Access To Knowledge (A2K)

YouTube is the answer to what has changed in India

praskrishna — 2013-11-20T07:00:48Z

Alternative Law Forum’s Lawrence Liang on relaunching Creative Commons, and how it changes the legal landscape of copyright issues.

The article by Moulishree Srivastava was published in Livemint on November 20, 2013. Lawrence Liang was quoted.

Creative Commons (CC), a non-profit organization headquartered in Mountain View, California, US, which enables Internet users to share and use the creativity and knowledge of others, on Tuesday relaunched its India chapter after six years. CC provides free copyright licences that give creators a way to share their creative work, on conditions of their choice.

In India, for instance, Pratham Books, a not-for-profit publisher, licenses its content under a CC licence that allows others to use the content (on certain conditions). And the National Council of Educational Research and Training has created a portal where digital versions of its course material have been uploaded under a CC licence.

In an interview, Lawrence Liang , co-founder of Alternative Law Forum and chairman of the board at the Bangalore-based Centre for Internet and Society, which is one of the CC affiliates in India, spoke about the re-launch, what went wrong the last time, what it means for the country and how it changes the legal landscape of copyright issues. Edited excerpts:

People all over the world are already using CC licences. What does this relaunch mean for India?

There are two things. One is the legal component. The licences have been tailor-made for Indian law. Tomorrow, if someone were to use CC licence and there were violations and it came up in court, this (the CC licence) would be in compliance with the Indian Copyright Act. The other is, we have a very large number of young people who are entering the space of making creative works. The CC means for them to be aware that there are options they have apart from traditional copyright licensing.

How does it impact the legal landscape of copyright issues?

In the US, you have something called derivative rights, which is conversion of one medium into another medium. In India, you don’t have that idea; you have the right of adaptation, which is a much more narrowly defined idea. It has the specific definition of what the adaptation is. There is the right to adaptation of a work from, say, literary into dramatic, but it doesn’t mean conversion of a work into any form.

The second is in terms of presumption of how you gain ownership over copyright, which is slightly different in India than it is in the US.

In India—section 17 (of the Constitution) lays out different classes of work—there are different presumptions of who the owner of copyright is, which becomes very important. For example, if a film-maker wants to license his work, now it has to be clear that he is the owner of the copyright in the first place, because the presumption in India would be that the producer is the owner of the work, whereas in Europe the producer is the first owner of the work. These are some of the small differences that CC attempts to clarify.

What went wrong the last time?

When it was first launched (in India) in 2007, perhaps there wasn’t the momentum. Last time CC was launched as a licence in India, but not as a community, which was the key issue. Second, it was institutionally housed in IIT (Indian Institute of Technology) Bombay and it needed being pluralized. You can’t depend on CC being housed in one single institution. It should be in as many institutions as possible, which is what has happened this time. The crucial thing here is that we will be developing a community. A lot more people know about CC now than they did back in 2007.

Why do you think it will succeed?

One is the overall awareness about open source and alternatives. The other one, which is more crucial, is, when CC was launched in the US, it was in response to a very clear crisis. The crisis was that a large number of users were being prevented from using existing works. Lawrence Lessig (one of the co-founders of CC) felt that there was a need to create a legal alternative. There was already, in a way, a certain kind of environment which allowed CC to automatically speak to a number of people’s concerns. In India, we didn’t have that. Copyright was anyway not being enforced. That’s happening now. So once people could use YouTube, could create remixes, then they suddenly realized that they have used a film song and other copyrighted content. Then they suddenly realize a need of legal content as alternative. YouTube is the answer to what has changed.

What does it mean for the media?

It depends on whether you are looking at it from the perspective of a media producer or a user. From the perspective of a media producer, one of the big things that people assume is that everything is copyrighted until stated otherwise and that you can’t use it. There are a number of people who will be very happy to use it, but they may not want to use it commercially. With a CC licence, the boundaries are clear. What you are allowed to do and what you are not allowed to do is extremely clear. One of the biggest problems in the digital landscape at the moment is opacity. You are not sure. There is an image on a website, which seems to be used in many places. Am I allowed to reproduce it? What is the extent to which I can use the content? A lot of these will be rendered clear for media practitioners.

For more details visit https://cis-india.org/news/livemint-november-12-2013-moulishree-srivastava-you-tube-is-answer-to-what-changed-in-india

Why 'Facebook' is More Dangerous than the Government Spying on You

maria — 2013-11-23T08:38:30Z

In this article, Maria Xynou looks at state and corporate surveillance in India and analyzes why our "choice" to hand over our personal data can potentially be more harmful than traditional, top-down, state surveillance. Read this article and perhaps reconsider your "choice" to use social networking sites, such as Facebook.

Do you have a profile on Facebook? Almost every time I ask this question, the answer is ‘yes’. In fact, I think the amount of people who have replied ‘no’ to this question can literally be counted on my right hand. But this is not an article about Facebook per se. It’s more about the ‘Facebooks’ of the world, and of people’s increasing “choice” to hand over their most personal data. More accurate questions are probably:

“Would you like the Government to go through your personal diary? If not, then why do you have a profile on Facebook?”

The Indian Surveillance State

Following Snowden ’s revelations, there’s finally been more talk about surveillance. But what is surveillance?

David Lyon - who directs the Surveillance Studies Centre - defines surveillance as “any collection and processing of personal data, whether identifiable or not, for the purposes of influencing or managing those whose data have been garnered”. Surveillance can also be defined as the monitoring of the behaviour, activities or other changing information of individuals or groups of people. However, this definition implies that individuals and/or groups of people are being monitored in a top-down manner, without this being their “choice”. But is that actually the case? To answer this question, let’s have a look at how the Indian government and corporations operating in India spy on us.

State Surveillance

The first things that probably come to mind when thinking about India from a foreigner’s perspective are poverty and corruption. Surveillance appears to be a “Western, elitist issue”, which mainly concerns those who have already solved their main survival problems. In other words, the most mainstream argument I hear in India is that surveillance is not a real issue, especially since the majority of the population in the country lives below the line of poverty and does not even have any Internet access. Interestingly enough though, the other day when I was walking around a slum in Koramangala, I noticed that most people have Airtel satellites...even though they barely have any clean water!

The point though is that surveillance in India is a fact, and the state plays a rather large role in it. In particular, Indian law enforcement agencies follow three steps in ensuring that targeted and mass surveillance is carried out in the country:

1. They create surveillance schemes, such as the Central Monitoring System (CMS ), which carry out targeted and/or mass surveillance

2. They create laws, guidelines and license agreements, such as the Information Technology (Amendment ) Act 2008, which mandate targeted and mass surveillance and which require ISP and telecom operators to comply

3. They buy surveillance technologies from companies, such as CCTV cameras and spyware, and use them to carry out targeted and/or mass surveillance

While Indian law enforcement agencies don’t necessarily follow these steps in this precise order, they usually try to create surveillance schemes, legalise them and then buy the gear to carry them out.

In particular, surveillance in India is regulated under five laws: the Indian Telegraph Act 1885, the Indian Post Office Act 1898, the Indian Wireless Telegraphy Act 1933, section 91 of the 1973 Code of Criminal Procedure (CrPc ) and the Information Technology (Amendment ) Act 2008. These laws mandate targeted surveillance, but remain silent on the issue of mass surveillance which means that technically it is neither allowed nor prohibited, but remains a grey legal area.

While surveillance laws in India may not mandate mass surveillance, some of their sections are particularly concerning. Section 69 of the Information Technology (Amendment ) Act 2008 allows for the interception of all information transmitted through a computer resource, while requiring that all users disclose their private encryption keys or face a jail sentence of up to seven years. This appears to be quite bizarre, as individuals can only keep their data private and protect themselves from surveillance through encryption.

Section 44 of the Information Technology (Amendment) Act 2008 imposes stiff penalties on anyone who fails to provide requested information to authorities - which kind of reminds us of Orwell’s totalitarian regime in “1984”. Furthermore, section 66A of the same law states that individuals will be punished for sending “offensive messages through communication services”. However, the vagueness of this section raises huge concerns, as it remains unclear what defines an “offensive message” and whether this will have grave implications on the freedom of expression. The arrest of two Indian women last November over a Facebook post reminds us of this.

Laws in India may not mandate mass surveillance, but guidelines and license agreements issued by the Department of Telecommunications do. In particular, the UAS License Agreement regarding the Central Monitoring System (CMS ) not only mandates mass surveillance, but also attempts to legalise a mass surveillance scheme which aims to intercept all telecommunications and Internet communications in India. Furthermore, the Department of Telecommunications has issued numerous guidelines and license agreements for ISPs and telecom operators, which require them to not only be “surveillance-friendly”, but to also enable law enforcement agencies to tap into their servers on the grounds of national security. And then, of course, there’s the new National Cyber Security Policy, which mandates surveillance to tackle cyber-crime, cyber-terrorism, cyber-war and cyber-vandalism.

As both a result and prerequisite of these laws, the Indian government has created various surveillance schemes and teams to aid them. In particular, India ’s Computer Emergency Response Team (CERT ) is currently monitoring “any suspicious move on the Internet” in order to checkmate any potential cyber attacks from hackers. While this may be useful for the purpose of preventing and detecting cyber-criminals, it remains unclear how “any suspicious move” is defined and whether that inevitably enables mass surveillance, without individuals’ knowledge or consent.

The Crime and Criminal Tracking and Network & Systems (CCTNS ) is the creation of a nationwide networking infrastructure for enhancing the efficiency and effectiveness of policing and sharing data among 14,000 police stations across the country. It has been estimated that Rs. 2000 crore has been allocated for the CCTNS project and while it may potentially increase the effectiveness of tackling crime and terrorism, it raises questions around the legality of data sharing and its potential implications on the right to privacy and other human rights - especially if such data sharing results in data being disclosed or shared with unauthorised third parties.

Similarly, the National Intelligence Grid (NATGRID ) is an integrated intelligence grid that will link the databases of several departments and ministries of the Government of India so as to collect comprehensive patterns of intelligence that can be readily accessed by intelligence agencies. This was first proposed in the aftermath of the Mumbai 2008 terrorist attacks and while it may potentially aid intelligence agencies in countering crime and terrorism, enforced privacy legislation should be a prerequisite, which would safeguard our data from potential abuse.

However, the most controversial surveillance scheme being implemented in India is probably the Central Monitoring System (CMS). While several states, such as Assam, already have Internet Monitoring Systems in place, the Central Monitoring System appears to raise even graver concerns. In particular, the CMS is a system through which all telecommunications and Internet communications in India will be monitored by Indian authorities. In other words, the CMS will be capable of intercepting our calls and of analyzing our data on social networking sites, while all such data would be retained in a centralised database. Given that India currently lacks privacy legislation, such a system would mostly be unregulated and would pose major threats to our right to privacy and other human rights. Given that data would be centrally stored, the system would create a type of “honeypot” for centralised cyber attacks. Given that the centralised database would have massive volumes of data for literally a billion people, the probability of error in pattern and profile matching would be high - which could potentially result in innocent people being convicted for crimes they did not commit. Nonetheless, mass surveillance through the CMS is currently a reality in India.

