tl;dr
The recent “Bulli Bai” and “Sulli Deals” incidents, a fake online auction of almost 100 Muslim women, was a blatant violation of their data security and privacy rights. It severely impacted their constitutional right to life and free speech by displaying sensitive information without consent. Hence, we have sent a letter to the Parliamentary Standing Committee on Information Technology requesting them to investigate the matter to understand the reasons behind the delayed response of the relevant authorities.
Background
The "Bulli Bai" case garnered public outrage on January 1, 2022, when one of the target women of the application filed an FIR against unknown persons with the Mumbai Police. "Bulli Bai", hosted on GitHub, a code-sharing platform, was a tech tool created to demean and humiliate Muslim women. The application aimed to "auction" over 100 women by displaying their doctored photos along with their social media profiles. It attached a "price tag" with every profile and labelled them as "Your Bulli Bai of the Day". The "Bulli Bai" application targeted several women, including a journalist, a pilot, activists, political leaders and the mother of a missing JNU student.
It is very sad that as a Muslim woman you have to start your new year with this sense of fear & disgust. Of course it goes without saying that I am not the only one being targeted in this new version of #sullideals. Screenshot sent by a friend this morning.
— Ismat Ara (@IsmatAraa) January 1, 2022
Happy new year. pic.twitter.com/pHuzuRrNXR
This came barely six months after a similarly horrific "Sulli Deals" case was reported in July 2021, which had a similar modus operandi. "Sulli" is a derogatory term used for Muslim women by right-wing extremists. The incident came to light when a Noida-based resident filed a complaint with the local police upon finding her and several other Muslim women's pictures uploaded on this application without their consent. The developers wanted to "auction" almost 80 Muslim women by sourcing their pictures from their social media accounts and defacing them with lewd remarks.
Didn't check Twitter last night. Woke up this morning to realise my name, along with those of many other Muslim women was up on GitHub as a list of "Sulli Deals". Thankfully by the time I came across it, it had been taken down. But just the screenshots sent shivers down my spine. pic.twitter.com/CGXivEyjyC
— Fatima Khan (@khanthefatima) July 5, 2021
Below is a brief timeline of the incidents and the action taken by IFF.
| Date | Particular |
|---|---|
| 05.07.2021 | Multiple Twitter accounts posted the screengrab from an application hosted on GitHub titled, "Sulli Deals". The application shared the photographs and social media handles of more than 80 women belonging to the Muslim community in India without their consent to purportedly "auction" them off. |
| 05.07.2021 | Erica Brescia, COO at GitHub, confirmed on Twitter that the app had been removed. However, no formal statement has been issued. |
| 06.07.2021 | One of the targeted women, Pilot Hana Khan, filed an FIR with the Delhi Police under S. 509 of the IPC which relates to acts intended to insult the modesty of a woman and S. 66 & 67 of the Information Technology Act. |
| 08.07.2021 |
|
| 16.07.2021 |
|
| 17.07.2021 | IFF sent representation to both NCW and DCW. |
| 29.10.2021 | IFF sent a letter to Delhi Police on the Sulli Deals incident. |
| 01.01.2022 | Multiple Twitter accounts posted the screengrab from an application hosted on GitHub titled "Bulli Bai". The application shared the photographs and social media handles of almost 100 women belonging to the Muslim community in India without their consent to purportedly "auction" them off. |
| 01.01.2022 | Mumbai Police registered an FIR under IPC sections 153A (spreading enmity), 153B (imputations, assertions to national integration), 295A (outraging religious feelings), 354D (stalking), 509 (sexual harassment), 500 (defamation) and IT Act Section 67 (publishes or transmits obscene materials) against the Twitter handle-holders and 'Bulli Bai' app developer. |
| 01.01.2022 | Minister of Electronics and Information Technology Ashwini Vaishnaw tweeted about GitHub blocking the user of the “Bulli Bai” application. He also informed about the government working with the Mumbai and Delhi Police. |
| 02.01.2022 | NCW took cognizance of the “Bulli Bai” case. Chairperson Rekha Sharma wrote to Delhi Police Commissioner to immediately register an FIR. |
| 03.01.2022 | Mumbai Police detained a 21-year old engineering student, Vishal Kumar, from Bengaluru. The Minister of State for Home (Urban) Satej Patil tweeted about the breakthrough; however, he refused to divulge details “as it may hamper the ongoing investigation”. |
| 03.01.2022 | IFF sent a letter to Mumbai Deputy Police Commissioner requesting expeditious investigation in the “Bulli Bai” and “Sulli Deals” incident. |
| 05.01.2022 | Mumbai Police arrest Shweta Singh in Uttarakhand. She was suspected to be the main accused behind the application. DGP Ashok Kumar said “she allegedly created some fake IDs to commit the crime”. |
| 06.01.2022 |
|
| 09.01.2022 | Delhi Police arrested 25-year old Aumkareshwar Thakur from Indore for being the alleged developer of the “Sulli Deals” application. Police said Thakur admitted to being a part of a trad-group on Twitter which wanted to “defame and troll Muslim ladies”. |
Why should you care?
