Access To Knowledge (A2K)

I Just Pinged to Say Hello

nishant — 2013-11-30T08:36:02Z

A host of social networks find us more connected than ever before, but leave us groping for words in the digital space.

Dr. Nishant Shah's article was published in the Indian Express on November 24, 2013.

I am making a list of all the platforms that I use to connect with the large networks that I belong to. Here goes: I use Yahoo! Messenger to talk to my friends in east Asia. Most of my work meetings happen on Skype and Google Hangout. A lot of friendly chatter fills up my Facebook Messenger. Twitter is always available for a little back-chat and bitching. On the phone, I use Viber to make VoIP calls and WhatsApp is the space for unending conversations spread across days. And these are just the spaces for real-time conversation. Across all these platforms, something strange is happening. As I stay connected all the time, I am facing a phenomenon where we have run out of things to say, but not the desire to talk.

I had these three conversations today on three different instant-messaging platforms:

Person 1 (on WhatsApp): Hi.

Me: Hey, good to hear from you. How are you doing?

Person 1: Good.

Me (after considerable silence): So what's up?

Person 1: Nothing.

End of conversation.

Person 2 (On an incoming video call on Skype): Hey, you there?

Me: Yeah. What time is it for you right now?

Person 2: It is 10 at night.

Me: Oh! That is late. How come you are calling me so late?

Person 2: Oh, I saw you online.

Me: Ok….. *eyes raised in question mark*

Person 2: So, that's it. I am going to sleep soon.

Me: Ok…. Er…goodnight.

Person2: Goodnight.

We hang up.

Person 3 (pinging me on Facebook): Hey, you are in the US right now?

Me: Yes. I am attending a conference here.

Person 3: Cool!

Me: Umm… yeah, it is.

Person 3: emoticon of a Facebook 'like'. Have fun. Bye.

Initially I was irritated at the futility of these pings that are bewildering in their lack of content. I dismissed it as one of those things, but I realise that there is a pattern here. Our lives are so particularly open and documented, such minute details of what we do, where we are and who we are with, is now available for the rest of the world to consume, making most of the conversations seeking information, redundant. If you know me on my social media networks, you already know most of the basic things that you would want to know about me. And it goes without saying that no matter how close and connected we are, we are not necessarily in a state where we want to talk all the time. The more distributed our lives are, the more diminished is the need for personal communication.

And yet, the habit or the urge to ping, buzz, DM or chat has not caught up with this interaction deficit. So, we still seem to reach out, using a variety of platforms just to say hello, even when there is nothing to say. I call this the 'Always On' syndrome. We live in a world where being online all the time has become a ubiquitous reality. Even when we are asleep, or busy in a meeting, or just mentally disconnected from the online spaces, our avatars are still awake. They interact with others. And when they feel too lonely, they reach out and send that empty ping — just to confirm that they are not alone. That on the other side of the glowing screen is somebody else who is going to connect back, and to reassure you that we are all together in this state of being alone.

This empty ping has now become a signifier, loaded with meaning. The need for human connection has been distributed, but it does not compensate our need for one-on-one contact. In the early days of the cell phone, when incoming calls were still being charged, the missed call, without any content, was a code between friends and lovers. It had messages about where to meet, when to meet, or sometimes, just that you were missing somebody. The empty ping is the latest avatar of the missed call — in a world where we are always online but not always connected, when we are constantly together, but also spatially and emotionally alone, the ping remains that human touch in the digital space that reassures us that on the other side of that seductive interface and the buzzing gadget, is somebody we can say hello to.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-november-24-2013-nishant-shah-i-just-pinged-to-say-hello

I don't want my fingerprints taken

praskrishna — 2011-04-02T11:41:46Z

Through this article published in Down to Earth, Nishant Shah looks at the role of the state as arbiter of our privacy.

The census, or the collection of citizen data, has been a fundamental aspect of governance for most modern nations. It reminds us that modern governance has been wedded to information, even before it became fashionable to talk of the information age after the digital explosion. Different governments have sought mechanisms to gather and centralize citizen data to effectively administer public services, equity and justice. We have appointed the state as a repository of this data and also the trustee of privacy of this data.

However, lately, in India as well as other countries, there has been a growing anxiety about the role of the state as the arbiter of our privacy.

As public-private-partnerships become a desirable norm for many governments, the citizen data is available to private players who can exploit it for vested interest. In everyday life, this proliferation of citizen data can manifest itself from spam calls by product bearing companies that all of us experience on a regular basis to shattering violence inflicted on selective communities as was seen in Gujarat in the aftermath of the communal conflict in Godhra. While we have, reluctantly, invested our faith in the government in offering our personal data, it comes as a shock that the data has been compromised in the government’s partnerships with the market.

We have always known that even in its physical form, the citizen data often travels through insurance companies, private healthcare systems, financial databases and opens us to invasive surveillance by their operators. But the data is not immediately linked to our bodies. It is possible to deny the data related to our name, sex, occupation and class, or escape it, if necessary. The data resides in large databases, so huge that they fail to make sense to anybody who has to browse through the records.

With the digital data gathering—the kinds that the Unique Identity Project (now known as Aadhar) uses—these safety nets were already weakened. In its digital form, the data suddenly became vulnerable to algorithmic searches and queries that allow for extremely customized and selective data to be made available to operators who are not accountable to us.

Moreover, the digital data can now travel easily across fault lines and previously accepted boundaries to mark citizens in ways that make survival precarious. The anxieties that have surrounded the Aadhar project have been fuelled by the lack of transparent accountability about citizen data usage.

These anxieties around digital data collection get aggravated by the introduction of the biometric protocols into the system. Even with digital data, there was a certain amount of autonomy and agency available to the citizen, to either morph or escape the data production that the system required. Like in earlier times, the relationship of the data was not with the individual citizen’s body but with the citizen as a representative of the larger population. There was no undeniable link that would bind the data on the physiological presence of the citizen.

Biometric system makes the citizen data personal—they tie it up with our inalienable self and body. The data once gathered offers no escape from the information webs, and the possibilities of abuse and violence in such a link between citizen data and the individual citizen’s presence are mind-boggling. We are talking about a dystopian sci-fi vision where each individual has a unique relationship through his/her unique identity with systems of justice, regulation, consumption and production. Everything from what you wear to what you eat to who you are friends with and what you do in your spare time can be tied to your physical body and self. This posits a fundamental threat to the human rights, dignity and security offered by the Constitution.

The census promises the safety of the citizen through anonymity. The biometric data collection violates this safety and suddenly makes us vulnerable to being single, unique and alone in our identity which can be exploited by anybody. The biometric fixity of our identity identifies us, marks us and ties us down to the mass abuse that any information system is always susceptible to. There will be no escape.

Read the article in Down to Earth

For more details visit https://cis-india.org/news/fingerprints-taken

I dare you, I double dare you: Social media celebrates Sec 66A verdict

praskrishna — 2015-03-26T16:33:55Z

Users across social media platforms on Tuesday welcomed the Supreme Court's scrapping of the controversial Section 66A of the Information Technology Act, hailing it as a measure that will strengthen freedom of expression online.

The article by Vishakha Saxena published in the Hindustan Times on March 25, 2015 quotes Pranesh Prakash.

"This is the first SC judgment since the 60s to plainly strike down a law for free expression violation! #66A," tweeted Pranesh Prakash, policy director at the Centre for Internet and Society in Bengaluru.

Prakash, who tweeted "I AM ECSTATIC!!" minutes after the judgement, was one of the most vocal critics of Section 66A - which made offensive comments online punishable with jail terms - and played a key role in creating awareness about freedom of expression.

Apar Gupta, a representative of the People's Union for Civil Liberties (one of the parties that petitioned the Supreme Court against section 66A), also took to Twitter to jubilantly declare victory.

"My TL is a little crazy right now…This decision means a lot to me. Thank you. I am smiling." he posted.

Supreme Court advocate Karuna Nundy, who too represents PUCL, expressed her happiness on Facebook.

The top court struck down the provision, described as draconian by many internet rights activists, describing it as "unconstitutional" and a "restriction on free speech".

Section 66A, incorporated through an amendment of the IT Act in 2009, prohibited the sending of information of a "grossly offensive" or "menacing" nature through communication devices. It was used by several states to arrest people over posts on social media that officials claimed were "seditious" or "communally sensitive".

Discussions on social media against the provision had gained pace hours ahead of the court's ruling. Twitter, in fact, was abuzz as thousands used the hashtag #No66A to voice their opinions.

Reddit, known for being unabashed with opinion and language, wasn’t far behind. The first post announcing the verdict was upvoted 96% and garnered 460 points within four hours.

"Supreme Court zindabad! Now can we abuse Azam Khan without any fear?" commented user Apunebolatumerilaila.

Another user, Indian_galileo, wrote, "FINALLY, SOME SENSE HAS PREVAILED PRAISE THE OVERLORDS AT SC THANK YOU SC THANK YOU VERY VERY MUCH."

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-march-25-2015-vishakha-saxena-i-dare-you-i-double-dare-you

Human rights review of the verification code extension for EPP

Admin — 2018-12-10T16:04:56Z

On September 20, 2018 Gurshabad Grover sent a review of the human rights considerations in the Internet Draft, 'Verification Code Extension for the Extensible Provisioning Protocol (EPP)' (draft-ietf-regext-verificationcode-04), which is a document adopted by the Registration Protocols Extensions (regext) Working Group at the IETF.

The review was drafted with research assistance Paul Kurian. You can read the review (and find the subsequent discussion) here.

For more details visit https://cis-india.org/internet-governance/news/human-rights-review-of-the-verification-code-extension-for-epp

Human Rights in the Age of Digital Technology: A Conference to Discuss the Evolution of Privacy and Surveillance

Amber Sinha — 2016-01-11T02:12:49Z

The Centre for Internet and Society organised a conference in roundtable format called ‘Human Rights in the Age of Digital Technology: A Conference to discuss the evolution of Privacy and Surveillance. The conference was held at Indian Habitat Centre on October 30, 2015. The conference was designed to be a forum for discussion, knowledge exchange and agenda building to draw a shared road map for the coming months.

In India, the Right to Privacy has been interpreted to mean an individual's’ right to be left alone. In the age of massive use of Information and Communications Technology, it has become imperative to have this right protected. The Supreme Court has held in a number of its decisions that the right to privacy is implicit in the fundamental right to life and personal liberty under Article 21 of the Indian Constitution, though Part III does not explicitly mention this right. The Supreme Court has identified the right to privacy most often in the context of state surveillance and introduced the standards of compelling state interest, targetted surveillance and oversight mechanism which have been incorporated in the forms of rules under the Indian Telegraph Act, 1885. Of late, privacy concerns have gained importance in India due to the initiation of national programmes like the UID Scheme, DNA Profiling, the National Encryption Policy, etc. attracting criticism for their impact on the right to privacy. To add to the growing concerns, the Attorney General, Mukul Rohatgi argued in the ongoing Aadhaar case that the judicial position on whether the right to privacy is a fundamental right is unclear and has questioned the entire body of jurisprudence on right to privacy in the last few decades.

Participation

The roundtable saw participation from various civil society organisation such as Centre for Communication Governance, The Internet Democracy Project, as well as individual researchers like Dr. Usha Ramanathan and Colonel Mathew.

Introductions

Vipul Kharbanda, Consultant, CIS made the introductions and laid down the agenda for the day. Vipul presented a brief overview of the kind of work of CIS is engaged in around privacy and surveillance, in areas including among others, the Human DNA Profiling Bill, 2014, the Aadhaar Project, the Privacy Bill and surveillance laws in India. It was also highlighted that CIS was engaged in work in the field of Big Data in light of the growing voices wanting to use Big Data in the Smart Cities projects, etc and one of the questions was to analyse whether the 9 Privacy Principles would still be valid in a Big Data and IoT paradigm.

