The Facebook way of saving “face” : The profile picture guard by Facebook

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

Long back in 2005 when I was newly introduced to a very popular social media “orkut”, I proudly showed off my profile with my own picture  which was clicked during a family wedding. Internet communication technology was new to India and we women were regularly being targeted because of the easy availability of our presence. This was largely due to lack of security in the social media as well as internet. We did not have two step verification for Gmail; Yahoo chat messenger, which was extremely popular during those days, almost made everyone’s personal information that were uploaded for the website, available to anyone who wanted access the user. It was during that period that I learnt about cloning of profiles which were made to harass individuals, especially women. The profiles may not be hacked, may neither be directly accessed by way of sending friends’ request; but the profile pictures may be downloaded and a new profile may be created with the available profile picture and profile information. Way back in 2006-7 I already had several women victims who contacted me for help and guidance. Almost all of them had common problem : harassment by way of creation of fake avatars. I have been part of the feminist movement which vehemently protested making women as ‘sex object’ on internet. Indeed women are made as ‘sex objects’ and they are regularly targeted by  misogynists, perverts and online traffickers who may selectively pick up women and girls by seeing their profiles, profile pictures and shadowing their online activities.

Let me go back to my own experiences where I received the first harassing comment (which was not stalking, neither resulted due to hacking) which was plainly nothing but ‘bullying’. My first profile picture in Orkut received a remark which mocked at my supposedly ‘over made-up   face’ and ‘blood red lipstick’. I knew this was just the beginning and if reciprocated, the bully may be extremely provoked to reply back. But this was not the first and last incident. I have received various negative comments, I have had my own period of being victim of a female stalker who monitored me and did send defamatory mails about me to my husband and again I had noticed several attempts to open Facebook accounts with my name and email ids. The later was detected and prevented by me because I never neglect the security messages sent by websites in my mails.

In my research I have seen that often the police and lawyers refuse to help the women victims and start the blame game. This is because they may not be aware of the mechanism to help and counsel the victims. In my opinion, websites must also be made responsible for third party victimization of women especially when the genuine reports of violation fail to move the websites.   However, the websites concerned, may constantly develop safety policy guidelines for users to make the users take self prevention mechanisms. I have been part of Facebook women safety program for quite some times now.  I continue to demand for more liability on the part of the websites especially for women and this time my concern was safety of profile pictures of women.  I was extremely happy to see the developments in the security and policies of Facebook which was introduced in India on 22^nd June, 2017: ‘The profile picture guard’. Every woman must avail this opportunity to safeguard their profile picture since this is the most chosen target of all the images that may be uploaded by a user. The step by step guide to how to use this ‘guard’ is explained by Facebook team @ https://newsroom.fb.com/news/2017/06/giving-people-more-control-over-their-facebook-profile-picture/

However, I understand that it is not the women only, but children are also extremely vulnerable targets of sexual predators. Men are neither excluded. All users must use this facility and it may definitely help to reduce ‘image stealing’ for various malicious purposes including morphing, hacking and creation of fake avatars. But we need to understand that is not the ultimate answer to prevent revenge porn cases. While image of an individual may be saved because Facebook may detect the particular stolen image easily after receiving the report, there is a still remains a lacuna for other photographs which are in the personal albums. We must also note that the website will not suomotu take action for the cloned or stolen images. The victim must report the profile and the concerned profile picture along with the “shielded picture” as evidence.

Its nonetheless a big step in the history of cyber security for women and I congratulate Facebook for taking this initiative. But again, ……… accidents do happen and we need to be stronger to recover.
Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2017), "The Facebook way of saving “face” : The profile picture guard by Facebook”  23rd June, 2017, published in http://debaraticyberspace.blogspot.com

