Access To Knowledge (A2K)

Foreign Media on Zuckerberg's India Backlash

praskrishna — 2016-01-03T09:20:41Z

When Facebook's co-founder proposed bringing free Web services to India, his stated aim was to help connect millions of impoverished people to unlimited opportunity. Instead, critics have accused him of making a poorly disguised land grab in India's burgeoning Internet sector. The growing backlash could threaten the very premise of Internet.org, his ambitious, two-year-old effort to connect the planet.

The blog post was published in NDTV on December 30, 2015. Pranesh Prakash was quoted.

Indian authorities are circumspect because the Facebook initiative provides access to only a limited set of websites -- undermining the equal-access precepts of net neutrality. The telecommunications regulator is calling for initial comments by Jan 7, extending the deadline from today, on whether wireless carriers can charge differently for data usage across websites, applications and platforms.

Losing this fight could imperil Facebook's Free Basics, which allows customers to access the social network and select services such as Messenger and Microsoft's Bing without a data plan.

"The India fight is helping shape debates elsewhere," said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bangalore-based non-profit advocacy group. "Activists in other countries such as Brazil, Venezuela and Colombia are watching this debate and will seize the momentum created in India."

Zuckerberg's argument for free Web access is based in part on Deloitte research showing that for every 10 people who are connected to the Web, one is lifted out of poverty and one job is created.

Facebook argues that by giving people free access to a small slice of the Internet, they will quickly see the value in paying for the whole thing. Zuckerberg has said his biggest challenge in connecting people to the Web isn't access to cellular networks, but a social hurdle: he needs to prove to people who have never been online that the Internet is useful.

"Who could possibly be against this?" Zuckerberg wrote in an impassioned op-ed in the Times of India this week. "Surprisingly, over the last year there's been a big debate about this in India."

Zuckerberg's pleas underscore what's at stake. Facebook already attracts 1.55 billion people monthly, or about half of the Internet-connected global population. To keep growing, the world's largest social network needs to get more people online. Hence the billions of dollars Facebook is spending on projects to deliver the Web to under-served areas via drones, satellites and lasers. And Internet.org, which now spans 37 nations.

India, as the world's second most populous nation, is arguably the most important piece of Zuckerberg's Free Basics strategy. But the opposition is fierce. Critics note that the Facebook service doesn't offer Web favorites such as Google's search. Facebook has said it would be open to adding more features from competitors, but critics are skeptical of giving the social-networking giant such influence on the Internet.

Critics also say that by offering a limited swath of the Internet at comparatively slow speeds, the company is creating a diluted version of the Web. That could stifle innovation by causing disadvantages for Indian startups building rival apps, or allow Facebook and its telecommunications carrier-partners to act as Internet gatekeepers.

In a sign of the importance he attaches to the issue, Zuckerberg on Tuesday called one of India's most prominent entrepreneurs to make his case.

One97 Communications, the mobile payments startup backed by Alibaba Group Holding, is one of several tech companies that have come out against Facebook's plans.

"We are totally against telcos preferring one developer over another," One97 founder Vijay Shekhar Sharma said in a phone interview before that call. "We are asking for access neutrality. We are hoping that all startups will be treated equally."

Sonia Dhawan, a spokeswoman for One97's payment website Paytm, said the call took place but didn't describe the conversation further. Sharma wasn't available for further comment.

Facebook is now scrambling to drum up support. It's started a "Save Free Basics In India" campaign, asking Indian users to support "digital equality" by filling out a form that shoots an e-mail to regulators. That also has the effect of sending notifications to user's friends unless they opt out.
Facebook has also taken out full-page advertisements, including one featuring a smiling Indian farmer and his family who the ads say used new techniques to double his crop yield.

While countries such as the Philippines have embraced Free Basics, India has been "the outlier and more challenging," Chris Daniels, vice president of Internet.org, said in a Dec. 26 chat on Reddit.

For more details visit https://cis-india.org/internet-governance/news/ndtv-bhuma-shrivastava-december-30-2015-foreign-media-on-zukerberg-india-backlash

Foreign Funding of NGOs

praskrishna — 2013-03-04T23:52:31Z

Should FDI in India’s thinktank sector worry us? It is a debate long overdue.

