Cyber ransom attack: why lawyers and courts should worry more

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER
When I was a student of undergraduate Law college, we were never sent for internship by colleges, to be more specific, the traditional university –colleges, whose duty was limited to hold classes, yearly(and not semester) examinations and give us the students the degree certificates. Children of lawyers and judges had a smooth path to the courts and to the practice through their parents. Many of us whose parents were not lawyers, used to hang out with these friends to get reference to join other law-firms or lawyers. We juniors had to do a lot of paper work and physical work to retain our jobs: we had to take notes from our seniors, their clients, make files to put the papers in proper sequences, make noted from the books for helping the seniors for next day’s arguments and sit with the stenographer –cum-computer operator to help him understand our illegible handwritings to make notices, petitions, affidavits etc. Most of the times, these computer operators had their own files saved for specific formats. We had to narrate him/her the names of the parties, the case numbers, and special points that may make the case very different from the format stored in there. 90% of these computers were not connected with internet. They were used for file storing only. I doubt way back in 1999-2001 how many government offices had computers used for anything other than file storing. It was mainly for this that the earlier version of our Information Technology Act,2000 did not have specific provisions damaging computer network system or hacking or unauthorised access to the computer through spreading malware etc. This is evident from the modern version of S.43 of the Information Technology Act (which was amended vide Information technology Amendment Act, 2008), which speaks about penalties and compensations for damage to computer, computer system etc. However, these “file storing” computers were prone to get virus attacks by external devices including floppies. We also did have some few personal computers lawyer’s offices which were connected with internet to receive mails, mainly instructions from overseas clients or clients staying in outstation. But these were considered as “luxury” and these lawyers were considered as that special group of lawyers who were “cyber savvy” not because they could produce electronic evidences because at that time mails/messages/ call logs were hardly recognised as proper evidences even though we had the amendment –wave touching the traditional evidence Act as well; but because they could go back to their chambers and see instant communications/instructions  from their clients and were able to bring back some thing called “printed  emails” not as an evidence, but as a reference-note. Quite at this time 9/11 happened in the US and everyone including we the lawyers also suddenly became alert about cyber security. But still, we got to see heavily protected lawyer’s bureaus and desks which contained most confidential data about their clients. It was not the soft copies, but the papers and in some cases, some physical objects like the knife or a piece of cloth etc which used to attract our attention as “sensitive” “confidential” materials which may turn the lives of the clients as well as ours if we assist our seniors in protecting these as best evidences.  With change of time, almost all lawyers became cyber savvy in this way or that especially because we started storing the confidential data of the clients in soft copies. Now, let us understand what is meant by sensitive information which may be considered as part of confidential data. S.3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 defined sensitive personal data as 
 (i) password;
(ii) financial information such as Bank account or credit card or debit card or
other payment instrument details ;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for
providing service; and
(viii) any of the information received under above clauses by body corporate for
processing, stored or processed under lawful contract or otherwise.
But importantly, this definition also includes a third party, i.e., the “body corporate” for providing services. Now, let us check the definition of body corporates which is defined under S.43A of  the Information technology Act, 2000(amended in 2008). It says in explanation (i) "body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities. Very broad interpretation of this may include lawyers as well who may provide professional counselling. 
But without going into the examination of whether lawyers may held responsible as body corporates in the straight sense, I would like to emphasise on the point that lawyers also collect confidential data and they are at risk of  security infringement too. In my recently published writeup “the ransom attack that may make the women cry” published in the WION news @ http://www.wionews.com/south-asia/the-ransom-attack-that-may-make-the-women-cry-15726 I mentioned that every data saver including lawyers may also be at risk for any sort of malware attack. As such, when lawyers store confidential including sensitive data about clients, they must be ethically bound to protect it against any such cyber attack as well. 
Now, we may also need to shift our attention to the courts as store house of data as well.  Presently, courts have widened options for filing of cases or getting access to the judgements or orders by creating court websites which may not only work as a store house of information for millions of justice seekers, but also an information house of millions of lawyers, law students as well as researchers. Unlike lawyers, who may maintain strict confidentiality about the data /information provided by their clients to them for litigation purposes, we often get to see information being exposed in the court websites, especially in cases of judgements. The recent understanding of the courts have however made it mandatory to keep the party’s name confidential when the case is about child sexual abuse or victimisation of women. But still then, the courts play major role in storing confidential data about the litigants, which if exposed, may make the lives and reputation of justice seekers at stake. 
Surprisingly, the Information Technology Act, 2000(amended in 2008) has not emphasised on this issue separately. The chapters including chapter IX which speaks about penalty, compensation and damage to the computer, computer system, network etc, liability to protect the data penality for failure of the same by the body corporate etc, power to adjudicate etc, and chapter XI which speaks about the offences  speaks about liability of the data string houses, individual perpetrators and government stakeholders to intercept etc, but does not specifically mention about categories of service sectors and their liabilities. 
While it has been upheld that lawyers will come under the scope of Consumer protection Act unlike doctors or health sector stake holders like the hospitals or clinics, we must understand that by saying this, we can not escape our moral duties to protect the clients or litigant’s vital information which may be stored with lawyers or digital store houses of the courts. Infact as I mentioned in the write-up mentioned above, each of these sectors including lawyers and courts may be attacked by cyber perpetrators who are now playing a crucial role in “hacxtortion : hacking and extortion” (as was coined by me in the above writeup) of money for giving back the encrypted files. We have already seen that National Health services in the United Kingdom had been badly affected by this ransom malware. It is high time that lawyers, law firms and courts must audit their cyber securities to save the valuable data and take preventive steps against such ransom attack.

