Monthly Archives: May 2013

UIDAI Launched New Aadhaar Enabled Services Despite All Illegalities

UIDAI Launched New Aadhaar Enabled Services Despite All IllegalitiesAs on date there is no legal framework governing Aadhaar project and the same has been challenged before various High courts in India. Further, till now there are no satisfactory resolutions of cyber security and data security issues of Aadhaar infrastructure. Despite many shortcomings, the Indian government is clinging to this troublesome project for political considerations.

Now UIDAI has launched three new Aadhaar-enabled services and announced the establishment of around 300 permanent enrolment centres (Aadhaar Kendras). This means that now both public and private user agencies can identify a beneficiary/customer using a fast and paperless format.

The services launched are authentication services that use iris, One Time Pin (OTP) and e-KYC (Electronic-Know Your Customer) technologies.

In the iris authentication method, the resident’s iris Image is submitted along with the Aadhar number to UIDAI’s Central Identities Data Repository (CIDR) for verification. In the OTP method the authentication is ensured for all residents who registered a mobile telephone at the time of enrolment or through subsequent lengthy and time consuming registration procedure. The e-KYC service will allow individuals to authorise service providers to receive an electronic copy of their proof of identity and address.

Only demographic information (name, address, date of birth, gender and mobile number) that is collected during Aadhaar enrolment shall be shared, at the request of, and/or with the consent of the Aadhaar user, but will be available only for few seconds to eliminate any misuse.

However, the newly launched mobile-based authentication services would benefit only around 40% of Indian residents having Aadhaar numbers. This is so because UIDAI has mobile numbers of only about 40% of the Aadhaar holders as it did not seek mobile numbers of enrollers in the first phase, during which over 200 million had got registered.

Mobile numbers cannot be updated easily as the entire service is based on one time password sent to a person’s mobile registered at the time of enrollment. One can send the mobile details with Aadhaar number to UIDAI’s offices or can visit his nearest Aadhaar enrollment centre. That is an option but the UIDAI cannot assure in how much time the records would be updated.

The other biometric registration based authentication will require service providers to buy finger print or iris recording machines.

Indian Cyberspace Is In The Process Of Metamorphism

Indian Cyberspace Is In The Process Of MetamorphismIndian cyberspace is passing through a state of transformation. Lots of developments are taking place in India that have a direct impact upon our lives and the way we live them. Some of the proposed actions of India government are so gross that they are going to violate the civil liberties in cyberspace.

The starting point of this transformation stage began with the amendments in the cyber law of India. Now we have a draconian cyber law of India that has been imposed upon us by our own government. The present cyber law of India has taken away many of our civil liberties and rights and only outlaws can have these rights in India as on date.

Similarly, big brother projects like Aadhar, central monitoring system, etc have further complicated the cyberspace of India. Although the Supreme Court of India has declared that a person can be arrested only after approval of a senior police office for posting any message upon social media websites yet this is at most a piecemeal effort. These piecemeal efforts would never free us from the draconian cyber law of India.

There are some very significant developments that have recently happened in India. The command and control servers of FinFisher were found in 36 countries and India is one such country. The infamous international ATM heist also has Indian connections and Indian Cert has also started an investigation in this regard. An Indian firm has also been accused of launching sophisticated cyber attacks though the firm has denied its involvement.

Meanwhile the cabinet committee on security has cleared the cyber security policy of India and it may be cleared very soon. India has also declared that all VoIP service providers must establish a server in India to operate. India has also expressed it desire to launch its own social media platforms as foreign social media websites are not cooperating with Indian law enforcement authorities.

Recently, the U.S. government refused to serve Indian summons on U.S. websites citing constitutional protections. However, such refusals are justified as all nations must maintain a balance between national security and law enforcement requirements.

This is a crucial phase for Indian cyberspace and it would only take that shape that we wish it to take. We have already made a big mistake by allowing the laws like Telegraph Act and IT Act 2000 to exist and it is high time to seek their repeals. It is also the high time to oppose every single rule and regulation that Indian government introduces from now onwards that can violate our civil liberties in cyberspace.

We Have Imposed The Draconian Cyber Law Of India Upon Us

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW CEO PTLBThe inaction on the part of our Indian Parliament to enact a Constitutionally Sound Cyber Law of India has forced Indian Supreme Court to rescue Civil Liberties of India in a “Piecemeal Manner”.  However, we must understand that this Piecemeal Approach would not serve any purpose and the ultimate recourse would be to repeal the Cyber Law of India.

