Access To Knowledge (A2K)

Technology, Power, and Revolutions in the Arab Spring

praskrishna — 2013-07-01T08:36:57Z

The Centre for Internet and Society (CIS), Bangalore cordially invites you to a talk by Prof. Ramesh Srinivasan on technology, power and revolutions in the Arab Spring. The talk will be held in CIS office on July 2, 2013 from 6.00 p.m. onwards.

Ramesh Srinivasan

Ramesh Srinivasan, Associate Professor at UCLA in Design and Media/Information Studies, studies and participates in projects focused on how new media technologies impact political revolutions, economic development and poverty reduction, and the future of cultural heritage. He recently wrote an op/ed at the Washington Post explaining the complex nature of social media in revolutions and riots, such as those in Egypt and in London, and also a column for the Post’s Sunday Outlook section on the 5 Myths of Social Media. Additionally, he has written multiple front page articles for the Huffington Post, including a piece on Internet Freedom for the Huffington Post. He has had his work featured on the front page of the UCLA and USC websites.

Recent public outreach has built on his response in the New Yorker (from his blog: http://rameshsrinivasan.org) to Malcolm Gladwell’s writings critiquing the power of social media in impacting revolutionary movements. He has worked with bloggers, pragmatically studying their strengths and limitations, who were involved in recent revolutions in Egypt and Kyrgyzstan, as discussed in a recent NPR interview. He has also collaborated with non-literate tribal populations in India to study how literacy emerges through uses of technology, and traditional Native American communities to study how non-Western understandings of the world can introduce new ways of looking at the future of the internet. His work has impacted contemporary understandings of media studies, anthropology and sociology, design, and economic and political development studies. He has given several major invited talks, including recently at LIFT in 2009 (http://vimeo.com/5520100). He holds an engineering degree from Stanford, a Masters degree from the MIT Media Lab, and a Doctorate from Harvard University. His full academic CV can be found at http://rameshsrinivasan.org/cv

See Prof. Ramesh Srinivasan's blog page

For more details visit https://cis-india.org/internet-governance/events/technology-power-and-revolutions-in-arab-spring

Terms of Website Use

praskrishna — 2013-07-01T07:16:15Z

Parties and Ownership

These Terms of Website Use ("Terms") is made between the Centre for Internet & Society ("CIS") and you.
In these Terms, all references to "you" or "user" shall mean the end-user accessing the Website, its contents and using the services offered through the Website. "Service providers" mean independent third party service providers. All references to "we", "us" and "our" shall mean CIS.
The domain name www.cis-india.org ("Website") is owned by CIS. CIS offers this web site, including all information, tools and services available from this site, to you, the user, conditioned upon your acceptance of all the terms, conditions, policies and notices stated here. Your use of this site indicates that you have read, acknowledged and agreed to these Terms.

Due Diligence

These Terms are published in compliance with Rule 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011 notified by the Central Government in the Gazette of India Extraordinary vide Notification GSR 314(E) on 11 April 2011 ("Intermediaries Rules"). These Terms constitute an electronic record for the purposes of the Information Technology Act, 2000 ("IT Act").
You agree that you will not host, display, upload, modify, publish, transmit, update or share any information that:
- belongs to another person and to which you do not have any right to;
- is grossly harmful, harassing, blasphemous defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, racially or ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
- harms minors in any way;
- infringes any patent, trademark, copyright or other proprietary rights;
- violates any law for the time being in force;
- deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;
- impersonates another person;
- contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource; or,
- threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting to any other nation.
You agree that in the event of any non-compliance with these Terms, we have the right to immediately terminate your access or usage rights to this Website and our services and/or remove any information that is, or is deemed by us to be, non-compliant.

Use of this Website

Unauthorised use of this Website, any information contained therein and unauthorised entry into our systems is strictly prohibited. You may not use contact information provided on this Website for unauthorized purposes, including marketing. You may not use any hardware or software intended to damage or interfere with the proper working of this Website or to surreptitiously intercept any system, data or personal information from this Website. You agree not to interrupt or attempt to interrupt the operation of this Website in any way.
We reserve the right, in our sole discretion, to limit or terminate your access to or use of this Website at any time without notice. Termination of your access or use will not waive or affect any other right or relief to which we may be entitled at law or in equity.
You represent and warrant that you own or otherwise control all the rights to the content you supply; that the content is accurate; that use of the content you supply does not violate any provision herein and will not cause injury to any person or entity; and that you will indemnify us for all claims resulting from content you supply.
You shall comply, and cause compliance, with all applicable provisions of any law, statute, ordinance, order, rule, regulation, bye-law, notification, custom, circular, press note, policy or other usage or mandatory requirement having, in the territory of India, the force of law.

Information on this Website

We are not responsible if information made available on this Website is not accurate, complete or current. The material on this Website is provided for general information only and should not be relied upon or used as the sole basis for making decisions without consulting primary, more accurate, more complete or timelier sources of information. Any reliance on the material on this Website is at your own risk. This Website may contain information that has typographical errors or inaccuracies. This Website may contain certain historical information. Historical information is provided for your reference only. We reserve the right to modify the contents of this Website at any time, but we have no obligation to update any information on this Website. You agree that it is your responsibility to monitor changes to this Website. Your use of this Website constitutes agreement to all such changes. We may discontinue or change any product or service described or offered on this Website at any time.

Trademarks, Copyright and Other Proprietary Rights

You or third parties acting on your behalf are not allowed to frame this site or use our proprietary marks as meta tags, without our written consent. These marks include, but are not limited to:

You may not use frames or utilize framing techniques or technology to enclose any content included on the site without our express written consent. Further, you may not utilize any site content in any meta tags or any other "hidden text" techniques or technologies without our express written consent.
Trademarks, logos and service marks displayed on this site are registered and unregistered trademarks of ours and our partners, sponsors, content providers, or other third parties. All of these trademarks, logos and service marks are the property of their respective owners. Nothing on this site shall be construed as granting, by implication, estoppel, or otherwise, any license or right to use any trademark, logo or service mark displayed on the site without the owner's prior written permission, except as otherwise described herein. We reserve all rights not expressly granted in and to the site and its content.

Disclaimer of Warranties

Your use of this Website is at your sole risk. This Website is provided on an "as is" basis. We reserve the right to restrict or terminate your access to this Website or any feature or part thereof at any time. We expressly disclaim all warranties of any kind, whether express or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose and any warranties that materials on this Website are non-infringing, as well as warranties implied from a course of performance or course of dealing; that access to this Website will be uninterrupted or error-free; that this Website will be secure; that the site or the server that makes this Website available will be virus-free; or that information on this Website will be complete, accurate or timely. If you download any materials from this Website, you do so at your own discretion and risk. You will be solely responsible for any damage to your computer system or loss of data that results from the download of any such materials. No advice or information, whether oral or written, obtained by you from us shall create any warranty of any kind. We do not make any warranties or representations regarding the use of the materials on this Website in terms of their completeness, correctness, accuracy, adequacy, usefulness, timeliness, reliability or otherwise.

Limitation of Liability

You acknowledge and agree that you assume full responsibility for your use of this Website. You acknowledge and agree that any information you send or receive during your use of this Website may not be secure and may be intercepted by unauthorized parties. You acknowledge and agree that your use of this Website is at your own risk. Recognizing such, you acknowledge and agree that, to the fullest extent permitted by applicable law, neither we, our partners, sponsors or content providers will be liable for any direct, indirect, punitive, exemplary, incidental, special, consequential or other damages arising out of or in any way related to this Website, or any other site you access through a link from this Website or from any actions we take or fail to take as a result of communications you send to us, or the delay or inability to use this Website, or for any information, products or services advertised in or obtained through this Website, removal or deletion of any materials submitted or posted on this Website, or otherwise arising out of the use of this Website, whether based on contract, tort, strict liability or otherwise, even if we, our affiliates or any of our suppliers have been advised of the possibility of damages.
This disclaimer applies, without limitation, to any damages or injury arising from any failure of performance, error, omission, interruption, deletion, defects, delay in operation or transmission, computer viruses, file corruption, communication-line failure, network or system outage, your loss of profits, or theft, destruction, unauthorized access to, alteration of, loss or use of any record or data, and any other tangible or intangible loss. You specifically acknowledge and agree that neither we nor our suppliers shall be liable for any defamatory, offensive or illegal conduct of any user of this Website. Your sole and exclusive remedy for any of the above claims or any dispute with us is to discontinue your use of this Website. Subject to the terms of the Limitation Act, 1963, you agree that any cause of action arising out of or related to the site must commence within one (1) year after the cause of action accrues otherwise the cause of action is permanently barred.

