At the International Judicial Conference organized by the Supreme Court, Justice DY Chandrachud on Sunday said that privacy in the digital age is facing a crucial challenge from hackers, private firms and the government, PTI reported.

Challenges to privacy in the digital age and the era of artificial intelligence

Speaking during a panel discussion on the “Role of Judiciary in Protecting Privacy of Citizens in the Internet Age”, Justice Chandrachud said, “The challenges to privacy are presented by three key actors—(i) hackers; (ii) private companies; and (iii) the government. This presents a range of concerns: First, there is a possibility of serious data breach and the misuse of personal information. Second, vast silos of data may be used to profile people and to discriminate against vulnerable groups. Third, there is a chilling effect on free speech and disclosure of information.”

In line to become the Chief Justice in 2022, Justice Chandrachud said that judges need to see how to apply the standard of proportionality, created in the pre-digital age, in the backdrop of complexities of the digital age.

Emphasizing the importance of the judiciary in the matter he said it was the responsibility to balance the right to privacy with other rights, and then supplement existing legislative frameworks especially in an age where technology governs many aspects of people’s lives and privacy is an illusion. He said, “The digital world has been ushered in at a pace which the incremental change of judicial decisions can scarcely match. Our Constitution protects the right to personal freedom, human dignity and liberty.”

In today’s world, every individual identity is viewed in terabytes of information and every individual is viewed as a collection of data represented by activities on the Internet like shopping preferences, social media patterns, geographic location and personal biometric information, he posed.

“This defines two new horizons: The first is data aggregation, which, like ‘death by a thousand cuts’, is the collection of unconnected data to map the identity of the individual. This has the potential to seriously threaten the rights of individuals to keep their personal and sensitive information private and to control how their information is used.”

He also spoke about the second horizon – artificial intelligence which comprehends machine learning analysis of political beliefs, religious affiliation, race, ethnicity, health, status, gender and sexual orientation, he said, “Our individual data is aggregated and disaggregated to sort, score, classify, evaluate and rank people. How comfortable are with artificial intelligence telling us whether an offender who seeks bail is likely to be a repeat offender?”

Praises for the President

Speaking about President Ram Nath Kovind who was also present at the conference he said, “Presence of President of India in our midst today is of special significance. Before assuming the highest constitutional office the President was a senior member of the Supreme Court Bar until the call of the nation carved out a course for the future. Role of a judge requires legal and constitutional statesmanship. The President’s vast experience in matters of law and state imparts to his presence a unique significance for us.”

Crowded courts a vibrant space for dialogue

Speaking about the significance of the conference organized by the Supreme Court and that in jurisdictions across the world, judges are drawn from the Bar or upon a career progression, he said, “Lawyering gives to the individual a steady stream of new information on which new thoughts and ideas can evolve. Crowded court house corridors are a vibrant space for dialogue and social contacts. In contrast, judges lead a staid and some would say an isolated life. The lively bustle of court corridors is replaced almost overnight by the calm and quiet of judicial chambers. Hence experiences such as those gained by such conferences rekindle the joy of being surrounded by ideas, opinion and open the windows of our chambers and our mind to jurisdictions across the world.”

Related:

Police blocking roads, Shaheen Bagh protesters getting blamed
Assam NRC: Allegations of inclusion of ‘ineligible’ people in list
Is MHA distancing itself from Assam Clause 6 committee report?

The post Privacy at threat from private companies, govt.: Justice DY Chandrachud appeared first on SabrangIndia.

This is what political parties and others are asking: was it a government agency that bought the hacking tools from the Israeli company? And used it against its own citizens? Are we, as Justice Srikrishna said, becoming an Orwellian surveillance state?  Justice Srikrishna headed the committee that gave detailed recommendations on framing a data and privacy protection law. Though its recommendations were submitted in 2018, the government has been dragging its feet over such a law protecting the privacy of its citizens.

If we listen to Ravi Shankar Prasad, the IT minister, it is either the fault of the Congress, who used to bug their opponents phones; or Facebook’s: he has asked WhatsApp to “explain” the hacks. In other words, deflect from the simple and straight forward question, did any central government agency buy or license Pegasus from the Israeli company?

Under the rules of the IT Act, ten central government agencies were notified in 2018, who have powers of interception. The home ministry’s denial on an RTI on whether Pegasus was procured by the government, was limited only to agencies under the home ministry. What about agencies such as NTRO, RAW and CBI, which are not under the home ministry? Why has the voluble Ravi Shankar Prasad, otherwise offering his opinion on everything under the sun, been so coy about providing a straight answer to this question?

The CPI(M) in a press statement raised questions, “The government needs to answer whether any of its agencies were involved in the use of this hacking software, particularly since most of the persons affected were targeted by the government in May last year. Under law, hacking peoples phones would constitute a cyber crime. If the government is not involved in the Pegasus software as it claims, why has it not filed an FIR and started criminal investigations?”

NSO, the Israeli company has claimed that they supply such software only to government agencies. If indeed the Indian government agencies are not involved, then the hacking of peoples smartphones constitute a criminal offence. Why has the government, specifically the IT ministry not filed an FIR and started criminal investigations on this? Blaming the Congress for previous misdeeds including the Emergency, does not absolve this government from performing its constitutional duties. Or is it the IT minister’s kindergarten alibi that “they did first”?

NSO has been notorious for supplying its hacking tools to governments and various spy agencies. Among its buyers have been Saudi Arabia and United Arab Emirates, who have used these tools to hack into their critics phones and computers. It was widely reported that Jamal Khashoggi’s iPhone was hacked by Saudi intelligence agencies using Pegasus, prior to his killing in Saudi’s Istanbul consulate. 

The only legal step that has been taken in this hacking is Facebook, the owner of WhatsApp platform, filing a civil suit for damages against two Israeli entities, NSO and Q Cyber Technologies, in a Federal Court in San Francisco, US.

What is Pegasus “software” and how does it affect the smartphone users, particularly WhatsApp users? The Israeli company supplies hacking tools for various kinds of devices including Android based smartphones or iPhones, who between them have a near 100 per cent monopoly (or duopoly)  over all smartphones. For WhatsApp, which has been widely publicising its 100 per cent end-to-end encryption, it is particularly embarrassing, as it has neglected to tell its users that such encryption does not help if the users’ phones are hacked; such information is available in unencrypted form on the users’ phones. To compound their embarrassment, the Pegasus hacking software used a security hole in the WhatsApp software.

