Group items tagged

The European Commission (EC) and Japan have announced the launch of six joint research projects, supported by £15.3m+ (€18m) in funding, that aim to build networks which are “5000 times faster than today’s average European broadband ISP speed (100Gbps compared to 19.7Mbps)“. The telecoms experts among you will know that 100Gbps+ (Gigabits per second) fibre optic links are nothing new but most of these are major submarine or national cable links. The new effort appears to be looking further ahead, with a view to improving the efficiency of such networks and perhaps even bringing them closer to homes. It’s frequently noted that demand for data is putting a growing strain on broadband connections (the EU expects data traffic to grow 12-fold by 2018), which is partly fuelled by ever faster fixed line ISP and mobile broadband connectivity. But technology is always evolving to keep pace.

A quick glance at each of the projects reveals that this seems to be more about improving what already exists, yet in some circles even 100Gbps is beginning to look old-hat. Never the less many of the improvements mentioned above will, if ever adopted, eventually filter down to benefit everybody. After all, several UK ISPs are already offering 1Gbps home connections (e.g. Hyperoptic, CityFibre / Fibreband in Bournemouth, Gigaclear etc.) and that’s only 99 fold slower than a 100Gbps link. In the realm of evolving internet access services that’s only a short hop, unless your infrastructure is still limited by a copper last mile. But there’s little point in having a 100Gbps link (don’t worry we won’t see this in homes for a fair few years) if the ISP can’t supply the capacity for it and that’s another part of the new effort. It’s important to stress that this is not about tackling today’s needs; it’s all about the future. Not so long ago we were still stuck on 50Kbps dialup.

Germany's biggest telecoms company is to follow Vodafone in disclosing for the first time the number of surveillance requests it receives from governments around the world.Deutsche Telekom, which owns half of Britain's EE mobile network and operates in 14 countries including the US, Spain and Poland, has already published surveillance data for its home nation – one of the countries that have reacted most angrily to the Edward Snowden revelations. In the wake of Vodafone's disclosures, first published in the Guardian on Friday, it announced that it would extend its disclosures to every other market where it operates and where it is legal.A spokeswoman for Deutsche Telekom, which has 140 million customers worldwide, said: "Deutsche Telekom has initially focused on Germany when it comes to disclosure of government requests. We are currently checking if and to what extent our national companies can disclose information. We intend to publish something similar to Vodafone."

Bosses of the world's biggest mobile networks, many of which have headquarters in Europe, are gathering for an industry conference in Shanghai this weekend, and the debate is expected to centre on whether they should join Deutsche and Vodafone in using transparency to push back against the use of their technology for government surveillance.Mobile companies, unlike social networks, cannot operate without a government-issued licence, and have previously been reluctant to discuss the extent of their cooperation with national security and law enforcement agencies.But Vodafone broke cover on Friday by confirming that in around half a dozen of the markets in which it operates, governments in Europe and outside have installed their own secret listening equipment on its network and those of other operators.

The United Nations has disgraced itself immeasurably over the past month or so. In case you missed the following stories, I suggest catching up now: The UN’s “Sustainable Development Agenda” is Basically a Giant Corporatist Fraud Not a Joke – Saudi Arabia Chosen to Head UN Human Rights Panel Fresh off the scene from those two epic embarrassments, the UN now wants to tell governments of the world how to censor the internet. I wish I was kidding. From the Washington Post: On Thursday, the organization’s Broadband Commission for Digital Development released a damning “world-wide wake-up call” on what it calls “cyber VAWG,” or violence against women and girls. The report concludes that online harassment is “a problem of pandemic proportion” — which, nbd, we’ve all heard before. But the United Nations then goes on to propose radical, proactive policy changes for both governments and social networks, effectively projecting a whole new vision for how the Internet could work. Under U.S. law — the law that, not coincidentally, governs most of the world’s largest online platforms — intermediaries such as Twitter and Facebook generally can’t be held responsible for what people do on them. But the United Nations proposes both that social networks proactively police every profile and post, and that government agencies only “license” those who agree to do so.