Indemnification

You agree to indemnify us, defend us and hold us harmless, including our affiliates and our officers, members, directors, employees, consultants, contractors, agents, licensors, service providers, subcontractors and suppliers from and against any and all losses, liabilities, expenses, damages and costs, including reasonable attorneys' fees and court costs, arising or resulting from your use of this Website and any violation of these Terms. If you cause a technical disruption to this Website or the systems transmitting this Website to you or others, you agree to be responsible for any and all losses, liabilities, expenses, damages and costs, including reasonable attorneys' fees and court costs, arising or resulting from that disruption. We reserve the right to assume exclusive defence and control of any matter otherwise subject to indemnification by you and, in such an event, you agree to cooperate with us in the defence of such matter.

Governing Law, Jurisdiction and Definitive Agreement

This Website is controlled, operated and administered within India. We do not make any representation that materials on this Website are appropriate or available for use at other locations outside India and access to them from territories where their contents are illegal is prohibited. You may not use this Website in violation of Indian laws. If you access this Website from locations outside India, you are responsible for compliance with all local laws. These Terms shall be governed by the laws of India, without giving effect to its conflict of laws provisions. You agree that the courts at Bangalore shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with your use of this Website and these Terms.
These Terms constitute the entire and definitive agreement between you and us with respect to your use of this Website. If for any reason a court of competent jurisdiction finds any provision of these Terms, or portion thereof, to be unenforceable, that provision shall be enforced to the maximum extent permissible so as to give effect to the intent of these Terms, and the remainder of these Terms shall continue in full force and effect.

For more details visit https://cis-india.org/about/policies/website-use

Privacy Policy

praskrishna — 2013-07-01T06:25:37Z

Preliminary

This Privacy Policy ("Policy") states the internal policy of the Centre for Internet & Society ("CIS") with regard to the collection, storage, security, processing and disclosure of personal data.
This Policy constitutes compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 that were notified by the Central Government in the Gazette of India vide Notification GSR 313(E) on 11 April 2011.

Collection of Personal Data

CIS will not collect any personal data that is not necessary for the achievement of a purpose that is connected to a stated CIS function.
CIS will not collect any personal data without obtaining the prior consent of the person to whom it pertains. CIS may obtain such consent in any manner, and through any medium, but will not employ threats, duress or coercion to obtain such consent.
Personal data collected in respect of a grant of consent by the person to whom it pertains will, if that consent is subsequently withdrawn for any reason, be destroyed or anonymised.

Storage of Personal Data

CIS will not store any personal data for a period longer than is necessary to achieve the purpose for which it was collected, or, if that purpose is achieved or ceases to exist for any reason, for any period following such achievement or cessation.
Any personal data collected in relation to the achievement of a purpose will, if that purpose is achieved or ceases to exist for any reason, be destroyed or anonymised.
CIS may store personal data for a period longer than is necessary to achieve the purpose for which it was collected, or, if that purpose has been achieved or ceases to exist for any reason, for any period following such achievement or cessation, if –
- the person to whom it pertains grants consent to such storage;
- it is required to be stored under the provisions of applicable law; or
- it is the subject of a pending legal proceeding.

Processing of Personal Data

CIS will not process any personal data that is not necessary for the achievement of the purpose for which it was collected unless the person to whom it pertains grants consent to such processing.

Security of Personal Data

CIS will not collect, store or process any personal data in the absence of measures, including, but not restricted to, technological, physical and administrative measures, adequate to secure the confidentiality, secrecy, sanctity and safety of the personal data, including from theft, loss, damage or destruction.
Any person who collects, stores or processes any personal data on behalf of CIS will be subject to a duty of confidentiality and secrecy in respect of it.
CIS will, if the confidentiality, secrecy, sanctity or safety of any personal data collected, stored or processed by CIS is violated by theft, loss, damage or destruction, or as a result of any disclosure contrary to the provisions of this Policy, notify, to the extent possible, the person to whom the personal data pertains.

Disclosure of Personal Data

CIS will not disclose to any person to whom any personal data does not pertain, or otherwise cause any such a person to receive, the content or nature of that personal data, including any other details in respect thereof, unless the person to whom it pertains grants consent to such disclosure. CIS may obtain such consent in any manner, and through any medium, but will not employ threats, duress or coercion to obtain such consent.
CIS may disclose personal data with a person to whom it does not pertain, whether located in India or otherwise, for the purpose only of processing it to achieve the purpose for which it was collected, if such a disclosure is pursuant to an agreement that binds the person receiving it to same or stronger measures in respect of its storage, processing and disclosure as are contained in this Policy.
If the disclosure of any personal data is necessary to –
- prevent a reasonable threat to national security, defence or public order; or
- prevent, investigate or prosecute a cognisable offence;
CIS may, upon receiving an order in writing from a judicial authority or law enforcement officer, disclose the personal data that is the subject of the order without seeking the consent of the person to whom it pertains.
CIS may, to the extent possible, notify the person to whom any personal data pertains of its disclosure and the identity of the person it was disclosed to, and any other details in respect thereof.

Accuracy of Personal Data

CIS will reasonably afford any person whose personal data is collected, stored or processed by CIS the opportunity to review it and, where necessary, rectify anything that is inaccurate or not up to date.

For more details visit https://cis-india.org/about/policies/privacy-policy

Non-Discrimination and Equal Opportunities Policy

praskrishna — 2020-07-29T06:59:09Z

Preliminary

This Non-Discrimination and Equal Opportunities Policy ("Policy") states the internal policy of the Centre for Internet & Society ("CIS") with regard to non-discrimination at the workplace and equal opportunities during recruitment.
This Policy is internal to CIS and is meant to provide a safe, diverse and comfortable workplace at CIS. This Policy is not legally mandated and, therefore, is not judicially enforceable in India. This Policy is without prejudice to any anti-discrimination provisions of applicable law including, but not restricted to, the provisions of:
- Article 17 of the Constitution of India;
- the Protection of Civil Rights Act, 1955,
- the Scheduled Castes and Scheduled Tribes (Prevention of Atrocities) Act, 1989;
- the Sexual Harassment of Women at the Workplace (Prevention, Prohibition and Redressal) Act, 2013;
- Sections 354 and 509 of the Indian Penal Code, 1860; and,
- the Persons with Disabilities (Equal Opportunities, Protection of Rights and Full Participation) Act, 1995.

Non-discrimination

CIS will not adversely discriminate, and prohibits other adverse discrimination at the workplace, on the basis of religion, race, caste, sex, place of birth, descent, sexual orientation, gender identity, disability, age or any of them ("Discrimination Characteristics"). CIS will not condone any adverse discrimination against any person on its premises, whether that person is in its employment or otherwise.
Any person who believes himself or herself to have been subjected to adverse discrimination on the basis of the Discrimination Characteristics is encouraged to bring the matter to the attention of the Diversity Committee of CIS at the earliest practical opportunity. No person will be punished, retaliated against, or limited in employment or other opportunity for exercising anything set out in this Policy, or for filing a complaint, furnishing information for, or participating in an investigation, or any other activity related to the administration of this Policy.
Any adverse discrimination or other action or behaviour that constitutes a violation of law will be reported to the police.

Equal Opportunities

CIS provides equal opportunities to its employment, consultancy or otherwise without regard for the Discrimination Characteristics. All actions of CIS with regard to its employees, consultants, advisors, interns and staff, including but not limited to those relating to compensation, benefits, transfers, leave, layoffs, training, education, and assistance, will be made without regard for the Discrimination Characteristics.
Notwithstanding anything contained in the previous paragraph, if CIS reasonably believes that its employment, workplace or premises do not adequately represent the balance of diversity of persons who share one or more of the Discrimination Characteristics, it may, with the aim only of redressing that imbalance, take positive discriminatory action in respect of persons who share that aspect, or those aspects, of the Discrimination Characteristics that are sought to be adequately represented.
Any person who believes himself or herself to have been subjected to adverse discrimination, or impermissible positive discrimination, on the basis of the Discrimination Characteristics is encouraged to bring the matter to the attention of the Diversity Committee of CIS at the earliest practical opportunity.

Diversity Committee

The Interim Diversity Committee of CIS is comprised of:

Pallavi Bedi
Torsha Sarkar
Gurshabad Grover

For more details visit https://cis-india.org/about/policies/non-discrimination-equal-opportunities-policy

Ethical Research Guidelines

praskrishna — 2018-10-13T12:21:48Z

The Centre for Internet and Society will endeavour to protect the physical, social and psychological well-being of those who participate in their research. The guidelines below state the necessary steps to follow while doing research.

The ethical research guideline requires CIS staff and consultants to consider and take the following steps while engaging in research.