The current security hole has been patched by WhatsApp. But this was only one such hole. There are many others which are not even known. These are called zero-day exploits – meaning that they are unknown to the supplier of such software – and are sold by criminals on the Dark Net. Even companies pay big money to hackers to learn about their security holes, quite often buying such information from the same Dark Net that criminals use.

If this buying and selling of such software are limited to only criminals or companies intent on patching their systems against vulnerabilities, the problems would have been far less than what we face today. This has been made far worse due to government’s intelligence agencies entry into this business. They bring in big bucks, large teams and tap into the leading research institutions in the name of national security.

While the US and the western media has been talking about Russia and China, they are largely silent on Israeli agencies and of course US agencies NSA-CIA, and UK’s GCHQ. These three sets of intelligence agencies have developed the most extensive suit of software tools or attack tools for penetrating computers, smartphones, the switches and routers that are a part of the telecom infrastructure of every country and even in our homes.

In this sense, hacking tools and cyber weapons are not significantly different, only their purpose is different. If anybody hacks into a computer or a phone, the hacker – and not the consumer –  effectively owns the phone as they can control what the device does.

In the US, its domestic laws, permissive as they are under their so-called global war on terror, still has a modicum of protection on domestic surveillance; even under the FISA courts’ very wide latitude given to the security agencies. We know from Snowden and WikiLeaks revelations that the US had penetrated the telecom infrastructure of every country, and had backdoors to US manufactured equipment and software platform for installing its spyware.

The Israeli agencies worked closely with the US agencies. The US could not sell such software or equipment to “friendly” monarchies and fascist rulers as it comes under export control rules. In US, these software are recognised as weapons, and their exports are strictly controlled. No such controls exist for the Israelis, who use a number of companies that are very closely tied to the Israeli military and its spy agencies. NSO and other such companies are essentially the US-Israeli arm of supplying such software tools to other spy agencies of “friendly” governments.

Such sale of software tools to the government of other countries also provide the US and Israel additional intelligence feeds. The countries including India may feel that they have “bought” this software, but all such software operates based on “servers” set up by such companies, which again are linked to Israel. All this information goes back to Israel and the US spy agencies. When governments buy such software from foreign sources, they in effect, are partnering foreign agencies to spy on their own citizens; or help foreign powers shape the domestic narrative. If NTRO or RAW have indeed bought Pegasus, the narrative that such hacking can produce, can be easily manipulated by Israeli or US spy agencies. This is the risk of “outsourcing” intelligence operations and tools. 

According to a Reuters report on the victims of the WhatsApp Pegasus breach, … “a ‘significant’ portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. If the NSO’s claims of selling only to governments are correct, either the Pegasus spyware was used by governments to hack each other, or they were victims of Israeli spying. To compound the danger, the NSA’s and CIA’s spyware tools were dumped by hackers on the net in 2017 and are available to criminals. This shows how dangerous such software is for everybody, not just activists.

What make such tools particularly dangerous is that they are not the work of a few hackers but have the resources of a state behind them. These are not hacking tools but cyber weapons. This is why the governments need to sign a moratorium on developing and deploying such weapons, the same as we have on chemical and biological weapons.

First published in https://peoplesdemocracy.in/

The post What is Ravishankar Prasad Hiding on WhatsApp Hack? appeared first on SabrangIndia.

Image Courtesy: forbes.com

Last week, the Supreme Court bench of justices Arun Mishra and Indira Banerjee raised an alarm over the lack of privacy of citizens in India in a case where the petitioner, an IPS officer, had alleged that his phone, as well as of his family and his friend, was being tapped at the behest of the Chhattisgarh government. While it is not known yet whether the same was done in compliance with the law, it raises questions about the extent to which the government can impede our right to privacy in certain circumstances and are these considered to be reasonable restrictions and how well equipped are surveillance laws in India to handle the growing influence and reach of information technology.

The right to privacy

The right to privacy was upheld once again by the Supreme Court in its landmark judgment in the Aadhar case in 2017. While it did uphold an individual’s right to privacy, it did not hold the Aadhar Act to be unconstitutional, but only made linking of Aadhar card details voluntary in all cases except for getting access to government’s social benefits schemes and for linking with PAN card to keep tax frauds in check. For now, that is the legal stand when it comes to Aadhar cards. However, what still remains a concern is the protection of data for which India has no legal provision. Although, the Aadhar Act provides for a Central Identities Data Repository and it has a Chapter on “Protection of Information” where the Aadhar Authority is to ensure the security of such information collected but there is no provision that holds the Repository or the Authority responsible or accountable in case of breach of data due to failure on their part to secure the sensitive personal information of the citizens. At this juncture one feels the need for data protection law in India.

Data protection and its importance for safeguarding right to privacy

In August 2017, the Central Government had set up the B.N. Srikrishna Committee to draft a bill on data protection. The Committee, among other things, highlighted that the Aadhar Act needs to be amended to bolster data protection and also recommended that a Data protection Authority be set up to regulate the collection and storage of data and it also imposed severe penalties for breach of data by third parties.

Nowadays, data is considered to the most valuable asset in the world. When the Cambridge Analytica case came up in the United States of America (USA), one realised how vulnerable is one’s data when it’s on social media and how private players do very little to protect the same. Personal data was used to manipulate minds of voters in order to get favourable election results. This shocking revelation had left the world stunned and the need for data protection has now become an extremely pressing issue. The delays by the parliament in passing a law for data protection is only exposing the data of its citizens to perilous threat, and the implications of the same need to be considered seriously by the government.

Breach of privacy, when necessary

Sometimes, the State is compelled to use certain measures to keep criminal activities in check, specially in cases of national or public emergency where there is an apprehension of threat to public law and order. The laws in India, however, provide for interception of communication by government vide 3 Acts. Section 26 of the Indian Post Office Act (for postal articles), section 5(2) of the Indian telegraph Act (for telephones), section 69 of the Information Technology Act for emails and chats. Each Act provides for different circumstances when the government can invoke interception.

