+91 94440 73849 [email protected]
Addressed a Press Meet on the Government’s action in blocking websites and curbing SMS

Addressed a Press Meet on the Government’s action in blocking websites and curbing SMS

pictureOn 28 Aug 2012, there was a Press Meet organized by Cyber Society of India to sensitize the Press on the wider ramifications of the action taken by the government by blocking many websites and curbing sms as a preventive measure in the aftermath of mass exodus of people to North East, from different parts of the country. On behalf of CySI, as an official spokesperson, I clarified to the Press along with the other CySI office-bearers present said that what the government to block the websites and curb sms and thus prevent major threat or loss of life is most welcome. But we have to look at the preventive measures. As an immediate measure, steps like verification and a 2 Factor Authentication of a mobile number and session generated PIN to activate the newly opened mail (like in Gmail) or even while creating a website can be followed. Monitoring, surveillance etc for sms with the usage of specific software search string based utilities may be explored. As long term measure, India going in for our own operating system, our own anti virus, firewall and other security related software like Unified Threat Management software including URL filtering, stateful inspection etc and even hardware manufacturing may be explored. Our indigenous O/s BOSS developed by C-DAC is not being effectively used, for want of support and patronage, marketing and popularity. Better and enhanced co-ordination among all information security related agencies and government departments may be ensured. Now these agencies and departments come under various Ministries exposing to lack of exchange of information security information. In a crisis situation, enhanced exchange of such intelligence information will be of great help. http://www.thehindu.com/sci-tech/internet/article3844006.ece

One journalist in his blog has questioned the expertise of CySI office-bearers to convene the Press Meet and address the media as experts, though the media gave extensive coverage to the Press release and all these suggestions, especially The Hindu, The Times of India, Deccan Chronicle and Dinamani in Tamil.

One or two sentences in the blog, especially the phrases like ‘self-styled cyber experts’ , “hiring PR agencies vying for a 15 seconds slot in national TV” are all grossly uncalled for and highly in bad taste. He has not mentioned by name. If CySI is a self styled cyber expert vying for 15 seconds in national TV channel, what is this reporter doing? He too by spitting venom wants the same few minutes attention by this article, right? In fact, I read the story twice. Frankly, I do not understand what exactly he was trying to convey. Other than the view that our idea of asking for id is not practical and cannot be used, there is nothing else I can make out.

Even to this counter, I would ask him this: I have seen “A Wednesday” the Naziruddin Shah film as well as its Tamil version by Kamal Hassan “Unnai pol Oruvan”. That is not about mobile number and id proof. (In fact that is about stuxnet or Fast flux — ie a variant of botnet — where your IP address keeps changing taking the bot’s IP on the fly making the system work like a zombie). That apart, if id proof can be faked and does not serve the purpose, even number plates in cars are faked and in many films the villains and sometimes heroes too drive the cars with fake number plates. Can I say, we do not need number plates, they don’t serve any purpose. Police officer’s uniform is faked and many con-men come dressed in police attire. Can we say police uniform does not serve the purpose?. I can make the list endless. If the reporter can quote “A Wednesday” I can pretty well quote the Prakash Raj film “Payanam” wherein a journo comes in the uniform of a police and takes a photo of the hijacked aircraft. Can we say for a moment that all reporters are criminals and cheat like that?

The other idea of national level body. The Note on Securing the Cyber Frontiers, submitted by DSCI – NASSCOM, dated 22 March 2012,may be seen, wherein the first of the ten recommendations, is on National Structure for Cyber Security…appointing a fully empowered head for cyber security at the highest level….

The NASSCOM-DSCI recommendation No,5 is on National Threat Intelligence Centre which should integrate all the existing information sources such as CERTs, intelligence bodies…..(In fact this is what we were precisely telling in the Press Meet)

Recom No7 is on building lawful interception capabilities. This is again what we stated I the Press Meet by describing it with ‘key word search’, interception of message etc.

The NASSCOM -DSCI publication is in the form of a 72-page book, and carries a diagrammatic (pictoral) representation of various ministries showing the agencies coming under them ie showing DIT, CERT,NIC, NISCG under ICT Ministry, CBI, NIA etc under Home, DIARA, DRDO under the Defence Minsitry and NTRO separately. In fact, this is what exactly we were telling in the Press Meet. Frankly, though nothing new in our suggestions to the government, there is nothing wrong or technically impractical either.

pictureAppeared in Sun News Channel on 10 July 2012 on the recent cyber attack in the Tamil Nadu Police Department website in which newspapers reported that police data have been stolen by “Anonymous”.