And the even bigger question: How can law enforcement agencies mine the data of 1.2 billion people? How do they even carry out surveillance in practice? Well, that’s where surveillance technology companies come in. In fact, the surveillance industry in India is massively expanding - especially in light of its new surveillance schemes which require advanced and sophisticated technology. According to CIS ’ India Privacy Monitor Map - which is part of ongoing research - Indian law enforcement agencies use CCTV cameras in pretty much every single state in India. The map also shows that Unmanned Aerial Vehicles (UAVs), otherwise known as drones, are being used in most states in India and the DRDO ’s “Netra ” - which is a lightweight drone, not much bigger than a bird - is particularly noteworthy.

But Indian law enforcement agencies also buy surveillance software and hardware which is aimed at intercepting telecommunications and Internet communications. In particular, ClearTrail Technologies is an Indian company - based in Indore - which equips law enforcement agencies in India and around the world with surveillance software which can probably be compared with the “notorious” FinFisher. So in short, there appears to be a tight collaboration between Indian law enforcement agencies and the surveillance industry, which can be clearly depicted in the ISS surveillance trade shows, otherwise known as “the wiretappers’ ball”.

Corporate Surveillance

When I ask people about corporate surveillance, the answer I usually get is: “Corporations only care about their profit - they don’t do surveillance per se”. And while that may be true, David Lyon ’s definition of surveillance - as “any collection and processing of personal data, whether identifiable or not, for the purposes of influencing or managing those whose data have been garnered” - may indicate otherwise.

Corporations, like Google, Amazon and Facebook, may not have an agenda for spying per se, but they do collect massive volumes of personal data and, in cases such as PRISM, allow law enforcement to tap into their servers. Once law enforcement agencies get hold of data collected by companies, such as Facebook, they then use data mining software - equipped by various surveillance technology companies - to process and mine the data. And how do companies, like Google and Facebook, make money off our personal data? By selling it to big buyers, such as law enforcement agencies.

So while Facebook and all the ‘Facebooks’ of the world may not profit from surveillance per se, they do profit from collecting our personal data and selling it to third parties, which include law enforcement agencies. And David Lyon argues that surveillance involves the collection of personal data - which corporations, like Facebook, do - for the purpose of influencing and managing individuals. While this last point can probably be widely debated on, it is clear that corporations share their collected data with third parties, which ultimately leads to the influence or managing of individuals - directly or indirectly. In other words, the collection of personal data, in combination with its disclosure to third parties, is surveillance. So when we think about companies, like Google or Facebook, we should not just think of businesses interested in their profit - but also of spying agencies. After all, “if the product is free , you are the product ”.

Now if we look at online corporations more closely, we can probably identify three categories:

1. Websites through which we buy products and hand over our personal details - e.g. Amazon

2. Websites through which we use services and hand over our personal details - e.g. flight ticket

3. Websites through which we communicate and hand over our personal details - e.g. Facebook

And why could the above be considered “spying” at all? Because such corporations collect massive volumes of personal data and subsequently:

- Disclose such data to law enforcement agencies

- Allow law enforcement agencies to tap into their servers

- Sell such data to “third parties”

What’s notable about so-called corporate surveillance is that, in all cases, there is a mutual, key element: we consent to the handing over of our personal information. We are not forced to hand over our personal data when buying a book online, booking a flight ticket or using Facebook. Instead, we “choose” to hand over our personal data in exchange for a product or service. Now what significantly differentiates state surveillance to corporate surveillance is the factor of “choice”. While we may choose to hand over our most personal details to large online corporations, such as Google and Facebook, we do not have a choice when the government monitors our communications, collects and stores our personal data.

State Surveillance vs. Corporate Surveillance

Both Indian law enforcement agencies and corporations collect massive volumes of personal data. In fact, it is probably noteworthy to mention that Facebook, in particular, collects 20 times more data per day than the NSA in total. In addition, Facebook has claimed that it has received more demands from the US government for information about its users than from all other countries combined. In this sense, the corporate collection of personal data can potentially be more harmful than government surveillance, especially when law enforcement agencies are tapping into the servers of companies like Facebook. After all, the Indian government and all other governments would have very little data to analyse if it weren’t for such corporations.

Surveillance is not just about “spying” or about “watching people” - it’s about much much more. Observing people’s behaviour only really becomes harmful when the data observed is collected, retained, analysed, shared and disclosed to unauthorised third parties. In other words, surveillance is meaningful to examine because it involves the analysis of data, which in turn involves pattern matching and profiling, which can potentially have actual, real-world implications - good or bad. But such analysis cannot be possible without having access to large volumes of data - most of which belong to large corporations, like Facebook. The question, though, is: How do corporations collect such large volumes of personal data, which they subsequently share with law enforcement agencies? Simple: Because we “choose” to hand over our data!

Three years ago, when I was doing research on young people’s perspective of Facebook, all of the interviewees replied that they feel that they are in control of their personal data, because they “choose” what they share online. While this may appear to be a valid point, the “choice” factor can widely be debated on. There are many reasons why people “choose” to hand over their personal data, whether to buy a product, use a service, to communicate with peers or because they feel socially pressured into using social networking sites. Nonetheless, it all really comes down to one main reason: convenience. Today, in most cases, the reason why we hand over our personal data online in exchange for products or services is because it is simply more convenient to do so. And while that is understandable, at the same time we are exposing our data (and ultimately our lives) in the name of convenience.

The irony in all of this is that, while many people reacted to Snowden ’s revelations on NSA dragnet surveillance, most of these people probably have profiles on Facebook. Secret, warrantless government surveillance is undeniably intrusive, but in the end of the day, our profiles on Facebook - and on all the ‘Facebooks’ of the world - is what enabled it to begin with. In other words, if we didn’t choose to give up our personal data - especially without really knowing how it would be handled - large databases would not exist and the NSA - and all the ‘NSAs’ of the world - would have had a harder time gathering and analysing data.

In short, the main difference between state and corporate surveillance is that the first is imposed in a top-down manner by authorities, while the second is a result of our “choice” to give up our data. While many may argue that it’s worse to have control imposed on you, I strongly disagree. When control and surveillance are imposed on us in a top-down manner, it’s likely that we will perceive this - sooner or later - as a direct threat to our human rights, which means that it’s likely that we will resist to it at some point. People usually react to what they perceive as a direct threat, whereas they rarely react to what does not directly affect them. For example, one may perceive murder or suicide as a direct threat due the immediateness of its effect, whereas smoking may not be seen as an equally direct threat, because its consequences are indirect and can usually be seen in the long term. It’s somehow like that with surveillance.

University students have protested on the streets against the installation of CCTV cameras, but how many of them have profiles on social networking sites, such as Facebook? People may react to the installation of CCTV cameras, because it may appear as a direct threat to their right to privacy. However, the irony is that the real danger does not necessarily lie within some CCTV cameras, but rather within the profile of each person on a major commercial social networking site. At very best, a CCTV camera will capture some images of us and through that, track our location and possibly our acquaintances. What type of data is captured through a simple, “harmless” Facebook profile? The following probably only includes a tiny percentage of what is actually captured:

- Personal photos

- Biometrics (possibly through photos)

- Family members

- Friends and acquaintances

- Habits, hobbies and interests

- Location (through IP address)

- Places visited

- Economic standing (based on pictures, comments, etc.)

- Educational background

- Ideas and opinions (which may be political, religious, etc.)

- Activities

- Affiliations

The above list could potentially go on and on, probably depending on how much - or what type - of data is disclosed by the individual. The interesting element to this is that we can never really know how much data we are disclosing, even if we think we control it. While an individual may argue that he/she chooses to disclose an x amount of data, while retaining the rest, that individual may actually be disclosing a 10x amount of data. This may be the case because usually every bit of data hides lots of other bits of data, that we may not be aware of. It all really comes down to who is looking at our data, when and why.

For example, (fictional) Priya may choose to share on her Facebook profile (through photos, comments, or any other type of data) that she is female, Indian, a Harvard graduate and that her favourite book is “Anarchism and other Essays ” by Emma Goldman. At first glance, nothing appears to be “wrong” with what Priya is revealing and in fact, she appears to care about her privacy by not revealing “the most intimate details” of her life. Moreover, one could argue that there is absolutely nothing “incriminating” about her data and that, on the contrary, it just reflects that she is a “shiny star” from Harvard. However, I am not sure if a data analyst would be restricted to this data and if data analysis would show the same “sparkly” image.

In theory, the fact that Priya is an Indian who attended Harvard reveals another bit of information, that Priya did not choose to share: her economic standing. Given that the majority of Indians live below the line of poverty, there is a big probability that Priya belongs to India’s middle class - if not elite. Priya may not have intentionally shared this information, but it was indirectly revealed through the bits of data that she did reveal: female Indian and Harvard graduate. And while there may not be anything “incriminating” about the fact that she has a good economic standing, in India this usually means that there’s also some strong political affiliation. That brings us to her other bit of information, that her favourite author is a feminist, anarchist. While that may be viewed as indifferent information, it may be crucial depending on the specific political actors in the country she’s in and on the general political situation. If a data analyst were to map the data that Priya chose to share, along with all her friends and acquaintances that she inevitably has through Facebook, that data analyst could probably tell a story about her. And the concerning part is that that story may or may not be true. But that doesn’t really matter.

Today, governments don’t judge us and take decisions based on our version of our data, but based on what our data says about us. And perhaps, under certain political, social and economic circumstances, our “harmless” data could be more incriminating than what we think. While an individual may express strong political views within a democratic regime, if that political system were to change in the future and to become authoritarian, that individual would possibly be suspicious in the eyes of the government - to say the least. This is where data retention plays a significant role.

Most companies retain data indefinitely or for a long period of time, which means that future, potentially less-democratic governments may have access to it. And the worst part is that we can never really know what data is being held about us, because within data analysis, every bit of data may potentially entails various other bits of data that we are not even aware of. So, when we “choose” to hand over our data, we don’t necessarily know what or how much we are choosing to disclose. Thus, this is why I agree with Bruce Schneier’s argument that people have an illusionary sense of control over their personal data.

Social network analysis software is specifically designed to mine huge volumes of data that is collected through social networking sites, such as Facebook. Such software is specifically designed to profile individuals, to create “trees of communication” around them and to match patterns. In other words, this software tells a story about each and every one of us, based on our activities, interests, acquaintances, and all other data. And as mentioned before, such a story may or may not be true.

In data mining, behavioural statistics are being used to analyse our data and to predict how we are likely to behave. When applied to national databases, this may potentially amount to predicting how masses or groups within the public are likely to behave and to subsequently control them. If a data analyst can predict an individual’s future behaviour - with some probability - based on that individuals’ data, the same could potentially occur on a mass, public level. As such, the danger within surveillance - especially corporate surveillance through which we voluntarily disclose massive amounts of data about ourselves - is that it appears to come down to public control.

According to security expert Bruce Schneier, data today is a byproduct of the Information Society. Unlike an Orwellian totalitarian state where surveillance is imposed in a top-down manner, surveillance today appears to widely exist because we indirectly choose and enable it (by handing over our data to online companies), rather than it being imposed on us in a solely top-down manner. However, contemporary surveillance may potentially be far worse than that described in Orwell’s “1984”, because surveillance is publicly perceived to be an indirect threat - if considered to be a threat at all. It is more likely that people will resist a direct threat, than an indirect threat, which means that the possibility of mass violations of human rights as a result of surveillance is real.

