Centre for Internet and Society

Launch of the Open Data Lab

praskrishna — 2015-02-07T12:56:48Z

World Wide Fund's first Open Data Lab was launched on February 5, 2015. It was launched at the Istana Ballroom, Sari Pan Pacific Hotel

For more details visit http://editors.cis-india.org/openness/blog-old/launch-of-the-open-data-lab

Library and Information Professionals Summit (LIPS) 2015

praskrishna — 2015-02-07T12:21:27Z

Nehaa Chaudhari participated as a panelist at the Library and Information Professionals Summit, 2015 at NLU-Delhi. The event was jointly organized by Society for Library Professionals, National Law University Delhi with UN Information Centre for India & Bhutan and Special Library Association (USA), Asian Chapter.

Nehaa Chaudhari was on a panel discussing Internet Technology and Challenges for Libraries in IPR Regime. Here presentation can be seen here. For more info click here.

For more details visit http://editors.cis-india.org/a2k/news/library-and-information-professionals-summit-2015

Library and Information Professionals Summit 2015

praskrishna — 2015-02-07T11:46:05Z

For more details visit http://editors.cis-india.org/a2k/blogs/library-and-information-professionals-summit.pdf

Regional Open Data Agenda-Setting Workshop 2015

praskrishna — 2015-02-07T10:14:12Z

Open Data Lab Jakarta Web Foundation hosted this workshop from February 4 to 6, 2015. Sunil Abraham was a speaker.

Priorities, opportunities and challenges for securing developmental outcomes from (open) data driven approaches vary across continents. It is important for the agenda for research and development in each region to be set, owned and driven from within that region. We are therefore convening a meeting of 1520 regional stakeholders with either strong open data, T/A and/or sectoral expertise.

Through an Outcome Mapping approach, the workshop will identify key issues to be addressed, and changes sought, both at a highlevel of creating solid foundations for open data impacts in the region, and at a practical level in particular sectors and countries. The workshop will emphasise the importance of an inclusive agenda for open data, and on ensuring the distribution of benefits from open data is equitable, and prodevelopment. It will also contribute to one of the Project’s overall goals of building towards the strengthening of a network of selfsustaining and southernowned organizations working on open data research and development, supported and coordinated by the Web Foundation’s Open Data Labs under the Open Data for Development Network.

The Regional Agenda Setting Workshop is conducted as part of the IDRC funded Harnessing Open Data to Achieve Development Results in Africa and Asia project and organized by the Web Foundation’s Open Data Lab Jakarta.

Objectives

Refine the selection of sectors to engage in and key issues to be addressed for creating solid foundations for open data impacts in the region, and at a practical level in particular sectors and countries.
Shape the design of CfPs, including sectors, countries and specific challenges, for a) sectoral scoping studies and b) labs action research projects to be conducted throughout the duration of the Project.
Build and foster relationships with strategic partners to expand and strengthen the network of organizations working on open data in the region4) Ensure that the agenda for open data research and development in each region is set, owned and driven from within that region.
Engage with stakeholders to act as mentors and advisors in the development and implementation of studies and action research projects conducted by partners with the support of the Jakarta Lab.

The outcomes of these workshops will also be fed into the Open Government Partnership Open Data Working Group, and where appropriate we will broker support for emerging leaders from Africa and Asia to engage in global open data conversations and action.

See more on the Open Data Labs website.

For more details visit http://editors.cis-india.org/openness/news/region-open-data-workshop-2015

Digital Security Workshop for Journalists

praskrishna — 2015-03-08T05:25:34Z

The Centre for Internet and Society and the Mumbai Press Club are jointly organizing a workshop for journalists on February 7, 2015, from 9.30 a.m. to 1.30 p.m. at Mumbai Press Club, Azad Maidan.

Event Flier

The event would cover these topics:

Why should journalists care about digital security?
The threat model: assessing digital security risks and responses.
Security measures and solutions: alternatives to unsecure software and tools, good security practices, computer hygiene etcetera.

Event Pictures

For more details visit http://editors.cis-india.org/internet-governance/events/digital-security-workshop-for-journalists

TOI literary festival kicks off today

praskrishna — 2015-02-05T15:37:21Z

The Times Litfest 2015, Bengaluru, kicks off on Saturday at the Jayamahal Palace Hotel. The two-day festival is among the biggest such literary enclaves in Bengaluru. It'll see some of India's foremost creative minds talk, argue, debate, discuss and engage with vital topics which touch our lives.

