Governance & Risk Management

India Removes Block on 32 Websites

Move Raises Questions About Effectiveness of Blocking Sites
India Removes Block on 32 Websites

The Indian government has ordered Internet service providers to unblock 32 websites that were blocked earlier this month over concerns that they were hosting propaganda from the Middle Eastern extremist group ISIS and anti-India content.

See Also: Bolstering APAC’s Security Posture with Accelerated ZTNA

The unblocking order was issued Jan. 9 by the government's Department of Electronics and Information Technology. The government's decision to block these sites had stirred up protests and debates on the arbitrary nature in which these sites seem to have been identified. The domains blocked include Vimeo, Dailymotion, Pastebin, Github, CryptBin and SourceForge, to name a few. These sites on the blocked list provide a wide variety of services - from video hosting to open-source software projects.

"The unblocking of these sites reflects that better sense prevailed," says Jiten Jain, cybersecurity analyst and adviser to the Indian government. "The effectiveness of such blocks is debatable."

On Dec. 17, 2014, acting on orders from a Mumbai court, the Indian government's department of telecom had issued a notification to ISPs in India to block 32 websites that were allegedly hosting ISIS propoganda and anti-India content. The request was made by the Anti-Terrorism Squad, Mumbai, according to a release from the Press Information Bureau of the government dated Dec. 31, 2014.

The move was carried out under section 69A of the IT Act, which allows the government to ban/prevent access to websites when it is determined that "sovereignty and integrity of India, defense of India, security of the State, friendly relations with foreign States or public order" are threatened.

In the course of its investigations into terror cases, the government is believed to have received intelligence about certain sites carrying anti-national content containing material about Areeb Majid, an alleged ISIS member who was arrested by NIA, and three others, which was being used to induce Indian youth to join ISIS, according to an IBNlive report.

The Big Picture

According to watchdog organization Freedomhouse.org's India report on "Freedom on the Net 2014," while the scale of content blocking has diminished, it is still difficult to assess. The report notes: "The constitutionality of Section 69A of the IT Act is being challenged before the Supreme Court. Guidelines for intermediaries issued under the act face similar legal challenges." Experts believe that the move might well be a precursor to a change in the government's stand on censorship issues as it prepares to defend section 69A in the Supreme Court.

The block seems to have been implemented in a largely haphazard fashion, with users on Internet forums, such as reddit, reporting varying degrees of success when trying to access the banned domains on different ISPs.

The Freedomhouse.org report notes that the implementation of blocks appears to depend on the technology capacity of ISPs. However, instances of use of sophisticated PacketShaper technology are on the rise in India, it says.

The move to block the sites drew criticism from users and commentators, who pointed out that many of the sites listed have limited viewership and are code repositories and software discussion forums. "Blocking sites like SourceForge and Github, which are software repositories, to curb propaganda, defies logic," Jain says. There have been many cases where entire domains have been blocked, pursuant to a request to block specific URLs hosting objectionable content. The blocking and subsequent unblocking reflects a lack of oversight and maturity in enforcing certain broad provisions of the IT Act that allow for such censorship, experts say.

Risks of Over-Blocking

Chinmayi Arun, Research Director at the Centre for Communication Governance, National Law University, New Delhi, says, "The over-blocking of information is inevitable, given the opacity of the system, and the lack of accountability."

The accountability, transparency and effectiveness of such online blocks are the three key issues to review, Arun says. ISPs are not legally required to inform users of blocks, and the IT Act provides for no appeal in the matter. In fact, the rules mandate that executive blocking orders be kept confidential.

"The user has no way of knowing what is being blocked, thanks to Rule 16 under section 69A of the IT Act, which expressly mandates that executive blocking orders remain confidential," Arun says. This means that there is no redress if legitimate content ends up being blocked in violation of the constitutional right of freedom of speech and expression.

The entire process is a bit top-heavy, Arun says. Certain notified government organizations are permitted to forward complaints to the "designated officers" appointed by the central government. The requests received by this officer are then examined by a committee consisting of representatives from the ministries of Law and Justice, Home Affairs, Information and Broadcasting and CERT-In. The committee's recommendations are presented to the Secretary of DEITY for approval before the blocking order is issued, Arun explains.

In an emergency, however, courts can order content blocks without this review process, and the designated officer can present his recommendations directly to the Secretary of DEITY. The blocking orders are meant to be reviewed periodically by a review committee under the IT Act, although how often and whether the review does happen is unknown. "Since rules prohibit intermediaries from disclosing information about blocking, the system is dependent on internal safeguards which are considered ineffective by international standards," Arun says.


About the Author

Varun Haran

Varun Haran

Managing Director, Asia & Middle East, ISMG

Haran has been a technology journalist in the Indian market for over six years, covering the enterprise technology segment and specializing in information security. He has driven multiple industry events such as the India Computer Security Conferences (ICSC) and the first edition of the Ground Zero Summit 2013 during his stint at UBM. Prior to joining ISMG, Haran was first a reporter with TechTarget writing for SearchSecurity and SearchCIO; and later, correspondent with InformationWeek, where he covered enterprise technology-related topics for the CIO and IT practitioner.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.