The Aadhaar Case

Dr. Usha Ramanathan began by calling the Aadhaar project an identification project as opposed to an identity project. She brought up various aspects of project ranging from the myth of voluntariness, the strong and often misleading marketing that has driven the project, the lack of mandate to collect biometric data and the problems with the technology itself. She highlighted inconsistencies, irrationalities and lack of process that has characterised the Aadhaar project since its inception. A common theme that she identified in how the project has been run was the element of ad-hoc-ness about many important decisions taken on a national scale and migrating from existing systems to the Aadhaar framework. She particularly highlighted the fact that as civil society actors trying to make sense of the project, an acute problem faced was the lack of credible information available. In that respect, she termed it as ‘powerpoint-driven project’ with a focus on information collection but little information available about the project itself. Another issue that Dr. Ramanathan brought up was that the lack of concern that had been exhibited by most people in sharing their biometric information without being aware of what it would be used, was in some ways symptomatic of they way we had begun to interact with technology and willingly giving information about ourselves, with little thought. Dr Ramanathan’s presentation detailed the response to the project from various quarters in the form of petitions in different high courts in India, how the cases were received by the courts and the contradictory response from the government at various stages. Alongside, she also sought to place the Aadhaar case in the context of various debates and issues, like its conflict with the National Population Register, exclusion, issues around ownership of data collected, national security implications and impact on privacy and surveillance. Aside from the above issues, Dr. Ramanathan also posited that the kind of flat idea of identity envisaged by projects like Aadhaar is problematic in that it adversely impacts how people can live, act and define themselves. In summation, she termed the behavior of the government as irresponsible for the manner in which it has changed its stand on issues to suit the expediency of the moment, and was particularly severe on the Attorney General raising questions about the existence of a fundamental right to privacy and casually putting in peril jurisprudence on civil liberties that has evolved over decades.

Colonel Mathew concurred with Dr. Ramanathan that the Aadhaar Project was not about identity but about identification. Prasanna developed on this further saying that while identity was a right unto the individual, identification was something done to you by others. Colonel Mathew further presented a brief history of the Aadhaar case, and how the significant developments over the last few years have played out in the courts. One of the important questions that Colonel Mathew addressed was the claim of uniqueness made by the UID project. He pointed to research conducted by Hans Varghese Mathew which analysed the data on biometric collection and processing released by the UID and demonstrated that there was a clear probability of a duplication in 1 out of every 97 enrolments. He also questioned the oft-repeated claim that UID would give identification to those without it and allow them to access welfare schemes. In this context, he pointed at the failures of the introducer system and the fact that only 0.03% of those registered have been enrolled through the introducer system. Colonel Mathew also questioned the change in stance by the ruling party, BJP which had earlier declared that the UID project should be scrapped as it was a threat to national security. According to him, the prime mover of the scheme were corporate interests outside the country interested in the data to be collected. This, he claimed created very serious risks to the national security. Prasanna further added to this point stating that while, on the face of it, some of the claims of threats to national security may sound alarmist in nature, if one were to critically study the manner in which the data had collected for this project, the concerns appeared justified.

The Draft Encryption Policy

Amber Sinha, Policy Officer at CIS, made a presentation on the brief appearance of the Draft Encryption Policy which was released in October this year, and withdrawn by the government within a day. Amber provided an overview of the policy emphasising on clauses around limitations on kind of encryption algorithms and key sizes individuals and organisations could use and the ill-advised procedures that needed to be followed. After the presentation, the topic was opened for discussion. The initial part of the discussion was focussed on specific clauses that threatened privacy and could serve the ends of enabling greater surveillance of the electronic communications of individuals and organisations, most notably having an exhaustive list of encryption algorithms, and the requirement to keep all encrypted communication in plain text format for a period of 90 days. We also attempted to locate the draft policy in the context of privacy debates in India as well as the global response to encryption. Amber emphasised that while mandating minimum standards of encryption for communication between government agencies may be a honorable motive, as it is concerned with matters of national security, however when this is extended to private parties and involved imposes upward thresholds on the kinds of encryption they can use, it stems from the motive of surveillance. Nayantara, of The Internet Democracy Project, pointed out that there had been global push back against encryption by governments in various countries like US, Russia, China, Pakistan, Israel, UK, Tunisia and Morocco. In India also, the IT Act places limits on encryption. Her points stands further buttressed by the calls against encryption in the aftermath of the terrorist attacks in Paris last month.

It also intended to have a session on the Human DNA Profiling Bill led by Dr. Menaka Guruswamy. However, due to certain issues in scheduling and paucity of time, we were not able to have the session.

Questions Raised

On Aadhaar, some of the questions raised included the question of applicability of the Section 43A, IT Act rules to the private parties involved in the process. The issue of whether Aadhaar can be tool against corruption was raised by Vipul. However, Colonel Mathew demonstrated through his research that issues like corruption in the TPDS system and MNREGA which Aadhaar is supposed to solve, are not effectively addressed by it but that there were simpler solutions to these problems.

Ranjit raised questions about the different contexts of privacy, and referred to the work of Helen Nissenbaum. He spoke about the history of freely providing biometric information in India, initially for property documents and how it has gradually been used for surveillance. He argued has due to this tradition, many people in India do not view sharing of biometric information as infringing on their privacy. Dipesh Jain, student at Jindal Global Law School pointed to challenges like how individual privacy is perceived in India, its various contexts, and people resorting to the oft-quoted dictum of ‘why do you want privacy if you have nothing to hide’. In the context, it is pertinent to mention the response of Edward Snowden to this question who said, “Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” Aakash Solanki, researcher

Vipul and Amber also touched upon the new challenges that are upon us in a world of Big Data where traditional ways to ensure data protection through data minimisation principle and the methods like anonymisation may not work. With advances in computer science and mathematics threatening to re-identify anonymized datasets, and more and more reliances of secondary uses of data coupled with the inadequacy of the idea of informed consent, a significant paradigm shift may be required in how we view privacy laws.

A number of action items going forward were also discussed, where different individuals volunteered to lead research on issues like the UBCC set up by the UIDAI, GSTN, the first national data utility, looking the recourses available to individual where his data is held by parties outside India’s jurisdiction.

For more details visit https://cis-india.org/internet-governance/blog/human-rights-in-the-age-of-digital-technology-a-conference-to-discuss-the-evolution-of-privacy-and-surveillance

Human DNA Profiling Bill 2012 v/s 2015 Bill

vanya — 2015-09-06T14:10:26Z

This entry analyses the Human DNA Profiling Bill introduced in 2012 with the provisions of the 2015 Bill

A comparison of changes that have been introduced in the Human DNA Profiling Bill, June 2015.

Definitions:

1. 2012 Bill: The definition of "analytical procedure" was included under clause 2 (1) (a) and was defined as an orderly step by step procedure designed to ensure operational uniformity.

2015 Bill: This definition has been included under the Explanation under clause 22 which provides for measures to be taken by DNA Laboratory.

2. 2012 Bill: The definition of "audit" was earlier defined under clause 2 (1) (b) and was defined as an inspection used to evaluate, confirm or verify activity related to quality.

2015 Bill: This definition has been included under the Explanation under clause 22 which provides for measures to be taken by DNA Laboratory.

3. 2012 Bill: There was no definition of "bodily substance".

2015 Bill: Clause 2(1) (b) defines bodily substance to be any biological material of or from a body of the person (whether living or dead) and includes intimate/non-intimate body samples as well.

4. 2012 Bill: The definition of "calibration" was included under clause 2 (1) (d) in the previous Bill.

2015 Bill: The definition has been removed from the definition clause and has been included as an explanation under clause 22.

5. 2012 Bill: Previously "DNA Data Bank" was defined under clause 2(1)(h) as a consolidated DNA profile storage and maintenance facility, whether in computerized or other form, containing the indices as mentioned in the Bill.

2015 Bill: However, in this version, the definition has been briefed under clause 2(1) (f) to mean as a DNA Data Bank as established under clause 24.

6. 2012 Bill: Previously a "DNA Data Bank Manager" was defined clause 2(1) (i) as the person responsible for supervision, execution and maintenance of the DNA Data Bank.

2015 Bill: In the new Bill, it is defined clause 2(1) (g) as a person appointed under clause 26.

7. 2012 Bill: Under clause 2(1) (j), the definition of "DNA laboratory" was defined to be any laboratory established to perform DNA procedures.

8. 2015 Bill: Under clause 2(1) (h) "DNA laboratory" has been now defined to be any laboratory established to perform DNA profiling.

9. 2012 Bill: "DNA procedure" was defined under clause 2(1) (k) as a procedure to develop DNA profile for use in the applicable instances as specified in the Schedule.

2015 Bill: This definition has been removed from the Bill.

10. 2012 Bill: There was no definition of "DNA Profiling".

2015 Bill: DNA profiling has been defined under clause 2(1) (j) as a procedure to develop DNA profile for human identification.

11. 2012 Bill: "DNA testing" was defined under clause 2(1) (n) as the identification and evaluation of biological evidence using DNA technologies for use in the applicable instances.

2015 Bill: This definition has been removed.

12. 2012 Bill: "forensic material" was defined under clause 2(1) (o) as biological material of or from the body of a person living or dead, and representing an intimate body sample or non-intimate body sample.

2015 Bill: This definition has been included under the definition of "bodily substance" under clause 2(1) (b).

13. 2012 Bill: "intimate body sample" was defined under clause 2(1) (q).

2015 Bill: This has been removed from the definitions clause and has been included as an explanation under clause 23 which addresses sources and manner of collection of samples for DNA profiling.

14. 2012 Bill: "intimate forensic procedure" was defined under 2(1) (r).

2015 Bill: This has been removed from the definitions clause and has been included as an explanation under clause 23 which addresses sources and manner of collection of samples for DNA profiling.

15. 2012 Bill: "non-intimate body sample" was defined under clause 2(1) (v) in 2012 Bill.

2015 Bill: The definition of "non-intimate body sample" has not been included in the definitions clause and has been included as an Explanation under clause 23 which addresses sources and manner of collection of samples for DNA profiling.

16. 2012 Bill: "non-intimate forensic procedure" was defined under clause 2(1) (w) in 2012 Bill.

2015 Bill: The definition of "non-intimate forensic procedure" has not been included in the definitions clause and has been included as an Explanation under clause 23 which addresses sources and manner of collection of samples for DNA profiling.

17. 2012 Bill: "undertrial" was defined under clause 2(1) (zk) as a person against whom a criminal proceeding is pending in a court of law.

2015 Bill: The definition now states such a person against whom charges have been framed for a specified offence in a court of law under clause 2(1) (zc).

DNA Profiling Board:

1. 2012 Bill: Under clause 4 (a), the Bill stated that a renowned molecular biologist must be appointed as the Chairperson.

2015 Bill: Under clause 4 addressing Composition of the Board, the Bill states that the Board shall consist of a Chairperson who shall be appointed by the Central Government and must have at least fifteen years' experience in the field of biological sciences.

2. 2012 Bill: Under clause 4 (i), the Chairman of National Bioethics Committee of Department of Biotechnology, Government of India was to be included as a member under the DNA Profiling Board.

2015 Bill: This member has been removed from the composition.

3. 2012 Bill: Under clause 4 (m), the term of 1 person from the field of genetics was not mentioned in the 2012 Bill.

2015 Bill: In this Bill under clause 4 (m), it has been stated that such a person must have minimum experience of twelve years in the field.

4. 2012 Bill: The term of 2 people from the field of biological sciences was not mentioned in the 2012 Bill under clause 4 (l).

2015 Bill: Under clause 4 (l), it has been stated that such 2 people must have minimum experience of twelve years in the field.

5. The following members have been included in the 2015 Bill-

i. Chairman of National Human Rights Commission or his nominees, as an ex-officio member under clause 4 (a).

ii. Secretary to Government of India, Ministry of Law and Justice or his nominees (not below rank of Joint Secretary), as an ex-officio member under clause 4 (b).

