Mumbai police to monitor cyber-cafes

I came across this story on the Mid-Day through Schneier on Security:

In fact, it is a well-known fact that terrorists all over the world do not use paper and pen or the phone to communicate. Everywhere, all over the world, it’s the net.

Vijay Mukhi, President of the Foundation for Information Security and Technology says, “The terrorists know that if they use machines at home, they can be caught. Cybercafes therefore give them anonymity.”

“The police needs to install programs that will capture every key stroke at regular interval screen shots, which will be sent back to a server that will log all the data.

The police can then keep track of all communication between terrorists no matter, which part of the world they operate from.This is the only way to patrol the net and this is how the police informer is going to look in the e-age,” added Mukhi.

Logging the key-strokes of innocent people is apparently okay with Mr. Mukhi, who says.

“The question we need to ask ourselves is whether a breach of privacy is more important or the security of the nation. I do not think the above question needs an answer,” said Mukhi. “

As long as personal computers are not being monitored. If monitoring is restricted to public computers, it is in the interest of security,” said National Vice President, People Union for Civil Liberty.

The question I want to ask is, Who made this guy the vice-president for the people union of civil liberty? He sounds like a colleague of Mukhi.

If you walk into a cyber cafe, you can see the kind of people that use these cafes. It’s mostly teenagers who chat or play games, foreigners who communicate with their friends back home, sometimes older people who probably use the net to communicate with children in other countries. Are there people with malicious intent using these cyber cafes? Maybe. But, to penalise everyone else for the sake of a few is just wrong.

Furthermore, these are not public computers. You pay to access the net and in the major cyber cafes, you may even need memberships. So saying that these are public facilities is somewhat misleading. It’s like putting security cameras in the changing rooms of clothing stores to make sure that shoplifting is stopped.

It may be okay to verify the identity of the user and note down who’s using the cafes. Beyond that, it’s a clear breach of privacy and has a nice potential for abuse (see the comments in Schneier’s post).

I understand that the government is worried about terrorism but this seems exactly like the kind of reaction we don’t want because it involves treading on the rights of people who have nothing to do with terrorism. I don’t use cyber cafes but if I get a chance to sometime, I’ll be sure to ask them if they have keyloggers installed. It’ll be interesting to see what the people running the cafe say. (They’ll probably haul me in for questioning as a suspected terrorist.)

Now, if you’ll excuse me, I have to check if someone has installed a keylogger on my computer. Or maybe my ISP is logging everything. Arrgh.


8 thoughts on “Mumbai police to monitor cyber-cafes

  1. This is a genius move.

    Phase 1: Announce that Police will be installing spying softwares on public terminals.

    Phase 2: Bad guys read news.

    Phase 3: They switch to private computers with even advanced covert channels

    Phase 4: No bad guy is caught with spying software, hence Mr. Mukhi and Police pat their own back assuming there is no bad guy.

  2. Ah, but there is more..

    Phase 5: When next terror attack discovered by teenage hacker, they decide to monitor all private computers they deem “suspusious.”

    Phase 6: Our liberties are taken away because we are being spyed on in our own homes. All words that they think are “terrorist” in nature are tagged, therefore making it hard to say what we want to.

    Phase 7: Government looks into China’s great firewall for “big brother” advice.

  3. I do not understand whether Bruce Schneier has gone out-of-mind to circulate this type of nonsence.

    Apart from legal and self-publicity issues, consider following –

    1. Who stops hackers / terrorists of taking backup (copy) the keylogger log
    itself, to hack and blackmail the previous users.

    2. Temporarily all keyloggers can be deactivated for some time using
    utilities like proexp or Antispyware (AVG does it). So, when a seasoned
    terrorist / hacker use a cyber cafe, he/she can deactivate all known spyware
    / keyloggers during usage.

    3. Seasoned terrorist / hacker can over-write keylogger log files with it’s
    own file, implicating even President of India in the overwritten log.

    4. A seasoned user can even fool keylogger by typing in reverse.

    5. clicking on icons does not record in keyloggers. A seasoned terrorist
    will use a predefined copy-paste method. He/She can even copy each and every
    single character to make a sentence without trace.

    Some people use hare-brain schemes, without knowing the intricacies of IT
    Security (Technology and Management), for self-publicity. Many people
    laughed on the suggestion by some so-called security-agencies / persons(s)
    suggestion to ban e-mail attachments, somewhere in March 2007.

  4. VM: I think all Schneier did was to highlight the issue and the fact that it has privacy concerns. In fact, if he hadn’t highlighted the issue I am not sure if I would’ve heard about it.

Your thoughts?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s