• Postal articles: public emergency or in the interest of public safety or tranquillity

• Telephones and Emails/chats: interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order, for preventing incitement to the commission of an offence relating to the aforementioned.

Is the government listening?

In 1996, People’s Union of Civil liberties (PUCL) had filed a Public Interest Litigation (PIL) against the rampant phone tapping that had become a practice under the Rajiv Gandhi regime of 1980s. The Supreme Court realised the arbitrary manner in which the aforementioned provisions of the Telegraph Act were misused by the government for surveillance of the opposition members as well as its own Cabinet Members. The guideline laid down in this case cast a lasting shadow on Indian surveillance law and curbed the arbitrary use of surveillance provisions. The guidelines limited the time frame for interception to two months at a time and maximum six months after renewals, and required the authorization of high offices of Home secretary of either the Central government or the concerned state government. The guidelines also asked for destruction of the data so collected once its retention is not necessary.

Nearly 23 years have passed since the guidelines were laid out and there is an urgent need that apart from these guidelines, governments exercise greater caution while formulating and amending surveillance laws. Provisions of the aforementioned Acts mention circumstances which are open to wide and vague interpretations and hence prone to misuse despite of the guidelines.

Although the Supreme Court had held that tapping of phones is a serious invasion of privacy and that it falls under Article 21 (right to life and personal liberty) of the Constitution, it held the provisions of the Telegraph Act to be constitutional at the same time, falling under reasonable restriction under Article 19(2) of the Constitution.

In 2014, a report was released by Software Freedom and Law Centre said that the Indian government gives about 9,000 orders to tap phones each month. Technology is making it easier for phones to be tapped and conversations to be intercepted and people are getting more susceptible to breach of their privacy, specially by private players. In the wake of this, there is a dire need for a stringent law to come in place for making surveillance by private parties, without legal sanction, a punishable offence and for regulation of surveillance carried by government law enforcement agencies by giving out contracts to private players.

In 2016, the Indian Express had reported that between 2001 and 2006, spanning one NDA na done UPA government, the Essar group allegedly tapped telephones of VVIPs including cabinet ministers and corporate heads like Ambani brothers.

Facial recognition on roads!

In the background of the Kashmir Issue, political crisis of Maharashtra, the Ayodhya verdict, one news that needs to be put on a pedestal but is drowning is of the government, through the NCRB (National Crime Records Bureau) inviting proposals for installing facial recognition software in CCTVs on public roads. They call it the Automated Facial Recognition System (AFRS) and it will compare the image captured by the CCTV with their existing database. It has also proposed integrating AFRS with other databases such as Crime and Criminal Tracking Network & Systems (CCTNS), Integrated Criminal Justice System, State-specific database systems and Khoya paya portal, which is a citizen based website to exchange information on missing and found children.

In its 172 page “Request for Proposal to procure National Automated Facial Recognition System” , the NCRB has comprehensively mentioned all aspects of the scope, architecture of the project and other contractual details for the bidder. In the running are software like Amazon Rekognition; Face Recognition and Face Detection by Lambda Labs, Microsoft Face API; Google Cloud Vision and IBM Watson Visual Recognition. The request document of the NCRB, states that AFRS can play a very vital role in improving outcomes in the area of Criminal identification and verification by facilitating easy recording, analysis, retrieval and sharing of Information between different organizations. Additionally, it says that AFRS is a great investigation enhancer for identification of: criminals, missing children/persons, unidentified dead bodies and unknown traced children/persons.

The document then goes on to define the technical requirements in the software and contractual terms with the bidder. While all this “surveillance for better protection” is supposed to make us feel like we are moving to a more secure and crime-free environment, the truth is surveillance, without accountability is a dangerous proposition. This system which is to be introduced and implemented soon does not have any legal backing so far.

The proposal document can be read here.

Why is facial recognition a problem?

What is the harm in having a surveillance system without a legal sanction, you ask? Imagine tomorrow this repository maintained by the NCRB is intercepted by a private player stealthily for its personal gain or even at the behest of a political leader and the same is tampered with. Who will be held accountable? How will the private player and the political leader be punished in absence of a specific penal provision for the same? This is just one of the many concerns that will arise once the AFRS will be implemented.

Concerns have been raised on grounds that the accuracy of such systems is currently low, thus severely increasing the risk of misidentification when used by law enforcement agencies. Secondly, since the technology will learn from existing databases (e.g. a criminal database), any bias reflected in such a database such as disproportionate representation of minorities will creep into the system. False-positives as result of a low accuracy rate, combined with potentially biased law enforcement and a lack of transparency, could make it a tool for harassment of citizens.

Such facial recognition systems have been installed in countries like China and Russia as always democratic countries like France, United Kingdom and USA. Although many cities in the USA have banned the usage of such surveillance systems, it prevails in many other cities.

Another concern is that of lack of informed or even implied consent. While the relationship between the citizen and the government is of a social contract, not everything can be included under implied consent, specially with respect to a system which invades one’s facial identity. How can the state assume that in the interest of our own safety and maintenance of law and order, we are allowing the government to click our pictures and keep it in a repository and classify it as it pleases, without our knowledge!

The Way forward

To sum up, the arena of Indian surveillance law is lacking some stringent laws pertaining to data protection and regulation of surveillance. In both of these laws there needs to be an autonomous competent authority which can independently monitor the implementation and regulate the activities under the law, to ensure complete adherence. There are some major issues with the aforementioned Acts pertaining to postal articles and telephones and Information technology. The circumstances provided for in these laws, specially the ones pertaining to telephones and Information technology, are as easy as “prevention of incitement to commission of offence” albeit the offence is to be related to national and public interest. Such provisions are easily susceptible to misuse, especially if the approving authority is the state government itself, making it easier for political motives to be fulfilled.

Related:

How easy is it to tap someone’s phone?
No privacy left for anyone, what’s happening, asks SC
World’s biggest face recognition system arrives in India next month

The post Phone tapping and now face scan, Govt. creeping into our privacy appeared first on SabrangIndia.

What role did you play? Composite of Christos Georghiou and sdecoret/Shutterstock.com, CC BY-ND

The scandal in which Cambridge Analytica harvested data from millions of Facebook users to craft and target advertising for Donald Trump’s presidential campaign has provoked broad outrage. More helpfully, it has exposed the powerful yet perilous role of data in U.S. society.

