Centre for Internet and Society

Faking a stand

praskrishna — 2015-09-27T12:41:51Z

A 'Like' here, a forward there, new-age India's patriotism is confined to social media

The article by Shweta T. Nanda was published in the Week on September 20, 2015. Pranesh Prakash was quoted.

On the eve of Independence Day, Pune-based homemaker Archana Chaurasia, 36, was engaged in an animated conversation with friends when a WhatsApp message notification broke the rhythm of their chat. The content of the forwarded text pushed her into a deep thought for a few seconds. Brimming with pride, she forwarded it to five others on her contact list before returning to the chitchat.

The message read:
The property left behind by Dr A.P.J. Abdul Kalam:
He owned 6 pants (2 DRDO uniforms), 4 shirts (2 DRDO uniforms), 3 suits (1 western, 2 Indian), 2500 books, 1 flat (which he has donated), 1 Padmashri, 1 Padmabhushan, 1 Bharat Ratna, 16 doctorates, 1 website, 1 twitter account, 1 email id. He didn't have any TV, AC, car, jewellery, shares, land or bank balance.

He had even donated the last 8 years' pension towards the development of his village. He was a real patriot and true Indian... India will forever be grateful to you, sir… Is there any politician compared to him? Make sure all your friends and dear ones read this before 15th August.

“Such forwards evoke patriotism. While most of us aren’t able to do much for the nation, the least one can do is forward such interesting messages and share your love for the country,” explains Chaurasia.

Taken in by a sense of national pride, netizens are not thinking twice before forwarding messages. What we overlook though is how such innocent forwards are propelling a sense of false patriotism, especially among the youth. Often, the content of such messages is erroneous. For instance, DRDO doesn’t have a uniform!

Similarly, you might have thought that when the Empire State Building in New York was lit up in tricolour for Independence Day, it was a US government initiative. But in reality, some Indian Americans had raised money, booked it in advance and adorned it with saffron, white and green lights. The building can be booked in advance by anyone like a swish hall in a five-star hotel.

The messages could be provocative in the garb of ‘faux patriotism’—a recent video clip showing Indian Army firing at its Pakistani counterpart was, in fact, a footage of a three-year-old artillery exercise. Likewise, forwarded messages claiming Brahmos Missiles have been deployed on the Indo-Pak border and UNESCO has judged Jana Gana Mana as the world’s best national anthem were also incorrect.

“The desire to proclaim the greatness of your own political identity, which can often be linked to a religion, is a large part of what fuels the forwarding phenomenon, apart from the innate desire to share new-found knowledge,” says Pranesh Prakash, policy director at The Centre for Internet and Society, Bengaluru. That is why, forwarded messages that celebrate the achievements of historical figures and reassert that Indians have always been great go viral, he explains. “As you trust the person who is sending it, you don’t think about its accuracy. In fact, you don’t tend to question the authenticity of anything that reinforces a view that you already hold,” he says.

Faiz Ullah, assistant professor of media and cultural studies at Tata Institute of Social Sciences, Mumbai, however, looks at it as the signal of a changing society, one that is witnessing the rise of a show-off culture, symbolism and individualism.

“The idea of patriotism is being trivialised,” he says. “It happens when you let the market decide your action. You are known for what you consume than what you give up. And the focus is more on forwarding patriotic messages or marketers announcing freedom sales than doing something substantial for the nation.”

E-forwards are a powerful tool in mobilising people, says Gaurav Singh, owner of Poltubaaz, an election management firm and political consultancy. The Delhi-based company also offers bulk e-texting services across social media and communication platforms.

While there is no study on the exact market size and open rate of such forwards across platforms, in case of emails, says Singh, out of 100 such messages, at least 30 are opened by users. Data analytics also allows one to zero in on the areas of interest of users and forward them relevant content accordingly.

“Some people create such messages just for fun, some do it to serve a commercial purpose, and some others aim to gain political mileage out of it,” says Singh. “For instance, supporters of political parties or those who swear by a certain kind of ideology create and circulate such messages to evoke a particular kind of mass sentiment.” Agrees Rakshit Tandon, a consultant with Internet and Mobile Association of India: “These networks play a key role in peddling strong ideologies.”

Congress spokesman Randeep Singh Surjewala says many such messages are the work of BJP supporters, who want to alter the country’s cultural landscape to reap long-term political dividends. “Their dirty tricks department is using vitriolic measures and false propaganda to influence people,” he says.

But Vinod Bansal, a spokesman of Vishva Hindu Parishad and Bajrang Dal, says these organisations don't believe in false propaganda but in doing national service. “Anyway, if such forwarded messages are factually correct and evoke patriotism, there is nothing wrong with them,” he says. For instance, if a video of terrorist Yakub Memon’s hanging is being popularised, you can’t call it Hinduisation; instead it is nationalism, he adds.

Another entrepreneur who owns a political campaign management firm that provided consultancy services to a national party in the 2014 general elections, however, reveals that party supporters, particularly of the youth wing, work round-the-clock to circulate e-forwards targeting a particular vote bank, aiming at both long-term and immediate political benefits. “We cater to such requests, and make sure that the content is not in-your-face but subtle yet effective.”

But is there a way to curb such erroneous e-forwards? Although it is possible to zero in on the point of origin of such messages on social media, it also means invading users’ privacy, says Rakesh Sharma, Supreme Court lawyer and founder of social networking platform Sabakuch.com. “Until someone objects to the content of the forwarded message [finding it defaming or explicit], we can’t do anything about it.”

Tandon, who is also an adviser to Uttar Pradesh Police’s cyber complaint redressal cell, says that unless cyber users learn “netiquettes” and take to “internet hygiene”, this menace will not stop. “Users have a responsibility, too,” he says. “Unless you know the authenticity of forwarded messages, don’t circulate them. Also, educate others.”

