Bhavyanshu Parasher, a young computer science engineer took a look at Prime Minister Narendra Modi’s Android application (among popular apps he studied for his own research purposes). The Narendra Modi app had 500,000+ downloads at that time. He found a major security flaw in how the app accesses the “api.narendramodi.in/api” API.

At the time of disclosure, API was being served over “HTTP” as well as "HTTPS". "HTTP" was being served on older versions of the app. So people who were still using older version of the app were exposed to additional vulnerability. Data (passwords, email addresses) was being transmitted as plain text. In simple terms, your login credentials could easily be intercepted by MiTM attacks. Another bigger problem was that the token needed to access API was giving a false sense of security to developers. The access token could easily be fetched & anyone could send hand-crafted HTTP requests to the server. It would result in a valid JSON response without authenticating the user making the request. This included accessing user-data (primarily email address) for any user and posting comments as any registered user of the app.

The magnitude of the seriousness of the loophole can be understood with the following exploit. The vulnerabilities have been fixed.

Exploit demo

Bhavyanshu wrote an exploit to demonstrate how easy it was to extract email addresses using the security flaw.

"The API endpoint to fetch user profile information (email address) was getprofile. Before the vulnerability was fixed, the endpoint was accessible via “http://www.narendramodi.in/api/getprofile?userid=useridvalue&token=sometokenvalue”. As you can see, it only required two parameters. userid, which we could easily iterate on starting from 1 & token which was a fixed value. There was no authentication check on API access layer. Hand-crafting such requests resulted in a valid JSON response which exposed critical data like email addresses of each and every user." - Original Vulnerability Disclosure.

See, for instance, here is the sample output for xrange(1,10).

Exploit Result
Extracted email addresses of first 10 users

Also, he was able to post comment as any user. For example,

Comment Exploit
Comment sent as user 4234
After this security flaw was exposed, Bhavyanshu and I made considerable efforts to draw attention of the Prime Minister's development team for improving the security, but it would be another three days before the API would stop leaking the information to whoever wished to use the security loophole. It is difficult to say who and how many people have already had access to the user data for all the users of the Narendra Modi app. "Why it took them so long to connect me with developers directly? This issue could have been resolved earlier. The email address provided on play store does not work. Government should find a way to create a direct communication channel between those who report flaws and the developers. They should adopt CVRF.", Bhavyanshu said.

What are the implications for Digital India?

At a time when Indian developers are stunned by the emergence of Ankit Fadia (mostly known as a self publicized, copy-paste plagiarist at-best-mediocre script kiddie), while concerns for data security are paramount, for the Prime Minister's app to leak user information amounts to any malicious entity having a ready list of every social media savvy mobile user supporter of the Prime Minister and ruling party among other citizens. What such information could be used for is anyone's guess.

With the Prime Minister releasing a site a month on an average, the complete lack of interest in securing the application from unauthorized use is alarming. What kind of information crucial to the country could be leaked to the unscrupulous with such a casual approach to securing the information that the government seems bent on putting online if the security for such a key app with 5-6 lakh users was so careless designed.

What happens if a hacker publishes problematic information as another user?

Digital India cannot succeed if it merely courts the big business of the internet without actually having the competence to secure its own data. That would be like riding a race horse without saddle, stirrups or even knowing how to ride. Sooner or later, the horse goes rogue and you have no way to save yourself, let alone control it.

1

As I write this post, Indian Digital rights activists are watching in horror as "ethical hacker" Ankit Fadia has been declared the brand ambassador of Digital India. As Twitter goes nuts trying to show how big a "blunder" this is, perhaps it is time to realize that it is not a blunder. It is a deliberate stupidification of India with deliberate installations of mirrors of Modi's will rather than independent intellectuals.

Deliberate incompetence is the hallmark of appointments by Modi sarkar and they happen too often to be considered mistakes. From Smriti Irani, who faked her own education credentials handling National Education to Ankit Fadia, a self proclaimed ethical hacker no professional respects is only the tip of the iceberg that had started showing up right from Modi's election campaign.

Kirron Kher, contesting from Chandigarh in the Lok Sabha Elections had candidly admitted in an interview to the Indian Express, "I am not a politician. I do not see myself as politician. I see myself as somebody who is working for my city and fought (elections) to get one more seat to (Narendra) Modi ji. That is how see myself. I did not ask for the ticket. It was given to me and now I am here." Contesting against a 4 time MP Pawan Bansal of the Congress and Gul Panag of the Aam Aadmi Party, the candidature of Kirron Kher had been met with black flags by BJP workers themselves in Chandigarh. She won.