Let have a brief account of the way Cyber Law has been shaped in India. The Cyber Law of India was enacted in the form of Information Technology Act, 2000. It was amended by the Information Technology Amendment Act, 2008 that incorporated E-Surveillance and Civil Liberties Violation Provisions.

The IT Act 2008 was passed without any Debate and Discussion in the Parliament. Both Congress and BJP Governments were “guilty” of imposing Unconstitutional and Illegal Provisions upon Indian Citizens.

Subsequently, the “Route of Drafting Unconstitutional Rules” was adopted and many Rules were framed by our Executive that was simply passed by the Parliament of India as a “Burdensome Formality” without any Discussion and Debate.

As always happened, Indians accepted these Rules and Amendments without any protest. Now they are facing the troubles that were protested against in the year 2009 itself when India became an E-Police State.

Subsequently, Indian Government rolled out Projects like Aadhaar, Central Monitoring System (CMS), National Intelligence Grid (NATGRID), etc without any “Legal Framework and Procedural Safeguards”.

We have reached a situation where it can be safely said that “When Rights Are Outlawed, Only Outlaws Will Have Rights”. In order to exercise your Civil Liberties you have to “break” the Cyber Law of India that is not only Illegal but also Unconstitutional.

Once we have accepted the Cyber Law of India, we have no right to criticise it. If at all we are interested in protecting our Civil Liberties, we have to challenge the “Entire Cyber Law” and insist upon formulation of a “Constitutionally Sound Cyber Law of India.

Is The Indian Government Really Interested In Making CBI Autonomous And Independent?

Is The Indian Government Really Interested In Making CBI Autonomous And IndependentThe present circumstances in which the central bureau of investigation (CBI) is operating are by and large a product of Political Fiasco and PMO’s Indifference. Indian government has been lethargic, rather indifferent, towards bringing transparency, accountability and parliamentary oversight of our law enforcement and intelligence agencies.

Crucial bills like Intelligence Services (Powers and Regulation) Bill, 2011 and Draft Central Bureau of Investigation Act, 2010 were not allowed to be passed in the Indian parliament by our Indian government.

It is not the case that only law enforcement and intelligence agencies are working without any parliamentary oversight. Even the projects like Aadhaar, central monitoring system (CMS), etc are operating without any transparency, accountability and parliamentary scrutiny. These projects need urgent PMO attention and scrutiny and their continued ignorance can be counter productive in the long term.

As far as CBI is concerned, the Supreme Court of India has given a deadline to Indian government to formulate a law for CBI. Reacting to this deadline, the Indian government has set up a Group of Ministers (GoM) to draft a law for CBI.

However, this may be another time gaining tactics of Indian government as has been done in the past. For instance, at least five parliamentary panels have submitted reports since 2008 in this regard, the last of these handing in a report on May 3, just six days before the Supreme Court showed its displeasure.

Pinaki Misra, the BJD MP who is part of one such committee however points out that the government could save time by seriously considering the exhaustive recommendations of multiple parliamentary committees that have already been through this exercise and submitted reports on how autonomy for the CBI can be secured.

The latest house panel report on autonomy for the CBI, authored by a committee that includes MPs from across parties like Shantaram Naik (Congress) and Ram Jethmalani (BJP) has identified financial dependence as a key stumbling block in the way of the CBI being autonomous. The panels have recommended a statutory position for the CBI, which would give it status equivalent to other autonomous bodies like the Election Commission and Comptroller and Auditor General.

However, despite multiple exercises on the same point and despite arriving at the same conclusion on numerous occasions, CBI is still operating through an executive order. It is high time to formulate a full fledged and dedicated law for CBI so that its functioning can be separated from executive wishes.

The Central Bureau Of Investigation Act, 2010: A Political Fiasco And PMO Indifference

India's PM Singh attends an EU-India Summit in BrusselsAn important aspect that Indian Government must learn is that India Must Reconcile Civil Liberties and National Security Requirements. Indian Government must also have the Courage and Political Will to provide Parliamentary Oversight of Law Enforcement and Intelligence Agencies of India.