Providing notice to the individual of the: Aims, methods, his/her right to abstain from participation in the research and his/her right to terminate at any time his/her participation; the confidential nature of his/her replies and any limits on such confidentiality.
Providing informants and other participants the right to remain anonymous.
Taking informed consent from the individual that he/she agrees to participate. If children are involved in the research, informed consent will be taken from the parents. Informed consent will entail communicating :
- Purpose(s) of the study, and the anticipated consequences of the research;
- Identity of funders and sponsors
- Anticipated uses of the data
- The degree of anonymity and confidentiality which may be afforded to informants and subjects.
Ensuring that when audio/visual-recorders and photographic records are being used, participants that are being recorded will be made aware of the use of the devices, and have the option to request that they not be used.
Ensuring that the identity and identifying information of the participant (if not already in the public domain) is destroyed at the end of project, unless the individual has consented to otherwise.
At public events organized by CIS, it will be announced and publicly posted that the event is being recorded. Individuals will be given the choice object to being recorded or their name and organization shared in conference reports, blogs, articles etc. If the individual does not object, it will be considered that they have given their consent.
The Centre for Internet and Society strictly follows a policy of No Plagiarism.

For more details visit https://cis-india.org/about/policies/ethical-research-guidelines

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback)

elonnai — 2013-07-12T10:50:22Z

In 2013 CIS drafted the Privacy Protection Bill as a citizens' version of a privacy legislation for India. Since April 2013, CIS has been holding Privacy Roundtables in collaboration with FICCI and DSCI, with the objective of gaining public feedback to the Privacy Protection Bill and other possible frameworks for privacy in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

As a part of this process, CIS has been amending the Privacy Protection Bill based on public feedback. Below is the text of the Bill as amended according to feedback gained from the New Delhi, Bangalore, and Chennai Roundtables.

Click to download the Privacy Protection Bill, 2013 with latest amendments (PDF, 196 Kb).

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-with-amendments-based-on-public-feedback

June 2013 Bulletin

praskrishna — 2013-07-27T09:48:16Z

Our newsletter for the month of June 2013 can be accessed below.

The Centre for Internet & Society (CIS) welcomes you to the sixth issue of its newsletter for 2013. Hivos published a White Paper by Nishant Shah titled Whose Change is it Anyway?, which attempts to reflect critically on existing patterns of making change and its implications for the future of citizen action in information and network societies. The Access to Knowledge team carried out a quantitative analysis to identify trends and growth patterns in Indian Language Wikipedias from September 2012 to April 2013. CIS drafted the Privacy Protection Bill and amended it as per feedback gained from the New Delhi, Bangalore, and Chennai Privacy Roundtable Events. CIS made closing statement on the Treaty for the Blind at the WIPO Diplomatic Conference which was concluded with the adoption of the Marrakesh Treaty to Facilitate Access to Published Works for Persons who are Blind, Visually Impaired, or otherwise Print Disabled. In a research paper Nehaa Chaudhari gives an analysis of patent pools, Sameer Boray gives an analysis of video piracy and Pranav Menon gives an analysis of India-EU FTA and issues surrounding data protection and security. In this period we organised the Institute on Internet and Society with support from the Ford Foundation at Golden Palms, Bangalore from June 8 to 14, 2013.

Celebrating 5 Years of CIS
CIS is now 5 years old and we just celebrated this by holding an open exhibition in our offices in Bangalore and Delhi from May 20 to 23, showcasing our work and accomplishments over the period. We had about 170 visitors from the general public coming in to our office. Videos of the event are here.

Google Policy Fellowship
CIS has initiated processing of applications for the Google Policy Fellowship programme. Shortlisted candidates would be informed about their interview. However, as of now there will be a 20 days delay in announcing the list for the interview.

Jobs
CIS is inviting applications for the posts of Developer (NVDA Screen Reader Project) and Editor/Content Developer. To apply for these posts, send in your resume to Nirmita Narasimhan (nirmita@cis-india.org). CIS is also seeking applications for the post of Programme Officer (Internet Governance). To apply send your resume to Sunil Abraham (sunil@cis-india.org) and Pranesh Prakash (pranesh@cis-india.org).

Accessibility

CIS is doing two projects in partnership with the Hans Foundation. One is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and another for developing a screen reader and text-to- speech synthesizer for Indian languages:

National Resource Kit for Persons with Disabilities
CIS and the Centre for Law and Policy Research (CLPR) are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapter on Jharkhand:

The Jharkhand Chapter (by CLPR, June 30, 2013).

Note: All the chapters published on the website are early drafts and will be reviewed and updated.

Award

Girls in ICT Day 2013 (organized by ITU-APT Foundation of India with support from CMAI - Association of India Communication and Infrastructure, FICCI Auditorium, Tansen Marg, New Delhi, May 7, 2013). Dr. Nirmita Narasimhan got a felicitation for her contribution and achievements in the field of Information and Communication Technology. The honour was conferred during the celebration of this event.

Media Coverage

A Treat for the Blind (by Chitra Narayanan, Business World, June 26, 2013). Pranesh Prakash was quoted.

Access to Knowledge and Openness

The Wikimedia Foundation has given a grant to CIS to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. CIS also promotes openness including open government data, open standards, open access, and free/libre/open source software through its Openness programme.

Access to Knowledge (Previously IP Reforms)

WIPO
Pranesh Prakash participated in the WIPO Diplomatic Conference to Conclude a Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities in Marrakesh, Morocco, June 17 to 28, 2013. The conference concluded with the adoption of the Marrakesh Treaty to facilitate access to published works by blind persons, persons with visual impairment, and other print disabled persons, by requiring mandatory exceptions in copyright law to enable conversions of books into accessible formats, and by enabling cross-border transfer of accessible format books. Click for:

CIS's Closing Statement at Marrakesh on the Treaty for the Blind (by Pranesh Prakash, June 28, 2013).
India's Closing Statement at Marrakesh on the Treaty for the Blind (June 29, 2013).

Pervasive Technologies

Pervasive Technologies: Patent Pools (by Nehaa Chaudhari, June 27, 2013).

Other (FTA, Piracy)

The Right Way to Fight Video Piracy? (by Sameer Boray, June 6, 2013).
India-EU Proposed Free Trade Agreement: Issues Surrounding Data Protection and Security (by Pranav Menon, June 8, 2013).
India- EU FTA: A Note on the Copyright Issues (by Nehaa Chaudhari, June 18, 2013).

Event Participated

Governance in the Age of the Internet and Free Trade Agreements (organized by Thai Netizen Network and co-hosted by the Ministry of Information and Communication and the National Science and Technology Development Agency, Queen Sirikit National Convention Center, June 8, 2013). Sunil Abraham was a speaker.

Access to Knowledge (Wikipedia)

The A2K team consists of three members based in Bangalore: T. Vishnu Vardhan, Dr. U.B. Pavanaja and Subhashish Panigrahi and one team member Nitika Tandon who is working from Delhi office.

Statistical Report

Indian Language Wikipedia Statistics (by Nitika Tandon, June 30, September 2012 – April 2013).

Event Organised

A 'Kannada' Wikipedia Workshop for Bloggers (Suchitra, Bengaluru, June 23, 2013). Dr. U.B. Pavanaja conducted the workshop.

Event Co-organised

Telugu Wikipedia Training Workshop (co-organised by A2K team and Theatre Outreach Unit, University of Hyderabad, Golden Threshold, Nampally, Hyderabad, March 8, 2013). T. Vishnu Vardhan conducted the workshop.

Upcoming Event

Digital Humanities for Indian Higher Education (co-organised by HEIRA-CSCS, Tumkur University, CILHE-TISS and CCS, Indian Institute of Science, July 13, 2013).

Blog Entries

My First Wikipedia Training Workshop – Theatre Outreach Unit, University of Hyderabad (by T. Vishnu Vardhan, June 26, 2013). The workshop was conducted in March but the report was published only in June.
Wikipedia Visual Editor (by Nitika Tandon, June 27, 2013).

Press Coverage (including videos)

A Feature on Wikipedia and Telegu Wikipedians (HMTV, May 30-31, 2013). Watch the video.
Wikipedia Live Phone-in Programme (HMTV, June 1, 2013). T. Vishnu Vardhan took part in a one hour live phone-in programme on Wikipedia.
Wiki donors (by Akhila Seetharaman, TimeOut Bengaluru, June 21, 2013). T. Vishnu Vardhan and Dr. U.B. Pavanaja are quoted.
Kannada Wikipedia Workshop at Hasan (Prajavani, June 5, 2013). Dr. U.B. Pavanaja conducted the workshop on June 4, 2013.
Kannada Wikipedia Workshop at Hasan (Samyukta Karnataka, June 5, 2013). Dr. U.B.Pavanaja conducted the workshop on June 4, 2013.
Kannada Wikipedia Workshop at Hasan (Vijaya Karnataka, June 5, 2013). Dr. U.B.Pavanaja conducted the workshop on June 4, 2013.
Wiki Rahasya: Panel Discussion (Suvarna News, June 13, 2013). Dr. U.B.Pavanaja participated in a panel discussion around Wikipedia in general and about Kannada Wikipedia in specific.

