Naavi.org

(P.S. This article was first published in India Legal Magazine)

One business that has thrived during the lockdown in various parts of the world is video-conferencing, virtual meetings and virtual collaboration solutions. Many large corporations have already installed virtual meeting infrastructure across their branch offices and were quickly able to adapt to this form of doing business by adding more individual users logging in from different locations.

A large number of SMEs and individual businesses, however, had to search for affordable and easy-to-use solutions to establish face-to-face contact with their workers scattered in different locations. Educational institutions also had a requirement to conduct classes in the virtual environment to meet their teaching deadlines. Such users found that the Zoom communications platform was convenient and affordable. As a result, its business spurted from around 10 million users to 200 million.

Companies, which had competing products and were big names in the industry, felt their egos bruised by the phenomenal success of this relatively small company. They launched a well planned attack on Zoom and the fact that it was promoted by a Chinese entrepreneur. They tried to bring down its popularity partly to get some business themselves and partly to satisfy their hurt egos.

The campaign against Zoom revolves around security issues. One issue is that uninvited persons can log into running sessions where there is no password set for the meeting or where the password is weak and predictable. As the meeting password is not considered as important as bank account passwords or similar other access environments, users tended to set weak passwords. These intrusions were highlighted as “Zoom bombings” and the possibility of corporate espionage was stressed.

Secondly, data used during corporate meetings had to move between different users and to ensure that this moved without much latency, the company maintained servers in different countries, including China. Rivals highlighted this and showed the possibility of Chinese espionage.

A third complaint raised was that Zoom claimed to have “end-to-end encryption”, whereas it was theoretically only encryption from the sender’s computer to the receiver’s. It was quite like an “https” connection and did not extend to the processes within the sender’s and receiver’s systems at the application level. This was suggested as a deliberate misrepresentation. There was also an allegation that Zoom shared some data with Facebook without the knowledge of the user and that some log-in IDs and passwords were on sale on the dark web.

As a result of these allegations, a campaign was launched to show that Zoom video-conferencing solutions were unsafe. Media, which did not understand the depth of the problem, also painted a picture of Zoom being the only software where all security flaws were found and hence its use should be discontinued. Neither the media nor others presented any better alternative. Its Chinese ownership was also a reason for some to switch to other solutions.

It was unfortunate that the home ministry became a pawn in this game of one up-manship. As usual, a section of the media claimed that the home ministry had evaluated the Zoom application and was not in favour of its use from the security point of view. While the ministry’s concern about the use of Zoom for meetings of government officials was perhaps genuine, the unusual action of it coming up with a press release, including a set of “secure configuration guidelines” was strange. Though this notification was meant only for government departments, the media implied that it was a national security advisory. Normally, any such guidance should be the responsibility of the Ministry of Electronics and Information Technology (MeitY) and there was no need for the home ministry to step into its shoes and come up with operating guidelines on a subject in which it has no direct knowledge or expertise.

By the time this notification was released, Zoom had already attended to most of the concerns. It changed the default settings of the meetings to a higher security level and left it to the choice of the user to downgrade the security features. It also provided an option to the user to avoid servers in specific countries such as China.

Zoom bombings were due to the user’s negligence. Instructions were released to set a strong password, use the waiting room facility and to lock the meeting if needed. This could avoid unauthorised entries into the meetings. Zoom also clarified that personal data sharing with Facebook occurred because its software development kit (SDK) for log-in authentication collected information beyond the permissions required and granted. It appears to be a deliberate violation of privacy by Facebook, though there could be some negligence on the part of Zoom too.

The controversy regarding end-to-end encryption was more of semantics than anything else. Security experts say that if the encryption is not done at the application level and decrypted only at the destination, it cannot be considered as “end-to-end”. It is possible that the marketing personnel at Zoom called their encryption “end-to-end encryption” without recognising the difference.

However, most messaging services, including popular email ones, use only transport-level encryption and not the real end-to-end encryption. Even banks in India may not be using real end-to-end security. Hence, singling out Zoom for such a mistake is unfair.

Before the home ministry jumped into the fray, it should have realised that the problem with Zoom was both of technical interpretations and user awareness. It was not an issue of fraudulent intention. The ministry was not capable of understanding the nuances of technology and should have refrained from giving the impression that it was giving a technical advisory on Zoom.

