Privacy and State – II

This post is in continuation of my older posts on the issue of Privacy and State in India

If you look at where I ended the previous post. Now lot of water has flown under the bridge since then. A series of articles and police actions happened around the same time which were reported in the Indian Express. What is interesting about those articles is one of the statements

“We were asked not to use Deep Freeze. But, surprisingly the software that police have asked us to use, Clink, has this setting of data deletion inbuilt in it. These are double standards by the police.”

– Yogesh More, a cafe owner

What is interesting is that I have had the pleasure/pain of seeing the software in action. Some of the observations I had over period of time are:-

1. The speed of the systems/performance of the systems goes down by half or more than half then this software is installed.

2. There is loss of effective bandwidth as well when using this software.

You could try some of the network monitoring software’s to get an idea as to how much data is exchanged. The classical symptoms of the software is very much in line with the software called ‘Spyware’ the only difference though that most spyware is silent while this one innocuously sits on the desktop watching every move. It very much reminds me of the Chinese Golden Shield/Great Firewall f China thing. Hence I would not be surprised if the software has the function of taking screenshots every few minutes and sending to some repository somewhere or/and capture keystrokes and send that data as well. While text doesn’t take much effort to duplicate making screenshots and making sense of them would be more of a technical challenge. With words it could be some algorithm which would be looking at specific keywords from some database. The software does interest me intellectually but also disgusts the human rights part of me.

The net net result of such a scenario would be that cyber-cafe owners/operators would be forced/have to upgrade their systems and bandwidth to make things work. Another point would be while some customers would blindly go doing things the same way, many like me would also be wary of using services such cafes. Its not that we do something right or wrong, but its not a nice feeling to know people are watching over your shoulder. For e.g. in this cyber cafe most of the customers who do come have work either as in ‘Project work stuff’ (lots of Engineering and varied disciplines colleges around) and PMC tenders work. The Pune Muncipal Corporation (PMC) has gone online and some of the people concerned print the tender documents at their own expense. The printing and browsing business makes for a large percentage of people who visit here. Couple of cyber-cafes down the line I know of people who use the cafe for doing shares/equity speculation/trading work. Now imagine those people, they would not be happy if somehow some of those trades or ideas leaked about or their financial information is leaked somewhere.

An additional expenditure would be in installing Anti-viruses and stuff which again means more expenditure and loss in system performance.

The economics of running cyber-cafes is also interesting as it makes me remember couple of odd summer jobs I had taken in different cyber-cafes while growing up.

1. The first one was in summer 1992 or therabouts. I had been nurtured/spoiled by my association with NIIT Computerdrome which had this voucher system where we paid somewhere from Rs. 6/- to Rs. 10/- per hour depending on the time of the day when outside the market rate was Rs. 100/- . The NIIT Computerdrome experience went for almost a year before taking the summer job in/around 1992. The cyber-cafe was to be a hotspot on Fergusson College Road on the main road itself. It didn’t work as while they did try having a fun theme ‘ they made an underwater theme’ and other stuff they didn’t have much in content and while their prices were similar (maybe 5-7% more than the prevailing rates) they just couldn’t attract people. People thought it would be too much. They also had a gaming section but didn’t either the breath of titles or the hardware to make a community out of it. Net net 2 months and the cafe folded. I also made a notional loss as their cash flows were not good.

Looking back, while the idea was good, it simply was far too ahead of time and lacked in execution of stuff. They didn’t concentrate on making a community nor had ideas about modding and stuff which could have stirred things up. Of course, this is still the case in most of the places but now people have some ideas.

The next summer I went for another cafe job this time though less than 50 meters from my place. This time the guys tried to make it through with rock-bottom pricing. They also did the variation time pricing thing and were upon almost round the clock. Due to low prices they never had any problems with having customers round the clock. I remember people coming at times like 4:30 – 5:00 in the morning to check stuff out as the price were lowest at that point in time. They had close to 20 odd machines. They failed as they had bought the lowest configuration machines and had not figured the costs of having good antivirus and the system performance issues that it brings. It was a policy issue and they were not amenable to the idea of having an antivirus and thus more than half the time the computers were down. The net net result being that they literally fled from the place in the dead of the night as they couldn’t make the rent and whatever credits they had taken from the market. I think couple of police cases were also filed but nothing happened after that. The issues with reinstalling OS and application software also got to the staff as its the most boring job in the world. Again a good idea but failed in the execution of the same.

