Monthly Archives: January 2014

DOJ Announces New Reporting Methods For National Security Orders

DOJ Announces New Reporting Methods For National Security OrdersCivil liberties protection in cyberspace is attracting the attention of civil liberty advocates around the world. There is a growing disharmony between national security and civil liberties protection around the world. The national security agency of United States (U.S.) has been targeting foreign nationals and organisation for e-surveillance and eavesdropping. Even malware and radio waves have been used by NSA for engaging in e-surveillance. If this was not enough, Google system managing lawful interception and e-surveillance issues was compromised by crackers.

Meanwhile, the telecom and technology companies in U.S. have been forced with gag orders to not to disclose information pertaining to national security related information requests. Federal Bureau of Investigation (FBI) has been issuing the national security letters (NSLs) for long by showing national security requirements. FBI is maintaining that not only the contents of these NSLs but also the mere fact of its receipt must be kept secret by the recipient of such NSLs.

However, Google’s challenge to FBI national security letters was narrowed down by a U.S. Court. Nevertheless, Google and Microsoft sued U.S. government regarding user data requests under FISA law. Now the U.S. government has realised that this litigation can produce adverse effects for its surveillance activities.

The U.S. government and various technology companies have now decided to take a mid path. A Notice of Declassification by U.S. Government (PDF) has been issued in this regard accompanied with the Deputy Attorney General Letter Regarding New Reporting Methods for National Security Orders (PDF). A Joint Statement by Attorney General Eric Holder and Director of National Intelligence James Clapper on New Reporting Methods for National Security Orders (PDF) has also been issued. The technology companies also filed a Stipulation of Voluntary Dismissal of Action (PDF) in the Court. Thus, for the time being, the litigation has been put on hold without prejudice to the right of these technology companies to raise the issue in future.

Attorney General Eric Holder and Director of National Intelligence James Clapper released the following joint statement Monday:

“As indicated in the Justice Department’s filing with the Foreign Intelligence Surveillance Court, the administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities. Through these new reporting methods, communications providers will be permitted to disclose more information than ever before to their customers.

“This action was directed by the President earlier this month in his speech on intelligence reforms. While this aggregate data was properly classified until today, the office of the Director of National Intelligence, in consultation with other departments and agencies, has determined that the public interest in disclosing this information now outweighs the national security concerns that required its classification.

“Permitting disclosure of this aggregate data resolves an important area of concern to communications providers and the public.  In the weeks ahead, additional steps must be taken in order to fully implement the reforms directed by the President.

“The declassification reflects the Executive Branch’s continuing commitment to making information about the Government’s intelligence activities publicly available where appropriate and is consistent with ensuring the protection of the national security of the United States.”

Radio Waves And Malware Used By United State’s NSA For World Wide E-Surveillance

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBE-Surveillance and Eavesdropping is on rise World over.  It is wrong to blame United States (U.S.) alone for E-Surveillance as it is difficult to accept that other Nations, including India, are not engaging  in such activities. Spying and E-Surveillance has many decades of history and only the form has changed with the advent and use of Information and Communication Technology.

However, what is problematic is the “Fact of Denial” of such E-Surveillance by various Countries. Even worst is the fact that almost all of these E-Surveillance and Eavesdropping activities are performed in an “Unconstitutional Manner”.

In the past it has been reported that U.S. is the biggest buyer of Malware in the World. It is well known that Global Cyber Espionage Networks are being actively and covertly used to Spy on other Nations. This is evident from the fact that the Command and Control Servers of Malware FinFisher were also found in 36 Countries, including India.

Countries across the World have started to strengthen their Cyber Security Capabilities. While protecting their own Cyberspace domain, various Countries must understand that Cyber Security is an International Issue (PDF) and not a National one. Therefore, an International Cyber Security Treaty is Required (PDF). As far as India is concerned, the Cyber Warfare Policy of India (PDF) and E-Surveillance Policy of India (PDF) must be urgently drafted and implemented. Similarly, Self Defence and Privacy Protection in India must be ensured.

During the exposure of engagement of E-Surveillance by the National Security Agency (NSA) of U.S., James Clapper confirmed that NSA is targeting Foreign Citizens for Surveillance. This E-Surveillance is further “Combined” with Tactics and Techniques of Cyber Warfare, Cyber Espionage and Cyber Terrorism, etc. Highly Sophisticated Malware like Stuxnet, Duqu, Flame, etc have been made and used by Nations as Cyber Tools to launch Stealth Cyber Attacks against other Nations.