Openness

Column

Big Data, People's Lives, and the Importance of Openness (by Nishant Shah, DML Central, June 24, 2013).

Event Hosted

RHoK Global Event (Centre for Internet and Society, Bangalore, June 1 – 2, 2013). Yogesh Londhe shares with you a post-event report.

Internet Governance

CIS began two projects earlier this year. The first one on facilitating research and events on surveillance and freedom of expression is with Privacy International and support from the International Development Research Centre, Canada. The second one on mapping cyber security actors in South Asia and South East Asia is with the Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the International Development Research Centre, Canada:

Cyber Stewards Project
Laird Brown, a strategic planner and writer with core competencies on brand analysis, public relations and resource management and Purba Sarkar who in the past worked as a strategic advisor in the field of SAP Retail are working in this project.

Video Interview

An Interview with Ram Mohan (June 30, 2013)

Event Organized

The Geopolitics of Information Controls: A Presentation by Masashi Crete-Nishihata (TERI, Bangalore, June 19, 2013). About 20 people participated in the event.

Privacy Research

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback) (by Elonnai Hickok, June 30, 2013): CIS drafted the Bill. Based on feedback received from the New Delhi, Bangalore, and Chennai Roundtables the Bill was amended.

Interviews

Interview with the Citizen Lab on Internet Filtering in India (June 24, 2013). Maria Xynou interviewed Masashi Crete-Nishihata and Jakub Dalek from the Citizen Lab on internet filtering in India.
Interview with Billy Hawkes (June 20, 2014). Maria Xynou interviewed Billy Hawkes, the Irish Data Protection Commissioner on recommendations for data protection in India.

Columns

Indian Surveillance Laws & Practices Far Worse than US (by Pranesh Prakash, Economic Times, June 13, 2013).
World Wide Rule (by Nishant Shah, Indian Express, June 14, 2013). Nishant Shah reviews Schmidt and Cohen's book “The New Digital Age”.
Way to Watch (by Chinmayi Arun, Indian Express, June 26, 2013).
The State is Snooping: Can You Escape? (by Snehashish Ghosh, India Together, June 26, 2013).

Blog Entries

India Subject to NSA Dragnet Surveillance! No Longer a Hypothesis — It is Now Officially Confirmed (by Maria Xynou, June 13, 2013).
SEBI and Communication Surveillance: New Rules, New Responsibilities? (by Kovey Coles, June 27, 2013).
Open Letter to "Not" Recognize India as Data Secure Nation till Enactment of Privacy Legislation (by Elonnai Hickok, June 19, 2013).
Open Letter to Prevent the Installation of RFID tags in Vehicles (by Maria Xynou, June 27, 2013).

Events Organised

Technology, Power, and Revolutions in the Arab Spring (CIS, July 2, 2013). Prof. Ramesh Srinivasan gave a talk.
Learn to Secure Your Online Communication! (CIS, Bangalore, June 30, 2013). A Crypto Party was organised.
Learn to Secure Your Online Communication! (IIC, Delhi University, South Campus, New Delhi, July 6, 2013). A Crypto Party was organised.

Event Co-organised

4^th Privacy Round Table Meeting (co-organised with the Federation of Indian Chambers of Commerce and Industry and the Data Security Council of India, Mumbai, June 15, 2013).

Upcoming / Ongoing Events

Digital Activism in Europe (The Sarai Programme, Centre for the Study of Developing Societies, New Delhi, July 8, 2013). Bernadette Längle will give a talk.
Privacy Round Table, Kolkata (co-organised with the Federation for Indian Chambers of Commerce and Industry, and the Data Security Council of India, Lytton Hotel, Sudder Street, Kolkata, July 13, 2013).

Event Participated In

Biometrics or bust? India's Identity Crisis (organized by the Oxford Internet Institute, July 2, 2013). Malavika Jayaram was a speaker.

Video

Pranesh Prakash on the US snooping into Indian cyber space (by Tehelka, June 2013).

Media Coverage

Indian student in Cornell University hacks into ICSE, ISC database (by Kim Arora, Times of India, June 6, 2013). Pranesh Prakash is quoted.
‘Hacking’ sparks row over exam evaluation (by Vasudha Venugopal and Karthik Subramanian, Hindu, June 7, 2013). Pranesh Prakash is quoted.
Internet firms deny existence of PRISM (by Javed Anwer and Ishan Srivastava, Times of India, June 8, 2013). Sunil Abraham and Pranesh Prakash are quoted.
Indian Government Quietly Brings In Its 'Central Monitoring System': Total Surveillance Of All Telecommunications (Tech Dirt, June 8, 2013). Pranesh Prakash is quoted.
Facebook, Google deny spying access (by Javed Anwer, Times of India, June 9, 2013). Pranesh Prakash is quoted.
Govt mulls advisory on privacy issues related to Google, Facebook (by Thomas K Thomas, Hindu Business Line, June 10, 2013). Sunil Abraham is quoted.
Cyber experts suggest using open source software to protect privacy (by Kim Arora, Times of India, June 22, 2013). Sunil Abraham is quoted.
Govt goes after porn, makes ISPs ban sites (by Javed Anwer, Times of India, June 26, 2013). Sunil Abraham is quoted.
Indian govt blocks 40 smut sites, forgets to give reason (by Phil Muncaster, The Register, June 27, 2013). Sunil Abraham is quoted.
Concerns over central snoop (by Aloke Tikku, Hindustan Times, June 28, 2013). Sunil Abraham is quoted.
Internet users enraged over US online spying (by Maitreyee Boruah, Times of India, June 29, 2013). Sunil Abraham is quoted.
Issue of duplication of identities of users under control: Nilekani (by Anirban Sen, Livemint, June 29, 2013). Sunil Abraham is quoted.
In India, Prism-like Surveillance Slips Under the Radar (by Anjan Trivedi, Time World, June 30, 2013). Sunil Abraham is quoted.

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project on Internet Access. It covers the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access. It will also touch upon various policies and regulations which has an impact on internet access and bodies and mechanism which are responsible for formulation of policies related to internet access. The blog posts and modules are being published in the Internet Institute website:

Event Organised

Institute on Internet and Society (supported by Ford Foundation, Golden Palms Resort, Bangalore, June 8 – 14, 2013). Pranesh Prakash, Bernadette Längle, Vir Kamal Chopra, AK Bhargava, Ananth Guruswamy, Archana Gulati, Chakshu Roy, Elonnai Hickok, Gaurab Raj Upadhaya, Helani Galpaya, Michael Ginguld, Dr. Nadeem Akhtar, C. Nandini, Dr. Nirmita Narasimhan, Dr. Nishant Shah, Parminder Jeet Singh, Ravikiran Annaswamy, Dr. Ravina Aggarwal, Satyen Gupta, Dr. Subbiah Arunachalam, Sunil Abraham, Tulika Pandey and T. Vishnu Vardhan were speakers at the event. The presentations can be accessed here.

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Law & Order through Traffic Systems (by Shyam Ponappa, Business Standard, June 5, 2013 and cross-posted in Organizing India Blogspot).

Digital Natives

Digital Natives with a Cause? examines the changing landscape of social change and political participation in light of the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who critically engage with discourse on youth, technology and social change, and look at alternative practices and ideas in the Global South:

White Paper

Whose Change is it Anyway? (by Nishant Shah, Hivos, June 18, 2013).

Digital Humanities

We are building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia.

Blog Entries

Mapping the Field of Digital Humanities (by Sara Morais, June 11, 2013).
A Suggested Set of Values for the Digital Humanities (by Sara Morais, June 12, 2013).
Archive Practice and Digital Humanities (by Sara Morais, June 24, 2013).

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/june-2013-bulletin

In India, Prism-like Surveillance Slips Under the Radar

praskrishna — 2013-07-03T09:31:18Z

Prism, the contentious U.S. data-collection surveillance program, has captured the world’s attention ever since whistle-blower Edward Snowden leaked details of global spying to the Guardian and Washington Post.

The article by Anjan Trivedi was published in Time World on June 30, 2013. Sunil Abraham is quoted.

However, it turns out India, the world’s largest democracy, is building its own version to monitor internal communications in the name of national security. Yet India’s Central Monitoring System, or CMS, was not shrouded in secrecy — New Delhi announced its intentions to watch over its citizens, however mutedly, in 2011, and rollout is slated for August. And while reports that the American system collected 6.3 billion intelligence reports in India led to a lawsuit at the nation’s Supreme Court, comparable indignation has been conspicuously lacking with the domestic equivalent.