Criticising Zoom without criticising Facebook for misusing the consent shows prejudice. Perhaps this should be investigated as the Facebook log-in SDK of the type used by Zoom may also be in wide use in India by others. In all such cases, there could be a siphoning off of personal data beyond what has been consented to by the user. The home ministry has not revealed that email providers also use only VPN security and not end-to-end security. If so, it would have placed the issues observed in Zoom usage in the right perspective.

If Zoom had installed any malware like some Chinese applications do, then the home ministry would have had a reason to issue such advisories. But it did not consider TikTok and UC Browser type applications for a ban. This could be due to their ignorance or pressure from certain business lobbies. It is also to be recognised that Zoom has been promoted by a person of Chinese origin but is not a Chinese company. It is a US company and the promoter is perhaps now a US citizen settled there.

The ministry should also have realised that Zoom as a company is not like telecom equipment suppliers like Huawei or Chinese mobile companies. Some of these companies have allegedly preinstalled malicious applications to bring users under surveillance of the Chinese government. Even point of sale systems used for card authentication at shops and biometric devices used for Aadhaar authentication are being imported from China and the ministry should worry if these have any hidden backdoors.

The ministry appears not to have heard about Deepfake and Deepnude applications which threaten society and could create huge problems. If it was watching the web world, it would have moved to block such apps along with voice-changing apps, Blue Whale or other gaming apps which require urgent attention. It has also remained silent when larger security issues arose when Bitcoin exchanges were allowed to resume their operations, unmindful of their use in possible terror funding.

By not coming out with advisories in such cases and over-reacting to the Zoom controversy, the ministry appears to have been used by industry in a commercial war between companies. In comparison, MeitY has responded positively to the incident by trying to encou­rage an indigenous replacement for the Zoom software. It has announced a prize of Rs 1 crore for this.

Naavi

(Link to the article in the magazine is here)

A few days back, Google and Apple , the owners of the Android and IoS systems and considered business rivals, came together to make a surprise joint collaboration arrangement.

The collaboration appeared like an attempt to regulate the use of Contact Tracing apps but has a long term implication on the way the World Governance system functions.

If the UN does not wake up, we will have a new nation state that will be under the control of Alphabet and Apple  (A &A) Incorporated.  Facebook-WhatsApp has already created its own nation state with its own currency Libra. If A&A opts for a currency of its own, they will disrupt the current global system more than what the North Korean -China combined regime can do together.

Soon we may have a constitutional crisis of Companies incorporated under the laws of a sovereign State trying to create their own constitutional islands. This idea was effectively used by  Swami  Nityananda who has purchased an island and declared it as a Nation “Kailaasa” with his own Governance system.

Naavi

Alphabet and Apple create a separate legal zone for Mobizens

According to this report in Economic Times

“Apple Inc and Alphabet Inc (Google)would ban the use of location tracking in apps that use a new contact tracing system the two are building to slow the spread of the novel corona virus”.

The Companies plan to allow “only”  public health authorities to use the technology. At the same time they also said that they would prevent the Governments from using the system to compile data on citizens and that was the primary goal of this joint exercise.

Though this appears to directly reflect on the Arogya Setu app in India and its intended operations on which a team of “Highly Concerned Privacy Activists” are working to prevent the Government of India from misusing the App for public surveillance, the issue is more universal. Several states in USA as well as other countries including UK have started using mobiles as an instrument for locating an individual and thereby trace the movements that could lead to tracing the contacts of people with others who may be having infections. If a person is detected as having been infected, it is considered useful to know his movements in the last few weeks and the persons with whom he came into contact with so that the potential risks can be identified and acted upon to reduce the spread of Covid 19.

The new system prevents the use of GPS location data for tracing and requires the contact tracing apps to use Bluetooth in a manner that Apple and Google dictate , for tracing which is considered less reliable.

Google and Apple also said that they will allow only one app per country to use the new contact tracing system. They will allow different States in US to use the system independently but in other countries, they may or may not allow the regions to use the system independent of the federal Government.

By these moves, Google And Apple are projecting themselves as the saviours of the Privacy of people across the globe and dictating terms to the sovereign Governments. They have thereby thrown a challenge to the global Governance system and creating a “Nation State” governed by the users of the Android-IoS driven mobiles.

In this new suggested order, the Android-IoS mobile holders are “Mobizens” of the Android & Alphabet  (A&A) state and the responsibility for protecting the fundamental right of privacy in this nation lies primarily with the A& A.