Over two busy days, achievers from every field will talk about reading, writing, culture, journalism, food, comedy, sport, films and much, much more. Speakers on Day 1 include historian Ramachandra Guha, NR Narayana Murthy and Snapdeal CEO Kunal Bahl, star chef Manu Chandra, and comedians Radhika Vaz and Rubi Chakravarti.

It's not all fun and games. Our serious sessions include Raghavendra Joshi talking about his father Bhimsen Joshi's legacy; Rohan Murty (founder of the Murty Classical Library), author and historian Vikram Sampath and translator Arunava Sinha on preserving our cultural heritage; and Pranesh Prakash of Centre for Internet and Society, Lawrence Liang of Alternative Law Forum, and author and journalist Vivek Kaul on internet censorship and net neutrality.

Read the full coverage on the Times of India newspaper here

For more details visit http://editors.cis-india.org/internet-governance/news/times-of-india-january-31-2015-toi-literary-kicks-off-today

‘Internet is an absolute human right’

praskrishna — 2015-02-05T15:10:58Z

The right to the internet is an absolute human right, Bengaluru-based lawyer Lawrence Liang said.

The article was published in the Times of India on February 1, 2015. Pranesh Prakash was quoted.

Pranesh Prakash, policy director, Centre for Internet and Society, said people should fight for this right "as we fight for the right to food".

There was vigorous espousal of the concept of net neutrality at the session on 'Is free internet a fantasy?' Net neutrality is the notion of keeping the internet free and open. It implies preventing broadband companies from blocking or deliberately slowing down legal content; and preventing them from collecting a higher fee from content providers to enable them to reach consumers faster.

Session moderator and writer Vivek Kaul noted that broadband companies had been arguing for the right to price internet services differentially on the grounds that they had made huge investments on their infrastructure. Prakash challenged that argument saying the companies were already highly profitable and their consumers were anyway paying for the internet. "Even the argument that large content providers like Google and Facebook are having a free ride on their networks is not true because they pay intermediaries who carry their traffic," he said.

Last November, US president Barack Obama upheld net neutrality, saying that for almost a century, "our law has recognized that companies who connect you to the world have special obligations not to exploit the monopoly they enjoy over access into and out of your home or business." He went on to say: "It is common sense that the same philosophy should guide any service that is based on the transmission of information — whether a phone call or a packet of data."

If broadband companies are allowed to charge content providers higher for faster internet services, it would discriminate against those who can't afford to pay such rates. This would mean lopsided availability of information - a fundamental resource for a democratic world.

For more details visit http://editors.cis-india.org/internet-governance/news/times-of-india-february-1-2015-internet-is-an-absolute-human-right

ASSOCHAM National Council on IT / ITes

praskrishna — 2015-02-05T14:56:27Z

This meeting was held in New Delhi on January 30, 2015 at ASSOCHAM Corporate Office.

Draft Minutes of Meeting

Meeting Attended by:

Mr. Shashi Mal, Co-Chairman, ASSOCHAM National Council on IT/ ITES
Mr. T. V. Ramachandran, Chairman, ASSOCHAM National Council on Telecom
Mr. Anupam Aggarwal, TCS
Mr. Anthony Thomas, Vodafone India Ltd.
Ms. Geetha Hariharan, The Centre for Internet & Society
Mr. Sreedhar.C, Amara Raja
Mr. Naveen Tandon, AT&T India
Mr. Nripendra Singh , Ernst & Young LLP
Mr. S. Chandrasekhar, Microsoft
Mr. Akhilesh Tuteja, KPMG
Mr. Pankaj Sharma, CA Technologies
Mr. Sanjay Sarma, Design Worldwide
Mr. Subhodeep Jash, DUA Consultant
Mr. Ashok Sud, AUSPI
Mr. Ashis Mukherjee, WIPRO
Mr. Saurabh Joshi, Accenture
Ms. Ambika Khurana, IBM
Mr. Sumit Monga, R Com
Cmde Shyam Kaushal, wimax
Mr. Jitender Singh, Qualcomm
Mr. Vikram Tiwathia, COAI
Mr. Ranjeet Goshwami, TCS
Mr. Sant Pratap Singh Matta, Railtel Corporation
Mr. Kinshuk De, TCS
Mr. T R Dua, TAIPA
Mr. B B Anand, AUSPI
Mr. Dilip Sahay, AUSPI
Mr. Nitin Wali, Verisign
Mr. A.k. Gidwani, BPCL
Mr. Harsh Rastogi, TUV Rheinland India
Mr. Sanjeev Arora, Vodafone
Mr. Anil Prakash, ITU/APT Foundation
Mr. Avik Banerjee, DEN Networks
Ms. Neelima Agrawal, LUXURY CHRONICLE
Ms. Amrita Jagatdeo, Bihang Welfare Association
Mr. Minushri Madhumita, Bihang Welfare Association
Mr. Varun Aggarwal, ASSOCHAM
Mr. Parag Tripathi, ASSOCHAM
Mr. Ashish Malik, ASSOCHAM