From Modi's holograms being projected nationwide to sidelining of senior leaders, Modi is clearly a man not interested in the contributions of others, even as he accepts their necessity. The Supreme Court rapped the Women and Child Ministry for the delay in filling vacancies in the National Commission for the Protection of Child Rights, but the reason turned out to be the PMO not clearing their appointments.

But if we see the appointments being made, there is little reason for cheer. Amartya Sen resigned in protest citing unprecedented interference in academics from the government. I do not see him as a leftist, but I am aware the supporters of the present government do. Yet we now have students of the FTII protesting as well. Surely the case cannot be that Modi lacks supporters among excellent actors that he settled for Gajendra Chauhan to avoid dealing with a "secular" (as his current whine in foreign countries goes)?

In a scathing piece on the rise of "anti-intellectualism" under the present government, Rishi Majumder identifies the common thread behind persistent absurd appointments as "The lack of a strong, distinct, individual vision for what they want to achieve with their charges." even as they are good managers. I see it as the appointees being conduits for a vision dictated from sources out of public scrutiny. Mirrors, mirrors everywhere, readily reflecting someone's will.

But there is more. It is a deliberate flaunting of unchecked stupidification in an obscene carnage of an intellectual India. The word "intellectual" itself has been turned into a slur by the supporters of this regime. The message is clear. "We do not want your fancy theories. We want the freedom to define scholarship however we wish." The trend is far reaching and flaunted at the most trivial of opportunities. Of all the journalists in the world, Modi chose Fareed Zakaria to give his first interview. Till then, Farid Zakaria's biggest attention puller was when his articles got pulled down for plagiarism.

Smriti Irani got rewarded for her loyalty and robust defense of Modi.  Fine. But it is not just that. What she was entrusted with was something she had been discredited for. It is not about less qualified politicians. Faking qualifications on an election affidavit is an act that declares that her qualifications felt inadequate to her own eyes. She could have been rewarded in many other ways, but she now she handles the nation's education. Something she has been established as inadequate about.

It is not merely loyalty. Modi's supporters include several senior journalists as well, but would someone like say, Kanchan Gupta accept being told what he could ask and what he couldn't? In addition to showing critics that they cannot stop him, no matter what he does, Modi's choices of people are also a statement of what behavior among supporters will get rewarded. Modi does not want independent thinking even among his supporters. Kanchan Gupta and Subramanian Swamy - two of the most independent thinking right wing thinkers are conspicuously free of responsibility, even as jokes circulate about Advani in the margadarshak mandal. The three countries Ajit Doval (who had been caught with Chota Rajan'sgangster) took an interest in, bombed in terms of foreign policy. As we speak, freaking "Hindu" Nepal has people outraging against India. It does not seem to matter to anyone. Baba Ramdev is selling churans to cure dengue and collaborating with the Defense Research and Development Organization - toward what purpose is anyone's guess.

Modi himself seems to take absurd speech to greater heights when he talks of Ganesha's head being an evidence of plastic surgery being practiced in ancient India. Not even transplants, mind you. Plastic surgery. While speaking of a super elite hospital helping improve healthcare for the masses in India, like the 32-rupees people would be lining up to pay over a thousand rupees to even be seen as an outpatient in this miracle hospital. Let there be no doubt that not even an effort to sound rational was made.

At a time when Modi has the biggest organized support among all public figures on the internet, at a time when he launches an average of two websites a month, at a time when a large part of his election victory was due to towering ethical and unethical efforts online, it is absurd to imagine that he does not have anyone to be a better brand ambassador for Digital India than Ankit Fadia - who is not respected by anyone other than abject ignorant newbies to coding. As far as appointing for incompetence goes, Ankit Fadia would rank as his second most spectacular appointment (the first being Smriti Irani, of course), because for anyone who has even passable knowledge of the subjects Ankit Fadia writes about, his name has become synonymous with plagiarism. A superstar script kiddie with dubious claims to fame. But he has the one thing Rishi Majumder had identified as a prerequisite. There is no evidence of Ankit Fadia even wanting to learn as long as he can sell his books and meaningless certificates.

