Centre for Internet and Society

CYFY 2013: India Conference on Cyber Security and Cyber Governance

praskrishna — 2013-09-26T06:50:15Z

The Observer Research Foundation in collaboration with the Federation of Indian Chambers of Commerce and Industry is holding the India Conference on Cyber Security and Cyber Governance at the Oberoi Hotel in New Delhi on October 14 and 15, 2013. Sunil Abraham will participate in this event as a speaker.

Click to download the full details in the event brochure.

Shri Kapil Sibal, Minister of Communications & Technology will give the inaugural address. Shri Shivshankar Menon, National Security Advisor, Government of India will give the keynote address. Shri Shashi Tharoor, Minister of State, Human Resource Development, Government of India will give the dinner table address on October 14.

On the second day, October 15, Minister Jaak Aaviksoo will give the keynote address and Shri Nehchal Sandhu, Deputy National Advisor, Government of India will give the valedictory address.

List of Speakers

Kapil Sibal, Minister for Communications and Information Technology, India
Shivshankar Menon, National Security Advisor, Government of India
Shashi Tharoor, Minister of State for Human Resource Development, India
Nehchal Sandhu, Deputy National Security Advisor, Government of India
A.P. Shah, Former Chief Justice, Delhi High Court
Arvind Gupta, Director General, Institute for Defence Studies and Analyses, India
Ashish Chauhan, CEO, Bombay Stock Exchange
C. Raja Mohan, Distinguished Fellow, ORF
Christopher Painter, Office of the Coordinator for Cyber Issues, Department Of State, USA
Dirk Brengelmann, Commissioner for International Cyber Policy, Federal Foreign Office, Germany
Eric H. Loeb, Vice President, International External Affairs, AT&T
Gabriel Siboni, Director, Cyber Warfare Program, Institute for National Security Studies, Tel Aviv University, Israel
Jaak Aaviksoo, Minister of Education and Research of the Republic of Estonia
Jamie Shea, Deputy Assistant Secretary General, Emerging Security Challenges, NATO
Joe Sullivan, CSO, Facebook
John Mallery, Research Scientist, MIT Computer Science & Artificial Intelligence Laboratory, USA
Maurizio Martellini, Secretary General, Landau Network-Centro Volta and IWG Executive Secretary, Italy
Michael Cheatham, Head U.S. Representative Office, Indo-US Science and. Technology Forum, USA
M.M.Oberoi, Indian Police Service, Joint commissioner of Police, Delhi Police, Government of India
Oleg Demidov, The Russian Center for Policy Studies, Russia
Peter Grabosky, Researcher, Australian National University, Australia
Prakash Nagpal, Senior Vice President, Product Marketing and Marketing, Narus
Rajan Mathews, Director General, Cellular Operators Association of India
Ram Narain, Deputy Director General (Security), Department of Telecommunication (DoT), Government of India
Sandro Gaycken, Freie Universität Berlin, Institute of Computer Science, Germany
Sean Kanuck, National Intelligence Officer for Cyber Issues, Office of the Director of National Intelligence, USA
Sunil Abraham, Executive Director, Centre for Internet and Society, Bangalore
Vijay Madan, Chief Mentor, Tata Teleservices (former Director, C-DOT), India
Vivke Lall, President & CEO, Reliance Industries Limited

For more details visit http://editors.cis-india.org/news/india-conference-on-cyber-security-and-cyber-governance

CYFY 2013 Event Brochure

praskrishna — 2013-09-26T06:49:18Z

For more details visit http://editors.cis-india.org/internet-governance/blog/cyfy-brochure.pdf

Cyberstalkers, the new bullies in town

praskrishna — 2016-07-04T02:44:39Z

The advent of social media and an increase in accessibility has led to increasing concerns with regard to cyber safety.

The article by S. Poorvaja was published in the Hindu on July 4, 2016. Pranesh Prakash gave inputs.

Bombarded with messages, poems and photographs from a cyber stalker across multiple social networking platforms, Shradha Muralidharan, a consultant in the city, said that being curt and asking the stalker to stop bothering was of no use.

“I initially did not want to engage with him as I was afraid that it would only provoke him more. But then ignoring him did not help as well and I was forced to speak to him. He, however, went ahead and contacted a host of my friends on these sites and asked them if they could introduce me to him,” she recalled.

Cyberstalking is now on the increase with people being flooded with messages and having their information online manipulated and used to threaten them with.

Vandhana,* an engineer from the city, says she thinks twice before posting content online — be it on her Instagram or her Facebook profile.

“Despite having adequate privacy tools, I later found that my photos and other information were being shared by a colleague who was on my friends’ list to his friend, who then proceeded to cyberstalk me,” she said.

What to share?

While multiple tools that social media sites offer do allow people to mute, block or even report people, Pranesh Prakash, Policy Director for the Centre for Internet and Society, said technical restrictions didn’t play much of a part in a situation where information one posts to a private audience is shared further, without their consent.

“Trust plays a large role in what you share online since someone can find a way to get around technological restrictions. While there are some violations that can be addressed by the law, a few cannot be, and it is important for people to be aware of the legal provisions that exist,” he added.

Be it social media meet-ups, Facebook friends catching up outside of the virtual world or web writers meeting to brainstorm ideas, the last five years have seen a gradual increase in such socialising and new safety concerns have cropped up.

Karthika, a chartered accountant from the city who went through an unpleasant experience of being stalked on social media sites and cyber-bullied, said that while the police were helpful when she sought them out, she was also constantly questioned as to why she was befriending people online in the first place.