The Meeting started with the Chairman of the Meeting Shri Shashi Mal, Co-Chairman, ASSOCHAM IT/ITes Council & Director & Industry Leader, IBM India welcoming the Members present.

Mr. Mal introduced the topic of discussion and its importance in the present context.

Mr. Mal pointed out that internet has touched every aspect of life and has significant stake in almost every business in the present times.

He further pointed out two main points, how internet can be managed and how do you legally govern the activities going on the internet. He suggested approaching all interest groups for their views before we make the recommendations.

He emphasized that the consensus has to be build within the stakeholders of the subject and informed that for this ASSOCHAM is planning to organize INDIA INTERNET GOVERNANCE SUMMIT (IIGS)-2015 on 26^th March, 2015 in New Delhi.

Mr. T. V. Ramachandran, Chairman, ASSOCHAM National Council on Telecommunications said that there are many opinions within the stakeholders. He said that India, with maximum numbers of users has the right to be heard in the international forums. He further said that Industry should have an active participation in the policy making.

Mr. Vikram Tiwathia, COAI asked why ASSOCHAM is organizing this program and who has mandated them to do so and why they want to send the recommendations to the Government.

It was informed that ASSOCHAM has already announced in the Ministry of External Affairs Meeting and the National Security Council Secretariat that ASSOCHAM will be creating a forum where all the stakeholders could present their point of view and proceedings of this Summit will be shared with the Government as the Recommendations.

Mr. Vikram Tiwathia to this replied that there are many stakeholders like civil society, academia, but ASSOCHAM should present the view of the Industry only.

Mr. Mal suggested that there might be different views within the Industry on Internet Governance.

Mr. Tiwathia informed the Members present that Department of Electronics and IT, Government of India has constituted a Multistakeholder Advisory Group (MAG) for the India Internet Governance Forum but had met only twice. He suggested taking MAG outside the Deity to a more autonomous body. He also suggested that India should sign the Budapest Convention (or what are the obstacles in signing the Budapest Convention).

One of the Members present suggested coming up with commercially accepted views for Internet Growth usage and Protection of Investors along with steps for Principle for Self Regulations.

One of the Members also brought out the Hygine Part of the Internet ie how internet is being used today.

It was decided that the following major issues in the Internet Governance will be discussed with Political, Technical & Economic aspects.

Cyber Security
Cyber Policy
Access
Diversity
Emerging issues like e-Commerce

It was decided that the Members will email their inputs on the above points to ASSOCHAM latest by Monday, 9th February, 2015. A core group is being constituted with the following Members to further develop on the issues from the inputs received by 14th February, 2015.

Core Group Members:

Mr. Anupam Agarwal, TCS
Mr. Anthony Thomas, Vodafone India
Ms. Geetha Hariharan, The Centre for Internet & Society
Mr. Akhilesh Tuteja, KPMG
Mr. Dilip Sahay, AUSPI
Mr. Jitendra Singh, Qualcomm
Mr. Vikram Tiwathia, COAI

It was suggested that ASSOCHAM should engage a Knowledge Partner to collate and make the Report/ Background Paper on the subject by 1st Week of March 2015.

There are Speakers and Sponsorship Opportunities for which you could also forward your suggestions to ASSOCHAM at the earliest.

