Nitish and I met with Mr. Rakshit Tandon, India’s leading cyber security expert. The meeting was supposed to be a casual get together with Rakshit Sir, but talks led us into discussing crucial issues and we said, “Why not a Q&A for our readers on the spot?”. Rakshit Sir, like the spontaneous man he is agreed to share his experience and insight about some general questions and problems faced by common people. Following is a transcript of the entire interview. We promise you will enjoy reading it as much as we enjoyed talking to him.
If somebody faces any form of cyber crime, what according to you should be the first step taken by them?
The very first thing to keep in mind is that whatever is happening to you, don’t destroy the evidence i.e. messages, emails, photographs and screen shots etc. We often get so scared that we delete all this data so that no one find out. Immediately after this, if you have a cyber crime cell in your city report the crime. And if you don’t have a cyber crime cell report to any gazetted officer of SP rank and file a written complaint. The intensity of crime should not be a worry. Whether 1000 rupees are stolen or a lakh or an embarrassing/naked picture of yours has been put up on the Internet, you should always attempt to convert the complaint into an FIR with valid sections stated there.
What if you just want to report a crime?
In cases where you are not the victim and you just know a crime is happening and you wish to report such crimes (eg. calls from fake number, a fake website used to arm people), ICERT is the best body to do so. It’s website has an option to report an incident, where you can send the report. As a responsible citizen, calls from any fake number can be reported to the service provider. If the crime is on a good social media platform such as Youtube, Facebook, Instagram and Twitter, they have a strong reporting feature and the actions are taken strictly. You can report the person and block the person from your social media.
In case of banking frauds don’t just report to the bank, also tell the police and file an FIR. A lot of bank says we are investigating. That is wrong. Bank is not the law enforcement agency. Until and unless you don’t file a police complaint there is no guarantee that your money will come back. So do both things together.
Generally people are afraid about how their parents will react. They want to know if they file an FIR, will it be kept hidden from their parents. To what level is the anonymity maintained?
This crime you are talking about is mostly related to women. I would really like to appreciate the efforts taken by UP Police that is called Women Power line 1090. They have 100% anonymity of the complainant and the action is taken on valid grounds. I have also been working as a consultant and they have started taking complaints for WhatsApp, Facebook stalking and selfies and all such similar problems. Police files an FIR against the boy and then nabs him. This has happened and is happening also. But otherwise I am sorry, the moment an FIR is done and if the person is 18+ i.e. an adult there is no issue for parents coming to know about it but then the problem is police comes to your home for investigation and everything. So you should have an address to give. If you are a child and filing complaints then definitely a parent or guardian is involved. I remember a case where the girl said if her parents find out they will put an end to her schooling, so a very good teacher of her supported her and came forth as a guardian to file the complaint. I think more sensitivity is required towards such kinds of problems and now since the number and volume is increasing so definitely the Govt. will give an eye to it and create a plan where even if a young victim comes their anonymity is maintained. Another fear in a child’s mind is that the law isn’t so strong and the criminal will go to jail today come out tomorrow and be more revengeful because getting bail is very easy. Therefore a good justice/lawyer/advocate etc will be able to tell better how to face this problem.
What is your take on Revenge Porn in India?
Google and facebook have announced that they are strictly removing revenge porn and a special page is being created for the same. If somebody’s revenge porn is coming in the search they can fill the form and google will pull it down immediately. This is from the part of Information Service provider. Problem is it is very difficult to pull down what goes on millions of websites once. Today a girl has clicked her photo and sent it with consent to her bf. Tomorrow from what source it is leaked is hard to tell. Then it goes on hundreds of groups on WhatsApp, Facebook and Youtube. It is not possible to track these thousand people and arrest them. On Facebook, yes you can track easily and arrest the person even liking or sharing. The law relating to this should be very strict according to me because people are not afraid at all. Anybody’s photo is shared publicly these days. Though we have 67B and POSCO but I am not sure that is very effective.
What is your opinion about shadowing of 66A?
I never thought of the section as being misused and it was a source of big fear for so many. It would make people think before they would write anything. But naturally looking at past cases it was misused and I think removal was OK. But now there should be a substitute. There is no word like cyber defamation today. If somebody wishes to write wrong about anybody he will get a shield saying I have a freedom to speech. If somebody gives me a threatening call or email saying he will kill me, I cannot book him under 66A anymore which previously I could because of the word “criminal intimidation.” Today I will have to take support of IPC but then I am showing electronic evidence without any support of IT Act. These are the kinds of problems that are there. Now they have removed its ok because it was misused and language wasn’t appropriate. “Anything that cause annoyance,” now such a thing is obnoxious. Amending it was a better option of course and if not that create a new one again with proper terminology. Terms like cyber bullying and defamation should be used. That gap should be filled up soon.
What is your opinion about Jan Dhan Yojna where bank accounts and debit cards are issues to almost everyone?
Yes that was one of my concerns too. People have not been educated first and given an account. My objection was if it has been so widely populated then what was the KYC done on their part. And what is the guarantee that these accounts are not used for legal funding and illegal purposes.
What about the user security related to it?
The user security is zero. A maid who doesn’t know how to use a cellphone has been given plastic money. Even the educated people don’t know how to use it safely, what can you expect from this poor lady? She will give her card to someone and ask them to take out cash for her. There was an initiative taken by one of the banks where they formulated safety measures but that was only in English. I think it should come up in multiple languages. Even other banks should send messages in regional languages telling no pin to be shared, nobody does verification on phone, nobody blocking your card except us and we can only do that if it is from a legal authority etc. These should be popularised at a large scale in tv, newspaper and wherever possible.
Is there something like a breach-proof system?
From a hackers perspective every system is breachable. So your real protector can be the kind of data science that the breached has used. My idea of encryption is that data should be randomized rather than being stored logically. That gives good security to the database. Only relevant data is visible in such cases.
We have heard various definitions of cyber terrorism from people. Can you tell us what exactly cyber terrorism is.
Anything which goes online against the country amounts to cyber terrorism. For me cyber terrorism is online drug peddling, arms & human trafficking, online gambling and disrespect to the Nationalism ofcourse. It’s a broad spectrum. The initial way to look at it is that we are a secular country and these terrorists use the cyberspace to create unnecessary rumors, send instigating messages or recruit and brainwash young minds. Social media monitoring has to be done by some intelligence agency. Recently a guy from Bangalore was arrested because he was using twitter to support ISIS terrorism. This should be taken seriously.