So WhatsApp has sued the Indian government for imposing the IT Rules 2021. This is probably the most significant privacy case in India, ever since the Right to Privacy case.
Thread on what this is about:
#pegasus
🧵
There is nothing shocking or surprising about governments spying using Pegasus. We've known about Pegasus since at least 2016. First known use in India that we know about was in Bhima Koregaon spying, allegedly by Indian govt. A few points for your consideration:
1/
It's 2023 and I'm not sure if anyone cares for
#netneutrality
in India anymore, but Jio, Vi and Airtel are coming for it.
Don't take my word for it. Here are excerpts from their submissions to
@TRAI
(uploaded last night) :
Pls avoid giving your data to Digi Yatra. In RTI response to us, Ministry of Civil Aviation said Digi Yatra is managed by a private non profit entity, and hence not under RTI.
So they've structured collection of facial data to avoid accountability. Why should we trust them?
Trying out “Digi Yatra” app to check out the biometric enabled seamless travel experience but app doesn’t seem to recognise Indigo issued Boarding pass!!
Any ideas
@amitranjan
@buzzindelhi
?
Twitter has complied with govt requests to censor 52 tweets largely critical of India’s handling of the COVID-19 pandemic. Affected accounts include MP Revanth Reddy, WB minister Moloy Ghatak, actor Vineet Kumar Singh, among others.
Internet access has NOT BEEN RESTORED in the Kashmir valley. This is still an INTERNET SHUTDOWN. The internet is not 301 websites. It is billions of websites and apps.
Would urge those reporting on this to not call this a restoration of internet access because THIS IS NOT TRUE.
How about a separate fleet for those vegetarians who don't have onion & garlic & don't want that mixed with their veg food.
How about separate fleets for jhatka and halal non veg.
What an idiotic move. Some societies will stop non veg deliveries & you're only enabling them.
Our dedicated Pure Veg Fleet will only serve orders from these pure veg restaurants. This means that a non-veg meal, or even a veg meal served by a non-veg restaurant will never go inside the green delivery box meant for our Pure Veg Fleet.
Seeing lots of tweets suggesting that Twitter & Facebook might be banned tomorrow after IT Rules 2021 come into effect.
Some news entities irresponsibility playing on this with alarmist clickbait headlines too
This is wrong. I'll explain:
1/
Listen. No one put that number on your mobile phone. The UIDAI didn't do it. The govt didn't do it. The cellular operators didn't do it. The handset manufacturers didn't do it.
In fact the number isn't there on your phone. You're imagining things. Okay?
#Sarcasm
Multiple opposition MPs (Priyanka Chaturvedi, Shashi Tharoor, Mahua Moitra, Pawan Khera +) have disclosed that they received messages from Apple about state sponsored attackers compromising their Apple devices. We will probably hear about more MPs soon. A few things:
1/n
For 15 years, BJP has run the MCD. They didn't do anything about the garbage then. Effectively, BJP has created these garbage dumps. Now they want to be voted in to remove the dumps they've created.
Why should anyone trust them?
What the hell. I never wrote this.
Dear
@thewire_in
Can you please do your due diligence before you publicly attribute something to someone?
Please remove this tweet and please remove any attribution to my twitter handle or me.
This is terrible.
@AtishiMarlena
is responsible, along with
@msisodia
, for vastly improving Delhi's education policies and implementation.
Political interference to prevent good people from doing their work is disgusting. Typical of what the central govt has been doing to Delhi
BJP spokesperson response to Aadhaar data leaks today, on
@MirrorNow
was "Chinese phones leak data. There's also wikileaks. Nothing is secure. We have to accept that."
So their viewpoint on aadhaar data leaks is "we're all screwed anyway. live with it."
Aadhaar verdict tomorrow. I'm so nervous now.
Whatever the verdict, remember that there are many people who have been party to pushing back against this abomination.
First and foremost, we must thank Usha ramanathan for her leadership. She has led this pushback.
RIDICULOUS & should be challenged in Court. Aarogya Setu violates privacy, there is no doubt. In an *emergency* situation, it may have been fine, with limitations.
It should have a sunset date,& soon. 1-2 years is unnecessary, disproportionate, unreasonable violation of privacy.