Modi sarkar does not care that it reflects idolizing of incompetence on issues crucial to the nation. It does not need to care about public opinion for another 3.5 years. In a world where policies useful to cronies must be pushed unhindered, intelligent people slow things down with their questions. Even when they support. Unthinking and efficient people doing as told is what makes selling the country out from under people's feet possible. Meticulously following the government's stand, and unperturbed, supporting the government's opposite stand as well, when criticism forces a U-Turn.

 

The message to supporters is even clearer than it is to critics. I want your support, not your brain. If you want your reward, this is your key.

 

First of all, what is National Encryption Policy?

“Under Section 84A of Information Technology Act, 2000 Rules are to be framed to prescribe modes or methods for encryption”. So DeitY has framed a draft of such rules which will decide the future of how encrypted services are to be used or provided to users in India. The preamble in the draft clearly shows that they very well understand what encryption is meant to be used for. What they fail to understand is how it helps secure communication between two entities. The problem lies in the strategies stated in the draft. Let us break the draft into parts and try to analyze how exactly they can possibly ruin encrypted services and also how it will affect you.

  • (III Objectives i)) states “to protect privacy in information and communication infrastructure without unduly affecting public safety and National Security”. This is perfect but then they contradict themselves by saying (IV Strategies 4), “On demand, the user shall be able to reproduce the same Plain text and encrypted text pairs using the software/hardware used to produce the encrypted text from the given plain text. Such plain text information shall be stored by the user/organization/agency for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country”. Yeah, so what is wrong with this? Well, to answer this, let us take an example. You are currently using messaging services that encrypt data sent over network. You still have a sense of security that you can freely talk about things over the network without worrying that ISPs, private companies and the government are continuously monitoring/logging what you say. The problem arises when the private companies like your Internet service provider, government and even notorious hackers can misuse this data. What government has stated under “Strategies” is not exactly that but a different version of this. They don’t want to get rid of the encryption but want a backdoor access to the encrypted networks. This is not acceptable. By demanding this, they are putting critical data and infrastructure in danger. Why? Ask these questions to yourself. Can we trust the authorities to keep the keys and the data in “Plain text” safe from hackers? It is common that hackers target government organizations everyday to get their hands on information. Governments are easy targets for most hackers because they don’t invest enough resources in security. Can we trust the government employees with our data who can’t prevent hacks on government websites? The cost of such security breaches would be severe. Think if e-commerce companies are forced to keep currently encrypted data in plain text as well. Not challenging anyone’s security but knowing that hackers always find a way in, from experience, I can tell that I would probably never use e-commerce services again knowing they are storing critical data in plain text as well. Like me, many would not want to access such services ever. This will affect the economic growth. These services will lose users. If there is a security breach and hackers have access to data stored in “plain text”, people will think twice before using such services ever again. At least currently the data is encrypted. Even if hackers get in, there is still an extra layer of protection. They may or may not be able to decrypt the data easily. Of course it all depends on the methods used to encrypt such data. This is one of the major problems that I personally see with government asking services for back-doors.
  • (IV Strategies 5) states that “B/C groups (i.e. B2C, C2B Sectors) may use Encryption for storage and communication. Encryption algorithms and key sizes will be prescribed by the Government through Notification from time to time. All information shall be stored by the concerned B/C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country. In case of communication with foreign entity, the primary responsibility of providing readable plain-text along with the corresponding Encrypted information shall rest on entity (B or C) located in India”. The entity B is any business and commercial private or public bodies providing encrypted services and entity C includes every citizen. This is completely broken. They say that all information should be stored by concerned B/C entity for 90 days from the date of transaction. How can they expect citizens to store such information? What if the hackers hack into anyone under “C” entity and gets access to that information. In that case, who will be held responsible? Will the government take responsibility because they demand users to store such important information for 90 days? Moreover, they are clearly saying that they will be the ones to dictate what encryption algorithms to use and what should be the size of the key. This will cause problems to any business on the technical front. What if their business wants to use a different encryption algorithm because it suits their requirements better? Now the government will decide how you should do business and the technology used behind your encrypted network? That’s why this is completely broken.
  • The most absurd point, according to me, (IV Strategies 7), states that “Users within C group (i.e. C2C Sector) may use Encryption for storage and communication. Encryption algorithms and key sizes will be prescribed by the Government through Notification from time to time. All citizens (C), including personnel of Government/Business (G/B) performing non-official/personal functions, are required to store the plain-texts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country”. This is a horrible strategy to propose. See, C group contains every citizen. So this clearly applies to communication between two citizens. Now let us take an example. I encrypt most of my emails with PGP and now according to the above stated strategy, the government can tell me to stop using PGP and use something else or they can also tell me to reduce the size of the key. This will only make my data more vulnerable. There is a reason why PGP exists. I use it so I can be sure that the email is only read by the person whom I grant access to. No matter what network it passes through, no one else will be able to read that data. I have this sense of security right now. The point 7 even takes away that from me.
  • (V Regulatory Framework 1), states that “while seeking registration, the vendors shall submit working copies of the encryption software/hardware to the Government along with professional quality documentation, test suites and execution platform environments”. This is very stupid. Why? See, if some xyz organization has some patented or closed source encryption technology, the government cannot just ask them disclose every detail of the encryption technology. The government will have to get a license from the organization to get each and every detail of how the encryption is implemented. Think about the cost. Secondly, the more problematic situation is that what if such details land up in the hands of competitors? Bam! that will expose your whole security infrastructure to competing company. That can happen. How can you rule out such possibility when you know more than one organization has all this information stored somewhere? Whom can you trust?
  • (V Regulator Framework 3), states that “The vendors of encryption products or service providers offering encryption services shall necessarily register their products / services with Government for conducting business in the country”. So most of the services will probably not wanna do business in India because of above stated reasons. Now you only decide if it’s going to affect the economy or not.
  • Lastly, (V Regulator Framework 5), states “Users in India are allowed to use only the products registered in India”. Well, say goodbye to VPN services. You see what they did there?