6. 2012 Bill: Under clause 5, the term of the members was not uniform and varied for all members.

2015 Bill: The term of people from the field of biological sciences and the person from the field of genetics has been states to be five years from the date of their entering upon the office, and would be eligible for re-appointment for not more than 2 consecutive terms.

Also, the age of a Chairperson or a member cannot exceed seventy years.

The term of members under clauses (c), (f), (h), and (i) of clause 4 is 3 years and for others the term shall continue as long as they hold the office.

Chief Executive Officer:

2012 Bill: Earlier it was stated in the Bill under clause 10 (3) that such a person should be a scientist with understanding of genetics and molecular biology.

2015 Bill: The Bill states under clause 11 (3) that the CEO shall be a person possessing qualifications and experience in science or as specified under regulations. The specific experience has been removed.

A new clause- 12(5) addresses power of the Board to co-opt the number of people for attending the meetings and take part in proceedings; however such a person shall be devoid of voting rights. Also, such a person shall be entitled to specified allowances for attending the meetings.

Officers and Other Employees of Board:

2012 Bill: The Bill stated under clause 11 (3) that the Board may appoint consultants required to assist in the discharge of its functions on such terms and conditions as may be specified by the regulations.

2015 Bill: The 2015 Bill states under clause 12 (3) that the Board may appoint experts to assist for discharging its functions and may hold consultations with people whose rights may be affected by DNA profiling.

Functions of the Board:

2012 Bill: 26 functions were stated in the 2012 Bill.

2015 Bill: The number of the functions has been reduced to 22 with a few changes based on recommendations of Expert Committee.

Power of Board to withdraw approval:

2015 Bill: The circumstances in which the Board could withdraw its approval have not been changed from the 2012 Bill (previously under clause 16). There's an addition to the list as provided under clause 17 (1) (d) wherein the Board can also withdraw its approval in case the DNA laboratory fails to comply with any directions issued by the DNA Profiling Board or any such regulatory Authority under any other Act.

Obligations of DNA Laboratory:

2015 Bill: There is an addition to the list of obligations to be undertaken by a DNA laboratory under clause 19 (d). The laboratory has an additional obligation to share the DNA data prepared and maintained by it with the State DNA Data Bank and the National DNA Data Bank.

Qualification and experience of Head, technical and managerial staff and employees of DNA Laboratory:

2012 Bill: The previous Bill clearly mandated under clause 19 (2) the qualifications of the Head of every DNA laboratory to be a person possessing educational qualifications of Doctorate in Life Sciences from a recognised University with knowledge and understanding of the foundation of molecular genetics as applied to DNA work and such other qualifications as may be specified by regulations made by the Board.

2015 Bill: The provision has been generalized and provides under clause 20 (1) for a person to be possess the specified educational qualifications and experience.

Measures to be taken by DNA Laboratory:

2012 Bill: In the previous Bill, there were separate clauses with regard to security, minimization of contamination, evidence control system, validation process, analytical procedure, equipment calibration and maintenance, audits of laboratory to be followed by a DNA Laboratory.

2015 Bill: In the 2015 Bill, these measures to be adopted by DNA Laboratory have been included under one clause itself-clause 22.

Infrastructure and training:

2012 Bill: The specific provisions regarding infrastructure, fee, recruitment, training and installing of security system in the DNA Laboratory were present in the Bill under clauses 28-31.

2015 Bill: These provisions have been removed from the 2015 Bill.

Sources and manner of collection of samples for DNA profiling:

2012 Bill: Part II of the Schedule in the Bill provided for sources and manner of collection of samples for DNA Profiling.

The sources include: Tissue and skeleton remains and Already preserved body fluids and other samples.

Also, it provided for a list of the manner in which the profiling can be done:

(1) Medical Examination (2) Autopsy examination (3) Exhumation

Also, provision for collection of intimate and non-intimate body samples was provided as an Explanation.

2015 Bill: Under Clause 23, the sources include bodily substances and other sources as specified in Regulations. The other sources remain unchanged.

Also, provision for collection of intimate and non-intimate body samples is addressed in clause 23(2).

The explanation to the provision states what would be implied by the terms medical practitioner, intimate body sample, intimate forensic procedure, non-intimate body sample and non-intimate forensic procedure.

DNA Data Bank:

- Establishment:

2012 Bill: The Bill did not specify any location for establishment of the National DNA Data Bank.

2015 Bill: The Bill states under clause 24 (1) that the Central Government shall establish a National DNA Data Bank at Hyderabad.

-Maintenance of indices of DNA Data Bank:

2012 Bill: Apart from the DNA profiles, every DNA Data Bank shall contain the identity of the person from whose body the substances are taken in case of a profile in the offenders' index as under clause 32 (6) (a).

2015 Bill: Clause 25 (2) (a) states that the DNA Data Bank shall contain the identity for the suspects' or offenders' index.

DNA Data Bank Manager:

2012 Bill: The Bill States under clause 33 (1) that a DNA Data Bank Manger shall be appointed for conducting all operations of the National DNA Data Bank. The functions were not specific.

2015 Bill: The Bill states under clause 26 (1) specifically that a DNA Data Bank Manger shall be appointed for the purposes of execution, maintenance and supervision of the National DNA Data Bank.

- Qualification:

2012 Bill: In the previous Bill, it was stated under clause 33 (3) that the DNA Data Bank Manager must be a scientist with understanding of computer applications and statistics.

2015: The Bill states under clause 26 (2) that the DNA Data Bank Manager must possess educational qualification in science and any such experience as prescribed by the regulations.

Officers and other employees of the National DNA Data Bank:

2012 Bill: The Bill stated under clause 34 (3) that the Board may appoint consultants required to assist in the discharge of the functions of the DNA Data Banks.

2015 Bill: The Bill provides under clause 27 (3) that the Board may appoint experts required to assist in the discharge of the functions of the DNA Data Banks

Comparison and Communication of DNA profiles:

2015 Bill: The New Bill specifically addresses comparison and communication the DNA profiles as that in the offenders' or crime scene index under clause 28 (1). Also, there is an additional provision under clause 29 (3) which states that the National DNA Data Bank Manger may communicate a DNA profile through Central Bureau of Investigation on request of a court, tribunal, law enforcement agency or DNA laboratory to the Government of a foreign State, an international organization or institution of Government.

Use of DNA profiles and DNA samples and records:

2012 Bill: The Bill provided under clause 39 that all DNA profiles, samples and records would be used solely for purpose of facilitating identification of perpetrator of an offence as listed under the Schedule. The proviso to this provision addressed the fact that such samples could be used to identify victims of accidents or disaster or missing persons, or any purpose of civil dispute.

2015 Bill: The Bill restricts the use of all DNA profiles, samples and records solely for purpose of facilitating identification of a person under the Act under clause 32.

DNA Profiling Board Fund:

2012 Bill: The Bill stated under clause 47 (2) that the financial power for the application of monies of the Fund shall be delegated to the Board in such manner as may be prescribed and as may be specified by the regulations made by the Board.

Also, the Bill stated that the Fund shall be applied for meeting remuneration requirements to be paid to the consultants under clause 47 (3) (c).

2015 Bill: This provision has not been included in the Bill. Also, the Bill does not include the provision of paying the remuneration to the experts from the Fund.

Delegation of Powers:

2012 Bill: The Bill provided under clause 61 that The Board may delegate its powers and functions to the Chairperson or any other Member or officer of the Board subject to such conditions, if necessary.

2015 Bill: This provision has not been included in the 2015 Bill.

Powers of Board to make rules:

2012 Bill: The Bill provided for an exhaustive list consisting of 33 powers listed under clause 65.

2015 Bill: The Bill provides for a list of 27 powers of the Board under clause 57.

Schedule:

2012 Bill: In the list of offense where human DNA profiling would be applicable, there was an inclusion of any law as may be specified by the regulations made by the Board.

2015 Bill: This provision has been removed from the 2015 Bill.

For more details visit https://cis-india.org/internet-governance/blog/human-dna-profiling-bill-2012-vs-2015

Human DNA Profiling Bill 2012 Analysis

Jeremy Gruber — 2013-03-19T09:53:22Z

Jeremy Gruber from the Council for Responsible Genetics, US provides an analysis of the Human DNA Profiling Bill, 2012. He says that India’s updated 2012 Human DNA Profiling Bill offers largely superficial changes from its predecessor, the Draft DNA Profiling Bill, 2007.

Indeed, where there are significant departures from prior language, they tend to raise additional privacy and human rights concerns. Overall the current version of the Bill is littered with significant and striking human rights and privacy concerns and, if passed in its current form, would place India far outside the mainstream of both law and policy in this area. Beyond the privacy and human rights concerns that are addressed in this analysis of the Bill, the breadth of the structural and financial costs of enacting the Bill in its current form should also be seriously considered as they would most certainly be staggeringly high.

Bill Analysis

Introduction

The introduction of the Bill sets out the broad policy objectives of its drafters. The most telling portion in paragraph 1 states: “[DNA analysis] makes it possible to determine whether the source of origin of one body substance is identical to that of another, and further to establish the biological relationship, if any, between two individuals, living or dead without any doubt.” (emphasis added). It is evident that the policy animating the Bill presupposes the objective infallibility of genetic analysis. This patent mistruth underpins the policy rationale for the Bill, and as such casts a long shadow over its substantive provisions. At the very least, it tells the reader (and perhaps one day the court) to broadly interpret the Bill’s language to favor DNA analysis as the privileged solution to investigational and prosecutorial needs. This provision, and indeed the bill as a whole, ignores the occurrence of false matches, cross-contamination, laboratory error and other limitations of forensic DNA analysis.

The introduction goes on to state, truthfully, that “DNA analysis offers sensitive information which, if misused can cause harm to person or society.” However this statement does not acknowledge that DNA analysis often causes more harm when used as intended as part of unnecessarily expansive powers given to law enforcement authorities. Indeed this is further illustrated by language showing the legislative intent to draft a broad based bill that would govern the use of DNA in a variety of civil and criminal proceedings as well as for purposes to be determined at a later point.

Definitions (Chapter II)

A number of the Bill’s definitions are overbroad, further expanding the scope of its later provisions. The “crime scene index” is defined to include “DNA profiles from forensic material found . . . on or within the body of any person, on anything, or at any place, associated with the commission of a specified offence.” Chapter II(2)(iv). A “specified offence” is defined as any “offence listed in Part 1of the Schedule [to the Bill].” Part 1 of the “Schedule,” on page 56 of the Bill , includes in (A) “Offences under Indian Penal Code” without any specification. In the 2007 version of the bill, the language related to criminal offences was incredibly expansive but specified the various crimes covered inc. rape,“offences relating to dowry,” defamation, and “unnatural offenses.” (See 2007 Bill Schedule p. 34). The current Bill version dispenses with such identified crimes and seemingly expands the Schedule to create an “all crimes” database. The new Bill (Section B) further adds a variety of additional offences under special laws ranging from the Medical Termination of Pregnancy Act to the Motor Vehicles Act and empowers the Board to add any new law it wants to the Schedule. Section C of the Schedule identifies a wide variety of civil matters to be included in the Schedule including disputes related to paternity, pedigree, and organ transplantation. In adds additional civil categories not contemplated by prior versions of the Bill including issues related to assisted reproductive technologies, issues related to immigration/emigration and similar to Section B of the Schedule and in another significant departure from previous Bill versions, empowers the Board to include any other civil matter it chooses in the future. The Crime Scene Index also defines victim expansively to include a person “reasonably suspected of being a victim” (Section 2 ii). Taken together, the government is empowered to conduct genetic testing on almost anyone in any way connected with even minor infractions of the criminal law or involved in virtually any civil proceeding.