For more details visit http://editors.cis-india.org/internet-governance/news/the-week-september-20-2015-shweta-t-nanda-faking-a-stand

Asian Regional Consultation on the WSIS+10 Review

praskrishna — 2015-09-27T11:33:33Z

The Asian Regional Consultation on the WSIS+10 Review was held in Pattaya, Thailand from September 3 to 5, 2015. The event was organized by The Internet Democracy Project, Bytes for All, APNIC, the Association for Progressive Communications, ISOC, Global Partners Digital and ICT Watch. Jyoti Panday participated in the meeting.

The Asian Regional Consultation on the WSIS+10 Review brought together experts from different backgrounds and from around the Asian region who were concerned about issues concerning ICTs, sustainable development, human rights and Internet governance, to ask: what are the issues that our governments need to squarely address in the process of the review?

The meeting was conceived as a highly interactive working meeting that was geared towards producing a joint submission to the next input round on the Review outcome document.

Agenda of the meeting can be accessed here.

For more details visit http://editors.cis-india.org/internet-governance/news/asian-regional-consultation-on-the-wsis-10-review

Hiding behind rules on naming sites it banned, govt reveals fears

praskrishna — 2015-09-27T10:59:56Z

With the union government's ban on 857 porn sites in July creating brouhaha across the country, there had been a concern over the voice of the youth being stifled and censorship making a comeback.

The article by Harjeet Inder Singh Sahi was published in the Hindustan Times on September 3, 2015.

Even though there was a partial rollback of the ban, the government still seems intent on being obtrusive with information and deny access to it, especially about the internet and the way it intends to govern it.

This has been illustrated by the union government's department of telecommunications refusing to provide information on websites it has banned to a petition under the Right to Information (RTI) Act.

The reply

"The group coordinator, cyber law division, department of electronics and information technology, has been authorised as designated officer and issues instructions for blocking/unblocking of websites/URLs. The clause 16 of Information Technology Procedure and Safeguards for blocking access of information by Public, Rules 2009, says strict confidentiality shall be maintained regarding all requests and complaints received and actions taken thereof," says the reply to the RTI application filed by this correspondent on August 3.

The reply to the petition - filed at www.rtionline.gov.in with registration number DOTEL/R/2015/61348 - was received on August 27.

Background to the case

In July this year, the department of electronics and information technology had banned 857 pornographic websites listed in the petition of Indore-based advocate Kamlesh Vaswani in the supreme court. The websites were banned by citing 'morality' and 'decency' enshrined in Article 19 (2) of the Constitution of India and under provisions of the Information Technology Act, 2000. A few days later, the government did a flip-flop and revoked the ban partially.

The Centre for Internet and Society (CIS) had subsequently released the list online. Now, the government has refused to provide information on websites banned in the country.

Department tangle

The department of electronics and IT decided on the ban, but it was the department of telecom which served the order to the internet companies because it is the supervising authority for them. The RTI can be filed with the department of telecom as it issues guidelines for and notices to internet service providers. The same application could also have been filed with the department of electronics and information technology. This department might have replied to the application or forwarded it to the telecom department.

For more details visit http://editors.cis-india.org/internet-governance/news/hindustan-times-september-3-2015-harjeet-inder-singh-sahi-hiding-behind-rules-on-naming-sites-it-banned-govt-reveals-fears

Government may tieup with global police, Interpol to fight child pornography

praskrishna — 2015-09-27T10:25:44Z

International partnerships, including with the global police network Interpol, could be the basis for India's strategy to counter child pornography after the government's move to ban websites peddling smut backfired last month.

The article by Surabhi Agarwal was published in the Economic Times on September 3, 2015. Sunil Abraham was quoted.

The new approach by the ministry of communications and information technology mirrors the system adopted by developed countries, government officials said, representing a targetted attack on child pornography instead of the recent fiasco when the authorities backtracked in the face of protests after banning 857 websites.

Once it comes on board as a partner, the International Criminal Police Organization will alert India about production, distribution or broadcast of child pornographic content regularly. India will also have access to an Interpol database known as the 'worst of ' list of domains with content containing child sexual abuse.

"The country is not divided on the issue of child pornography and the government has made a policy statement that it will deal with the problem firmly. So that will be guiding the entire action," a senior government official said. The person said that the government is still studying the model and a call will be taken soon.

A partnership with the UK-based Internet Watch Foundation, which maintains a database on child pornography and collaborates with the British government, is also being considered.

Interpol manages a database which uses sophisticated image comparison software to make connections between victims and places. The foundation also maintains a similar database which is constantly updated. It sends alerts to members twice each day.

"That's the global best practice," said Sunil Abraham, executive director of Bangalore based advocacy group Centre for Internet and Society. "There is no reason for us to reinvent anything; we should just adopt the best practice with some improvements." For a long time, the government and Internet service providers have been passing the buck to each other on this issue, arguing that they don't have the wherewithal to create a database on such content and block it. "This is because as per the Indian laws, anyone who looks at such content even with the motive of blocking it is committing a punishable offense," said Abraham. In August the government said it was banning 857 pornographic websites, only to backtrack amidst widespread criticism and a rap from the Supreme Court. Almost all the websites have been unblocked now with the exception of a few which allegedly contain child pornographic content.

During the hearing in the Supreme Court, the Internet Service Providers Association of India (ISPAI) said that it is impossible for an ISP to block pornographic sites without orders from the court or department of telecom and that the task of identifying such websites should not be the domain of internet service providers. A decision on the issue will work in the government's favour since the next hearing in the matter is slated for October. "Once the country has access to some list which is authentic and verified, regular action can be taken," a government official said.