It was decided that ASSOCHAM will prepare the rough draft of Program Agenda & Circulate among Members

The Meeting ended with thanks to the Chair.

For more details visit http://editors.cis-india.org/internet-governance/news/assocham-national-council-on-it-ites

Winners of the Opensource.com 2015 Community Awards

praskrishna — 2015-02-12T01:23:44Z

Every year, Opensource.com awards people from our community who have excelled in contributing and sharing stories about open source.

These stories are about open source as we use it in our everyday lives as well as how it helps to build a better world and future in technology. This year, we present to you the 2015 Opensource.com Community Awards in the following categories.

People's Choice Awards

Subhashish Panigrahi

An educator and open source activist, based in Bangalore, India.

Reader's Choice Awards

Recognizes the community's favorite articles from 2014. Voted on by the community.

For more details visit http://editors.cis-india.org/openness/news/opensource-2015-award-winners

Section 66A not for curbing freedom of speech, govt says

praskrishna — 2015-02-05T13:59:12Z

Section designed to fight cybercrime and protect the right to life, central government tells Supreme Court.

The article by Akansha Seth and Apoorva was published in Livemint on February 3, 2015. Sunil Abraham gave his inputs.

The central government on Tuesday clarified to the Supreme Court that penal provisions of the Information Technology (IT) Act, 2000, were not intended to curb freedom of speech.

Instead, the controversial Section 66A of the IT Act, challenged in the apex court, is designed to fight cybercrime and has nothing to do with any citizen’s freedom of speech and expression, the government said, adding that these provisions seek to protect the right to life of Indian citizens.

The government’s clarification, made in a written submission to the Supreme Court, is significant because the argument made so far in the court by opponents of the controversial section is that they are misused to curb freedom of expression.

The penal provisions deal with online criminal offences like phishing, vishing (voice phishing), spoofing, spamming, and spreading viruses that have a serious potential to not only damage and destroy the computer system of an individual citizen but also bring the functioning of vital organizations and, in extreme cases, even the country to a standstill.

The stand of the government is interesting because it comes on a petition filed when police arrested a 21-year-old girl for questioning on Facebook Mumbai’s shutdown after Shiv Sena leader Bal Thackeray’s funeral in 2012. Another girl who “liked” the comment was also arrested. Last May, five students were detained by police for spreading an anti-Narendra Modi photo on WhatsApp.

“If 66A, as the government argues does not set any additional limits on freedom of speech and expression, then it is wholly unnecessary, serves no purpose and should be struck down by the honourable court. After all it has never been used to tackle the problem of spam which was the original intent,” said Sunil Abraham, executive director, Centre for Internet and Society, a Bengaluru-based think tank.

The central government has clarified that the phrases annoyance, inconvenience, danger, or obstruction as used in Section 66A have no correlation or connection with any citizen’s freedom of speech and expression. Consequently, if as a result of a citizen exercising his or her freedom of speech and expression, annoyance, inconvenience, danger or obstruction is caused while sending anything by way of a computer resource or a communication device, it will not be a penal offence under section 66A.

The government has also argued that if an individual chooses to misuse the provision for a purpose for which it is not intended or resorts to the expressions inconvenience or annoyance in a casual manner, it would be a case of abuse of the process of law. However, it would not be a ground for declaring the provisions unconstitutional if they are otherwise found to be constitutional.

Additional solicitor general Tushar Mehta, appearing for the central government, argued that no one can file a criminal complaint on grounds that they received an information that caused annoyance, inconvenience, etc.—grounds mentioned under section 66A.

Mehta also suggested that the court could come up with guidelines on how to interpret the section, or such regulations could be framed under section 89 of the IT Act which empowers the controller to make regulations to carry out the purposes of the Act, in consistency with it, after consultation with the Cyber Regulations Advisory Committee and with the previous approval of the central government.

Mehta argued that authoritative discretion was required because a precise and concise definition of grossly offensive or menacing character—terms used in section 66A—was not possible. “Nobody can allege that they are annoyed by the exercise of someone’s freedom of speech,” he added.

Gaurav Mishra contributed to this story.