How ‘yellow journalism’ and internet is failing the women victims of online harassment and revenge porn

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

Almost a month and half back the whole south India woke up to a rather “juicy news” of “Bhavana” molestation case. She is not “Nirbhaya.” Her name was not given by the any legislator or judge or executive to protect her identity. Bhavana is a Malayalam female cine-star whose real name can be found in Wikipedia and numerous film magazines. She was apparently molested in a moving car by some including her former drivers. As the news report suggests, the perpetrators also took ‘objectionable’ photos of her while the incidence was going on. The news surfaced exactly when I was enjoying the sweet success of publishing my latest article “Celebrities and cyber crimes:an analysis of the victimisation of female film stars on internet” published in Temida: Journal on victimization, human rights and gender Volume 19 • Issue 3-4• 2016 .

We the movie fans often understand that actors or actresses may themselves attract negative publicity by voluntarily getting into troubles or playing the victim card. But in some cases this may not be true. Women actors may face numerous problems, harassment and threats in real life as well as virtually. One of such problem is facing voyeurism and revenge porn almost on daily basis. Some actors turn numb to such harassment as they take these as (negative) part of  their work. Some may reach out to police to show genuine concern. In Bhavana’s case, a minute analysis would show that she was not only physically violated, but also she became a victim of ‘revenge porn’, a term that our laws still do not recognise and tries to cover it up by numerous legal provisions which may not provide  the actual answer. I call it ‘revenge porn’ because once such ‘objectionable’ pictures were taken; it would not take more time to get it  circulated through WhatsApp. These contents may then land in various ports including to the secret sellers of porn clippings and obviously to the XXX rated sites. No one, not even the police may do anything to prevent secondary victimisation of the victim in such cases.