A &A opt out of protection under Section 79 of ITA 2000/8

Under the current laws prevailing in India the activities of any organization dealing with “Electronic Documents” is regulated by several measures. The sale of mobiles is regulated by business license and a mobile is a system of hardware, the OS, the default OEM apps and the apps downloaded and installed by the owner of the device.

Alphabet and Apple control their own App Stores and are considered responsible for malware free apps to be allowed to be listed there, which they have not been successful in meeting.

Under ITA 2000/8, the mobile is a computer and the OS and apps are accessories. Owners of these accessories are “Intermediaries” with their own responsibilities. Under Section 79 of the Act, Intermediaries are liable for any contravention committed by a user unless “Due Diligence” is exercised and the intermediary is not in complicity. For an entity to use this safe harbor clause, it is necessary that they fulfill the definition of an “Intermediary” and the conditions for availing the protection under Section 79.

The definition of Intermediaries under Section 2(w) of ITA 2000/8 is

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

Under Section 79 (2)

Notwithstanding anything contained in any  law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link  hosted by him.

But the above provision would be applicable (besides due diligence and lack of complicity) only if

(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties  is transmitted or temporarily stored; or

(b) the intermediary does not-

(i) initiate the transmission,

(ii) select the receiver of the transmission, and

(iii) select or modify the information contained in the transmission

By virtue of the above provision, the moment Alphabet and Apple take on the responsibility of how the GPS system or Bluetooth system works in their system, they lose the status as an “Intermediary”.

Hence the CERT-In should issue a notice to both the companies Alphabet and Apple if they are opting out of the Section 79 protection if any available to them under the Indian law.

A & A are Data Fiduciaries/Data Controllers

Now looking at the forthcoming data protection act that is envisaged in India, any data handler who determines the purpose and means by which the personal data will be processed will be considered as the “Data Fiduciary”. Elsewhere the entity may be called “Data Controller”.

The data fiduciary /data controller does not have an independent legal power to determine how the personal data may be handled. Either the data principal/subject should provide a consent by which the personal data has to be processed as per the choice of the data principal/subject or the law should have provides certain exemptions and derogations.

While the Governments may use the powers of exemptions because they have a duty for public safety and health, it is not clear under what legal grounds can A&A state can claim immunity from not giving a choice to the owner of the system to give permissions for the use of his personal data.

Indian law has a provision by which Alphabet Inc or Apple Inc may register themselves as “Consent Managers” who will also be a data fiduciary and have the authority to determine how consents can be given on their behalf for the personal data to other third party data fiduciaries including the Governments. GDPR and other laws may not have similar provisions.

Since the DPA in India under PDPA  is not yet in place, it may not be possible to check the intention of the companies under the provisions of PDPA.

However, a notice can be issued under ITA 2000 itself about whether Apple and Alphabet would like to register themselves under Section 67C as one of the “Digi Locker” service providers. Avoiding an available legal provision to get the permission of the lawful authority is a clear violation of the law of the land and cannot be attributed to ignorance.

A &A should come under the Scrutiny of Competition Commission

Looking from another angle, if Alphabet and Apple having a monopoly of 99 % of the use of “Mobiles” and the activities of “Mobizens”, then all their activities including the current joint venture should be seen with the compliance of the Competition law.

Today A& A is taking the excuse that they want to be the sole distributors of GPS access because they want to protect privacy. Tomorrow they will make it the instrument of making money and be the sole suppliers of GPS data for all application owners.  This is a dangerous monopoly situation.

The Competition Commission should therefore issue a notice to both the companies to explain their stand.

Elliot Anderson should provide guidance for a public cause

I also need to add here that there is one most concerned French citizen who impersonates himself under the pseudo identity of  Elliot Anderson and writes “Aarogya Setu: The story of a failure”

This person may very well be a direct contact of some Indian politician and  could even be a person sitting in Delhi since he is the first to react on Indian developments  even before other Indian security professionals can get a scent of something happening here.

It is to be appreciated that he identified some bugs in Aarogya Setu and gave a notice to the Government to “respond …or else….”. He has explained his analysis of the app after decompiling the source code. Probably what he has pointed out is correct.

But many of the technical experts consider that the bugs pointed out are not significant weaknesses that can compromise the data which is lying inside the user’s device itself in an encrypted state. If accessed it will be hacking of individual device owners, whose privacy Mr Elliot Anderson is so concerned about. (P.S: This is based on the Government’s announcement that the personal data is not transferred  to a data server and is stored within the device).