“I tried not to keep mum about what was happening to me but was also simultaneously told by people that it would seem like I was drawing unnecessary attention to myself if I made public what was happening to me. More people should come forward and support the person who is getting stalked, rather than be intimidated,” she said.

The use of internet, email or any form of electronic communication to contact and harrass a person who has expressed disinterest, and to cause them trauma is what qualifies as Cyberstalking

To prevent misuse of information, social media users can use privacy tools and settings that enable them have a control on who vies their information

With smartphone apps for social media sites that have access to the user's location, caution must be exercised by the user in knowing who is privy to such information

With children being active online as well, the use of parental control softwares that helps monitor the content they share is necessary as they are vulnerable victims to stalking and cyber bullying

Knowledge about the cyber crime laws and where/whom to report incidences of the same to.

For more details visit http://editors.cis-india.org/internet-governance/news/the-hindu-s-poorvaja-july-4-2016-cyberstalkers-the-new-bullies-in-town

Cyberspying: Government may ban Gmail for official communication

praskrishna — 2013-09-02T04:19:53Z

The government will soon ask all its employees to stop using Google's Gmail for official communication, a move intended to increase security of confidential government information after revelations of widespread cyberspying by the US.

This article was published in the Times of India on August 30, 2013. Sunil Abraham is quoted.

A senior official in the ministry of communications and information technology said the government plans to send a formal notification to nearly 5 lakh employees barring them from email service providers such as Gmail that have their servers in the US, and instead asking them to stick to the official email service provided by India's National Informatics Centre.

"Gmail data of Indian users resides in other countries as the servers are located outside. Currently, we are looking to address this in the government domain, where there are large amounts of critical data," said J Satyanarayana, secretary in the department of electronics and information technology.

Snowden fallout

The move comes in the wake of revelations by former US National Security Agency contractor Edward Snowden that the US government had direct access to large amounts of personal data on the internet such as emails and chat messages from companies like Google, Facebook and Apple through a programme called PRISM.

Documents leaked by Snowden showed that NSA may have accessed network infrastructure in many countries, causing concerns of potential security threats and data breaches. Even as the new policy is being formulated, there has been no mention yet of how compliance will be ensured.

Several senior government officials in India, including ministers of state for communications & IT Milind Deora and Kruparani Killi, have their Gmail IDs listed in government portals as their official email.

A Google India spokeswoman said the company has not been informed about the ban, and hence it cannot comment on speculation. "Nothing is documented so far, so for us, it is still speculation," Google said in an email response.

A senior official in the IT department admitted on condition of anonymity that employees turn to service providers such as Gmail because of the ease of use compared with official email services, as well as the bureaucratic processes that govern creation of new accounts.

"You can just go and create an account in Gmail easily, whereas for a government account, you have to go through a process because we have to ensure that he is a genuine government user."

Last week, IT Minister Kapil Sibal said the new policy would require all government officials living abroad to use NIC servers that are directly linked to a server in India while accessing government email services. Sibal said there has been no evidence of the US accessing Internet data from India.

Sunil Abraham, executive director of Bangalore-based research firm Centre for Internet and Society, said he agrees with the government's decision to ban Gmail for official communication and that any official violating this needs to be punished.

"After Snowden's revelations, we can never be sure to what extent foreign governments are intercepting government emails," he said. Abraham, however, called the government's decision a "late reaction", as the use of Gmail and other free email services by bureaucrats has increased in the past.

"Use of official government email would also make it easier to achieve greater transparency and anti-corruption initiatives. Ministers, intelligence and law enforcement officials should not be allowed to use alternate email providers under any circumstance."

For more details visit http://editors.cis-india.org/news/times-of-india-august-30-2013-cyberspying-govt-may-ban-gmail-for-official-communication

CyberSecurityAgreements_Infographic_04.pdf

praskrishna — 2017-04-27T14:57:45Z

For more details visit http://editors.cis-india.org/internet-governance/files/CyberSecurityAgreements_Infographic_04.pdf

Cybersecurity and the Internet of Things

praskrishna — 2015-03-13T02:14:59Z

US Consulate Chennai formally Invite you for a talk by David F.Heyman on March 19, 2015 in Hotel Atria, Palace Road, Bangalore. The event is being organized by the US Consulate, Chennai, Cyber Security & Privacy Foundation (CSPF) and the Centre for Internet & Society (CIS).

Note: Please register to come to the event, if you are not attending please inform us.

David Heyman, former Assistant Secretary for Policy at the U.S. Department of Homeland Security and retired Software Engineer Reimagining and Transforming Cities, Governments, and Lives with the Internet of Things For the first time in human history more people live in cities than anywhere else.

By 2050 three-fourths of the world’s population will live in cities. As more and more people move to cities, more of the world’s challenges, from emerging infectious diseases, crime, economic growth, and environmental degradation, will be concentrated in cities. Citizens will expect and demand more from their leaders; and governments will face greater pressure to provide services better, faster, cheaper to more and more, potentially with less and less resources.

More than any other force driving change over the horizon, the Internet of Things (IoT) holds the potential to connect and infuse devices, business assets, infrastructures, and other elements of a city with greater intelligence and efficiencies to drive a new era of innovation and performance. And yet, this potential is juxtaposed against a backdrop of an explosion in cybercrimes and threats facilitated by the increased linkages between the physical and cyber world that is at the heart of IoT, and which affords malicious actors anywhere in the world the potential to disrupt services and lives on a far more consequential level than ever before.