As per initial discussions, the dominant point of view is for ISPAI to be the point of contact between the government and international organisations. It will be tasked with vetting the list and receiving blocking orders from the telecom department so that further action can be taken.

For more details visit http://editors.cis-india.org/internet-governance/news/economic-times-september-3-2015-surabhi-agarwal-govt-tie-up-with-global-police-interpol-to-fight-child-pornography

Does this click with you?

praskrishna — 2015-09-27T10:07:00Z

While the web caters to customers who purchase basic lifestyle products, the app is ideal to make impulsive shopping decisions.

The article by Parshathy J. Nath was published in the Hindu on September 1, 2015. Sunil Abraham was quoted.

Netizens were caught by surprise when online retail giant Flipkart announced that they were going the app-only way. Some grumbled and a few rejoiced. There were debates on its pros and cons. However, a few days ago, Flipkart revoked the decision because it wanted to assess the impact of this move on sales in big-ticket categories. But the debate continues.

Bangalore-based techie Diljeet Kaur feels the app makes shopping a lot easier. “I shop on the app for everything — from mobile chargers, laptop, mobile covers and kitchen appliances to books and even water bottles. In case I am not happy, I click on the return option. They call up immediately, pick up the item within 48 hours and refund the amount to my account. What more can one ask for?”

Rachna Binani, who owns a toy store in Madurai, also says shopping has become faster with the app. “A mobile phone is with you for 18 hours a day. But, you can’t lug a laptop around everywhere you go.” Prasannan B., an HR General Manager in Madurai, agrees. “A year ago, I would not have chosen a mobile app over a website, because it was not as advanced. But, now things have changed.”

But, some prefer the website to the app. Like Paulami Guha Biswas, an avid online book shopper from Hyderabad, who says, “Browsing becomes difficult when you are shopping through an app. On a website, you can open multiple tabs and compare prices and discount rates in peace. The screen is also bigger.”

While the web caters to customers who purchase basic lifestyle products, the app is ideal to make impulsive shopping decisions. Says Jaishree S. Santhosh, CEO of a Coimbatore-based educational institution, “I prefer to do random window shopping through a website and stick to apps when it comes to my regular Flipkart and Amazon shopping. Because when I use apps, I need to log in and share my personal information. I would prefer to do that only with two or three sites and not every virtual shopping platform.”

However, apps are redefining our shopping culture and experience. With efficient data-tracking systems, these apps record the customer’s buys. “The app keeps throwing images of products that interest you, based on your purchase history. This can be a little creepy at times,” says Jaishree. “It seems like it can read your mind. I do not like it getting too personal with me. Moreover, it tempts me to buy things that I otherwise would not have thought of buying.”

The personalised shopping experience can be both a boon and bane. According to Sunil Abraham, Executive Director of the Centre for Internet and Society, a Bangalore-based research organisation, “It is a terrible development from the perspective of the online user’s rights. Apps violate user privacy. Moreover, they waste your phone’s memory, storage and battery.”

Even though mobiles and apps are popular among the youth, young entrepreneurs from the online world are still hesitant to venture into the app domain. Nilisha Bhimani, a 28-year-old online entrepreneur who runs www.stayfabulous.com, says she cannot even imagine making her portal app-only. “Mine is a fashion portal. And with fashion shopping, one would want to open multiple windows and compare products. It is difficult to do this on our phones.”

However, Nilisha thinks that it is a good move from Flipkart to have sparked off this debate. “It sounds like a well-thought-out strategy. More so, since surveys point out that there are increasingly more people doing mobile transactions.”

According to an article published in Business Insider on August 24, a study conducted by Internet & Mobile Association of India and KPMG found out that India is projected to have 236 million mobile Internet users by 2016. Flipkart’s move could be a response to the large influx of smart phones into the Indian mobile market, feels Ashish Jhalani, founder of eTailing India, an e-commerce knowledge platform and advisory. “We will be the second-largest smartphone market in the world soon, but that does not mean we are ready for an app-only strategy. Our consumer base is still getting used to shopping online and to ask them to use only one interface to shop is a little premature. I believe, in the long term, this strategy will work, but there is still some time for that.”

And, how will elders in the society, who also constitute a large section of online customers, cope with change? Suchi Dalmia, a business woman from Coimbatore, says that even though her mother shops online, she is still not comfortable with it. “And on top of it, if we open up an app-only shopping system, it is going to hit her hard. A retail giant like Flipkart stands the risk of losing a big chunk of their clientele with this move.”

(With inputs from Soma Basu, Shilpa Sebastian R. and Nikhil Varma)

For more details visit http://editors.cis-india.org/internet-governance/news/the-hindu-september-1-2015-parshathy-nath-does-this-click-with-you

IPEX 2015

praskrishna — 2015-10-25T15:06:50Z

Rohini Lakshané attended IPEX 2015 organized by the Confederation of Indian Industry, APTDC and TDPC on September 25 - 26, 2015 at Hotel Westin in Chennai.

The sixth edition of IPEX 2015 "Think Local-Act Global: Interfacing IP in a globalized world" aimed to strengthen the participation of Indian companies in current knowledge based economy. The conference was designed with an objective that Indian startups and companies should lay a solid IP foundation in order to maximise future value, and ensure success in a longer run.

For more details see the brochure. For presentations click here.

For more details visit http://editors.cis-india.org/a2k/news/ipex-2015

Ahead of hosting Modi, Facebook rebrands internet.org as Free Basics

praskrishna — 2015-10-18T14:21:52Z

Hinting at what could be vital points of discussion when Prime Minister Narendra Modi visits Facebook founder Mark Zuckerberg on Sunday, the social media giant has rebranded its internet access enabling platform Internet.org as Free Basics.

