Boundless Informant data reveals NSA got around 6.3 bn reports from India: report2 min read . Updated: 10 Jun 2013, 02:53 PM IST
India should strengthen privacy law, enact legislation to protect citizens, say experts
Mumbai/Bangalore: The Indian government should strengthen its privacy laws and enact legislation to protect citizens from interception of communication over the phone or the Internet by governments, say cyber security and Internet experts
Simultaneously, Internet users should be proactive in protecting their privacy by using encryption technologies, they said.
This follows reports that the US has been monitoring communications between US and foreign nationals over the Internet for years under a project called Prism. Around 6.3 billion reports were collected from India, according to an 8 June report by The Guardian, a UK newspaper.
The Guardian said it has acquired top-secret documents about the NSA (National Security Agency of the US) data-mining tool, called Boundless Informant, that details and even maps by country the voluminous amount of information it collects from computer and telephone networks.
Cyber security experts caution that while US citizens have recourse to law under their own domestic privacy policies, India has no such safeguard.
“We should strengthen our privacy laws and the government should put in place a privacy law to prevent mass surveillance and to encourage strong encryption and, hence, protect our national security and our citizens’ privacy," said Pranesh Prakash, policy director at Bangalore-based Centre for Internet and Society. “The US government recently cited domestic privacy laws as a reason why they couldn’t help Indian investigators obtain information from Google, Facebook, etc. We should reciprocate."
He urged Indians to proactively use available technologies to protect themselves from invasion of their privacy.
“What is significant is that India lacks a privacy legislation which obligates companies to maintain privacy standards when they export the data which they’ve gathered in India overseas," said Apar Gupta, a partner at law firm Advani and Co. specializing in information technology (IT) law.
“Such a legislation does exist in EU (European Union) countries whereby any data which is gathered of EU nationals in the EU and is then transferred overseas to India and there is a breach of privacy, then it’s an issue that can incur certain liability, as per the provision. Our own government does not accord a high privacy standard to its own nationals," Gupta said. “India does not have a law with respect to privacy, which is being breached by these companies, and then turning over this data to the US government."
Experts say India’s weak encryption policies also need a relook. India does not have specific legislation governing the use of encryption techniques to secure electronic communication.
Meanwhile, privacy advocates such as the San Fransisco-based Electronic Frontier Foundation (EFF) are cautioning Internet users against the misuse of metadata—a set of data that describes and gives information about other data.
“What they (the US administration) are trying to say is that disclosure of metadata, the details about phone calls, without the actual voice, isn’t a big deal, not something for Americans to get upset about if the government knows," EFF said on its website.
But EFF points out that metadata provides enough context to know some of the most intimate details of a person’s life. And the US government has given no assurances this data will never be correlated with other easily obtained data, it said.