This article by Prashant Reddy was published in the March issue of Open Magazine.

In 1976, at the height of the Emergency imposed by Indira Gandhi, India’s Parliament enacted a piece of legislation called the Foreign Regulation Contribution Act. It prohibited political parties and ‘organisations of a political nature’, civil servants and judges, as also correspondents, columnists and editors/owners of registered newspapers and news broadcasting organisations— and even cartoonists—from receiving foreign contributions.

The very fact that the Act makes a specific reference to cartoonists should be hint enough of the establishment’s paranoia vis-à-vis the ‘invisible hand’ of foreign powers back then. During a Rajya Sabha debate on the proposed bill on 9 March 1976, the term ‘CIA’ (Central Intelligence Agency) was mentioned at least 30 times by different legislators, while ‘Lockheed Martin’ (a military aerospace corporation) came up at least six times in the context of alleged instances of Americans pumping dollars into governments worldwide to buy influence during the Cold War.

The sentiment of the times was captured by the following statement made during that debate by Khurshid Alam Khan, father of India’s present Minister for External Affairs: “The CIA’s doings all over the world have very clearly indicated as to what could be done by foreign money and foreign interference.”

In 2010, a different parliament, with opposition members who had not been imprisoned like those in 1976, unanimously voted to update the law by passing the Foreign Contribution Regulation Act (FCRA). In fact, the Parliamentary Standing Committee that examined the bill was headed by the BJP’s Leader of Opposition in the Lok Sabha Sushma Swaraj, and it had no major objections.

This time round, there was no talk of the CIA or Lockheed Martin. Instead, concern was focused on the increasingly influential role of Non-Governmental Organisations (NGOs) as institutions of civil society in India. The term ‘NGO’ found at least 40 mentions during the Rajya Sabha debate on the 2010 bill. The main concern of the Upper House appeared to be a lack of transparency among NGOs receiving foreign contributions. Hence the calls to strengthen the monitoring regime, although several MPs expressed worry that the new law would give the Centre too much discretionary power to crack down on dissenting NGOs.

Worries about the 2010 Act’s overreach were validated last year when the Government used it to clamp down on NGOs involved in anti-corruption and anti-nuclear protests. As part of that exercise, at least four NGOs were booked under the FCRA for allegedly diverting foreign funds to aid the organisation of protests against the Koodankulam nuclear power plant in Tamil Nadu. Their bank accounts were frozen. The protests, however, did not end.

Perhaps the most ironic use of the FCRA was when the Ministry of Home Affairs reportedly held back potential funding from the US-based Ford Foundation for the Mumbai-based Institute for Policy Research Studies (IPRS), a thinktank that runs Parliamentary Research Service (PRS).

Incubated at the Centre for Policy Research (CPR), a Delhi-based thinktank, PRS was spun off and institutionalised as IPRS in 2010 as a Section 25 non-profit company with a registered office in Mumbai. The main aim of PRS was to provide non-partisan legislative research services to parliamentarians, most of whom are starved of resources to conduct independent research required to hold the Executive accountable in Parliament. The service’s popularity among MPs was obvious from the fact that several of them reportedly made individual representations to the Home Ministry against blocking foreign funds for its parent institute.

The tragedy of why Parliament does not have a public-funded service like PRS is a debate for another day, but choking the IPRS of foreign funds raises a question of hypocrisy since the Central Government routinely collaborates with a wide range of civil society thinktanks that receive funds from the West.

Let’s start with the Indian Council for Research on International Economic Relations (ICRIER). According to its filings with the MHA, accessible on the FCRA website (http://mha.nic.in/fcra.htm), ICRIER has received over Rs 11.5 crore in foreign donations from a range of international institutions such as the Asian Development Bank, World Bank, International Monetary Fund (IMF) and Sasakawa Peace Foundation between 2007 and 2012. This council, currently headed by Dr Isher Judge Ahluwalia, wife of Planning Commission Vice-chairperson Dr Montek Singh Ahluwalia, appears to have a cosy relationship with the present establishment. When the Government was in a fix over the contentious General Anti- Avoidance Rules (GAAR) of taxation, for example, it delegated the task of ironing out its problems to a four-member committee headed by Dr Parthasarathi Shome, a well-known economic policy expert at ICRIER. There are several other projects on which the Council’s faculty collaborates closely with the Government of India.