I am just an engineer. I am stating my opinion on this because I think it will affect me a lot. Your comments on this are welcome and hope we can have a healthy discussion on this. This will ultimately affect you and how you use Internet services. Hence, this is a crucial matter and everyone from tech should participate in this.

[Update - September 21]

New exemptions to DeitY policy
New exemptions to DeitY policy

All those who are saying that the proposed addendum exempts social media apps, messaging apps, etc., have clearly not read the addendum point 1 carefully. It states that “mass use encryption products” are exempted from the NEP. The “mass use encryption products” definitely does not include copyright crypto algorithms/proprietary encryption products owned by respective companies. So it does not clarify anything but only adds to the problems.

I am just an engineer. I am stating my opinion on this because I think it will affect me a lot. Your comments on this are welcome and hope we can have a healthy discussion on this. This will ultimately affect you and how you use Internet services. Hence, this is a crucial matter and everyone from tech should participate in this.

Originally published by Bhavyanshu Parasher here.

 

2

This thing has gone on long enough. Thanks to extremely targeted promotion of one tweet, many BJP supporters who accuse me of it get used to unintentionally participate in a sexualized trolling campaign by BJP's gutter wing. Several have apologized after coming to know the full story. So, this post is addressed to Modi fans - bhakts in common parlance who may or may not be intentionally engaging in something they would otherwise find obscene.

This post is not a defense of that tweet. I do not feel sorry for it and I stand by it and it has not been answered to date. It is merely the larger picture around the tweet that allows you to make an informed choice on how low you are willing to fall in order to attack people.

Since I have finally been able to download my tweet archive, here is the series of tweets relevant in that scenario. Some are from me, some are from others. Some supporting me, some attacking me, some by me attacking the trolls as well as BJP's signature sexualized trolling. To be noted here is that since this happened, I have also seen supporters of AAP doing this on occasion, but the overwhelming "market leader" continues to be BJP.

There is good reason to believe that this behavior is part of BJP's media strategy given the revelations in Operation Blue Virus stings, the fact that the Gujarat government under Modi explicitly created social media budgets (at Gujarat state expense) and that some of the most abusive profiles are followed by our Prime Minister's Twitter account - independently verifiable.

**************************************

It was election time and anonymous handles supporting BJP were out in full force. These handles execute organized trolling attacks on critics of BJP using a combination of statements taken out of context and interpreted to create offense, false accusations and sexual insults - particularly against women critical of BJP. These tweets are also used to incite regular followers of BJP against critics and create an overall sense of BJP being wrongfully under attack.