The definition of “offender” (Section 2y) is not limited to one with a criminal conviction but includes anyone even charged with an offense, thereby expanding coverage of the criminal provisions of the Bill to include individuals who have not yet been convicted of any crime.

The crucial term “suspect” (Section 2zi) is defined as anyone “suspected of having committed an offence.” By intentionally leaving out the qualifier “specified,” the drafters’ intent is plain: to sweep within the Bill’s breadth all persons suspected of any crime whatsoever even if there is insufficient probable cause for arrest. And, accordingly, the Bill defines the “suspects index” to include “DNA profiles derived from forensic material lawfully taken from suspects.”

Furthermore the definitions include a category of persons entitled “volunteers,” (Section 2 zo) defined as “a person who volunteers to undergo a DNA procedure and, in case of a child or incapable person, his parent or guardian having agreed…” There is no additional clarification as to how this category might be treated in practice but without any clear provisions for informed consent, it is highly unlikely that such participation will be truly voluntary; especially without provisions for decision making subsequent to offering the sample such as future expungement from the system.

Taken together the definitions of victim, offender and suspect expand the reach of this Bill to a broad range of potentially innocent individuals involved in the criminal justice system, while the Schedule and definition of “volunteers” sweep a broad range of categories of innocent citizens into the purview of this Bill- including children and the mentally incapacitated-having nothing to do with the criminal justice system. There is simply no corollary in any other country to such expansive authority. The Bill places India far outside the mainstream of policy in this area and raises serious and far ranging human rights concerns

DNA Profiling Board (Chapter III)

The DNA Profiling Board (hereinafter “Board”) is responsible for administering and overseeing the Indian DNA database . Oversight is an important and valuable concept, however the value of such principles in this Bill are completely overshadowed by the expansive powers given to the Board.

The Bill lays out a number of fields from which the members are to be chosen inc. molecular biology, population biology, criminal justice and bioethics. There is no representation from civil society human rights organizations or the criminal defense bar to ensure that privacy, human rights and the general public interest are ensured. Furthermore the Chief Executive Office of the Board is to be a scientist and therefore unlikely to be familiar with criminal justice matters and evaluations of their efficacy. (Chapter III, Section 10)

The Board is given an almost limitless list of responsibilities including “recommendations for maximizing the use of DNA techniques and technologies (Section 10k) and identifying scientific advances that may assist law enforcement (Section 10L). Such powers are particularly concerning because the Bill does not include any privacy provisions whatsoever but rather invests in the Board the power to make “recommendations for privacy protection laws, regulations and practices relating to access to, or use of stored DNA samples or DNA analyses,” as well as “mak[ing] specific recommendations to . . . ensure the appropriate use and dissemination of DNA information [and] take any other necessary steps required to be taken to protect privacy.” (Section 10o and p). Furthermore the Board is given the responsibility of “deliberating and advising on all ethical and human rights issues emanating out of DNA profiling.” (Section 10t).

These provisions are in lieu of any substantive language limiting the scope of the legislation, and protecting privacy and human rights principles (which the bill otherwise lacks.) These are significant omissions. As expressed in the introduction, the stated purpose of the Bill is “to enhance protection of people in the society and [the] administration of justice.” Taken alone, this Bill actually expresses only the government’s interest in the legislation, suggesting an ambiguously wide scope for its provisions. Substantive concepts of individual privacy and human rights are required to counterbalance the interests of the government and provide protections for the equally vital privacy and human rights interests of the individual. As such, limiting privacy and human rights principles should be included alongside the expression of the government’s security interest. Without it, the Board will effectively have carte blanche with regard to what privacy and human rights protections are—or are not—adopted.

Also in a departure from previous versions of this Bill, this Bill expands the Boards powers to include areas of policy beyond the coverage of the Bill’s other provisions including “intellectual property issues. (Section 10i)

Finally, as noted earlier in the discussion of the Schedule (and in a significant departure from previous versions of the Bill), the Board is given total control to expand every category of person to be included under the Bill. In a democratic system of government, such decisions should rest exclusively with the Parliament and therefore be subject to the checks and balances of government as well as the transparency necessary to ensure public participation. Leaving such decision making to an unelected body raises serious human rights concerns.

Approval of Laboratories (Chapter IV)

Sections 13 to 17 provide for the approval by the DNA Profiling Board of DNA laboratories that will process and analyze genetic material for eventual inclusion on the DNA database. Under Section 13, all laboratories must be approved in writing prior to processing or analyzing any genetic material. However, a conflicting provision appears in the next section, Section 14(2), which permits DNA laboratories in existence at the time the legislation is enacted to process or analyze DNA samples immediately, without first obtaining approval.

Either an oversight on the part of the drafters, or the product of overly-vague language, the result is that established genetic laboratories—including whatever genetic material or profiles they may already have for whatever reason—are in effect “grandfathered” into the system. The only review of these laboratories is the post hoc approval of the laboratory by the DNA profiling board. The potential for abuse and error that this conflict of provisions would be best addressed in keeping with the rule articulated in Section 13, i.e. correcting the language of Section 14(2) that allows for laboratories to be “grandfathered” into the system.

Standards, Obligations of DNA Laboratory (Chapter V)

Chapter V, which concerns the obligations of and the standards to be observed by approved DNA laboratories, lacks adequate administrative requirements. For example, Section 21 requires that labs ensure “adequate security” to minimize contamination without providing for accountability in the event of contamination. Similarly, Section 27 provides for audits of DNA laboratories only, withholding from similar scrutiny of the DNA Profiling Board itself. However, the greatest limitation of every Section of this Chapter is that rather than offering any specific substantive requirements, they instead offer categories requiring attention “as may be specified “ by the DNA Board. Any actual standard or obligation by a laboratory is set entirely by the DNA Board. Minimum standards must be set by law to ensure compliance.

Infrastructure and Training (Chapter VI)

Similar to Chapter V, this section offers no legislative benchmarks but rather categories of activities, with further regulation “as may be specified” by the Board. As noted earlier, there are serious concerns in using DNA analysis with regards to false matches, cross-contamination and laboratory error. Not taking such concerns seriously, and taking serious steps to minimize their occurrence, can lead to significant distrust of government and police authority when such incidents occur.

DNA Databank (Chapter VII)

In addition on one national DNA database, the Bill sanctions the several Indian states to maintain their own DNA databases, provided these state-level databases forward copies of their content to the national database. Section 32(3). Section 32(5) states that the indices should include records related thereto” the DNA analysis. (See also Section 35(b)) Such provisions allow for access to “the information” contained in the database, not simply “the DNA profiles” contained in the database. Without further clarification it would appear to authorize an unlimited amount of private information unrelated to identification to be included in the indices.

The national database is envisioned to comprise several sub-databases (Section 32(4)), each to contain the genetic information of a subset of persons/samples, namely: (a) unidentified crime scene samples, (b) samples taken from suspects, (c) samples taken from offenders inc. persons convicted or currently subject to prosecution for criminal offenses (d) samples associated with missing persons, (e) samples taken from unidentified bodies, (f) samples taken from “volunteers,” and finally (g) samples taken for reasons “as may be specified by regulations made by the Board. Section 33 (4) et seq. Putting to one side the breadth of persons subject to inclusion under subcategories (1) through (6), subsection (7) appears on its face to be a “catch all” provision, leaving one only to guess at the circumstances under which its specificities may be promulgated.

A close reading of Section 32(6) strongly suggests that the agency conducting the forensic analyses and populating the DNA database shall retain the actual DNA samples thereafter. This section reads in relevant part:

The “DNA Data Bank shall contain . . . the following information, namely: (a) in case of a profile in the offenders index, the identity of the person from whose body substance or body substances the profile was derived, and (b) in case of all other profiles, the case reference number of the investigation associated with the body substance or body substances from which the profile was derived.

Allowing retention of the biological sample, even after a profile has been created from it, in conjunction with the unlimited ability of the Board to create regulations for additional uses of that sample raises serious privacy and human rights concerns.

Moreover, rather than choosing to link the DNA profile data to a specific offender or case, the drafters of the Bill instead link the “body substance or body substances” with that specific offender or case. Whether sloppy drafting or clever nuance, this provision equates the DNA profile with the DNA sample, injecting unneeded—and potentially harmful—ambiguity into the proposed law.

Section 37 (1) allows for indefinite retention of information in the offenders index (which includes individuals charged with an offense but not convicted). This provision raises serious human rights concerns as it would appear to allow indefinite retention of profiles of individuals who have not been convicted of a crime. This directly conflicts with Section 37 (II) which allows for expungement when a certified copy of a court order stating that the individual in question has been acquitted. This provision also appears to conflict with Chapter VIII Section 43(b) which appears to allow indefinite retention of DNA of suspects even after they’ve been excluded from an investigation. Indeed no process or procedures for expungement and removal of records are in place for suspects generally who are never charged or for any of the other categories of indices that are present in the Bill, thereby raising serious question as to how and even whether such profiles can be removed from the Databank.

Confidentiality, Access to DNA Profiles, Samples, and Records (Chapter VIII)

Two further provisions regarding access to the database warrant close scrutiny. First, Sections 39 and 40 confers upon the Board the unlimited power to expand categories for which DNA profiles, samples and records can be used. Considering that the Bill (Section 40(e)) already questionably allows such records to be used for population research, these provisions raise serious questions as to the classes of potential use such private information might be subject.
Sections 40-42 purport to confer upon the police and other authorized individuals direct access to all of the information contained in the national DNA database. While administratively expedient, this arrangement opens up the possibility for misuse. A more prudent system would place the Board (or some administrative subordinate portion thereof) between the police and the content of the DNA database, with the latter having to make specific and particular requests to the former. This would minimize the risks inherent in the more expansive model of database access the bill currently envisions.

Section 45 related to post-conviction DNA testing has the laudable goal of offering “any individual undergoing a sentence of imprisonment or death pursuant to conviction for an offence, may apply to the court which convicted him for an order of DNA testing” in order to prove their innocence. However such an application lists eleven separate criteria that such an applicant must meet before qualifying, and allows a court total discretion in deciding whether all such criteria have been met. High barriers and absolute discretion make such testing highly unlikely and therefore make a provision seeming to offer human rights protections completely hollow.

Offences and Penalties (Chapter X)

This chapter lays out penalties for misuse of the Database. Most notably, the bill specifically excludes a private cause of action for the unlawful collection of DNA, or for the unlawful storage of private information on the national DNA database. A new provision in Section 58 does allow for an aggrieved person to petition the Central Government or Board if an instance of misuse is not being addressed but such provision does not contain any required processes such entities must follow in responding to such a petition, making an otherwise positive new provision relatively empty. Nor does the bill grant an individual right to review one’s personal data contained on the database. Without these key features, there are limited checks against the unlawful collection, analysis, and storage of private genetic information on the database.

Best Practices Analysis

Collection of DNA

With consent: only for a specific investigation (e.g. from a victim or for elimination purposes). Volunteers should not have information entered on a database.	No provision.
Without consent: only from persons suspected of a crime for which DNA evidence is directly relevant i.e. a crime scene sample exists or is likely to exist. Or, broader categories?	No provision.
Requirement for an order by a court? Or allowed in other circumstances?	No provision.
Samples collected by police officers, or only medical professionals? Must take place in a secure location i.e. not on the street, etc.	No provision.
Provision of information for all persons from whom DNA is taken.	No provision.
Crime scenes should be promptly examined if DNA evidence is likely to be relevant, and quality assurance procedures must protect against contamination of evidence.	No provision; regulated at discretion of DNA Profiling Board.

Analysis of DNA

Should take place only in laboratories with quality assurance.	Regulated at discretion of DNA Profiling Board.
Laboratories should be independent of police.	No provision; regulated at discretion of DNA Profiling Board.
Profiling standards must be sufficient to minimize false matches occurring by chance. This must take account of increased likelihood of false matches in transboundary searches, and with relatives.	No provision; regulated at discretion of DNA Profiling Board.

