INTERNET

PRIVACY AND
DATA
BREACH

BY: Shivam Tewari (pgp18076)

Himanshu Sikriwal (pgp18258)

 What is Privacy?

– The ability of an individual or group to seclude themselves or information about themselves and
thereby reveal it selectively
– Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing,
provision to third parties, and displaying of information pertaining to oneself via the Internet.
– Internet privacy and anonymity are paramount to users, especially as e-commerce continues to gain
traction.
– Breach of sensitive information that might result in loss of an advantage or level of security if revealed
to others who might have low or unknown tractability or hostile intentions.
– Loss, misuse, modification or unauthorized access to sensitive information can adversely affect the
privacy of an individual.
 How Our Personal Information
Gets Revealed
– Internet Service Providers are capable of observing unencrypted data passing between you and
the internet but are usually prevented to do so due to cyber laws.
– Most web browsers save some form of personal data, browsing history, cookies, web form
entries and passwords.
– Phishing and fake e-mails sent to try to gain your personal and financial information
– Misuse of personal information on social media due to unsecured accounts
 Internet privacy risks include:

– Phishing: An Internet hacking activity used to steal secure user data, including username,
password, bank account number, security PIN or credit card number.
– Pharming: An Internet hacking activity used to redirect a legitimate website visitor to a
different IP address.
– Spyware: An offline application that obtains data without a user's consent. When the computer
is online, previously acquired data is sent to the spyware source.
– Malware: An application used to illegally damage online and offline computer users through
Trojans, viruses and spyware.
– “Digital freedom stops where that of users
begins... Nowadays, digital evolution must no
longer be a customer trade-off between
privacy and security. Privacy is not to sell, it's a
valuable asset to protect.” ― Stephane Nappo
Cambridge Analytica Facebook

• Cambridge analytica harvested private information from the Facebook

profiles of more than 50 million users without their permission.
• Cambridge analytica got this data from Aleksandr Kogan who had
requested and gained access to information from 270,000 Facebook
members after they chose to download his personality prediction quiz app
• The Facebook members gave consent to access information such as the
city, the content they had liked, as well as some information about friend
groups and contacts
• In passing this information to Cambridge, Kogan broke Facebook’s policies,
and Facebook has suspended his account as well.
– Data was used by Cambridge to target the
delivery of political messages in Donald
Trump’s presidential campaign
– Data Cambridge collected has still not been
deleted.
– Facebook has drawn criticism for its inaction
to protect users’ privacy
– Users joined campaign #DeleteFacebook in
the wake of the controversy
India’s Data Privacy Framework

– In a billion-strong nation, there are nearly 500 million active internet users and
India’s online market is second to China.
– Internet penetration has grown in the last five years, thanks to the growth of
startups, e-commerce companies and technology offerings across industries.
– India’s primary IT industry bodies such as NASSCOM and Data Security Council
of India (DSCI) have been advocating for stringent data privacy and protection
for years now.
– India is one step closer to having its own data protection law after the Srikrishna
Committee submitted its initial assessment and recommendations.
 Internet privacy violation risks
may be minimized, as follows:
– Always use preventative software applications, such as anti-virus, anti-malware, anti-spam and
firewalls
– Avoid shopping on unreliable websites
– Avoid exposing personal data on websites with lower security levels
– Clear the browser's cache and browsing history on a consistent basis
– Always use very strong passwords consisting of letters, numerals and special characters
Aadhaar Security Breach

– Almost one billion records were compromised in Aadhaar breach incident,

including name, address and other personally identified information
– Flaws in mAadhaar phone based aadhar app potentially allow attackers to
access the Aadhaar database while accessing the demographic data.
– UIDAI to reveal that about 210 government websites made the Aadhaar details
of people public
– A simple google search would reveal thousands of databases with demographic
data such as Aadhaar numbers, names, names of parents, PAN numbers, mobile
numbers, religion, marks, the status of rejection of applications, bank account
numbers, IFSC codes and other information.
Misuse of Aadhaar
Information
– Storing biometric data and using it for illegal monetary
transactions
– Menace of fake Aadhaar cards is also a problem for UIDAI
– Sale of demographic data in black market
– CIA might have access to data base as well
– CSC e-governance Services India Ltd tweeted the picture of
the machine with Dhoni’s form still on the screen with a
bulk of personal details visible
 Highlights From Srikrishna Committee
Report on Data Protection
– Restriction on Processing and Collection of Personal Data
– Only necessary data should be collected for clear, specific and lawful purposes
– Right to be forgotten
– Restriction of disclosure of personal data after purpose is served or consent is withdrawn.
– Data Localization
– Copy of all personal data to be stored in India. Critical personal data can only be stored in Indian servers.
– Explicit Consent
– Sensitive personal data including passwords, sexual orientation, financial data etc. can only be processed with explicit consent.
– Aadhaar Act Amendments
Ensure autonomy of UIDAI and bolster data protection. Offline verification of Aadhaar and new penalties to be introduced.