internet surveillance

Internet Surveillance

A.Mohammed AdamActivist in FSFTN - India

We are Social: http://www.slideshare.net/wearesocialsg/we-are-socials-guide-to-social-digital-and-mobile-in-india-2nd-edition-nov-2012

5 laws in India mandate surveillance

The Information Technology Act: Section 44

Stiff penalties on anyone who fails to provide requested information to authorities

The Information Technology Act: Section 66A

Punishment for sending offensive messages through communication services


Allows for the interception of any information transmitted through a computer resource


Requires users to disclose encryption keys or face a jail sentence of up to 7 years !!!


Allows deputy superintendents of the police to conduct searches and seize suspects in public places without a warrant!!!

The Cyber Cafe Rules, 2011

Cyber cafes are required to maintain backup logs for each login by any user and to retain such records for 1 year!!!

ISP License Agreement

Bulk encryption is prohibited, as well as encryption that exceeds a 40 bit key length in symmetric key algorithms !!!

UAS License Agreement

IPSs and TSPs are required to conduct blanket mass surveillance !!!

Mutual Legal Assistance Treaties (MLATs)

National Intelligence Grid (NATGRID)

Crime and Criminal Tracking Networks & Systems (CCTNS)

Lawful Intercept & Monitoring (LIM) programme

Internet Monitoring Systems (IMS)

Centralised Monitoring System (CMS)

So how does the CMS work?

TSPs Lawful Interception System

LIS ISF server

ISF server Regional Monitoring Centre

Central Monitoring System (CMS)

So what has already been done???

1. 80% of the CMC Physical Data Centre has been built

2. The interception services have been fully integrated and tested for 2 TSPs: MTNL + Tata Communications Limited!!!

3. $8 million have been given to BSNL for interconnecting 81 CMS locations

Why the CMS is privacy-friendly !!! :p

1. The CMS will JUST automate the existing process of Interception and monitoring !!!

2. The interception and monitoring will be as per Section 5(2) of the Indian Telegraph Act !!!

3. The CMS authority will not need to take authorisation from the nodal officers of the TSPs !!!

Why the CMS is privacy-friendly !!! :p

4. The CMS authority will provision the interception requests from LEAs !!!

5. The CMS will include a non-erasable command log of all provisioning activities

CMS or LIM???

UID: World's largest biometric data collection scheme

Fingerprints...really???

Out of 50 surveillance technology companies operating in India...

● 13 companies sell Internet Monitoring tech● 18 companies sell Phone Monitoring tech● 22 companies sell Biometric (access control)

systems


● 6 companies sell tech to ISPs/TSPs● 30 companies sell tech to LEAs● 24 companies sell tech to

corporations/organisations● 8 companies sell tech to the public


● Only 6 companies comply with lawful interception standards & regulations:

1. ClearTrail Technologies

2. Kommlabs

3. Utimaco

4. Vehere

5. Verint

6. Aqsacom


● Only 19 companies are certified!!!! ● And only 7 of them are ISO 27001 certified!!!● Only 19 companies have Privacy Policies!!!

“Least harmful” surveillance technology companies

1. Precision Biometric (biometric tech)

2. Mobile Spy India (mobile spyware)

3. Raviraj Technologies (biometrics)

“Most harmful” surveillance technology companies

1. Kommlabs Dezign sells:● VerbaNET: Internet Interception Solution● VerbaCENTRE: Unified Monitoring Centre

which detects cognitive and emotional stress in voice calls and flags them!


2. Vehere sells:

vCRIMES : a CDR analysis system which:● Is used to analyse & gather intelligence and

unveil hidden interconnections and relations● Includes tools for detecting Sleeper Cells and

for advanced statistical analysis● Can analyse more than 40billion records in

less than 3 seconds


3. Paladion Networks sells:● Internet Monitoring Systems● Telecom Operator Interception Systems ● SSL Interception & Decryption Systems● Cyber Cafe Monitoring Systems


4. ClearTrail Technologies sell: ● ComTrail: Mass monitoring of IP & voice

networks● XTrail: Targeted IP monitoring● QuickTrail: Tactical Wi-Fi monitoring● MTrail: Off-the-air interception

...and NO privacy law in India!!!

So...is privacy dead???