Hannah Arendt argued that a main prerequisite and component of totalitarian power is support by the masses. Today, surveillance appears to be socially integrated within societies which indicates that contemporary power fueled by surveillance has mass support. While the argument that surveillance is being socially integrated can potentially be widely debated on and requires an entire in depth research of its own, few simple facts might be adequate to prove it at this stage. Firstly, CCTV cameras are installed in most countries, yet there has been very little resistance - on the contrary, there appears to be a type of universal acceptance on the grounds of security. Secondly, different types of spy products exist in the market - such as Spy Coca Cola cans - which can be purchased by anyone online. Thirdly, countries all over the world carry out controversial surveillance schemes - such as the Central Monitoring System in India - yet public resistance to such projects is limited. And while one may argue that the above cases don’t necessarily prove that surveillance is being socially integrated, it would be interesting to look at a fourth fact: most people who have Internet access choose to share their personal data through the use of social networking sites.

Reality shows, such as Big Brother, which broadcast the surveillance of people’s lives and present it as a form of entertainment - when actually, I think it should be worrisome - appear to enable the social integration of surveillance. The very fact that we all probably - or, hopefully - know that Facebook can share our personal data with unauthorised third parties and - now, after the Snowden revelations - that governments can tap into Facebook’s servers, should be enough to convince us to delete our profiles. Yet, why do we still all have Facebook profiles? Perhaps because surveillance is socially integrated and perhaps because it is just convenient to be on Facebook. But that doesn’t change the fact that surveillance can potentially be a threat to our human rights. It just means that we perceive surveillance as an indirect threat and that we are unlikely to react to it.

In the long term, what does this mean? Well, it seems like we will probably be more acceptive towards more authoritarian power, that we will be used to the idea of censoring our own thoughts and actions (in the fear of getting caught by the CCTV camera on the street or the spyware which may or may not be implanted in our laptop) and that ultimately, we will be less politically active and more reluctant to challenge the authority.

What’s particularly interesting though about surveillance today is that it is fueled and enabled through our freedom of speech and general Internet freedom. If we didn’t have any Internet freedom - or as much as we do - we would have disclosed less personal data and thus surveillance would probably have been more restricted. The more Internet freedom we have, the more personal data we will disclose on Facebook - and on all the ‘Facebooks’ of the world - and the more data will potentially be available to mine, analyse, share and generally incorporate in the surveillance regime. So in this sense, Internet freedom appears to be a type of prerequisite of surveillance, as contradictory and ironic as it may seem. No wonder why the Chinese government has gone the extra mile in creating the Chinese versions of Facebook and Twitter - it’s probably no coincidence.

While we may blame governments for establishing surveillance schemes, ISP and TSP operators for complying with governments’ license agreements which often mandate that they create backdoors for spying on us and security companies for creating the surveillance gear in the first place, in the end of the day, we are all equally a part of this mess. If we didn’t choose to hand over our personal data to begin with, none of the above would have been possible.

The real danger in the Digital Age is not necessarily surveillance per se, but our choice to voluntarily disclose our personal data.

For more details visit https://cis-india.org/internet-governance/blog/why-facebook-is-more-dangerous-than-the-government-spying-on-you

Expert Committee meeting on 25th November, 2013

praskrishna — 2013-11-19T10:41:27Z

A meeting of the Expert Committee has been scheduled for 25th November, 2013 at 11.00 a.m. in R.No. 714 (7th Floor), Group Meeting Room, DBT, New Delhi to discuss the draft 'Human DNA Profiling Bill 2012' under the Chairmanship of Dr. T. S. Rao, Sr. Adviser, DBT.

This was communicated by Dr. Alka Sharma, Director/Scientist, Ministry of Science & Technology, Government of India to the following individuals:

Raghbir
RK Gupta
Murali Krishna Kumar
Sunil Abraham
Amar Jesani
Usha Ramanathan
Kamal Kumar
Dr. N. Madhusudan Reddy

For more details visit https://cis-india.org/news/expert-committee-meeting-november-25-2013

Spy agencies, IB and RAW, put spanner in proposed privacy law

praskrishna — 2013-11-19T09:50:05Z

The country’s intelligence agencies are out to scuttle a law that’s being drafted to protect your privacy.

The article by Nagender Sharma and Aloke Tikku was published in the Hindustan Times on November 2, 2013. Sunil Abraham is quoted.

The Intelligence Bureau and the Research and Analysis Wing (RAW) have told the government to water down the proposed law that makes it a crime to leak sensitive personal information collected by government departments and the private sector.

The agencies conveyed their views to national security adviser Shivshankar Menon at a recent meeting at the prime minister’s office. With home secretary Anil Goswami backing the spooks, even arguing that “the very need for such a bill” should be reviewed, Menon has called for revisiting the provisions the agencies have objected to.

The Right to Privacy Bill 2013 lays down privacy principles and standards, and stipulates jail terms and fines for leak of sensitive personal data.

“If such a bill was to be considered, intelligence agencies should be exempted from its purview,” Goswami argued at the meeting.

The intelligence agencies also spoke about how the bill would “adversely affect or compromise” the functioning of many agencies and projects, such as the Central Monitoring System that is used to intercept phone calls and internet communication, and the National Intelligence Grid that would give law enforcement agencies access to information combat terror threats.

The proposed privacy law was initially conceptualised to address data privacy, particularly in the context of data handled by the Indian IT industry for foreign clients.

But the Department of Personnel and Training – that drew up the bill – expanded its scope to cover information collected by the government and interception by intelligence agencies.

Sunil Abraham of the Centre for Internet and Society, a Bangalore-headquartered advocacy group, said the security establishment’s attempts to scuttle the privacy law were a step back.

“Civil society isn’t against surveillance by security agencies. All that we ask for is due process and oversight,” Abraham said.

For more details visit https://cis-india.org/news/hindustan-times-november-2-2013-nagender-sharma-alok-tikku-spy-agencies-ib-and-raw-put-spanner-in-proposed-privacy-law

India must support UN's e-snooping move: Human rights activists

praskrishna — 2013-11-19T09:10:02Z

India is facing pressure from internet and human rights activists to support a United Nations resolution that calls for an end to electronic spying after revelations of mass illegal surveillance by the United States.

The article by Indu Nandakumar was published in the Economic Times on November 11, 2013. Sunil Abraham is quoted.

The resolution, jointly submitted by Brazil and Germany - vocal opponents of US cyber spying - urged UN member states to act against excessive surveillance. Records leaked by whistleblower Edward Snowden had exposed US eavesdropping on Brazil's President Dilma Rousseff and German Chancellor Angela Merkel.

Internet activists and experts said the world's largest democracy must join the resolution as a reaction to unfair surveillance by the US. Confidential documents from Snowden, a former US National Security Agency contractor showed India was one of the victims of US snooping.

"Decision-makers in India haven't made a principled stand on the issue. They are still debating and deliberating," said Oleg Demidov, program director for international information security and global internet governance at the Russian Center for Policy Studies.

Demidov said India was unlikely to join the resolution as it has strong language and measures that need to be implemented immediately. "Joining this would mean a big political step." The resolution, while not legally binding, can still be a formal vote against US spying. A senior government official in New Delhi said Brazil and Germany on Friday held consultations with all UN member states including India on the draft resolution.

India will take 'detailed' look

He said India will take a "detailed look" at the resolution over the coming days before deciding whether it wants to be part of it. Revelations about US government snooping on communication between governments and individuals has caused global outrage over the past few months.

Popular email and internet service providers locating their servers in the US makes tapping into communication lines easier for that country. Brazil is considering legislation that would require internet companies to store data locally.

Latest documents revealed by Snowden showed that NSA had been monitoring data that travels between servers of Yahoo and Google, thus accessing personal data of millions of internet users across the world, including Indian users. It had prompted strong reaction from Google, whose executive chairman Eric Schimdt called such snooping "outrageous."

A representative for the German federal foreign office said the resolution was submitted to "protect human rights in the digital age more effectively" and that all member states are invited to co-sponsor the resolution.

"Indians should press their own government to forcefully object to the United States' surveillance policies and demand that those policies be brought into conformity with international law," said Jameel Jaffer, deputy legal director of the American Civil Liberties Union, an influential civil rights union based in New York. Jaffer said while no one questions the US government's right to engage judicially supervised surveillance, "dragnet surveillance of entire populations is a severe and unnecessary infringement on the privacy of millions."

He said that reforming the policies of NSA would require pressure from outside the US, especially foreign governments.

The pushback against mass surveillance is taking place in the backdrop of India and US looking to strengthen their economic relationship. Issues such as the US immigration reform bill which is seen as detrimental by India's $75 billion softw are export industry, and India's nuclear liability law, which US companies find unreasonable, have been irritants in bilateral relations.

Another senior government official said India's stance on US surveillance has been soft as any discussion on the subject would bring India's Central Monitoring System into the spotlight. The system, similar to the US government's PRISM project, gives the government access to phone calls, text messages and even social media conversations of individuals.

Sunil Abraham, executive director of Bangalore based think-tank Centre for Internet and Society, said India must be a part of the efforts by Brazil and Germany.

"Surveillance needs to be addressed both at technological as well as policy levels." Former diplomat and foreign affairs expert G Parthasarathy acknowledged the need for international consensus to protect individual privacy but doubted whether snooping by governments will ever end.

"Yes, the Americans are over-doing it, but India cannot condemn it because we have been doing the same thing. India monitored conversations between (Pakistan army chief) Pervez Musharraf and his chief of general staff (Mohammed Aziz) during the Kargil conflict. The point is everyone does it, but Americans got caught."

For more details visit https://cis-india.org/news/economic-times-november-11-2013-indu-nandakumar-india-must-support-un-e-snooping-move

First Look: CIS Cybersecurity documentary film

purba — 2013-12-17T08:16:42Z

CIS presents the trailer of its documentary film DesiSec: Cybersecurity & Civil Society in India

The Centre for Internet and Society is pleased to release the trailer of its first documentary film, on cybersecurity and civil society in India.

The documentary is part of the CIS Cybersecurity Series, a work in progress which may be found here.

DesiSec: Cybersecurity and Civil Society in India

The trailer of DesiSec: Cybersecurity and Civil Society in India was shown at the Internet Governance Forum in Bali on October 24. It was a featured presentation at the Citizen Lab workshop, Internet Governance For The Next Billion Users.

The transcript of the workshop is available here: http://www.intgovforum.org/cms/component/content/article/121-preparatory-process/1476-ws-344-internet-governance-for-the-next-billion-users

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer

CIS Cybersecurity Series (Part 12) - Namita Malhotra

purba — 2013-11-18T10:03:29Z

CIS interviews Namita Malhotra, researcher and lawyer at Alternative Law Forum, Bangalore, as part of the Cybersecurity Series.

"In a strange mix of how both capitalism and state control work, what is happening is that more and more of these places that one could access, for various reasons, whether it is for ones own pleasure or for political conversations, are getting further and further away from us. And I think that that mix of both corporate interests and state control is particularly playing a role in this regard." - Namita Malhotra, researcher and lawyer, Alternative Law Forum

Centre for Internet and Society presents its twelfth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Namita Malhotra is a researcher and lawyer at Alternative Law Forum (ALF). She has a keen interest in working on law, technology and media through legal research, cultural studies, new media practices and film making.

ALF homepage: www.altlawforum.org

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-part-12-namita-malhotra

IDEX Impact Assessment Workshop

praskrishna — 2013-11-14T05:48:51Z

The Centre for Internet and Society is hosting a workshop organised by IDEX at its office in Bangalore on Saturday, November 16, 2013 from 11.30 a.m. to 6.30 p.m.

