plan may go for a toss, Governance Now, January 7, 2014 available at <a class="external-link" href="http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss">http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss</a></p>
</div>
<div id="edn2">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref2" name="_edn2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a> Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at <a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf">http://eci.nic.in/eci_main1/current/PN09012014.pdf</a></p>
</div>
<div id="edn3">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref3" name="_edn3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a> Section 74, Indian Evidence Act, 1872</p>
</div>
<div id="edn4">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref4" name="_edn4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iv]</span></span></a> <a class="external-link" href="http://eci.nic.in/eci_main1/the_function.aspx">eci.nic.in/eci_main1/the_function.aspx</a></p>
</div>
<div id="edn5">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref5" name="_edn5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[v]</span></span></a> <a class="external-link" href="http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx">http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx</a></p>
</div>
<div id="edn6">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref6" name="_edn6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vi]</span></span></a> “At present, in most States and UTs the Electoral Database is kept at the district level. In some cases it is kept even with the vendors. In most States/UTs it is maintained in MS Access, while in some cases it is on a primitive technology like FoxPro and in some other cases on advanced RDBMS like Oracle or Sql Server. The database is not kept in bilingual form in some of the States/UTs, despite instructions of the Commission. In most cases Unicode fonts are not used. The database structure not being uniform in the country, makes it almost impossible for the different databases to talk to each other” – Election Commission of India, Revision of Electoral Rolls with reference to 01-01-2010 as the qualifying date – Integration and Standardization of the database- reg., No. 23/2009-ERS, January 6, 2010 available at e<a class="external-link" href="http://eci.nic.in/eci_main/eroll&epic/ins06012010.pdf">ci.nic.in/eci_main/eroll&epic/ins06012010.pdf</a><span dir="RTL"></span></p>
</div>
<div id="edn7">
<p class="MsoEndnoteText"><a href="#_ednref7" name="_edn7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vii]</span></span></a><a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf"><span><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"> </span></span></span>http://www.theatlantic.com/technology/archive/2014/01/with-great-computing-power-comes-great-surveillance/282933/</a></p>
</div>
<div id="edn8">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref8" name="_edn8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[viii]</span></span></a> Section 70, Information Technology Act, 2000</p>
</div>
<div id="edn9">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref9" name="_edn9"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ix]</span></span></a> Computer resource which directly or indirectly affects the facility of Critical Information Infrastructure</p>
</div>
<div id="edn10">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref10" name="_edn10"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[x]</span></span></a> Rule 2(1)(i), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011</p>
</div>
<div id="edn11">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref11" name="_edn11"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span></a> Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at <a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf">http://eci.nic.in/eci_main1/current/PN09012014.pdf</a></p>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns'>http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns</a>
</p>
No publishersnehashishDigital GovernancePrivacyCybersecurityData ProtectionInternet GovernanceSafetyInformation TechnologyCyber SecuritySecuritye-GovernanceTransparency, PoliticsE-Governance2014-01-16T11:07:21ZBlog Entry