What concerns me more  is publication of her name. S.228-A of the Indian Penal Code prohibits publishing, printing etc  of the name and information of the victim/s who may have been victim of rape or sexual molestation. This protection is brought in to protect the privacy of the victim and more so, to encourage women victims of sexual violence to come up for reporting of crimes without the fear of ‘recognition’ and resultant possible social exclusion. But this provision also has a loose noose : when the victim herself allows to publish her name or identity, this provision will cease to help the victim. We don’t know whether Bhavana herself permitted the reporters to use her name and photograph but I can definitely understand that this has again created a bad example of ‘no identity protection’. Common people who may not be expected to know the pigeon holes of law, would understand a completely different story: reporting would bring media highlight which will destroy the physical and mental   privacy of the victim and her family. But this does not mean that I am ignoring the provisions of S.228-A, IPC. Women victims must also be made aware of this twist of law relating to identity protection. We may expect good and bad results of this: the provision may be misused, women may be able to take a rational decision.

Let us, the civil citizens take a preventive decision to not to spread any offensive videos/still images of women actors even if it may surface as apparently (ugly, unethical movie promo) genuine. Let us respect all women as equal irrespective of their job.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2017), " How ‘yellow journalism’ and internet is failing the women victims of online harassment and revenge porn”  1^st April, 2017, published in http://debaraticyberspace.blogspot.com

Smart cities may not always be Safe cities: Recalling Bangalore incidence

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

On December 20, 2016 I was attending a round table conference  on Smart City, Safe City in Delhi. After the Delhi gang rape case in 2012, every one addressed Delhi as an unsafe city. New apps emerged which would help women in distress to send SOS to their relatives and friends and alert the police. The police force of all metro cities also vowed to ensure safety for women in public places. Not much success though! There were several incidences of rape including gang rape which again and again made us realised that there is a difference between promising and doing. What disturbed me more was sudden increase of rape videos on internet. Rapists and their aides physically violate women and capture the moments to enjoy it later! Or should I say to earn unethical profits out of this? Yes! They earn a good fortune by distributing such videos to various ‘ports’ from where such videos float to many other ports, devices and jurisdictions. I would not have believed that local petty shops earn revenue by selling such videos to young adults and matured teens until one day I came across a news report on this. Presently it is not only the violent rape videos or voyeur honeymoon videos alone which is being consumed by porn addicts; the list has included videos on public place molestation and  kissing and fondling of young lovers at dark places. The Bangalore molestation incident on the 31^st December 2016 night  is also floating in the internet now. Indeed, it has been seen not only by those who wanted to know the reality, but also by porn addicts because this is nothing but a ‘sex video’ or ‘sex clip’ for many. The images show forcefully touching, fondling and trying to kiss women.

Question is who clicks these? Who disseminates these? While I do not deny that many people in the crowd who would have noticed these incidences may have taken pictures of such molestation because we severely lack a proper public place photographing law; I must say these molestation videos have become viral because of the poor surveillance on the work of the surveillance camera as well. On the one hand we thank the media to bring this news in the forefront. But on the other hand, I can’t stop thinking about extreme violation of privacy. What for the surveillance cameras are installed in public places? It is because the police (the so-called 24 hour help lines) could be made aware then and there of what is happening and how it is happening in the public places. Shockingly enough the police took charge after the media highlighted the issue. What more can be gathered from this is, the person who may be monitoring the images captured by the surveillance cameras may wanted to alert the media first and not the police. May be the person in charge would have alerted both the stakeholders, but the failure of the police to take charge of the issue first has not only  violated the right of the victims to speedy justice, but has also revealed a crude joke: privacy of the  sexual assault victims can neither be guaranteed.

          28^th January is celebrated as Data Protection day in many countries including India. On this day 27 years ago Council of Europe opened the Convention for the protection of individuals with regard to automatic processing of personal data for signature by the State parties. India is yet to adopt this convention. India neither has any focused Privacy protection law, even though the provisions relating to protection of privacy are scattered in different legislation.  Ironically the concept of smart city has motivated the creation if several apps and digital policing. But the Bangalore incident again proved that nothing really works ‘smartly’ until stricter implementations of the traditional laws are made.