The IDEX Impact Assessment Workshop will provide a comprehensive and interactive intro and overview of all facets of Impact Assessment, with a specific focus on the Social Enterprise sector. The workshop will be conducted by Andy Bhanot of WeStat (bio below) and will be divided into two portions:

11.30 - 14.30: Impact Assessment Crash Course (Intro to IA, Types of IA, Designing IA, etc)

15.30 - 18.30: Interactive Group Projects + Presentations (Applying IA to Specific Sectors / Projects)*

*The focus of this group work will be based upon projects that the IDEX fellows have been working on over the past few months, across various sectors (Water, Livelihoods, Youth, etc)

Andy Bhanot, MBA

Andy Bhanot is a communications and marketing research expert with extensive experience in both the private and development sectors. Mr. Bhanot's areas of expertise include market research analysis and strategy formulation, business development, and leadership and team management.

Mr. Bhanot is an expert in conducting knowledge, attitude, and practice surveys, formative research, pretesting studies, and monitoring and impact evaluation studies. These studies have ranged from HIV/AIDS prevention and care, condom promotion, maternal and child health and governance to gender empowerment, water and environmental sanitation, education, and disaster risk reduction.

He is well versed in both quantitative and qualitative research methods having directed large national surveys, telephonic interviews, rapid feedback studies, focus group discussions, in-depth and key informant interviews, observations, participatory rural appraisals, and ethnographic immersions with urban and rural audiences. Studies included many difficult-to-reach populations: commercial sex workers, men having sex with men, hijras/ transgenders, injecting drug users, truck drivers, migrant workers, gate keepers in the commercial sex trade, employers of bonded labourers, and people living with HIV/AIDS.

Mr. Bhanot has conducted numerous usage and attitude studies, brand health trackers, and concept and new product tests. He also has expertise in segmentation and positioning studies, advertising and media studies, customer satisfaction studies, and distribution studies for a wide range of clients (Pfizer, Colgate, Unilever, Coca-Cola, Barclays Bank, Shell, BAT, Wrigley's, Glaxo Smithkline, Cadburys, Nestle, Delmonte, East Africa Breweries, and Tetra Pac).

Mr. Bhanot has worked and travelled extensively across India, Bangladesh, Nepal, Afghanistan, Myanmar, Cambodia, Vietnam, Kenya, Uganda, Tanzania, Ethiopia, Eritrea, Djibouti, Somaliland, and South Africa. He has presented and published research papers, and has contributed marketing research case studies to books by prominent authors.

For more details visit https://cis-india.org/internet-governance/events/idex-impact-assessment-workshop

Social media promotions can backfire, too

praskrishna — 2013-11-14T05:24:44Z

Social media is a highly effective marketing tool for companies but its very ubiquity and the speed with which messaging goes viral has meant that it can hurt them badly as well, especially since platforms are not always moderated and can be hacked or misused.

The article by Ratna Bhushan and Varuni Khosla was published in the Times of India on November 11, 2013. Sunil Abraham is quoted.

It's not just bad language and racially or socially insensitive messages seemingly originating from official Twitter handles, some companies are guilty of poorly judged promotions resulting in consumer backlash.

On the eve of the country's largest broadcaster Star India rebranding its sport channels last week, the Star Sports Twitter handle posted abusive language. Star India said the account had had been hacked, but by then the tweet had gone viral.

Just before that, the Board of Control for Cricket in India Twitter handle had cricket legend Sachin Tendulkar's digital autograph along with bad language on the eve of his retirement from the sports.

Two days before Diwali, beverage and snacks maker PepsiCo ran a contest on Twitter asking contestants to tweet their version of the Ramayana. That caused outrage on social media, led by writer Chetan Bhagat.

PepsiCo quickly apologised and removed the promotion but not before it got flooded by tweets from those who were upset by the move. While Star and BCCI blamed hackers and PepsiCo's scored an own goal, social media experts say companies need to be more responsible.

"Our intent was to involve young Indians in one of India's most loved festivals. We took immediate action and withdrew the contest," the beverage maker's spokesperson said.

AStar Sports spokesperson also said the firm had apologised for the offensive tweet. "We have investigated the issue. A thirdparty vendor had abused his privileged access to the account. We are in the process of taking necessary action and will ensure that no such event recurs."

But ensuring third-party quality control may be easier said than done. "Many companies are unable to handle their social media operations because they usually outsource these to companies that don't get paid well enough (say Rs 50,000 to Rs 60,000 per month).

Hence the people handling the accounts could be anyone from an untrained 22-year-old fresh out of college or someone who has no skill set in the social media space," said Gaba.

Sometimes humour can turn offensive too. In the middle of last year, when Sachin Tendulkar made his eagerly awaited 100th international century, a tweet from insurance services firm Bajaj Allianz went: Congrats to Sachin for his long awaited 100th ton. Now don't delay your retirement planning. #RetireRich #JiyoBefikar.

That caused much offence to Tendulkar's fans. Or take the case of Fortis, which sought to promote breast feeding week last year with the hashtag AgarMaKaDudhPia-HaiTo. Predictably, this one too ran into trouble.

"Social media by definition, unlike broadcast media, cannot be controlled. Therefore, even if you take all conceivable precautions there can be unintended consequences. But India is culturally as complicated as a continent — therefore, it requires a very sophisticated understanding and nuance to pull off humour that is universally appealing and does not offend anyone," said Abraham. Last week, the seven-year-old Twitter's stock rose 73% on its debut, with a market value of $31 billion, making it one of the most successful IPOs of the year and beating even its own expectations. Globally, examples abound of companies or institutions making on Twitter bloopers.

"Companies shouldn't always come up with the excuse that their account was hacked... they need to be accountable. A senior member of the team should always oversee tweets before they're sent out," said Ankita Gaba, co-founder of socialsamosa.com, an Indian social media knowledge storehouse.

Sunil Abraham, executive director of the Centre for Internet and Society, a non-profit research organisation that works on policy issues relating to freedom of expression and privacy, said, "The BCCI disaster is because they have taken automation too far. Automation of social media interactions can be useful but without careful human oversight, it can very easily be gamed by rogue elements online."

A PepsiCo India spokesman said the firm's #Ramayana140 Twitter contest "unintentionally caused some concern to consumers".

For more details visit https://cis-india.org/news/economic-times-november-11-2013-ratna-bhushan-varuni-khosla-social-media-promotions-can-backfire-too

The Evolving Cyber Threat and How to Address It

praskrishna — 2013-11-18T10:49:15Z

Larry Clinton, the President and Chief Executive Officer of the Internet Security Alliance will give a talk on cyber threat and how to address the same. The talk will be held at the office of the Centre for Internet and Society in Bangalore on November 22, 2.30 p.m. to 3.30 p.m.

The talk will broadly cover the following:

Using Public-Private Partnerships to Enhance Cyber Security
Ongoing Threat of Cyber-attacks Must be Fought on Both a Technical and Economic Basis
Targeted Education's Critical Role in Cyber security
Combating the Persistent Cyber Security Threat in the Manufacturing Industry / Cyber Security Threats to the Supply Chain
Economics of Cyber Security

Larry Clinton

Larry Clinton is the President and Chief Executive Officer of the Internet Security Alliance (ISA). ISA is a multi-sector trade association with membership from virtually every one of the designated critical industry sectors. The mission of the ISA is to combine advanced technology with economics and public policy to create a sustainable system of cyber security.

Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate. In 2008, ISA published its Cyber Security “Social Contract,” which is both the first and last source cited in the Executive Summary of President Obama’s “Cyberspace Policy Review” (click here for report). This report also cited more than a dozen of ISA’s white papers – far more than any other source. Recently, these ISA documents were also the inspiration for many of the recommendations in the House Republican Cyber Security Task Force Report (click here for report).

Mr. Clinton is known for his ability to take the complicated issues in this space and explain them clearly to a wide range of audiences: professional, policy makers and the general public. He has been featured in mass media such as USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC. He has also authored numerous professional journal articles on cyber security. This year he has published articles in the Cutter IT Journal, the Journal of Strategic Security and the Journal of Software Technology (click here for a full list of articles and other ISA news appearances).

The ISA’s pro-market, incentives-based approach to cyber security, rather than regulation, is outlined in its numerous publications, including the ISA Cyber Security Social Contract and Financial Management of Cyber Security series, which were written by the ISA Board of Directors and edited by Mr. Clinton (click here for the full list of ISA Publications).

For more details visit https://cis-india.org/internet-governance/events/evolving-cyber-threat-and-how-to-address-it

Interview with Caspar Bowden - Privacy Advocate and former Chief Privacy Adviser at Microsoft

maria — 2013-11-06T08:16:05Z

Maria Xynou recently interviewed Caspar Bowden, an internationally renowned privacy advocate and former Chief Privacy Adviser at Microsoft. Read this exciting interview and gain an insight on India's UID and CMS schemes, on the export of surveillance technologies, on how we can protect our data in light of mass surveillance and much much more!

Caspar Bowden is an independent advocate for better Internet privacy technology and regulation. He is a specialist in data protection policy, privacy enhancing technology research, identity management and authentication. Until recently he was Chief Privacy Adviser for Microsoft, with particular focus on Europe and regions with horizontal privacy law.

From 1998-2002, he was the director of the Foundation for Information Policy Research (www.fipr.org) and was also an expert adviser to the UK Parliament for the passage of three bills concerning privacy, and was co-organizer of the influential Scrambling for Safety public conferences on UK encryption and surveillance policy. His previous career over two decades ranged from investment banking (proprietary trading risk-management for option arbitrage), to software engineering (graphics engines and cryptography), including work for Goldman Sachs, Microsoft Consulting Services, Acorn, Research Machines, and IBM.

The Centre for Internet and Society interviewed Caspar Bowden on the following questions:

1. Do you think India needs privacy legislation? Why / Why not?

Well I think it's essential for any modern democracy based on a constitution to now recognise a universal human right to privacy. This isn't something that would necessarily have occurred to the draft of constitutions before the era of mass electronic communications, but this is now how everyone manages their lives and maintains social relationships at a distance, and therefore there needs to be an entrenched right to privacy – including communications privacy – as part of the core of any modern state.

2. The majority of India's population lives below the line of poverty and barely has any Internet access. Is surveillance an elitist issue or should it concern the entire population in the country? Why / Why not?

Although the majority of people in India are still living in conditions of poverty and don't have access to the Internet or, in some cases, to any electronic communications, that's changing very rapidly. India has some of the highest growth rates in take up with both mobile phones and mobile Internet and so this is spreading very rapidly through all strata of society. It's becoming an essential tool for transacting with business and government, so it's going to be increasingly important to have a privacy law which guarantees rights equally, no matter what anyone's social station or situation. There's also, I think, a sense in which having a right to privacy based on individual rights is much preferable to some sort of communitarian approach to privacy, which has a certain philosophical following; but that model of privacy - that somehow, because of a community benefit, there should also be a sort of community sacrifice in individual rights to privacy - has a number of serious philosophical flaws which we can talk about.

3. "I'm not a terrorist and I have nothing to hide...and thus surveillance can't affect me personally." Please comment.

