a website dedicated to express views on topical legal issues, thereby generating a cross current of ideas on emerging matters
Sunday, September 25, 2016
Cybersecurity: Play the forward defence a weapon system has been severely compromised.
Amidst the rush to find solutions in technology for all of the world’s problems, we often find ourselves facing an avalanche of arguments on the lines of ‘let’s roll the technology and we can discuss policy, law impact on humanity later’; ‘let the next billion come online first’.
Given the strong potential for our country’s digital economy policies to have effects beyond its borders, here are points for best practices to help harness the full potential of internet openness:
1. Use of federated services that maximise participation and minimise centralisation.
2. Always use software that everybody can copy, modify and share. Use the community to train people.
3. Not talk about technical education using vendor names such as access-to-knowledge via a platform company and online education websites as they aren’t technical education but brand slaves.
4. Whether we like it or not, internet’s default is the US First Amendment and what we risk is moving to a world where speech is stifled and internet shutdowns become norms. There has to be in-built respect for free speech and expression and other crucial human rights without which we can only pretend to achieve the full potential of the net.
5. Transparency in trade negotiations that are increasingly covering access to – knowledge, data sharing, information flow in secrecy, creating multiple layers of regulations that lead to a different fragmentation. The opaqueness of such arrangements not only create uncertainty but take away voices of users.
6. Increased use of encryption for intelligent conversations around data security, shunning the belief that math will work differently for the good and the bad guys.
7. Data localisation demands by multiple jurisdictions emerge from tax complications because of the multi-national nature of platform companies.
8. Mandate net neutrality, equality and integrity with a complete prohibition on ways of creating winners and losers by telecom service providers in the guise of zero-rated platforms, sponsored data that increase the barriers of entry to market.
9. Encourage open-data practices in all government dealings including public contracting, company ownership, spending and corporate tax records, and inter alia other details.
10. Recognise that the intellectual property rights regime is not an end in itself, and its affect on access-to-knowledge and sharing-of-data has consequences rarely discussed in forums dealing with internet issues.
11. Strengthen regulatory landscape around competition in countries; toothless anti-trust regulations that fail to check most powerful companies and their alliances are one of the biggest threats to openness.
12. Abandon using the term ‘multi-stakeholderism’ while paying only lip-service to independent voices or risk being rejected by people all around the world as a result of internet-powered communications. They use these tools to bring revolutions and will no longer subscribe to empty rhetoric.
13. Ensure affordable and non-discriminatory internet. Inclusive participation means having diverse voices especially from all places and strata with effective remote and national level participation.
14. In the age when AI is becoming a reality, retrofit Isaac Asimov’s ‘Three Laws of Robotics’ to AI efforts.
A robot may not injure a human being or, through inaction, allow a human being to come to harm.
A robot must obey orders given by human beings except where such orders will conflict with first law.
A robot must protect its own existence as long as it does not conflict with the first or second law
The Supreme Court’s decision in March 24, 2015 to scrap Section 66A of the Information Technology Act, in the wake of a series of instances of the law being misused by the police and government, came as a relief to many. The decision has had a negative impact too, say police.
They say that the absence of a dedicated law to address issues of cyber bullying and abuse is posing a major challenge. With the cyber-crime wing in the Chennai city police commissioner’s office receiving an average of eight to 10 complaints on social media abuse per day, complaints are piling up by the day due to lack of dedicated legislation under which offenders could be booked.
“As we have limited powers, we advise the complainants to quit social media instead of taking legal action against the abuser,” said a police officer.
T K Sonia, who works with a television news channel, says she is constantly trolled by cyber bullies and stalked online. “Although I filed a complaint at the cyber-crime wing of the police, my complaint has been lying unaddressed for more than five months now,” Sonia said.
In some cases, police are booking offenders under IPC sections 507 (criminal intimidation by an anonymous communication) and 509 (word, gesture or act intended to insult the modesty of a woman). If a post contains any form of obscenity, police register a case under the sections 67 or 67-A of Information Technology Act, 2000 of IPC.
“We also book suspects under Section 4 of Prevention of Women Harassment Act 2002,” said a police officer in city police. “Many of the cases do not come under the purview of the sections we book them under. The courts in many instances have dismissed such cases citing them as ‘vague’, letting the accused free on bail,” he added.
The fact that many abusers and cyber bullies operate from foreign countries makes the job all the more difficult for the police. In regard to offensive posts on Facebook and Twitter, police write to admin heads of the social networking sites (based abroad), requesting them to remove posts.
Suspects in many instances rubbish allegations and come out with their own version of the case. For instance while T K Sonia had filed complaints against @Selvaarocky, @mayavi, @lorrykaran, @david alleging they had used offensive language against her in their posts, David in his defence said he has known Sonia for four years and has never posted any vulgar comments on her twitter account.