People are being harassed online, and the solution is to censor everything and license speech? Remarkable. How that would actually work, we don’t know; the report is light on concrete, actionable policy. But it repeatedly suggests both that social networks need to opt-in to stronger anti-harassment regimes and that governments need to enforce them proactively. At one point toward the end of the paper, the U.N. panel concludes that“political and governmental bodies need to use their licensing prerogative” to better protect human and women’s rights, only granting licenses to “those Telecoms and search engines” that “supervise content and its dissemination.” So we’re supposed to be lectured about human rights from an organization that named Saudi Arabia head of its human rights panel? Got it. Regardless of whether you think those are worthwhile ends, the implications are huge: It’s an attempt to transform the Web from a libertarian free-for-all to some kind of enforced social commons. This U.N. report gets us no closer, alas: all but its most modest proposals are unfeasible. We can educate people about gender violence or teach “digital citizenship” in schools, but persuading social networks to police everything their users post is next to impossible. And even if it weren’t, there are serious implications for innovation and speech: According to the Electronic Frontier Foundation, CDA 230 — the law that exempts online intermediaries from this kind of policing — is basically what allowed modern social networks (and blogs, and comments, and forums, etc.) to come into being. If we’re lucky, perhaps the Saudi religious police chief (yes, they have one) who went on a rampage against Twitter a couple of years ago, will be available to head up the project. What a joke.

Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".

Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.A brief explanation of the Open-source / Free-software philosophy is needed here. When you’re installing a version of GNU/Linux like Debian or Ubuntu onto a fresh computer, thousands of really smart people have analyzed every line of human-readable source code before that operating system was built into computer-executable binary code, to make it common and open knowledge what the machine actually does instead of trusting corporate statements on what it’s supposed to be doing. Therefore, you don’t install black boxes onto a Debian or Ubuntu system; you use software repositories that have gone through this source-code audit-then-build process. Maintainers of operating systems like Debian and Ubuntu use many so-called “upstreams” of source code to build the final product.Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted.

This was supposedly to enable the “Ok, Google” behavior – that when you say certain words, a search function is activated. Certainly a useful feature. Certainly something that enables eavesdropping of every conversation in the entire room, too.Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.Google had two responses to this. The first was to introduce a practically-undocumented switch to opt out of this behavior, which is not a fix: the default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement. But the second was more of an official statement following technical discussions on Hacker News and other places. That official statement amounted to three parts (paraphrased, of course):

28 March 2011 -- The Web and television convergence story was the focus of W3C's Second Web and TV Workshop, which took place in Berlin in February. Today, W3C publishes a report that summarizes the discussion among the 77 organizations that participated, including broadcasters, telecom companies, cable operators, OTT (over the top) companies, content providers, device vendors, software vendors, Web application providers, researchers, governments, and standardization organizations active in the TV space. Convergence priorities identified in the report include: Adaptive streaming over HTTP Home networking and second-screen scenarios The role of metadata and relation to Semantic Web technology Ensuring that convergent solutions are accessible. Profiling and testing Possible extensions to HTML5 for Television

Popular messaging services like Snapchat and WhatsApp are in the cross hairs in Britain. That was the message delivered on Monday by Prime Minister David Cameron, who said he would pursue banning encrypted messaging services if Britain’s intelligence services were not given access to the communications. The statement comes as many European politicians are demanding that Internet companies like Google and Facebook provide greater information about people’s online activities after several recent terrorist threats, including the attacks in Paris.

Mr. Cameron, who has started to campaign ahead of a national election in Britain in May, said his government, if elected, would ban encrypted online communication tools that could potentially be used by terrorists if the country’s intelligence agencies were not given increased access. The reforms are part of new legislation that would force telecom operators and Internet services providers to store more data on people’s online activities, including social network messages. “Are we going to allow a means of communications which it simply isn’t possible to read?” Mr. Cameron said at an event on Monday, in reference to services like WhatsApp, Snapchat and other encrypted online applications. “My answer to that question is: ‘No, we must not.’ ” Mr. Cameron said his first duty was to protect the country against terrorist attacks.

“The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe,” he added. Any restriction on these online services, however, would not take effect until 2016, at the earliest, and it remained unclear how the British government could stop people from using these apps, which are used by hundreds of millions of people worldwide.

European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday. The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys. The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.” “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal. Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”

“If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday. The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said. Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request. Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.

According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year. The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.

Germany announced Thursday it is canceling its contract with Verizon Communications over concerns about the role of U.S. telecom corporations in National Security Agency spying. “The links revealed between foreign intelligence agencies and firms after the N.S.A. affair show that the German government needs a high level of security for its essential networks,” declared Germany’s Interior Ministry in a statement released Thursday. The Ministry said it is engaging in a communications overhaul to strengthen privacy protections as part of the process of severing ties with Verizon. The announcement follows revelations, made possible by NSA whistleblower Edward Snowden, that Germany is a prime target of NSA spying. This includes surveillance of German Chancellor Angela Merkel’s mobile phone communications, as well as a vast network of centers that secretly collect information across the country. Yet, many have accused Germany of being complicit in NSA spying, in addition to being targeted by it. The German government has refused to grant Snowden political asylum, despite his contribution to the public record about U.S. spying on Germany.