Stay safe, act safe.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2017), " Smart cities may not always be Safe cities: Recalling Bangalore incidence”  29^th january, 2017, published in http://cybervictims.blogspot.in/

Hacking is no fun

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

This December we got to see a bout of hacking attacks on renowned politicians, journalists, business magnets in India. Apparently their purpose was to reveal corrupted people who are disrupting good governance in India. Almost all the news media channels ran stories on who these hackers are, why the targeting specific people are and what may be their next target etc.  Very recently I got to meet  a group of people who hack for various reasons. While most of us are concerned about our own digital data security, it is interesting to know why our accounts in social media or email may get hacked.  There is a difference between unauthorised access of financial data, social media profiles, emails and digital data that may be stored in our own devices. They may be interconnected. But definitely their motives may be different. In my recently published monograph “Cyber crime against women in India’ (https://in.sagepub.com/en-in/sas/cyber-crimes-against-women-in-india/book253900) I showed that  revenge porn may be a result of unauthorised access of social media profiles as well as digital albums for revenge to destroy the reputation. Similarly there are hackers who may access  financial data for illegal monetary gain.

However, there is a group of people who hack for fun. This ‘voyeuristic pleasure’ is exercised especially when the hacker/s may want to establish how an organisation or particular individuals may poorly maintain their  cyber security . I do often get to hear from senior citizens and women that their social media accounts or emails or Whatsapp profiles have been hacked.  An in-depth research may reveal that hackers may have done this for fun. To me, it relates to those pre internet  days when youngsters took pleasure in peeping into well guarded private diaries maintained by young girls and boys or individuals who loved to treasure their secrets. But hacking is no fun especially when the information thus gathered can be used for various detrimental causes including extortion and sextortion. Especially Women may feel extremely traumatised when such hackers for fun target them. The reason is, if a woman’s digital data is unauthorisedly accessed, it may misused and damage to her reputation may compel her to take extreme steps like suicide due to fear of social taboo. What I strongly condemn is teaching school children about hacking with the tag line that hacking is for fun. It is like giving a loaded gun to children to experiment it and learn it for fun. It is indeed a fact that ethical hackers are used for many positive reasons and internet companies may pay them a hefty amount too. But, teaching hacking to children must be done with utmost concern. We definitely do not need Frankensteins . It must be understood that any individual who may not understand the responsibilities attached with power may definitely misuse the power.  We need to understand that our Information Technology Act, 2000(amended in 2008) has recognised unauthorised access to digital data, tampering of the data etc as penal offences and the provisions are wide enough to cover offenders of all age. Further, our Indian Penal Code also recognises cyber stalking and voyeurism as an offence which may necessarily involve hacking. Any child psychology expert or educator may understand that children tend to experiment (often with disastrous first few results) for a better understanding of the subject. Hacking is such a tool which may at the outset show the child how to gain illegal profit by using it if he/she is not told about the risks that may be caused to others as well as to his target victims.  

This Christmas let all take a vow that our knowledge must be used for positive purposes and not for victimising others. We must remember that if we use our knowledge and expertise to check the weakness of others, that must be done in a prescribed way and not to humiliate the later.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2016), “Hacking is no fun”

25^th December 2016, published in http://debaraticyberspace.blogspot.com/

Why mobile number portability services may prove to be an absolute hypocrisy for women? A dirty dark secret

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

I belong to that generation who have grown up with one landline telephone connection, just to realise that the same can become ‘just a set’ to support home internet connection for some, or a “life support” for senior citizens who love to feel nostalgic by such sets.  I have stayed in three major cities in three parts of India and finally decided to own a telephone number which (much to the surprise of my older generations) started ‘travelling’ with me to keep me connected with the world. Yes, we call it ‘roaming’. But the older generation still loves to call it mobile phone instead of ‘cell phone’ because (as one my grand-aunt once commented), ‘you need to be mobile while using it’. I gradually owned a smart phone and the SIM card changed its ‘place of residence’  from my ‘unsmart’ phone to smart phone . I also witnessed the era when roaming charges got reduced from a (shocking) exorbitant price to a nominal price which we were happy to afford.