This is not a new thing. However, it seems to be escalating and I chose to not accept the defiling and deliberate hostile environment that is aimed at silencing criticism of BJP. Over the week leading to this, I as well as several other women had been the targets of extremely obscene attacks by the "bhakts" as they are called for their unreasoning worship of Modi and relentless attacks on his critics.

The nature of these organized attacks is to intimidate or shame women into silence. Some of the tweets spoke of me having 10 fathers. Earlier I had been asked about the "rate" I charge for my son - implying I prostitute him to pedophiles. I have been accused of being a "lesbian" (it is apparently an insult in bhakt lingo). The broom shoved between my legs has featured in many sneering insults (implying sexual favors to the Aam Aadmi Party). And more.

These are 100 tweets from that day, removing irrelevant replies or comments.

 

 

 

This is where shit hit fan.

BJP supporters started targeting me with insults. I replied to some, ignored others, etc.

It was one of these tweets that got a reply telling me that I "open my legs for Kejriwal". When I was told that I "open my legs" for Kejriwal (the week before that it was promoting me as the date for AAP politician Ashutosh for the kissing festival) and more, I asked back if it was normal for women in BJP to "open your legs" for Modi. Was that why BJP supporters kept assuming sexual favors to politicians in the actions of women who didn't support Modi?

 

 

A second tag floated by @AListRap started trending as people got angry with the content on #OpenYourLegs

And then I did what I often do to tags that bully people. How could I do any less than that for myself?

I participated the tag, disrupted it and turned its tone.

Many people were also furious. Angad Singh blogged about what had happend on The Young Indian blog.

https://twitter.com/waterfiresand/statuses/528594279325655041

 

Even BJP supporters were apalled in their own ways.

 

 

And there were a few who got uncomfortable, but couldn't bring themselves to quite say that sexualized trolling is wrong, but still thought it should not be done because it gives "publicity" to me. Yeah. Strategy backfiring is a problem. Abusing women should be fine.

Rattled trolls made me a target of a solid 3 day campaign of sleaze. The quote "open your legs" which was quoted originally from an accusation leveled at me (by a female profile) became a meme. Tweets ranged from the mundane "hey bitch #openyourlegs" to elaborate poems, jokes and more.

 

The tag continues to get criticism

But it isn't only me. Every woman with a real profile who criticises BJP meets this treatment sooner or later and at the same time from a horde of handles. Yesterday it was Sonakshi Sinha (who happens to be the daughter of Shatrugan Sinha - a BJP leader currently not kowtowing to high command) and Sonam Kapoor. But it is pretty normal for those who dislike BJP to face such attacks.

This is what you end up participating in, when you believe you are oh so defending. Because you're the cannon fodder to be fed information selectively so you will participate in a hostile mob. Whether you want to be used or not is your headache.

The abusive tweets are always made from anonymous profiles, they always defend BJP and they are never asked to exercise caution by any real BJP profile. The strategy of deniable bullying reaping profits for the party continues and it will continue till the masses decide that this is not acceptable for us.

It is not acceptable for me. I will not be intimidated into silence.

In any case, you, your shift and your overtime cannot shut me up.

The Maharashtra government advisory to the police on Section 124 of the Indian Penal Code make a mockery of democracy itself. Here is a translation of the five preconditions it has issued.

  1. Verbal or written, words, gestures or images or other content that expresses hate or contempt or dislike, insult or discontent or enmity or treachery or disloyalty towards the state or central governments in a manner that provokes violence or discontent.
  2. Written, verbal, gesture/signs or other communication that suggest that these politicians or public servants are representatives of state
  3. Criticism that intends to create change through legal means and that doesn't demean or create dislike for the government should not be prosecuted under this section.
  4. Only obscenity or indecency should not be applied with this section.
  5. Before this section is applied, opinion of Zilla officials should be obtained. Within two weeks, the the public prosecutor should be consulted.

This advisory has naturally generated significant outrage. The document being in Marathi has prevented many legal commentators who don't understand the language from commenting, while BJP supporters are attempting to discredit the outrage as false by emphasizing the third point and pretending that that is all the advisory contains.

I am not a lawyer, but my reactions.