According to an expert

“For apps of this scale that handle sensitive data, sophisticated code hardening and app security tools like DexGuard or Arxan need to be used. These tools modify the app at build time to add code and also have features like root detection and Frida detection built in”.

The Copyright Issue

However we need to reflect,

If I just call myself an “Ethical hacker”, does that give me the license to overlook Indian Copyright Act or DMCA or any French Copyright Act?

…to the extent of de-compiling the source code and publishing it?

If I am good enough to find the flaws should I not give a reasonable time to the app developer to make corrections? Or even better

Should I not myself suggest the App developer what corrections can be made?…particularly when we are talking of a non commercial public safety app of a sovereign Government fighting the pandemic?

Declaring an App as a Protected System

Had the Government declared that the App is a “Protected System”, even an attempt to unauthorizedly access the source code would have qualified for an imprisonment of 7 years. It is good for these so called ethical hackers that Government did not remember Section 70 of ITA 2000 and how it could have been used to protect such motivated hackers.

The Government which acknowledged the report of Mr Elliot and made some corrections which it thought was necessary should have thrown back a challenge to Mr Elliot to suggest how the code should be modified to prevent the bug he points out. Then we could have found out if Mr Elliot was willing to help in the public cause or only trying to strengthen the hands of the Indian opposition and our own indigenous Privacy activists who along with their friendly media keep criticizing all Government moves without suggesting any alternatives and call themselves “Internet Azadi Brigade”.

If the Government does declare Arogya Setu as a “protected system” now, it will ofcourse face the charge of “Shooting the messenger” charge and hence they may not have the courage to do it.

Need for better articulation

If however the privacy policy provides some warranties such as storing of data within the device, deletion after a specified time etc and declares the purpose, then the only issue that remains for criticizing the app is the “Mandate that it has to be installed by all workers returning to work”.

The Government could have articulated its measure by stating that “Lock down continues in public interest but relaxations are provided only for those who have installed the App”. This would have appeared like a favour rather than saying “All can return to work but they have to install the App” which looks like a punishment.

Naavi

(Comments invited)

Naavi is conducting another online Crash Course on PDPA . This will be a 12 hour course spread over two week ends. There will be two sessions of 75-90 mts each day between 4.00 pm to 7.00 pm.

Participants of this program would be eligible to take the Certification program from FDPPI for “Certified Data Protection Professional-Module I” with a further payment of Rs 5000/- towards membership (If they are not already members) and an examination fee of Rs 5000/- (Total additional amount payable Rs 10000/-). Contact  for more information.

(This is a reproduction of the Article that appeared in India Legal Magazine on April 18,2020)

 The spread of fake news through social media has been a cause of concern for quite some time. It was highlighted in the past during elections and now continues as Covid-19 threatens humanity.

Whenever an election nears, social media is used for campaigns promoting the electoral prospects of candidates. This is a legitimate advertising and promotion activity and cannot be faulted or curbed. Unfortunately, unscrupulous candidates and their campaign managers have focused more on projecting negative information of their opponents rather than positives of their own partymen. The matter has assumed greater importance today with the growth of fake messages which can cause untold damage to society and therefore, have to be curbed ruthlessly. In the past, attempts to curb them failed because whenever legislative controls were brought in to punish fake campaigns, politics would creep in. This would lead to both the supporters and opponents of a candidate being reluctant to identify and prevent fake messages. The attempt to do so was questioned as an assault on free speech and courts were dragged into the controversy.

The last time that the government tried to bring in some measures to prevent fake messages, it demanded that messaging platforms such as WhatsApp identify their origin. WhatsApp, however, refused to do so and stated that any such exercise would compromise its end-to-end encryption system. As a result, intermediary guidelines under Section 79 of the IT Act could not be amended when it was first presented in December 2018. It was a pre-election period and the government as usual did not press the change.

Experts had said that this contention of WhatsApp was wrong and it was technically feasible for it to identify the originating device of a forwarded message without compromising privacy and the confidentiality of the messages. They said that when a message was forwarded several times, it was feasible to ensure that a meta data was attached to the header so that at each stage of forwarding, the device could identity it and the date and time of forwarding are added to the message before it goes into encryption. This was not different from a block chain mechanism where the message with the header information keeps evolving and each such evolved message continues to be encrypted so that privacy and security are not compromised.

