Sunday, June 10, 2007

Big B Watching or Is this Intrusion of Privacy?

I ain't talking about Big B - Amitabh Bachhan here....
This is about Big Brother - our own police force.

I read an article in Hindustan Times (April 30th, 2007). In first-of-its-kind intitative to tackle cyber-crime, the Nashik police is keeping an electronic eye on cyber cafe users. They aim to maintain real-time photo record of users at cyber cafes and the times spent surfing. This is all done using a software called Webcafe.

Hence if a user goes to a cyber cafe, his photo, name, address and identity proof gets recorded into the main server which would be connected to a central server located at police head quarters. So everytime a user logs on to a computer the details would be automatically transeferred to the police servers. I saw similar kind of photograph based logs in Hyderabad when I was touring. Now with these kind of systems coming in place, we would hope that cyber crimes would reduce atleast from cyber cafes as point of origin. I am still not seeing such measures from cyber crime cell in Mumbai though.

Let's see the other side of story. How many of us like to be photographed everytime you go to a cyber cafe? What is the guarantee that the cafe owners will not misuse the photographed data? Indian Penal Code asks cafe owners to keep a manual record of every user. I think this is really intrusion of one's privacy. If we see the real world attackers - the so called smart hackers will be doing away with all these measures either by using multiple proxy servers or spoofing IP addresses to cover their tracks. They have thousands of ways to find a victim for attack.

I do not say that we should not do anything. But should the measures be at cost of a general user's privacy? Do the police now storing these information now guarantee the safety of our data same way as our banks do for online transactions. Also one needs to wonder how secure are the central servers at police station. It surely has such large amount of personal data now. Are the softwares and servers tested for security before they store such data?

I think everybody should think about this. Feel free to share your comments here. You can mail me at dharmeshmm at gmail dot com