Internet service providers from around the world are lodging formal complaints against the UK government's monitoring service, GCHQ, alleging that it uses "malicious software" to break into their networks.The claims from seven organisations based in six countries – the UK, Netherlands, US, South Korea, Germany and Zimbabwe – will add to international pressure on the British government following Edward Snowden's revelations about mass surveillance of the internet by UK and US intelligence agencies.The claims are being filed with the investigatory powers tribunal (IPT), the court in London that assesses complaints about the agencies' activities and misuse of surveillance by government organisations. Most of its hearings are held at least partially in secret.

The IPT is already considering a number of related submissions. Later this month it will investigate complaints by human rights groups about the way social media sites have been targeted by GCHQ.The government has defended the security services, pointing out that online searches are often routed overseas and those deemed "external communications" can be monitored without the need for an individual warrant. Critics say that such a legal interpretation sidesteps the need for traditional intercept safeguards.The latest claim is against both GCHQ, located near Cheltenham, and the Foreign Office. It is based on articles published earlier this year in the German magazine Der Spiegel. That report alleged that GCHQ had carried out an attack, codenamed Operation Socialist, on the Belgian telecoms group, Belgacom, targeting individual employees with "malware (malicious software)".One of the techniques was a "man in the middle" attack, which, according to the documents filed at the IPT, bypasses modern encryption software and "operates by interposing the attacker [GCHQ] between two computers that believe that they are securely communicating with each other. In fact, each is communicating with GCHQ, who collect the communications, as well as relaying them in the hope that the interference will be undetected."The complaint alleges that the attacks were a breach of the Computer Misuse Act 1990 and an interference with the privacy rights of the employees under the European convention of human rights.

The organisations targeted, the submission states, were all "responsible and professional internet service providers". The claimants are: GreenNet Ltd, based in the UK, Riseup Networks in Seattle, Mango Email Service in Zimbabwe, Jinbonet in South Korea, Greenhost in the Netherlands, May First/People Link in New York and the Chaos Computer Club in Hamburg.

Even as China cuts access to some foreign online services, it is laying more fiber optic cables to improve its connection to global Internet networks.

China recently added seven new access points to the world’s Internet backbone, adding to the three points that connect through Beijing, Shanghai, and Guangzhou, the country’s Ministry of Industry and Information Technology announced on Monday. More good reads Google partners up for $60M undersea fiber link between Florida and Brazil Meet the 12 wealthiest people in social media China disrupts some websites linked to US content delivery network To expand its Internet backbone networks, China laid over 3,000 kilometers worth of fiber optic cable, and invested 2.9 billion yuan (US$477 million) in its construction. Driving the project were the country’s three state-owned telecom operators, which provide most of China’s Internet broadband.

 The United States Telecom Association has filed a lawsuit to overturn the net neutrality rules set by the Federal Communications Commission this past February. In its Monday morning Press Release USTelecom, who represents Verizon and AT&T among others, said it filed a lawsuit in the US Court of Appeals for the District of Columbia joining a similar law suit filed by Alamo Broadband Inc.

The Federal Communications Commission (FCC) published its net neutrality rules in the Federal Register on Monday and, according to procedure, that began a 60-day countdown until they go into effect (June 12). Their publication also opened a 30-day window for Internet service providers to appeal.  USTelecom and Alamo Broadband wasted no time.  USTelecom filed a previous action preserving the issue according to local court rule prior to the formal petition in March.

The rules, which were voted on in February, reclassify broadband under Title II of the 1934 Communications Act and require that ISPs transmit all Web traffic at the same speed. Over 400 pages long, USTelecom filed a CD of the rules as an exhibit with its action. This suit is predicted to be the first of many, as broadband groups like AT&T to congressional Republicans have signaled that they plan to fight the decision.

