Pierluigi Paganini January 07, 2014

The Indian Government is launching Netra project for internet surveillance. Obvious concerns for online privacy and freedom of expression of Indian population.

The Internet surveillance in India is reality thanks  a project codenamed NETRA (Network Traffic Analysis), it is able to detect and automatically capture any voice traffic passing through software such as VoIP systems including Skype and Google Talk.

In Hindi NETRA has means “eye”, an eloquent word to define a surveillance project considerable as the Indian version of PRISM.

NETRA is currently under testing by the Indian Intelligence Bureau and Cabinet Secretariat, it was designed by the Centre for Artificial Intelligence and Robotics (CAIR) lab.

NETRA has the principal purpose to allow the government to monitor the Internet and telephone communications, the news has been reported by the Economic Times and relaunched by my Indian friends at TheHackerNews.

A hilarious note on the project NETRA, according to the first revelations it is defined to use only 300 GB of storage space for storing the intercepted Internet traffic … what’s wrong?

“During the meeting, it was also decided that 300 GB of storage space for intercepted internet traffic would be given to a maximum three security agencies, including the IB and Cabinet Secretariat, while an extra 100 GB would be assigned to the remaining law enforcement agencies, the minutes of the inter-ministerial panel meeting showed. ” states the Economic Times.

Sources at The Hacker News confirmed the news adding that NETRA “is a hardware device, and will be installed at ISP (Internet service provider) level on more than 1000 locations. Each location will be called as “Node”, with 300GB of storage space.”

“So, there are 1000 nodes x 300GB = 300,000GB of total space is initially decided to set up.”

The Indian government has to provide more information on the NETRA project, it has not cleared the final use of the architecture, does it deal with Computer Security Incidents and  vulnerabilities?

“The ‘Netra’ deployment strategy was recently discussed by an apex inter-ministerial group headed by DoT’s member (technology) and included top officials of the Cabinet Secretariat, home ministry, DRDO, CAIR, Intelligence Bureau, C-DoT and Computer Emergency Response Team (CERT-In). The panel also deliberated on ways to respond to computer security incidents, track system vulnerabilities and promote effective IT security practices across the country. ” reported the Economic Times.

Of course there is a great concern for Indian population’s privacy, surveillance activities are intrusive and could interfere with online communications.

Unfortunately the Indian law framework in matters of privacy and confidentiality is very dated, inadequate to approach the contemporary debate on surveillance and risks of censorship.

Privacy or Homeland security? This is the contemporary dilemma

Pierluigi Paganini

(Security Affairs –  NETRA, Surveillance)