CMS is an ambitious surveillance system that monitors text messages, social-media engagement and phone calls on landlines and cell phones, among other communications. That means 900 million landline and cell-phone users and 125 million Internet users. The project, which is being implemented by the government’s Centre for Development of Telematics (C-DOT), is meant to help national law-enforcement agencies save time and avoid manual intervention, according to the Department of Telecommunications’ annual report. This has been in the works since 2008, when C-DOT started working on a proof-of-concept, according to an older report. The government set aside approximately $150 million for the system as part of its 12th five-year plan, although the Cabinet ultimately approved a higher amount.

Within the internal-security ministry though, the surveillance system remains a relatively “hush-hush” topic, a project official unauthorized to speak to the press tells TIME. In April 2011, the Police Modernisation Division of the Home Affairs Ministry put out a 90-page tender to solicit bidders for communication-interception systems in every state and union territory of India. The system requirements included “live listening, recording, storage, playback, analysis, postprocessing” and voice recognition.

Civil-liberties groups concede that states often need to undertake targeted-monitoring operations. However, the move toward extensive “surveillance capabilities enabled by digital communications,” suggests that governments are now “casting the net wide, enabling intrusions into private lives,” according to Meenakshi Ganguly, South Asia director for Human Rights Watch. This extensive communications surveillance through the likes of Prism and CMS are “out of the realm of judicial authorization and allow unregulated, secret surveillance, eliminating any transparency or accountability on the part of the state,” a recent U.N. report stated.

India is no stranger to censorship and monitoring — tweets, blogs, books or songs are frequently blocked and banned. India ranked second only to the U.S. on Google’s list of user-data requests with 4,750 queries, up 52% from two years back, and removal requests from the government increased by 90% over the previous reporting period. While these were largely made through police or court orders, the new system will not require such a legal process. In recent times, India’s democratically elected government has barred access to certain websites and Twitter handles, restricted the number of outgoing text messages to five per person per day and arrested citizens for liking Facebook posts and tweeting. Historically too, censorship has been India’s preferred means of policing social unrest. “Freedom of expression, while broadly available in theory,” Ganguly tells TIME, “is endangered by abuse of various India laws.”

There is a growing discrepancy and power imbalance between citizens and the state, says Anja Kovacs of the Internet Democracy Project. And, in an environment like India where “no checks and balances [are] in place,” that is troubling. The potential for misuse and misunderstanding, Kovacs believes, is increasing enormously. Currently, India’s laws relevant to interception “disempower citizens by relying heavily on the executive to safeguard individuals’ constitutional rights,” a recent editorial noted. The power imbalance is often noticeable at public protests, as in the case of the New Delhi gang-rape incident in December, when the government shut down public transport near protest grounds and unlawfully detained demonstrators.

With an already sizeable and growing population of Internet users, the government’s worries too are on the rise. Netizens in India are set to triple to 330 million by 2016, according to a recent report. “As [governments] around the world grapple with the power of social media that can enable spontaneous street protests, there appears to be increasing surveillance,” Ganguly explains.

India’s junior minister for telecommunications attempted to explain the benefits of this system during a recent Google+ Hangout session. He acknowledged that CMS is something that “most people may not be aware of” because it’s “slightly technical.” A participant noted that the idea of such an intrusive system was worrying and he did not feel safe. The minister, though, insisted that it would “safeguard your privacy” and national security. Given the high-tech nature of CMS, he noted that telecom companies would no longer be part of the government’s surveillance process. India currently does not have formal privacy legislation to prohibit arbitrary monitoring. The new system comes under the jurisdiction of the Indian Telegraph Act of 1885, which allows for monitoring communication in the “interest of public safety.”

The surveillance system is not only an “abuse of privacy rights and security-agency overreach,” critics say, but also counterproductive in terms of security. In the process of collecting data to monitor criminal activity, the data itself may become a target for terrorists and criminals — a “honeypot,” according to Sunil Abraham, executive director of India’s Centre for Internet and Society. Additionally, the wide-ranging tapping undermines financial markets, Abraham says, by compromising confidentiality, trade secrets and intellectual property. What’s more, vulnerabilities will have to be built into the existing cyberinfrastructure to make way for such a system. Whether the nation’s patchy infrastructure will be able to handle a complex web of surveillance and networks, no one can say. That, Abraham contends, is what attackers will target.

National security has widely been cited as the reason for this system, but no one can say whether it will actually help avert terrorist activity. India’s own 9/11 is a case in point: the Indian government was handed intelligence by foreign agencies about the possibility of the 2008 Mumbai terrorist attacks, but did not act. This is a “clear indication that having access to massive amounts of data is not necessarily going to make people safer,” Kovacs tells TIME. However, officers familiar with the new system say it will not increase surveillance or enhance intrusion beyond current levels; it will only strengthen the policy framework of privacy and increase operational efficiency. Spokespersons and officials in the internal-security and telecom departments did not respond to requests or declined to comment.

The government has been cagey about details on implementation and extent. This ability to act however the authorities deems fit “just makes it really easy to slide into authoritarianism, and that is not acceptable for any democratic country,” Kovacs says. Indeed, India has seen that before — almost four decades ago, Indira Gandhi declared a state of emergency for 19 months, which suspended all civil liberties. Indians complaining about Prism may want to look a little closer to home.

For more details visit https://cis-india.org/news/time-world-anjan-trivedi-june-30-2013-in-india-prison-like-surveillance-slips-under-the-radar

Internet users enraged over US online spying

praskrishna — 2013-07-01T04:10:05Z

India is the fifth most tracked nation by American intelligence agencies.

The article by Maitreyee Boruah was published in the Times of India on June 29, 2013. Sunil Abraham is quoted.

Have you been posting pictures and messages with gay abandon on your social networking sites or having personal discussions on instant chat or video messaging and thinking that no one other than the intended recipient(s) has access to it? Well, going by the recent revelation that government agencies, and that too from the US, have been spying on our internet usage and collating private information, even the most hardcore security settings for your online data are apparently of no use.

According to former US Central Intelligence Agency (CIA) employee Edward Snowden's testimony, the US National Security Agency ( NSA) has been using major tech giants to spy on private information of users around the world. And India is the fifth most tracked nation by the US intelligence system. But isn't this a direct infringement on our right to privacy? Or are such measures the need of the hour, given the increasing incidences of terror acts across the world?

What should the Indian government do?

Recently, a PIL (Public Interest Litigation) was filed in the Indian Supreme Court on the issue of the web snooping by the US. The PIL sought the Centre to initiate action against internet companies for sharing information with foreign authorities, which amounts to breach of contract and violation of the right to privacy.

"First, we need to urgently enact a horizontal privacy law, which articulates privacy principles and institutes the office of the privacy commissioner. Second, we need to promote the use of encryption and other privacy-enhancing technologies. The use of foreign internet infrastructure by those in public offices should be banned, except in the case of public dissemination. And last, but not the least, take action against online firms that have access to personal data of users and violate the privacy of Indian citizens through the office of the regulator," suggests Sunil Abraham, executive director of Bangalore-based research organization, Centre for Internet and Society.

Anja Kovacs, project director at the Internet Democracy Project in India, meanwhile, wants the Indian government to assert itself. "The best the Indian government can do is to demand that this kind of snooping does not happen. However, it can't ensure that such episodes won't happen in the future, as there is no enforceable global legal framework to deal with online snooping."

Era of the Big Brother?

Given the lack of legal support, does it mean that internet users have no right to privacy? "We do have a right to privacy. Unfortunately, our right is not respected. By and large, unless they use special tools to protect themselves, internet users do not have any real privacy in many countries, including India," says Anja, adding, "The right to privacy is not explicitly included in the Constitution, and the Privacy Bill continues to be pending. Also, Indian intelligence agencies are not under supervision of the Parliament, which is an important weakness in the accountability system." Echoing Anja, Sunil says, "In India, unfortunately, our right to privacy is not sufficiently protected. Indian laws are not strong enough to safeguard privacy of Internet users."

Anger in the online community

A large number of internet users who we spoke to said they were "shocked" after hearing about the US government's spying mechanism. "The recent revelation of snooping by the US government is a clear case of intrusion into our privacy. It is absolutely illegal," says 24-year-old IT professional Subodh Gupta.

For more details visit https://cis-india.org/news/times-of-india-maitreyee-boruah-june-29-2013-internet-users-enraged-over-us-online-spying

Issue of duplication of identities of users under control: Nilekani

praskrishna — 2013-07-02T10:13:10Z

Nandan Nilekani says UIDAI system almost completely accurate, duplication of identities virtually negligible.

The article by Anirban Sen was published in Livemint on June 29, 2013. Sunil Abraham is quoted.

The Unique Identification Authority of India (UIDAI) chief Nandan Nilekani said the government agency was in preliminary discussions with some embassies to use the Aadhaar project to simplify visa application procedures and that the issue of duplication of identities of users was well under control.