WhatsApp’s justification that it was technically unable to agree to the law enforcement requirement was unconvincing and dishonest. However, it yielded a little ground when it agreed to limit the sharing of a message at one point of time to only five recipients so that if a message had to be sent to 50 people, then the sender had to do so in 10 different attempts. This was an attempt to give the impression that it was assisting the government in combating the menace of fake messages without going all the way. WhatsApp also took action against some software developers who had developed applications for mass forwarding of messages through it so that the dispersion of fake messages could be slowed down. This was more to protect their IP than to prevent fake messaging.

When the Personal Data Protection Bill of 2019 was drafted, the government once again made an attempt to take control of fake messaging by introducing a mandatory requirement that social media intermediaries provide an option to users to get their messages displayed with a “Verified Tag”.

However, with the advent of Covid-19, the problem of fake information became more acute as people spread wrong information about its reach, the damage it can cause, likely remedies, etc. This time there was no political backing for the fake messages and hence, there was an apolitical response from WhatsApp with a new voluntary, technical measure meant to slow down their spread. The new system will identify the number of times a message is forwarded and after the first five forwards, this will be restricted to just one at a time. The message will also display an extra arrow to indicate that forwarding is in the restrictive stage. This, however, does not eliminate the message if it is fake. It will only delay the process of forwarding.

By initiating this restriction, WhatsApp has said that it is able to monitor whether a message is forwarded five times or more. This proves that its earlier contention to the government that it cannot identify the origin of a message is false.

Technically, if WhatsApp can count whether a message has been forwarded by one or more persons, then it will be able to identify the message and also from where the forward has come. All WhatsApp messages pass through its server before they land on the destination phone as it has to be re-sent if that phone is not connected at the time the message was first sent. Hence, it is considered infeasible that the WhatsApp server cannot see the sender’s device by whatever ID it may recognise it.

Legally, the government had the power to demand the assistance of WhatsApp not only for identifying the origin of a message but perhaps even for decryption. Section 69 of the Information Technology Act, 2000 gave the powers of interception, monitoring or decryption to a designated official of the government under a specific procedure. Such a procedure is already in place and though a notification to amend the rules issued in December 2018 was stalled, the availability of the power was never in doubt. Further, Section 69 also provided that if the service provider or any other person failed to assist the designated authority, the company and its executives could be imprisoned for up to seven years.

In several rounds of discussion between the Ministry of Electronics and Information Technology, WhatsApp and other social media representatives since December 2018, it must have dawned on these agencies that they stand on weak legal ground in resisting the moves of the government to curb fake news. But now, with the need to prevent fake news to protect the community from a pandemic and with no political support, whatever little courage these companies had in resisting the government earlier must have crumbled. Hence, they have come out with a voluntary offer of restricting the forwarding to a single destination.

With WhatsApp dropping its earlier resistance, it is up to the government to push it once again to institute a mechanism where a header is inserted for every message to identify the origin and each forward. WhatsApp can also initiate measures to monitor such meta data so that there is proactive identification of any forwards to identified groups and they are filtered. Filtering of messages on the basis of intended forwarding would help law enforcement authorities to identify suspect groups who are working against the interest of the public and they can be blocked from receiving messages.

There will, no doubt, be a charge that this would amount to censorship. But if the procedure laid out is stringent and its use is restricted to exceptional cases with hard evidence to back it, the filtering of fake and malicious messages and subsequent legal action can be undertaken by the police better than is possible now.

As regards end-to-end encryption which WhatsApp claims to be impregnable and beyond its capability to de­crypt, the existence of malware such as Pegasus proves that breaking into a mobile device and reading WhatsApp messages is feasible. Hence, end-to-end encryption is not a fool proof system.

End-to-end encryption of a messaging service like WhatsApp is different from that of a voice message like Blackberry or Apple. Retrieving a voice message without the permission of the owner of a device by the law enforcement agency or a hacker requires not only access to the device but also enabling of the storing of the voice files.

In the case of messaging applications, storage and subsequent retrieval is an inherent character of the service and therefore, technically, reduces one process compared to recording of a voice conversation and listening to the recorded files.

WhatsApp restricting the number of forwards, therefore, strengthens the hands of the government. The company can no longer use technical excuses when it is ordered by law enforcement to reveal the identity of the devices originating and forwarding fake messages. This will now also possibly extend to decryption of end-to-end encryption.