  1. The vagueness of the parameters identifying sedition rival the notorious IT Rules. Similar to them, pretty much anything that reflects badly on the government could be described by such sweeping descriptors. Irritate normal people, get takedown notices was the UPA2 gift, irritate the government and get booked for sedition seems to be the summary of this point - it covers dislike - you don't even need to read the rest! Disliking a government could get you arrested? How about a government serving people as promised and not being disliked? Something like asking for your promised 15 lakh could now go beyond not just getting your promised riches, but also landing in jail for asking for it, because hey, people would be discontented because of this, right?
  2. This basically amounts to the words/signs being against government representatives.
  3. This seems very magnanimous of them with all the nice promotion by organized trolls, but the fact is that it is rather sinister that legal process to address problems gets covered under a law for sedition to begin with, and then you actually don't have a categoric endorsement of your right to engage the system, you have it as long as you don't demean the government or create dislike for it. It is actually taking a right you had without restrictions, magnanimously handing it back to you with restrictions, and then promoting the hell out of it because they gave it back at all.
  4. This is actually the real "magnanimous point". How generous the government is being, upholding your right to not be prosecuted for sedition over obscenity or indecency. Waitaminit, HOW in the big fat world would either of them be sedition to begin with that their not being has any meaning at all? I doubt that even the sexually repressed Hindutva brigade can anticipate an epidemic of indecency large enough to be a threat to the nation. This is a talking point basically to show that the advisory had a larger aim than creating a set up for people to be arrested and prosecuted for a crime against their motherland for pissing the government off. This point, not having any real stake could even be happily conceded to critics in a compromise.
  5. Nothing much to comment here. Procedural sho-sha. Let us not even pretend either entity cannot be managed to target whoever the government wants to put six feet under.

In my view, a document that advises punishing people for disliking their government or being discontented has no place in a democracy.

There seems to be an organized effort to present this draconian advisory as a requirement emerging from the Aseem Trivedi case. This is a flat out falsehood. This advisory contradicts the High Court guidelines, and as pointed out by Saurav Datta on Twitter, invites contempt of court.

5

Porn has come under extensive criticism from feminists as well. I find this scary. Accusations vary from porn resulting in rape to porn being born from an exploitation of women. I disagree with a lot of these accusations and agree with a few, but do not see blocking of porn as an answer. More importantly, I find it alarming that feminism can selectively abdicate interest in the agency of women.

Who decides whether and what porn should be banned?

A large part of the feminist view is that men deciding what harms women is a problem. A sizeable chunk of feminists also thinks porn should be banned because it harms women. Very few people actually ask porn watching women or performers. In my view, people who don't want to watch porn are not required to watch it, just like people not interested in cricket are not forced to follow scores on cricket websites. Thus, there is little question of porn being imposed on people and the primary stakeholders would be producers, performers and viewers - mostly not consulted in deliberations on bans. Other stakeholders could be law enforcement, social workers and doctors working with the industry and so on. Few, if any women enjoy porn that is violent, but there are women viewers as well as performers who like rough sex porn. Our efforts to figure out a way to reduce the harms of porn don't consult them. In my view not only is this authoritarian, bypassing stakeholders is unlikely to result in effective ways of dealing with the issue.

Can porn cause harm?

There is harm related to porn including addiction, unhealthy expectations about sex and violent or non-consensual sex. On the darker side is a sordid saga of drug abuse among porn performers, sexual abuse and allegedly, trafficking women to make porn, blackmail and more. Extreme and hardcore acts or object insertions can result in people injuring themselves. Those added to a rape can result in serious injury and worse. They can give men all sorts of misconceptions about what women like during sex. And this is "legal" porn (as in not depicting criminal acts) - not even necessarily violent porn. There is also little doubt that a lot of mainstream porn is too aggressive and disrespectful of women for women's tastes.

So are many Bollywood films. I'd argue songs like "Khambe jaisi khadi hain" starring the conscience of the nation, Aamir Khan, with "heroes" pursuing reluctant actresses, heartily idolized by cheering and jeering mob of sidekicks have inspired more non-consensual  sexual pursuit of women than porn films ever will. Catcalls and whistles from the balcony during rape/molestation/erotic scenes are embarrassing cinema traditions. When the heroine can slap the hero for harassing her, and discover at the end of the film that she was wrong for misjudging him. I would argue that public figures and people in positions of authority that excuse rape and hold victims responsible for "asking for it" do more harm than porn. Because these are cultural influences, rather than private activities.

What are the things already being done about "bad" porn?