Repugnant as its methods were, Cambridge Analytica did not create this crisis on its own. As I argue in my forthcoming book, “The Known Citizen: A History of Privacy in Modern America,” big corporations (in this case, Facebook) and political interests (in this case, right-wing parties and campaigns) but also ordinary Americans (social media users, and thus likely you and me) all had a hand in it.
 

The allure of aggregate data

Businesses and governments have led the way. As long ago as the 1840s, credit-lending firms understood the profits to be made from customers’ financial reputations. These precursors of Equifax, Experian and TransUnion eventually became enormous clearinghouses of personal data.

For its part, the federal government, from the earliest census in 1790 to the creation of New Deal social welfare programs, has long relied on aggregate as well as individual data to distribute resources and administer benefits. For example, a person’s individual Social Security payments depend in part on changes in the overall cost of living across the country.

Police forces and national security analysts, too, gathered fingerprints and other data in the name of social control. Today, they employ some of the same methods as commercial data miners to profile criminals or terrorists, crafting ever-tighter nets of detection. State-of-the-art public safety tools include access to social media accounts, online photographs, geolocation information and cell tower data.
 

Probing the personal

The search for better data in the 20th century often meant delving into individuals’ most personal, intimate lives. To that end, marketers, strategists and behavioral researchers conducted increasingly sophisticated surveys, polls and focus groups. They identified effective ways to reach specific customers and voters – and often, to influence their behaviors.

In the middle of the last century, for example, motivational researchers sought psychological knowledge about consumers in the hopes of subconsciously influencing them through subliminal advertising. Those probes into consumers’ personalities and desires foreshadowed Cambridge Analytica’s pitch to commercial and political clients – using data, as its website proudly proclaims, “to change audience behavior.”

Citizens were not just unwitting victims of these schemes. People have regularly, and willingly, revealed details about themselves in the name of security, convenience, health, social connection and self-knowledge. Despite rising public concerns about privacy and data insecurity, large numbers of Americans still find benefits in releasing their data to government and commercial enterprises, whether through E-ZPasses, Fitbits or Instagram posts.
 

Revealing ourselves

It is perhaps particularly appropriate that the Facebook scandal bloomed from a personality test app, “This is your digital life.” For decades, human relations departments and popular magazines have urged Americans to yield private details, and harness the power of aggregate data, to better understand themselves. But in most situations, people weren’t consciously trading privacy for that knowledge.

In the linked and data-hungry internet age, however, those volunteered pieces of information take on lives of their own. Individual responses from 270,000 people on this particular test became a gateway to more data, including that belonging to another 87 million of their friends.

Today, data mining corporations, political operatives and others seek data everywhere, hoping to turn that information to their own advantage. As Cambridge Analytica’s actions revealed, those groups will use data for startling purposes – such as targeting very specific groups of voters with highly customized messages – even if it means violating the policies and professed intentions of one of the most powerful corporations on the planet.

The benefits of aggregate data help explain why it has been so difficult to enact rigorous privacy laws in the U.S. As government and corporate data-gathering efforts swelled over the last century, citizens largely accepted, without much discussion or protest, that their society would be fueled by the collection of personal information. In this sense, we have all – regular individuals, government agencies and corporations like Facebook – collaborated to create the present crisis around private data.

But as Zuckerberg’s summons to Washington suggests, people are beginning to grasp that Facebook’s enormous profits exploit the value of their information and come at the price of their privacy. By making the risks of this arrangement clear, Cambridge Analytica may have done some good after all.
 

Sarah Igo, Associate Professor of History; Associate Professor of Political Science; Associate Professor of Sociology; Associate Professor of Law, Vanderbilt University

This article was originally published on The Conversation. Read the original article.

The post How you helped create the crisis in private data appeared first on SabrangIndia.

The post NaMo App: Your Data Is Now BJP’s Electoral Weapon appeared first on SabrangIndia.

Image Courtesy: TruePublica
 

On 23 March, India’s IT ministry issued a ‘notice’ to Cambridge Analytica (CA), the UK firm accused of harvesting Facebook data to carry out election campaigns and other behavioral psy-ops, asking it to answer six questions by 31 March. These questions are: i) whether they have been utilizing data of Indians collected from Facebook for any assignment ii) who engaged them for this iii) how did they come to be in possession of such data iv) was consent taken from the individuals v) how was such data used and vi) was any profiling done using this data?

Leaving aside the issue of whether simply asking a foreign company some questions is all that the ministry can think of, the fact that these queries are addressed only to CA and not to its parent company Strategic Communication Laboratories (SCL) shows that the Indian government is like a babe in the woods.
It is amply clear by now that CA used to function routinely through a slew of front organisations or cut-outs as they are called in the spook world. Channel 4’s on-camera expose shows Alexander Nix, the sacked CA boss boasting about this openly. These fronts do not have any traceable connection with the employer. So, asking CA to tell its secrets is dumb.

But that’s not all. No questions are directed towards the SCL, which has openly claimed that it has been working in several countries including Nepal, Pakistan, Afghanistan, Ghana, Somalia, South Sudan, Rwanda, Libya, Ukraine, Mexico, and regions like ‘Pan-Pacific’ or regional blocs like NATO, besides the US. More importantly, SCL lists an office right here in India – in Ghaziabad, in the suburbs of New Delhi. This office belongs to none other than Ovleno Business Intelligence Ltd. (OBIL), owned by Amrish Tyagi, son of BJP ally JD (U)’s leader K.C.Tyagi.

The Indian govt. would have got to know much more about CA’s secretive dealings by actively investigating entities like OBIL who are right here under their nose. They could have perhaps gained a lot of information about how CA/SCL operates and perhaps even their network of cut-outs and fronts. But in its wisdom, the IT ministry has avoided this most obvious route, thus obfuscating the whole thing.

At the other end too – SCL at the top – the ministry has no questions to ask. SCL was founded in 1993 by adman Nigel Oakes. It operates through 18 companies in UK and another 12 in the US, according to media investigations . It also has 17 international offices, including the one in India mentioned above. CA is an offshoot of SCL, emerging in 2013 from its previous avatar as SCL Elections.