Cyber ransom attack: why lawyers and courts should worry more

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER
When I was a student of undergraduate Law college, we were never sent for internship by colleges, to be more specific, the traditional university –colleges, whose duty was limited to hold classes, yearly(and not semester) examinations and give us the students the degree certificates. Children of lawyers and judges had a smooth path to the courts and to the practice through their parents. Many of us whose parents were not lawyers, used to hang out with these friends to get reference to join other law-firms or lawyers. We juniors had to do a lot of paper work and physical work to retain our jobs: we had to take notes from our seniors, their clients, make files to put the papers in proper sequences, make noted from the books for helping the seniors for next day’s arguments and sit with the stenographer –cum-computer operator to help him understand our illegible handwritings to make notices, petitions, affidavits etc. Most of the times, these computer operators had their own files saved for specific formats. We had to narrate him/her the names of the parties, the case numbers, and special points that may make the case very different from the format stored in there. 90% of these computers were not connected with internet. They were used for file storing only. I doubt way back in 1999-2001 how many government offices had computers used for anything other than file storing. It was mainly for this that the earlier version of our Information Technology Act,2000 did not have specific provisions damaging computer network system or hacking or unauthorised access to the computer through spreading malware etc. This is evident from the modern version of S.43 of the Information Technology Act (which was amended vide Information technology Amendment Act, 2008), which speaks about penalties and compensations for damage to computer, computer system etc. However, these “file storing” computers were prone to get virus attacks by external devices including floppies. We also did have some few personal computers lawyer’s offices which were connected with internet to receive mails, mainly instructions from overseas clients or clients staying in outstation. But these were considered as “luxury” and these lawyers were considered as that special group of lawyers who were “cyber savvy” not because they could produce electronic evidences because at that time mails/messages/ call logs were hardly recognised as proper evidences even though we had the amendment –wave touching the traditional evidence Act as well; but because they could go back to their chambers and see instant communications/instructions  from their clients and were able to bring back some thing called “printed  emails” not as an evidence, but as a reference-note. Quite at this time 9/11 happened in the US and everyone including we the lawyers also suddenly became alert about cyber security. But still, we got to see heavily protected lawyer’s bureaus and desks which contained most confidential data about their clients. It was not the soft copies, but the papers and in some cases, some physical objects like the knife or a piece of cloth etc which used to attract our attention as “sensitive” “confidential” materials which may turn the lives of the clients as well as ours if we assist our seniors in protecting these as best evidences.  With change of time, almost all lawyers became cyber savvy in this way or that especially because we started storing the confidential data of the clients in soft copies. Now, let us understand what is meant by sensitive information which may be considered as part of confidential data. S.3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 defined sensitive personal data as 
 (i) password;
(ii) financial information such as Bank account or credit card or debit card or
other payment instrument details ;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for
providing service; and
(viii) any of the information received under above clauses by body corporate for
processing, stored or processed under lawful contract or otherwise.
But importantly, this definition also includes a third party, i.e., the “body corporate” for providing services. Now, let us check the definition of body corporates which is defined under S.43A of  the Information technology Act, 2000(amended in 2008). It says in explanation (i) "body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities. Very broad interpretation of this may include lawyers as well who may provide professional counselling. 
But without going into the examination of whether lawyers may held responsible as body corporates in the straight sense, I would like to emphasise on the point that lawyers also collect confidential data and they are at risk of  security infringement too. In my recently published writeup “the ransom attack that may make the women cry” published in the WION news @ http://www.wionews.com/south-asia/the-ransom-attack-that-may-make-the-women-cry-15726 I mentioned that every data saver including lawyers may also be at risk for any sort of malware attack. As such, when lawyers store confidential including sensitive data about clients, they must be ethically bound to protect it against any such cyber attack as well. 
Now, we may also need to shift our attention to the courts as store house of data as well.  Presently, courts have widened options for filing of cases or getting access to the judgements or orders by creating court websites which may not only work as a store house of information for millions of justice seekers, but also an information house of millions of lawyers, law students as well as researchers. Unlike lawyers, who may maintain strict confidentiality about the data /information provided by their clients to them for litigation purposes, we often get to see information being exposed in the court websites, especially in cases of judgements. The recent understanding of the courts have however made it mandatory to keep the party’s name confidential when the case is about child sexual abuse or victimisation of women. But still then, the courts play major role in storing confidential data about the litigants, which if exposed, may make the lives and reputation of justice seekers at stake. 
Surprisingly, the Information Technology Act, 2000(amended in 2008) has not emphasised on this issue separately. The chapters including chapter IX which speaks about penalty, compensation and damage to the computer, computer system, network etc, liability to protect the data penality for failure of the same by the body corporate etc, power to adjudicate etc, and chapter XI which speaks about the offences  speaks about liability of the data string houses, individual perpetrators and government stakeholders to intercept etc, but does not specifically mention about categories of service sectors and their liabilities. 
While it has been upheld that lawyers will come under the scope of Consumer protection Act unlike doctors or health sector stake holders like the hospitals or clinics, we must understand that by saying this, we can not escape our moral duties to protect the clients or litigant’s vital information which may be stored with lawyers or digital store houses of the courts. Infact as I mentioned in the write-up mentioned above, each of these sectors including lawyers and courts may be attacked by cyber perpetrators who are now playing a crucial role in “hacxtortion : hacking and extortion” (as was coined by me in the above writeup) of money for giving back the encrypted files. We have already seen that National Health services in the United Kingdom had been badly affected by this ransom malware. It is high time that lawyers, law firms and courts must audit their cyber securities to save the valuable data and take preventive steps against such ransom attack.

How ‘yellow journalism’ and internet is failing the women victims of online harassment and revenge porn

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

Almost a month and half back the whole south India woke up to a rather “juicy news” of “Bhavana” molestation case. She is not “Nirbhaya.” Her name was not given by the any legislator or judge or executive to protect her identity. Bhavana is a Malayalam female cine-star whose real name can be found in Wikipedia and numerous film magazines. She was apparently molested in a moving car by some including her former drivers. As the news report suggests, the perpetrators also took ‘objectionable’ photos of her while the incidence was going on. The news surfaced exactly when I was enjoying the sweet success of publishing my latest article “Celebrities and cyber crimes:an analysis of the victimisation of female film stars on internet” published in Temida: Journal on victimization, human rights and gender Volume 19 • Issue 3-4• 2016 .