Storage of DNA and Linked Data

Data from convicted persons should be separate from others e.g. missing persons’ databases.	Unclear.
Access to databases and samples must be restricted and there must be an independent and transparent system of governance, with regular information published e.g. annual reports, minutes of oversight meetings.	Access to database at discretion of DNA Data Bank Manager.
Personal identification information should not be sent with samples to laboratories.	No provision; regulated at discretion of DNA Profiling Board.
Any transfer of data e.g. from police station to lab or database, must be secure.	No provision; regulated at discretion of DNA Profiling Board.

Uses of Samples and Data

Research uses should be restricted to anonymised verification of database performance (e.g. checking false matches etc.). Third party access to data for such purposes should be allowed, provided public information on research projects is published. There should be an ethics board.	No provision.
Research uses for other purposes e.g. health research, behavioral research should not be allowed.	No provision.
Uses should be restricted by law to solving crimes or identifying dead bodies/body parts. Identification of a person is not an acceptable use. Missing persons databases (if they exist) should be separate from police databases. .	Ambiguous provisions suggest much wider scope.
Any transfer of data e.g. from police station to lab or database, must be secure.	No provision.

Destruction of DNA and Linked Data

DNA samples should be destroyed once the DNA profiles needed for identification purposes have been obtained from them, allowing for sufficient time for quality assurance, e.g. six months.	DNA samples are retained.
An automatic removals process is required for deletion of data from innocent persons. This must take place within a reasonable time of acquittal, etc.	No provision.
There should be limits on retention of DNA profiles from persons convicted of minor crimes.	No provision.
There should be an appeals process against retention of data.	No provision.
Linked data on other databases (e.g. police record of arrest, fingerprints) should be deleted at the same time as DNA database records.	No provision.
Crime scene DNA evidence should be retained for as long as a reinvestigation might be needed (including to address miscarriages of justice).	DNA evidence permitted to be retained indefinitely.

Use in court

Individuals must have a right to have a second sample taken from them and reanalyzed as a check.	No provision.
Individuals must have a right to obtain re-analysis of crime scene forensic evidence in the event of appeal.	Allowed but with impossibly high barriers.
Expert evidence and statistics must not misrepresent the role and value of the DNA evidence in relation to the crime. .	No provision.

Other

Relevant safeguards must be proscribed by law and there should be appropriate penalties for abuse.	No provision.
Impacts on children and other vulnerable persons (e.g. mentally ill) must be considered.	No provision.
Potential for racial bias must be minimized.	No provision.

Click for more information on the Council for Responsible Genetics.

For more details visit https://cis-india.org/internet-governance/blog/human-dna-profiling-bill-analysis

Huge outcry forces India to backtrack on social media data proposal

praskrishna — 2015-10-01T01:31:55Z

Govt retracts move after strongly negative reaction to 90-day message-saving policy

The article was published by Today on September 24, 2015. Pranesh Prakash has been quoted.

Responding to a chorus of withering criticism, Indian officials have withdrawn a draft policy on encryption that would have required users of social media and messaging apps to save plain-text versions of their messages for 90 days so they could be shared with the police.

The proposal, which many condemned as both draconian and impractical, came as an embarrassment days before Prime Minister Narendra Modi travels to Silicon Valley to try to attract investment and promote India as an emerging market for digital technology.

Mr Modi is an avid user of social media and has mobilised large networks of online activists during his party’s campaigns.

The government issued a statement on Tuesday saying the draft proposing that users save messages for three months had been withdrawn, as officials hurried to distance themselves from the idea.

“I wish to make it clear that it is just a draft and not the view of the government,” said Mr Ravi Shankar Prasad, the Minister of Communications and Information Technology.

Internet policy activists discovered the draft on a government website late last week and began to lampoon it online as “absurd”. One offered the example of an iPhone, which automatically encrypts messages.

“They can’t intentionally want people to copy and paste every message a person gets on their iPhone on to another device,” said Mr Pranesh Prakash, a policy director at the Center for Internet and Society in Bangalore.

The draft, which was put forward by a committee of unidentified experts in the Department of Electronics and Information Technology, also overlooked the fact that most Indians use mobile phones with very little storage space, said Mr Nikhil Pahwa, the editor of MediaNama.com, which covers digital media issues in India.

“It is incomprehensible how they would have expected users to keep their messages in plain-text format,” he said. “And I don’t think that anyone can argue that keeping data in a plain-text format makes it secure.”

An official in the Communications Ministry, who spoke on the condition of anonymity because he was not authorised to talk to the media, said the expert committee had been convened to formulate a policy on the “phenomenal rise” in encrypted communication over the Internet.

He said the committee had intended to require social media platforms and messaging apps, such as WhatsApp and Viber, to save plain-text versions of messages and did not intend to impose that burden on individual users.

“It was interpreted by the netizens as ‘you and I’,” the official said. He added that interpretation was misleading.

But that version of the requirement would also be “outrageous,” Mr Prakash said. For example, WhatsApp uses “end-to-end” encryption and does not save communications between users or have access to plain text, he said.

Mr Prakash said that as officials revised the proposal, the government should reach out to “experts in cryptography and human rights”.

“This is a very crucial combination of three rights: the right to security, the right to freedom of expression, and the right to privacy,” he said.

On television, spokesmen for Mr Modi’s Bharatiya Janata Party (BJP) found themselves debating their counterparts from the opposition Indian National Congress Party, one of whom remarked that “tomorrow they will start demanding that you videograph what has been going on in your bedroom for the past 90 days.”

The BJP’s national spokeswoman, Shaina Nana Chudasama, responded with some exasperation. “I don’t know why we have to have this hue and cry,” she said.

“Our Prime Minister believes in absolute freedom on social media. There is no question of our trying to come down heavily on the freedom of the public at large.” THE NEW YORK TIMES

For more details visit https://cis-india.org/internet-governance/news/today-september-24-2015-huge-outcry-forces-india-backtrack-social-media-data-proposal

How Workstream 2 Plans to Improve ICANN's Transparency

Asvatha Babu — 2016-11-11T10:05:04Z

The Centre for Internet and Society has worked extensively on ICANN’s transparency policies. We are perhaps the single largest users of the Documentary Information Disclosure Policy. Our goal in doing so is not to be a thorn in ICANN’s side, but to try and ensure that ICANN, the organisation, as well as the ICANN community have access to the data required to carry out the task of regulating the global domain name system.

The transparency subgroup of ICANN’s Workstream 2 dialogue attempts to see how they could effectively improve the transparency and accountability of the organization. The main document under scrutiny at the moment is the draft Transparency Report published a few days before the 57th ICANN meeting in Hyderabad.

The report begins with an acknowledgement of the value of taking tips from the Right to Information policies of other institutions and governments. My colleague Padmini Baruah had earlier written a blog post comparing the exclusion policy of ICANN’s DIDP and the Indian Government’s RTI where she found that “the net cast by the DIDP exclusions policy is more vast than even than that of a democratic state’s transparency law.”[1] The WS2 report not only discusses the DIDP process, but also discusses ICANN’s proactive disclosures (with regard to lobbying etc) and whistleblower policies. This article focuses solely on the first.

As our earlier blog posts have mentioned, CIS sent in 28 DIDP requests over the last two years. Our experience with DIDP has been less than satisfactory and we are pleased that DIDP reform was an important part of the discussions of this subgroup. The report proposes some concrete structural changes to the DIDP process but skirts around some of the more controversial ones.

The recommendation to make the process of submitting requests clearer is a good one. There are currently no instructions on the follow-up process or what ICANN requires of the requestors. The report also recommends capping any extension to the original 30-day limit to an additional 30 days. While this is good, we further recommend that ICANN stay in touch with the requestor in order to help them to the best of its ability. The correspondence should ideally not be limited to a notification that they require an extension. Any clarifications on the part of the requestor must be resolved by ICANN. We commend the report for pointing out that the status quo – where there is no outside limit for extension of time beyond the mandated 30 days – is problematic as it allows the ICANN staff to give lesser priority to responding to DIDP requests. We strongly suggest that extensions of time on responding to DIDP requests be restricted to a maximum of 7 days after the passing of the 30-day period, after which liability should be strictly imposed on ICANN in the form of an individual fine, analogous to India’s RTI policy.[2]

One of the major areas of focus for this report and for our earlier analysis was the problematic nature of the exclusions to the DIDP. I had written that the conditions were "numerous, vaguely worded and contain among them a broad range of information that should legitimately be in the public domain.”[3] This is echoed by the report which calls for a deletion of two clauses that we found most used in denying our requests for information.

The report also calls into question the subjective nature of the last condition which states that ICANN can deny information if they find requests “not reasonable, excessive or overly burdensome, not feasible, abusive or vexatious or made by a vexatious or querulous individual.” As seen from our blog posts, we are of the firm belief that such a subjective condition has no place in a robust information disclosure policy. Requiring the Ombudsman’s consent to invoke it is a good first step. In addition to that, we strongly encourage that objective guidelines which specify when a requestor is considered “vexatious” be drawn up and made public.

The most disappointing aspect of this report is that it does not delve into details about having an independent party dedicated to reviewing the DIDP process to address grievances. We believe that this must not be left to the Ombudsman who cannot devote all their time to this process. We are of the opinion that an independent party would also be able to more effectively oversee the tracking and periodic review of the DIDP mechanism.

In conclusion, we believe that this report is a good start but does not comprehensively answer all of our issues with the DIDP process as it is. We look forward to more engagement with the Transparency subgroup to close all loopholes within the DIDP process.

[1] Padmini Baruah, Peering behind the veil of ICANN’s DIDP, (September 21, 2015), available at http://cis-india.org/internet-governance/blog/peering-behind-the-veil-of-icann2019s-didp (Last visited on November 9, 2016).

[2] Section 20(1), Right to Information Act, 2005.

[3] Asvatha Babu, If the DIDP Did Its Job, (November 3, 2016), available at http://cis-india.org/internet-governance/blog/if-the-didp-did-its-job (Last Visited on November 9, 2016).

For more details visit https://cis-india.org/internet-governance/blog/how-workstream-2-plans-to-improve-icanns-transparency

How Web 2.0 responded to Hazare

praskrishna — 2011-04-11T10:38:03Z

Social media often fails to give us time to form critical opinions. ‘It mirrored the spectacle that we were being fed by TV channels', says Nishant Shah in an interview with Deepa Kurup. This news was published in the Hindu on April 11, 2011.

By Day Two of the protests at Jantar Mantar, where social activist Anna Hazare was leading a fast-unto-death against corruption, most commentators were drawing fierce parallels with Tahrir Square, and other pro-democracy revolutions in the Middle-East.

Soon enough, the social media angle raised its head. After a quiet Tuesday, when television channels began to “play up” the protests, Wednesday morning saw social media platforms abuzz with chatter. Initiated by campaign organisers, the India Against Corruption team, Facebook profile badges, missed call campaigns and petitions (most notably on online campaign site Avaaz (where over 6.17 lakh have registered support) entered the scene.

In 140 characters, #janlokpal, #annahazare and the less gracious #meranetachorhain began to trend on Twitter. YouTube shows up around 2,000 video results, a lot of which are amateur videos shot by participants.

‘Causes' application requests for “brandishing corruption”, ‘Like'-this-revolution requests and Tweets on how you can indeed weed out the corruption demon with a Re-Tweet, were abound.

But did this social media buzz translate into more people on the ground? Did the Tweets and chain e-mails, that were doing the rounds fairly early on, manage to drive public opinion, or outrage, as in this case? On this, the jury is divided.

Crunching numbers

Even in the Middle-East, where we saw dictators plug social media channels, experts have downplayed the pivotal role attributed to social media. A tool for sharing information, its standalone role in triggering a revolution has been dismissed by many.