#WATCH
Worldwide this app is being preferred. It curbs false information and you also know if there is a
#COVID19
positive person in your vicinity. The app will continue for next 1-2 years: Union Min Prakash Javadekar on Asaduddin Owaisi raising privacy issue on Aarogya Setu app
I turn 42 today. My favorite Douglas Adams anecdote (and maybe it's fiction), is that he chose the number 42 as the answer to the life, the universe and everything, because
Hi, if you get an email from your bank or mobile operator or any private service provider, about linking aadhaar, can you please send a copy to me at nikhil
@medianama
.com? Will publish with your details redacted.
1. A govt has used it to spy: Pegasus is sold only to govts. So it would follow that it has been used by a govt against ministers, journalists, opposition leaders, supreme court judges, and many others. This is essentially an attack on our freedoms in india.
2/
I'll answer this.
Thread.
1. Censor board doesn't have the capacity to deal with 20000+ movies being produced in India annually. Where will it find the capacity to apply its mind to all the movies being produced for OTT globally? The lag will destroy consumer choice
1/
Why should you not have a film censor board kind of situation with OTT platforms ? Agree /disagree , Like / dislike , but it has done its job so far.
@prasoonjoshi_
Banks deserve to be disrupted for the shitty consumer experience they provide, both in terms of tech and customer service. All they have is licensed exclusivity, protected by RBI.
HDFC Bank has had me on hold for 23 min now. Who else does this to customers and gets away with it?
I know Humans of Bombay lawsuit is the talk of Tech Twitter, but do read about YouTubers getting copyright notices from Prasar Bharati for using clips from parliament for their shows.
It's a strange one because TV channels use these all the time. MPs put up their
+
Congratulations to all of us, as citizens of India, on this verdict on electoral bonds.
Remember that our govt fought against transparency and accountability here.
Every six or seven years our SC does something to give hope. Wish they did it more often.
Meanwhile, India is making the mistake of banning bitcoin.
Here's how it will go.
2021: India bans bitcoin
2021: Case in SC against banning bitcoin
2025: India realised it is losing out on a global, independent currency standard and reverses its decision.
JAY-Z/
@S_C_
and I are giving 500 BTC to a new endowment named ₿trust to fund
#Bitcoin
development, initially focused on teams in Africa & India. It‘ll be set up as a blind irrevocable trust, taking zero direction from us. We need 3 board members to start:
Isn't it lovely to see mukul rohatgi, who as AG argued that privacy is not a fundamental right, now, as Facebook's lawyer, speaking in favor of privacy? Full circle.
Yesterday, the Indian government notified rules that allow the Press Information Bureau the powers to take down news content based on their own fact check. This is problematic for our democracy for multiple reasons, esp as we head towards elections:
1. The role of news media
1/
What has happened today in the US can happen anywhere in the world.
#CapitolBuilding
Many democratic countries are sitting on a tinderbox. We've had increasing inequality being misused for political gain through misinformation. The role of Social Media +
I once asked the CEO of a tech biz abt why they're funding hate, by sponsoring a channel keeps spewing sectarian venom. His response: agencies place the ad. We're blind to this.
Can't believe brand owners don't care about what the brand is juxtaposed with. They're complicit.
Those who complain about TV news and the poison it has been reduced to - remember we are all complicit. Those who watch these channels ( and many do); those who advertise on them; and the so called editors who sold their souls and their conscience years ago.
If
@NandanNilekani
really believed that Aadhaar shouldn't be mandatory, should have said it 4 yrs ago. If he really believed that privacy is a fundamental right, he should have opposed govt arguing against it 3 years ago
Very conveniently delayed, because then served his purpose
A few points here:
1. During Aadhaar case in SC, NDA govt argued that privacy isn't a fn right, not UPA
2. UPA instituted 66a and fought to uphold it. BJP opposed 66a, but once they won in 2014, NDA also argued to protect it in SC. And lost.
3. 18 key accused in 2G scam were +
1. WhatsApp uses end to end encryption. This doesn't just mean that they don't know what is in our messages. It also means that they don't know who has sent what message.
The only time they can see the content of the message is when someone marks it as spam,in which case the
1/
has irked many, and a few months ago, this led to a wider adoption of Signal in India. Signal's privacy features are even better than WhatsApp,and in fact WhatsApp uses the Signal Protocol for End to End Encryption. These rules impact all social media, including Signal.
7/
2. Pegasus, once installed on our phones, is used to extract all communications (iMessage, WhatsApp, Gmail, Viber, Facebook, Skype) and locations. Remember that content on your phone itself is not secure.