We the movie fans often understand that actors or actresses may themselves attract negative publicity by voluntarily getting into troubles or playing the victim card. But in some cases this may not be true. Women actors may face numerous problems, harassment and threats in real life as well as virtually. One of such problem is facing voyeurism and revenge porn almost on daily basis. Some actors turn numb to such harassment as they take these as (negative) part of  their work. Some may reach out to police to show genuine concern. In Bhavana’s case, a minute analysis would show that she was not only physically violated, but also she became a victim of ‘revenge porn’, a term that our laws still do not recognise and tries to cover it up by numerous legal provisions which may not provide  the actual answer. I call it ‘revenge porn’ because once such ‘objectionable’ pictures were taken; it would not take more time to get it  circulated through WhatsApp. These contents may then land in various ports including to the secret sellers of porn clippings and obviously to the XXX rated sites. No one, not even the police may do anything to prevent secondary victimisation of the victim in such cases.

What concerns me more  is publication of her name. S.228-A of the Indian Penal Code prohibits publishing, printing etc  of the name and information of the victim/s who may have been victim of rape or sexual molestation. This protection is brought in to protect the privacy of the victim and more so, to encourage women victims of sexual violence to come up for reporting of crimes without the fear of ‘recognition’ and resultant possible social exclusion. But this provision also has a loose noose : when the victim herself allows to publish her name or identity, this provision will cease to help the victim. We don’t know whether Bhavana herself permitted the reporters to use her name and photograph but I can definitely understand that this has again created a bad example of ‘no identity protection’. Common people who may not be expected to know the pigeon holes of law, would understand a completely different story: reporting would bring media highlight which will destroy the physical and mental   privacy of the victim and her family. But this does not mean that I am ignoring the provisions of S.228-A, IPC. Women victims must also be made aware of this twist of law relating to identity protection. We may expect good and bad results of this: the provision may be misused, women may be able to take a rational decision.

Let us, the civil citizens take a preventive decision to not to spread any offensive videos/still images of women actors even if it may surface as apparently (ugly, unethical movie promo) genuine. Let us respect all women as equal irrespective of their job.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2017), " How ‘yellow journalism’ and internet is failing the women victims of online harassment and revenge porn”  1^st April, 2017, published in http://debaraticyberspace.blogspot.com

Smart cities may not always be Safe cities: Recalling Bangalore incidence

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

On December 20, 2016 I was attending a round table conference  on Smart City, Safe City in Delhi. After the Delhi gang rape case in 2012, every one addressed Delhi as an unsafe city. New apps emerged which would help women in distress to send SOS to their relatives and friends and alert the police. The police force of all metro cities also vowed to ensure safety for women in public places. Not much success though! There were several incidences of rape including gang rape which again and again made us realised that there is a difference between promising and doing. What disturbed me more was sudden increase of rape videos on internet. Rapists and their aides physically violate women and capture the moments to enjoy it later! Or should I say to earn unethical profits out of this? Yes! They earn a good fortune by distributing such videos to various ‘ports’ from where such videos float to many other ports, devices and jurisdictions. I would not have believed that local petty shops earn revenue by selling such videos to young adults and matured teens until one day I came across a news report on this. Presently it is not only the violent rape videos or voyeur honeymoon videos alone which is being consumed by porn addicts; the list has included videos on public place molestation and  kissing and fondling of young lovers at dark places. The Bangalore molestation incident on the 31^st December 2016 night  is also floating in the internet now. Indeed, it has been seen not only by those who wanted to know the reality, but also by porn addicts because this is nothing but a ‘sex video’ or ‘sex clip’ for many. The images show forcefully touching, fondling and trying to kiss women.

Question is who clicks these? Who disseminates these? While I do not deny that many people in the crowd who would have noticed these incidences may have taken pictures of such molestation because we severely lack a proper public place photographing law; I must say these molestation videos have become viral because of the poor surveillance on the work of the surveillance camera as well. On the one hand we thank the media to bring this news in the forefront. But on the other hand, I can’t stop thinking about extreme violation of privacy. What for the surveillance cameras are installed in public places? It is because the police (the so-called 24 hour help lines) could be made aware then and there of what is happening and how it is happening in the public places. Shockingly enough the police took charge after the media highlighted the issue. What more can be gathered from this is, the person who may be monitoring the images captured by the surveillance cameras may wanted to alert the media first and not the police. May be the person in charge would have alerted both the stakeholders, but the failure of the police to take charge of the issue first has not only  violated the right of the victims to speedy justice, but has also revealed a crude joke: privacy of the  sexual assault victims can neither be guaranteed.

          28^th January is celebrated as Data Protection day in many countries including India. On this day 27 years ago Council of Europe opened the Convention for the protection of individuals with regard to automatic processing of personal data for signature by the State parties. India is yet to adopt this convention. India neither has any focused Privacy protection law, even though the provisions relating to protection of privacy are scattered in different legislation.  Ironically the concept of smart city has motivated the creation if several apps and digital policing. But the Bangalore incident again proved that nothing really works ‘smartly’ until stricter implementations of the traditional laws are made.

Stay safe, act safe.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2017), " Smart cities may not always be Safe cities: Recalling Bangalore incidence”  29^th january, 2017, published in http://cybervictims.blogspot.in/