January 8th, 2015
Observer Research Foundation, New Delhi
Author: Priya Alias
New Delhi, India–The Internet Rights team—Niki Shah and Priya Elika Alias—participated in the Security, Governments, and Data: Technology and Policy conference jointly-organized by Observer Research Foundation and the Centre for Internet & Society.
The conference focused on the technologies, policies, and practices around cyber security and surveillance. The conference was well attended by a number of key stakeholders including civil society, industry, government, and academia to explore the present scenario in India and reflect on ways forward.
Dr. Gulshan Rai’s keynote lecture addressed how current technological evolution was unforeseen during the early days of the internet. With the rise in the overall level of sophistication among average internet user, there is a rise in the number of cyber incidents. The first panel ‘Challenges and Present Scenario’ presented the Indian context of cyber security. Freedom of speech and privacy issues may sometimes overwhelm security concerns. In order to remedy this, there should be a single consistent policy for the nation. Defense forces should be involved in this as well.
Recommendation: The policy should be aided by a suitable government budget which is currently lacking.
Some of the current challenges around cyber security are complicated by the fact that India’s cyber infrastructure mostly rides on mobile right now. As networks move from voice-only to voice-data hybrids and beyond, security considerations will increase further. Additionally, a lot of individual privacy is voluntarily surrendered by people clicking ‘I Agree’.
License terms for networks in India usually include provisions for government monitoring of information. Users are the best keepers of their own safety and privacy, and the panelists stated that it was getting increasingly difficult to filter what might be sensitive or offensive information. Mobiles allow everyone to access information, without context, and since there is no universal definition of what constitutes ‘offensive content’, it would be unfair to put the onus on intermediary websites to filter said content.
Law and Policy
The second panel, titled ‘Law and Policy’, revolved around the idea of mass surveillance. A huge number of interception orders are issued every month—up to 8000 by the central government on its own—which potentially poses a problem. Government requests for data must go hand in hand with strong laws that act as a check on executive actions. Even if the government is free to collect and collate data, the least that can be done is to restrict who has access to that data. Furthermore, a distinction must be made between targeted surveillance and mass surveillance. Finally, the question of mass surveillance was raised – is it illegal by its very nature?
Architecture and Technology
The third panel of the evening dealt with ‘Architecture & Technology’. The main concern was whether, with our current security systems, we could predict and prevent the next attack. Although safety is paramount, it is also essential that the state practice transparency while securing its citizens. Other pertinent points raised dealt with upcoming developments and cyber innovation in India, and it was agreed that the national emphasis ought to be on skill and capacity building.
International and Domestic Markets
The final panel of the evening was ‘International and Domestic Markets’. During this panel, emphasis was laid on the fact that cyber attacks can be traced to particular devices. However, the challenge lay in the fact that it was almost impossible to determine the individuals using those devices. It was suggested that a legal form of biometric data collection (something not yet known in India) would be helpful in this regard.
At this point, Pukhraj Singh, Cyber-warfare Analyst raised the fact that the Internet was created as a means of warfare, contrary to the impressions of most liberal activists who treat it as a safe platform. Governments and companies play along in this ‘conspiracy of silence.’ Additionally, the fact that most security software comes from vendors with direct or indirect connections to national security agencies is problematic.