Apart from Ted Cruz and Donald Trump, SCL has gathered data on Maoists in Nepal, surveyed local attitudes in Afghanistan, helped win a controversial election in Kenya, assessed effects of US policy on drugs in Mexico, and so on. This clearly shows that SCL and CA are working in close coordination.

SCL/CA has close connections with both the US and UK’s defense and security establishment. It has received contracts worth millions of dollars from not only US State Dept. and the British Ministry of Defense, but also from NATO and Sandia (linked to the US nuclear establishment). SCL is managed by a group of Conservatives and neo-liberal hawks.

If India has any suspicion of social media data misuse, SCL is the most obvious and natural choice for investigation. The absence of any such move itself creates doubts about the seriousness of the Indian govt.’s efforts.

In addition, why not ask Facebook itself? The IT ministry has been super active in interacting with Facebook for acquiring data from user accounts for itself or preserving data from accounts. According to Facebook, the Indian govt. made 9853 requests for data from Facebook in the first half of 2017. Yet, when it comes to asking Facebook whether Indian users data has been accessed either by SCL/CA or any other entity, the Indian govt. is acting coy.

All this leaves one with the impression that Indian IT ministry’s queries to CA, flowing from its “deep concern” about misuse of data about individuals and its worry about attempts to influence elections is just empty rhetoric.

Courtesy: Newsclick.in

The post India Questions Cambridge Analytica, Forgets About Parent Company SCL appeared first on SabrangIndia.

Demonstration against PRISM in Berlin, organized by the Pirate Party, during United States president Barack Obama’s visit. Mike Herbst/Wikimedia Commons. Some rights reserved.

For some years now, we have been witnessing the emergence of relational, cross-over, participative power. This is the territory that gives technopolitics its meaning and prominence, the basis on which a new vision of democracy – more open, more direct, more interactive – is being developed and embraced. It is a framework that overcomes the closed architecture on which the praxis of governance (closed, hierarchical, one-way) have been cemented in almost all areas. The series The ecosystem of open democracy explores the different aspects of this ongoing transformation.

Freedom of expression is one of the pillars of modern democracy, and the right to the privacy of our communications is a part of it. During the last century it was said that, in some dictatorships, they opened letters with steam – so that the peeping could go unnoticed -, they read the contents – to detect divergent thinking -, they closed the envelopes again, and let the letters reach their addressees – to avoid suspicions.

Today, when we send a message from the simulated intimacy our electronic devices give us, it is traced by a complex communication intercepting system. The root cause of the problem is this: the internet is a network designed for sharing information which, at the time it was created, was not intended for its current use – nor was the problem of privacy taken into account.

The problem is bigger than we can possibly measure. Whenever we connect to a website that does not have https – when a little padlock appears in our url – all the interactions we make are clear. This means that anyone who is viewing our connection – which goes through several intermediate servers – can read everything we write – passwords, emails, attachments – in addition to the url we are visiting.

When we talk about virtual communications, e-mail and messaging apps, the issue becomes even more complex. Gmail and Hotmail, the two most common providers, know all the content of all the emails we store with them. WhatsApp has been encrypted since April 2016 – but messages only. Telegram uses other encryption versions, and traditional SMS are not encrypted. In short: it is very easy to spy on us.

Massive spying
The internet design has always been the problem, but not even the most paranoid hacker in the world would have imagined the terrifying picture Snowden introduced us to in June 2013. The Five Eyes Alliance – the US, Australia, New Zealand, Canada, and the UK – spies on all internet users on a consistent, systematic and cumulative basis. Not a minor detail is the fact that the US invented the internet in the first place, and that it is the country that controls it the most.

Yahoo gave the National Security Agency (NSA), the US agency dedicated to digital espionage, full access to all its users’ emails. Google responded to the NSA’s requests but did not give them full access, and since the NSA deemed it insufficient, it chose to illegally enter Google’s servers and check the information anyway. No Internet company is free from these pressures.

Your electronic devices spy on you. It is not only Wikileaks that says so, but a US court: your SmartTV spies on you without asking for your consent. It not only records everything you are watching, but even when it is not on it can record and share your private conversations. The same thing happens when we activate our cell phone’s voice control: it listens to us.

All these data are being processed with the aim of spying on us massively. In this process, metadata are crucially important. Metadata are the data which describe the data: date of creation, modifications, size, format, GPS coordinates, among others. It is on the basis of this information that behaviours can be determined which the agencies analyze so as to gauge the degree of surveillance they need to apply to us.

Ads on the internet work in a similar way: how many times, after seeing a particular product on some web, does not this product chase us through ads on the other websites we visit? This is only advertising; just imagine what spy agencies can do. Think about what might happen if, by any chance, you have the misfortune to coincide twice in the same site as a person who is under government surveillance.

Programs to infect
Digital espionage is not only massive, it is also customized. The Five Eyes Alliance has been spying on government leaders like Angela Merkel, internet tycoons like Kim Dotcom, and has become so pervasive that even Donald Trump dares to be frivolous about it.

You can spy on a device in many different ways and to different effects: capturing everything written, sending all the actions you perform while browsing, accessing all your WhatsApp messages, using the webcam and the microphone unnoticed – among many others. The problem is so real that even Mark Zuckerberg and James Comey – director of Facebook and the FBI respectively – taped their laptop webcam as an anti-espionage measure.

There are companies like Hacking Team that sell spyware and their main clients are governments. Their exploits – i.e. programs for taking control over a computer – can be attached to a Word file and take control of your Mac or PC unnoticed, when the file is opened. Among Hacking Team’s top customers: the governments of Mexico, Italy, Morocco, Saudi Arabia and Chile.

But you do not have to be a government: a simple internet search can offer you some very advanced program licenses at a small cost – about 50 USD dollars. The slogan of one of the most popular of these programs is: “If you are in a committed relationship, have children, or manage employees, you have the right to know! Discover the truth, spy on their cell phone.

The importance of privacy
“Arguing that you do not care about the right to privacy because you have nothing to hide is like saying you do not care about freedom of speech because you have nothing to say”, Edward Snowden famously said in a debate on Reddit in 2015. There is nothing better than putting oneself in his position as a whistleblower to understand what is to be done.