These Malware used Cyber Attack Methods and Vectors that are far beyond the Capacity of Traditional Cyber Security Mechanisms to Trace and Prevent. This becomes a serious Cyber Security Issue when Critical ICT infrastructures are at stake. For instance, the critical Infrastructure Protection in India and its Problems, Challenges and Solutions (PDF) are still to be looked into with Great Priority by Indian Government. It is only now that India has declared that NTRO would protect the Critical ICT Infrastructures of India. Similarly, a Tri Service Cyber Command for Armed Forces of India is in Pipeline. Nevertheless, the Cyber Security Infrastructure of India is Weak and it must be improved as soon as possible.

Recently, Defence Research and Development Organisation (DRDO) Computer Systems were breached and sensitive files were leaked. India must ensure both Offensive and Defensive Cyber Security Capabilities. Cross Border Cyber Attacks, Authorship Attribution and Cyber Crimes Convictions are very “Difficult to Prove”. This gives lot of space for “Blame Game” and denying the “Culpability” for Cyber Attacks. Countries around the World are blaming each other for Cyber Espionage and Cyber Attacks while not admitting their own Acts and Omissions.

The present Cyber Attack Techniques and Methods are not only “Evolving” but they are “”Specifically Designed” do that they remain “Untraceable” and “Anonymous”. For instance, it has been reported that NSA has been using Radio Waves and Malware for engaging in world wide E-Surveillance. Thus, whether a Computer System is Online, Offline or an Isolate one, the “Combined Technique” of Malware Imbedded Hardware, Spyware and Malware and Radio Waves can allow NSA to get the “Relevant Information” with some effort in this regard.

India’s own Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc are violative of Civil Liberties Protection in Cyberspace. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

Recently United Nations (UN) Third Committee Approved Text Titled Right to Privacy in the Digital Age. However, this is not “Deterring” Countries to engage in E-Surveillance in an “Unconstitutional Manner”. Privacy Rights in India in the Information Age need to be protected at the “Constitutional Level” otherwise Privacy would have no meaning in India. This equally applies to other Countries and something must be “Seriously Done” in this regard so that Civil Liberties in Cyberspace can be protected. We must not forget that When Rights are Outlawed only Outlaws will have Rights.

Privacy Rights In India In The Information Age

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLB4We have no Dedicated Privacy Laws in India and Data Protection Laws in India. In fact, when it comes to respecting Privacy of Indian Citizens, Government of India tries its level best to avoid the same.

For instance, India has launched Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

Further, India is the only country of the World where Phone Tapping and Interceptions are done without a Court Warrant and by Executive Branch of the Constitution of India. Phone Tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” for Phone Tappings and Lawful Interceptions. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more.

Phone Tapping in India has been in controversies for long. Whether it is Illegal Phone Tapping by Private Individuals or Unaccountable Phone Tapping by Indian Government and its Agencies, Phone Tapping in India has never been smooth.

There is a blessing in disguise in Ratan Tata’s Petition before Supreme Court of India. This is a golden chance for the Supreme Court of India to analyse the “Implementation” of its decision in the PUCL case (Phone Tapping Case). The Supreme Court must “Widen” the scope of Privacy Rights in India not only in the context of Phone Tapping but in an “Overall Manner”. The Supreme Court must formulate and lay down the widest possible “Guidelines” regarding Privacy Protection in India as it has done in the Vishaka’s Case (Guidelines against Sexual Harassment). The Supreme Court has even said that with the Technological Advancement, Privacy is virtually disappearing.

On the front of Legal Framework as well we have no Dedicated and Constitutionally Sound Lawful Interception Law in India. The Indian Telegraph Act, 1885 and other similar Laws are not in “Conformity” with the Constitution of India, especially Fundamental Rights of Indians. Even the Home Ministry of India is considering enactment of a Lawful Interception Law in India.