Association of Sites Advocating Child Protection, Internet Watch Foundation and FBI track and seize servers that run child pornography. Google does not want revenge porn to appear in search results. There are other initiatives by ordinary netizens like Anonymous who are relentless in their efforts in their pursuit of child abusers and child porn. Efforts like feminist porn, Porna porn or sex-positive porn are growing rapidly as more and more people turn toward more "real" depictions of sex rather than aggressive porn that "gets off" on humiliating women. Bishakha Datta puts it well in her fine article on the porn ban, "If we applied the free speech argument to porn, we wouldn’t ban porn. We’d fight porn with more porn, make more porn for women." She is planning to create a porn-o-meter service to rate porn for being child, women and law friendly that depicts women enjoying and controlling the sexual action as well. Top rated videos of most popular sites are increasingly of the kind where women participate and enjoy the sex.

Above prejudices and ethics is hard business

A part of the problem is also the "quality", as a pragmatic porn performer who does not want to be named, told me. If a director fails to convey pleasure and emotional connect it can look alarmingly indifferent to a woman's pleasure. A woman's pleasure can be more subtle to portray and capture than a man's very visible orgasm. It is also no coincidence that most films with good production values and acting and direction also have sex that looks enjoyable for all participants.

While the audience was mostly men, this did not matter so much, but with the rise in viewership by women, this has started mattering. If women friendly porn has demand, it will be created. And it should be, because as Pu La Deshpande had said in his speech celebrating the 75th show of the outrageous Sangeet Vastraharan, "There is only one answer to inappropriate things and that is doing what is appropriate in an excellent manner."

Here is Erika Lust, who makes porn videos talking about the need for porn to change.

Porn is hardly a new concern. Other countries already have laws that the biggest sites have to comply with to remain accessible to viewers in order to profit. Any porn site with noticeable viewership already explicitly requires performers to be of adult age and to sign consent forms. They remove reported criminal porn - because they are here to do business from the desires of people, not protect criminals at the cost of their own business and reputation. The question of why aggression with woman turns men on - whether as a fantasy or in real life is a question beyond the scope of this piece.

Does porn symbolize crimes against women?

Meena Kandasamy, a feminist has published an article in which she argues against the porn ban, yet declares porn to be against women's rights (then why should it not be banned?)

I do think that the pornographic industry overwhelmingly represents NOT freedom but its opposite, the enslavement of women's bodies, the casualisation of paedophilia, the trivialisation of rape, the culture of trophy videos of rape, and all this, on top of being one of the most exploitative global sex industries that has trafficking, forced prostitution, abuse and near-slavery ingrained in it.

I invite anyone to check out the top porn sites to see if pedophilia or rape is present at all (whether casualized, trivialized or in another form) let alone "overwhelmingly represents". Women who participate willingly in BDSM cannot be considered to be "enslaved" beyond the sexual role play. I dare say that if the top visited sites don't carry it, most porn viewers never come across it. If you specifically search for child or rape porn, you will find it regardless of blocks, because if there is something you can find on the internet, you can find it around a block as well.

Conditions of porn performers

There are porn performers who reach the top of name and fame as performers and go on to produce their own content and there are those that do a brief stint and reach a dead end - like the bulk of acting and modeling work. There are plenty of "stars" speaking candidly about the profession, including their sex lives on and off screen when their partner is also a co-star; interacting with fans in an extremely candid manner, including doing Reddit IAmAs, where anyone can ask them anything and answering questions on Quora. There are candid Reddit IAmAs of partners of porn performers who speak of dedication to their work and career; the "work" of porn and sex being different things and even being committed to monogamy off screen.

Technology is killing mainstream porn but empowering the talent. It cuts out the middle man and let's almost anyone work from home. ~ Tory Lane

It is a career choice with its occupational hazards. Not all that different from a film star talking about how it isn't all about glamour but days of slogging doing retakes after retakes.

A construction worker abuses her body for far less money and comfort. Do we call for bans on construction work or coal mines because workers fall to their die, get health problems or abuse their body beyond endurance for a pittance? Is it not supremely ironic that feminists who would otherwise object to a woman being measured by her vagina end up condemning entire professions chosen by women because the part of the body overworked is the vagina? Is being a woman all about being a vagina then, that breaking your back ferrying gravel and cement is no reason for a ban but a far less brutal life as a sex performer is? Or is it that there is nothing to be outraged about a woman's sexuality unless she happens to earn from it?