Due the complexity of modern society, it is very often individuals with no media connections who get to know about some malpractice, a case of corruption, or a violation of human rights. Probably, their access to this information comes from knowledge picked up at their workplace, or at an organization they belong to, or the place where they live. If they publicly denounce this situation, it is quite likely that their way of life will be severely affected. In many cases, even if they denounce the fact anonymously, the accused may deduce the source.
Every society needs its citizens to denounce acts which harm and corrupt the community. But it must protect those who, through an act of courage, put themselves at risk by denouncing corruption, malpractices, or violations of human rights. This protection must be offered by both civil society and the state – through specific legislation protecting and encouraging whistleblowing.

In most Latin American countries there is no protection available for whistleblowers, nor is there an agency that protects officials who report malpractices within the public sector. This being so, and while we keep on waiting for protection mechanisms to be set up, civil society must propose measures so that people can report anonymously and safely. This can only be achieved with encryption.

If you do not have the key, it is not safe
In the physical space, when we want to keep something safe, we put it under lock and key. No one would ever think that a keyless door is safe. In the digital world you have to ask the same question: who has the key?

The first service to doubt is WhatsApp. They tell us they encrypt everything, but we do not have the key. We do not even have to put a password to generate it: from our number, the messaging service itself generates a key – which, of course, it controls. Messages are encrypted, but whenever WhatsApp (or its owner, Facebook) wants to, it can read them. The same happens with any other service that we do not have a password for.

The most common system for encrypting communications is PGP, which literally means “Pretty Good Privacy”. It works with a public key system, which you share with everyone else, and a private key, which you are the only one to have. When someone wants to send you a message, they cipher it with your public key and you are the only one who can decipher it with your private key. The equivalent in the physical world would be to distribute open padlocks which, once closed, you are the only one who can open them.

Encrypting is the only way to keep communications and files private. If you have to send a message that you do not want to be tracked, forget about messaging and use PGP mail. Even better: use your own servers or non-intrusive services like riseup.net. For more information on this, check Tactical Tech’s Security in a Box manuals.
Arguing that you do not care about the right to privacy because you have nothing to hide is like saying you do not care about freedom of speech because you have nothing to say.

The future of communications
There is currently considerable tension between encryption and national security, and the national security theses have the upper hand. In 2014, the most heavily used and robust encryption program was discontinued for no apparent reason. In 2015, a judge in Spain considered the use of Riseup and encryption in private communications an aggravated circumstance. In 2016, the FBI admitted that it could break the iPhone encryption, and refused to share its finding with Apple.

These are just three examples, and we could go dig much deeper, but in the end we have to accept reality: our communications are becoming increasingly insecure. It is a global problem, which the non-politicized citizen has, and so does any activist, journalist, businessman, policeman or whistleblower. We are all on the same boat.

In order to change this trend and allow for safer communications, our governments should start promoting and distributing free software tools. This is the path that cities like Munich have begun to follow which, in the long run, will help them to break free from the big multinational corporations and  become self-sufficient in information technology and information management in a democratic context. Just think about this: in order to govern your country, all your MPs are using software that is owned and controlled by US companies – and yes, you can be sure that they are listening to them too.

Eduard Martín-Borregón is a data journalist who specializes in digital security. He is currently Coordinator of Technologies for Transparency at PODER, an organization that co-founded Méxicoleaks and Perúleaks, and promotes the creation of new anonymous and safe whistleblowing platforms in the region.

Courtesy: https://www.opendemocracy.net
 

The post They are spying on us and we know it appeared first on SabrangIndia.

A nine-judge bench of Supreme Court recently passed a judgement which said that Right to Privacy is a fundamental right. Anand Grover, who argued the case, talks about the implications of the judgement. He also talks about the implications it holds on issues like Aadhaar Section 377 etc.

Courtesy: Indian Cultural Forum

The post “The Supreme Court’s Ruling on Right to Privacy is Momentous and Historic” appeared first on SabrangIndia.

Notwithstanding the court's orders, the government is trying to make Aadhaar mandatory; The Bill also shadily preempts the Court's pending decision on whether privacy is a fundamental right. Jaitley appears to think that a matter sub-judice with a constitutional bench can be bypassed with the help of a money bill

 
http://newsclick.in/india/aadhaar-bill-unconstitutional-legislation

It is often said that “privacy is not something that people feel, except in its absence”. Arun Jaitley realised it the hard way in 2013 when his telephone records where illegally obtained by the government. In an article titled “My Call Detail Records and A Citizen’s Right to Privacy”, Jaitley wrote: “Every citizen in India has a right to privacy. His right to privacy is an inherent aspect of his personal liberty. Interference in the right to privacy is an interference in his personal liberty by a process which is not fair, just or reasonable.

Every person has 'a right to be left alone'. In a liberal society there is no place for those who peep into the private affairs of individuals. No one has a right to know who another communicates with him…We are now entering the era of the Aadhaar number. The Government has recently made the existence of the Aadhaar number as a condition precedent for undertaking several activities; from registering marriages to execution of property documents. Will those who encroach upon the affairs of others be able to get access to bank accounts and other important details by breaking into the system? If this ever becomes possible the consequences would be far messier.”
 
The same Jaitley has now turned turtle; he has, through a extraordinarily dubious procedure, passed The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 in the Loksabha as a money bill. Among all the points that Jaitley raised in 2013, not one stands addressed in this Bill. In addition, a number of other questions arise from the parliamentary procedure adopted by the government.

First, the Aadhaar Bill is not a money bill. It has been fraudulently introduced as a money bill in the Loksabha to ensure that the Rajyasabha, where the BJP does not enjoy a majority, does not send it to a multi-party Standing Committee for closer examination. The Aadhaar Bill could have been considered a money bill if it had dealt only with the flow of money in and out of the Consolidated Fund of India (CFI). However, the Bill deals with much more. Implementation of Aadhaar raises strong possibilities of infringement of the fundamental rights of citizens, such as privacy. When fundamental rights of citizens may potentially be violated by a legislation, parliamentary procedures can not be reduced to farce.