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-akansha-seth-apoorva-livemint-feb-3-2015-section-66a-not-for-curbing-freedom-of-speech-govt-says

WWW: The Hackers’ Haven

praskrishna — 2015-02-05T02:20:04Z

In an increasingly connected world, it pays to be careful when sharing personal information

This story by Abraham C. Mathews was published in BW | Businessworld Issue Dated 09-02-2015. Sunil Abraham gave his inputs.

Last year, Whatsapp changed its encryption algorithm several times and, every time, it was breached,” says Saket Modi, hacker, entrepreneur and CEO of Lucideus Technologies, which just created an app that monitors wayward activity on your smartphone. That’s geekspeak for: “Your WhatsApp chats, including deleted ones, would have been accessible to any hacker worth his salt”. And we are talking about a company that was valued at $19 billion at some point during the year. Only in November 2014 did WhatsApp finally embrace end-to-end encryption, which will ostensibly address the issue.

Or take the sales claim that every smartphone purchaser has heard — “Android is safe from virus.” That’s not, however, what a joint study by security solutions company Kaspersky and Interpol found. In the first half of 2014, 1,75,442 unique malicious programmes targeted at Android were discovered. Clearly a tribute to the platform on which 85 per cent of smartphones run.

In a TEDx talk last year titled ‘What’s physically possible in the virtual world’, Modi demonstrated how, with access to your smartphone for barely 20 seconds, he can see everything that has ever happened on your phone — text messages, call log, browsing history, and so on. He also showed how fraudulent emails could be disguised so as to appear to have come from a yahoo.com email address, and how you could be hacked even without being connected to the Internet. “There are only two kinds of people in the world,” he says. “Those who know they have been hacked and those who don’t.”

Epidemic Proportions
For cyber security, 2014 was annus horribilis. From celebrities whose intimate pictures were dumped on the Internet, to corporates such as Sony, JP Morgan and Target whose records were hacked into and personal information of millions of their customers compromised, it was the year when the proverbial shit hit the fan. Details (names, numbers, even favourite pizza toppings) of six lakh customers of Domino’s Pizza in France and Belgium were stolen for a $40,000 ransom. One hundred and ten million records (credit card details, social security numbers, along with addresses) from Target were stolen. The company later admitted that its sales were “meaningfully weaker” after the data theft was disclosed. One hundred and forty-five million records were stolen from eBay, 109 million from Home Depot and 83 million from JP Morgan during the year.

In 2013, a group that calls itself the Syrian Electronic Army hacked into Swedish company TrueCaller’s database. TrueCaller, an app, allows you to identify phone numbers. The data is collected from the contact list of those who download the app, which means, it even has details of those who haven’t downloaded or used the app in any way. Estimates put the number of Indians whose numbers could have been stolen at a million.

Cyber security is not yet a boardroom topic, says Anil Bhasin, MD, India & Saarc, Palo Alto Networks, which claims to create comprehensive security solutions for users but is fast becoming one with the increase in security breach incidents. Enterprises still use legacy technology that at times is 20 years old, he says, giving the example of banks that sometimes have a layer-3 staple inspection firewall, when they should ideally be running on layer-7.

When companies store your information, you also benefit. For example, when an e-commerce company does so, online shopping becomes faster and easier. But these companies should invest in measures to protect the information, says Sunil Abraham, executive director of the Centre for Internet and Society in Bangalore. But then again, he says, a lot of breaches, like the celebrity iCloud hack, happen because users are negligent with measures designed to protect them. Passwords, for instance.

A Pew Research report found that only four out of 10 Internet users changed passwords after the ‘heartbleed’ virus (which found a way to unlock encrypted data) was uncovered in April 2014. Only 6 per cent thought their information was stolen. But, in August, it emerged that a Russian crime ring had amassed 1.2 billion user name-password combinations of 500 million email addresses from 4,20,000 websites. A Kaspersky study found that the number of malicious programmes detected rose 10 times in just six months to 6,44,000 in March 2014. This shows the call for vigil cannot not be more critical.

Interestingly, your online financial payments may be relatively more secure, thanks to Reserve Bank of India’s dogged persistence in continuing with the two-step verification process for electronic payments (a one-time password and PIN verification). The central bank drew a lot of flak for barring taxi app Uber from storing payment information and automatically deducting charges at the end of a ride. But Modi isn’t impressed. He likens the two-step verification to a batsman going onto the pitch wearing just a helmet. “The rest of your body is still exposed,” he says.