Then came the announcement for mobile number portability system.  One of the telecommunication service providers define this in the following words “  Mobile Number Portability (MNP) is the facility for users to switch to any mobile operator in any Licensed Service Area (LSA) of INDIA, while retaining their existing mobile number . Sim card and all services on the mobile connection will change and will be provided by the new operator.”( see http://www.bsnl.in/opencms/bsnl/BSNL/services/mobile/mnp_intro.htm) And how will the customer avail the services for ‘change of port’? The telecommunication regulatory authority of India gives a detailed guidelines regarding this @ http://www.trai.gov.in/WriteReadData/userfiles/file/measuresto%20protectconsumerinterest/Customer_Guide.pdf .

One of the essential eligibility criteria is owning government authorised local residential information. This can be either the voter’s ID card, or the ADHAR card or the PAN card or the Ration Card which may have the local residential address of the customer. In case the customer has shifted from his own home, the requirements must be satisfied with the Rent Agreement, which may show the names of the genuine tenant ( the customer) and the genuine property owner (the house owner). However, in case the customer has shifted his jurisdiction from one city to another, he may necessarily need to show all papers which prove that he has shifted the jurisdiction.

I was fantasising the idea of availing mobile portability system especially because I shifted from one State to another and I was under the impression that I can still “own” the number  without paying roaming charges since mobile number portability also offers for change of geo-location of service area. In short I greedily wanted to localise my number, which has almost become my identity. I applied for mobile number portability only to realise a rude shocking truth. It is nothing but a hypocrisy especially for women who are not ‘single’.

          When one enters a new State he/she  can not be expected to change his/her government authorised identity proofs within one day unless he/she is a government officer who has been transferred from one post to another (you may still need to wait for getting your new id card); and if the person wants to retain the identity proofs because he/she plans to get back to his/her own home state, then it is only the rent agreement which may support his/her claim for ‘authentic identity’.  Most of the times, the house owners would prefer to rent out their properties in the name of the “Karta” (o, common ! forget about the recent judgment which says even women can also be heads of families. In such situations, Karta always denotes male heads of families) and not the “Katri”(women heads or spouses) in case the so called karta wants to be lenient enough to include his wife’s name. The reason is obvious: our society still can’t accept women as equal to men.  As such, if a woman who may or may not be working (I am excluding women  government servants), and who has travelled with her husband  to another State, wishes to avail the ‘digital magic’ called mobile portability system, she may need to rely upon rent agreement and needs her husband’s signature (and in some cases the physical presence as well) for all the formalities, reducing her existence as a mere presence  of the human body without any identity. Practically, she actually may need to denounce her ‘ownership’ over the digital identity and phone number that would be allotted to the new subscriber, i.e., her husband.  I really wonder, then what is the necessity of workplace identity cards, the biometrics and the (numbness of the) ADHAR number uniqueness if these are not needed  for causes such as mobile portability system?   Are women to be considered as fugitive criminals if their existing new workplace identity cards, unchanged passports or ADHAR cards do not match with the new residential information ? what may be other unique grounds to deny women the right to avail mobile portability system when they are otherwise eligible ? It is unfortunate to note that examples of terrorism or antisocial activities carried on with the cyber aide had lead to create some policies which do not support the concept of gender equality always.  No matter how much loving and supporting the husband may be, the rules will  always be the rules and the service provider  company would always remain ‘unanswerable’ to the wife or the dependant woman (in case she is the mother or daughter or sister of the man) even if she is highly qualified professional.

The dirty dark secret behind the glaring concept of mobile portability system: gender equality and gender empowerment remains an unanswered question as ever.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2016), “Why mobile number  portability services may prove to be an absolute hypocrisy for women?  A dirty dark secret “published in http://debaraticyberspace.blogspot.com/   on 02.09.2016

Puberty photography: Are we sexualising our young girls?