Well, it's hard to know where to begin. Almost everybody in fact has “something to hide”, if you consider all of the social relationships and the way in which you are living your life. It's just not true that there's anybody who literally has nothing to hide and in fact I think that it's rather a dangerous idea, in political culture, to think about imposing that on leaders and politicians. There's an increasing growth of the idea – now, probably coming from America- that political leaders (and even their staff - to get hired in the current White House) should open up their lives, even to the extent of requiring officials to give up their passwords to their social network accounts (presumably so that they can be vetted for sources of potential political embarrassment in their private life). This is a very bad idea because if we only elect leaders, and if we only employ bureaucrats, who do not accord any subjective value to privacy, then it means we will almost literally be electing (philosophical) zombies. And we can't expect our political leaders to respect our privacy rights, if we don't recognise that they have a right to privacy in their own lives also. The main problem with the “nothing to hide, so nothing to fear” mantra is that this is used as a rhetorical tool by authoritarian forces in government and society, who simply wish to take a more paternalistic and protective attitude. This reflects a disillusionment within the “deep state” about how democratic states should function.

Essentially, those who govern us are given a license through elections to exercise power with consent, but this entails no abrogation of a citizen's duty to question authority. Instead, that should be seen as a civic duty - providing the objections are reasonable. People actually know that there are certain things in their lives that they don't wish other people to know, but by indoctrinating the “nothing to hide” ideology, it inculcates a general tendency towards more conformism in society, by inhibiting critical voices.

4. Should people have the right to give up their right to privacy? Why / Why not?

In European data protection law there is an obscure provision which is particularly relevant to medical privacy, but almost never used in the area of so-called sensitive personal data, like political views or philosophical views. It is possible currently for European governments to legislate to override the ability of the individual to consent. So this might arise, for example, if a foreign company sets up a service to get people to consent to have their DNA analysed and taken into foreign databases, or generally where people might consent to a big foreign company analysing and capturing their medical records. I think there is a legitimate view that, as a matter of national policy, a government could decide that these activities were threatening to data sovereignty, or that was just bad public policy. For example, if a country has a deeply-rooted social contract that guarantees the ability to access medical care through a national health service, private sector actors could try to undermine that social-solidarity basis for universal provision of health care. So for those sorts of reasons I do think it's defensible for governments to have the ability in those sectors to say: “Yes, there are areas where people should not be able to consent to give up their privacy!”

But then going back to the previous answer, more generally, commercial privacy policies are now so complicated – well, they've always been complicated, but now are mind-blowingly devious as well - people have no real possibility of knowing what they're consenting to. For example, the secondary uses of data flows in social networks are almost incomprehensible, even for technologists at the forefront of research. The French Data Protection authorities are trying to penalize Google for replacing several very complicated privacy policies by one so-called unified policy, which says almost nothing at all. There's no possible way for people to give informed consent to this over-simplified policy, because it doesn't even tell anything useful to an expert. So again in these circumstances, it's right for a regulator to intercede to prevent unfair exploitation of the deceptive kind of “tick-box” consent. Lastly, it is not possible for EU citizens to waive or trade away their basic right to access (or delete) their own data in future, because this seems a reckless act and it cannot be foreseen when this right might become essential in some future circumstances. So in these three senses, I believe it is proper for legislation to be able to prevent the abuse of the concept of consent.

5. Do you agree with India's UID scheme? Why / Why not?

There is a valid debate about whether it's useful for a country to have a national identity system of some kind - and there's about three different ways that can be engineered technically. The first way is to centralise all data storage in a massive repository, accessed through remote terminal devices. The second way is a more decentralised approach with a number of different identity databases or systems which can interoperate (or “federate” with eachother), with technical and procedural rules to enforce privacy and security safeguards. In general it's probably a better idea to decentralise identity information, because then if there is a big disaster (or cyber-attack) or data loss, you haven't lost everything. The third way is what's called “user-centric identity management”, where the devices (smartphones or computers) citizens use to interact with the system keep the identity information in a totally decentralised way.

Now the obvious objection to that is: “Well, if the data is decentralised and it's an official system, how can we trust that the information in people's possession is authentic?”. Well, you can solve that with cryptography. You can put digital signatures on the data, to show that the data hasn't been altered since it was originally verified. And that's a totally solved problem. However, unfortunately, not very many policy makers understand that and so are easily persuaded that centralization is the most efficient and secure design – but that hasn't been true technically for twenty years. Over that time, cryptographers have refined the techniques (the alogithms can now run comfortably on smartphones) so that user-centric identity management is totally achievable, but policy makers have not generally understood that. But there is no technical reason a totally user-centric vision of identity architecture should not be realized. But still the UID appears to be one of the most centralised large systems ever conceived.

There are still questions I don't understand about its technical architecture. For example, just creating an identity number by itself doesn't guarantee security and it's a classic mistake to treat an identifier as an authenticator. In other words, to use an identifier or knowledge of an identifier - which could become public information, like the American social security number – to treat knowledge of that number as if it were a key to open up a system to give people access to their own private information is very dangerous. So it's not clear to me how the UID system is designed in that way. It seems that by just quoting back a number, in some circumstances this will be the key to open up the system, to reveal private information, and that is an innately insecure approach. There may be details of the system I don't understand, but I think it's open to criticism on those systemic grounds.

And then more fundamentally, you have to ask what's the purpose of that system in society. You can define a system with a limited number of purposes – which is the better thing to do – and then quite closely specify the legal conditions under which that identity information can be used. It's much more problematic, I think, to try and just say that “we'll be the universal identity system”, and then you just try and find applications for it later. A number of countries tried this approach, for example Belgium around 2000, and they expected that having created a platform for identity, that many applications would follow and tie into the system. This really didn't happen, for a number of social and technical reasons which critics of the design had predicted. I suppose I would have to say that the UID system is almost the anithesis of the way I think identity systems should be designed, which should be based on quite strong technical privacy protection mechanisms - using cryptography - and where, as far as possible, you actually leave the custody of the data with the individual.

Another objection to this user-centric approach is “back-up”: what happens when you lose the primary information and/or your device? Well, you can anticipate that. You can arrange for this information to be backed-up and recovered, but in such a way that the back-up is encrypted, and the recovered copy can easily be checked for authenticity using cryptography.

6. Should Indian citizens be concerned about the Central Monitoring System (CMS)? Why / Why not?

Well, the Central Monitoring System does seem to be an example of very large scale “strategic surveillance”, as it is normally called. Many western countries have had these for a long time, but normally only for international communications. Normally surveillance of domestic communications is done under a particular warrant, which can only be applied one investigation at a time. And it's not clear to me that that is the case with the Central Monitoring System. It seems that this may also be applicable to mass surveillance of communications inside India. Now we're seeing a big controversy in the U.S - particularly at the moment - about the extent to which their international strategic surveillance systems are also able to be used internally. What has happened in the U.S. seems rather deceptive; although the “shell” of the framework of individual protection of rights was left in place, there are actually now so many exemptions when you look in the detail, that an awful lot of Americans' domestic communications are being subjected to this strategic mass surveillance. That is unacceptable in a democracy.

There are reasons why, arguably, it's necessary to have some sort of strategic surveillance in international communications, but what Edward Snowden revealed to us is that in the past few years many countries – the UK, the U.S, and probably also Germany, France and Sweden – have constructed mass surveillance systems which knowingly intrude on domestic communications also. We are living through a transformation in surveillance power, in which the State is becoming more able to monitor and control the population secretively than ever before in history. And it's very worrying that all of these systems appear to have been constructed without the knowledge of Parliaments and without precise legislation. Very few people in government even seem to have understood the true mind-boggling breadth of this new generation of strategic surveillance. And no elections were fought on a manifesto asking “Do people want this or not?”. It's being justified under a counter-terrorism mantra, without very much democratic scrutiny at all. The long term effects of these systems on democracies are really uncharted territory.

We know that we're not in an Orwellian state, but the model is becoming more Kafkaesque. If one knows that this level of intensive and automated surveillance exists, then it has a chilling effect on society. Even if not very much is publicly known about these systems, there is still a background effect that makes people more conformist and less politically active, less prepared to challenge authority. And that's going to be bad for democracy in the medium term – not just the long term.

7. Should surveillance technologies be treated as traditional arms / weapons? If so, should export controls be applied to surveillance technologies? Why / Why not?

Surveillance technologies probably do need to be treated as weapons, but not necessarily as traditional weapons. One probably is going to have to devise new forms of export control, because tangible bombs and guns are physical goods – well, they're not “goods”, they're “bads” - that you can trace by tagging and labelling them, but many of the “new generation” of surveillance weapons are software. It's very difficult to control the proliferation of bits – just as it is with copyrighted material. And I remember when I was working on some of these issues thirteen years ago in the UK – during the so-called crypto wars – that the export of cryptographic software from many countries was prohibited. And there were big test cases about whether the source code of these programs was protected under the US First Amendment, which would prohibit such controls on software code. It was intensely ironic that in order to control the proliferation of cryptography in software, governments seemed to be contemplating the introduction of strategic surveillance systems to detect (among other things) when cryptographic software was being exported. In other words, the kind of surveillance systems which motivated the “cypherpunks” to proselytise cryptography, were being introduced (partly) with the perverse justification of preventing such proliferation of such cryptography!

In the case of the new, very sophisticated software monitoring devices (“Trojans”) which are being implanted into people's computers – yes, this has to be subject to the same sort of human rights controls that we would have applied to the exports of weapon systems to oppressive regimes. But it's quite difficult to know how to do that. You have to tie responsibility to the companies that are producing them, but a simple system of end-user licensing might not work. So we might actually need governments to be much more proactive than they have been in the past with traditional arms export regimes and actually do much more actively to try and follow control after export – whether these systems are only being used by the intended countries. As for the law enforcement agencies of democratic countries which are buying these technologies: the big question is whether law enforcement agencies are actually applying effective legal and operational supervision over the use of those systems. So, it's a bit of a mess! And the attempts that have been made so far to legislate this area I don't think are sufficient.

8. How can individuals protect their data (and themselves) from spyware, such as FinFisher?

In democratic countries, with good system of the rule of law and supervision of law enforcement authorities, there have been cases – notably in Germany – where it's turned out that the police using techniques, like FinFisher, have actually disregarded legal requirements from court cases laying down the proper procedures. So I don't think it's good enough to assume that if one was doing ordinary lawful political campaigning, that one would not be targeted by these weapons. So it's wise for activists and advocates to think about protecting themselves – of course, other professions as well who look after confidential information – because these techniques may also get into the hands of industrial spies, private detectives and generally by people who are not subject to even the theoretical constraints of law enforcement agencies.

After Edward Snowden's revelations, we understand that all our computer infrastructure is much more vulnerable – particularly to foreign and domestic intelligence agencies – than we ever imagined. So for example, I don't use Microsoft software anymore – I think that there are techniques which are now being sold to governments and available to governments for penetrating Microsoft platforms and probably other major commercial platforms as well. So, I've made the choice, personally, to use free software – GNU/Linux, in particular – and it still requires more skill for most people to use, but it is much much easier than even a few years ago. So I think it's probably wise for most people to try and invest a little time getting rid of proprietary software if they care at all about societal freedom and privacy. I understand that using the latest, greatest smartphone is cool, and the entertainment and convenience of Cloud and tablets – but people should not imagine that they can keep those platforms secure.