3/
4. Cybersecurity threats and cyber surveillance are here to stay. There is a weaponisation of cyberspace that is taking place at an alarming pace. We need the UN to step in. We need disarmament of the cyberspace. No one will ever feel secure to have trusted communications
6/
Just called my MLA Prahlad Sawhney to tell him we need DelhiGovt to do more to stop violence. Elected leaders need to go to riot affected areas,for peace. Call your MP/MLA to try & stop violence.
Their contact details, inc mobile numbers @
Call them.
Hi
@AtishiAAP
, it's literally your govts job to get data abt sources of pollution in Delhi, & build a reliable aqi monitoring system. After 8 years, no excuses.
Also, what are you doing about farm fires in Punjab?
The reduction in pollution was during COVID years. What +
VIDEO | "The pollution level rises in Delhi during winters and affects the health of people. To curb the rising pollution levels, the Delhi government has been consistently working for eight years. However, a big obstacle has come to light in our fight against pollution, which is
Javadekar has done no public consultation for regulating streaming services. A self regulatory code already exsits for streaming services.
Govt doesn't have the legal basis for streaming services regulation. They can't do online content regulation under IT act or cable& tv act.
The RBI order against Paytm has created an existential crisis for it, and impacts millions of users and merchants.
How the RBI can, with one sweep, without adequate consideration to how this impacts people, almost shutter such a significant biz is beyond me.
A few things
Mobile Internet has been shut in parts of Delhi+reduced to 2G for rest,since mid-day yesterday. I'm tweeting via WiFi,which is a privilege in India with ~99% on mobile Internet.
Not commenting on farmer protests but here's thread on how I think about Internet Shutdowns:
5. The solution to government surveillance, was also alleged in the Bhima Koregaon case, is not the privacy bill, because it exempts the Indian government from accountability. We need surveillance reform. A law to bring accountability to surveillance.
7/
6. Our intelligence agencies need to be held accountable to parliament. Usage of such software against parliamentarians & Indian citizens needs to require judicial sanction, &future declassification. Authorisation by a "competent authority" is insufficient as long as this
8/
Aadhaar, is only a proof that a fingerprint/iris scan corresponds to a number.
It's not proof of identity, citizenship or date of birth. Yet it is demanded and accepted as all of these.
It is, and has been useless, and is only a means of surveillance.
Apps can log your keystrokes, screenshot your screen, take control of your apps. All this is easy once in. End to end encryption only protects messages in transit, not on device. Messages and files are typically unencrypted on device.
4/
Cowin site seems to have been created to discourage vaccination, not enable it. Insanely frustrating. Whoever decided to put in that useless captcha that works only on every third attempt and by that time 150 slots are full deserves a special place in hell. Insanely frustrating
Fascist Delhi police vandalising CCTV cameras to avoid being held accountable.
We have also seen them at protests without name tags.
Clearly they have a lot to hide
the ASCII code 42 refers to the asterisk *. Why the asterisk? Douglas Adams was a computers geek.
* stands for anything & everything.
Hence the answer to the life, the universe & everything is whatever you want it to be.
Here's to a year of whatever I want ;)
There's a thick layer of smoke over Delhi NCR. We're back to prepandemic levels and this year looks like the worst in years.
We've been failed by our governance stakeholders everywhere: the government of India, the Delhi, Haryana and Punjab governments, and the Supreme Court.
Can't say we did not see this coming. Problem is that the government of India, Nandan Nilekani and Ispirt were also informed about these risks but they still continue to push for aadhaar.
“hackers from Bihar copied thumb impressions from a Haryana Government website and withdrew money using Aadhaar-enabled payment system (AEPS) using POS (point of sale) machines.”
Thank you for doing this
@asadowaisi
.
Also, can we have disclosures from companies about whether they are processing photos as facial data?
I'm especially looking at Google and Facebook re this.
THREAD: Supreme Court's Puttaswamy judgement stated very clearly that privacy is a fundamental right. There's a huge risk when our personal info is used without our consent. Most importantly, facial recognition technology is unreliable & biased. This is why I'll be submitting...
Pegasus can be installed on a targets phone in many ways: by sending infected links (spear phishing), social engineering etc. This malware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by operators.
5/
Can't emphasise this enough:India NEEDS surveillance reform. Our agencies need to be held accountable.