Naavi

(This is in continuation of the earlier article)

The circular issued by INS r(Indian Newspaper Society) the posting of some publications in certain WhatsApp groups by over zealous members has the following advise.

1. Take legal action against offenders, especially against WhatsApp and Telegram admins who’re offending and trigger legal notices (WhatsApp group admins are liable for anything illegal that happens in their groups)

2.Additionally, also for any legal action taken, publish  few news stories to talk about the huge fines and lawsuits initiated  against offenders to deter others from doing it.

I would like to draw the attention of the INS secretariat to the following.

Media often accuses the Government and the Police when they take action against the journalists  with the advise “Don’t Shoot the Messenger”. It is common for investigative journalists to adopt bribing and other illegal means to obtain a story which these publications gladly publish. Has INS ever sent any advisory to the publications that their journalists should not adopt such practices or use ethical means of publishing articles without taking bribes?

Suddenly INS has decided to shoot the WhatsApp admins instead of the individual member who has infringed. The threat itself is illegal and violates the principle of “Free Speech” by creating a “Chilling Effect” as discussed by Supreme Court in the Shreya Singhal case.

INS secretariat must learn the law that WhatsApp Admin is only a manager and not an “Editor”. The messages donot get moderated and get posted directly because the person posting the message sends a message to WhatsApp group server and the server distributes it to the group. The “group” only represents a mailing list maintained by the WhatsApp server and the admin has no control other than removing a member.

Further message in the group represents only what is meant for the members and not for public. News papers are shared by family members and in libraries it is shared by many others. Will INS go after the librarians also? If not on what grounds do you discriminate against the WhatsApp admin? Your suggested action is therefore discriminatory and against public policy. If properly pursued INS registration may have to be suspended and cancelled for acting against public policy.

INS secretariat may kindly read the following article where I have explained the WhatsApp aspects in some what more detail.

“police target WhatsApp admins and FaceBook posters once again”

Police, Prosecutors and Judiciary: Please Don’t Create Fake Laws out of your misinterpretation

It is wrong to say that WhatsApp group admins are responsible for all that happens in the group.

If in a news paper an illegal advertisement appears, will you put the Editor in jail?.

In Information Technology Act there is some thing called “Due Diligence” and the WhatsApp admin’s due diligence has certain responsibilities. As soon as a prima facie illegal activity takes place, the Admin has to advise the member to withdraw the post since the post can be withdrawn only by the member who has posted. The only punitive action the Admin can take is to remove the member which is like sacking a reporter for one fake report. Many WhatsApp admins do it when the message is sensitive.

Please let me know whether you advise your news papers to sack the reporters if any of the reporters send a wrong report? If not why treat WhatsApp admins differently?

Secondly, the advise to harass the WhatsApp admins for the infringement with huge fines and further defaming them with publicity because the publication is in charge of its own publication is not a proper advise. It is a conspiracy to threaten members of public and violate the copyright law which may provide for reasonable compensation in case of violation as determined by a Court.

First of all in any Copyright infringement, one has to see whether the person infringing made any unfair gain by the infringement and whether there was any notice of copyright etc. The Courts will consider what is a reasonable penalty. Civil claim has to have some relationship to the loss suffered by the victim and wrongful gain made by the offender. Arbitrarily claiming a large amount is not provided in law.

If Newspapers are losing customers because they have become irrelevant in the age of TV and Social media, dont’ suggest them to recover their losses by suing the WhatsApp admins. The WhatsApp admins of groups where the kind of infringement have taken place will be not worth even a few thousands of rupees for claiming compensation. The publication will not get even the lawyer’s fee for notice in return. The publication can however bribe a policeman and try to harass the WhatsApp admin and both the Police , the publication and INS would be liable for human right violations.

INS as a society of responsible publications should show some maturity before issuing such circulars.

As a remedy, INS should withdraw the part of the circular which targets the WhatsApp./Telegram admins and apologize to the community. You are well within your rights to advise the publications to institute security measures to prevent downloading which many publications do. If you had not done so so far, it shows your incompetence. If your members donot want to spend money on hosting a secure website, you cannot advise them to go after WhatsApp admins.

I look forward to a positive action from your end.

Naavi

(This is in continuation of the earlier post)

I have received a copy of a communication supposed to have been sent by the Secretary General of the INS (Indian Newspaper  Society) to the publications as an advisory which is reproduced below: