Cyber Security talk with Rakshit Tandon

Rachiyta JainCyber Security, Law

cyber

Nitish and I met with Mr. Rakshit Tandon, India’s leading cyber security expert. The meeting was supposed to be a casual get-together with Rakshit Sir, but talks led us to discuss crucial issues and we said, “Why not a Q&A for our readers on the spot?”. Rakshit Sir, like the spontaneous man he is agreed to share his experience and insight about some general questions and problems faced by common people. Following is a transcript of the entire interview. We promise you will enjoy reading it as much as we enjoyed talking to him.

1479526_710269152317584_715012159_n

If somebody faces any form of cybercrime, what according to you should be the first step taken by them?

The very first thing to keep in mind is that whatever is happening to you, don’t destroy the evidence i.e. messages, emails, photographs screenshots etc. We often get so scared that we delete all this data so that no one finds out. Immediately after this, if you have a cyber crime cell in your city report the crime. And if you don’t have a cyber crime cell report to any gazetted officer of SP rank and file a written complaint. The intensity of crime should not be a worry. Whether 1000 rupees are stolen or a lakh or an embarrassing/naked picture of yours has been put up on the Internet, you should always attempt to convert the complaint into an FIR with valid sections stated there.

What if you just want to report a crime?

In cases where you are not the victim and you just know a crime is happening and you wish to report such crimes (eg. calls from a fake number, a fake website used to arm people), ICERT is the best body to do so. Its website has an option to report an incident, where you can send the report. As a responsible citizen, you must report any calls from any fake number to the service provider. If the crime is on a good social media platform such as YouTube, Facebook, Instagram and Twitter, they have a strong reporting feature. Moreover, they take serious actions strictly. You can report the person and block the person from your social media.

In case of banking fraud, don’t just report to the bank, also tell the police and file an FIR.  A lot of banks say “We are investigating”. That is wrong. The bank is not a law enforcement agency. Until and unless you don’t file a police complaint there is no guarantee that your money will come back. So do both things together.

Generally, people are afraid about how their parents will react. They want to know if their parent will find out when they file an FIR. To what level is the anonymity maintained?

This crime you are talking about is mostly related to women. I would really like to appreciate the efforts taken by UP Police which is called Women Power line 1090. They have 100% anonymity of the complainant and take action on valid grounds. I have also been working as a consultant and they have started taking complaints about WhatsApp, Facebook stalking, selfies and all such similar problems.  Police file an FIR against the boy and then nab him. This has happened and is happening also. But otherwise, I am sorry, after filing the FIR, even if the person is 18+ i.e. an adult, there is no issue for parents coming to know about it. However, the problem is police come to your home for investigation and everything. So you should have an address to give. If you are a child filing complaints, your parent or guardian must involve themselves. I remember a case where the girl said if her parents found out they would put an end to her schooling, so a very good teacher of hers supported her and came forth as a guardian to file the complaint. I think such kinds of problems require more sensitivity. And now, since its increase in number and volume, the Government will definitely give an eye to it and create a plan to maintain the anonymity of a young victim.  Another fear in a child’s mind is that the law isn’t so strong and the criminal will go to jail today come out tomorrow and be more revengeful because getting bail is very easy. Therefore a good justice/lawyer/advocate etc will be able to tell better how to face this problem.

What is your take on Revenge Porn in India?

Google and Facebook announced that they will strictly remove revenge porn. Moreover, they created a special page for the same. If somebody’s revenge porn is coming in the search they can fill out the form and Google will pull it down immediately.  This is from the part of the Information Service Provider. The problem is it is very difficult to pull down what goes on millions of websites at once. Today a girl clicked her photo and sent it with consent to her bf. Tomorrow, we cannot tell which source leaked the photo.  Then it goes on hundreds of groups on WhatsApp, Facebook and YouTube.  It is not possible to track these thousand people and arrest them. On Facebook, yes you can track easily and arrest the person even liking or sharing.  The law relating to this should be very strict according to me because people are not afraid at all. Everyone shares their photo publicly anybody’s photo these days. Though we have 67B and POCSO, I am not sure if that is very effective.

What is your opinion about shadowing 66A?

I never thought of the section as being misused and a source of big fear for so many. It would make people think before they would write anything. But naturally looking at past cases, they did misuse the section and I think removal was OK. But now, we require a substitute. There is no word like cyber defamation today. If somebody wishes to write wrong about anybody he will get a shield saying I have a freedom to speech. If somebody gives me a threatening call or email saying he will kill me, I cannot book him under 66A anymore which previously I could because of the word “criminal intimidation.” Today I will have to take the support of IPC but then I am showing electronic evidence without any support of the IT Act.  These are the kinds of problems that are there. Now they have removed it because of its misuse and inappropriate language. “Anything that causes annoyance,”  is obnoxious.   Amending it was a better option of course and if not create a new one again with proper terminology. Incorporate terms like cyberbullying and defamation. The government must fill that gap soon.

What is your opinion about Jan Dhan Yojna and its move to issue bank accounts and debit cards to almost everyone?

Yes, that was one of my concerns too. People who are digitally illiterate have an account. My objection is whether there was KYC done. And where is the guarantee that these accounts are not for legal funding and illegal purposes?

What about the user security related to it?

The user security is zero. How will a maid use plastic money when she doesn’t know how to use a cell phone? Even educated people don’t know how to use it safely, what can you expect from this poor lady? She will give her card to someone and ask them to take out cash for her. One of the banks took the initiative to formulate safety measures but that was only in English. I think it should come up in multiple languages. Even other banks should send messages in regional languages saying “no sharing of PINs”, nobody does verification on the phone, nobody blocks your card except us and we can only do that if it is from a legal authority etc. TVs, newspapers and the lot must popularize them on a large scale wherever possible.

Is there something like a breach-proof system?

From a hacker’s perspective, every system is breachable. So your real protector can be the kind of data science that the breach has used. My idea of encryption is randomising data rather than storing it logically. That gives good security to the database.  Only relevant data is visible in such cases.

We have heard various definitions of cyberterrorism from people. Can you tell us what exactly cyberterrorism is?

Anything which goes online against the country amounts to cyber terrorism. For me, cyber terrorism is online drug-peddling, arms & human trafficking, online gambling and disrespect to Nationalism of course. It’s a broad spectrum.  The initial way to look at it is that we are a secular country and these terrorists use cyberspace to create unnecessary rumours, send instigating messages or recruit and brainwash young minds. Intelligence agencies must conduct social media monitoring. Recently, the police arrested a guy from Bangalore for using Twitter to support ISIS terrorism. The Government must take such matters seriously.