The reasons why the Aadhaar Bill cannot be considered a money bill have been laid out brilliantly by P. D. T. Achary, a former Secretary General of the Loksabha. According to him:
“The bill does not deal with imposition, abolition, alteration, etc, of tax; nor does it deal with the regulation of borrowing or giving a guarantee by the government or an amendment in respect of any financial obligation to be undertaken by the government. This bill also does not deal with the custody of the CFI, etc. The moneys paid into or withdrawn from such funds are incidental. The bill is not an appropriation bill that appropriates money from the CFI. It does not deal with declaring any expenditure as a charge on that fund. Further, it does not deal with the receipt of money on account of the CFI or the public account, or the custody or issue of such money, or the audit of the accounts of the Union or states. It may also be noted that a bill becomes a money bill when it contains only provisions dealing with any of the above matters. If a bill contains any other matters, it is not a money bill.”

Secondly, the question of whether privacy is a fundamental right is currently under the consideration of a constitutional bench of the Supreme Court. Further, according to the court, Aadhaar is not mandatory and no citizen should lose his rights/benefits for not possessing Aadhaar. The Bill, however, rejects the Court's position on whether Aadhaar is mandatory. As Jaitley mentioned in the Loksabha: “It is an entitlement…I can't bar other authorities. For instance, if the RBI wanted to have under its act a provision that for a bank account you need a card; or, for admission to a government college you need a card, for identity; or to establish some other proof, you need a card…the Act doesn't debar that…”

In other words, notwithstanding the court's orders, the government is trying to make Aadhaar mandatory. The Bill also shadily preempts the Court's pending decision on whether privacy is a fundamental right. Jaitley appears to think that a matter sub-judice with a constitutional bench can be bypassed with the help of a money bill. This is nothing but utter disregard for the Supreme Court. What if the bench decides that privacy is a fundamental right and Aadhaar is not mandatory? Jaitley's government, then, would have reduced the Parliament into a joke.

Jaitley's assertion that privacy protection is embedded in Chapter VI of the Bill is laughable. The fallacy in Jaitley's argument is that clauses on “secrecy” in the Bill deal largely with biometric data collected and stored by the Central Identities Data Repository (CIDR). The potential of Aadhaar to violate privacy is not limited to data stored in the CIDR, but is a systemic concern. With Aadhaar becoming pervasive, multiple agencies – private and public – would begin to demand biometric information of individuals for collection, use and storage. While these agencies may partly use it for authentication with the CIDR, it would always be possible for them to also retain the information. We run a real risk, here, of biometric information attached to Aadhaar numbers becoming a commodity freely available for purchase. Biometric information left behind by the individual is only part of the cause for worry; what is also equally confidential is the information that an act of authentication was undertaken at a particular point in time by a particular individual with a particular agency. In other words, every individual, during authentication, leaves behind a biometric trail.
Jaitley's heroic assertion while replying to the debate on the bill in Loksabha was this: “Private agencies at times take a thumb impressions etc…even those have been protected as secret information under this Act. So, if you are private agency, which takes it, it can't be leaked out…”

However, a close reading of the Aadhaar Bill shows that it does not address this concern with any seriousness except as a vague reference. In an era where biometric information of individuals is likely to be dispersed over a large number of places and agencies, only a separate and broad-ranging privacy law is the solution.

Why is the secrecy of biometric information so important? Because biometric security is no ordinary password/PIN security. When we lose a password, or when a password is stolen, we can change it into a new one. But biometric information can not be changed. Once it is stolen, there may be multiple spheres where security and privacy may be permanently compromised in a person's life. In 2014, hackers had shown that they could, in just two days, use an artificial fingerprint (made with wood glue and sprayable graphene) to unlock the Touch ID sensor of Apple's newly released iPhone 6. Jan Krissler, the hacker widely known as Starbug and who had performed a similar hack on the biometric security system of iPhone 5S in 2013, pulled another in 2014 on none other than the German Defence Minister Ursula von der Leyen. He used a high resolution photograph of the minister's finger from a press conference to reverse-engineer her fingerprint. According to Krissler, “I consider my password safer than my fingerprint… My password is in my head, and if I am careful when typing, I remain the only one who knows it.”

The Aadhaar Bill also has a dangerous wording of the phrase “biometric information” in Chapter I. It is defined as: “photograph, fingerprint, iris scan, or other such biological attributes of an inividual …”. We are aware that only a photograph, 10 fingerprints and two iris scans were collected during Aadhaar enrollment. What are these “other such biological attributes”, when no such attribute was actually collected? Is this a reference to the proposed and hugely controversial Human DNA Profiling Bill of 2015? Will the government now begin to collect and store DNA samples of citizens and then argue that the Aadhaar Bill provides it with legislative sanction? No clarifications have been provided. Jaitley, in his urge to curtail democratic discussion, has probably pushed in a draconian law.

Jaitley's positioning of the Bill as pro-poor and welfare-oriented is nothing but a clever ploy to mask the real intentions behind the Bill. I have argued elsewhere, from 2009 itself, that the real intention behind pushing the Aadhaar project is not to improve welfare or reduce poverty, but to effect a neo-liberal transformation of the state's role in the social sector. Such an objective has two elements, both of which are constitutive of neo-liberal policy in India. The first is a shift from universalism to targeting. Aadhaar is not intended to expand social service provisions.

Its aim is to keep benefits restricted to “targeted” sections, ensure targeting with technological precision, and thus limit the government's fiscal commitments. Jaitley was frank enough to admit this point during his reply address in the Loksabha. The second is a shift from direct provision to indirect provision of services. Here, existing institutions of direct intervention are dismantled, and replaced by new institutions of indirect provision intermediated by the market. Aadhaar, as claimed, is not a tool of empowerment; it is actually an alibi for the state to leave the citizen unmarked in the market for social services. Here, Narendra Modi's JAM (Jandhan-Aadhaar-Mobile) trinity is nothing but a rehashed version of the UPA government's failed Direct Benefit Transfer (DBT) scheme (for more, see “Mirage of Inclusion”, Frontline, October 3, 2014).

It is interesting to remember that Modi too, like Jaitley, was opposed to the Aadhaar project. At the BJP's rally in Tiruchirappalli in September 2013, Modi had stated:
“Congressmen are dancing as if [Aadhaar] was a herb for all cures. With the Supreme Court pulling up the Centre, people are now seeking answers from the Prime Minister who should disclose how much money had been spent…Prime Minister Manmohan Singh should answer how much money has been spent on it, where did all the funds go and who had benefited from it”.
Why has Modi jumped into the Aadhaar bandwagon now after claiming that it was no “herb for all cures”? Why has his government suddenly lost respect for the Supreme Court's “pulling up”? In my view, the answer is simple. After coming to power, Modi has realised the utility of Aadhaar as an instrument to further entrench a neo-liberal social policy. No wonder the UPA and the NDA are called the “neo-liberal twins”!