The fake online auction of Muslim women seen in the "Bulli Bai" and "Sulli Deals" incidents show women are still unsafe on the internet. The online harassment meted out to them, and the subsequent delay in content moderation by the involved technology platforms reinforces India's need for more robust data protection and legislation laws. Moreover, the country's wanting state of cyber policing further fails to dissuade such criminal activities. We, at IFF, believe these incidents violate the core fundamental rights of citizens guaranteed under the Indian Constitution.
Violation of Right to Life and Privacy: Article 21 of the Indian Constitution guarantees "protection of life and personal liberty". However, by displaying sensitive information without consent, the application's developers effectively violated a fundamental right of these women. The gender and religion-based targeting of the application were meant to intimidate and harass them. While the women were not "auctioned" in reality, the application reduced them to saleable items. Unsurprisingly, this elicited further lewd and objectionable comments, threatening the women's security and liberty. By leaving them vulnerable to online abuse, the applications also infringed upon their "right to privacy" delivered accorded to every Indian citizen by the Hon'ble Supreme Court's decision in KS Puttaswamy v. Union of India (2017) 10 SCC 1.
Violation of Right to Free Speech and Expression: As per Article 19 1(a) of the Indian Constitution, every citizen is guaranteed the right to free speech and expression. However, online harassment in these incidents may lead to a chilling effect on this fundamental right. The women may feel unsafe to be active social media users and leave the platform altogether. The abuse also increases against politically articulate women, as seen in the "Bulli Bai" and "Sulli Deals" incidents that targeted journalists and human rights activists. According to a study conducted by Plan International, one in every five young women have opted out of social media after being targeted or harassed. The abuses are further aggravated in cases of women who belong to minority communities on social media platforms and dissuade them from expressing themselves without any fear or inhibitions. A recent study by Pew Research Center showed that while Indians essentially believe in religious tolerance of other faiths, they strongly prefer keeping religious communities segregated.
We raised this issue with the Standing Committee
The digital security of the targeted women was compromised due to the delayed response to the online vitriol. Their photos and social media handles were shared on a third-party platform without their consent and were taken down only after the media outrage. As a result, the women faced threats, harassment, and ridicule on their social media platforms. What makes matters worse is the lack of action taken after the "Sulli Deals" incident was reported last year. While the FIR was filed in July 2021, only after six months on January 5, 2022, did DCP KPS Malhotra say that the MLAT procedure "was completed". MLAT, or the Mutual Legal Assistance Treaty, is a treaty between the U.S. and India to improve international cooperation on criminal matters. Though the "Sulli Deals" application creator has been arrested now, the process could have been quicker if GitHub, via MLAT, had helped the Delhi Police with the registrant and IP details of the accused earlier. Such delays further encourage miscreants to continue their harassment with impunity. As per the National Crime Records Bureau's (NCRB) 2020 data, of the 50,035 cybercrimes reported, 10,405 were explicitly against women.
Further, the lack of overarching data protection legislation also leaves a gaping hole in the legal measures to be taken in case of personal data usage violation. There is no clarity on the obligation and governance terms to be followed by technology platforms for the data collected. This exacerbates security and privacy threats and fails to safeguard against data breaches.
Therefore, this breach of citizens' online privacy and security falls squarely within three subjects selected by the Parliamentary Standing Committee on Information Technology for the seventeenth Lok Sabha which are-
- Citizen’s data security and privacy.
- Safeguarding citizens’ rights, including special emphasis on women security in the digital space.
- Review of cyber security scenario in India.
Our recommendations
In light of these two incidents, IFF made a few recommendations to the Standing Committee. While Section 67 of the Information Technology Act, 2000 protects against "publishing or transmitting obscene material in electronic form", the recent developments show it is not enough. The recurrence of such horrific events and the delayed response begs answers to what needs to be done and where the system lacks. Hence, we recommended that the Standing Committee set up an inquiry to investigate the data security and privacy violations committed in the "Bulli Bai" and "Sulli Deals" incidents, which may include the following actions:
- Invite the victims of these applications, experts on digital rights and online safety to provide testimonies.
- Call relevant officials from the government and the social media platforms involved (GitHub and Twitter) to discuss their content take-down and online safety policies.
- Summon the investigating departments (Mumbai, Delhi and Uttar Pradesh Police) to understand the delay in investigation, specifically in the “Sulli Deals” incident.
- Summon the National Commission for Women and the relevant state commissions (DCW and MSCW) to inquire about the steps taken by them to redress the incidents.
We believe these measures will help the Committee delve deeper into the issues by looking at them from the perspective of all the involved stakeholders. It will help us ascertain the gaps in the technological and legal procedures to be followed during cyber crimes. Lastly, meeting the NCW and the respective state commissions will provide further details on the preventive measures taken, as it is only through transparency that accountability and justice can be provided to the victims of this incident.
Important Documents
- Letter to Standing Committee on Information Technology for the inquiry into the “Bulli Bai” and “Sulli Deals” incidents dated January 14, 2022. (link)
- IFF’s representation to the Mumbai Police dated January 3, 2022. (link)
- IFF assists Amina targeted by the “Bulli Bai” application. (link)
- Previous blog post titled “Women’s safety on the internet has to account for intersectionality”. (link)
Note: This post was drafted by Shivangani Misra, a Capstone Fellow hosted at IFF, and reviewed by IFF staffer Anushka Jain.