That thinktanks are well networked goes without saying. In fact, ICRIER and PRS were involved in quite a controversy during last year’s Parliament vote on Foreign Direct Investment in India’s multi-brand retail sector. As reported by India Today, (‘Foreign Direct Instruction for our MPs?’ 6 December 2012), IPRS had organised a ‘close-door’ meeting at Delhi’s Constitution Club the day before the vote, where MPs were briefed on the benefits of FDI by Professor Arpita Mukherjee of ICRIER. Some MPs had publicly labelled this a ‘lobbying’ effort.

Another example of close collaboration between the Centre and a thinktank that gets significant foreign funding is the one between the Government and the CPR, headed by Dr Pratap Bhanu Mehta. Between 2007 and 2012, according to its filings with the MHA, this thinktank received foreign funds of over Rs 40.8 crore from a range of donors such as the Ford Foundation, Google Foundation, International Development Research Centre, Economic and Social Research Council, Hewlett Foundation and IKEA Social Initiative.

Environmental policy is another area in which foreign-funded thinktanks have a significant impact. The Centre for Science and Environment (CSE), headed by Sunita Narain with a governing board that has Ela Bhatt, BG Verghese, Dr MS Swaminathan and Dr NC Saxena among others, has received over Rs 67.7 crore in foreign funds between 2006 and 2012. The CSE’s main donors, according to FCRA records, include the Denmark- based Dan Church Aid, Germany-based Evangelischer Entwicklungsdienst EV, Heinrich Boll Foundation and the Swedish International Development Cooperation Agency. Other donors include the Commission of European Communities and Government of India.

Going by the media coverage that CSE receives, it is safe to say that this thinktank has a profound influence on India’s environmental policy. An indication of its ties with the Government is the fact that the two had their own ‘side-event’ at the recently concluded Doha talks on climate change.

The other green thinktank with generous foreign contributions that works closely with the Government is The Energy and Resources Institute (TERI). Consider this: the International Bioenergy Summit of 2012 held in New Delhi was organised by TERI and sponsored by the Department of Biotechnology (DBT). According to its FCRA filings, TERI, with a staff of over 900, has received about Rs 155.9 crore between 2006 and 2012 from a vast variety of donors.

In the field of health policy, one of the most influential thinktanks is the Public Health Foundation of India (PHFI). Since it was founded in 2006, it has received a total of Rs 219 crore in funds, its biggest foreign donor being the Bill and Melinda Gates Foundation and biggest Indian donor being the Government of India. Other foreign donors, according to FCRA filings, include the National Institutes of Health (of the US government), Welcome Trust, International Development Research Centre and MacArthur Foundation.

A public-private initiative, the PHFI is expected to shape India’s approach to public health policy over the next decade. An example of its influence on India’s health policy is the fact that its secretariat has been thanked and praised in a report of the High Level Expert Group constituted by the Planning Commission to frame a new policy on ‘universal health coverage’ for all Indians.

On matters of internet policy, the Centre for Internet and Society (CIS), a Bangalore-based thinktank focused on internet governance and intellectual property issues, has been a member of some key government committees, like the one under Justice AP Shah to study privacy laws in India. The CIS also receives foreign funding. According to its website, it has received over Rs 8.3 crore in funds, a significant portion of it from foreign donors like the UK-based Kusuma Trust, which was founded by Anurag Dikshit, an Indian businessman who made a fortune selling his stake in a popular online gambling website. He eventually donated most of his wealth to the Kusuma Trust, which funds various charities across the world.

In the human rights space, there is the famous Lawyers Collective, which, apart from its human rights advocacy, also provides legal aid to members of disadvantaged communities. Although this collective does not appear to work all that closely with the Government, it is interesting to note that it was founded by Indira Jaising, who is currently one of the Centre’s Additional Solicitor Generals. Since 2006, according to its FCRA filings, the organisation has received around Rs 21.8 crore in foreign funds from the Ford, Levi Strauss and Open Society foundations and from the Campaign for Tobacco Free Kids, Swedish International Development Cooperation Agency, among others.

