Ever-increasing online security threats don?t seem to bother cybercrime officer Nasim Ali. He might not exactly be equipped with state-of-the-art technology, but the assistant commissioner with Kolkata Police is armed with agreements?mostly unofficial?with third party service providers, mainly portals and internet service providers (ISPs). And he claims to have reduced the crime rate among the city users in the cyberworld.
A year and a half back, Kolkata Police had an unofficial agreement with Google, allowing them to block any profile on Orkut or trace the sender of any scrap if the police finds anything indecent or disturbing in the content.
The agreement, according to Ali, says, ?After receiving a complaint from an affected party, the police visits Orkut and if it finds that objectionable, it writes to Google to block the profile .Google looks at the complaint and if the portal agrees with the police version, it blocks the profile. If the affected party is open to further action, the police files cases under IPC. ?But most of the time, we have seen that people don?t want to pursue beyond the action of blocking or deletion,? says Ali.
Interestingly, this seems to be a big help in curbing cybercrime. ?Unofficial agreements with Google have helped us curb cybercrime in the city,? he quips. And their job has been made easier with ?a tool provided by Google officials.?
The tool, he says, helps them to enter Orkut and send objections for quick action. In the last one year, he claims to have blocked around 100 profiles and scraps. With the large number of users frequenting Orkut, it does not come as surprise that it had a high number of mischief-makers too.
This snooping by police is not an isolated incident. Every keystroke of yours could be monitored in cybercafes soon. Mumbai Police is reported to have mandated installation of keylogger software at a number of cybercafes, in a bid to track down terrorists, who could hatch plans through online communities or emails. The online world is already fraught with the possibility of breaches in their financial data in transactions done through a cybercafe.
You could call it an effective way of curbing cybercrime or invasion into your privacy, but online filtering (sometimes state-mandated) is clearly on. India has emerged prominent on the list of countries with ?state-mandated filtering? in a survey by Open Net Initiative, made up of research groups at the universities of Toronto, Harvard Law School, Oxford and Cambridge. The filtering has three primary rationales, according to the report?politics and power, security concerns, and social norms.
Several portals like Sify and Rediff, however, claim they believe in the freedom of expression and let users define it. Sify claims to be editing less than 5% of the user-generated content. ?We provide users a platform and by using the fruits of technology, people express their emotions and needs. We don?t do any content arbitration,? says Manish Agarwal, vice-president (marketing), Rediff.
So far, it?s been smooth sailing for the law enforcement agencies, as well as portals. For obvious reasons, the portals would want to avoid any kind of controversy with the central and local law enforcing agencies. Amidst this blocking and deleting of unwarranted scraps or profiles, can a citizen raise his or her grievances if there is a feeling of injustice?
?Unlike the US and some other countries, we don?t have a privacy law. If a citizen is deprived of his individual freedom, there is no specific law to defend the privacy of the individual,? says Pavan Duggal, a cyberlaw specialist. The Information and Technology Act 2000 does not have any provision to safeguard privacy and data protection.
?Though now there is a proposal to amend the IT act with laws to protect individual privacy,? says Duggal.
Few in the industry believe their rights are protected by Article 21, which declares that no citizen can be denied freedom and liberty except by procedures prescribed by the law.
Duggal points out that Article 21 is not comprehensive when it comes to safeguarding individual freedom and privacy. ?It is limited to infringement of privacy by the state only, not by individuals on other individuals.?
Few others like Bharatmatrimony CEO Murugavel Janakiraman recommend self-regulation. ?In a country like ours with people from different religious belief and different cultures, I don?t know how much can a separate privacy law help. Rather, the portals and websites should do self-regulation of content, which should represent majority views. I believe that the content in the portals should be regulated by community norms and cultures without neglecting individual desires and needs,?says Janakiraman.
?We believe in self-regulation. We edit less than 5% of the user-generated content. Internet is still in a nascent stage in the country and and it?s too early to talk of a separate privacy law. At Sify, we will be doing our job if the majority of internet users can express their feeling without hurting others,? agrees Arun Rajamani, head consumer channels, Sify.
For many internet users in India, the absence of a privacy law raises a spectre of the future possibility of curbing freedom in the internet space, similar to the situation in China. More so in a situation, where there are enough tools and technologies available for law enforcing authorities, as well as for individuals to pry into people?s mail boxes.
While most other international portals declined to speak on the issue, Google was forthright with its response. Says Shailesh Rao, managing director, Google India, ?We respect user privacy and support free expression. We also cooperate with proper legal requests for information. We believe it is possible to balance these .?
The Google spokesperson also confirms that the global portal has an initiative with police forces, including the Kolkata Police, whereby the police now have a special reporting tool. This enables the police to have a direct line of contact with Google to request content removal from Orkut and if required by law, preservation of removed content and data for police investigations.
?This reporting tool does not affect the way we treat users? data?it only enables a faster, direct communication. Authorities are still required to follow an appropriate legal process in order to get information,? says the spokesperson. Google developed the reporting tools for countries like Brazil and India, where Orkut is popular.
The Google spokesperson says that the portal aims to provide a safe and secure environment for all Google users, to protect the privacy of the users, and to take swift action to terminate access or services to those who abuse our services or disregard the standards of conduct. ?We will cooperate with law enforcement agencies within the bounds of the law, and we have taken a number of steps to cooperate with India authorities in the investigation of illegal activity,? says the spokesperson.
Rediff claims to provide information only in exceptional cases. ?In case of requests from the law enforcing authorities, we only comply when it is from higher authorities like the home ministry and is associated with national interest. We seldom provide information or comply with requests to block or delete content. We only agree when we find that majority in the community believe the content is offensive or indecent,? says Rediff?s Agarwal.
But Orkut users like Indrila Ghoshal feel that there should be an independent regulator to decide what is decent and what is not in these networking sites. ?In case of deletion of profiles and scraps, the entire thing is decided by the consensus arrived by the third party service providers and legal enforcement authorities. Where is the voice of the ?offender?? He or she should be given a chance to argue before deletion? There should be some objectivity otherwise a service provider may succumb to the dictate of the legal authorities,? says Ghosal.
Snooping emails from servers hosted in other countries, however, does not seem to be so easy. To intercept email communication or remove content from portals, which are based outside the country, the authorities have to get a court order from the country where it is based, according to Duggal.
?It is not always easy since in places like the US, there is a strong privacy law,? he adds. There are two statutory authorities Controller of Certifying Authorities (CCA) and Computer Emergency Response Team in India (CERT-IN) under IT Act 2000 to deal with blocking and interception of electronic records originated in the country.
But all these may not be enough to guarantee liberty. There is still a need to have a separate privacy law to safeguard from serious intrusion in individual privacy. India needs a separate privacy law. ?This will help keep the internet as a place where an individual?s freedom will never get transgressed without hearing out all the affected parties,? says Duggal.