In March, a UIDAI spokesperson told Mint that it had detected 34,015 cases where one person had been issued two Aadhaar numbers. The figures represented a little over 0.01% of the 290 million people who had been enrolled at the time.

Nilekani, who was delivering a keynote address at a three-day conference on the success and failures of information technology (IT) in the public and private sector at the Indian Institute of Management in Bangalore, said the UIDAI system was almost completely accurate and duplication of identities was virtually negligible.

“Knowing what we know now, we believe we have accuracy of upto 99.99%,” said Nilekani, chairman of the Unique Identification Authority of India (UIDAI).

Nilekani, on Saturday, assured that the project was completely secure and user data and biometrics were safe in the hands of the agencies it works with and brushed aside any concerns on security of user data that have been widely raised by Internet security groups and activists.

“We’re not giving any access to data, except when it is resident authorized. It is shared only when a resident participates in a transaction and authorizes the data which is shared,” said Nilekani, who was one of the seven co-founders of India’s second largest software exporter Infosys Ltd. He served as CEO of Infosys from 2002 to 2007.

“The system is also not open to the internet—the system has rings of authentications of service agencies. There are lots of concentric rings of security,” he added. “The biometric data is not used except for enrolment, re-duplication and authentication.”

Internet rights groups and activists such as Sunil Abraham of the Centre for Internet and Society (CIS), a research thinktank that focuses on issues of Internet governance, have often raised concerns over UID’s overtly broad scope and privacy issues in the project.

“We don’t need Aadhaar because we already have a much more robust identity management and authentication system based on digital signatures that has a proven track record of working at a “billions-of-users” scale on the Internet with reasonable security. The Unique Identification (UID) project based on the so-called “infallibility of biometrics” is deeply flawed in design. These design disasters waiting to happen cannot be permanently thwarted by band-aid policies,” Abraham wrote in a blog post on the CIS website last year.

Nilekani also acknowledged that the department had faced several challenges, due to the sheer scale of the project that aims to cover the country’s entire population of 1.2 billion.

“We have had lots of challenges on this project—we have backlogs of enrolment because we have more packets than we can process, we backlogs of letter deliveries because we cannot handle so many letters…but fundamentally notwithstanding those challenges, we believe we are on the right track,” said Nilekani.

Both UIDAI and the census department under the National Population Register project are recording biometric data, which includes fingerprint and iris data. Even though both the agencies reached a truce after a cabinet decision in January 2012 and were allowed to co-exist, there have been several reports of duplication between the two agencies in biometric collection.

UIDAI is not just being used as the main platform for rolling out the government’s direct cash transfer scheme, but is also being regarded as an important authentication scheme for financial transactions and other security measures.

For more details visit https://cis-india.org/news/livemint-anirban-sen-june-29-2013-issue-of-duplication-of-identities-of-users-under-control

Privacy Round Table, Kolkata

praskrishna — 2013-07-10T06:11:59Z

The Centre for Internet and Society, the Federation for Indian Chambers of Commerce and Industry, and the Data Security Council of India cordially invite you to attend the "Privacy Round Table" in Kolkata on July 13, 2013, 10.30 a.m. to 4.00 p.m., to discuss the "Report of the Group of Experts on Privacy" by the Justice A.P. Shah Committee, the text of the "Citizen's Privacy (Protection) Bill, 2013, drafted by the Centre for Internet and Society, and "Strengthening Privacy Protection through Co-Regulation" by DSCI.

Reijo Aarino, Data Protection Ombudsman of Finland will be the featured guest for this event. The discussions and recommendations from the meeting will be published into a compilation, and presented at the Internet Governance meeting planned for October 2013.

Click below to download the documents:

Draft Agenda

Time	Detail
10.30	Introduction to privacy frameworks for India: The Draft 2011 Right to Privacy Bill, the Report of the Group of Experts on Privacy, and Strengthening Privacy Protection through Co-regulation.
11.30	Overview, explanation, and discussion: The Privacy Protection Bill 2013
13.00	Lunch
14.00	Open Discussion: Reijo Aarnio, Data Protection Ombudsman of Finland
16.15	Tea

Please send your confirmations for attending the Kolkata Roundtable Privacy on July 13, 2013, to Maria Xynou at maria@cis-india.org

For more details visit https://cis-india.org/internet-governance/events/privacy-round-table-kolkata

SEBI and Communication Surveillance: New Rules, New Responsibilities?

kovey — 2013-07-12T10:51:46Z

In this blog post, Kovey Coles writes about the activities of the Securities Exchange Board of India (SEBI), discusses the importance of call data records (CDRs), and throws light on the significant transition in governmental leniency towards access to private records.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

Introduction

The Securities Exchange Board of India (SEBI) is the country’s securities and market regulator, an investigation agency which seeks to combat market offenses such as insider trading. SEBI has received much media attention this month regarding its recent expansion of authority; the agency is reportedly on track to be granted powers to access telecom companies’ CDRs. These CDRs are kept by telecommunication companies for billing purposes, and contain information on who sent a call, who received a call, and how long the call lasted, but does not disclose information about call content. Although SEBI has emphatically sought several new investigative powers since 2009 (including access to CDRs, surveillance of email, and monitoring of social media), India’s Ministry of Finance only recently endorsed SEBI’s plea for direct access to service providers’ CDRs. In SEBI’s founding legislation, this capability is not mentioned. Very recently, however, the Ministry of Finance has decided to support expansion of current legislation in regards to CDR access for SEBI, the Reserve Bank of India (RBI), and potentially other agencies, when it comes to prevention of money laundering and other economic offenses.

SEBI’s Authority (Until Now)

Established in 1992 under the Securities and Exchange Board of India Act, SEBI was created with the power of "registering and regulating the working of… [individuals] and intermediaries who may be associated with securities markets in any manner."[1] Its powers have included "calling for information from, undertaking inspection, conducting inquires and audits of the intermediaries and self-regulatory organisations in the securities market."[2] Although the agency has held the responsibility to investigate records on market activity, they have never explicitly enjoyed a right to CDRs or other communications data. Now, with the intention of “meeting new challenges thrown forward by the technological and market advances,”[3] SEBI and the Ministry of Finance want to extend their record keeping scope and investigative powers to include CDR access, a form of communications surveillance.

But the ultimate question is whether agencies like SEBI need this type of easy access to records of communication.

What is the Importance of CDR Access?

Reports on SEBI’s recent expansion are quick to ensure that the agency is not looking for phone-tapping rights, which intercepts messages within telephonic calls, but instead only seeks call records. CDRs, in effect, are “metadata,” a sort of information about information. In this case, it is data about communications, but it is not the communications themselves. Currently, there a total of nine agencies which are able to make actual phone-tapping requests in India. But when it comes to access of CDRs, the government seems much more generous in expanding powers of existing agencies. SEBI, as well as RBI and others, are all looking to be upgraded in their authority over CDRs. Experts argue, however, that "metadata and other forms of non-content data may reveal even more about an individual than the content itself, and thus deserves equivalent protection."[4] Therefore, a second crucial question is whether this sensitive CDR data will feature the same detail of protection and safeguards which exist for communication interception.

One reason for the recent move in CDR access is that SEBI and RBI have found the process of obtaining CDRs too arduous and ill-defined.[5] Currently, under section 92 of the CrPc, Magistrates and Commissioners of Police can request a CDR only with an official corresponding first information report (FIR), while there exists no explicit guideline for SEBI’s role in the process of CDR acquisition.[6] Although the government may seek to relax this procedure, SEBI’s founding legislation prohibits investigation without the pretense of “reasonable grounds," as stipulated in section 11C of the SEBI Act.[7] It has always stood that only under these reasonable grounds could SEBI begin inspection of an intermediary’s "books, registers, and other documents."[7] With the government creating a way for SEBI and similar agencies to circumvent the traditional procedures for access to CDRs, these new standards should incorporate safeguards to ensure the protection of individual privacy. Banking companies, financial institutions, and intermediaries have already been obliged to maintain extensive record keeping of transactions, clients, and other financial data under section 12 of the Prevention of Money-Laundering Act of 2002.[8] But books and records containing financial data differ greatly from communication data, which can include much more personal information and therefore may compromise individuals’ freedom of speech and expression, as well as the right to privacy.