Those in power - govt - who have this unrestricted freedom will not change.
We need cases to be filed by those impacted for courts to uphold the fundamental right to privacy
user who has marked it as spam unencrypts it for WhatsApp to see.
2. The IT Rules force WhatsApp to change this: the govt has said that it wants WhatsApp to identify the originator of a message (but doesn't want the message content). When this is for law enforcement
2/
🇰🇪The Kenya high court has declared the rollout of the
#HudumaNamba
biometric ID scheme as illegal.
The judge said the rollout went against the 2019 data protection act and ordered the interior ministry to assess the impact of the scheme.
Airtel seems to be deleting tweets where they have confirmed govt orders about internet shutdowns. Please take screenshots of the deleted tweets with us
You didn't (and don't) need aadhaar for direct cash transfers to bank accounts.
KYC was and remains possible without Aadhaar.
But that shouldn't stop Manu from trying to perpetuate the pro-aadhaar propaganda. As they say, never waste a crisis.
As the government announces direct cash transfers to millions of poor, we must never forget how much Aadhar was defamed and privacy concern overblown by rural affairs middlemen and friends who were made obsolete by technology. The defamation of Aadhar began as a turf battle.
Great news. @
#DigitalIndia
summit,
@rsprasad
affirms his commitment to
#NetNeutrality
for India, saying he doesn't care what US does, India is committed to it, "which is why we kept out free basics"
Thank you for that
@rsprasad
.
#NetNeutrality
is India's competitive advantage
is being coy and saying, "We're not asking you to break end to end encryption", knowing fully well that that's the only way this can be implemented.
5. Not just WhatsApp: WhatsApp's push for adoption of its new privacy policy which allows sharing of data w Facebook Business
6/
IMPORTANT: If you get a call from "customer care" asking for a "verficiation code" from a UPI app, else they'll shut your account: it's a hoax call, meant to take control of your bank account+transfer money out. I got from +91-911-701-6747, followed up with a password reset SMS
The govt wouldn't want to give platforms reason to go to court because these rules are so majorly unconstitutional that they won't want to risk embarassment in courts. The rules are already being challenged on such grounds btw. Need more.
2. Govt was expected to issue a set of
Why the hell has PWD cut all the trees on Mathura road? Shameful. Such gorgeous old trees on that road. Is this how Delhi plans to address pollution? Fewer trees = more dust.
It's an absolute shame that Facebook is not notifying users that their data has been breached. This impacts 500 million users worldwide, and from what I've read and an estimated 6.1 million in India.
1/n
have to rearchitect the entire platform. This potentially compromises all its users .
The court will have to decide if it is proportionate to violate the privacy of everyone to identify one sender of a message. IMO, it's not proportionate. Of course, in all of this, govt
5/
4. There is ZERO chance of the government blocking US based platforms because of the power that the US government wields. There is ZERO chance of the Indian govt blocking US platforms when Jaishankar is in the US to engage with the US government.
5. What do the rules do?
6/
3. Is it backed by law? The IT Act doesn't support traceability, and the IT Rules go beyond the IT Act, so NO. Is it proportionate? That's where things become tricky. I'll explain:
4. For WhatsApp to enable identifying originator of even one message, it would mean that they
4/
I (verbally) asked someone in office for an extension cord because mine seemed to not be working. And 45 min later, I got a push notification from the Amazon app with reccos for an extension cord.
Checking phone re whether Amazon has microphone permissions. You should too.
1. IT Rules 2021 are coming into effect tomorrow, and even if the deadline won't get extended, the Govt is unlike to enforce all the provisions & hold platforms to account unless it really needs to, because the platforms could then move court to challenge the guidelines.
2/
Which of India's digital public infrastructure has been adopted voluntarily at scale?
1. Aadhaar is forced
2. UHI IDs created w/o actual consent during vaccination
3. UPI adopted because of forced demonetisation
4. Digi Yatra is enrolling people without consent
purposes, and is for only one individual or with a legitimate and legal purpose, this seems reasonable. Even the right to privacy judgment allows for some exceptions to the fundamental right to privacy, namely: proportionality and legitimacy, and backed by law.
3/
So
#TelecomBill
is being unexpectedly tabled in Parliament today. There was discontent abt treating several online services as telecom services. Telcos liked it: they’ve argued that online services = telecom services & should be treated as same.
Some things to look out for:
1/n