It might sound a bit primitive, but I think people should have to go back to the idea that if they really want confidential communications with their friends, or if they are involved with political work, they have to think about setting aside one machine - which they keep offline and just use essentially for editing and encrypting/decrypting material. Once they've encrypted their work on their “air gap” machine, as it's called, then they can put their encrypted emails on a USB stick and transfer them to their second machine which they use to connect online (I notice Bruce Schneier is just now recommending the same approach). Once the “air gap” machine has been set up and configured, you should not connect that to the network – and preferably, don't connect it to the network, ever! So if you follow those sorts of protocols, that's probably the best that is achievable today.

9. How would you advise young people working in the surveillance industry?

Young people should try and read a little bit into the ethics of surveillance and to understand their own ethical limits in what they want to do, working in that industry. And in some sense, I think it's a bit like contemplating a career in the arms industry. There are defensible uses of military weapons, but the companies that build these weapons are, at the end of the day, just corporations maximizing value for shareholders. And so, you need to take a really hard look at the company that you're working for or the area you want to work in and satisfy your own standard of ethics, and that what you're doing is not violating other people's human rights. I think that in the fantastically explosive growth of surveillance industries that we've seen over the past few years – and it's accelerating – the sort of technologies particularly being developed for electronic mass surveillance are fundamentally and ethically problematic. And I think that for a talented engineer, there are probably better things that he/she can do with his/her career.

For more details visit https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate

Open Secrets

nishant — 2013-11-30T08:21:21Z

We need to think of privacy in different ways — not only as something that happens between people, but between you and corporations.

Dr. Nishant Shah's article was originally published in the Indian Express on October 27.

If you are a part of any social networking site, then you know that privacy is something to be concerned about. We put out an incredible amount of personal data on our social networks. Pictures with family and friends, intimate details about our ongoing drama with the people around us, medical histories, and our spur-of-the-moment thoughts of what inspires, peeves or aggravates us. In all this, the more savvy use filters and group settings which give them some semblance of control about who has access to this information and what can be done with it.

But it is now a given that in the world of the worldwide web, privacy is more or less a thing of the past. Data transmits. Information flows. What you share with one person immediately gets shared with thousands. Even though you might make your stuff accessible to a handful of people, the social networks work through a "friend-of-a-friend effect", where others in your networks use, like, share and spread your information around so that there is an almost unimaginable audience to the private drama of our lives. Which is why there is a need for a growing conversation about what being private in the world of big data means.

Privacy is about having control over the data and some ownership about who can use it and for what purpose. Interface designs and filters that allow limited access help this process. The legal structures are catching up with regulations that control what individuals, entities, governments and corporations can do with the data we provide. However, most people think of privacy as a private matter. Just look at last month's conversations around Facebook's new privacy policies, which no longer allow you to hide. If you are on Facebook, people can find you using all kinds of parameters — meta data — other than just your name. They might find you through hobbies, pages you like, schools you have studied in, etc. This can be scary because it means that based on particular activities, people can profile and follow you. Especially for people in precarious communities — the young adults, queer people who might not be ready to be out of the closet, women who already face increased misogyny and hostility online. This means they are officially entering a stalkers' paradise.

While those concerns need to be addressed, there is something that seems to be missing from the debate. Almost all of these privacy alarms are about what people can do to people. That we need to protect ourselves from people, when we are in public — digital or otherwise. We are reminded that the world is filled with predators, crackers and scamsters, who can prey on our personal data and create physical, emotional, social and financial havoc. But this is the world we already know. We live in a universe filled with perils and we have learned and coped with the fact that we navigate through dangerous spaces, times and people all the time. The digital is no different than the physical when it comes to the possible perils that we live in, though digital might facilitate some kinds of behaviour and make data-stalking easier.

What is different with the individualised, just-for-you crafted world of the social web is that there are things which are not human, which are interacting with you in unprecedented ways. Make a list of the top five people you interact with on Facebook. And you will be wrong. Because the thing that you interact with the most on Facebook, is Facebook. Look at the amount of chatter it creates — How are you feeling today?; Your friend has updated their status; Somebody liked your comment… the list goes on. In fact, much as we would like to imagine a world that revolves around us, we know that there are a very few people who have the energy and resources to keep track of everything we do. However, no matter how boring your status message or how pedestrian your activity, deep down in a server somewhere, an artificial algorithm is keeping track of everything that you do. Facebook is always listening, and watching, and creating a profile of you. People might forget, skip, miss or move on, but Facebook will listen, and remember long after you have forgotten.

If this is indeed the case, we need to think of privacy in different ways — not only as something that happens between people, but between people and other entities like corporations. The next time there is a change in the policy that makes us more accessible to others, we should pay attention. But what we need to be more concerned about are the private corporations, data miners and information gatherers, who make themselves invisible and collect our personal data as we get into the habit of talking to platforms, gadgets and technologies.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-october-27-2013-nishant-shah-open-secrets

EC guidelines on social media: Welcome move, but not enough

praskrishna — 2013-11-19T10:18:51Z

With election season close by and the growing ubiquity of social media, the Election Commission of India’s recent guidelines for how candidates and political parties must conduct themselves on social media are a well-intentioned step. But are these guidelines enough to regulate how online media is used by parties and candidates, given the kind of proxy wars that are played online? For now, not really.

This article was published in the First Post on November 1. Sunil Abraham is quoted.

For the first time time, the EC is seeking detailed expenditure records, and disclosure of all authentic social media accounts of every candidate. The guidelines have also looked at online advertising and the EC has asked that all ads by political parties should be pre-certified before they are released online. In fact, Firstpost’s Pallavi Pollanki had reported even before the guidelines were published that the EC was working towards monitoring the use of social media. You can read the full story here.

Currently, however, the guidelines don’t take into account, content posted by persons other than candidates and political parties. The last paragraph of the EC’s order states, “As far as the content posted by persons other than candidates and political parties is concerned, the Commission is considering the matter in consultation with the Ministry of Communication and Information Technology on practical ways to deal with the issue, in so far as they relate to, or can be reasonably connected with, the election campaigning of political parties and candidates.”

The nature of the web is such that possible to create many IPs, change Twitter handles, create new user ids on public discussion forums. Thus it becomes very hard to gauge who is a volunteer/ just another ordinary supporter or who is a paid supporter. Even the EC acknowledges that.

Sunil Abraham, Director of the Centre for Internet and Society based in Bangalore, has a valid point on this. He says, “The guidelines only regulate the social media accounts of politicians and their parties. It does not regulate social media content published by others. This basically means that the EC needs to develop sophisticated tools to detect astroturfing, sock puppetry, meat puppetry and other forms of manipulation of the networked public sphere. Without these tools it would not be possible to tell when politicians and political parties use proxies to circumvent the guidelines.”

Astroturfing, for instance is when a site or an independent entity claims to be completely neutral and in favour of a political message without revealing its funding source. Very often software is used to create many online avatars. Sometimes it’s one person with many online identities which is also known as sock puppetry.

So yes, there might be online content or websites that claim to be independent and supports or mocks a particular leader but it might not always be possible to know who is financing them. While the EC might be able to keep a tab on official Twitter handles and Facebook and perhaps other few that are revealed by the party, it will be very hard to pinpoint proxy accounts, websites etc.

For example when it comes to a leader like Modi, there are many websites that are pro and anti-Modi. One in particular which defends Modi is called Godhra Riots the True Story and seeks to tell what it claims is the true tale behind the Godhra riots. When you type Godhra Riots, it is the number two search result in Google. In the About Us section, the website claims to be run by well-wishers of humanity and gives only a vague idea of its owner.

The site tries to absolve Modi, but since it doesn’t claim to be run by any political party, it doesn’t come under the purview of the EC’s guidelines and there is no reason to reveal who runs or funds it.

Counter to that is another website called Truth of Gujarat, which seeks to reveal the truth behind Narendra Modi’s development and other claims. The work published on the site bears bylines prominently but there is no easy way of knowing who finances the site and its research. The fact is that everyone claims to be represent a certain version of the truth on the web and when you don’t know the source, it becomes deeply problematic.

There’s also the question of Internet trolls who are largely un-touched by the guidelines. And there’s no denying that trolls do form a large part of the online political discourse in India.

We asked Ishan Russel, the managing partner for The Image People, a firm that specialises in political campaign management, if the guidelines are insufficient to deal with trolls.

He wrote, “Social media has ensured that a lot more people are expressing their opinion plus the added advantage of anonymity makes it easy for trolling. The days of the political class laying down the agenda are perhaps over… To try and regulate every comment is impossible, the best perhaps the EC can ensure is that no hateful campaigning happens online.”

EC also wants pre-certification for online advertising. But Sunil feels that pre-certification is overkill. He says, “This will greatly reduce the agility required by political parties on social media. Post facto notification would have been a sufficient measure to ensure compliance with the guidelines and other regulations of the EC.”

Ishant however says that pre-certification is good especially for video-based content, “In cases where for example a video ad is used it is good perhaps to pre-screen it so that it does not violate any norms.” He feels it is necessary to ensure that the online space remains fair too.

It would be fair to say that for now while the EC’s guidelines were much-needed but given the way the Internet works, they still have a long way to go.

For more details visit https://cis-india.org/news/firstpost-november-1-2013-shruti-dhapola-ec-guidelines-on-social-media

Mapping Digital Media: Broadcasting, Journalism and Activism in India: A Public Consultation

samantha — 2013-11-07T03:38:45Z

Lawyers, researchers, journalists and activists gathered on Sunday, October 27, 2013 at the Bangalore International Centre in response to India’s country report on Mapping Digital Media, which examines citizen’s access to quality news and information across different industries, and impacts on media freedoms as a result of digitisation. Respondents examined themes related to regulation, journalism and activism, and engaging discussions took place among attendees.

On behalf of event organizers, we invite you to view the report, available online for free access here: "Mapping Digital Media: India.

Event organizers, Alternative Law Forum, The Centre for Internet & Society, and Maraa, held a public consultation at the Bangalore International Centre with the ultimate goals to inform and engage the public within key themes of the Mapping Digital Media: India report, as a new knowledge basis for better understanding India’s transitioning digital landscape. Many resulting ideas about moving forward with the report’s findings also came about, as prospective proceeding steps within the life cycle following the report’s release.

Respondents consisted of reputed media lawyers, researchers, journalists, activist and other media professionals. Each spoke before the meeting room within three panel discussions pertaining to different sections of the report: Policies, Laws and Regulators; Digital Activism; and Digital Journalism. Each speaker shed a new light on key challenges confronting our emergent digital media landscape with special focus given to broadcasting (radio and television), cable operations and newspapers (print & online) as each of these sectors undergo digitisation.

Opening

Vibodh Parthasarathi, who had anchored the country report, started off the consultation by underscoring the report's objective of mapping the different sectors and seemingly disparate aspects of India's complex media landscape. Following a brief introduction to the report was the setting of the stage by Alternative Law Forum Co-founder and Partner, Lawrence Liang, as he shared the ultimate aims of the event in speaking collectively to the report so that we may gain a better understanding of an area that is otherwise opaque by most. Lawrence also brings to the forefront the report’s debunking of the idea of the digital divide for India, and its account of a rich media landscape.

Policies, Laws and Regulators

The consultation’s first panel discussion was started by Lawrence, as he responded to the report from a perspective of legality. Lawrence examines the role of the state in India’s rich media landscape, specifically in terms of the four values at the centre of such: freedom of speech and expression, access to infrastructure, the question of development, and the question of market regulations—all of which are tied together within the country report. Lawrence argues that we must arrive at quantitative measures of accessing diversity and quantity of freedom of speech, but only after understanding the ecology in which freedom of speech operates, and attempts to do so in examining drafted policies, policing measures, and market regulatory measures taken within the context of India.

