internet surveillance
DESCRIPTION
This Slides are about the Internet Surveillance in many Countries. India is currently implementing some of the scariest surveillance schemes in the world. This lecture will shed light on India's surveillance industry, its UID scheme which aims at the collection of all biometric data and on various controversial surveillance schemes, such as the Central Monitoring System (CMS).TRANSCRIPT
Internet Surveillance
A.Mohammed AdamActivist in FSFTN - India
We are Social: http://www.slideshare.net/wearesocialsg/we-are-socials-guide-to-social-digital-and-mobile-in-india-2nd-edition-nov-2012
5 laws in India mandate surveillance
The Information Technology Act: Section 44
Stiff penalties on anyone who fails to provide requested information to authorities
The Information Technology Act: Section 66A
Punishment for sending offensive messages through communication services
The Information Technology Act: Section 69
Allows for the interception of any information transmitted through a computer resource
The Information Technology Act: Section 69
Requires users to disclose encryption keys or face a jail sentence of up to 7 years !!!
The Information Technology Act: Section 80
Allows deputy superintendents of the police to conduct searches and seize suspects in public places without a warrant!!!
The Cyber Cafe Rules, 2011
Cyber cafes are required to maintain backup logs for each login by any user and to retain such records for 1 year!!!
ISP License Agreement
Bulk encryption is prohibited, as well as encryption that exceeds a 40 bit key length in symmetric key algorithms !!!
UAS License Agreement
IPSs and TSPs are required to conduct blanket mass surveillance !!!
Mutual Legal Assistance Treaties (MLATs)
National Intelligence Grid (NATGRID)
Crime and Criminal Tracking Networks & Systems (CCTNS)
Lawful Intercept & Monitoring (LIM) programme
Internet Monitoring Systems (IMS)
Centralised Monitoring System (CMS)
Centralised Monitoring System (CMS)
So how does the CMS work?
TSPs Lawful Interception System
LIS ISF server
ISF server Regional Monitoring Centre
Central Monitoring System (CMS)
So what has already been done???
1. 80% of the CMC Physical Data Centre has been built
2. The interception services have been fully integrated and tested for 2 TSPs: MTNL + Tata Communications Limited!!!
3. $8 million have been given to BSNL for interconnecting 81 CMS locations
Why the CMS is privacy-friendly !!! :p
1. The CMS will JUST automate the existing process of Interception and monitoring !!!
2. The interception and monitoring will be as per Section 5(2) of the Indian Telegraph Act !!!
3. The CMS authority will not need to take authorisation from the nodal officers of the TSPs !!!
Why the CMS is privacy-friendly !!! :p
4. The CMS authority will provision the interception requests from LEAs !!!
5. The CMS will include a non-erasable command log of all provisioning activities
CMS or LIM???
UID: World's largest biometric data collection scheme
Fingerprints...really???
Out of 50 surveillance technology companies operating in India...
● 13 companies sell Internet Monitoring tech● 18 companies sell Phone Monitoring tech● 22 companies sell Biometric (access control)
systems
Out of 50 surveillance technology companies operating in India...
● 6 companies sell tech to ISPs/TSPs● 30 companies sell tech to LEAs● 24 companies sell tech to
corporations/organisations● 8 companies sell tech to the public
Out of 50 surveillance technology companies operating in India...
● Only 6 companies comply with lawful interception standards & regulations:
1. ClearTrail Technologies
2. Kommlabs
3. Utimaco
4. Vehere
5. Verint
6. Aqsacom
Out of 50 surveillance technology companies operating in India...
● Only 19 companies are certified!!!! ● And only 7 of them are ISO 27001 certified!!!● Only 19 companies have Privacy Policies!!!
“Least harmful” surveillance technology companies
1. Precision Biometric (biometric tech)
2. Mobile Spy India (mobile spyware)
3. Raviraj Technologies (biometrics)
“Most harmful” surveillance technology companies
1. Kommlabs Dezign sells:● VerbaNET: Internet Interception Solution● VerbaCENTRE: Unified Monitoring Centre
which detects cognitive and emotional stress in voice calls and flags them!
“Most harmful” surveillance technology companies
2. Vehere sells:
vCRIMES : a CDR analysis system which:● Is used to analyse & gather intelligence and
unveil hidden interconnections and relations● Includes tools for detecting Sleeper Cells and
for advanced statistical analysis● Can analyse more than 40billion records in
less than 3 seconds
“Most harmful” surveillance technology companies
3. Paladion Networks sells:● Internet Monitoring Systems● Telecom Operator Interception Systems ● SSL Interception & Decryption Systems● Cyber Cafe Monitoring Systems
“Most harmful” surveillance technology companies
4. ClearTrail Technologies sell: ● ComTrail: Mass monitoring of IP & voice
networks● XTrail: Targeted IP monitoring● QuickTrail: Tactical Wi-Fi monitoring● MTrail: Off-the-air interception
...and NO privacy law in India!!!
So...is privacy dead???