Significance and Responsibility in this Decision

Judging from SEBI’s prior capabilities of inspection and inquiry, this change may initially seem only a minor expansion of power for the agency, but it actually represents a significant transition in governmental leniency toward access to private records. As mentioned, the recent goal of the Ministry of Finance to extend rights to CDRs is resulting in amended powers for more agencies than only SEBI. Moreover, this power expansion comes on the heels of controversy surrounding America’s National Security Agency (NSA) amassing millions of CDRs and other datasets both domestically and internationally. There is obvious room for concern over Indian citizen’s call records being made more easily accessible, with fewer checks and balances in place. The benefits of the new policy include easier access to evidence which could incriminate those involved in financial crimes. But is that benefit actually worth giving SEBI the right to request citizen’s call records? In the cases against economic offenses, CDR access often amounts only to circumstantial evidence. With its ongoing battle against insider trading and other financial malpractice, crimes which are inherently difficult to prove, SEBI could have aspirations to grow progressively more omnipresent. But as the agency’s breadth expands, citizen’s rights to privacy are simultaneously being curtailed. Ultimately, the value of preventing economic offense must be balanced with the value of the people’s rights to privacy.

[1]. 1992 Securities and Exchange Board of India Act, section 11, part 2(b).

[2]. 1992 Securities and Exchange Board of India Act, section 11, part 2(i).

[3]. “Sebi Finalising new Anti-money laundering guidelines,” The Times of India, June 16, 2013

http://timesofindia.indiatimes.com/business/india-business/Sebi-finalizing-new-anti-money-laundering-guidelines/articleshow/20615014.cms

[4]. International Principles on the Application of Human Rights to Communications Surveillance -http://www.necessaryandproportionate.net/#_edn1

[5]. “Sebi to soon to get Powers to Access Call Records,” Business Today, June 13, 2013

http://businesstoday.intoday.in/story/sebi-call-record-access/1/195815.html

[6]. 1973 Criminal Procedure Code, Section 92 http://trivandrum.gov.in/~trivandrum/pdf/act/CODE_OF_CRIMINAL_PROCEDURE.pdf

“Govt gives Sebi, RBI Access to Call Data Records,” The Times of India, June 14, 2013

http://articles.timesofindia.indiatimes.com/2013-06-14/india/39975284_1_home-ministry-access-call-data-records-home-secretary

[7]. 1992 Securities and Exchange Board of India Act, section 11C, part 8

[8]. 2002 Prevention of Money-Laundering Act, section 12

For more details visit https://cis-india.org/internet-governance/blog/sebi-and-communication-surveillance

Indian govt blocks 40 smut sites, forgets to give reason

praskrishna — 2013-07-01T09:04:26Z

Don't mind us, we're just censoring your content for you...

The article by Phil Muncaster was published in "The Register" on June 27, 2013. Sunil Abraham is quoted.

The Indian government has ordered ISPs to block 39 smut flick web sites hosted outside the country without giving any explanation, stoking further fears of online censorship by the back door.

Most of the sites are web forums and so allow for the uploading of naughty images and URLs where smut-seekers can download their grumble flicks, according to Times of India.

However, the sites claim to operate under the 18 USC 2257 rule, meaning actors are (supposedly) over 18 years of age, and there is apparently no indication from the Department of Telecom's order why ISPs are being asked to comply.

The message greeting web users who try to visit a blocked site now reads as follows:

This website has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications.

While the law, updated in 2011, does forbid production, transmission and sharing of smutty content in India - therefore requiring internet cafes, for example, to block such content - there is no ban on consumption, especially from sites hosted outside India.

Sunil Abraham, director of Indian not-for-profit the Centre for Internet and Society, told ToI that the government is probably interpreting the law to serve its own ends, and that its ISP order “is a clear overreach”.

The Union government has certainly been quick in the past to order blocks on any content deemed inappropriate.

Facebook and Google were forced to remove “objectionable content” from their Indian sites last year after complaints it was offensive to Muslims, Hindus and Christians.

The government was also one of many across the globe to force Google to block notorious YouTube video Innocence of Muslims.

A controversial anti-piracy ruling last June, meanwhile, led to a clumsy, large-scale block on a number of legitimate sites in the country – drawing the ire of hacktivist group Anonymous.

The government also closed hundreds of sites and social media accounts in August last year in a bid to prevent the escalation of sectarian violence across the country.

In fact, the number of content removal requests received by Google increased by 90 per cent from July-December 2012 compared with the previous six months.

For these reasons, India only enjoys “Partly Free” status, according to the Freedom on the Net 2012 report from not-for-profit Freedom House.

For more details visit https://cis-india.org/news/the-register-phil-muncaster-june-27-2013-indian-govt-blocks-40-smut-sites-forgets-to-give-reason

The State is Snooping: Can You Escape?

snehashish — 2019-04-29T15:09:18Z

Blanket surveillance of the kind envisaged by India's Centralized Monitoring System achieves little, but blatantly violates the citizen's right to privacy; Snehashish Ghosh explores why it may be dangerous and looks at potential safeguards against such intrusion.

The Snowden Leaks have made it amply clear that the covert surveillance conducted by governments is no longer covert. Information by its very nature is prone to leaks. The discretion lies completely in the hands of the personnel handling your data or information. Whether it is through knowledge obtained by an intelligence analyst about the US Government conducting indiscriminate surveillance, or hackers infiltrating a secure system and leaking personal information, stored information has a tendency to come out in the open sooner or later.

This raises the question whether, with the advancement of technologies, we should trust our personal information and data with computers. Should we have more stringent laws and procedural safeguards to protect our personal information? Of course, the broader question that remains is whether we have a ‘Right to be Forgotten’.

Similar to PRISM in the US, India is also implementing a Centralized Monitoring System (CMS) which would have the capabilities to conduct multiple privacy-intrusive activities, ranging from call data record analysis to location based monitoring. Given the circumstances and the current revelations by a whistleblower in the US, it is more than imperative to take a closer look at the surveillance technologies which are being deployed by India and question what implications it might have in the future.

Technological shift and procedural safeguards
The need for procedural safeguards was brought to light in the Supreme Court case, when news reports surfaced about the tapping of politicians' phones by the CBI. The Court while deciding on the issue of phone tapping in the case of People’s Union of Civil Liberties v. Union of India (1996), observed that the Indian Telegraph Act, 1885 is an ancient legislation and does not address the issue of telephone tapping. Thereafter, the court issued guidelines, which were implemented by the Government by amending and inserting Rule 419A of the Indian Telegraph Rules, 1951. These procedural safeguards ensure that due process will be followed by any law enforcement agency, while conducting surveillance.

Section 5(2) of the Indian Telegraph Act, 1885 grants the power to the Government to conduct surveillance provided that there is an occurrence of any public emergency or public safety. If and only if the conditions of public safety and public emergency are compromised, and if the concerned authority is convinced that it is expedient to issue such an order for interception in the interest of “the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence” is surveillance legitimized. The same was reaffirmed by the Supreme Court in the 1996 judgment on wire tapping.

Now, as the Government of India is planning to launch a new technology, the Centralized Monitoring System (CMS) which would snoop, track and monitor communication data flowing through telecom and data networks, the question arises: can we have procedural safeguards which would protect our right to privacy against technologies such as the CMS?

The key component of a procedural safeguard is human discretion; either a court authorization or an order from a high ranking government official is necessary to conduct targeted surveillance and the reasons for conducting surveillance have to be recorded in writing. This is the procedure which is ordinarily followed by law enforcement agencies before conducting any form of surveillance. However, with the computational turn, governments have resorted to practices which would do away with the human discretion. Dragnet surveillance allows for blanket surveillance. Before getting to the problems in evolving a due process for systems like CMS, it is imperative to examine the capabilities of the system.

Centralized Monitoring System and death of due process
Setting up of a CMS was conceptualized in India after the 2008 Mumbai attacks. It was further consolidated and found a place in the Report of the Telecom Working Group on the Telecom Sector for the Twelfth Five Year Plan (2012-2017). The Report was published in August, 2011 and goes into the details of the CMS.

When machines and robots are deployed to conduct blanket surveillance and impinge on the most fundamental right to life and liberty, and also violate the basic tenets of due process, then much cannot be done by way of procedures. What then do we resort to, is the primary question. Can there be a compromise between the right to privacy and security?

The Report indicates that the technology will cater to “the requirements of security management for law enforcement agencies for interception, monitoring, data analysis/mining, antiâ€socialâ€networking using the country’s telecom infrastructure for unlawful activities.”

The CMS will also be capable of running algorithms for interception of connection oriented networks, algorithms for interception of voice over internet protocol (VoIP), video over IP and GPS based monitoring systems. These algorithms would be able to intercept any communication without any intervention from the telecom or internet service provider. It would also have the capability to intercept and analyze data on any communication network as well as to conduct location based monitoring by tracking GPS locations. Given such capabilities, it is clear that a computer system will be sifting through the internet/communication data and will conduct surveillance as instructed through algorithms. This would include identifying patterns, profiling and also storing data for posterity. Moreover, the CMS will have direct access to the telecommunication infrastructure and would be monitoring all forms of communication.

