Published On : Mon, Apr 27th, 2015

TRAI move to reveal email IDs of over one million people boomerangs as its website is hacked


The TRAI move to reveal email addresses of over one million people, who had written to the Authority about their views on net neutrality, on Monday boomeranged as its website was allegedly hacked by a group calling itself AnonOpsIndia, which claimed on Twitter that it had taken down the website through a distributed denial of service or DDoS attack.

The hacking occurred hours after the Telecom Regulatory Authority of India (TRAI) revealed the email addresses of over one million people who had expressed their views on a consultation paper on net neutrality. This had made all the respondents’ email IDs potentially available to spammers.

What this meant was: If you did you bit for net neutrality by sending an email to TRAI any time in the past month, you’re now a sitting duck for all sorts of spam — Viagra ads, credit cards, loans, Nigerian princes and more. All a spammer has to do is download the PDF on TRAI’s website and skim your email address from it.

This is a privacy nightmare. It’s a readymade database for email addresses for unscrupulous companies and it’s worth a lot of money, because most of these million plus email addresses are genuine and verified.

“I understand that it is the duty of the TRAI to make everything that they have received public since it is a public consultation after all,” says Rajya Sabha MP Rajeev Chandrashekhar who says he is taking up the broader issue of citizens’ privacy up in the Parliament. “Still, there is an obligation on them to not reveal personal details like my email address or my phone number.”

Lawyer Apar Gupta, who has been an active participant in the SaveTheInernet campaign says that publishing email address in clear text potentially leads to risks such as spamming and harassment of people who have participated in this consultation. “Even if these details were to be provided publicly, they shouldn’t have been published in a manner where they could be scraped easily by any email marketer,” he says.

Kiran Jonnalagadda, the Bangalore-based software engineer and the person who started had to say in:

Dear TRAI: we love how transparent you’re being in this whole net neutrality debate, but seriously, this is a massive breach of citizens’ privacy. What are you thinking?