Not very late a Private Bill titled Intelligence Services (Powers and Regulation) Bill, 2011 was introduced by Union Minister Manish Tiwari. That was a “Commendable Effort” on the part of Manish as he has done that no Political Party has dared to do.

Unfortunately, it was discarded by none other than the Indian Prime Minister Dr. Manmohan Singh who announced around 30th July 2011 that Law on Intelligence Agencies would be formulated soon. However, it proved nothing but a “Time Gaining Tactics” and so far Intelligence Agencies of India are not governed by any Legal Framework and Parliamentary Oversight.

The Intelligence Agencies are not alone that are without a Parliamentary Oversight. Our Law Enforcement Agencies in Delhi are also without Parliamentary Oversight. Take the examples of Delhi Police and the central Bureau of Investigation (CBI). The Delhi Police and CBI are practically not governed by Constitutionally Sound Laws.  The Draft Central Bureau of Investigation Act, 2010 has been kept in “Deep Freezer” by our Indian Government.

Now the Supreme Court of India has become aware of the “functioning methods” of CBI in the Coalgate Scam and it has shown its “Displeasure” the way CBI is handled by our ruling Government. The Court has also sought an explanation from the Indian Government as to the steps taken to “Insulate” and make CBI “Autonomous”.

The CBI was constituted through a “Resolution” and not a “Legal Framework”. The Ministry of Home Affairs, Government of India’s resolution No. 4/31/61-T dated 1.4.1963 established the CBI with a view to investigate “Serious Crimes” related to Defence of India, Corruption in High Places, Serious Fraud, Cheating and Embezzlement and Social Crime, particularly of Hoarding , Blackmarketing and Profiteering in Essential Commodities, having all-India and Inter-State Ramifications.

To give it a “Legal Authority”, it was decided to govern the CBI through the “Colonial and Outdated” Delhi Special Police Establishment (DSPE) Act, 1946. The DSPE Act itself is required to be “Repealed” but Indian Government cannot do so till a new law is passed in this regard.

According to the DSPE Act CBI requires consent of concerned State to investigate offences in its jurisdiction. However, this is a “Tricky Issue” as States have been “Objecting” to the Power exercised by Supreme Court and High Courts to order Investigation by CBI without their consent. Realising that this can no more be resolved through the “Antique DSPE Act”, the Parliamentary Committees have recommended replacement of DSPE Act by an independent CBI Act. As on date, there is lack of an independent unified Central Government Agency to undertake Prevention, Detection, Investigation and Prosecution of Offences related to subjects mentioned in the List I, i.e. the Union List of the Seventh Schedule of the Constitution.

The Draft Central Bureau of Investigation Act, 2010 was proposed as per the provisions of Article 246 of the Indian Constitution. The Objective of the proposed legislation was to formulate an Act to constitute the Central Bureau of Investigation in terms of the provisions of Article 246 of the Constitution of India, Entry No. 8 in the Union List of the 7th Schedule, to Prevent, Investigate and Prosecute Offences or Classes of Offences relatable to matters in the Union List throughout the territory of India and also to Investigate and Prosecute Offences or Classes of Offences relatable to matters in the Concurrent List of the 7th Schedule of the Constitution of India in the Union Territories.

The Act would also repeal the Delhi Special Police Establishment Act, 1946. However, till date nothing has happened in this regard. Now the Supreme Court of India has fixed a “Deadline” of July 10, 2013 for the Indian Government to point out the efforts it has taken to make CBI Transparent, Accountable and Non Partial.

I hope the PMO in general and our Prime Minister in particular would play a more “Pro Active Role” this time. The Indian Central Monitoring System Project needs PMO Intervention. Similarly, the PMO must also work in the direction of making our Law Enforcement and Intelligence Agencies Accountable to our Parliament and Judiciary. We have already wasted enough time and an “Immediate Action” on the part of PMO and Indian Parliament is desirable.

When Rights Are Outlawed, Only Outlaws Will Have Rights: Updated

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW CEO PTLBThis is the updated version of my previous Article. The background for this article originated in the year 2008 when the Indian Government proposed the Information technology Amendment Act, 2008 (IT Act 2008). From the very beginning it was an E-Surveillance Oriented Legislation that should not have been passed at the very fist instance.

However, riding on the popular support of our Industrial Bodies and in the absence of any fight from our Civil Liberty Activists, the IT Act 2008 was passed without any “Debate” in the Indian Parliament.