“While most men take comments posted in social media sportively, women become abusive while reacting to it. And when they lose the argument, they tend to play the victim and file complaints against the men. The fact is they equally abuse the men on the same forum, but no one talks about that,” David said.
The confusion of how to differentiate between appropriate and inappropriate makes things easy for offenders, who despite being complained about continue abusing women on social networking sites.
There have been cases where pictures of women have been morphed to produce nude images. “Many women left social media after being targeted by perverts who morphed profile picture of users into nude pictures and uploaded them on several websites,” said senior journalist Kavitha Muralidharan. A target was actress Madonna Sebastian.
“To put an end to this menace of trolling and misusing the internet, the central and the state governments should formulate a new bill to book abusers,” said Madras high court lawyer S Elambharathi.
“The Tamil Nadu government has been a pioneer in formulating many laws like anti-ragging law and another for cyber bullying should not be a problem,” he added.
The Australian newspaper published a report regarding a massive cybersecurity breach. It related to the specifications of the Scorpène-class submarine that India is buying from the French defence manufacturing company, DCNS. The leaked documents, going up to 4,457 pages, deal with sensitive operational and technical aspects of the Scorpène, such as its stealth capabilities, frequencies used to collect intelligence, technical specifications of its torpedo launch and combat systems, how deep it can dive and for how long, etc. This leak means that the effectiveness of the Scorpène as a weapon system has been severely compromised.
New Delhi is blaming DCNS for the security breach. But its denials must not be accepted at face value. The Indian government has, in the past, not levelled with its people on such hackings of their ‘secure’ computer systems. In March 2010, Union communications minister Sachin Pilot told reporters that government networks had been attacked by China, but “not one attempt has been successful”. This was despite the fact that for nearly a year prior to Pilot’s assertion, a US-Canadian team of cyber spy-hunters had been tracking the activities of a cyber-espionage network based in the Sichuan province of China. Its main target was India. Cyber spy-hunters, most from Toronto University, informed New Delhi of this theft. They were also able to re-pilfer some of these documents from computers of Sichuan-based cybercriminals. Later, in June 2010, these academics published their findings in a report, ‘Shadows in the Cloud’ (goo.gl/zPuySD). This report again reinforced that weak security at one group can result in the theft of confidential information from another organisation. This is why experts find it so hard to determine the original source of the cyberspying. In the context of the 2010 data theft, this means that either Sachin Pilot was deliberately making misleading statements, or that the Internet security software or firewall used by the Indian defence ministry was inadequate or out of date, or possibly both. Hence, Indian cybersecurity experts could not detect the breach. In the context of the Scorpène leakage, it means that both India and France will be able to blame each other for the data theft without providing conclusive proof. It is because of this fact that China, widely believed to be the most-prominent player in the field of cyberhacking, is able to strongly refute such accusations. India Lags Symantec, the manufacturer of the Norton antivirus and firewall software, ranked India in its 2015 Internet Security Threat Report second on a list of countries targeted the most by cybercriminals. The reason: inadequate Internet security. Last year, the Australian Strategic Policy Institute (ASPI) published a report, eCyber Maturity in the Asia.Pacific Region 2015f (goo.gl/H5g09r). The report attempts to assess the various facets of cyber capabilities of 20 countries: 19 countries in the Asia-Pacific region and the United States (used as a benchmark). In the ASPI report, India scores 4 out of 10 on each of the following four critical aspects of cybersecurity: ¡ Does it have an organisational structure for cyber matters, including policy, security, critical infrastructure protection? ¡Does it have a publicly accessible cybersecurity assistance service, say, computer emergency response teams? ¡Does it have a cybercrime centre? Does it enforce financial cybercrime laws? ¡ What is the militaryfs role in cyberspace, cyber-policy and cybersecurity? While China scored 8, 6, 5 and 8 respectively, for Japan and Singapore, the scores were 8, 10, 8, 7 and 9, 7, 7, 8. Indiafs overall weighted cyber-maturity ranking was 50, below that of Brunei (51), comparing poorly in weighted ranking with countries like Australia (79.9), New Zealand (72.8), Japan (85.1), China (64), Malaysia (68.3), Singapore (81.8) and South Korea (82.8). In fact, in data protection, China is light years ahead of India, as was evident by the fact that China launched the worldfs first quantum satellite early this month to build an eunhackablef system of encrypted digital communication. Poor Record India has a poor record in protecting its digital data. This is because Internet security is still seen by government and businesses as an expenditure and not investment in future prosperity. According to South Asian Association for Regional Cooperation, Internet security expenditure comprises 2-5% of India’s total IT budget. The same figure for developed countries is 8-10%. This means that India fails to attract the best people and innovation takes a backseat. India aspires to be a global power, a global force in computer software and hardware developments, a hub for advanced manufacturing systems. Sadly, these aspirations cannot be realised unless both the Indian government and India Inc. appreciate the significance of installing and maintaining an up-to-date and state-of-theart Internet security infrastructure..