The article was published by Business Standard on September 26, 2015. Pranesh Prakash was quoted.

This was announced by Chris Daniels, vice-president of Internet.org, at a press meet in Menlo Park on Friday. Zuckerberg confirmed the same and wrote on his Facebook wall.

Facebook has opened up its Free Basics platform, which means any app developer can now include their services on it. “This gives people the power to choose what apps they want to use.” Zuckerberg in his post also said the company has improved the security and privacy of Internet.org, which will support HTTPS web services as well. “Connectivity isn't an end in itself. It’s what people do with it that matters. We hope the improvements we've made help even more people get connected — so that our whole global community can benefit together,” Zuckerberg said in his post, in which he quoted the example of a soybean farmer from Maharashtra, Asif Mujhawar, who uses parenting app BabyCenter for free through Internet.org.

This is a significant move by Facebook, considering the backlash it had from various quarters in India following debates on net neutrality. Internet.org is an open platform by Facebook across 19 developing countries, including India, to enable easy access of selected apps and app-based services to people at zero cost. In India, it had partnered with Reliance Communications to offer free access to about 30 websites.

“One of the concerns was calling the service ‘Internet.org’, despite it representing only a tiny sliver of the Internet,” said Pranesh Prakash, policy director at the centre for Internet and Society, a nonprofit entity to promote safe internet access in the country.

He said by removing the Internet word, Facebook is now talking of its own larger internet affordability project and allowing app developers to build apps and host it on the Free Basic platform. “This gives people the power to choose what apps they want to use,” Prakash said.

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-september-26-2015-ahead-of-hosting-modi-facebook-rebrands-internet-dot-org-as-free-basics

Govt presses 'undo' button on draft encryption policy

praskrishna — 2015-09-25T01:55:57Z

The decision came a day before PM embarked on a visit to the US, where he is expected to meet leaders of firms such as Apple, Facebook, Google and Tesla.

The article was published in Business Standard on September 23, 2015. Sunil Abraham gave inputs.

The government on Tuesday scrapped a draft national encryption policy that mandated firms and individuals to allow authorities access to all encrypted information on email, apps, websites and business servers.

The decision came a day before Prime MinisterNarendra Modi embarked on a visit to the US, where he is expected to meet leaders of firms such as Apple, Facebook, Google and Tesla. Activists and executives from technology firms had expressed outrage on the draft policy, saying the move would have taken India a step back in technology adoption.

At a meeting of the Union Cabinet on Tuesday, Modi was livid at the controversy generated by the draft policy and directed officials to withdraw it ahead of his US trip, sources said.

The draft had global ramifications, as Facebook,Twitter and messaging apps such as WhatsApp were named in it.

Ravi Shankar Prasad, Union minister for communications and information technology, distanced the government from the draft hosted on the IT department site, but admitted it gave “uncalled-for misgivings”. He directed officials to rework the draft but did not set a timeframe for seeking feedback from the public.

“Yesterday (Monday), it was brought to our notice that the draft had been put in the public domain for, seeking comment. I read the draft. I understand that the manner in which it was written could lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded. I personally feel some of the expressions used in the draft are giving rise to uncalled-for misgivings,” Prasad said. “Experts had framed the draft policy. It is not the government’s final view.”

According to the original draft, the encryption policy sought every message sent by a user, be it through services such as WhatsApp, an SMS or an email, be mandatorily stored in plain text format for 90 days and made available on demand to security agencies. Failure to do so, it added, would draw legal action.

This was because typically, all messaging apps and services such as WhatsApp, Viber, Line, Google Chat and Yahoo! Messenger have high levels of encryption, which security agencies find hard to crack and intercept.

Early on Tuesday, before Prasad announced the withdrawal of the draft policy, the government had issued an addendum to keep social media and web applications such as WhatsApp, Twitter and Facebook out of its purview.

In a three-point clarification, the Department of Electronics and Information Technology (DeitY) said some encryption products were exempt. “Mass-use encryption products, currently being used in web applications, social media sites and social media applications, such as WhatsApp, Facebook and Twitter…SSL/TLS encryption products being used in internet banking and payment gateways, as directed by the Reserve Bank of India”, and SSL/TLS encryption products being used for e-commerce and password based transactions,” it said.

“Ideally, the new policy should only focus on two objectives: It should mandate encryption standards within the government, military, law enforcement and intelligence agencies. It shouldn’t regulate the use of encryption by the private sector; the private sector should be allowed to use whatever it believes is appropriate, as long as it is considered a reasonable security measure by courts, under section 43A of the IT Act,” said Sunil Abraham, director,Centre for Internet and Society (CIS).

Prasad reiterated the government, under the leadership of Prime Minister Narendra Modi, had promoted social media activism. “The right of articulation and freedom we fully respect. But at the same time, we need to acknowledge that cyber space transaction is rising enormously for individuals, businesses, the government and companies,” he said.

Opposition parties slammed the Draft policy. Congress communications in-charge Randeep Surjewala said, “Subjugation of individual freedom, surveillance of the citizen and suppression of dissent have emerged as the DNA of the Narendra Modi-led BJP government. The draft policy on encryption, first circulated, then amended and now, withdrawn with a rider for re-issuing it, is a totalitarian, misconceived and a failed attempt of the Modi government to override all sense of individual freedom of speech and expression and encroach upon the right to privacy of communication…With 243.1 million internet users in India at the end of 2014 (173 million being mobile internet users), 112 million Facebook users, 80 million WhatsApp users, 22 million Twitter users and 950 million mobile connections, the intrusion of individual liberty is fraught with dangerous dimensions under the Modi government.”