Senior police officials stated that only some data relating to the complaint detailed lodged with the police have been stolen/copied and no critical information. In the TV interview I explained the provisions of Information Technology Act 2000 and Information Technology Amendment Act 2008 which have stringent provisions on Hacking and other data related offences. I explained the need for the government to have more Information Security professionals in places and to take swift action and spread the message that the government was serious in data protection.

Hacking: Illegal but ethical??

picturePreface: This article discusses in brief the techno-legal issues in the activity called ‘hacking’, its treatment in the Information Technology Act 2000 (later amended by the I.T. Amendment Act 2008), the practice and the social acceptability of ethical hackers and the responsibility of information system security professionals.
Read more…

Press Appearances

pictureParticipated in the Panel Discussion in “Puthiya Thalaimurai TV” on 20 Nov on the issue of arrest of two girls in Mumbai for posting their message in FaceBook expressing displeasure on closure of shops in Mumbai, after the death of Bal Thackerey. It was a live programme from 9 PM to 10 PM with the other participants in the panel being Ms Salma, Social Activist and Poet and Writer and Shri Vijayashanker, from the Frontline Editorial Board.

RBI’s ill-conceived move

pictureRBI understandably, is seriously mulling over the idea of ‘disincentivisation’ of use of cheque books. In other words, use of cheques is going to be discouraged and instead use of electronic remittances and use of Internet Banking and other electronic remittances are to be encouraged. As the regulatory and Public Sector Monitoring agency dedicated to customer interest and investor protection, I fail to understand why RBI should embark upon this task of disincentivisation of cheque leaves. Even advanced (technologically and academically more literate) nations like UK once thought on these lines and later gave up the idea. Major banks nowadays fail to make public the amount of loss of the number of cases under disputed electronic remittances. SBI the major public sector bank of the nation, even escaped revealing such figures under the cover that SBI cards is a separate entity not coming under the public authority of SBI. Under these circumstances, this move of RBI is not in the common man’s interest. The time is not ripe in India to discourage the use of cheques or replace it.

Blocking of Websites and monitoring of SMS

pictureIt is time the government did something to enhance the level of information exchange and co-ordination among the various agencies that are involved in information security, cyber crime prevention, investigation and other related areas.  At the apex level at the Government of India, say the PM’s office or some such higher level, there must be a common repository of cyber crime related information, from which authentic data can be taken by all the stake holders say the state police department, Intelligence Wings of various state police, Crime Branch sleuths and others.  This may be monitored, controlled and checked for any possible misuse.

Quite often there is a big hue and cry that Sec 66A of the IT Act should be repealed.  There is a writ petition in the Madras High Court on this.  Some people are always of the opinion and vehemently too, that individual privacy, liberty and freedom of opinion and expression is supreme.  Let it not be mistaken that even the constitution-protected individual rights to life and liberty and expression is always with reasonable restrictions, as interpreted in many judgements.  Individual right of expression should never be above the national interest.  When the nation’s supremacy is questioned or the national sovereignty is sought to be impacted, there is no question of individual right of expression or freedom.  Under such circumstances, it is not the right but the duty of the powers that be to protect communal harmony even at the cost of curbing individual right to freedom.

Views on Blocking of websites and monitoring of SMS appeared in “The Hindu” 29 Aug 2012. Click for the news item

Blocking of pornographic websites

pictureIn response to a Public Interest Litigation filed in the Supreme Court of India, the Government recently submitted an affidavit wherein, as reported in the Press on 28 Aug 2014, the government has stated that ‘it is impossible to block the pornographic websites in the Internet and if one website is blocked, hundred sites come up’. It sounds as though, the problem cannot be solved. In fact, this problem has a techno-legal solution. Technologically it is possible like having a national level firewall, web-filters, content monitors etc (and in the long run going for an Indian operating systems for computers, our own anti virus, indigenous firewall and above all, our own servers to host) and legally it is feasible to have control over such websites and take speedier action in blocking that would serve as a deterrent to many more coming up. While it is true that the government cannot be expected to take care of all security initiatives like blocking pornographic websites etc , it cannot be digested that the government cannot wash its hands off, saying that there is no solution to the problem.

Without going into the wider ramifications of the issue and the technical feasibility and legal remedies available, let us look at the issue from a citizen’s perspective. From a social angle, it is the duty of Internet users especially the elders and parents to have watch on the websites their siblings visit, to ensure that the computer systems are kept in the open halls wherein the parents too can look at the monitors and have constant interaction with the children on their likes and dislikes in the Internet. Technologically, initiatives like child-lock URL filters, web-filters, PC fire-walls with content filtering etc can be put in place.