In the current context, this is even more difficult to establish because efforts appear to be all too scattered, unlike in Egypt where the ‘We are all Khaled Said' page by Wael Ghonim, appeared to be a focal point of sorts.

In comparison, a simple search on Facebook reveals over 20 pages that all have around 25,000-30,000 users on-board. Mr. Hazare's Facebook profile page has over 1.3 lakh ‘Likes'.

Gaurav Mishra, social media analyst, pegs the total support at around 15 lakh. Drawing parallels with the citizen activism campaigns that emerged between the terrorist attacks in Mumbai in 2008 and the Lok Sabha elections of 2009 (the former being when social media arrived in India), Mr. Mishra also points out that corruption did go for a Six on Friday (the final day) with IPL4 dominating conversation online.

Nishant Shah, director (research) at the Centre for Internet and Society, points out that while during revolutions, the social media has proved to be a poignant and powerful tool to mobilise resources, last week it emerged that it can not only propagate dubious opinions, but also it often (because it relies on the temporal quality of making things viral) fails to give us time to form critical opinions.

He compares a platform like Avaaz, that mobilised people ‘against corruption', with long-term Ipaidabribe project (using the same digital tools) which actually leads to debate around why corruption is so endemic.

Mirrors TV

Interestingly, as Mr. Shah points out, the social media mirrored the spectacle that people were being fed by TV channels, instead of being a true discursive space of public dialogue. It's now getting clear that they are actually playing out an interesting traction as they supplement each other in bolstering of evidence and participation, he adds.

On the other hand, blogs too were abuzz. However, many did seek to provide deeper perspective, and provided more space for debate and dissent. In fact, progressive blogs even attempted to counter the one-sided commentary provided on traditional visual media.

Click here for the story in the Hindu

For more details visit https://cis-india.org/news/web2.0-responds-to-hazare

How To Win Friends, FB Style

praskrishna — 2015-10-18T12:02:10Z

True to form—and Facebook—there was a warm, friendly and familial feel to Prime Minister Narendra Modi’s townhall meeting at Melon, California, with Mark Zuckerberg on September 27. Modi got emotional (yet again) while talking about his mother. Zuckerberg, the youngish founder of the world’s largest social networking site, got his parents to meet and pose with Modi.

The article by Arindam Mukherjee was published in Outlook on October 12, 2015. Sunil Abraham was quoted.

“The most amazing moment was when I talked about our families,” Zuckerberg wrote in a post, “and he (Modi) shared stories of his childhood....” That’s just the kind of stuff we would see and post on Facebook—the benign visage of a profitable, all-pervasive US-based corporation. (Needless to say, everyone who has worked on this story is a registered user).

Of course, we know Modi too is on Facebook. No other Indian politician has so effectively utilised the power of ‘likes’: and he has got 30 million. The problem with this chummy approach is that one could almost forget that the PM is also the supreme leader of a country that is Facebook’s second-largest market in the world with 125 million users. A few days earlier, Zuckerberg flew to Seattle to meet Chinese President Xi Jinping. Facebook is not present in China. “On a personal note, this was the first time I’ve ever spoken with a world leader entirely in a foreign language,” wrote Zuckerberg in another post.

In contrast, Modi and Zuckerberg were speaking the same language. In fact, they even jointly updated their profile picture on Facebook—wrapped in the shades of the Indian tricolour—to support the Modi government’s Digital India initiative. Millions of Indians followed suit. And that’s when the shit hit the internet—it was discovered that people supporting the Digital India campaign were also putting in a ‘yes’ vote for Facebook’s contentious initiative internet.org (free but restricted net access; see accompanying faqs for all the details). Immediately, Modi became a party to the raging debate in India over net neutrality. This is unfortunate as the Modi government is yet to put on paper its stand on net neutrality. The nervous reaction to this engagement is also a function of the new truism of our times—“with this government, you never know”.

What we do know is that the internet.org class name was built into the code for support for Digital India. Many experts feel this is not a coincidence; rather a clever ploy by Facebook to get the support of Indians and promote its internet.org initiative. This upset a vocal community of activists who see internet.org on the opposite camp. This led to the charge that Facebook was trying to influence the debate. Says Sunil Abraham, executive director with the Bangalore-based Centre for Internet and Society (CIS), “The moves by Facebook are quite juvenile as it is trying to use the Modi visit to further muddy the net neutrality debate. We should be concerned about Facebook trying to damage the debate in India to spin the PM’s participation in its own favour.” Of course, there are two sides to this debate. There are many people within the government who feel net neutrality is an elitist concern—increasing internet penetration, which Facebook and other such initiatives promise, is the way forward in a poor, unconnected country like India. “Today to talk about net neutrality is to talk about the 20 per cent who have access to the internet,” says telecom expert Mahesh Uppal. “It is unreasonable to dismiss out of hand anybody who offers free service to a subset of websites or services. Eventually, access to internet must come first before we talk about net neutrality.”

Facebook promoted internet.org along with Samsung, Nokia, Qualcomm, Ericsson, MediaTek and Opera Software, the aim being to provide free internet service to developing nations. India, obviously, is a hot target for Facebook. Facebook has a partnership with Reliance in the country; the free internet service will be available only to Reliance users and the free access will be limited to Facebook’s partner sites. The debate over internet.org too has picked up steam in India—big media companies like NDTV and Times of India have pulled out of it on these issues. While Facebook has stressed that internet.org will ensure that the internet reaches people who do not have access to it, there have been concerns that it will restrict internet access only to sites that are internet.org’s partners.

On its part, Facebook has been quick to refute the charge. A spokesperson in the US said, “There is absolutely no connection between updating your profile picture for Digital India and internet.org. An engineer mistakenly used the words ‘internet.org profile picture’ as a shorthand name he chose for part of the code.” The code was changed soon after. Despite repeated requests, representatives from Facebook India were unavailable for comment.

But the damage has been done. Many now openly question Facebook’s motives in India and whether they have been truthful or not. Given all this brouhaha, questions will naturally be raised about Modi’s alignment with Facebook. Digital India is many things—but obviously increasing net penetration is one its goals. “Now whatever he does on net neutrality, it will be seen in terms of whether it will benefit Google or Facebook. That is the risk he took. I would like to know why the diplomatic advisors took the risk of putting the PM in a bargaining position instead of a bonus at the end of a deal,” says Prof Narendar Pani, who teaches at the National Institute of Advanced Studies, Bangalore.

All this matters because the Modi government positions itself as digital-friendly, even though its moves on this front have been invasive (the push for Aadhar despite a legal sanction and increasing reports of monitoring digital conversations), and contradictory (the abortive porn and WhatsApp bans, among others). “The PM is going way beyond the e-governance plan to a stage where the government will just sit and watch people speaking. It is scary,” says internet activist Usha Ramanathan. She feels it doesn’t make sense to have companies like Google sharing ideas with the government while Indian people are being kept out of the loop. “And now Facebook will be joining that gang, it doesn’t make sense. What has Facebook done to get that privilege?” she asks.

Here again there is a carefully worded counter-argument. Former telecom entrepreneur and Rajya Sabha MP Rajeev Chandrashekhar says, “Net neutrality is a definition that would be made in the public domain. It will not be influenced by the PM’s engagement with Facebook and Mark Zuckerberg. Anyone who tries to mess with the definition of net neutrality will be met with a public outcry and judicial intervention.” The substance of this view is that Modi was within his rights to speak to corporations to further Digital India, or Make in India for that matter, and that there should be an open debate on the future direction of net neutrality.

Clearly, the political knives are out. “Either the prime minister is not being briefed properly or he does not read his brief properly,” says former UPA minister Manish Tewari. Arguing that governments should be discussing rules of engagement in cyberspace, and not stakeholders, he asks, “Is India comfortable with that construct especially when the bulk of the technology companies, the root servers which form the underlying hardware of the internet, are all based in the US, and one being in Europe?”

Although the government is yet to firm up its decision on net neutrality and a policy on it is yet to be announced, the debate has already acquired political colour in India, with the Congress and Aam Aadmi Party putting their weight behind the people’s voice. This is the first time that there has been a nation-wide upsurge of such an unprecedented size and magnitude on an internet policy. Says AAP’s Adarsh Shastri, “Facebook, Google etc are just tools. People can use them at will. To make them the mainstay of your programme for digital empowerment is to step on the civil rights and liberties of citizens. Doing this is a complete no-no. Let people access internet as they want is the way to go.”

A consultation paper floated by telecom regulator Telecom Regulatory Authority of India (TRAI) got almost 15 lakh responses from the Indian public in support of net neutrality. There was also strong opposition to zero rating platforms announced by telecom companies like Airtel which sought to provide free access to some websites on their platform in much the same way that internet.org proposes. And the reactions to the Facebook coding error are a pointer to what people in India think. Says Nikhil Pahwa, editor of Medianama and a leading net neutrality activist, “The reactions of the people to the Facebook event were heartening and showed that people are emotive and there is still mass support for net neutrality. The reaction to the TRAI paper was not a flash in the pan.”

Interestingly, a couple of months ago, a department of telecommunications committee had said that internet.org was a violation of net neutrality and should not be allowed. It will be difficult for Modi and the government to overrule that and give it full and free access in India. Internet experts feel that the engagement with India and Modi was a desperate move by Facebook to get numbers from India. Says internet expert Mahesh Murthy, “Facebook is pulling out all stops to get favour for internet.org and is desperate about it. If India says yes, many others will say yes, but if India says no, other countries will follow.”

Murthy says Facebook’s real problem is that it is finding it difficult to justify its price to earnings ratio as against its user numbers vis-a-vis Google which is much better in this respect. For this, it is desperately trying to get numbers, and with China banning Facebook, the only country left to get numbers is India. The massive electronic and print campaign at the cost of Rs 40-50 crore is a pointer towards this. He says everything about internet.org is about hooking Indians to it.

No wonder, Facebook has been cultivating Indian media. The Modi visit has also been tarnished by the news that Facebook paid for the travel and accommodation of journalists from three Indian newspapers and one magazine to go and cover the Facebook-Modi meeting and get favourable coverage. Says writer-activist Arundhati Roy, “Many journalists covering the event for the Indian media were flown in from India by Facebook. So were some who asked pre-assigned questions at the event. I don’t know who sponsored the crocodile tears and the clothes.” It is also quite strange that the entire display picture and source code controversy got almost no play in the national media which chose instead to talk about Modi’s speech and his tears.

All said and done, it is obvious that Facebook may be seeing India as an easy and vulnerable target which can be manipulated for its own advantage. Says Parminder Jeet Singh, executive director with IT for Change, an NGO working on information society, “India has low internet penetration and lots of people want to get on to the internet. There is low purchasing power but lots of aspiration. So the moment a free service is offered, a whole lot of people are likely to jump on it.” And that is something Facebook may be looking and aiming at.

Currently, three processes are on that will determine how India will look at net neutrality—one at the DoT, one at TRAI and a third one at a parliamentary standing committee. But given the massive people’s response net neutrality has got vis-a-vis TRAI’s paper and also during the present Facebook issue, the outcome is predictable. Or so it seems. There’s a lot of money power at stake. For now, millions of internet Indians have already voted with that dislike button. And then, governments move in mysterious ways.

For more details visit https://cis-india.org/internet-governance/news/outlook-india-october-12-2015-arindam-mukherjee-how-to-win-friends-fb-style

How to Steer Clear of India’s Strict Internet Laws

praskrishna — 2012-11-30T10:13:53Z

The arrest of two women in Mumbai for a Facebook post is the latest heavy-handed move by India’s government to curb what Indian citizens say on the Internet.

The article by Sangeeta Rajesh and Heather Timmons was published in the New York Times on November 20, 2012. Sunil Abraham and Pranesh Prakash are quoted.

