New Delhi: India’s biggest crackdown on websites and blogs hosting hate messages was hobbled by the absence of a policy on cyber security, escalating panic and resulting in an exodus of people belonging to north-eastern states from several cities.
The government initially identified 245 such websites, but could block only 207 of them, saying it couldn’t shut out the other 38 because of technical difficulties. It has identified and is in the process of blocking another 65 such websites. Four people have been arrested.
“This is the first time that cyber crisis of this scale has happened in the country. The(re) was delay in government response by 80 hours to pass directions to intermediaries (like Facebook and Twitter) and telecom service providers on bulk messages,” said cyber law expert and Supreme Court lawyer Pavan Duggal.
“Had the national cyber security been in place, the response from the government would have been better and time bounded.”
Experts say there was delay in government response to pass directions to intermediaries like Facebook and Twitter. Photo: Ramesh Pathania/Mint
A cyber security policy would have defined the roles of all the stakeholders in the crisis, he said. “At present, there was a complete lack of coordination.”
India’s Computer Emergency Response Team (CERT-In) and National Technical Research Organization (NTRO)—the two main agencies fighting cyber crime—are hard-pressed and working overtime to identify websites and blogs carrying messages instigating Muslims against north-eastern people, according to government officials.
Experts blame this on the delay in implementing the cyber security policy that’s meant to define the government’s action on research and development, capacity development and creating a national cyber alert system.
The draft policy circulated last year requires the government to identify the most dangerous classes of cyber security threats to the nation, critical information technology (IT) infrastructure vulnerabilities, and other cyber security problems, and use the findings to develop and implement a coordinated research and development effort focused on the key needs.
Officials in the department of electronics and IT, which is drafting the policy, acknowledged the policy has been delayed as the department was awaiting responses from other stakeholders.
“We have now received the suggestions from every one and are making necessary changes. We will soon approach the cabinet for its approval on the same,” said a government official, who declined to be identified.
CERT-In is tasked with cyber incident prevention and mitigation and NTRO with counter-cyber espionage and surveillance.
Investigators say they have blocked or removed only 60% of the inflammatory content. “Most of these websites were hosted from across the border. Miscreants set up proxy servers in the US, Saudi Arabia and Egypt to target India,” said a home ministry official, who too refused to be identified. “Now we are seeking the help of these two countries (the US and Saudi Arabia) to take appropriate action.”
“Google has informed us that they are ready to cooperate with Indian agencies provided they are approached through legal channels. But our problem is that it takes some 40-45 days to get information,” the official added.
“We have got sufficient evidence,” home minister Sushil Kumar Shinde said outside Parliament on Tuesday.
Neelabh Rai, an independent cyber researcher, holds a different view. “I doubt that it is mostly done from Pakistan as neither the ISI (Inter-Services Intelligence of Pakistan) or terrorist elements have cyber propaganda nor they have requisite capabilities. Our reading is that most of it could have been from within India,” he said.
In India, cases related to cyber crime have increased significantly in the past few years.
According to data complied by the home ministry, 1,791 cases were registered under the IT Act in 2011 against 966 in 2010—an increase of over 85%. Cyber cases under the Indian Penal Code went up by 18.5% in 2011.
The IT Act deals with cases related to incidents like hacking, obscene publication in electronic form and IPC covers offences like false electronic evidence, forgery and counterfeiting. A total of 1,630 people, mostly aged 18-30, were arrested under these laws in 2011.
Meanwhile, people from the North-East have started to return. On Tuesday, three special trains returned to Bangalore with people.
“We have run three special trains from Guwahati, but it would be premature to say that people are returning to their work places,” a railways spokesperson said.