Our Politicians, who may be arch rivals for their own political ideologies, were “Unanimous” in passing the Unconstitutional IT Act, 2008 and that also without any “Discussion and Debate”. The IT Act 2008 became part of the present Cyber Law of India.

I have been maintaining that the Cyber Law of India should be Repealed as it carries many “Illegal and Unconstitutional” provisions and most of them pertain to E-Surveillance and Violation of Fundamental Rights. But I am alone in this fight against the Draconian Cyber Law of India and at best I am getting Piecemeal Efforts that are trying to bring some reasonableness in the Cyber Law of India.

Philip R. “Phil” Zimmermann Jr. (born February 12, 1954) is one of the greatest Civil Liberty Protectors in the Cyberspace. Zimmermann is the creator of Pretty Good Privacy (PGP), the most widely used Email Encryption Software in the world. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone. Now the Commercial Version of the same is also available in the form of Silent Circle.

In his rationale for creating PGP he tells that using PGP is good for preserving democracy. He believes that if privacy is outlawed, only outlaws will have privacy. This is so true not only in the context of America but also India. India is actively working in the direction of denying Civil Liberties Protection in Cyberspace.

India is passing through the worst era of Police State and E-Surveillance Society. Even worst is the reliance upon American models that have failed in America itself. But our Government is not discouraged by these failures and it would stop only on the failure of these models in India.

Some of the Illegal and Unconstitutional Projects that require immediate Scrapping are Aadhaar, Central Monitoring System, etc. Even the Department of Information Technology (DIT) and Department of Telecommunications (DOT) have joined this blind and ignorant race and are trying to ban Telecommunication Services like Blackberry and Skype and Internet services like Gmail.

These Departments are troubled by the strong and secure Encryption technology and other similar technologies that prevent Unlawful and Illegal E-Surveillance by the Government and its Agencies. Criminals and Terrorists are already using these, and much better options, and these ignorant actions would only trouble and violate the Civil Liberties of Law Abiding Citizens alone.

All the limits in this regard were crossed when the Information Technology Amendment Act 2008 (IT Act 2008) was made an enforceable law in India. The IT Act 2008 provides Unregulated, Unconstitutional and Illegal E-Surveillance, Internet Censorship and Website Blocking Powers in the hands of Indian Government and its Agencies. There is no mechanism at all that can prevent the abuses of these powers and there is no accountability as well.

A time has come in India when Human Rights in Cyberspace are clearly outlawed and only outlaws (as per the norms and standards of Indian government) would have these Human Rights. This is the main reason why I dedicated a resource titled Human Rights Protection in Cyberspace (HRPIC) (and now CLPIC) to those law abiding Citizens who cherish and wish to protect their Civil Liberties in Cyberspace.

We must strongly protect our Civil Liberties as the Big Brother is Listening in India. In fact, the Big Brother has Exceeded its Limits beyond Constitutional Limits. The “Blanket Implementation” of the central Monitoring System (CMS) Project of India is violation of Civil Liberties in Cyberspace. The CMS Project would be “Illegal and Unconstitutional” if implemented in its “Current Form”.

With further Illegal and Unconstitutional Projects like CCTNS, NATGRID, UID Project/Aadhar Project, etc things are only going to be worst in India. The only option remains is to use Self Defence against the Persons, Institutions and Agencies that are engaging in Illegal and Unconstitutional E-Surveillance and Civil Liberty Violations.

Why Indian Central Monitoring System Is Dangerous And How It works?

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW CEO PTLBMuch has been discussed about the Central Monitoring System of India. For those who are still wondering what it is all about, the central Monitoring System (CMS) of India is a Big Brother Project of Indian Government without any Legal Framework, Procedural Safeguards and Parliamentary Oversight.

In short, beware as the big Brother is Listening. However, the Big Brother is not only listening but the Big Brother has Exceeded its Limits as well. The “Blanket Implementation” of the central Monitoring System (CMS) Project of India is violation of Civil Liberties in Cyberspace. The CMS Project would be “Illegal and Unconstitutional” if implemented in its “Current Form”.

But the crucial question is how would the CMS Project achieve its task of E-Surveillance in India? The CMS project could eavesdrop on all incoming, outgoing and ISD calls, text, messages, etc and the same can be monitored “At Will and at All Times”.