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

Menstruation is a phase that every woman has to undergo no matter whether it gives her pleasant or unpleasant experiences.  For most Indian girls who are in periods, the experience may not be pleasant one. Even though it is actually a biological purification of reproduction system, socially the girl in puberty may be considered as un-pure.  She may be treated like a secluded dirty living creature. I would not have believed this until the day I saw a woman in her 30’s standing in her own portico in a hot summer afternoon. When asked as why she was standing in the hot sun, her answer was, ‘I have my periods’.  Against such social taboos, several activists have taken out vigorous campaigns, amongst which #HappyToBleed is foremost which was created to spread awareness about menstrual hygiene and also a protest against  restrictions on menstruating women to enter specific  temples . While I support such move towards creation of awareness regarding menstruation, my concern lies with a separate issue. Some societies in India celebrate the puberty of girls in special ways. Most mentionable of this is the south Indian culture of celebrating puberty. Several sociologists may provide explanations as why this particular occasion is celebrated with such pomp and gaiety.  The common ritual that is followed throughout the day ( a specific day is fixed after the girl ends her very first 4 days of menstruation), involves special pujas and  showering the girl with gifts , bathing of the girl with water mixed with herbs, feeding the girl with nutritious meals including fresh vegetables and fruits, adorning her with new clothes and ornaments which may symbolise that she is no more a little girl, but has “attended age” for reproduction, followed by a feast for relatives and friends. When I was invited for a puberty function for the first time, I was confused as what to gift; I carefully chose a Whisper packet and wrapped it in a gift pack, thinking this would be an ideal gift for the girl who has started her menstrual cycle for the very first time. But later, I was told that the right gift would be a  simple flower “gajra” for decorating her hair and a box of sweets. Stuffs like a pack of sanitary napkins or awareness materials including books or CDs on menstrual hygiene are not included as parts of gifts from women invitees except when the woman concerned is the girl’s mother or own aunt (but this may be a rare occasion).   Strangely enough, many families pay very less attention to make the girl as well as other female children aware of menstrual hygiene, even though this occasion could very well be used for this.  Some even call this as “pre-wedding ceremony” since in earlier times such ceremony would involve an implied announcement that the girl is ready for marriage. Some families lavishly spend for these ceremonies. However, notably, while this is a common cultural practice in south India, celebrating puberty in such a fashion would not be seen in some other parts of India including eastern India or northern India.  This puberty function is necessarily accompanied with something called “puberty function photography”. Some families, who can afford to hire professional photographers, document the whole ceremony. Several families have also created YouTube videos of these ceremonies.

While this is a completely  family affair and may be this could be taken as a positive note against menstruation taboo, one must also consider the other side of the coin. Many girls may not like the whole ceremony of publicising their biological developments. Some may not even like to be photographed as the “puberty girl”.  Some of the girls with whom I had interacted on this issue, told me that they felt extremely awkward because they felt that they were being sexually objectified. That is because the occasion is not a birthday or a wedding reception, but something which is “privately hers”.  What is most embarrassing for most of these girls is being photographed as a “puberty girl” by young boys who may be brothers or brother’s friends. These boys who may be in their pre adolescent age or in adolescence, may not have awareness about puberty. But the ceremony may only make them understand that the girl is ‘sexually ready’. I felt really sad when I saw a young girl in the midst of her puberty ceremony pleading with her brother and cousins to stop objectifying her and   shut the camera off. It was clear: may be the boys were clicking her to make their own albums of “puberty girl” to be shared later with family and friends, the girl could definitely understand that  she was being marked for her biological, rather sexual changes and she did not wish to be photographed for that particular occasion.