Both the experiences give a good idea for case studies as to how thin a knife edge these people operate. I am talking of places where oligopoly happens not where there is a monopoly in giving net services.

Update 28/09/10 :- There have been few interesting as well distressing articles which have appeared in the newspapers. The latest development is the doubling of rates which would happen from October 1.

Now from what I know most of the Sim card sellers get something between Rs. 10-15 per Sim card sale. How are they supposed to physically verify the documents? If you look at the ‘Banks unwilling to sell pension scheme to poor, says regulator ‘ Economic Times article. Now when institutions like banks which have huge reach and economic clout are unable to reach people, then how are the poor mobile connection seller is supposed to physically verify that the papers in order when he doesn’t have either the know-how or the technical reach that banks have. I chatted with couple of mobile connection sellers near my place, most of them while educated are not aware of how to distinguish between real and fake documents. I do not even know how they can do it. Even if one takes at the 1000 odd cybercafes there must be 100000 odd mobile connection sellers . The only way out I see from the state’s perspective is the UID thing but that again has privacy issues. What I am worried about is the ‘function-creep’ which gets inbuilt in the system and the misuse of cards like that. For the poor it is a powerful thing as it would make them eligible for lot of things as its hoped, lot of government services and all but for the middle-class I am not so sure. Although I don’t have any significant wealth that anybody should think of going through the pains of having my identity but it would make a difference for many others. Also UID would have to prove to skeptics (like me) that it really works and the give and take is really worth it.

As a side note, its been 7 years since I gave my ration card for new when they said the middle class would get white ration cards, till date didn’t get any. Went 4-5 times but still to no avail. Back of my mind, there is a thought that somebody might be claiming ration in my family’s name but nothing I can do about it. Even applications are buried in a file. Now in such a scenario if the UID would help in getting even the white ration card or knowing the status of my ration card that would be something useful.

If one looks at the whole scenario the State is just following what the Americans are doing. I can visualize 100s of different ways in which messages could be passed from one to the other without the govt. knowing. The Wikileaks site gives some ideas as well as sites relating to cryptography, PGP being another example . Again from an intellectual perspective it would be an interesting exercise but suffice to say the State does have to get it act together without causing as less a grief to the public as possible. Anti-social elements,terrorists and governments world over have been becoming very sophisticated in their attacks. The recent reports of the Stuxnet worm and it being possibly a state engineered worm I think our cyber defence and cyber crime have to be 10 steps ahead. The procedures they are following are pathetic at the best, they really need to get their act up. With the hope that some sanity comes in the system and there are better, transparent methods of a fine balance of security and civil rights. If some of the regressive ideas such as physical verification of mobile connections are enforced then the growth of mobile connections would come down to the hindu rate of growth rather than the explosive rates of growth as seen today.

What was interesting in that wiretap story and which somehow is the following bit of info.

Several privacy and technology advocates argued that requiring interception capabilities would create holes that would inevitably be exploited by hackers.

Steven M Bellovin, a Columbia University computer science professor, pointed to an episode in Greece: In 2005, it was discovered that hackers had taken advantage of a legally mandated wiretap function to spy on top officials’ phones, including the prime minister’s.

“I think it’s a disaster waiting to happen,” he said. “If they start building in all these back doors, they will be exploited.”

Susan Landau, a Radcliffe Institute of Advanced Study fellow and former Sun Microsystems engineer, argued that the proposal would raise costly impediments to innovation by small startups.

“Every engineer who is developing the wiretap system is an engineer who is not building in greater security, more features, or getting the product out faster,” she said.

What is really pathetic that unlike other democratic countries there isn’t any privacy advocacy organizations in India or there doesn’t seem to be.

So signing off and hoping better ideas and sense prevails.


0 Responses to “Privacy and State – II”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: