I have been asked why there has been little activity on this site off late. Are all the problems related to the perceived threat of the Internet as a medium in India over? Have the laws and the method of functioning of the CERT-IN changed to reflect a greater understanding and respect for democratic processes?

Far from it!

In September of 2006 I returned to the UK to puruse a PhD program . I have been caught up in the process of settling down and setting the groundwork my PhD, which happens to be a technical nature, rather than something related to understanding and influencing policy making and the like.

This does not mean that this site will be allowed to die a slow death. In fact, I renewed my contract with my web host for a further 24 months, yesterday.

I also intend to use my time in the UK to find avenues to take this little cause further. I am painfully aware that I am a small fish in the sea of activism and I don't really know what impact my efforts have had so far. I know there are many others who are individually and in groups doing their bit for similar causes. I hope to utilize my time here to better collect and galvanize ideas and put them into action.

Last month two important events played out. The Mumbai blasts that outlined the need for greater security for out cities and our people. Undoubtedly there is a need for greater security - there is a need for CCTV's in important and sensitive locations with guidelines on their monitoring, usage and backup. There is a need for an enlightened policy of checks and balances regarding luggage in our stations and airports. Many more things are needs, however what is not needed is arbitrary censorship and blanket bans like that unleashed by the CERT-IN almost simultaneously.

In its second wave of Internet censorship the CERT-IN banned 18 very arbitrarily chosen sites decided by some ad-hoc body of bureaucrats without any public consensus. The usual noises were made by the political mandarins about how the ban was important for the security of India and futile attempts were made to hoist the blasts as an example.

Thankfully this time around, the issue was not as silent as the first instance of the Yahoo Groups Ban. The media picked it up and bloggers co-ordinated a wave of online protests that lead to discussions on the net, TV and the newspapers. This led to the bans being silently withdrawn ( or perhaps implemented in a more correct fashion to cover just the 18 sites and not all of blog world)

While most of the blog world is now accessible, it is still unclear what the exact state or view of the establishment on the ban is. Sadly politicians and bureaucrats made calls for more censorship and for monitoring of online content on "all" blogs and online forums! It is very evident that those who made these noises have little if any knowledge of the nature of the medium. ( I personally feel that the feudal mentality of the establishment in this country is a major deterrent to the future of this country. However this is not a forum to discuss that )

I have been writing about this kind of short sightedness on the part of our political and bureaucratic establishment ( and to a large extent our people in general) time and again. It is unfortunate that where Information Security policies are needed acutely, the correct noises never seem to be made and concrete steps are never made.

These include but are not to limited to

• Protection of citizen's data in various government agencies ranging from passport offices to land record offices. As an example, we hear time and again of documents stolen from land records offices and manipulated.
• Protection of customer data by all companies providing services to customers and handling their data. Indian companies are routinely guilty of misusing customer data, by passing on data to sister concerns or selling them to third parties so that they can solicit business through unsolicited promotional calls.

It is frustrating to see that even the biggest organizations and banks like HSBC and Citibank that otherwise have comprehensive Data Protection and Fair Data Use statements in their other areas of operation like the UK and the US have no such statements in India for the benefit of their customers here and are among the biggest culprits when it comes to data misuse.

It is clear that self regulation as routinely advocated will never work. Strict laws and penalties are the only way to ensure that both government agencies and corporates handle data fairly because cultivating such a mindset is an expensive process.

Such processes can be made business enablers in a situation where customers take their business to companies that provide guarantees of data protection, privacy and fair use, but such a mindset does not exist among the Indian masses and must be cultivated simultaneously as well.

It is clear that there are many areas that need enlightened Information Security policies as I have highlighted. Among these the areas of Data Protection, Fair Use of Data and Protection of Customer's Privacy are the most prominent and also the most ignored.

The areas that are the most short sighted and counter-productive are Internet censorship and electronic monitoring of communication, without proper checks and balances that unfortunately are being given the most attention.