With the introduction of CMS, state surveillance will shift to blanket surveillance from the current practice of targeted surveillance which can be carried out under specific circumstances that are well defined in the law and in judgments. Moreover, when it comes to current means of surveillance, there are well-defined procedures under the law which have the ability to prevent misuse of the surveillance systems. This is not to say that the current procedural safeguards under the laws are not prone to abuse, but if implemented properly, there is less chance of them being misused. Furthermore, with strong privacy and data protection laws, unlawful and illegal surveillance can be minimized.

In the current legal framework, with respect to surveillance, if CMS is implemented then it will be in violation of the fundamental right to privacy and freedom of speech as guaranteed under our Constitution. It will be also in contravention of the procedural safeguards laid down in the Supreme Court judgement and the Rule 419A of Indian Telegraph Rules, thereof. Strong privacy laws and data protection laws may be put in place, which are completely absent now. But at the end of the day, a machine will be spying on every citizen of India or anyone using any communication services, without any specific targets or suspects.

In the People’s Union of Civil Liberties v. Union of India (1996), the Supreme Court laid down that “the substantive law as laid down in Section 5(2) of the [Indian Telegraph Act, 1885] must have procedural backing so that the exercise of power is fair and reasonable.” But with technologies such as CMS, it will be very difficult to have any form of procedural backing because the system would do away with human discretion which happens to be a key ingredient of any legal procedure.

The argument which can be made in favour of CMS, if any, is that a machine will be going through personal data and it will not be available to any personnel or law enforcement agency without authorization and therefore, it will adhere to the due process. However, such a system will be keeping track of all personal information. Right to privacy is the right to be left alone and any incursion on this fundamental right can only be allowed in special cases, in cases of public emergency or threat of public safety. So, electronic blanket surveillance without human intervention also amounts to violation of the substantive law, which specifically allows surveillance only to be conducted under certain conditions, and not through a system such as CMS that is designed to keep a constant watch on everyone, irrespective of the fact whether there is a need to do so.

Additionally, there exists a strong, pre-established notion that whatever comes out of a computer is bound to be true and authentic and there cannot be any mistakes. We have witnessed this in the past where an IT professional from Bangalore was arrested and detained by the Maharashtra Police for posting derogatory content on Orkut about Shivaji. Later, it was found that the records acquired from the Internet Service Provider were incorrect and the individual had been arrested and detained illegally.

Telephone bills, credit card bills coming out from a computer system are often held to be authentic and error-free. With UID, our identity has been reduced to a number and biometrics stored in a database corresponding to that number. It is this trust in anything which comes out of a computer or a machine that can lead to massive abuse of the system in the absence of any form of checks and balance in place. Artificial things taking control over human lives and our almost unflinching trust in technology will not only cause gross violations of privacy but will also be the death of due process and basic human rights as we know it.

In this regard, due emphasis should be given to the landmark Supreme Court judgment in the case of Maneka Gandhi v. Union of India (1978) which deals with issues related to due process and privacy. It states that "procedure which deals with the modalities of regulating, restricting or even rejecting a fundamental right falling within Article 21 has to be fair, not foolish, carefully designed to effectuate, not to subvert, the substantive right itself. Thus, understood, ‘procedure’ must rule out anything arbitrary, freakish or bizarre. A valuable constitutional right can be canalised only by canalised processes".

When machines and robots are deployed to conduct blanket surveillance and impinge on the most fundamental right to life and liberty and also violate the basic tenets of due process, then much cannot be done by way of procedures. What then do we resort to, is the primary question. Can there be a compromise between the right to privacy and security?

A no-win situation
In reality, dragnet surveillance or blanket surveillance is not very useful for gathering valuable intelligence to prevent instances of threat to national security, public safety and public emergency. For example, if the CMS is used to mine data, analyse content related to anti-social activities and even if the system is 99 per cent accurate, the remaining 1 per cent which is a false positive happens to be a large set. So, 1 out of every 100 individuals identified as an anti-social element by CMS may actually be an innocent citizen. Given the possibility of false positives and which may be more than 1 per cent, the number of innocent citizens caught in the terrorist net would be much higher.

Even though blanket surveillance or dragnet surveillance can keep a tab on everyone, it is nearly impossible for an algorithm to separate the terrorists from the rest. Moreover, the data set collected by the machine is too big for any human analyst, to actually analyze and identify the terrorist in the midst of a deluge of information. Therefore, the argument that a system like CMS will ensure security in lieu of minor intrusions of privacy is a flawed one. Implementation of CMS will not really ensure security but will be a case of blatant violation of individual’s right to privacy anyway.

What is perhaps more shocking is that not only will CMS be futile in preventing security breaches or neutralizing security threats, it will on the contrary expose individual Indian citizens to breach of personal security. If personal data and information are stored for future reference through a centralized mechanism, which is also the case with UID, it will be highly susceptible to attacks and security threats. It will be a Pandora’s Box with a potential to create havoc the moment someone is able to gain access to the information with intention to misuse that. Leaking of personal information and data on a large scale can be detrimental to society and give rise to instances of public emergency.

The ‘Right to be Forgotten’

Currently, the European Union is engulfed in the debate on the “Right to be Forgotten” laws. The Right to be Forgotten finds its origins in the French Law le droit Ã l’oubli or the right of oblivion, where a convict who has served his sentence can object to the publication of facts of his conviction and imprisonment or penalty. This law has a new found meaning in the context of social media and the internet, where we have the right to delete all our personal information permanently. This is an important issue which India should debate and discuss, as we live in an era where privacy comes at a cost.

On the one hand, technology has made it easier to track, trace, monitor and snoop, on the other it has also seen innovation in the field of encryption and anonymity tools. Encryption tools such as Open PGP exist online, which can secure information from third party access. Tor Browser, allows an user to surf the web anonymously. The use of such technologies should be encouraged as there is no law which prohibits their use. If systems are being built to spy on us, it will be better if we use technologies which protect our personal information from such surveillance technologies.

For more details visit https://cis-india.org/internet-governance/blog/india-together-june-26-2013-snehashish-ghosh-the-state-is-snooping-can-you-escape

Open Letter to Prevent the Installation of RFID tags in Vehicles

maria — 2013-07-12T10:59:31Z

The Centre for Internet and Society (CIS) has sent this open letter to the Society of Indian Automobile Manufacturers (SIAM) to urge them not to intall RFID tags in vehicles in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

This letter is with regards to the installation of Radio Frequency Identification Tags (RFID) in vehicles in India.

On behalf of the Centre for Internet and Society, we urge you to prevent the installation of RFID tags in vehicles in India, as the legality, necessity and utility of RFID tags have not been adequately proven. Such technologies raise major ethical concerns, since India lacks privacy legislation which could safeguard individuals' data.

The proposed rule 138A of the Central Motor Vehicle Rules, 1989, mandates that RFID tags are installed in all light motor vehicles in India. However, section 110 of the Motor Vehicles Act (MV Act), 1988, does not bestow on the Central Government a specific empowerment to create rules in respect to RFID tags. Thus, the legality of the proposed rule 138A is questioned, and we urge you to not proceed with an illegal installation of RFID tags in vehicles until the Supreme Court has clarified this issue.

The installation of RFID tags in vehicles is not only currently illegal, but it also raises majors privacy concerns. RFID tags yield locational information, and thus reveal information as to an individual’s whereabouts. This could lead to a serious invasion of the right to privacy, which is at the core of personal liberty, and constitutionally protected in India. Moreover, the installation of RFID tags in vehicles is not in compliance with the privacy principles of the Report of the Group of Experts on Privacy, as, among other things, the architecture of RFID tags does not allow for consent to be taken from individuals for the collection, use, disclosure, and storage of information generated by the technology.[1]

The Centre for Internet and Society recently drafted the Privacy (Protection) Bill 2013 – a citizen's version of a possible privacy legislation for India.[2]The Bill defines and establishes the right to privacy and regulates the interception of communications and surveillance, and would include the regulation of technologies like RFID tags. As this Bill has not been enacted into law and India lacks a privacy legislation which could safeguard individuals' data, we strongly urge you to not require the mandatory installation of RFID tags in vehicles, as this could potentially violate individuals' right to privacy and other human rights.

As the proposed rule 138A, which mandates the installation of RFID tags in vehicles, is currently illegal and India lacks privacy legislation which would regulate the collection, use, sharing of, disclosure and retention of data, we strongly urge you to ensure that RFID tags are not installed in vehicles in India and to play a decisive role in protecting individuals' right to privacy and other human rights.

Thank you for your time and for considering our request.

Sincerely,

Centre for Internet and Society (CIS)

[1]. Report of the Group of Experts on Privacy: http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[2].Draft Privacy (Protection) Bill 2013: http://cis-india.org/internet-governance/blog/privacy-protection-bill-2013.pdf

For more details visit https://cis-india.org/internet-governance/blog/open-letter-to-siam-on-rfid%20installation-in-vehicles