Dominos, UpStox, MobiKwik, Facebook, Air India - India's deluge of data breaches shows no sign of stopping.
Today, we want to explain to you why our legal system is not equipped to deal with this situation, and what needs to change. 1/n internetfreedom.in/our-recommenda…
The rising data breaches in India threaten your safety. Not only do they make your personal information available for anyone on the internet for nefarious uses, their economic impact is tremendous. One IBM study shows that the average breach in India costs Rs 14 crore. 2/n
As per the Constitution, IT Act, and common law, data fiduciaries (i.e. companies like Dominos and MobiKwik) who face breaches have a legal obligation to ensure that the personal data in their custody - like your name and address - is safeguarded.
But what's the reality? ->
3/n
a. There is no actual legal obligation on such companies to notify you in case a data breach occurs.
While Air India did send across a notification to its customers, MobiKwik chose not to engage at all.
(India needs to consider a Communicate-Comply-Investigate process.)
4/n
b. The IT Act provides compensation for negligent handling of *sensitive* data.
But this only includes your passwords, finances, sexual orientation, medical records, and biometrics.
There is no such redressal if your name, email, address or passport details are breached!
5/n
c. When breaches take place, proper investigations are not conducted to enable you to claim compensation under the IT Act.
In recent times, @IndianCERT only issued an advisory to Facebook for its breach. W.r.t. other breaches, it is unclear if CERT-IN took any steps.
6/n
d. The redressal mechanism is inadequate.
MEITY appoints officers in each state to determine violations under the IT Act. But in cases where data in the custody of the Government is breached (e.g. Air India), there are questions over the independence of these officers.
7/n
So what does this mean? There is always a high and consistent possibility of violation of law by data fiduciaries in whose custody data was breached. And the existing legal regime has several lacunae that can be exploited. You, the user, are primarily affected by this.
8/n
There are several solutions that can be easily and tangibly implemented to protect your rights. We wrote to @IndianCERT in March and April about them and we've written to @GoI_MeitY@IndianCERT@airindiain with our recommendations and analysis again today. 9/n
We have affixed recommendations by @Banbreach in reference to the Air India breach, and are thankful to Mr Kar for providing his insights.
Security researchers, reach us on policy@internetfreedom.in and legal@internetfreedom.in for further assistance!
10/n
Our team is working hard to make sure that India's data protection regime centers YOU and your rights.
Just in: Renowned musician and activist @tmkrishna challenged the IT Rules before the Madras High Court. IFF filed a writ petition on his behalf.
Today, the court has issued notice and given the government 3 weeks to file its counter affidavit. 1/n internetfreedom.in/madras-high-co…
The new, unconstitutional IT Rules seek to increase government regulation over social media, OTT, and digital news platforms. They have been challenged before other High Courts including Kerala HC where we represented @LiveLawIndia in their petition. 2/n internetfreedom.in/kerala-hc-gran…
TM Krishna's petition challenges the IT Rules on 5 major grounds: they violate the fundamental rights to freedom of speech, to practice any profession, and to privacy. They are arbitrary and suffer from excessive delegation, and are ultra vires the IT Act, 2000.
3/n
So a master thread if you really want to understand it in depth.
Right before they were to be released we got advance copy of the draft and dissected it first. We cautioned how they are just plain terrible. 1/n internetfreedom.in/latest-draft-i…
That very day on Feb. 25 the #ITrules were notified *sigh*. There were some minor tweaks which made them worse! We use these words carefully, these rules are undemocratic & unconstitutional. They erode you free speech and privacy. How? Click below. 2/n internetfreedom.in/intermediaries…
Many people are talking about WhatsApp’s case but the first sector which took #ITRules to court were digital news publishers like @LiveLawIndia. Why? It put them directly under the control of the Ministry for I&B. We assisted in a court challenge! 3/n internetfreedom.in/kerala-hc-gran…
When asked who funds us and whom we represent, our answer is easy - "the people of India!" Become an IFF member to join us in safeguarding online freedoms resisting surveillance to secure YOUR digital rights. Sign up for our membership and amplify: internetfreedom.in/donate/ 1/n
Our salaries depend on your donations. We also acquire tech support, work on policy interventions and strategic litigation, and promote digital literacy with public funding. Contribute to the ongoing strategic litigation fundraiser here: 2/n internetfreedom.in/fund-iffs-stra…
We rely on the support of our members who donate to us on a monthly basis, as our members are the core of our work ethos and funding culture. Our membership tiers start as low as Rs.100 up to Rs.2000 per month. As we sustain your digital rights, 300 members sustain our work! 3/n
We're back with the 2nd edition of Cybersec Charcha! We are taking a deep-dive into the booming and unregulated ransomware industry. We explore what a ransomware attack means and the dangerous, real-world consequences these attacks continue to have. 1/n internetfreedom.in/cybersec-charc…
Ransomware attacks typically infect the computer with malicious software, often downloaded by clicking on untrustworthy links on the internet. Users are locked out of their systems, with the demand that a ransom be paid for restoration of functions. 2/n toolbox.com/it-security/vu…
The ransom can be as hefty as 5 million USD (75 bitcoin), which Colonial Pipeline, an oil transport company, paid to the 'DarkSide' ransomware group. They hacked the company's business networks around May, leading to fuel supply disruptions in the US. 3/n bloomberg.com/news/articles/…
#Webinar
IFF and @AshaKisanSwaraj are hosting a webinar "Understanding the Government's Digital Push in Agriculture". We'll be analysing the #AgriStack and the impact of privacy erosion on farmers’ lives. Join us at 3 pm on 28th May, Friday!
Register: tinyurl.com/Event-On-Agri-… 1/n
The Government has begun increasing digitisation in agriculture. The thrust seems to be to develop #AgriStack, a platform which has data about farmers integrated from various sources. In this webinar, we seek to better understand what exactly the implications might be.
2/n
#Fundraiser
We're completely public-funded, so your support sustains us as we try to safeguard your digital rights. We're hosting a fundraiser to grow the litigators digital rights network. Its aim is to expand our strategic litigation resources. 1/n internetfreedom.in/fund-iffs-stra…
We want to be able to provide legal assistance to groups requesting for specific help, as we strategically engage with courts & other legal institutions to defend our fundamental rights. Through the fundraiser, we hope to cover the annual salary of 1 litigation team member. 2/n
Recent instances of our work include - providing legal assistance to @LiveLawIndia (on IT Rules), @FFFIndia (facing website blocking) & supporting journalist bodies in multiple rounds of litigation on internet blockade in Jammu & Kashmir, etc. See: 3/n internetfreedom.in/legal