In his remarks, David Heyman, former Assistant Secretary for Policy at the U.S. Department of Homeland Security, and retired software engineer, will discuss the extraordinary potential of the IoT, the barriers to adoption, and how governments and businesses can navigate this new frontier, work together, and re-imagine and transform cities—and nations—for tomorrow.

David F. Heyman

David F. Heyman has over two decades of experience as a leader in spurring innovation, risk management, and strategy development in the public and private sector. He is a leading expert in national security and international affairs, counterterrorism, cybersecurity, building resilience, and critical infrastructure protection, with broad experience in the U.S., Europe, Middle East and Asia. Heyman’s career includes service at the highest levels of the U.S. government, working in senior positions at the White House, the U.S. Department of Energy, the U.S. Department of Homeland Security, as well as in the private sector.

Most recently, Heyman concluded five years of service as Assistant Secretary of Policy (operating as an Under Secretary equivalent) at the U.S. Department of Homeland Security (DHS). As a member of the senior management team at DHS, Heyman was responsible for the Department’s strategic planning, risk and decision analysis, policy development, and thought leadership across all five departmental mission areas: counterterrorism, border security, immigration,
cybersecurity, and building resilience to disasters. During his tenure, Heyman helped transform the Department from a budget-driven to a strategydriven organization, and instituted an enterprise risk-management architecture for managing the Department’s $60 billion budget. He oversaw and initiated the Department’s largest expansion in global engagement, and in this role, led efforts to build new strategic partnerships with the World Customs Organization, the World Economic Forum, and some of the most consequential and complicated geopolitical relationships facing the United Stated today, including China, India, the European Union, and others. Heyman designed and launched multiple domestic, bilateral, and global initiatives to bolster U.S. security and prosperity. He was the chief architect of the nation’s first National Strategy for Homeland Security—the Quadrennial Homeland Security Review—which elevated and established cyber security and building national resilience as core homeland security missions. He led efforts around five Presidential Initiatives
to: empower communities to counter violent extremism; strengthen global supply chain security; expand travel and tourism to the United States; streamline and modernize the U.S. import and export system; and develop and implement a new perimeter approach to North American Security which resulted in the Beyond the Border Initiative signed by President Obama and Canadian Prime Minister Carper.

He led the creation of the Resilient STARTM program and the Rick Rescorla National Award for Resilience, and is wellknown for drafting the policy to eliminate the color-code Homeland Security Advisory System and replace it with a more disciplined National Terrorism Advisory System, now used by the U.S. government. Previously, Heyman founded and directed the Homeland Security Program at the Center for Strategic and International Studies (CSIS), one of the nation’s leading and most influential think tanks in international security and taught security studies and science and technology policy as an adjunct professor at Georgetown University. Heyman also served as a senior advisor to Energy Secretary Bill Richardson and oversaw development and implementation of a number of energy, infrastructure and technology initiatives, including leading and establishing a new portfolio approach to manage DOE’s $7 billion in research and development (R&D) investments.

Earlier in his career, Heyman was a senior policy advisor in national security and international affairs at the White House Office of Science and Technology Policy (OSTP), and was responsible for providing science, technology, and foreign policy advice to the President’s Science Advisor and the Vice President’s National Security Advisor. Before entering government, Heyman worked for nearly a decade as a computer systems software engineer, and head of international operations for a firm developing and deploying industrial automation, robotics, and supply-chain management systems for Fortune 100 companies. Heyman holds a Bachelor’s degree in biology from Brandeis University and a Master’s in international relations and economics from the Paul H. Nitze School of Advanced International Studies at Johns Hopkins University, where he graduated with the highest level of distinction. He is currently a member of the Aspen Homeland Security Strategy Group, Aspen’s U.S.-India Strategic Dialogue, and serves as co-chair of its Cyber Task Force.

For more details visit http://editors.cis-india.org/internet-governance/events/talk-on-cybersecurity-and-internet-of-things

Cybersecurity - Threat or Opportunity

praskrishna — 2017-07-07T02:42:28Z

For more details visit http://editors.cis-india.org/internet-governance/files/cybersecurity-threat-or-opportunity

Cyberscholars Working Group at MIT

praskrishna — 2014-01-09T06:41:31Z

Malavika Jayaram is giving a talk on Biometrics or Bust - India’s Identity Crisis at this event organised by Berkman Center for Internet & Society on December 12 at 6.00 p.m.

Read the original published by Harvard University here.

The Cyberscholar Working Group is a forum for fellows and affiliates of MIT, Yale Law School Information Society Project, Columbia University, and the Berkman Center for Internet & Society at Harvard University to discuss their ongoing research. Each session is focused on the peer review and discussion of current projects submitted by a presenter. Meeting alternatively at Harvard, MIT, Yale, the working group aims to expand the shared knowledge of young scholars by bringing together these preeminent centers of thought on issues confronting the information age. Discussion sessions are designed to facilitate advancements in the individual research of presenters and in turn encourage exposure among the participants to the multi-disciplinary features of the issues addressed by their own work.