The two women were arrested Sunday under a section of the Indian Penal Code that outlaws spreading “statements creating or promoting enmity, hatred or ill- will between classes” after one complained about the citywide strike sparked by the death of the Shiv Sena leader Bal Thackeray and the second woman “liked” her statement.

But the incident was just the latest in a string of recent arrests, detentions and account suspensions in India over online comments. If you live in India and have an opinion someone might not like, but you don’t want to become a target of the law, there’s one easy rule you need to follow, experts say: stay off social media.

Right now, “there’s nothing one can do but to close up your social media accounts” and stop voicing your opinion on the Internet entirely, if you want to guarantee you won’t be arrested in India, said Sunil Abraham, executive director at the Center for Internet and Society in Bangalore. (To be sure, that’s not what most free speech advocates recommend that you do. India Ink will soon have more on a social media activist who is fighting India’s strict Internet controls.)

Mr. Abraham advises extreme caution because India’s free speech rules have been historically weak (read more about India’s long history of censorship here), a relatively new Internet law is extremely broadly defined and police and lawmakers themselves are sometimes confused about what the actual rules themselves say.

A screenshot of Ravi Srinivasan’s twitter page. Mr. Srinivasan was arrested for a tweet he posted.

Late last month, Ravi Srinivasan, a Puducherry businessman and an India Against Corruption volunteer, was arrested for his Twitter post that alleged Karti Chidambaram, the son of Finance Minister P. Chidambaram, had amassed a large amount of wealth. Mr. Srinivasan was arrested Oct. 30 but was later released on bail.

Earlier in October, an associate professor of the National Institute for Fashion Technology in Chennai was arrested after what the Tamil Nadu singer Chinmayi said was a long period of harassment on the Internet, including negative Twitter messages. In August, the Indian government demanded Internet service providers suspend hundreds of Web pages to curb ethnic tension and asked Twitter to suspend accounts parodying government officials. Last year, the central government asked social media companies to prescreen content about India for objectionable remarks.

The key culprits here are revisions to India’s Information Technology Act made in 2008 and 2011, experts say, that leave nearly everything that is transmitted via the Internet open to interpretation by nearly everyone who reads it on the Internet. Things that are considered “annoying” and “offensive” can, under the law, land their sender in jail for up to three years.

While some of India’s nearly 50 million Facebook users and millions of Twitter users are up in arms about the recent arrests in Mumbai and are sharing the woman’s original post, under the theory that the police can’t arrest everyone, conservative advocates don’t recommend that sort of action on the Internet.

V. Vijaya Baskar, an advocate with Madras High Court practicing civil, criminal and family law for over 10 years, said that there are basic guidelines of free speech behavior that should be followed, even by Internet users. The most important, he said, is to avoid the use of obscene language and pictures, which are considered a direct threat. He also advised against getting into confrontations with people you don’t know or recognize on social media.

“If you have a true and verifiable source or documented evidence, then making a public statement is not defamation, but making passing comments of any person, particularly people in public life, will amount to defaming the person and is punishable,” he said.

While India’s government and law officials sometimes come across as not very tech-savvy, Pranesh Prakash, policy director at the Center for Internet and Society, said that lawmakers in many countries with a much higher Internet penetration are just as challenged by the Internet. And in India, while the laws are strict, people seldom land in jail for Internet-related offenses, he said.

“The detention law in India, sensibly, defaults to ‘bail, not jail,’ ” he said.

Mr. Prakash said he could not offer any global guidelines to avoid being arrested, and concluded that “each forum has its own rules of etiquette, which cannot be codified or enforced by legislation.” Online speech can be disagreed upon and opinions should be made known, since it is only the “natural tendency for people with extreme views to be more vocal online.”

Not surprisingly, the authorities in India who have been involved in arrests insist they are just doing their job, and doing it well. The Tamil Nadu police, for example, said they acted appropriately in Mr. Srinivasan’s arrest.

R. S. Krishna, inspector general for law and order, told the media that the Puducherry police could not be faulted for filing a First Investigation Report, the precursor to filing charges, against Mr. Srinivasan.

“I am very clear that we have acted purely on the basis of the merit of the complaint, in accordance with the rule of law,” he said. “We are right on our part.”

For more details visit https://cis-india.org/news/india-blogs-nytimes-november-20-2012-how-to-steer-clear-of-indias-strict-internet-laws

How to Shut Down Internet Shutdowns

pranav — 2020-02-03T11:13:12Z

This talk will focus on the challenges and opportunities for research on internet shutdowns after the judgement of the Supreme Court in Anuradha Bhasin v. Union of India. Stepping beyond the judgement, there will be a wider discussion on the practice of whitelists, blocking powers of the central government.

About the Speaker

Apar Gupta is the Executive Director of the Internet Freedom Foundation.

Apar has been fighting the good fight for digital rights. While in law school almost 20 years ago, he wrote a legal commentary on the IT Act that is now in its third edition. As a lawyer in the Supreme Court, he worked on landmark cases such as on Section 66A, Intermediary Liability, Internet Shutdowns, the Right to Privacy and Privacy.

He also helped create public campaigns to advance net neutrality, reform defamation laws, fight Internet shutdowns and create a privacy statute. Apar previously ran his own successful law firm, was profiled in Outlook Magazine and listed in Forbes India's list of 30 under 30. He has also worked as a commercial litigator and partner in top law firms, written papers cited widely in local and international publications and taught courses at NLS and NLU.

RSVP here, or by sending an email Torsha (torsha@cis-india.org).

For more details visit https://cis-india.org/internet-governance/events/how-to-shutdown-internet-shutdowns

How to make EVMs hack-proof, and elections more trustworthy

pranesh — 2019-01-14T15:34:48Z

Free and fair elections are the expression of democratic emancipation. India has always led by example: the Nehru Committee sought universal adult franchise in 1928, at a time when France didnât let women vote, and laws in the USA allowed disqualification of poor, illiterate, and African-American voters. But how reliable are our voting systems, particularly in terms of security?

The article was published in Times of India on December 9, 2018.

Electronic voting machines (EVM) have been in use for general elections in India since 1999 having been first introduced in 1982 for a by-election in Kerala. The EVMs we use are indigenous, having been designed jointly by two public-sector organisations: the Electronics Corporation of India Ltd. and Bharat Electronics Ltd. In 1999, the Karnataka High Court upheld their use, as did the Madras High Court in 2001.

Since then a number of other challenges have been levelled at EVMs, but the only one that was successful was the petition filed by Subramanian Swamy before the Supreme Court in 2013. But before we get to Swamy's case and its importance, we should understand what EVMs are and how they are used.

The EVM used in India are standardised and extremely simple machines. From a security standpoint this makes them far better than the myriad different, and some notoriously insecure machines used in elections in the USA. Are they 'hack-proof' and 'infallible' as has been claimed by the ECI? Not at all.

Similarly simple voting machines in the Netherlands and Germany were found to have vulnerabilities, leading both those countries to go back to paper ballots.

Because the ECI doesn't provide security researchers free and unfettered access to the EVMs, there had been no independent scrutiny until 2010. That year, an anonymous source provided a Hyderabad-based technologist an original EVM. That technologist, Hari Prasad, and his team worked with some of the world's foremost voting security experts from the Netherlands and the US, and demonstrated several actual live hacks of the EVM itself and several theoretical hacks of the election process, and recommended going back to paper ballots. Further, EVMs have often malfunctioned, as news reports tell us. Instead of working on fixing these flaws, the ECI arrested Prasad (for being in possession of a stolen EVM) and denied Princeton Prof Alex Halderman entry into India when he flew to Delhi to publicly discuss their research. Even in 2017, when the ECI challenged political parties to âhackâ EVMs, it did not provide unfettered access to the machines.

While paper ballots may work well in countries like Germany, they hadn't in India, where in some parts ballot-stuffing and booth-capturing were rampant. The solution as recognised by international experts, and as the ECI eventually realised, was to have the best of both worlds and to add a printer to the EVMs.

These would print out a small slip of paper containing the serial number and name of the candidate, and the symbol of the political party, so that the sighted voter could verify that her vote has been cast correctly. This paper would then be deposited in a sealed box, which would provide a paper trail that could be used to audit the correctness of the EVM. They called this VVPAT: voter-verifiable paper audit trail. Swamy, in his PIL, asked for VVPAT to be introduced. The Supreme Court noted that the ECI had already done trials with VVPAT, and made them mandatory.

However, VVPATs are of no use unless they are actually counted to ensure that the EVM tally and the paper tally do match. The most advanced and efficient way of doing this has been proposed by Lindeman & Stark, through a methodology called (RLAs), in which you keep auditing until either you've done a full hand count or you have strong evidence that continuing is pointless. The ECI could request the Indian Statistical Institute for its recommendations in implementing RLAs. Also, it must be remembered, current VVPAT technology are inaccessible for persons with visual impairments.

While in some cases, the ECI has conducted audits of the printed paper slips, in 2017 it officially noted that only the High Court can order an audit and that the ECI doesn't have the power to do so under election law. Rule 93 of the Conduct of Election Rules needs to be amended to make audits mandatory.

The ECI should also create separate security procedures for handling of VVPATs and EVMs, since there are now reports of EVMs being replaced 'after' voting has ended. Having separate handling of EVMs and VVPATs would ensure that two different safe-houses would need to be broken into to change the results of the vote. Implementing these two changes, changing election law to make risk-limiting audits mandatory, and improving physical security practices would make Indian elections much more trustworthy than they are now, while far more needs to be done to make them inclusive and accessible to all.

For more details visit https://cis-india.org/internet-governance/blog/the-times-of-india-december-9-2018-pranesh-prakash-how-to-make-evms-hack-proof-and-elections-more-trustworthy

How to Engage in Broadband Policy and Regulatory Processes

praskrishna — 2014-04-03T06:07:04Z

LIRNEasia with the support of the Ford Foundation offered a four-day course in Gurgaon from March 7 to 10, 2014. Sunil Abraham taught on Surveillance and Privacy.

Click to see Sunil Abraham's presentation on Surveillance and Privacy. Also read it on LIRNE asia website here.

Goal

To enable members of Indian civil-society groups (including academics and those from the media) to marshal available research and evidence for effective participation in broadband policy and regulatory processes including interactions with media, thereby facilitating and enriching policy discourse on means of increasing broadband access by the poor.

Outcomes

The objective of the course is to produce discerning and knowledgeable consumers of research who are able to engage in broadband policy and regulatory processes. The course will benefit those working in government and at operators as well.

At the end of the course attendees will:

Be able to find and assess relevant research & evidence

Be able to summarize the research in a coherent and comprehensive manner
Have an understanding of broadband policy and regulatory processes in India
Have the necessary tools to improve their communication skills
Have some understanding of how media function and how to effectively interact with media

Participants will be formed into teams on day1. Both group assignments are connected.

The first assignment requires each group to research on a National Broadband Network (NBN) assigned to them (one of US, Singapore, Hong Kong, Brazil, South Africa, Korea or Colombia) and writing it up based on a template that will be provided. Each team will have to present their findings about the NBN at the end of day 2.

The second assignment is to be performed by teams. It is an oral presentation, accompanied by a policy brief of two pages max. at a mock public hearing at which the Indian Department of Telecommunications (DoT) is seeking input on the question of subsidizing fiber-to-the-home (FTTH) as the second phase of the current INR 20,000 Crore (USD 4 Billion) National Optical Fiber Network initiative. Each team will be assigned a role and they should present the recommendations from the point of view of the assigned ‘role’. All presentations must be evidence based. It is expected that participants will use what they learnt about other NBNs on day 2 to support their argument. Additional research must be conducted on Days 3 and 4.

