2014 Annenberg-Oxford participant Maria Xynou explores the largely unregulated surveillance schemes in India that lack public and parliamentary debate. Xynou discusses what civil society and the government are doing to improve the situation, and what individuals can do to protect their communications from abuse.
Today, freedom of expression through social media might turn out to be a slippery slope in light of widespread surveillance. Some of Snowden’s revelations, such as the GCHQ’s Squeaky Dolphin, provide evidence that everything we do on social media – whether it be re-tweeting an interesting article or liking a post on Facebook – is being monitored. In some countries, such as India, this already has concerning implications on human rights.
At least 21 people have faced arrests and have been questioned by the police in various Indian states over the last month, due to their posts on social media sites that criticized the country’s new Prime Minister, Narendra Modi. In fact, it all began right before the Prime Minister even officially assumed office, when an author was arrested for posting messages on his Twitter account, which was later closed by the police. A naval engineer will likely be arrested because of a anti-Modi Facebook comments. An MBA student was recently arrested for allegedly circulating offensive messages against Modi through WhatsApp. Over the last week, the Indian police have registered two separate cases against 18 college students and teachers for supposedly ‘defaming’ Modi in their campus magazines. Technically, most of these arrests are legal in India.
A prison sentence of up to three years for sending “offensive messages” through communications services is regulated under Section 66A of India’s 2008 Information Technology (Amendment) Act. Barely two years ago, twowomen in Mumbai were arrested under this law due to their Facebook posts which criticized the shutdown of the city following the death of a politician. Within only a month of assuming office, Prime Minister Modi has already attempted to arrest over twenty individuals under this law. Such crackdowns are also enabled by other sections of the Act, which allow for extensive surveillance. Section 69, for example, not only allows for the interception of all information transmitted through a computer resource, but also requires users to disclose their private encryption keys – if asked to do so by authorities – or otherwise face a prison sentence of up to seven years.
Interestingly enough, Modi himself is popular on both Facebook and Twitter and is one of the most followed politicians on social media sites. While media censorship is nothing new in India, and should probably not be entirely blamed on the Bharatiya Janata Party (BJP), there are two very concerning facts. First, none of the individuals who have been arrested over the last month are terrorists or criminals. Second, Modi, who was banned from entering the United States up until recently for allegedly having allowed the slaughter of at least 2,000 Muslims a decade ago, has now inherited the control of mass surveillance systems which monitors the lives of millions of Indians.
Suspicious “keywords” and “keyphrases” in social media, blogs, emails, tweets, instant messaging services and other types of internet content are being tracked through India’s Network Traffic Analysis (NETRA) system. The Government’s Lawful Intercept and Monitoring (LIM) systems are installed between the Internet Service Providers (ISPs), Internet Edge Router (PE), and the core network and have an “always live” link to the entire traffic. These systems appear to have broad surveillance capabilities with access to all internet activity, which is not limited to IPs, email addresses, URLs and webmails, and expands to a broad search across all internet traffic. As such, security agencies in India using LIM systems are capable of monitoring the entire internet indiscriminately, possibly without court oversight and without the knowledge of ISPs.
Mobile operators in India have deployed their own LIM systems to monitor the communications running through their networks, which allow for the “lawful interception” of calls by the Government. Additionally, India’s Unified Access Services (UAS) license agreement has recently been amended to include the establishment of a Central Monitoring System (CMS), which allows authorities to bypass Telecom Service Providers when gaining centralized access to all intercepted data in the country. The chart below illustrates how the CMS functions:
In other words, the mobile communications of more than 893 million people in India are currently being monitored and intercepted by authorities, widely in secret and without adequate legal backing. Why, however, is India, the world’s largest democracy in terms of population, adopting such authoritarian practices?
At least 800 terrorist cells are currently operational in India, while 30 major terrorist attacks have occurred in less than three decades. The Mumbai 2008 terrorist attacks signified a similar landmark to the 09/11 terrorist attacks in the United States, as surveillance laws and schemes have widely been adopted in India ever since. Law enforcement agencies around the world argue that citizens should trade-off their privacy and other civil liberties for security, and India is no exception. However, is this trade-off worth it?
India’s middle class is currently expanding and in a country with a population that exceeds a billion people. Millions of mobile and internet users are therefore being added to the pool of mass surveillance each year. Yet, most surveillance schemes in India are largely unregulated, are widely being carried out in secret, and lack public and parliamentary debate prior to their implementation. Not only does India currently lack transparency and accountability mechanisms for such surveillance systems, it also lacks privacy legislation. As such, the potential for abuse appears to be extremely high and the recent arrests of citizens criticizing the Prime Minister have sparked concerns about the future of human rights and political freedom in India.
The good news is that both the civil society sector in India and the Government appear to be taking some initiative to legally guarantee citizens the right to privacy. The Centre for Internet and Society (CIS) in Bangalore drafted aPrivacy (Protection) Bill last year, and the Government’s Department of Personnel and Training recently leaked itsdraft Privacy Bill. While it remains unclear if privacy legislation will effectively prevent the prosecution of individuals based on their social media activity, a privacy law would at least guarantee certain fundamental rights which should be at the core of every democracy.
On an individual level, we should all take responsibility to protect our communications from abuse. Security-in-a-box provides comprehensive tools and tactics for digital security, as well as guides on how to use encryption and various types of anonymity software. Both Edward Snowden and security expert Bruce Schneier have confirmed that the use of encryption is the only way to protect our communications from censorship and surveillance. Journalists should take responsibility for their sources and encrypt all their communications and files, while always using platforms for anonymity, such as Tor. Regardless of whether we are journalists or human rights activists, each and every one of us should learn to live safely on the internet. Modi’s recent crackdown on students and authors based on their social media activity is proof that surveillance does not only concern terrorists, criminals, and people who have “something to hide”–surveillance concerns everyone.
Technology today provides a great platform for freedom of expression, but can also potentially serve as a platform for oppression. Given the widespread surveillance of both internet communications and telecommunications in India, it is essential that authorities enact privacy legislation and that transparency and accountability mechanisms for surveillance systems are enforced. Additionally, citizens should take the responsibility for the security and privacy of their communications into their own hands. Let’s work to build a web free from surveillance, free from control.
Maria Xynou is a Project Researcher at the Tactical Technology Collective (TTC) in Berlin, where she works on the MyShadow.org and Making All Voices Count projects. She has previously worked in India with the Centre for Internet and Society (CIS) as a policy researcher on the Privacy project, with a focus on surveillance. She has interned with Privacy International and with the Parliament of Greece, and holds a MSc in Security Studies from the University College London (UCL). Maria has presented her research in numerous international conferences, including Re:publica 2014 and the 30th Chaos Communication Congress.”