This month's presentations include:
(1) "Lines of Control: Networks of Imperialism and Independence in India (1840-1947)"
Abstract: This paper examines the history of communications networks in India and the relationship between communications and second-order networks. It draws attention to the wave of colonial network development that took place in India between 1840 and 1948. During these years, Britain constructed a series shipping, rail and telegraph networks to achieve a set of military and commercial goals. This paper studies how first- and second-order networks developed, and the intended and unintended effects of these networks on Indiaʼs economics, politics, and identity. The paper draws on economic and social studies of colonial communications networks in India, original reports by British officials and the Colonial Office, and the literature focusing on the role of technology in British imperialism. It shows how Indiaʼs colonial communication networks, built to augment and extend British control over the subcontinent, became conduits for Indian resistance and nationalism.
Keywords: shipping, telegraph, railroads, imperialism, nationalism, network theory, India

Colin Agur is a PhD candidate at Columbia University and Visiting Fellow at Yale Law School's Information Society Project. His research examines India's telecommunications, focusing on mobile network formation and second-order effects of network growth. He spent the 2012-13 academic year in Delhi and Chennai, conducting document analysis, interviews with industry figures and participant observation related to mobile phone usage. He has published articles about Indian media and culture in Harvard's Nieman Lab, the Journal of Asian and African Studies and Journalism (forthcoming), and about telecommunications history in Information and Culture.

(2) Big Data Dramas in the 1960s and 1970s
Abstract: The recent frenzy in discussing NSA activities and the collecting of Big Data show a widespread critical concern for the current practice of gathering and using personal data. These concerns have their history. In my presentation, I track the beginnings of a growing public awareness and sensitivity towards the societal handling of personal data. I argue that the early computerization phase during the 1960s and 1970s played a crucial role in discussing these issues. Media reports, popular books, scientific publications, and political hearings all of a sudden began – often in quite different ways – to address and question contemporary practices of collecting, sharing, and storing of personal data. Their authors explored and negotiated all kind of societal settings where personal data played a significant role at that time. There have been concerns about these issues with personal data before, but – as I will show in my presentation – not on this broad societal level and to this extent as in the late 1960s and early 1970s. I argue that during that time, the usage of personal data became a highly controversial matter not only of public, but also of private interest.My inquiry examines how the term “data“ and in particular the collection of personal data became loaded with cultural and emotional significance in scientific and media discussions in the 1960s and 1970s in the United States and in Germany. Furthermore, it explores how the early computerization affected our societal handling of data long before the personal computer entered our private lives.

Julia Fleischhack is a visiting postdoctoral research fellow in the program in Science, Technology, and Society at the Massachusetts Institute of Technology. She holds a PhD in anthropology from Zürich University. Her current research is on data centers from the private sector and funded by the Fritz Thyssen foundation.

(3) Biometrics or Bust - India’s Identity Crisis
Abstract: India's identity juggernaut - the Unique Identity (UID) project that has registered around 500 million people and is yet to be fully realized - is already the world's largest ever biometrics identity scheme. Grounded in the premise that centralized de-duplication and authentication will uniquely identify people and eliminate fraud, it is hailed as a game changer and a silver bullet that will solve myriad socio-economic problems, yet its conception and architecture raise significant concerns. Its implementation as a techno-utopian project in a legal vacuum, despite the potential for abuse and exclusion, give pause to the much-vaunted claims of transforming welfare delivery and galvanizing financial inclusion. I will provide an overview of the identity project and highlight some of the key implications for privacy and free speech, and more broadly, democracy and openness. I will also unpack some of the narratives being constructed, describe the current public discourse and legal developments, and locate the project within the broader surveillance state and database nation that India is morphing into.

Malavika Jayaram is a Fellow at the Berkman Center for Internet and Society at Harvard, focusing on privacy, identity and free expression. A Fellow at the Centre for Internet and Society, Bangalore, she is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection directory. In August 2013, she was voted one of India's leading lawyers - one of only 8 women to be featured in the "40 under 45" survey conducted by Law Business Research, London.

For more details visit http://editors.cis-india.org/news/cyberscholars-working-group-mit

Cybercrime and Privacy

praskrishna — 2010-09-14T13:21:20Z

Elonnai Hickok examines privacy in the context of India’s legal provisions on cybercrime. She picks up the relevant provisions of the Information Technology Act as amended in 2008 dealing with cyber crimes and provides a fair analysis of the pros and cons of the amended Act.

What is Cybercrime?

Looking at the recent Facebook ‘break in’ where 100,000 of users’ information was downloaded and made accessible through a simple search engine, , and the new Microsoft virus that attacked 10,000 machines, it is clear that cybercrime is no longer an issue to be taken lightly. Cybercrime is defined as an unlawful act committed using a computer either as a tool or as a target (or both) for facilitating a crime. Although there is an overlap, some are more likely to use the computer as a tool, and others use it as a target. Examples of the former include: fraud, forgery, DOS, consumption of limited resources, cyberterrorism, IPR violations, software piracy, copyright infringement, trademarks violations, patent violations, cyber squatting, credit card frauds, forgery, EFT frauds, pornography, banking/credit card related crimes, sale or purchase of illegal articles, cyberstalking, phishing, theft, and breaches in privacy, and gambling. Crimes where the computer is made a target include: computer theft, physical destruction or alteration of network components, theft of computer source code, hacking, defacing websites, creation of viruses, destruction or alteration of configuration information and email spamming.

What is India's current legislation on cybercrime?

The Information Technology Act 2000 (amended in 2008)

The Information Technology Act was first drawn up in 2000, and has been revised most recently 2008. The Information Technology (Amendment) Bill, 2008 amended sections 43 (data protection), 66 (hacking), 67 (protection against unauthorised access to data), 69 (cyberterrorism), and 72 (privacy and confidentiality) of the Information Technology Act, 2000, which relate to computer/cybercrimes.