Does such photography have really anything to do with sexually objectifying a young girl? I have two contradictory opinions: if awareness campaigns like the #HappyToBleed campaign can create positive awareness about menstruation and can get good response from men, then why not publicise puberty photography? This can be used to spread awareness about puberty and reproduction among children in a very child-friendly way. But at the same time, I must say, our society is still not ready to handle progressive thoughts about menstruation of women and girls. There are umpteen examples of online harassment of women and girls by misusing their photographs. Amateur puberty photography of young girls (especially on occasions of ceremonial bath in their wet clothes) may attract unwanted attention from harassers who may make unethical use of such images.  The photographs or video clippings may also attract sexist comments from strangers if the said photographs or videos are made open for public viewing.  In such situations, instead of happy memories for a special occasion, the images may bring  huge trauma to the girl in question. Added with it, if the parents and family members of the victim are not aware of cyber ethics, the girl may face great hardships even for socialising with her friends through digital communication mediums or even for continuing her studies because no one would like to lodge a police complaint on these images . Even if some one does, he/she may have to face upheal task to make the concerned  police officer (in case he/she is unaware of the nuances of online victimisation, sexually objectifying remarks and laws regarding this) understand  what makes the offence and why.

I feel instead of encouraging the children to have a hand on amateur photography during the puberty ceremony, the families should consider teaching the children about menstrual hygiene and  role of puberty in every one’s life. Then comes the issue of teaching cyber etiquettes as what should be photographed, how the girl should be photographed and why it is necessary to take her consent before clicking her and also before uploading her images as “puberty girl”.  If the puberty function is arranged in this manner, I am sure, children may not only be made aware of reproduction, menstrual hygiene and sexuality through the unique learning method, they may also become crusaders against online victimisation of women and girls.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2016), “Puberty photography: are we sexualising our girls?” 6^th June, 2016, published in http://debaraticyberspace.blogspot.com/

WhatsApp encryptions: Does it really protect women and children from cyber crimes ?

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

Couple of days ago hundreds of WhatsApp user may have come across a small message with each of the messages that they may have received from their Whatsapp friends : the message indicated that from now onwards except the sender and the receiver, no one (not even WhatsApp) would be able to decrypt any message that is encrypted from end to end. A simple meaning of this is, when I send a message to one of my friends in WhatsApp, the algorithm key that I am using to encrypt my message can not be ‘opened’/translated/seen/understood /accessed by anyone other than that particular friend to whom the message is intended for and sent to. The sender may understand whether her message has been delivered to the intended recipient by seeing the double ‘tick’ sign and once they are blue in colour, the sender may assume that the message has been actually seen and read by the recipient. WhatsApp in its own version says “WhatsApp's end-to-end encryption is available when you and the people you message use the latest versions of our app. Many messaging apps only encrypt messages between you and them, but WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.” (https://www.whatsapp.com/security/). And how would we know whether the message is encrypted or not? Whatsapp says :

“To verify that a chat is end-to-end encrypted

Open the chat.

Tap on the name of the contact or group to open the contact info/group info screen.

Tap Encryption to view the QR code and 60-digit number.

If you and your contact are physically next to each other, one of you can scan the other's QR code or visually compare the 60-digit number. If you scan the QR code, and the code is indeed the same, a green checkmark will appear. Since they match, you can be sure no one is intercepting your messages or calls.If the codes do not match, it's likely you're scanning the code of a different contact, or a different phone number. If your contact has recently reinstalled WhatsApp, or switched devices, we recommend you refresh the code by sending them a new message and then scanning the code.” (https://www.whatsapp.com/faq/en/general/28030015)