HE INTERCEPT HAS OBTAINED a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

The Intercept obtained the catalogue from a source within the intelligence community concerned about the militarization of domestic law enforcement. (The original is here.) A few of the devices can house a “target list” of as many as 10,000 unique phone identifiers. Most can be used to geolocate people, but the documents indicate that some have more advanced capabilities, like eavesdropping on calls and spying on SMS messages. Two systems, apparently designed for use on captured phones, are touted as having the ability to extract media files, address books, and notes, and one can retrieve deleted text messages. Above all, the catalogue represents a trove of details on surveillance devices developed for military and intelligence purposes but increasingly used by law enforcement agencies to spy on people and convict them of crimes. The mass shooting earlier this month in San Bernardino, California, which President Barack Obama has called “an act of terrorism,” prompted calls for state and local police forces to beef up their counterterrorism capabilities, a process that has historically involved adapting military technologies to civilian use. Meanwhile, civil liberties advocates and others are increasingly alarmed about how cellphone surveillance devices are used domestically and have called for a more open and informed debate about the trade-off between security and privacy — despite a virtual blackout by the federal government on any information about the specific capabilities of the gear.

“We’ve seen a trend in the years since 9/11 to bring sophisticated surveillance technologies that were originally designed for military use — like Stingrays or drones or biometrics — back home to the United States,” said Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation, which has waged a legal battle challenging the use of cellphone surveillance devices domestically. “But using these technologies for domestic law enforcement purposes raises a host of issues that are different from a military context.”

n a bipartisan effort, the state's legislators passed House Bill 2282. which was signed into law Monday by Gov. Jay Inslee. "Washington will be the first state in the nation to preserve the open internet," Inslee said at the bill signing. The state law, approved by the legislature last month, is to safeguard net neutrality protections, which have been repealed by the Federal Communications Commission and are scheduled to officially end April 23. Net neutrality requires internet service providers to treat all online content the same, meaning they can't deliberately speed up or slow down traffic from specific websites to put their own content at advantage over rivals. The FCC's decision to overturn net neutrality has been championed by the telecom industry, but widely criticized by technology companies and consumer advocacy groups. Attorneys general from more than 20 red and blue states filed a lawsuit in January to stop the repeal. Inslee said the new measure would protect an open internet in Washington, which he described as having "allowed the free flow of information and ideas in one of the greatest demonstrations of free speech in our history." HB2282 bars internet service providers in the state from blocking content, applications, or services, or slowing down traffic on the basis of content or whether they got paid to favor certain traffic. The law goes into effect June 6.

Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their business. Today’s internet largely reflects the dominance of a handful of companies behind the cloud services, search engines and mobile platforms that underpin the technology landscape. This new centralization radically tips the balance between those who want to censor parts of the internet and those trying to evade censorship. When the profitable answer is for a software giant to acquiesce to censors' demands, how long can internet freedom last? The recent battle between the Russian government and the Telegram messaging app illustrates one way this might play out. Russia has been trying to block Telegram since April, when a Moscow court banned it after the company refused to give Russian authorities access to user messages. Telegram, which is widely used in Russia, works on both iPhone and Android, and there are Windows and Mac desktop versions available. The app offers optional end-to-end encryption, meaning that all messages are encrypted on the sender's phone and decrypted on the receiver's phone; no part of the network can eavesdrop on the messages. Since then, Telegram has been playing cat-and-mouse with the Russian telecom regulator Roskomnadzor by varying the IP address the app uses to communicate. Because Telegram isn't a fixed website, it doesn't need a fixed IP address. Telegram bought tens of thousands of IP addresses and has been quickly rotating through them, staying a step ahead of censors. Cleverly, this tactic is invisible to users. The app never sees the change, or the entire list of IP addresses, and the censor has no clear way to block them all. A week after the court ban, Roskomnadzor countered with an unprecedented move of its own: blocking 19 million IP addresses, many on Amazon Web Services and Google Cloud. The collateral damage was widespread: The action inadvertently broke many other web services that use those platforms, and Roskomnadzor scaled back after it became clear that its action had affected services critical for Russian business. Even so, the censor is still blocking millions of IP addresses.