Section 43 [Penalty and Compensation for damage to computer, computer system, etc.] amended vide Information Technology Amendment Act 2008 reads as under:

If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network:

accesses or secures access to such computer, computer system or computer network or computer resource (ITAA2008)
downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
disrupts or causes disruption of any computer, computer system or computer network;
denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;
provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under;
charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network;
destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means (Inserted vide ITAA-2008); and
Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, (Inserted vide ITAA 2008) he shall be liable to pay damages by way of compensation to the person so affected. (change vide ITAA 2008)

Critique: In comparison to the laws enacted in other countries, this provision still falls short of a strong data protection law. In most other countries data protection laws specify:

the definition and classification of data types;
the nature and protection of the categories of data;
that equal protection will be given to data stored offline and data stored manually;
that data controllers and data processors have distinct roles;
clear restrictions on the manner of data collection;
clear guidelines on the purposes for which the data can be put and to whom it can be sent;
standards and technical measures governing the collection, storage, access to, protection, retention, and destruction of data;
that providers of goods or services must have a clear opt - in or opt - out option; and
in addition, most countries provide strong safeguards and penalties against breaches of any of the above

Section 66 [Computer Related Offences] amended vide Information Technology Amendment Act 2008 reads as under:

If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to five lakh rupees or with both.

Explanation: For the purpose of this section,-

the word "dishonestly" shall have the meaning assigned to it in section 24 of the Indian Penal Code;
the word "fraudulently" shall have the meaning assigned to it in section 25 of the Indian Penal Code.

[Section 66 A] [Punishment for sending offensive messages through communication service, etc.]

(Introduced vide ITAA 2008):

Any person who sends, by means of a computer resource or a communication device,-

any information that is grossly offensive or has menacing character; or
any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device;
any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages (Inserted vide ITAA 2008) shall be punishable with imprisonment for a term which may extend to three years and with fine.

Explanation: For the purposes of this section, terms "Electronic mail" and "Electronic Mail Message" means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.

[Section 66 B] [Punishment for dishonestly receiving stolen computer resource or communication device] (Inserted Vide ITA 2008):
Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.

[Section 66C] [Punishment for identity theft] (Inserted Vide ITA 2008):

Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

[Section 66D] [Punishment for cheating by personation by using computer resource] (Inserted Vide ITA 2008):
Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

[Section 66E] [Punishment for violation of privacy] (Inserted Vide ITA 2008):
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both

Explanation - For the purposes of this section--

“transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons;
“capture”, with respect to an image, means to videotape, photograph, film or record by any means;
“private area” means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
“publishes” means reproduction in the printed or electronic form and making it available for public;
“under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that:

he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or
any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place.

[Section 66F] [Punishment for cyber terrorism]:
(1) Whoever,-

(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by –

denying or cause the denial of access to any person authorized to access computer resource; or
attempting to penetrate or access a computer resource without authorisation or exceeding authorized access; or
introducing or causing to introduce any Computer Contaminant and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70, or

(B) knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life’.

Critique: We find the terminology in multiple sections too vague to ensure consistent and fair enforcement. The concepts of ‘annoyance’ and ‘insult’ are subjective. Clause (d) makes it clear that phishing requests are not permitted, but it is not clear that one cannot ask for information on a class of individuals.

Section 67 [Publishing of information which is obscene in electronic form] amended vide Information Technology Amendment Act 2008 reads as under:

Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

[Section 67 A] [Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form] (Inserted vide ITAA 2008):
Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form-

the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science, literature, art, or learning or other objects of general concern; or
which is kept or used bona fide for religious purposes.

[Section 67 B] Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form:

Whoever,-

(a) publishes or transmits or causes to be published or transmitted material in any electronic

form which depicts children engaged in sexually explicit act or conduct or

(b) creates text or digital images, collects, seeks, browses, downloads, advertises,

promotes, exchanges or distributes material in any electronic form depicting children in

obscene or indecent or sexually explicit manner or

and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or

(d) facilitates abusing children online or

(e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:

Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form-

(i) The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or

(ii) which is kept or used for bonafide heritage or religious purposes

Explanation: For the purposes of this section, "children" means a person who has not completed the age of 18 years.

[Section 67 C] [Preservation and Retention of information by intermediaries]:

(1) Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.

(2) Any intermediary who intentionally or knowingly contravenes the provisions of sub section (1) shall be punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.

Critique: This provision adequately protects both the corporate and the citizen in a positive way.

Section 69 [Powers to issue directions for interception or monitoring or decryption of any information through any computer resource] amended vide Information Technology Amendment Act 2008 reads as under:

(1) Where the central Government or a State Government or any of its officer specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if is satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be

intercepted or monitored or decrypted any information transmitted received or stored through any computer resource.

(2) The Procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed.

(3) The subscriber or intermediary or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub section (1), extend all facilities and technical assistance to –

(a) provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information; or

(b) intercept or monitor or decrypt the information, as the case may be; or

(4) The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with an imprisonment for a term which may extend to seven years and shall also be liable to fine.

[ Section 69B] Power to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security:

(1) The Central Government may, to enhance Cyber Security and for identification, analysis and prevention of any intrusion or spread of computer contaminant in the country, by notification in the official Gazette, authorize any agency of the Government to monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource.

(2) The Intermediary or any person in-charge of the Computer resource shall when called upon by the agency which has been authorized under sub-section (1), provide technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating, transmitting, receiving or storing such traffic data or information.

(3) The procedure and safeguards for monitoring and collecting traffic data or information, shall be such as may be prescribed.

(4) Any intermediary who intentionally or knowingly contravenes the provisions of subsection

(2) shall be punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.

Explanation: For the purposes of this section,

(i) "Computer Contaminant" shall have the meaning assigned to it in section 43

(ii) "traffic data" means any data identifying or purporting to identify any person, computer system or computer network or location to or from which the communication is or may be transmitted and includes communications origin, destination, route, time, date, size, duration or type of underlying service or any other information.