(The author is Professor at the Tata Institute of Social Sciences, Mumbai.)
 

The post Aadhaar Bill skirts crucial issue of Privacy as a Fundamental Right appeared first on SabrangIndia.

The complaint relates to the current controversy afoot over the past three days relating to the World Culture Festival where Sri Sri Ravi Shankar who runs the Art of Living Foundation receiving a Rs. 2.5 cr as a government grant, using Indian army for the construction of a bridge, and chopping off trees.
 
These arbitrary actions favouring a man close to the powers that be has upset many on social media and users on Facebook who are sharply critical of these actions on the part of Sri Sri Ravi Shankar and his team. These criticisms included criticisms of the Modi government for this abuse and misuse of taxpayers money. One of the critiques is Roshan Shah.
 
Roshan Shah says in his letter, “My timeline for last two days was flooded with environmentalist and nationalists' posts who were very critical on Facebook of this World Culture Festival and how Sri Sri was ….. rather than a saint. And, all of a sudden this morning I saw no posts. Even my posts on same subject with Sri Sri and Ravi Shankar keywords did not show up.”
 
Shah continues, “It seems that Facebook has now another revenue model of 'Content Filtering'; deciding filters on what not to allow to publish or what to promote.”  Facebook, while indiscriminately pushing their sponsored content, “has no right to filter my content or my friends or user generated content on timelines,” says Shah.  This is a dangerous model and requires immediate investigation and a written response from Facebook, he added.
 
“Why, (and how) did, all of a sudden, the Art of Living Foundation and negative posts on Sri Sri who gets things free (including a Rs. 2.5 cr grant) get filtered? Even the National Green Tribunal (NGT) has slapped a Rs. 5 crore fine on the Art of Living Foundation. Is Facebook trying to help such criminals by filtering negative content which amounts to abetting a crime?"
 
The letter/communication and complaint has also been addressed to 1) Facebook India Online Services Private Limited; 2) Vikram Ravindra Mamadipudi, Director; 3) David William Kling and 4) Jaspal Singh Athwal
 
Text of the Letter
 
Dear Sir(s),
 
Facebook India Online Services Private Limited has as CIN U72900TG2010FTC068332 with the registered address at Unit Nos. 1203 and 1204, Level 12, Building No.20, Raheja Mindspace, Cyberabad, Madhapur, Hitech City, Hyderabad – 500081, Telangana, INDIA.
 
It is submitted that 2), 3) and 4) are directors of Facebook India Online Services Private Limited and are responsible for day to day operations of operations of Facebook.com in India.
 
It is submitted that Facebook is operating as an Online Social Networking site with primarily user generated content.  It is  further submitted that Facebook users make online friends on Facebook and share content on their own or their friends
Timeline freely which ideally comes up and should come up in one or more ways:

a)  other friends timeline;
b) friends of friends timeline and
c)  general public timeline and d) followers and general public for public posts. 
 
People who follow their friends on Facebook ought to see the content of the Timeline of their friends whom they follow first on priority over other general content which is not from friends excluding certain sponsored content. 
 
It is submitted that Facebook tried to control social media content via unsuccessful attempt promoting Free Basics where TRAI ruled in favour of Net Neutrality and Facebook thereby got a jolt on its Free Basics agenda, Now, to circumvent that agenda, Facebook has found a new illegal way of content filtering and making money by blocking content on timeline.
 
See the https://www.youtube.com/watch?v=IAXps-aJmic that I took an hour ago.  

For the past three days we have been witness to the World Culture Festival where Sri Sri Ravi Shankar who runs Art of Living Foundation(ALF) getting a Rs. 2.5 cr Central Government grant; the ALF has used Indian army for bridge construction and has chopped off trees and this has ticked off social media users on Facebook who  were slamming this consistently for the last two days, critical of this act of Ravi Shankar and his team with every alternate post on Facebook slamming these acts of Sri Sri and also alleging collusion with the government to abuse taxpayers money. 
 
My timeline for the last two days was flooded with environmentalist and nationalists posts who were very critical on Facebook of this World Culture festival and how Sri Sri was more of …. rather than a saint and all of a sudden this morning I saw no posts. Even my posts on same subject with Sri Sri and Ravi Shankar keywords did not show up.
 
It seems that FACEBOOK has now another revenue model of "CONTENT FILTERING"; deciding filters on what not to allow to publish or what to promote.  FACEBOOK while can push their sponsored content, they have no right to filter my content or my friends or user generated content on timelines. 
 
This is a dangerous model and requires immediate investigation and a written response from Facebook. Why, do all of a sudden, the  Art of Living Foundation and negative posts on Sri Sri who gets things FREE FREE (including Rs. 2.5 cr grant) get filtered? Even NGT has slapped Rs. 5 cr fine on Art of Living Foundation and Facebook trying to help such criminals by filtering negative content is abetting crime.
 
Bill Gates last week wrote that it will take time for zero-carbon future so we should start now https://twitter.com/BillGates/status/706143986860347392, while here Art of Living Foundation is doing this World Culture show using Government grants, the Army, chopping off trees and polluting river and unfortunately FACEBOOK is filtering activism against it.  This is clear content filtering is violation of Freedom of Speech and FACEBOOK Directors and team should be prosecuted and penalised for this.  

 
This is dangerous as I expect my content to be shown to my friends and content followers and at the  same time it should show me the content of people I follow and Facebook has no business whatsoever to filter and control such content.  Facebook is for user generated and user owned and controlled content, it cannot direct or tinker with it. The whole concept of Social Media goes for a toss here
 
Kindly look at https://www.youtube.com/watch?v=IAXps-aJmic  and  respond to me in 7 days on how content filtering if any works in Facebook failing with legal action may be initiated against your company.

 
My FB URL is  : https://www.facebook.com/roshiley 
Roshan Shah
Ahmedabad
 
 

The post Facebook Violating Article 19, “Filtering” Content Critical of Sri Sri’s AOL: Activist appeared first on SabrangIndia.