Too many carbs are no longer not only bad for our health, but also cyber security. Today, the entire Domino’s DB has been exposed and is circulating widely. We are intentionally *not* linking to it since it exposes sensitive personal data. 1/n #SaveOurPrivacy
Such data breaches put you to immense risk. They create threat vectors for financial cyber crimes and also ID fraud. What makes this worse, is the seeming inaction and acknowledgment by data processors who we trust with out personal data. 2/n
Immediate government response is of considerable concern given that there is inaction by @IndianCERT & @GoI_MeitY despite regular and persistent requests by us investigate, provide guidance and lay out a framework for notifications to impacted victims. We urge them to act! 3/n
@IndianCERT@GoI_MeitY We will act in the instance as well next week. But our past experience has met with inaction on data breaches by technology companies and the public sector. You can explore more of our detailed representations here. 4/n internetfreedom.in/tag/breaches/
@IndianCERT@GoI_MeitY The draft data protection law makes bad choices on incident reporting and response. Why? Does not shield data security researchers who uncover & report exploits to fix them. Second, the companies are not under any obligation to notify victims. 5/n saveourprivacy.in/media/all/Brie…
@IndianCERT@GoI_MeitY What can you do? Start following IFF's monthly cyber security guides by @faultyatom. Also, follow explainer videos on our YouTube Channel. Remember, cyber security is the practice of safety. You must start taking steps today! 6/6 internetfreedom.in/launching-cybe…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
India's State surveillance mechanism hinges on two facts:
1. The government and law enforcement administer a wide range of surveillance projects on citizens.
2. Several provisions under the law empower the State to engage in surveillance.
Now, let's look at data bill. 2/n
1. Under the Data Protection Bill, Clause 35 enables the Central Government to exempt, by order, ANY agency of the government from ANY provision of the Bill, in the interest of reasons such as national security. Remember - these provisions exist to protect your data.
3/n
Tomorrow, May 25, is the deadline for significant social media intermediaries like FB, Twitter, and Instagram to comply with new obligations under the IT Rules. If you use social media, pay attention- here's how this will roll out. 1/n internetfreedom.in/pound-the-alar…
On Feb 25, @GoI_MeitY and @MIB_India issued the contentious and undemocratic IT Rules, 2021. At least 6 writ petitions have been filed before 3 HCs challenging them. We provided legal assistance to @LiveLawIndia in their challenge before Kerala HC. 2/n internetfreedom.in/intermediaries…
First, what is a social media intermediary?
SM platforms don't generate content - you do. They are simply intermediaries who host it. This distinction helps them avoid liability for your content.
Significant SMIs have >50 lakh users and more compliances than regular SMIs. 3/n
IT Act 2000, Blocking Rules 2009, Art 19(1)(a), Art 19(2) - none of these allow @GoI_MeitY to request en masse removal of the phrase 'Indian Variant' OR prohibit Twitter's use of the manipulated media tag. We wrote to MeitY about this today. Thread. 1/n internetfreedom.in/meity-asks-soc…
MeitY has issued two letters requesting
(a) all social media platforms to take down content referring to an Indian variant of COVID, and
(b) Twitter to remove the manipulated media tag on tweets by political leaders.
We have several concerns regarding this as outlined below.
2/n
Let's look at the letter on the Indian variant - neither Section 69A of the IT Act nor the 2009 Blocking Rules empower MeitY to request SM platforms for *en masse* content removal. This vague, overbroad request also violates Article 19(1)(a) i.e. freedom of speech, because...
3/n
We are filing RTIs seeking further information under which provision of law are such directions being issued by the Government of India. Further updates will follow.
Update : We have filed RTIs with the relevant government ministries. We will be monitoring @lumendatabase. Government censorship needs to be anchored in a legal power, that is exercised with transparency. To determine legality & safeguard public’s right to receive information.
Further: Our democratic system relies on a system of laws that are constitutionally consistent. Hence, it becomes vital as per the Hon’ble Supreme Court’s judgement in the Shreya Singhal case for directions by a Court or Government of India to be within prescribed jurisdiction.
#DataProtectionTop10
Part 6 of our series on the Personal Data Protection Bill focuses on data localisation. What happens to the Internet's open nature? How does the Government decide which data is restricted? How is your privacy affected? A thread. 1/n internetfreedom.in/dataprotection…
There are two kinds of personal data with location restrictions:
a. sensitive
b. critical
As per Clause 33, when sensitive personal data is transferred outside India with explicit consent, a copy of such data shall continue to be stored in India. This is data mirroring.
2/n
However, critical personal data is strictly localised, and may be stored and processed only in India. It may be transferred only for prompt actions, or if the Central Govt. decides at its discretion that it doesn't affect State security and strategic interests (Clause 34). 3/n
RTI update: IFF has received a copy of the MoU between @AgriGoI and @MicrosoftIndia for a pilot project in 100 villages. It appears to propose that farmer’s data will be used for identity authentication and mentions a data sharing agreement. Thread! 1/n internetfreedom.in/revealed-minis…
The Agri Ministry signed an MoU with Microsoft for a pilot project in 100 villages in 6 states, so as "to develop farmer interface for smart and well-organized agriculture, including post-harvest management and distribution". See for background: 2/n
Our joint letter with 55 organisations to the Agri Minister emphasised concerns such as exploitation of farmers by procurers, reduced agency on the part of farmers, and inadequate land records. The MoU's analysis has laid these issues bare. 3/n internetfreedom.in/joint-letter-t…