[Reader-list] Maria Xynou on Surveillance in India

Mon Dec 8 16:03:02 CST 2014

>From The Guardian thread on the Logan Symposium, London, 5-7 December 2014:

http://www.theguardian.com/technology/live/2014/dec/05/the-logan-symposium-surveillance-censorship

Next to speak is Maria Xynou, a privacy and surveillance researcher at the
Tactical Technology Collective in Berlin. She’s talking about surveillance
in India.

“The majority of the population lives in rural areas and in really bad
conditions. Often I feel that marginalised people on the margins of
society are the guinea pigs for surveillance. It often affects them
first,” she says.

Indian mobile operators are required to install lawful intercept and
monitoring (LIM) systems to use on request from law enforcement
authorities, but Xynou notes that the Indian government has its own system
too, monitoring traffic through ISPs. The Network Traffic Analysis (NETRA)
system only came to light in 2013.

“Essentially what it does: it intercepts and monitors almost all internet
communications [looking for] suspicious words and suspicious phrases,” she
says. And for anyone considering encryption as a way around this: “If
authorities in India ask you to disclose your private encryption keys, you
have to.”

Xynou has studied 50 companies who sell a range of technologies used for
surveillance in India. She talks about some, including Kommlabs, which
“looks out for cognitive and emotional stress in voice calls, then flags
them”.

She also talks about the National Intelligence Grid (NATGRID) which links
up various national databases of personal information in India, from
vehicle registrations and mobile phone logs to bank account details, train
reservations and passport data.

Linking these databases for a billion people risks errors, says Xynou.
“The probability of errors is extremely high. And the main problem is
there is no regulation behind this: no system of checks and balances to
see if breaches can occur,” she said, before drawing attention to the UID
biometric data collection scheme that recently launched in India.

“There’s a huge debate in India whether this violates privacy or not,” she
says. For example, some contractors involved in providing devices and
infrastructure for the scheme have ties to US intelligence agencies, which
may be “problematic” for privacy to say the least.

“In India right now, there is currently no privacy legislation. They are
building all these surveillance systems, yet there is no law which can
protect citizens,” says Xynou. There is a draft privacy bill under
discussion in 2014, though. “Of course, it’s not perfect... but still I
think it’s definitely a very good first step.”

“But the main problem in India is a lot of these programs are carried out
in secret. There’s no transparency whatsoever,” she finishes.”In order for
us to be able to increase transparency in what’s going on in the biggest
democracy in terms of population in the world, we definitely need people
to leak more documents.”