So what does it mean? A secured conversation? Respite from hackers? No disturbance from unknown persons? By now, internet has been flooded with write-ups, analysis and discussions on whether the encryption policy of WhatsApp is good or bad for its subscribers. Some says it was indeed needed because it would save subscribers from unwanted government surveillances, hackers and unethical profit makers who see internet as a place for easily available images which may be ‘sold’ to the porn market. Some opine that this encryption policy would make it impossible for the police to help the victims of cyber crimes including women and children.  Before beginning any discussion on this, we must understand about encryption and decryption policies that is the centre of issues here. Encryption ( which means converting a data into codes which can not be simply intercepted ) is a necessary part of every internet/digital communication system  and  encryption policies may be framed based on the laws of the hosting nation (of the web company) and  the company policies which is enabling such services. India does not have any specific Rules regarding encryption policies under the Information Technology Act, 2000(amended in 2008), even though S.84A of the Act authorises the government to implement Rules regarding this. Encryption is not complete without decryption which is a process of opening such encrypted data. Every data which is encrypted, must necessarily have the right ‘keys’ to be decrypted, otherwise the intention behind encrypting a data would have no meaning. Decryption however is defined by Information Technology (Procedure and safeguards for interception, monitoring and decryption of information) Rules, 2009  created under S.69 of the Information Technology Act, 2000(amended in 2008). It needs to be noted that decryption policies are also generally guided by the laws of the hosting country. But at the same time, each web company must necessarily abide by the laws of the place of ‘business’ as well. This means that even if a web company has its own policies regarding encryption to provide extra security to its subscribers, it must abide by the laws of the land of the subscribers to enable the government for legitimate surveillance and also  for tackling online crimes. We now know that WhatsApp is now the most chosen medium to generate messages or spread messages /text/images (including those which are ‘illegal’). Often in cases of civil/political unrest, one may note that the police administration may suggest for complete blockage of messaging services like WhatsApp. This again falls under S.69A of the information Technology Act,2000(amended in 2008) which authorises the government to issue direction for blocking for public access of any information through any computer resource.

But when it comes to crimes against women and children, I see no positive development even after creating such extra layer of security.  There are instances of approaching women in their private whatsapp numbers for harassing them, accessing private photographs (already available in other social media and circulating them either ‘as it is’ or the morphed version of the same, threatening and blackmailing women with such images etc. What is more disturbing is, even after the encryption policies are rolled out by WhatsApp, no attempt has been taken to initiate a proper reporting mechanism. In the recently held UNICEF India meeting on expert consultation of online child safety, I had expressed my concern in this regard as well. At the most what an offended subscriber can do, is to block the harassing ‘number’ and leave a group if he/she is added to it without his/her consent. The harassing WhatsApp profile may still stay at large with the private images and information of the victim to upload them in other social media including YouTube or adult sites. Similarly, if not blocked, the harassing profile may continue to send bullying, derogatory, demeaning, insulting messages to the victim ‘uninterruptedly’. So what is the use of encryption policy then? It actually provides a half baked solution, i.e, protection against hacking. It may probably encourage more sexting because such images and messages may stay comfortably and permanently with the sender and the recipient only. But again, if there is a case of jilted love affair, no one, not even WhatsApp encryption policies may prevent possible creation of revenge porn materials on the same platform and also on the web. But here one must not be misguided by the fact that in such cases, the police would not be able to help nab the criminal due to encryption policies of WhatsApp. In such situations again, the law takes the same course of action as is the case for any other social media crimes against women, with off course limitations when the harasser is situated outside the jurisdiction of India, even though Information technology Act has extra jurisdictional scopes as well. 

          It is however unfortunate to note that unlike several EU countries and Canada, our courts and government are unable to take strong actions against the web companies who are not complying with the local laws in matters of assisting the governments and criminal justice machineries to nab the criminal or in the investigation. There are lots of techno-legal  issues which needs to be settled to achieve this in India, which includes proper training to the police, the lawyers and the judges. We have highest number of subscribers for WhatsApp, but awareness regarding safety issues is almost nil. Unless subscribers are made aware of the positive and negative sides of the technology that they are using, no policy, including this encryption policy may help reducing crimes online.

Let us spread awareness rather than defamatory ‘viral news’.  Lets join hands to stop cyber crimes against women.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2016), “WhatsApp encryptions:  does it really protect  women and children from cyber crimes?”24^th April, 2016, published in http://debaraticyberspace.blogspot.com/