By MYTHREYEE RAMESH , HIMMAT SHALIGRAM
On 1 January, when hundreds of Muslim women started their New Year seeing their photos being misused and ‘auctioned’ on a GitHub app called ‘Bulli Bai‘, it shouldn’t have come as a surprise. For no action was taken and no arrests made in the prequel to this incident – the ‘Sulli Deals‘ fiasco – just six months ago.
Despite the online outrage from the women listed on the app, and their allies, the case saw no concrete investigation, purportedly emboldening the perpetrators to repeat the incident.
Moreover, six months after the Delhi and Uttar Pradesh cops filed two different FIRs in July 2021, the following information has still not been disclosed or clarified by the police with regards to investigation in the case:
- When was the Multilateral Legal Assistance Treaty (MLAT), under which GitHub is bound to share data, initiated?
- A copy of the summons issued, if such summons were issued
- Whether summons were issued to/information sought from GoDaddy.com, which had ‘sullidealing.co.in’ registered but not yet hosted
- A detailed action report, as sought by the Delhi Commission for Women
- Details of steps taken by the Delhi and UP cops to identify and arrest the perpetrators/or the reasons for not arresting them
The Quint had reached out to Delhi and UP Police’s cyber crime units on 3 January. Our questions elicited no response.
The Maharashtra Police, who are also investigating the Bulli Bai case, arrested three people in connection with it – two of whom are students. In a press conference on 5 January, they indicated that more arrests were in the offing. “The Mumbai Police was just an hour away from his location to nab but Delhi Police detained him,” a police source told The Quint about Bishnoi’s arrest.
What Should Have Been Done in July?
The Delhi Police Special Cell filed an FIR on 8 July 2021, and the UP Police a day later on 9 July. The ideal next step should have been processing an MLAT, say all three cyber security experts who The Quint spoke to.
As a hosting platform, GitHub, among other things, allows users to create apps under personal or administrative names. For GitHub to provide information about the registrant and IP details of the person behind Sulli Deals, it has to go via Treaty Between India And United States of America On Mutual Legal Assistance In Criminal Matters.
Cyber Expert Sandeep Shukla added that if indeed the MLAT has been processed, another question should be why it was taking extended time.
He told The Quint:
It was only on 5 January that Delhi Police DCP KPS Malhotra said that the MLAT procedure “was completed” in the Sulli Deals case.
Malhotra did not clarify when exactly the process was initiated and completed, and whether GitHub has already been issued summons under MLAT.
“GitHub has longstanding policies against content and conduct involving harassment, discrimination, and inciting violence. We suspended a user account following the investigation of reports of such activity, all of which violate our policies,” they said.
Other Unanswered Questions
Were Summons Issued to GoDaddy.Com?
In July, multiple Twitter handles tweeted about a a new domain that had been registered on GoDaddy.com, titled “sullidealing.co.in.” The website, however, was not hosted yet.
It is not known whether the portal was issued summons to provide details on the person who registered this address.
Apart from the summons, the most basic thing to do is for the cops to track the Twitter handles that were sharing screenshots of ‘Sulli Deals’ app, cyber experts added.
Did Cops Track Twitter Handles?
A handle by the name ‘UrLocalSulliDealer’ (@sullideals101) was operating since 2019. Many such handles were tweeting and promoting the “Sulli Deals” app – @sullideals786 and @sullideals, The Wire pointed.
“Twitter is more than compliant to Indian government. I do not see why they are unable to get the information. Of course the users might have used anonymisation service to create those accounts and hence difficult to track down. But there should be transparency as to why it is difficult,” Shukla said.
Lack of Intent, Weak FIR?
Six months after the investigation began, the cops have not shared details of the steps taken by them to identify and arrest the perpetrators. Neither have they provided reasons for not arresting them.
Several women, many of whom are victims of these targeted attacks, questioned the lack of intent from the Delhi and UP Police.
The Delhi Police registered an FIR under Section 509 of the Indian Penal Code (IPC) – insulting the modesty of a woman – and Sections 66 and 67 of the Information Technology Act – transferring obscene material. This experts say, is a weak FIR, that also shows the cops’ lack of intent to investigate.
“The FIR registered on the Sulli Deals case, is only for offences of obscenity and outraging the modesty of women. However, there elements of hate speech also present, given that specific Muslim women who are members of a minority, have been targeted in order to de-humanise Muslims. So I would say, it is a weak FIR which has been filed. So on these two instances, I think there is sufficient basis for the assertion that the Delhi Police is not properly investigating the case itself,” Gupta explained to The Quint.
This story first appeared on thequint.com