However, what is more surprising is the fact that the Law Enforcement Agencies and the Intelligence Agencies that indulge in Unconstitutional E-Surveillance and Phone Tapping are themselves Governed by No Law. It is no surprise that the Central Bureau of India (CBI) is also not governed by any Law and it is operating in India Without any Law. It is only now that the Central Bureau of investigation act 2010 was drafted. Till now it is a mere draft and has not become an enforceable law. Even the Constitutional Validity of the National Investigation Agency Act 2008 is doubtful. Even the Draft Intelligence Services (Powers and Regulations) Bill, 2011 has been recently circulated in the Parliament of India. India must urgently formulate E-Surveillance Policy so that the E-Surveillance conducted by Intelligence Agencies and Law Enforcement Agencies of India can be regulated.

Surprisingly, we have no E-Surveillance Policy in India and Legal Framework in this regard. This is despite the fact that many Indian Projects are so E-Surveillance Oriented that they cannot pass the scrutiny provisions of Indian Constitution. Of all these E-Surveillance Projects Aadhar Project of India or Unique Identification Project of India (UID Project of India) is the most “Dangerous Project” that should not be there at the very first place. It is based upon Deceit and Deception and both Indian Government and Unique Identification Authority of India (UIDAI) are Hiding Truth from Indians. There is no Legal Framework, no defined Policies and Guidelines and most importantly no Procedural and Civil Liberty Safeguards.

If this was not enough the sole Cyber Law of India (Information Technology Act 2000) was amended through the Information Technology Amendment Act 2008. The IT Act 2008 made the Cyber Law of India an “Unregulated and Unaccountable” piece of E-Surveillance Legislation. It is now wide open to misuses by Indian Government and its Agencies. Further, the IT Act 2008 also violated various provisions of Indian Constitution and hence is “Unconstitutional” as well. Ideally Cyber law Of India must be repealed as soon as possible.

If Parliament of India has abdicated its duties and Indian Judiciary is watching as a moot spectator, it becomes of paramount importance for Cabinet Committee on Security (CCS), Union Cabinet and Prime Minister’s Office (PMO) to “Disallow” all such Projects till proper Civil Liberty Safeguards and Legal Frameworks are at place.

E-Surveillance Policy Of India Is Needed

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLB4E-Surveillance in India is rampant that also without any Constitutionally Sound Legal Framework and parliamentary Oversight. The issues of E-Surveillance, Civil Liberties Protection in Cyberspace and Conflict of Laws have further complicated the scenario. Recently United Nations (UN) Third Committee approved text titled Right to Privacy in the Digital Age. However, India is treading on a totally different path of E-Surveillance and defiance of Privacy Rights of Indian Citizens.

India has no E-Surveillance Policy and Legal Framework. This is despite the fact that many Indian projects are so e-surveillance oriented that they cannot pass the scrutiny provisions of Indian Constitution.

India has launched Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

If this was not enough the sole Cyber Law of India (Information Technology Act 2000) was amended through the Information Technology Amendment Act 2008. The IT Act 2008 made the Cyber Law of India an “unregulated and unaccountable” piece of E-Surveillance Legislation. It is now wide open to misuses by Indian Government and its Agencies. Further, the IT Act 2008 also violated various provisions of Indian Constitution and hence is “Unconstitutional” as well.

Parliament of India has been increasingly abdicating its “Constitutional Duties” of Parliamentary Oversight and Law Making. The way Indian Executive takes decisions on behalf of Indian Parliament is really surprising. Some have validly questioned the very purpose and existence of Parliament of India.

We have been suggesting that E-Surveillance Projects like NATGRID must be suitably regulated and they must comply with Civil Liberties Protection Requirements. The Home Ministry of India did not pay heed to these suggestions and now a stage has reached where NATGRID Project may become redundant. So is the status of NCTC.

India has been imposing Projects like NATGRID and Aadhar on false pretexts of National Security and Welfare Schemes. However, this is not the truth. As far as Aadhar Project is concerned, it is an Endemic E-Surveillance Project. Similarly, Projects like NATGRID must Reconcile National Security interests with Protection of Fundamental Rights.

If Parliament of India has abdicated its duties and Indian Judiciary is watching as a moot spectator, it becomes of paramount importance for Cabinet Committee on Security (CCS), Union Cabinet and Prime Minister’s Office (PMO) to “disallow” all such Projects till proper Civil Liberty Safeguards and Legal Frameworks are at place. Further, India must also formulate an E-Surveillance Policy as soon as possible.