Critique: Though we recognize how important it is for a government to protect its citizens against cyberterrorism, we are concerned at the friction between these provisions and the guarantees of free dialog, debate, and free speech that are Fundamental Rights under the Constitution of India.

Specifically:

a) there is no clear provision of a link between an intermediary and the information or resource that is to be monitored.

c)the penalties laid out in the clause are believed to be too harsh, and when read in conjunction with provision 66, there is no distinction between minor offenses and serious offenses.

e) the ITA is too broad in its categorization of acts of cyberterrorism by including information that is likely to cause: injury to decency, injury to morality, injury in relation to contempt of court, and injury in relation to defamation.

Section 72 [Breach of confidentiality and privacy] amended vide Information Technology Amendment Act 2008 reads as under:

Save as otherwise provided in this Act or any other law for the time being in force, any person who, in pursuant of any of the powers conferred under this Act, rules or regulations made there under, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

[Section 72 A] Punishment for Disclosure of information in breach of lawful contract (Inserted vide ITAA-2008):

Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.

General Notes and Critiques:

As general notes on the ITA and data protection we find that the Act is lacking in many ways, including:

there is no definition of “sensitive personal data or information” and that term is used indiscriminately without.
the provisions and protections cover only electronic data and not stored data or non-electronic systems of media
in the absence of a data controller, liability is often imposed on persons who are not necessarily in a position to control data
civil liability for data breach arises where negligence is involved
criminal liability only applies to cases of information obtained in the context of a service contract.

For more details visit http://editors.cis-india.org/internet-governance/blog/privacy/privacy-ita2008

Cyber security, surveillance and the right to privacy: country perspectives

praskrishna — 2013-01-23T12:10:23Z

This blog post is fourth in a series of eight blog posts to report on the “Third South Asian Meeting on the Internet and Freedom of Expression” recently concluded in Dhaka, Bangladesh.

This post was published in the Internet Democracy Project Website on January 22, 2013. All the blog posts in this series are written by Richa Kaul Padte, the official rapporteur at the meeting.

'The best way to protect people’s rights is to enable people to protect their rights themselves' – Chinmayi Arun

Pranesh Prakash, CIS India	Opening the session on cyber security, surveillance and privacy, moderator Pranesh Prakash from the Centre for Internet and Society (India) frames the debate by talking about how the principles raised by discussions on security, privacy and surveillance are always in tension with each other. ‘The boundaries that have been drawn in a pre-digital era don’t apply online always [and] the classic model of state-controlled surveillance is not as relevant [today].’

Taking forward the discussion by setting both a global and national framework around the issue, Assistant Professor at the Delhi-based National Law University Chinmayi Arun brings to light the ways in which cyber security is consistently tabled on several global agendas; however, with little to no meaningful parallel discussions around the right to privacy. She also connects the idea of surveillance to notions of censorship vis a vis freedom of expression, and poignantly states: ‘surveillance is a lot more insidious than censorship – [so much] more can take place before people realise it is happening.’ Prakash furthers this idea in his transition between country perspectives by highlighting the ways in which surveillance measures are already established and heavily pervasive, with both Prakash and Arun advocating greater transparency in areas where these measures are in place. As Arun says, ‘it’s not true that every instance of surveillance needs to be secret until it’s done’, and distinguishing between necessary surveillance measures (in the case of crime investigations, for example) and those that position all people as criminals who must be monitored, is key to taking the discussion forward.

Chinmayi Arun, National Law University Delhi, India

Mohammed Nazmuzzaman Bhuian, Dhaka University

Mohammad Nazmuzzaman Bhuian, an Associate Professor from the University of Dhaka, opens a Bangladeshi country perspective with the question, ‘how does a cyber security act become a surveillance act?’ A cyber crime refers to any crime that involves a computer or a network, and the crimes under this can play out in two ways. The computer itself may be a target, or it may be used to carry out a crime. It is when it is used to carry out a crime that the question of online surveillance arises

Offering another perspective from Bangladesh, Head of the Centre for IT Security and Privacy and Assistant Professor, University of Asia Pacific, Mohammad Shahriar Rahman, discusses the manipulation of security and surveillance laws by the State in order to create greater security for itself. He cites the ban of YouTube in the country in response to a US-produced video ridiculing the Prophet Mohammed and the attacks on bloggers who have advocated for free speech on the Internet, including speech that may be anti-authoritarian or anti-religious. These examples echo Mariyath Mohamed’s perspectives on the interplay between religion, politics and censorship from the previous session, which clearly resound through many South Asian countries.

Mohammad Shahriar Rahman, University of Asia Pacific, Bangladesh

Kailash Prasad Neupane, Nepal Telecommunications Authority	Perspectives from Nepal, offered by speaker Kailash Prasad Neupane from the Nepal Telecommunications Authority, highlight the acute similarities between the laws in different South Asian countries, which all position the freedom of expression as ‘subject to certain restrictions’, where the subjectivity of the clause tends to be interpreted by a powerful and majority State against its minority citizens, thus undermining both democracy and citizens’ rights. As Rahman says, ‘if the government wants to be seen as democratic in these times, they need to realise you can’t jail everyone who is critical of the Prime Minister.’