Easy Targets
Here’s one easy hack that Modi describes. Any app that you download from the app store on your phone asks for a set of permissions, which mostly come as an ‘all or nothing’ option. You either grant all the access it asks for, or you can’t download the app. Suppose, you grant a scrabble app access to your text messages. Your number can then be accessed by the app provider. Now think about how your banking transactions are verified — with a one-time password sent as a text message. With access to your text messages, entering that password would hardly be a challenge for hackers, says Modi. Or, suppose you were to set up a new WhatsApp account with that same number. The verification, like we all know, comes through a one-time password sent to your number. With access to your text messages, the hacker is given a virtual key to your entire WhatsApp history.

Or, take for instance, an app that requests access to your SD card (the storage card in your phone). With that permission, the app gets access to everything on your SD card, including your most private photos. Modi’s company Lucideus recently came out with an app, UnHack, that scans your phone to see which apps can access what data. If you use the app, you will find that not only can Facebook access the call logs on your phone, but apps like Wunderlist (which organises to-do lists) and Pocket (which stores articles for future offline reading) can access your contacts as well. The apps from TED (of TED Talks fame) as well as Flipkart can see as well as edit your personal photos and documents.

Companies —Uber, for instance — have in the past been found to be frivolous with data collected. Late last year, Uber greeted a Buzzfeed reporter who had arrived at the company’s New York headquarters with “There you are — I was tracking you”. No prior permission was sought. A venture capitalist, Peter Sims, had written earlier that his exact whereabouts in New York were displayed to a room full of people as part of a demonstration at a company event in Chicago.

Information Overload
Adam Tanner, a Harvard fellow and a Forbes columnist, was at an annual conference of the Direct Marketers Association, where he noticed a list of names of 1.8 million people with erectile dysfunction (ED), along with their email addresses and numbers. The organisers claimed the details were volunteered by the people themselves. Knowing that ED is something that men rarely admit to, he made the organisers an offer — “Let me purchase a list of a thousand people, and write to them to see if they know that they are on such a list.” The organisers refused, saying it would be an immoral use of their data. From this, one can tell that the information came from websites that took their details, promising a cure.

This, and other similar anecdotes made their way to his recent book, What Stays in Vegas, which deals with the world of personal data and the end of privacy as we know it. When Tanner meets Indians, he brings up matrimonial websites. What surprises him is the volume of information that people disclose. To westerners, details such as sub-caste or blood type, as well as in many cases the admission that a person is HIV+ is an outright breach of privacy. That people would volunteer to put this out in public is shocking. “When you are looking for a suitable match, giving the information may be important at the moment, but you must not forget that once something is on the Internet, it can never be completely deleted,” he warns.

But what is the problem if somebody has all the details, you may ask. Is the potential risk greater than the possibility of a perfect match? A PTI report from 2009 talks about a confession by an Indian Mujahideen operative who used information from such sites to get a student identity card as well as a driving licence. Mukul Shrivastava, a partner in the forensic practice at EY, gives you another alarming scenario. Let’s say somebody trawls your Facebook, what is the amount of information that such a person can get access to? Your daily routine, your physical movement, your favourite restaurant or whether you will be at home at a certain time (from a status message like “Can’t wait to watch the Devils trouncing Liverpool at ManU Café tonight!”). Even if a physical attack is not on the agenda, much of the information can be used to guess security questions (favourite cat, first school) and find out required details for phone banking (date of birth, email address, mother’s name). An HDFC Bank official says there is a rise in vishing (the voice equivalent of phishing) attacks, where people with access to bank account numbers as well as personal details pose as bank executives and lure customers with special benefits and convince them to divulge their banking passwords.

Security is an individual’s responsibility, says Sunil Abraham. “You have to remember that you have volunteered to put the information online,” he says. Information once put online is not private anymore. It’s like making an announcement in a large hall that is broadcast on TV. That’s what the Internet is. And once the Internet gets to know, it can never really be forgotten, says Vishnu Gopal, chief technology officer at MobME, a mobile value-added services provider. It will be available on some weblink or at least on archive.org, which claims to have ‘435 billion pages saved over time’.