The former areas that are ignored, enforce our democratic principles while the latter that are being propagated weaken them greatly. Is this a sign of the mindset of our citizens and establishment? This is a question we must ask ourselves today, the 15th of August, India's Independence day. Do we want to be a country where we have enlightened policies that may of course be difficult to implement, but which enforce the rights of the people, or do we want to have short sighted policies that erode our fundamental rights and principles because they "seem" to be the easier way out? This is probably the most important question that India needs to answer today.

The fact that High Tech crime has surely penetrated the halls of the intelligence agencies in India can be gauged from these recent happenings that have surprisingly not generated as much heat as they should ideally have. What is most disturbing is that the units under scrutiny are the ones that are meant to prevent such incidents from happening in the first place and the entire nations security depends on their probity.

Brigadier Ujjwal Dasgupta's residence was raided and his files and computer seized. Ujjwal who is RAW’s Director for Computers and Training is asked not to return to work.

S. S. Paul, computer systems analyst in the National Security Council Secretariat is arrested and his residence raided.

Mukesh Saini, a navy commander who headed the National Information Security Co-ordination Cell is under scrutiny. Saini, also the Indian coordinator of the Indo-US Cyber Security Forum is being implicated for leaking information to his US counterparts.

The US side of the operations was apparently headed by the Third Secretary in the US Embassy, Rosanne Minchew who was also associated with the Indo-US Cyber Crime forum. Minchew is understood to be on leave and has left India a few weeks ago. The US embassy, has refused to comment on the matter.

With the recent bomb blasts in Mumbai and the recurring incidents of violence all over the country, analysts are crying foul over intelligence failure. How much of this failure in intelligence is due to the failure of the Intelligence agencies themselves remains to be seen.

That espionage is part and parcel of the functioning of world governments is a known fact but it is a matter of deep concern and embarrassment for Indian authorities that an organisation for strategic Indo-US partnership has been successfully used as a cover for a spy ring. One cannot help but wonder how much supposedly "friendly nations" can be trusted in their overtures of friendship given these happenings. In the not too distant past, RAW’s Joint Director Rabinder Singh who was under watch for allegedly spying for the US fled the country, in May 2004, and is now believed to be in the US.

Considering that computers have been used to copy and forward sensitive data and that Pen drives, the nightmare of any security professional have been used to copy large quantities of data off the secretariat computers secretly, I would personally like to see the IT act used for once. Of course the fact that pen drives are allowed into these organizations and are usable the way they have been, points to a severe failure in the functioning policies of these organization.

While analyzing all these incidents, I cannot but comment on the "wisdom" of our law makers when they introduce a draft broadcast bill that contains clauses to muzzle the press against "reports implicating friendly nations". We can only wonder if such laws are meant to contain incidents like these for the sake of the greater partnership.

To my knowledge India is the only country in the world that uses electronic voting machines (EVM). While this is undoubtedly an achievement in that the entire voting process seems to have become more streamlined and hassle free, I would suggest that much study is required to ensure that the system cannot be subverted. An important indicator of the urgency for this study is the fact that no other democracy in the Western world uses EVM's, and they all rely solely on the familiar paper and stamp method. While paper based votes can be subject to localized fraud, EVM fraud can be all pervasive with minimum chance of detection; this calls for urgent and comprehensive study into the security of these machines, in the open domain, given that the fallout of a break in the system cannot be underestimated in the volatile climate of Indian politics.

The machines are made by two public sector undertakings -- Bharat Electronics Limited, Bangalore, and Electronic Corporation of India Ltd, Hyderabad, not entirely free of governmental control. This is not to suggest that the dangers of large scale tampering are not present in case a private company is commissioned, as they may have their own vested interests ; in either case fears of a co ordinated fraud starting at the manufacturing stage of the EVM's themselves are ever present. Politicians and governments the world over, have not been know to be entirely honest in their dealing (sic) either with their citizens or in their dealings with ( and for ) corporates.