I have been asked why there has been little activity on this site off late. Are all the problems related to the perceived threat of the Internet as a medium in India over? Have the laws and the method of functioning of the CERT-IN changed to reflect a greater understanding and respect for democratic processes?

Far from it!

In September of 2006 I returned to the UK to puruse a PhD program . I have been caught up in the process of settling down and setting the groundwork my PhD, which happens to be a technical nature, rather than something related to understanding and influencing policy making and the like.

This does not mean that this site will be allowed to die a slow death. In fact, I renewed my contract with my web host for a further 24 months, yesterday.

I also intend to use my time in the UK to find avenues to take this little cause further. I am painfully aware that I am a small fish in the sea of activism and I don't really know what impact my efforts have had so far. I know there are many others who are individually and in groups doing their bit for similar causes. I hope to utilize my time here to better collect and galvanize ideas and put them into action.

A few days after the Mumbai blasts, lawyers landed up on the doors of the victims who were injured and the doors of families of those deceased offering their services in following up the often complicated documentations to obtain compensations, for a cut.

Such a practice is very common in the US, where the lawyers are called Ambulance chasers. They are known to have informers in hospitals and neighbourhoods who inform them about people who have had accidents and approach them offering to sue for a cut!

What makes the Indian case different is that some of the lawyers when questioned said that they had obtained the data from the offices of the state government!

This just another example of the utter lack of data protection principles in our government agencies. While the threat may still be a little obscure, it will perhaps become more evident when offices land up leaking the information to thugs who could use it for intimidation and extortion.

Sriramkrishnan Srinivasan

Last month two important events played out. The Mumbai blasts that outlined the need for greater security for out cities and our people. Undoubtedly there is a need for greater security - there is a need for CCTV's in important and sensitive locations with guidelines on their monitoring, usage and backup. There is a need for an enlightened policy of checks and balances regarding luggage in our stations and airports. Many more things are needs, however what is not needed is arbitrary censorship and blanket bans like that unleashed by the CERT-IN almost simultaneously.

In its second wave of Internet censorship the CERT-IN banned 18 very arbitrarily chosen sites decided by some ad-hoc body of bureaucrats without any public consensus. The usual noises were made by the political mandarins about how the ban was important for the security of India and futile attempts were made to hoist the blasts as an example.

Thankfully this time around, the issue was not as silent as the first instance of the Yahoo Groups Ban. The media picked it up and bloggers co-ordinated a wave of online protests that lead to discussions on the net, TV and the newspapers. This led to the bans being silently withdrawn ( or perhaps implemented in a more correct fashion to cover just the 18 sites and not all of blog world)

While most of the blog world is now accessible, it is still unclear what the exact state or view of the establishment on the ban is. Sadly politicians and bureaucrats made calls for more censorship and for monitoring of online content on "all" blogs and online forums! It is very evident that those who made these noises have little if any knowledge of the nature of the medium. ( I personally feel that the feudal mentality of the establishment in this country is a major deterrent to the future of this country. However this is not a forum to discuss that )

I have been writing about this kind of short sightedness on the part of our political and bureaucratic establishment ( and to a large extent our people in general) time and again. It is unfortunate that where Information Security policies are needed acutely, the correct noises never seem to be made and concrete steps are never made.

These include but are not to limited to

• Protection of citizen's data in various government agencies ranging from passport offices to land record offices. As an example, we hear time and again of documents stolen from land records offices and manipulated.
• Protection of customer data by all companies providing services to customers and handling their data. Indian companies are routinely guilty of misusing customer data, by passing on data to sister concerns or selling them to third parties so that they can solicit business through unsolicited promotional calls.

It is frustrating to see that even the biggest organizations and banks like HSBC and Citibank that otherwise have comprehensive Data Protection and Fair Data Use statements in their other areas of operation like the UK and the US have no such statements in India for the benefit of their customers here and are among the biggest culprits when it comes to data misuse.

It is clear that self regulation as routinely advocated will never work. Strict laws and penalties are the only way to ensure that both government agencies and corporates handle data fairly because cultivating such a mindset is an expensive process.

Such processes can be made business enablers in a situation where customers take their business to companies that provide guarantees of data protection, privacy and fair use, but such a mindset does not exist among the Indian masses and must be cultivated simultaneously as well.

It is clear that there are many areas that need enlightened Information Security policies as I have highlighted. Among these the areas of Data Protection, Fair Use of Data and Protection of Customer's Privacy are the most prominent and also the most ignored.

The areas that are the most short sighted and counter-productive are Internet censorship and electronic monitoring of communication, without proper checks and balances that unfortunately are being given the most attention.

The former areas that are ignored, enforce our democratic principles while the latter that are being propagated weaken them greatly. Is this a sign of the mindset of our citizens and establishment? This is a question we must ask ourselves today, the 15th of August, India's Independence day. Do we want to be a country where we have enlightened policies that may of course be difficult to implement, but which enforce the rights of the people, or do we want to have short sighted policies that erode our fundamental rights and principles because they "seem" to be the easier way out? This is probably the most important question that India needs to answer today.

On the 24th of May, The Kolkata edition of The Telegraph carried a story about a woman arrested for selling sex on the internet

Interestingly the woman is booked under the IT act of India because "she used the Internet to sell sexual services" and "if proved guilty faces upto five years in jail"!!

I have been writing about misuse of the IT act for sometime now. The point is that the crime here is the soliciting of sex and not the use of the Internet. The woman should be booked under the relevant articles relating to the soliciting of sex, which is illegal in India ( prostitution is not) first and under the IT act only as a rider.

In India where the average police inspector knows little about technology, an act like the IT act will only be subject to misuse especially when guidelines as to when and where it should be applied are so scant. One hopes that when such cases go to court, the judiciary will shed appropriate light.