Delhi Police Project O-Sint: Apprehensions and better OSINT alternatives
It took me a while to figure out what the project was. O-sint? Then another source published it without the hyphen. OSint? OSINT! Far from being the code name of some newfangled Op by Delhi Police, it is a term straight out of the US_NSA penchant for alphabet soup acronyms. Right up there with SIGINT, USMIL and CONUS. Another source is of the belief that Osint stands for Open Source Intelligent system or something.
Regardless of what it stands for, some things are crystal.
- Cops are not going to give up on collecting intel.
- Nor should they. If cops don’t monitor openly available intelligence, they are fools. The surprising part is that it took such a long time, while they were ****ing about with privacy invasions.
- Corporate puppeteers of the government see this as a money earning opportunity, and there are talks of bids by IT companies. I suppose this will get call centerized, unless smarter people can mess it up.
- Fundamentally, Open Source Intelligence is publicly available information. The source of the information is public – open. Get it? Neither cops nor the supposed IT companies do, apparently, because several news reports talk about confusions about the extent to which privacy will be invaded, private websites open to members only, and such things. Clearly non-public info. I think by this point the need to invade privacy must be overwhelmingly compulsive. I don’t think any arm of sarkar can bear to not try and find out the color of your underwear.
Now here are the pitfalls. Or in other words, here is why elevated citizens of the world must attempt to wreck this project before it spends too many public funds.
- Considering the confusions about extent of invasions of privacy on a project named OSINT, it is clear that the cops or their lackeys (or owners, depending on how you see it) monitoring the internet is like the good, isolated, naked tribals of Andaman islands coming to Delhi to protest the Uttarakhand flood. In other words, what the fuck? Notice, no one will question the *right* of the Andamanese to go and protest where they like, just like the cops have their self given right to mess with whoever they want, but it is neither their area of knowledge, nor their normal role in the scheme of things.
- The talk about purchased data and access to Facebook, etc clearly mean that special, non-public access will be seeked and whatever entity ends up winning the bid will have the kind of access to information that governments get. Yep, a freaking call center will have the comments ou made about your boss when drunk. Bye bye job (or pay – a way will be found to monetize this opportunity. Capitalism works thus). Combine this with the information that a lot of these entities have sister concerns with utilities like phones, electricity and soon banking, your guess is as good as mine what the “collection calls” of the future will be like.
- And before someone points out that it will be illegal to grab private inormation for the purpose of making threats, well, making threats and harrassment for extortion is illegal already. Not that it stops our revered collection agents. Who is to say that collection departments will not be outsourced specially to IT companies with access to your jugular vein? Surely recovering pending payments (heck random extortion too) will be easier if your deep secrets are known to the guys making threats? Just good business sense, I guess. Not like ethics or rights matter here. This is yet another instance where private entitites are poised to have alarming access to private information about citizens. And this time, it is not even something as inconvenient to use as biometrics.
- Considering the state of our media house monopolies and mouthpiece politics, who is to protect anyone from those guilty of breaking laws from the firm (and its owners, and sister concerns, and their neighbours, friends and the niece’s dog)? Hain? Notice the bright treatment Amaresh Misra got after his death threats and rape threats? Yep. Zero censure. Now we can extend this list to owners of the call centers and whoever else “knows someone’s uncle or politician” – this is Delhi we are talking of, after all.
- Delhi Police setting up the agenda for any online policing is absurd, because they are not internet savvy, they are not democracy or human rights savvy and they are extremely likely to upload porn clips and child torture clips themselves and will probably destroy anyone who objects (they have the password to your jugular, remember?). Delhi Police and law enforcement is already like an axe in the hands of a monkey.
So what can be done? Something clearly needs to be done and neither a Dilli Pulis approach nor a call center approach will be *effective*. I mean imagine a reply like “We are really sorry, but the person who is posting naked photos of you could not be found. Change your passwords and call us again if the problem continues, we live to serve, etc” or worse “girls want their photos admired on porn sites, but say harrassment if someone recognizes them” or something.
A better way would be to create a two step fix that is truly democratic and, actually capitalist as well. Incidentally, it makes no sense for this to be a Delhi Police project. The internet hardly knows boundaries. A national level something that collaborates with CBI/NIA or some such would be better. Or it can be autonomous.
The first step is the creation of a body that is truly familiar with the internet. A good balance of security consultants, coders, bloggers, activists (of all hues), e-commerce/banking specialists and social media ninjas will be ideal. It should be more a collective (as in everyone works hands on and has a specialization) as opposed to sarkari organization of anonymous interchangeable drones (babu-dom). Anyone whose voice doesn’t reach a few thousand people a day using the internet should not even be considered (there goes the sarkari crony-capitalist plan).
This collective must be organized to address the variety of security issues on the internet – beyond mere collecting public info (call center method). There is a need for proactive assessments, intuitive support design, assessment of complaints or observed issues, assigning to appropriate action – tracking to real life identities, including organizing brute force retaliation (deleted profiles, bocked accounts or trolling into oblivion) on the internet for entities that cannot be traced to real identities for arrest.
The other step would be to create a bounty system for what Anyonymous calls dox-ing for people whose real identities cannot be traced by regular methods. Post an online bounty to be paid to whoever can provide real identity (with evidence). If the accused is arrested, the money gets paid. If the bounty is paid in bitcoins, far superior talent is likely to be found, not to mention incentive for youth to develop serious skills, awareness and ethics for pocket money. Bounties should also be offered for discovering of online pedophiles, cyber criminals, terrorists and such. Always on the basis of actionable evidence.
Such a system would cost far less than what a corporation would bid (someone has to pay for air-conditioned buildings and every scrap of new tech). It would also engage the most skilful and optimally placed talent in tasks they specialized in, as opposed to 50 hackers backed by a revolving door team of 5000 stenographers and nice voices on phone who take a week to answer email.