Thirty attendees including journalists, activists, academics, and lawyers, all brought forth different perspectives on digital media in India.

Following was Matthew John, Associate Professor and Executive Director of the Centre on Public law and Jurisprudence. Matthew shared his impressions on the report, while making reference to three issues the report asks us to rethink; these being: public reason, the regulatory state, and the question of distribution. Matthew gives rise to a democratic problem in the public sphere of communication and claims that how it is addressed and resolved must be paid attention to. He makes reference to the history of telecom cases in responding to the question of how we are going to think about freed up telecom, and contrasts different types of regulatory agencies in asking the question of whether or not we should separate regulation from politics.

An engaging discussion following this panel’s speakers took place. Amongst points made by event attendees includes questions of how to scale up the citizen’s stake in media within a legal paradigm, as well as points made with reference to challenges to equity in media in terms of content and challenges to such.

Digital Media and Society (Digital Activism)

The discussion had begun with panelist, Arjun Venkatraman, Co-founder of the Mojolab Foundation as well as the digital activism platform, Swara. Arjun engages within the digital media debate in speaking on behalf of members of civil society that act from within the digital divide and exposes the gaps within new modes of activism that arise out of a lack of understanding on how to engage with these new medias. He also informed attendees of how to make cheap IVR based voice portals, linking voice users to the web for under USD200 as means of leveraging users’ voices via unlicensed spectrum.

Also contributing to the discussion on digital activism was Meera K, Cofounder of Bangalore News publication, Citizen Matters. In examining examples of new spaces that digital media has provided for the exchange of pluralistic views and alternative voices, Meera critiques different types of activism that have emerged, including social activism, political activism, and middle class activism. She questions whether new media can be seen as sufficient space for free speech with reference to various challenges, such as the polarization of debates, and also compares and contrasts the positive outcomes of new media campaigns—such as tangible capitalized solutions—with corresponding pitfalls.

A debate amongst attendees followed in response to the question of assessing the value of media in terms of impact or size of public outreach, along with how content is generated and controlled.

Digital Media and Journalism

Independent journalist and media analyst, Geeta Seshu, got the conversation started regarding digital media and journalism by comparing the pitfalls of journalism in traditional media with the possibilities offered by digital journalism. Geeta argues that journalists have become devalued and are losing their footing within traditional media. She discussed the new forms of journalism and how news can be generated in an interactive and non-hierarchical manner and examined the intersections of mainstream media and journalism. She questions the possibility of digital journalism existing on its own, without the influence of or incorporation of principles of traditional media, and grapples with possibilities for providing a new model for doing so.

The day’s last speaker was Subhash Rai, Associate Editor of New Indian Express. Subhash offers a mainstream perspective and argues that we must look at traditional and mainstream forms of media as a starting point for emerging forms of journalism before we can begin to understand these journalism models better. Just as well, traditional and mainstreams means of news dissemination can learn from digital media, however we should not be quick to look away from the core of the entire picture, as traditional forms of media are still very strong in comparison.

A discussion followed surrounded questions posed by speakers and attendees, such as what digital journalism should look like, and how such a transition to new forms of media should be imagined. How information has changed with respect to its creation and consumption was debated as well.

Moving Forward

Before the conclusion of the public consultation, attendees and speakers discussed future advancements for the country report. Many recommendations and ideas were generated, including suggestions for future public consultations, advocacy windows offered by the report, and ways to produce another iteration of the report. Prospective initiatives included online working groups to dive deeper into specific themes of the report, a Hackathon where attendees will pool ideas together, and follow-up public consultations.


Participants brainstormed together on how to move forward the report’s findings. Many ideas were drafted, including a Hack-a-thon and online focus groups.

The event's agenda went as follows:

Time	Detail
10.00 a.m.	Introductory Remarks by Vibodh Parthasarathi, CCMG, Jamia
10.15 a.m. - 11.30 a.m.	Policies, Laws and Regulators Session Moderator – Ram Bhat Speakers – Lawrence Liang (ALF) and Mathew John (JGLS)
11.30 a.m. - 11.45 a.m.	Tea Break
11.45 a.m. - 1.15 p.m.	Digital Media and Society (Digital Activism) Session Moderator – Lawrence Liang Speakers – Arjun Venkatraman (Mojolab) and Meera K (Citizen Matters)
1.15 p.m. - 2.00 p.m.	Lunch Break
2.00 p.m. - 3.15 p.m.	Digital Media and Journalism Session Moderator – Vibodh Parthasarathi Speakers – Geeta Seshu (Free Speech Hub) and Subhash Rai (newindianexpress.com)
3.15 p.m. - 4.00 p.m.	The Way Ahead (Moving Forward) Moderated by Lawrence Liang

Event Participants

Rashmi Vallabhrajasyuva
Meera K, Oorvani Foundation
Samantha Cassar, CIS
Sharath Chandra Ram, CIS
Suresh Kumar, Artist
Aruna Sekhar, Amnesty India
Sriram Sharma, Part time Blogger
Ammu Joseph, Independent Researcher
Mathew John, Jindal Global Law School
Swati Mehta, The Rules
James North, The Rules
Bhairav Acharya, Lawyer
Deepa Kurup, The Hindu
Abhilash N, Independent
Deepu, Pedestrian Pictures
Rashmi M, PhD Student at NIAS
Jayanth S, LOCON Solutions Pvt Ltd.
Nehaa Chaudhari, CIS
Dinesh TB, Servelots
Snehashish Ghosh, CIS
Lawrence Liang, ALF
Vibodh Parthasarathi, CCMG, Jamia
Ram Bhat, Maraa
Ashish Sen, AMARC
Subhash Rai, New Indian Express
Geeta Seshu, Free Speech Hub, The Hoot
Arjun Venkatraman, Mojo Lab Foundation
Raajen, Centre for Education and Documentation
Ekta, Maraa
Smarika Kumar, ALF

Press Coverage

Need to increase diversity in online journalism (The New Indian Express, October 28, 2013).
Experts moot holistic approach to media laws (The Hindu, October 28, 2013).

For more details visit https://cis-india.org/internet-governance/blog/mapping-digital-media-broadcasting-journalism-activism-india

October 2013 Bulletin

praskrishna — 2014-01-04T04:31:01Z

Our newsletter for the month of October 2013 can be accessed below.

Highlights

The National Resource Kit team is pleased to bring you its research for the states of Delhi, Madhya Pradesh and Arunachal Pradesh, and the Union Territory of Daman and Diu.
The Department of Electronics and Information Technology invited comments on the Framework on the proposed adoption of Open Source Software in E-Governance Systems. CIS gave its feedback.
The Access to Knowledge team in collaboration with the Goa University re-released the Konkani Vishwakosh under Creative Commons License CC-BY-SA-3.0.
Sunil Abraham, Pranesh Prakash and Chinmayi Arun participated in the Internet Governance Forum held in Bali, Indonesia from October 21 to 25. Overall CIS spoke in 7 panels.
In an article on Spy Files, Maria Xynou examines the legality of India’s surveillance technologies and their potential connection to India’s central monitoring system.
A clause-by-clause comments on the Working draft version of the Human DNA Profiling Bill, 2012 was sent to the Ministry of Science and Technology.
CIS started the first Privacy Watch in India. The map includes data on the UID, NPR and CCTNS schemes, installation of CCTV cameras and the use of drones throughout the country.

Accessibility

As part of our project (under a grant from the Hans Foundation) on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India, we bring you draft chapters for the states of Madhya Pradesh and Arunachal Pradesh, and the union territory of Daman and Diu. With this we have completed compilation of draft chapters for 24 states and 5 union territories. Feedback and comments are invited from readers for the following chapters:

National Resource Kit

The Daman and Diu Chapter (by Anandhi Viswanathan, October 28, 2013).
The Arunachal Pradesh Chapter (by CLPR, October 29, 2013).
The Madhya Pradesh Chapter (by Anandhi Viswanathan, October 30, 2013).
The Delhi Chapter (by Anandhi Viswanathan, October 31, 2013).

Note: All of these are early drafts and will be reviewed and updated.

Survey (Other Organisation)

Accessibility of Banks and Financial Services Institutions: A Global Survey (posted by Nilofar Ansher, October 20, 2013). G3ict and Scotiabank, requests senior managers, COO / CEOs, Managing Directors, IT Directors, HR Directors, and accessibility professionals from banks and financial services companies to participate.

Blog Entry

Bengali eSpeak Aids in Disaster Management (by Anirudh Sridhar, October 15, 2013).

Access to Knowledge

The Access to Knowledge programme addresses the harms caused to consumers and human rights, and critically examines Open Government Data, Open Access to Scholarly Literature, and Open Access to Law, Open Content, Open Standards, and Free/Libre/Open Source Software. We produced a column in the Economic and Political Weekly, submitted our feedback on Framework on Open Source Software Adoption in E-Governance Systems, and conducted 3 Wikipedia workshops:

Article

The Fight for Digital Sovereignty (by Sunil Abraham, Economic and Political Weekly, Vol-XLVIII No. 42, October 19, 2013).

Blog Entries

Mobile Phone Patents: Prior Art Survey (by Nehaa Chaudhari, October 23, 2013).
Ambiguity in the App Store: Understanding India’s emerging IT sector in light of IP (by Samantha Cassar, October 24, 2013).

Submission

Feedback on the Framework on OSS Adoption in E-Governance Systems (by Nehaa Chaudhari, October 26, 2013). In September, 2013, the DeitY invited comments on the Framework on the proposed adoption of Open Source Software in E-Governance Systems. CIS gave its feedback.

Events Participated In

OSOD 2013: International Workshop on Open Science and Open Data (organised by Indian Statistical Institute, Bangalore, October 7, 2013). Nehaa Chaudhari participated as a panelist and gave a presentation on Government Accessibility and Copyright Conundrum.

National Conference on Opening up by Closing the Circle: Strengthening Open Access in India (co-organised by UNESCO, Central Library, Jawaharlal Nehru University and the Commonwealth Educational Media Centre for Asia, October 21, 2013). Nehaa Chaudhari was a panelist in the discussion on "Why Open Access?". She gave a presentation on 'Pondering Copyright and Recasting Openness'.

Note: The following has been done under grant from the Wikimedia Foundation (http://bit.ly/SPqFOl). As part this project (http://bit.ly/X80ELd), we held 3 Wikipedia workshops in October:

Event Co-organised

Re-release of Konkani Vishwakosh under CC-BY-SA 3.0 (organised by Goa University and CIS-A2K, Goa University Conference Hall, September 26, 2013). Nitika Tandon has blogged about the event.

Events Organised

Workshop on Wikipedia in the Indian Undergraduate Language Classrooms (October 1, 203, Christ University, Bangalore). Dr. U.B. Pavanaja conducted the workshop.
Train the Trainer — Four-day long Residential Programme (October 3 – 6, 2013, CEO Center, Gubbi, Bangalore. CIS-A2K Team conducted the workshop. Seventeen people participated in the event.
Konkani Vishwakosh Digitization (Goa University, October 19-20, 2013). CIS-A2K team conducted the workshop. Thirty-seven people participated in the event.