	Day1 (March 7)	Day2 (March 8)	Day3 (March 9)	Day4 (March 10)
09.00 10.30	S1 Introduction (Rohan Samarajiva RS)	S5 Interrogating supply-side indicators (RS & RLG)	S8 Indian broadband policy & regulatory environment in relation to comparator countries (Satyen Gupta SG)	S13 Lessons from Mexico (Ernesto Flores EF)
10.30 11.00	Break	Break	Break	Break
11.00 12.00	S2 Research on significance of broadband/Internet (Payal Malik PM)	S6 Assessing & summarizing research (RS & NK)	S9 Research on subsidies in broadband eco system (PM)	S14 Spectrum policy debates (Martin Cave (MC)
12.00 13.00	S3 Finding research (Nilusha Kapugama NK)	S7 The art of media interaction (RS)	S10 Making policy & doing regulation (SG & Rajat Kathuria RK) panel discussion	S15 Framing issues (RS)
13.00 14.00	Lunch	Lunch	Lunch	Lunch
14.00 15.00	A1 Group formation; Assignments explained and introduction of Broadband Website (Roshanthi Lucas Gunaratne RLG)	A2 Rewriting research summaries & preparing presentations	S11 Surveillance and Privacy (RS & Sunil Abraham SA)	A5 Mock public hearing (RS & panel)
15.00 15.30	Break	Break	Break	Break
15.30 17.00	S4 Demand-side research (NK)	A3 Presentation & critique of research summaries (RS & Panel)	S12 International policy debates on Internet and broadband (RS)	A5 Mock public hearing & critique (RS & panel)
17.00 onwards	Group work	Group work	Group work	Certificate dinner

Faculty

Rohan Samarajiva, PhD
Rohan Samarajiva, was the founding CEO (2004 - 2012) and Chair (2004 – onwards) of LIRNEasia.

Previously he was the Team Leader at the Sri Lanka Ministry for Economic Reform, Science and Technology (2002-04) responsible for infrastructure reforms, including participation in the design of the USD 83 million e Sri Lanka Initiative. He was Director General of Telecommunications in Sri Lanka (1998-99), a founder director of the ICT Agency of Sri Lanka (2003-05), Honorary Professor at the University of Moratuwa in Sri Lanka (2003-04), Visiting Professor of Economics of Infrastructures at the Delft University of Technology in the Netherlands (2000-03) and Associate Professor of Communication and Public Policy at the Ohio State University in the US (1987-2000). He was Policy Advisor to the Ministry of Post and Telecom in Bangladesh (2007-09).

He serves as Senior Advisor to Sarvodaya (Sri Lanka’s largest community based organization) on ICT matters. Samarajiva is a Board Member of Communication Policy Research south, an initiative to identify and foster policy intellectuals in emerging Asia. He serves on the editorial boards of seven academic journals.

His full CV can be found at http://lirneasia.net/wp-content/uploads/2007/12/CVApril1long.pdf

Martin Cave, PhD
Martin Cave is a regulatory economist specialising in competition law and in the network industries, including airports, broadcasting, energy, posts, railways, telecommunications and water. He has published extensively in these fields, and has held professorial positions at Warwick Business School, University of Warwick, UK, and the Department of Economics, Brunel University, UK. In 2010/11, Martin held the BP Centennial Chair at the London School of Economics, based in the Department of Law. He is now Visiting Professor at Imperial College Business School.

He is a Deputy Chair of the Competition Commission from January 2012. He has provided expert advice to governments, competition authorities, regulators and firms around the world, focussing particularly upon the communications industries. This work has included reviews of spectrum policies for the Governments of Australia, Canada and the UK; advice on market analysis and access remedies to a large number of regulators in Asia, Australia, Europe and Latin America, including the European Commission. He has provided advice and expert testimony in competition and sector-specific regulatory proceedings to a number of major international firms in Asia, Australasia and Europe. He has also advised UK ministers on matters relating to the water sector, housing, legal services and airports, and advised regulators in the railway and energy sectors. He was a founder member of the Academic Advisory Committee of the Brussels-based think tank, the Centre for Regulation in Europe (www.cerre.eu). In 2009 he was awarded the OBE for public service.

His full CV available on http://www.martincave.org.uk/index.php

Payal Malik
Payal Malik is a Senior Research Fellow of LIRNEasia and an Associate Professor of Economics at the Delhi University. She is currently on deputation to the Competition Commission of India. She is also associated with National Council of Applied Economic Research and Indicus Analytics. She received her Master of Philosophy (M.Phil.), and MA in Economics from the Delhi School of Economics and BA in Economics from Lady Shriram College, University of Delhi. She also has a MBA in Finance from the University of Cincinnati.

She has several years of research experience on the issues of competition and regulation in network industries like power, telecommunication and water. In addition, she has done considerable research on the ICT sector. Recently she has been actively engaged in competition policy research. At LIRNEasia, she has led research on measuring India’s telecom sector and regulatory performance, including a study on Universal Service Instruments. She has written both for professional journals as well as for the economic press. Currently she is a regular columnist for the Financial Express, India and a referee for the Information Technologies and International Development journal published by University of Southern California, Annenberg. Click here to download a detailed version of CV.

Satyen Gupta
Satyen Gupta is the founder and Secretary General, NGN Forum, India. Previously he was the chief of Corporate Affairs, Sterlite Technologies Ltd and headed the Regulatory and Govt. Affairs for BT global Services for SAARC Region and handled Licencing, Regulation, compliance, competition and Industry Advocacy issues. He is also a member, Advisory Board of Creation and Implementation of National Optical Fibre Network for the government of India (2011 onwards). From 2000-2006 he served as the Principle Advisor, Telecom Regulatory Authority of India at the level of additional secretary to the government of India and headed the fixed network division. He is the author of “Everything Over IP-All you want to know about NGN” (2011).

He has conducted and taught many courses on telecommunication technologies, policy and regulation. He is also a Govt. Affairs and Regulatory advocate. He graduated with Hons, in Engineering in 1979 from NIT, Kurukshetra University, INDIA and went on to complete his post graduate studies in Electronics Design Technology at CEDT, Indian Institute of Science, Bangalore.

Rajat Kathuria, PhD
Rajat Kathuria is Director and Chief Executive at Indian Council for Research on International Economic Relations (ICRIER), New Delhi. He has over 20 years experience in teaching and 10 years experience in economic policy, besides research interests on a range of issues relating to regulation and competition policy. He worked with Telecom Regulatory Authority of India (TRAI) during its first eight years (1998-2006) and gained hands on experience with telecom regulation in an environment changing rapidly towards competition. The role entailed analysis of economic issues relating to telecom tariff policy, tariff rebalancing, interconnection charges and licensing policy. Market research and questionnaire development and analysis formed an integral part of this exercise. It also involved evaluation of macro level initiatives for transforming the telecom industry. He wrote a number of consultation papers which eventually formed the basis of tariff and interconnection orders applicable to the industry. He has an undergraduate degree in Economics from St. Stephens College, a Masters from Delhi School of Economics and a PhD degree from the University of Maryland, College Park.

Ernesto Flores, PhD
Ernesto M. Flores-Roux majored in Mathematics from the National University of Mexico (UNAM), obtained partial credits in a Masters in Economics (ITAM), and received his PhD in Statistics from The University of Chicago (1993). From 1993 to 2004, he worked for McKinsey & Co., Inc. (Mexico, Brazil), one of the most prestigious international consulting firms, first as a Consultant, then as Partner, and finally as the Partner in charge of McKinsey's Rio de Janeiro office. He specialized in several aspects of the telecommunications industry, including regulation, planning, strategy, and marketing. He assisted the governments of Mexico and Brazil in their deregulation and privatization processes. In 2004, he joined Telefonica, first as Director of Marketing and Strategy in Mexico and then transferring to Telefónica's operations in Peru, China (Beijing), and Brazil. In 2008 he joined the Ministry of Communications and Transport (SCT) in Mexico as Chief of Staff of the Deputy Minister of Communications. In 2009 he joined CIDE (Centro de Investigación y Docencia Económicas, Mexico City) as an associate professor of CIDE's telecommunications program (Telecom CIDE). He has published several papers in telecommunications policy and has written reports for the IDB, GSMA, UN/CEPAL , Ahciet, CAF, OECD, as well as other publications in industry and academic journals. In 2011 he became a member of the Advisory Council of the Mexican telecommunications regulator (Cofetel – Comisión Federal de Telecomunicaciones).

Sunil Abraham
Sunil Abraham is the Executive Director of Bangalore based research organization, the Centre for Internet and Society. He founded Mahiti in 1998, a company committed to creating high impact technology and communications solutions. Today, Mahiti employs more than 50 engineers. Sunil continues to serve on the board. Sunil was elected an Ashoka fellow in 1999 to 'explore the democratic potential of the Internet' and was also granted a Sarai FLOSS fellowship in 2003. Between June 2004 and June 2007, Sunil also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme serving 42 countries in the Asia-Pacific region.

Nilusha Kapugama
Nilusha Kapugama is a Research Manager at LIRNEasia and manages the electricity component of the 2012-2014 IDRC Project on ‘Achieving e-inclusion by improving government service delivery & exploring the potential of “big data” for answering development questions’.

She is also working on a systematic review looking at the economic impacts of mobile phones. Previously she managed the Knowledge Based Economy project at LIRNEasia, which looked at the information and knowledge gaps in agriculture supply chains. She also worked on CPR south, LIRNEasia’s capacity-building initiative to develop Asia-Pacific expertise and knowledge networks in ICT policy regulation. She has also done research on broadband quality indicators and national regulatory authority (NRA) website indicators. She has also worked on LIRNEasia’s Virtual Organization Project. She has experience organizing international conferences and training courses.

She holds a master’s degree in development economics and policy from the University of Manchester, UK.

Roshanthi Lucas Gunaratne
Roshanthi is a Research Manager at LIRNEasia and is currently managing the Ford Foundation Funded project on Giving Broadband Access to the Poor in India.

She is also contributing to the IDRC Customer Lifecycle Management Practices Project by conducting research on customer lifecycle management practices in telecommunication sector in Bangladesh.

Before joining LIRNEasia, Roshanthi worked at the Global Fund to fight AIDS, Tuberculosis and Malaria, Geneva, Switzerland as a Strategic Information Officer. She contributed to the process of defining the Global Fund Key Performance Indicators, and also worked on improving the performance measurements of their grants. Prior to that, she worked as a telecom project manager at Dialog Telecom, and Suntel Ltd in Sri Lanka. As Suntel she managed the design and implementation of corporate customer projects.

She holds a MBA from the Judge Business School, University of Cambridge, UK and a BSc. Eng (Hons) specializing in Electronics and Telecommunication from the University of Moratuwa, Sri Lanka.

Resource Materials

Bauer, Johannes M.; Kim, Junghyun; & Wildman, Steven S. (2005). An integrated framework for assessing broadband policy options. MICH. ST. L. REV. 21, pp. 21-50. http://www.msulawreview.org/PDFS/2005/1/Bauer-Kim.pdf

Broadband Commission (2012). The state of broadband 2012: Achieving digital inclusion for all. http://www.broadbandcommission.org/Documents/bb-annualreport2012.pdf

Government of India, Department of Telecommunications (2012). National Telecom Policy 2012. http://www.dot.gov.in/ntp/NTP-06.06.2012-final.pdf

Government of India, Department of Telecommunications (2004). Broadband policy. http://www.dot.gov.in/ntp/broadbandpolicy2004.htm

Junio, Don Rodney (2012). Does a National Broadband Plan Matter? A Comparative Analysis of Broadband Plans in Hong Kong and Singapore http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2146566

InfoDev. Broadband strategies toolkit. http://broadbandtoolkit.org/en/toolkit/contents

Samarajiva, Rohan (2010). Leveraging the budget telecom network business model to bring broadband to the people, Information Technology and International Development, 6, special edition: 93-97. http://itidjournal.org/itid/article/view/630/270

For more details visit https://cis-india.org/news/how-to-engage-in-broadband-policy-and-regulatory-processes