While reclaiming lost information might be difficult, one can still reclaim privacy. Both Facebook and Gmail have options to disable monitoring by other applications. It might be worthwhile to pay the permissions page a visit. Routine password changes, as well as keying them in every time (rather than saving them on the system) might be worth the trouble. That said, nothing works like caution.

An Attacking Refrigerator!
A year ago, Proofpoint, a US-based security solutions provider, noticed an unusual type of cyber attack. Emails were sent in batches of about a lakh, thrice a day, aimed at slowing down large enterprises. What was unique about this attack was that upto 25 per cent of the volume was sent by devices other than computers, laptops, mobile phones or such devices. Instead, the emails came from everyday consumer electronic items like network routers, televisions, and at least one refrigerator, according to the company, with not more than 10 emails from any one device, making the attack difficult to block. This is now known as the first Internet of Things or IoT-based attack, where connected everyday-use devices are hacked into and used as cyber weaponry.

With the IoT, you have devices talking to one another, opening up multiple places to be breached, says MobME’s Gopal. From your shoe to T-shirt, everything becomes a potential bot. India should be concerned. Research by securities provider Symantec says India tops the list of countries wherein Distributed Denial of Service (DDoS) attacks originate. DDoS attacks are those where hundreds of bots target a website (say, an e-commerce company) on its big discount day, thereby slowing down traffic to the site. The report says a bot’s services can be bought for as low as Rs 300 to bring down a site for a few minutes. Monthly subscription plans are available for lengthier attacks.

Corporates can never be too careful, feels Shrivastava who, as part of his investigations, comes across several instances where companies are hacked into because of lack of best practices. How many companies have blocked pen drives on office machinery, he asks. In a tiny device, a humungous amount of data can be stolen. Till the first incident happens, nobody realises the importance of security, he says. For example, at EY, the IT security does not permit copying of the text of emails by the recipient. Recent reports suggest that the JP Morgan security breach was the result of neglect of one of its servers in terms of a security upgrade.

According to a study by Microsoft, the estimated loss to enterprises from lost data in 2014 was $491 billion.

You Against The Mafia
The fight really is about who’s weaker, says Altaf Halde, managing director, Kaspersky Lab-South Asia. “The problem here is the consumer.” Nothing excuses us from not protecting ourselves. That includes getting an anti-virus installed, but most people often disable it when it flags a particular activity that we want to pursue online.

Halde also brings up the BYOD (bring your own device) culture that is taking root. Asking employees to bring their own devices could help cut costs for a company, but that also brings in their inadequate protection, which could potentially translate into a much higher cost to the company, he says.

On the other side of the ring is the virtual underground mafia that profits from all types of data that get compromised — details of one’s sexual preferences, favourite restaurants or credit card details. Modi says in underground circles, the going rate for a stolen credit card number is $2.2 for a Visa, $2.5 for a MasterCard and $3 for an AmEx number. Transactions are made through crypto-currencies such as bitcoins, making them virtually untraceable.

As Modi says, the ideal scenario would be for all of us to throw away our smartphones and live an entirely offline existence. “But since that isn’t feasible, let’s embrace the risk, but with adequate measures to ensure that we are not affected.”

For more details visit http://editors.cis-india.org/internet-governance/news/business-world-9-2-2015-abraham-c-mathews-www-the-hackers-haven

Comments on First Draft of National IP Policy

praskrishna — 2015-02-04T13:51:50Z

For more details visit http://editors.cis-india.org/a2k/blogs/cis-comments_first-draft-of-national-ipr-stategy.pdf

CIS Submission to the Expert Committee: Broadening of Definitions in the Proposed Broadcast Treaty Compared to Other International Conventions

praskrishna — 2015-02-02T16:52:51Z

For more details visit http://editors.cis-india.org/a2k/blogs/cis-submission-to-expert-committee.pdf

Samaja Op-ed (January 2015)

praskrishna — 2015-01-31T04:49:05Z

For more details visit http://editors.cis-india.org/openness/blog-old/samaja-op-ed-jan-2015.pdf

NVDA Quarterly Report: August to November 2014

praskrishna — 2015-01-31T01:02:01Z

For more details visit http://editors.cis-india.org/accessibility/blog/nvda-e-speak-report-august-november-2014.pdf