Aam Aadmi Party spokesperson Raghav Chadha said, “Only a fascist government can bring such a policy. The draft policy was in violation of the right to personal liberty and the fundamental tenets of freedom of speech and expression…the draft policy was for snooping. It presupposes the 1.2 billion people of India are potential criminals. It reflects the inclination of the government and its intention to turn India into a totalitarian state.”

ABOUT THE NATIONAL ENCRYPTION POLICY

Five things the government draft policy wanted

Information security for individuals, businesses and government agencies
Development of indigenous encryption standards
Use of digital signatures to authenticate transactions
Legal interception and data retention
Service providers to register under appropriate government agency

Things that caused outrage

Regulation of private sector encryption
Storage of all encrypted communications for

90 days

Gaining backdoor into private communications of users

Amendment & withdrawal

Omission of mass encryption products such as those used by social networks
Withdrawal of draft policy following Ravi Shankar Prasad’s statement

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-september-23-2015-govt-presses-undo-button-on-draft-encryption-policy

Open sesame

praskrishna — 2015-09-25T01:31:49Z

The government’s email is shockingly vulnerable.

The article was published in the Hindu on September 22, 2015. CIS research on private email accounts is mentioned.

As the Centre moves towards smart cities and a Digital India, some critics have cited the country’s increased vulnerability to cyber attacks. To be sure, cyber threat groups could disrupt our infrastructure by taking control of many systems. Such attacks could be quite damaging. Yes, they are rare today, but are much more likely to arise in conjunction with traditional armed conflicts. Cyber criminal groups target Indian organisations on a daily basis.

Almost two years ago, the IT minister’s office triggered national outrage when it used a public email service for official communication. There was much hand-wringing about security practices in a ministry responsible for setting the technology direction (secure email policy) for the country. Then in December 2013, the Centre for Internet and Society revealed that up to 90 per cent of Indian government officials used private email accounts for professional purposes.

A big deal

Between then and now, we’ve read about a new email policy and revelations of several cyber attacks on government officials. And FireEye revealed a decade-long cyber espionage operation by a group we call ‘APT30’, which is likely to be sponsored by China. How did they break in? By sending targeted ‘spear-phish’ emails with malware attached.

Email doesn’t sound like a big deal. Most of us have been using it for over a decade, and think we know how to use it right. But when you’re in a position of authority with access to sensitive information, you shouldn’t leave it to chance.

Today, state-sponsored attackers craft these spear-phishing emails after considerable research. APT30 carefully researched their targets and crafted mails which would appear extremely relevant, with interesting content. The moment a victim would open an attachment, an exploit would secretly install a backdoor. Through that backdoor, groups can compromise the employee’s entire network and extricate sensitive data. Groups bent on destruction can deploy malware to destroy the data. They could also take control of systems managing infrastructure or industrial processes and create havoc.

Spear-phishing has an open rate of 70 per cent, while regular mass emails had an open rate of just 3 per cent. Email is the front- door for today’s threat groups. That’s why governments around the world are improving the security of their email systems to fend off these spear-phishing threats.

Public concerns

When government employees use webmail for official business, they trade away their security for convenience. The emails they receive are no longer screened by cyber security solutions, which detect advanced targeted email attacks before they reach the inbox. In addition, because people typically retrieve their webmail in a browser, attackers have a larger attack surface to exploit when carrying out their attacks. For example, attackers can coax victims to click on a link to a website, which delivers an exploit via Adobe Flash.

Webmail opens the door to threats that would otherwise have been intercepted. When our government employees use webmail for official business, they leave the front door wide open to threats. One of the best steps we can take towards improving our government’s cyber security defences is abandoning public email services.

The writer is a software architect at the cyber security firm FireEye

For more details visit http://editors.cis-india.org/internet-governance/news/the-hindu-september-22-2015-atul-kabra-open-sesame

Encryption policy would have affected emails, operating systems, WiFi

praskrishna — 2015-09-25T01:23:10Z

Our email data would have to be stored. If we connect to a WiFi, that data would have to be stored, and that's plain ridiculous. There is a problem when the government tries to target citizens to ensure national security, said Pranesh Prakash, policy director at the Bangalore-based Centre for Internet and Society.

The article by Amrita Madhukalya was published in DNA on September 23, 2015.

The Draft National Policy on Encryption, withdrawn by the Department of Electronics and Information Technology (DeiTY) after it created a furore on privacy issues, would have had allowed the government access to any form of digital data that required encryption. Not limited to just WhatsApp or Viber data, it would have affected email services, WiFi, phone operating systems, etc.

"Our email data would have to be stored. If we connect to a WiFi, that data would have to be stored, and that's plain ridiculous. There is a problem when the government tries to target citizens to ensure national security," said Pranesh Prakash, policy director at the Bangalore-based Centre for Internet and Society.

The government, criticised heavily for the policy, withdrew it on Tuesday afternoon. It said that a new policy will be brought in its place.

Nikhil Pahwa of internet watchdog Medianama said that data about normal day-to-day activities would have to be stored if the policy was implemented. "The policy would have affected everyday business to consumer data.
This would mean that if a doctor or lawyer had your data digitised, they will be open to access, and would have to be kept for at least 90 days," said Pahwa.

However, he added that a robust encryption is needed. "It is believed that companies like Google, Facebook allow the NSA to access user data in the US, putting our personal security, and the national security largely, at risk," said Pahwa.

For more details visit http://editors.cis-india.org/internet-governance/news/dna-september-23-2015-amrita-madhukalya-encryption-policy-would-have-affected-emails-operating-systems-wifi

Huge outcry forces India to backtrack on social media data proposal

praskrishna — 2015-10-01T01:31:55Z

Govt retracts move after strongly negative reaction to 90-day message-saving policy

The article was published by Today on September 24, 2015. Pranesh Prakash has been quoted.