Speaking from the floor, Bishakha Datta, from Mumbai-based women’s media organisation Point of View, expands on the speakers’ views by highlighting the ways in which, given the extensive measures of State security and surveillance, societies themselves become structured around a culture of surveillance that citizens in turn internalise and see as a necessary part of their lives. She asks, ‘when we talk about the right to privacy, are we saying that we are willing to accept surveillance as long as our privacy is maintained, or are we opposing it on the grounds of privacy?’ Echoing Prakash’s idea that ‘the way in which security and privacy are portrayed as being at loggerheads is false’, Arun responds to Datta by advocating privacy as the starting point for all discussions surrounding security. In summary she states, ‘we must underline our right to privacy,and that right must always dominate. One must always start with that right, and then narrow the circumstances in which, only when it is absolutely necessary and to the extent absolutely necessary, it may be violated.’ And it is through this consistent demand for the right to privacy, and the placing of citizens and individuals (rather than the interests of the State) at the heart of these conversations, that we can see security and privacy as co-existing notions that work to ensure, rather than suppress, freedom of expression.	Bishakha Datta, Point of View, India

For more details visit http://editors.cis-india.org/news/internet-democracy-richa-kaul-padte-jan-22-2013-cyber-security-surveillance-and-the-right-to-privacy

Cyber Security Summit 2015

praskrishna — 2015-12-16T02:10:24Z

The Government of Karnataka in association with Biz Wingz Production House organized this Summit on November 27, 2015 at JW Marriott, Bangalore from 10.30 a.m. to 5.30 p.m. Sunil Abraham was a panelist.

Cloud-based applications are often the darling of the CFO and the nemesis of the CISO & CIOs. How can an organization migrate to the cloud, thus relinquishing control, but still maintain security? Are we sacrificing security and robustness in exchange for other priorities? How do ‘Snowden’ disclosures change the legal and risk nature of cloud decision making and governance? What can proactive cloud providers do to capture the opportunity in the disruption? The panel explored these topics and more to provide the cutting edge thinking and perspectives you need to shape your own cloud strategies in ways that balance multiple priorities.

Panelists

Parag Deodhar, Chief Risk Officer, Bharti AXA General Insurance & Chief Operational Risk Officer India
Sunil Abraham, Executive Director, Centre for Internet and Society
Atul kumar, GM IT, Syndicate Bank
Lopa Mudra Basu, AVP & Head of Enterprise Security & Risk Governance, SLK Global
Sagar Karan, Chief Information Security Officer, Fullerton India Credit Co. Ltd.
R Vijay, CISO –Technology, Mahindra & Mahindra Financial Services Limited
Sanjivan S Shirke, Senior Vice President-Information Technology, Head -Information Security, UTI Asset Management Company Limited.
Sanjay Sahay, IPS, ADGP, Grievances & Human Rights, Police Dept, Govt of Karnataka (moderator).

More information about this event

For more details visit http://editors.cis-india.org/internet-governance/news/cyber-security-summit-2015

Cyber Security Policy Research

praskrishna — 2015-10-16T16:47:12Z

Tim Maurer will give a presentation on cybersecurity policy research at the Centre for Internet & Society's New Delhi office on October 18, 2015, from 2 p.m. to 5 p.m. Geetha Hariharan and Sunil Abraham will participate in this event.

Tim Maurer's talk will give an outline of the definitional issues involved, the various threats to the confidentiality, integrity, and availability of information and underlying infrastructure, the actors involved and international efforts to address cybersecurity. The talk will also provide an overview of existing and ongoing cyber security policy research.

Tim Maurer

Tim Maurer is an associate at the Carnegie Endowment for International Peace. His work focuses on cyberspace and international affairs, with a concentration on global cybersecurity norms, human rights online, Internet governance, and their interlinkages. He is writing a book on cybersecurity and proxy actors.

Maurer serves as a member of the Research Advisory Network of the Global Commission on Internet Governance, the Freedom Online Coalition’s cybersecurity working group “An Internet Free and Secure,” and co-chaired the Civil Society Advisory Board of the Global Conference on CyberSpace. In 2014, he developed the Global Cyber Definitions Database for the chair of the OSCE to support the implementation of the OSCE’s cyber confidence-building measures. In 2013 and 2014, Maurer spoke about cybersecurity at the United Nations in New York and Geneva and co-authored “Tipping the Scale: An Analysis of Global Swing States in the Internet Governance Debate,” published by the Global Commission on Internet Governance. His work has also been published by Jane’s Intelligence Review, TIME, Foreign Policy, CNN, Slate, and other academic and media venues.

Prior to joining Carnegie, Maurer was the director of the Global Cybersecurity Norms and Resilience Project at New America and head of research of New America’s Cybersecurity Initiative. He also gained experience with the United Nations in Rwanda, Geneva, and New York focusing on humanitarian assistance and the coordination of the UN system.

For more details visit http://editors.cis-india.org/internet-governance/events/cyber-security-policy-research

Cyber Security Newsletter (September 2016 - June 2017)

praskrishna — 2017-07-20T13:45:18Z

For more details visit http://editors.cis-india.org/internet-governance/files/cyber-security-newsletter-september-16.pdf

Cyber experts suggest using open source software to protect privacy

praskrishna — 2013-07-03T04:32:48Z

Big Brother is watching. With the Central Monitoring System (CMS) at home and PRISM from the US, millions of users worldwide have become vulnerable to online surveillance by state agencies without even realizing it. No surprise, several cyber security experts feel that building one's own personal firewall is a good way of fortifying online privacy.

The article by Kim Arora was published in the Times of India on June 22, 2013. Sunil Abraham is quoted.

One enterprising netizen has compiled a list of services, from social networks to email clients, and even web browsers, that offer better protection from surveillance. They are listed on a web page called prism-break.org.