Events Participated In

Re-sourcing Indian Cinema: Humanities Research, New Archives and Collaborative Knowledge Production (organised by the Centre for Contemporary Studies and the Centre for Study of Culture and Society, October 29, 2013). T. Vishnu Vardhan gave a talk on “Let Cinephiles Collaborate: Pleasures and Perils of Indian Film History on Wikipedia”.

Media Coverage

CIS gave its inputs for the following media coverage:

Mangalore: Konkani writers resolve to form all-India forum at JKS conference (Daijiworld, October 1, 2013).
Wikipedia in Indian Languages on Mobile Phones (by Megha Prakash, Sci Dev Net, October 15, 2013).
कोंकणी विश्‍वकोश ‘विकिपीडिया’वर (Navprabha Daily, October 22, 2013). A detailed article about the digitalization of Konkani Vishwakosh.

Internet Governance

CIS is doing a project (under a grant from Privacy International and International Development Research Centre (IDRC)) on conducting research on surveillance and freedom of expression (SAFEGUARDS). So far we have organised seven privacy round-tables and drafted the Privacy (Protection) Bill. This month we bring you clause-by-clause comments on the Human DNA Profiling Bill, 2012, and a map monitoring privacy in India. As part of its project (funded by Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the IDRC) on mapping cyber security actors in South Asia and South East Asia we did an interview with Anja Kovacs on cyber security. With this we have completed a total of 10 video interviews:

Internet Governance Forum

Sunil Abraham, Pranesh Prakash and Chinmayi Arun participated in the Internet Governance Forum held in Bali, Indonesia in the month of October. Overall, CIS spoke in 7 panels:

Charting the Charter: Internet Rights and Principles Online (organised by IRP Coalition, October 22, 2013). Pranesh Prakash was a panelist.
Fair process frameworks for cross-border online spaces (organised by the Internet & Jurisdiction Project, Civil Society of France, Western Europe and Others Group and Internet & Jurisdiction Project, Civil Society of Germany, Western Europe and Others Group, October 22, 2013). Sunil Abraham and Chinmayi Arun were panelists for this workshop.
Removing Barriers to Connectivity: Connecting the Unconnected (organised by Internet Society and ETNO, October 23, 2013). Pranesh Prakash was a panelist.
FOSS: Smart Choice for Developing Countries (organised by TechNation and Open Source Alliance of Central Asia, October 23, 2013). Sunil Abraham spoke on FOSS and IT Growth Policies in South Asia.
Privacy: from regional regulations to global connections? (organised by Internet Society, Bali, October 24, 2013). Sunil Abraham was one of the panelists.
Human rights, freedom of expression and free flow of information on the Internet (a Focus Session on Openness, October 24, 2013). Pranesh Prakash was a speaker at this event.
Taking Stock: Emerging Issues - Internet Surveillance (a session on Internet Surveillance, October 25, 2013). Pranesh Prakash made intervention in this session.
Tweets from Bali IGF 2013: To enable research by those who didn't want to mess around with Twitter's APIs, CIS has made available tweets from the IGF as downloadable .CSV files.

Privacy

Magazine Article

What India can Learn from the Snowden Revelations (by Elonnai Hickok, Yahoo, October 23, 2013). The title of the article was changed in the version published by Yahoo.

Blog Entries

Concerns Regarding DNA Law (by Bhairav Acharya, October 9, 2013): http://bit.ly/1aoxXM9.
Interview with Big Brother Watch on Privacy and Surveillance (by Maria Xynou, October 15, 2013): http://bit.ly/1cRDMbV.
Interview with Bruce Schneier (by Maria Xynou, October 17, 2013): http://bit.ly/GS6oDX.
An Interview with the Tactical Technology Collective (by Maria Xynou, October 18, 2013): http://bit.ly/1i1lVNo.
Interview with Dr. Alexander Dix (by Maria Xynou, October 23, 2013): http://bit.ly/1a7dgtQ.
Open Letter to Members of the European Parliament of the Civil Liberties, Justice and Home Affairs Committee (by Elonnai Hickok, October 23, 2013): http://bit.ly/17eZntz.
An Interview with Jacob Kohnstamm (by Elonnai Hickok, October 25, 2013): http://bit.ly/17NcQmD.
Spy Files 3: WikiLeaks Sheds More Light on the Global Surveillance Industry (by Maria Xynou, October 25, 2013): http://bit.ly/1d6EmjD.

Comments

Re: The Human DNA Profiling Bill, 2012 (by Bhairav Acharya, October 9, 2013). CIS provided clause-by-clause comments on the on the Working Draft version of the Human DNA Profiling Bill: http://bit.ly/17Jpp63.

Announcement

The India Privacy Monitor Map (by Maria Xynou with assistance from Srinivas Atreya, October 9, 2013). CIS has started a first of its kind Privacy Watch in India. The map includes data on the UID, NPR and CCTNS schemes, as well as on the installation of CCTV cameras and the use of drones throughout the country: http://bit.ly/19A5mCZ.

Event Organised

Privacy Round-table, New Delhi (organised by FICCI, DSCI and CIS, FICCI, Federation House, Tansen Marg, New Delhi, October 19, 2013): http://bit.ly/GAsStr.

Event Participated In

'Free Speech and Media in South Asia: Human Rights Concerns in a Globalizing World (organised by the Programme in Comparative Media Law and Policy, Centre for Socio-Legal Studies, University of Oxford, in collaboration with the Centre for Media and Governance, National Law University, Delhi, Oxford University, October 25, 2013). Chinmayi Arun spoke about “Privacy and Surveillance in India” in a panel discussion: http://bit.ly/18bRGi5.

Cyber Security

Laird Brown, a strategic planner and writer with core competencies on brand analysis, public relations and resource management and Purba Sarkar who in the past worked as a strategic advisor in the field of SAP Retail are working in this project:

Part 11: An Interview with Anja Kovacs (October 15, 2013): http://bit.ly/15EAZOE.

Other IG Updates
Event Organised

Mapping Digital Media: Broadcasting, Journalism and Activism in India (co-organised by Alternative Law Forum, Maraa and CIS, Bangalore International Centre, October 27, 2013). Samantha Cassar has blogged about the event: http://bit.ly/17EVtdw. It was covered by the New Indian Express (http://bit.ly/1dGENE6) and Hindu (http://bit.ly/1bcVUIU) on October 28.

Events Participated In

Religious Pluralism and the Tensions between Freedom of Expression and Respect for the 'Other’ (organised by Reset-Dialogues on Civilizations project, in cooperation with Jamia Millia Islamia, India Habitat Centre, New Delhi, October 10, 2013). Chinmayi Arun was a speaker at the session on “Democracy and the Tension between Freedom of Speech and Respect for the Other’s Religion, Culture, Identity, India and Europe”: http://bit.ly/194dtI7.
Fragmentation in a Democracy: The Role of Social Movements and the Media (organised by the Observer Research Foundation, Delhi and Rosa Luxemburg Stiftung, Berlin at Observer Research Foundation, New Delhi, October 16, 2013). Sunil Abraham was a panelist in the session on “Impact of Media, Social Media & Technology on Democracy / Governance”: http://bit.ly/17e3PZ9.
Internet, Mobile & Digital Economy Conference (IMDEC) 2013 (organised by FICCI, in association with the Ministry of Communications & IT, Government of India, New Delhi, October 25, 2013). Sunil Abraham participated as a speaker in the session on "The Internet We Want: A Multistakeholder Approach": http://bit.ly/1b8QHDD.

New and Media Coverage

CIS gave its inputs to the following media coverage:

Decline in web freedom steepest in India: Report (by Javed Anwer, The Times of India, October 3, 2013): http://bit.ly/1cVOJ99.
Google survey: 37% of urban Indian voters are online (by Anuja and Moulishree Srivastava, Livemint, October 8, 2013): http://bit.ly/1gtqqDY.
The quest for genuine clout on the internet (by Karthik Subramanian, October 13, 2013): http://bit.ly/1b8TdKa.
India believes in Complete Freedom of Cyber Space: Kapil Sibal (by Elizabeth Roche, Livemint, October 14, 2013): http://bit.ly/1fZgwd1.
Location Tracking: Why the Govt-Mobile Manufacturer War Won’t End Soon (by Danish Raza, FirstPost, October 15, 2013): http://bit.ly/HkIvF7.
Bouquets & brickbats for Google's new privacy policy (by Indu Nandakumar, Economic Times, October 18, 2013): http://bit.ly/18Rzkqm.
Bali meet to discuss Internet governance issues (by Moulishree Srivastava, October 22, 2013): http://bit.ly/17I4r3M.
Indian politicians yet to tap voters online: CIS’s Abraham (by Venkatesh Upadhyay, Livemint, October 22, 2013): http://bit.ly/17HRV4s.
Beyond the Searchlight (by Debarshi Dasgupta, October 23, 2013): http://bit.ly/17IitlZ.
Nowhere to hide: Govt making your personal details public (by FirstPost editors, FirstPost, October 28, 2013): http://bit.ly/1dGE6KJ.
Your private data may be online, courtesy govt (by Somesh Jha and Surabhi Agarwal, Business Standard, October 29, 2013): http://bit.ly/HpQRMp.
Saving privacy as we knew it (by Somesh Jha and Surabhi Agarwal, Business Standard, October 29, 2013): http://bit.ly/16HNYwu.
E-governance hopes rise as India crosses 1 billion transactions (by J Srikant, Economic Times, October 29, 2013): http://bit.ly/1cnJIKd.

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

Events Participated In

GFM 2013 (organized by the University of Luneberg, Germany, October 3 – 5, 2013). Dr. Nishant Shah participated in a panel discussion with Wendy Chun, Tom Levine and Geert Lovink, around 'The End of Bibliographies: New Media and Research'. Nishant also participated as a panelist in a panel discussion on 'Open Up: Pragmatism and Politics of Open Access': http://bit.ly/1f9LCOH.
Digitalization of Culture (organized by Leuphana University, Luneberg, October 8, 2013). Dr. Nishant Shah did an introduction keynote to 1600 undergraduate students. A video of the lecture can be accessed here: http://bit.ly/1enWQPv.
RENEW: The 5th International Conference on the Histories of Media Art, Science and Technology (hosted by RIXC Centre for New Media Culture in Riga in partnership with the Art Academy of Latvia, Stockholm School of Economics in Riga and Danube University’s Center for Image Science, October 8 - 11, 2013). Dr. Nishant Shah was a part of the selection committee for the conference and chaired a session on Network Art on October 9: http://bit.ly/17e41aJ.

Blog Entry

A Hitchhikers Guide to the Cyberspace (by Anirudh Sridhar, October 4, 2013): http://bit.ly/1ga8yfH.

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at the Internet Institute website: http://bit.ly/1iQT2UB.

Modules

World Intellectual Property Organisation (by Anirudh Sridhar and Snehashish Ghosh, October 31, 2013). WIPO is a specialized agency of the United Nations which deals with issues related to intellectual property rights throughout the world. Find out more at http://bit.ly/17a8WEk.
An Interview on Internet Governance with Professor Milton Mueller and Jeremy Malcolm (by Anirudh Sridhar, October 31, 2013). Professor Milton Mueller from the Syracuse University School of Information and Jeremy Malcolm, an Information Technology and Intellectual Property Lawyer, spoke about current issues and debates surrounding internet governance: http://bit.ly/17ix3Ro.

About CIS
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Twitter: https://twitter.com/CISA2K

Facebook group: https://www.facebook.com/cisa2k

Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge

E-mail: a2k@cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration:
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/october-2013-bulletin