Responding to a chorus of withering criticism, Indian officials have withdrawn a draft policy on encryption that would have required users of social media and messaging apps to save plain-text versions of their messages for 90 days so they could be shared with the police.

The proposal, which many condemned as both draconian and impractical, came as an embarrassment days before Prime Minister Narendra Modi travels to Silicon Valley to try to attract investment and promote India as an emerging market for digital technology.

Mr Modi is an avid user of social media and has mobilised large networks of online activists during his party’s campaigns.

The government issued a statement on Tuesday saying the draft proposing that users save messages for three months had been withdrawn, as officials hurried to distance themselves from the idea.

“I wish to make it clear that it is just a draft and not the view of the government,” said Mr Ravi Shankar Prasad, the Minister of Communications and Information Technology.

Internet policy activists discovered the draft on a government website late last week and began to lampoon it online as “absurd”. One offered the example of an iPhone, which automatically encrypts messages.

“They can’t intentionally want people to copy and paste every message a person gets on their iPhone on to another device,” said Mr Pranesh Prakash, a policy director at the Center for Internet and Society in Bangalore.

The draft, which was put forward by a committee of unidentified experts in the Department of Electronics and Information Technology, also overlooked the fact that most Indians use mobile phones with very little storage space, said Mr Nikhil Pahwa, the editor of MediaNama.com, which covers digital media issues in India.

“It is incomprehensible how they would have expected users to keep their messages in plain-text format,” he said. “And I don’t think that anyone can argue that keeping data in a plain-text format makes it secure.”

An official in the Communications Ministry, who spoke on the condition of anonymity because he was not authorised to talk to the media, said the expert committee had been convened to formulate a policy on the “phenomenal rise” in encrypted communication over the Internet.

He said the committee had intended to require social media platforms and messaging apps, such as WhatsApp and Viber, to save plain-text versions of messages and did not intend to impose that burden on individual users.

“It was interpreted by the netizens as ‘you and I’,” the official said. He added that interpretation was misleading.

But that version of the requirement would also be “outrageous,” Mr Prakash said. For example, WhatsApp uses “end-to-end” encryption and does not save communications between users or have access to plain text, he said.

Mr Prakash said that as officials revised the proposal, the government should reach out to “experts in cryptography and human rights”.

“This is a very crucial combination of three rights: the right to security, the right to freedom of expression, and the right to privacy,” he said.

On television, spokesmen for Mr Modi’s Bharatiya Janata Party (BJP) found themselves debating their counterparts from the opposition Indian National Congress Party, one of whom remarked that “tomorrow they will start demanding that you videograph what has been going on in your bedroom for the past 90 days.”

The BJP’s national spokeswoman, Shaina Nana Chudasama, responded with some exasperation. “I don’t know why we have to have this hue and cry,” she said.

“Our Prime Minister believes in absolute freedom on social media. There is no question of our trying to come down heavily on the freedom of the public at large.” THE NEW YORK TIMES

For more details visit http://editors.cis-india.org/internet-governance/news/today-september-24-2015-huge-outcry-forces-india-backtrack-social-media-data-proposal

Open letter from CIS to PM Modi on Intellectual Property Rights issues on his Visit to US

praskrishna — 2015-09-24T02:48:32Z

Centre for Internet and Society, through its Policy Director Mr. Pranesh Prakash and Programme Officer Nehaa Chaudhari has addressed an open letter to Prime Minister Narendra Modi on the intellectual property right issues concerning his visit to the United State of America in September, 2015.

The article by Apoorva Mandhani was published by LiveLaw on September 23, 2015. CIS Open Letter here.

The letter makes a two-fold request: first, that the Government of the USA be requested to ratify the Marrakesh Treaty for visually impaired persons and second, that the Indian Government should not enter into any negotiations around the Trans-Pacific Partnership trade agreement.

The letter relies on the statistics released by the World Blind Union, according to which 90% of all published material is not accessible to blind or print disabled people. The severity of the ‘book famine’, it says, was highlighted by India in its Closing Statement at the Diplomatic Conference convened to conclude the Marrakesh Treaty.

India was the first country to ratify the Marrakesh Treaty in June, 2014. However, the Marrakesh Treaty will come into effect only after 20 Member States have ratified it or acceded to it. As per information available from the World Intellectual Property Organization, only 9 countries have ratified or acceded to the treaty and USA is not one of it. The letter therefore requests Mr. Modi to request USA ratify the Marrakesh Treaty at the earliest.

It says, “The USA is home to some of the largest publishers of both academic and other/leisure material including Penguin Random House, Harper Collins, John Wiley & Sons, the RELX Group, McGraw-Hill Education, Scholastic and Cengage Learning to name a few. It accounts for a large volume of the world’s book and other print material export. The active participation of the USA through the ratification of the Marrakesh treaty is critical if the treaty is to be truly effective.”

With regard to the Trans-Pacific Partnership trade agreement, the letter communicates its concern regarding the secrecy of negotiations as well as the content of the chapter on intellectual property in the TPP.

Provisions sought to be imposed through the TPP mandate the inclusion of TRIPS plus provisions in national laws, envisage possible extensions in term of protection on patents, restrict copyright exceptions and limitations, extend copyright protection terms and impose a higher liability on intermediaries. All these provisions, it says, “would be disastrous for an emerging economy such as India’s, which is a heavy user of intellectual property and not a heavy producer of the same.”