This would be achieved by passing all forms of Digital Communications through the Centralised System. Consider it to be “Refined Form of Men in the Middle (MITM) Attack” that is capable of knowing everything leaving your Mobile or Computer.

As you have to connect “Through the ISP” for gaining Internet access, you are passing through the MITM System of Indian Government that has been Illegally and Unconstitutionally Established.

ISPs would have no option in this regard as their Telecom Infrastructure would be passing through the CMS System and there would be no need to take their assistance every time the Indian Government wishes to do E-Surveillance or Eavesdropping.

In India there is no requirement to obtain a Court Warrant to engage in E-Surveillance and Eavesdropping. Even the lawful Interception Law in India is also missing. Both the Indian Telegraph Act, 1885 and Indian Information technology Act, 2000 carries many “Unconstitutional Provisions” and “Both Deserve to be Repealed”.

In short, the CMS System is an Illegal and Unconstitutional MITM System that does not require any Court Warrant or Permission to engage in E-Surveillance. CMS Project is another Unconstitutional Project like Aadhaar that has been imposed upon Indian Citizens. The Aadhaar Project has already been questioned in many Indian Courts and CMS Project would be next in line.

India is not only using the FinFisher Malware but the command and Control Servers of FinFisher are also Established in India. Spyware and Malware can be implanted upon the “Targeted Machines” with great ease and with the CMS in place this would be a child’s play. Wake up and fight for your Civil Liberties because if Rights Are Outlawed, Only Outlaws Will Have Rights in India.

Central Monitoring System (CMS) Of India

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW CEO PTLBCivil liberties protection in cyberspace is an aspect that is loathed by governments around the world. Governments of various nations are trying every possible method to increase e-surveillance to defeat technological mechanisms that are used to preserve and protect civil liberties in cyberspace.

The use of FinFisher is just a small step in this wrong direction. Similarly, the efforts on the part of countries like Japan to block Tor are just another reflection of this e-surveillance attitude. All these efforts are going to increase in future and we need to ensure civil liberties protection in cyberspace.

In the Indian context, there is a gross violation of civil liberties in cyberspace. Illegal and unconstitutional projects like Aadhaar, central monitoring system, etc have been launched by Indian government without any legal framework and in active violation of civil liberties in India. The civil liberties and national security requirements must be reconciled by India and giving too much importance to e-surveillance is a bad policy decision.

Some public spirited initiatives have been launched in this regard in India. For instance, the efforts named StopICMS, Know ICMS, etc are trying to spread awareness about civil liberties protection in Indian cyberspace. However, the Indian central monitoring system project needs PMO intervention so that its illegality and unconstitutionality can be judged at the highest level. Further, by this scrutiny even the PMO cannot subsequently take a stand that it was not aware of the illegal projects like Aadhaar and CMS as is happening mostly these days.

Indian government is also adopting double standards while dealing with privacy rights and data protection. The standing committee on home affairs has recommended safeguards for phone tapping of politicians. There was no mention about rights of common man and the need to formulate a constitutionally sound lawful interception law in India.

There are open and blatant unconstitutional and illegal biometrics collection practices in India. Some areas that require special attention of PMO in general and Indian Parliament in particular are human rights protection in cyberspace, e-surveillance in India, cell site location based e-surveillance, cell site data location laws in India, lawful interception laws in India, etc.

We need to formulate dedicated laws like privacy laws, data protection laws, data security laws and cyber security laws in India. Further, the cyber law of India must be repealed as it carries many unconstitutional provisions.

However, what if Indian government and parliament fails to perform its constitutional duties and Indian judiciary fails to take note of these anti constitutional activities happening in India? You can safely exercise self defense in Indian cyberspace as human rights protection in cyberspace is our birth right. When rights are outlawed only outlaws would have the rights and this is exactly what is going to happen in India when projects like Aadhaar and CMS are actually implemented in a full fledged manner.

I am really grateful for the makers of Tor software, PGPfone, GnuPG, Hushmail, Enigmail, etc. The Silent Circle is a good commercial alternative for the abovementioned encryption facilitating products.

It is only a matter of time when the masses of India would start using self defence mechanisms to protect their civil liberties. It is in the larger national interest of India to formulate suitable policies and laws so that civil liberties and law enforcement requirements can be reconciled.