When asked about steps that a digital native can take to protect his privacy and online data, Sunil Abraham, executive director of Bangalore-based non-profit Center for Internet and Society said, "Stop using proprietary software, shift to free/open source software for your operating system and applications on your computer and phone. Android is not sufficiently free; shift to CyanogenMod. Encrypt all sensitive Internet traffic and email using software like TOR and GNU Privacy Guard. Use community based infrastructure such as Open Street Maps and Wikipedia. Opt for alternatives to mainstream services. For example, replace Google Search with DuckDuckGo."

Use of licensed or proprietary software, which bind users legally when it comes to use and distribution, seems to be losing favour among an informed niche. While alternative software cannot offer absolute protection, it is being seen as a "better-than-nothing" option. Anonymisers like TOR, though also not entirely foolproof, are also a popular option among those who wish to keep their web usage untraceable. Once installed on a browser, anonymisers can hide the route that digital traffic takes when sent from your computer over a network before emerging at an end node.

There is one caveat, though. Some websites can deny service to users operating on certain anonymising networks. Also, anonymisers are known to reduce browsing speeds. In India, where broadband speeds are already abysmally low, anything that slows one down even further would find popularity hard to come by.

Computer and network security expert Aseem Jakhar too recommends open source software since they offer the convenience of customization to suit one's encryption needs and are able to verify the source code. For laypersons, there are other tools. "One can use anonymisers like TOR which encrypt your communication and hide your identity. With these it becomes very difficult to exactly locate the source. For email clients, it is best to use ones that offer end-to-end strong encryption," he says. Jakhar, co-founder of open security community "null", also recommends the use of customized and Linux systems for more advanced users. Default Linux distributions, he points out, may have free online services which can again be analysed by the governments.

The home-bred CMS programme seeks to directly procure data pertaining to call records and internet usage for intelligence purposes without going through telecom service providers. There were fears of abuse when information about the programme, kept under strict wraps by the government, trickled in. Department of Telecom and Ministry of IT and Communication have been reticent about the state of implementation of the 400-crore rupees programme.

PRISM, a similar, international monitoring programme mounted by the US and revealed to the world by the US National Security Authority whistleblower Edward Snowden, has raised concerns of safeguarding digital information the world over.

For more details visit http://editors.cis-india.org/news/times-of-india-june-22-2013-kim-arora-cyber-experts-suggest-open-source-software-to-protect-privacy

Cyber Dialogue Conference 2014

praskrishna — 2014-04-08T05:09:54Z

The Cyber Dialogue conference, presented by the Canada Centre for Global Security Studies at the Munk School of Global Affairs, University of Toronto, will convene an influential mix of global leaders from government, civil society, academia and private enterprise to participate in a series of facilitated public plenary conversations and working groups around cyberspace security and governance.

Malavika Jayaram is participating in this event being held on March 30 and 31, 2014. Full event details here.

After Snowden, Whither Internet Freedom?

A recent stream of documents leaked by former NSA contractor Edward Snowden has shed light on an otherwise highly secretive world of cyber surveillance. Among the revelations — which include details on mass domestic intercepts and covert efforts to shape and weaken global encryption standards — perhaps the most important for the future of global cyberspace are those concerning the way the U.S. government compelled the secret cooperation of American telecommunications, Internet, and social media companies with signals intelligence programs.

For American citizens, the NSA story has touched off soul-searching discussions about the legality of mass surveillance programs, whether they violate the Fourth and Fifth Amendments of the U.S. Constitution, and whether proper oversight and accountability exist to protect American citizens' rights. But for the rest of the world, they lay bare an enormous “homefield advantage” enjoyed by the United States — a function of the fact that AT&T, Verizon, Google, Facebook, Twitter, Yahoo!, and many other brand name giants are headquartered in the United States.

Prior to the Snowden revelations, global governance of cyberspace was already at a breaking point. The vast majority of Internet users — now and into the future — are coming from the world’s global South, from regions like Africa, Asia, Latin America, and the Middle East. Of the six billion mobile phones on the planet, four billion of them are already located in the developing world. Notably, many of the fastest rates of connectivity to cyberspace are among the world’s most fragile states and/or autocratic regimes, or in countries where religion plays a major role in public life. Meanwhile, countries like Russia, China, Saudi Arabia, Indonesia, India, and others have been pushing for greater sovereign controls in cyberspace. While a US-led alliance of countries, known as the Freedom Online Coalition, was able to resist these pressures at the Dubai ITU summit and other forums like it, the Snowden revelations will certainly call into question the sincerity of this coalition. Already some world leaders, such as Brazil’s President Rousseff, have argued for a reordering of governance of global cyberspace away from U.S. controls.

For the fourth annual Cyber Dialogue, we are inviting a selected group of participants to address the question, “After Snowden, Whither Internet Freedom?” What are the likely reactions to the Snowden revelations going to be among countries of the global South? How will the Freedom Online Coalition respond? What is the future of the “multi-stakeholder” model of Internet governance? Does the “Internet Freedom” agenda still carry any legitimacy? What do we know about “other NSA’s” out there? What are the likely implications for rights, security, and openness in cyberspace of post-Snowden nationalization efforts, like those of Brazil’s?

As in previous Cyber Dialogues, participants will be drawn from a cross-section of government (including law enforcement, defence, and intelligence), the private sector, and civil society. In order to canvass worldwide reaction to the Snowden revelations, this year’s Cyber Dialogue will include an emphasis on thought leaders from the global South, including Africa, Asia, Latin America, and the Middle East.

For more details visit http://editors.cis-india.org/news/cyber-dialogue-conference-2014