Highlighting CIS’s concerns, the letter requests that any engagement in TPP negotiations be preceded by national consultations on the same, soliciting input from various stakeholders with diverging interests, including academia, civil society, industry associations, large Indian corporations, small and medium enterprises and multi- national corporations, rights holders associations and other interest groups.

For more details visit http://editors.cis-india.org/a2k/news/live-law-apoorva-mandhani-september-23-2015-open-letter-from-cis-to-pm-modi-on-intellectual-property-rights-issues-on-his-visit-to-us

Bowing to public pressure, govt withdraws draft encryption policy

praskrishna — 2015-10-01T02:15:17Z

Bowing to pressure from the public, the government on Tuesday withdrew a draft policy that sought to control secured online communication, including through mass-use social media and web applications such as WhatsApp and Twitter.

The article was published by the Hindustan Times on September 22, 2015. Pranesh Prakash was quoted.

Communications and information technology minister Ravi Shankar Prasad announced the government’s decision at a news conference, saying the draft National Encryption Policy will be reviewed before it is again presented to the public for their suggestions.

“I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded,” Prasad said. He said the draft would be re-released, but did not say when it would be made public.

“Experts had framed a draft policy...This draft policy is not the government’s final view,” he added. “There were concerns in some quarters. There were some words (in the draft policy) that caused concern.”

The draft will be reviewed and experts will be asked to specify to whom the policy will be applicable, Prasad said. He did not say when the new draft will be made public.

Those using social media platforms and web applications fell outside the scope of an encryption policy, Prasad said.

Several countries have felt the need for an encryption policy because of the boom in e-commerce and e-governance, he remarked. “Cyber space interactions are on the rise. There are concerns about security. We need a sound encryption policy,” he said.

Before Prasad announced the withdrawal of the draft policy, the government had issued an addendum early on Tuesday to keep social media and web applications like WhatsApp, Twitter and Facebook out of its purview.

Secure banking transactions and password protected e-commerce businesses too will be kept out of the ambit of the proposed policy, the addendum said.

The climb down by the government came following a storm of protests from users who objected to any stringent state controls on the use of email, social media accounts and apps.

According to the original draft, users of apps such as WhatsApp and Snapchat would be required to save all messages for up to 90 days and be able to produce them if asked by authorities.

Experts told Hindustan Times the draft policy, if implemented in its current form, could compromise the privacy of users and hamper the functioning of several multi-national service providers in India.

Nikhil Pahwa, editor of the MediaNama website that tracks cyber issues and tech news, said there were several problems even with the addendum to the draft policy.

“The usage of the phrase ‘currently in use’ renders the policy vague: Firstly, when is ‘currently’?” he questioned in a post on his website.

“Will a new service that uses a different kind of encryption to protect its users, still be covered? Why should users be ‘restricted to encryption currently in use’? Why should services like Whatsapp, Facebook and Twitter define our security standards?” said Pahwa, who also volunteers for savetheinternet.in.

Pranesh Prakash, policy director for The Centre for Internet and Society, tweeted that even the addendum “does not clarify anything, but further muddles the encryption policy”.

Social media users called the draft “draconian” and “delusional”, and Congress leader Manish Tewari too attacked the Union government.

“The encryption policy (draft) is a snooping and spying orgy. After net chats, the government may want you to keep a video record of what you do in your bedroom for 90 days,” the Congress spokesperson told reporters.

The draft policy had been posted online last week to seek suggestions from the public.

For more details visit http://editors.cis-india.org/internet-governance/news/hindustan-times-september-22-2015-bowing-to-public-pressure-govt-withdraws-draft-encryption-policy

India encryption policy draft faces backlash

praskrishna — 2015-09-22T01:59:44Z

The department of information technology is facing a backlash from industry experts, Internet watchers and netizens on its draft of the National Encryption Policy that it recently made public.

The article by Moulishree Srivastava was published in Livemint on September 22, 2015. Pranesh Prakash gave inputs.

While the draft policy aims to enable a secure environment for both information and transactions in cyberspace for individuals, businesses and government, experts are concerned over privacy and outdated standards prescribed in the policy, among other things.

The policy puts the onus to produce encrypted information when demanded by government agencies on Indian citizens as well as on all the online service providers including instant messaging and e-commerce services that use encryption technology (to convert plain information to an unreadable format).

The department put the policy online late last week and it came on the radar of industry watchers and experts over the weekend. The policy is open for comments from the public till 16 October.

The policy, in its current form, is poorly drafted and the measures listed in it make Indian information systems vulnerable to cyber attacks, experts say.

For instance, the policy has mandated the use of specific standards and algorithms for encryption.

Encryption can be compared to the process of translating information in one language into a foreign language.

“Specifying certain algorithms to be used for encryption, and restricting the key sizes is same as saying that you are only allowed to communicate using a language from a given set of government-specified languages and no other language can be used,” said Pranesh Prakash, policy director at the Centre for Internet and Society.

However, the ones mentioned in the draft policy are outdated and unsafe to use, experts say. Another thing that weakens the security considerably is the req-uirement for businesses and citizens to keep the information (that was encrypted and sent over) for 90 days, in case law en-forcement agencies demand it. But that also means that for those 90 days, cyber criminals, too, can access it, warn experts.

Another big gap in the policy is that it leaves out “sensitive departments/agencies of the government designated for performing sensitive and strategic roles”, said Prakash.

“When the policy states its mission to be the enhancing of confidentiality of information and of security of critical networks by laying out information security best practices, how does it make any sense to keep sensitive or strategic government department and agencies outside its purview?” he asked. “After all, these are the organizations that most need to be kept secure to enhance national cybersecurity.”

The draft is also ambiguous on which online services—be it shopping online or accessing email—people can use (in compliance with the law) and which online service providers will have to be registered with the government.