This is not to say there is no ugly side. There are sex performers who get exploited, who face rude costars and suffer unpleasant sex from both the physical stress of postures for camera rather than comfort as well as brutal partners with usually larger than average penises. They speak of the abuse and humiliation of derogatory co-stars, being penetrated roughly, of drugs and exploiters. Why does the "victim" return to do another film? Performers make compromises they later regret because of the lure of money, like any of us. Women have had sex in ways that strips them of dignity for all kinds of reasons ranging from promotions to desperate attempts at preventing husbands from straying.

Defining the whole by a part

But more importantly, it is not so different from the million other people who "bitch" about their jobs, even as they continue to do them. Go to a corporate office, there will be bitter sense of victimization by colleagues and seniors considered to be manipulative, exploitative or otherwise unfair. Of bosses who will push employees beyond endurance to get the "work" done. Of work pressures that lead to suicides. Students commit suicide from exam pressures. Farmers commit suicide because they cannot afford to live. Bigggest common factor in cases of marital rape is marriage. Ban marriage? Every profession, occupation has a terrible side, but porn and prostitution appear to be two where a professional cannot talk about a bad day at work or problems they face without it becoming the "truth" of the industry.

What about the agency of women?

Whatever happened of the power of women to make choices including their own mistakes? If a woman chooses to wear skimpy clothes and walk on the streets of Delhi at midnight and gets raped, do we ask for roads to be closed to public after dark? If a porn performer faces abuse, why is it that instead of insisting that criminals be brought to book, we act like the ministers we condemn and condemn porn instead of the specific criminals? There is some preference within people to prevent porn, just like there is a preference to prevent women out on the streets among those who would deny them agency.

Concerns about Indian porn performers

That said, while I have no data, my perception is that the Indian porn performers do much worse than those in countries where it can be produced legally. I believe this is because performing contracts, mandatory health checks, legal status allow legal porn performers to build proper fan followings and improve  working conditions in ways that they find safe in ways Indian performers cannot. Indeed a lot of Indian porn I have seen appears to be little more than a shoot of a sexual encounter with a prostitute with little production values or direction beyond showing sex. If porn performing were legal in India, many prostitutes would be able to move out of prostitution and dictate who they would have sex with for an income and on what terms. They would be able to create and sell their own porn instead of being videotaped by profiteers who exploited them for their own profit. They would be able to choose producers who offered working conditions that did not exploit them.

What can the government do?

If we really want to do something about porn, in order to prevent exploitation of women, the need is not to ban it, but to legalize porn production so that working standards may be enforced, production companies can be formed and held accountable for the age and consent of performers in videos they produce and more. So that a porn performer may be able to file a case for rape just like any model can, if she gets forced to do things she has not agreed to do. I have often argued that instead of prudish bans on sex related activities like prostitution or porn, India needs to encourage a thriving sex industry that allows the government to crack down on exploitation and crime, because professionals will be interested in maintaining their licences to operate. Instead of fighting a token war against a tide of people interested in sex and profiteers thriving on exploiting women to provide it, the government can turn the bulk of consumers and providers on their side and really create conditions that deter crimes and exploitation.

If porn is legal, it will become easier to monitor human trafficking, because the larger production houses that earn the most will have a vested interest in remaining legal and focusing on the money and they will have a way to be legal. Smaller operators in turn will not be able to earn enough from meager revenues from marginalized visibility to make the risks of crime worthwhile. It may not stop crimes altogether, but it will most definitely help to make them unnecessary as well as serve as strong deterrent for the vast majority.

One strength the government has, is the same one it exploits when it profits from FDI. The size of India's population is an asset when it comes to being a market. If the government can identify porn that encourages unhealthy attitudes about women and consent, it can pass a law requiring such content to carry disclaimers For example:

  • The following material is a fictional depiction of activities that are illegal in civilized countries - for enacted rape porn or "forced sex" etc
  • The actions depicted in this video can cause injury and are performed by practiced professionals. Don't try them at home - for extreme insertion porn.
  • The women in this video have consented to participate in a fictional depiction of dominance over women. Such actions without consent are illegal worldwide. - for rough sex, domination, BDSM, etc

Given the size of India's population, if sites that don't comply are blocked, it will result in a competition for the market share and allow the government to actively combat harmful messages potentially conveyed by porn.

The need is to not measure porn by the ethical standards of prudes with malice toward the industry, but by the standards of those engaging with it.