The digital privacy world was rocked late Thursday evening when The New York Times reported on Securus, a prison telecom company that has a service enabling law enforcement officers to locate most American cell phones within seconds. The company does this via a basic Web interface leveraging a location API—creating a way to effectively access a massive real-time database of cell-site records. Securus’ location ability relies on other data brokers and location aggregators that obtain that information directly from mobile providers, usually for the purposes of providing some commercial service like an opt-in product discount triggered by being near a certain location. ("You’re near a Carl’s Jr.! Stop in now for a free order of fries with purchase!") The Texas-based Securus reportedly gets its data from 3CInteractive, which in turn buys data from LocationSmart. Ars reached 3CInteractive's general counsel, Scott Elk, who referred us to a spokesperson. The spokesperson did not immediately respond to our query. But currently, anyone can get a sense of the power of a location API by trying out a demo from LocationSmart itself. Currently, the Supreme Court is set to rule on the case of Carpenter v. United States, which asks whether police can obtain more than 120 days' worth of cell-site location information of a criminal suspect without a warrant. In that case, as is common in many investigations, law enforcement presented a cell provider with a court order to obtain such historical data. But the ability to obtain real-time location data that Securus reportedly offers skips that entire process, and it's potentially far more invasive. Securus’ location service as used by law enforcement is also currently being scrutinized. The service is at the heart of an ongoing federal prosecution of a former Missouri sheriff’s deputy who allegedly used it at least 11 times against a judge and other law enforcement officers. On Friday, Sen. Ron Wyden (D-Ore.) publicly released his formal letters to AT&T and also to the Federal Communications Commission demanding detailed answers regarding these Securus revelations.

Perhaps it goes without saying that 5G promises to be highly profitable for wireless and tech companies. Some industry analysts have predicted that 5G could generate up to $12.3 trillion in goods and services by 2035, and add 22 million jobs in the U.S. alone. This helps explain why the carriers are so eager for us to share their vision for a better tomorrow — a world in which bandwidth, speed, and growth are virtues in and of themselves. Those “key performance indicators” are then sold to the consumer in the form of efficiency, inclusion, reliability, and convenience. And while these 5G speculations suggest a world of possibility and profit, they elide lots of potential risks and alternative futures. They also, unsurprisingly, fail to ask about the wisdom of entrusting the telecom industry (which has a long history of unscrupulous, monopolistic business practices) and the tech industry (newly under fire for similar reasons) to build what is purportedly the critical infrastructure for a planned global transformation.

India is the world’s largest democracy and is home to 13.5 percent of the world’s internet users. So the Indian Supreme Court’s August ruling that privacy is a fundamental, constitutional right for all of the country’s 1.32 billion citizens was momentous. But now, close to three months later, it’s still unclear exactly how the decision will be implemented. Will it change everything for internet users? Or will the status quo remain? The most immediate consequence of the ruling is that tech companies such as Facebook, Twitter, Google, and Alibaba will be required to rein in their collection, utilization, and sharing of Indian user data. But the changes could go well beyond technology. If implemented properly, the decision could affect national politics, business, free speech, and society. It could encourage the country to continue to make large strides toward increased corporate and governmental transparency, stronger consumer confidence, and the establishment and growth of the Indian “individual” as opposed to the Indian collective identity. But that’s a pretty big if. Advertisement The privacy debate in India was in many ways sparked by a controversy that has shaken up the landscape of national politics for several months. It began in 2016 as a debate around a social security program that requires participating citizens to obtain biometric, or Aadhaar, cards. Each card has a unique 12-digit number and records an individual’s fingerprints and irises in order to confirm his or her identity. The program was devised to increase the ease with which citizens could receive social benefits and avoid instances of fraud. Over time, Aadhaar cards have become mandatory for integral tasks such as opening bank accounts, buying and selling property, and filing tax returns, much to the chagrin of citizens who are uncomfortable about handing over their personal data. Before the ruling, India had weak privacy protections in place, enabling unchecked data collection on citizens by private companies and the government. Over the past year, a number of large-scale data leaks and breaches that have impacted major Indian corporations, as well as the Aadhaar program itself, have prompted users to start asking questions about the security and uses of their personal data.

n order to bolster the ruling the government will also be introducing a set of data protection laws that are to be developed by a committee led by retired Supreme Court judge B.N. Srikrishna. The committee will study the data protection landscape, develop a draft Data Protection Bill, and identify how, and whether, the Aadhaar Act should be amended based on the privacy ruling.

Should the data protection laws be implemented in an enforceable manner, the ruling will significantly impact the business landscape in India. Since the election of Prime Minister Narendra Modi in May 2014, the government has made fostering and expanding the technology and startup sector a top priority. The startup scene has grown, giving rise to several promising e-commerce companies, but in 2014, only 12 percent of India’s internet users were online consumers. If the new data protection laws are truly impactful, companies will have to accept responsibility for collecting, utilizing, and protecting user data safely and fairly. Users would also have a stronger form of redress when their newly recognized rights are violated, which could transform how they engage with technology. This has the potential to not only increase consumer confidence but revitalize the Indian business sector, as it makes it more amenable and friendly to outside investors, users, and collaborators.