The policy states that “service providers located within and outside India, using encryption technology for providing any type of services in India, must enter into an agreement with the government for providing such services in India”. Users can only use the services that are registered with the government.

“This is the first time when users are actually being told what are the things they can and cannot do,” said Prakash.

“The government must take note that the knowledge and expertise of common citizens may be inadequate to understand the nuances of encryption,” said cyber law expert Na Vijayashankar on his blog. “For example, if a citizen uses a service available on the Internet which uses, say, a higher level of encryption than what is appro-ved, then this policy may make him liable for the violation.”

The problem is enhanced because all online services use some encryption technology. This means that practically all online activity will fall under this new policy.

For instance, companies like Apple or Microsoft use encryption technologies at various levels of their operating systems; e-commerce services like Flipkart, Amazon and Snapdeal; web browsers like Mozilla Firefox and Google Chrome and mail services like Gmail, Yahoo and Rediff may be required to register with the government. The only way they may escape this requirement is if there is an exemption for products that are in use at a large scale. Network security service providers like Cisco Inc. will also need to comply. (Cisco declined to respond to a query.) Snapdeal said it is still examining the draft policy, while Amazon, Google, Microsoft did not reply to emails sent by Mint. Yahoo said its spokesperson was unavailable.

One clause that is drawing a lot of ire from industry veterans and technology enthusiasts requires individual users and businesses to store all information that was sent in an encrypted form for 90 days from the date of transaction. The users would also be required to reproduce the plain text and the encrypted text, if demanded by law enforcement agencies.

The draft policy also overlooks the privacy concerns of citizens and businesses. “It is clearly a violation of freedom of speech. A large part of the policy states how the government can interfere with users, like, by demanding their private messages. The policy is anti-privacy law,” said Prakash. “Privacy and security go hand in hand. So, as this policy weakens the security of the information, it puts the privacy at greater risk.”

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-moulishree-srivastava-september-22-2015-india-encryption-policy-draft-faces-backlash

Outrage before sharing

praskrishna — 2015-09-20T17:08:14Z

Has the social media converted people into a lynch mob that seeks out justice and passes judgement instantly, without bothering to hear both sides of the story?

The article by Nikhil Varma was published in the Hindu on September 9, 2015. Rohini Lakshané was quoted.

The Internet has changed the way we communicate in more ways than we can imagine. Apart from being a medium to share pictures and updates with family and friends, social media has also become an arena where political debates are a commonplace and people are quick to make judgements. The social media space has become one where superlatives are commonly used and videos or conversations about inappropriate behaviour or even a tweet or Facebook post has a tendency to go viral and snowball into a shaming of the individual or organisation in question, without bothering to hear out the other side of the story. Outraging can be over anything, from the faults of the Government, to lay people who sometimes find themselves the subject of an online shaming campaign.

Recently, an FB user put up pictures of a person, who she claimed misbehaved with her on a street in Delhi. Within a few hours, the man’s picture went viral and he was arrested by the police, even as he was called names and abused on social media networks. A few days later, eyewitness accounts corroborated the man’s account of the incident. The response online now put the girl at fault and blamed her for politicising the issue. The initial response to the video of the Rohtak sisters bashing up alleged molesters also saw the outrage shifting sides.

How does one deal with people making judgements with a click of a button? Does online shaming dent the chances of people getting justice in genuine cases of assault?

Rohini Lakshané, a researcher at the Centre for Internet and Society says, “Online, public shaming is a useful and often effective strategy for calling out unacceptable behaviour when recourse to other remedies is tedious, time-consuming, or non-existent. Its flipside is that shaming online could lead to mob justice or a witch-hunt. The onus should be on the viewers or readers of such an act of shaming to not take the law into their own hands and on the news media to do their basic duty of checking facts before publishing or broadcasting anything.”

She adds, “People use social networking sites, among other things, as verandas where they can gather gossip, and talk about their interests. If people jumping the gun and being judgemental offline isn’t a cause for concern, I don’t see why it should be when it happens online.”

On checks, Rohini contends, “They would not be in the interest of free speech. It would, of course, make a difference if social media users paused to think.”

V. Shakti, Social Media and Branding Professional, points out that the mass adoption of social media platforms has had positive and negative effects. “It has ensured that anyone can reach out and get any information. The flip side is that this power to reach millions needs to be handled with care and responsibility. The Jasleen Kaur incident is a glaring reflection. Such is the mindset of people online that anyone who is shamed is assumed guilty and derided. Sometimes the shaming does permanent damage to the target and the effects are life-long. The minute Jasleen posted a picture online, even the media jumped in calling the guy a ‘pervert’, if this were some other country, they would be sued. We need to understand that un-shaming is not an option and hence be careful when throwing mud at someone online. Remember, it could be you tomorrow. Think, verify and then act. Like I always say, there are three sides to every story - yours, mine and the truth.”

For psychiatrist and Integrative medicine specialist Shyam Bhatt, online shaming is a combination of a sense of mob justice and the feeling of participating in a cause. “It is easy to sign up for a cause online, you can click share and feel good about yourself. People also tend to get swayed by what their friend circles are talking about.”

Social media user Praveen Rao feels an attempt to feel involved with causes is responsible for this phenomenon.

“It is important for people to check the authenticity and wait for a clear picture to emerge before talking about something. However, in the rush to appear clued in, people tend to share anything that goes viral, without pausing to think if someone’s life could be ruined. It is a good tool to call out genuine cases of misbehaviour and assault, but mob justice should be avoided.”

For more details visit http://editors.cis-india.org/internet-governance/news/hindu-nikhil-varma-september-9-2015-outrage-before-sharing