Another thinktank that deserves a mention is the Centre for Civil Society (CCS), which was founded by Dr Parth J Shah and has a ‘Board of Scholars’ with Isher Judge Ahluwalia, Jagdish Bhagwati, Lord Meghnad Desai and Swaminathan Anklesaria Aiyar, among others, as members. While it is not clear from its website whether it works closely with the Government, it was ranked 51st in a recent global survey of thinktanks by University of Pennsylvania. According to a CCS press release, these rankings were ‘based on not just our research and analysis, but also on our engagement with policy makers and ability to influence policy decisions’. The CCS’s rank was quite a surprise, given its modest resources. According to its FCRA filings, between 2006 and 2011, it received about Rs 6.2 crore from foreign donors such as the Atlas Economic Research Foundation, John Templeton Foundation and International Policy Network. As per its audited accounts, available on its website, donations from Indian donors were equally modest.

The above examples demonstrate the influence of foreign funded thinktanks on almost every major aspect of Indian policy today, be it economic or environmental, related to public health or internet governance.

Is this good or bad for India as a country? Given that most sectors of the economy are now open to foreign investment, does it make sense to regulate and restrict foreign funds for such thinktanks under laws like the FCRA?

The answer depends on what Indian society expects of them. Do we expect them to be completely independent of donors in their views? Would an organisation like the CSE still get foreign funds from European donors if it were to readily welcome genetically modified (GM) food in India? In such circumstances, how independent should we expect these thinktanks to be in the arena of policy?

Absolute objectivity—or at a least public perception of it—is an absolute myth. No matter who funds a thinktank, be it foreigners or Indians, it is impossible to be seen as such. The more pressing issue is of transparency. Are Indian policymakers aware of the details of foreign funds received by these thinktanks?

Take, for example, a recent Parliamentary Standing Committee report that expressed serious reservations about GM food. The Committee repeatedly quotes with approval the deposition of Dr Vandana Shiva against GM food. A little-known fact about Dr Shiva is that her organisation, Navdanya, according to its FCRA filings, has received a total of Rs 16.7 crore between 2006 and 2012 in foreign donations from mainly European organisations (some of which also contribute to the CSE) like Bread for the World, Diakonie Emergency Aid, Hivos Foundation, Evangelischer Entwicklungsdienst EV, RSF Innovations in Social Finance, and even from the European Union itself.

Would a Parliamentary Standing Committee headed by an MP of the CPM, a party that is always suspicious of the ‘foreign hand’, show the same deference to Dr Shiva’s views if its members knew of Navdanya’s European donors, several of which are also Christian churches?

In an op-ed article in The Indian Express (‘Do not disagree’, 29 February 2012), Dr Pratap Bhanu Mehta while criticising the FCRA, states, ‘Of course, NGOs should be transparent and accountable in terms of their sources of funding.’ Yet, the CPR, of which Dr Mehta is president, only discloses the names of its donors in its annual report, and that too without revealing the amounts received from each. Similarly, Navdanya offers no information on either of its websites, Indian and Italian (navdanyainternational.it), on any of its funding. Other thinktanks like the PHFI and CIS offer a more detailed breakup of their different sources of funding, while some like the CSE and CCS provide only a roll of donor names and a figure of cumulative funding with no breakup of individual contributions. So, while these thinktanks are forced to disclose their foreign funding sources to the MHA under the FCRA, why do they not volunteer exhaustive information on their own websites?

An amusing facet of this is that the Central Government and Corporate India are more transparent (even if forced to be) than these civil society institutions, thanks to the Right to Information Act, 2005, and the extensive disclosure requirements under the Companies Act, 1956. Of companies in particular, information is accessible over the internet on the MCA21 website of the Ministry of Corporate Affairs. This contrast is amusing because some of these thinktanks never tire of demanding transparency of the State and corporate sector.

For several thinktanks, it is often hard to figure out something as basic as the nature of the legal entity through which they conduct their activities. Are they societies, associations or trusts? More pertinently, why is the Government not pushing for a stricter transparency regime? A major stumbling block may be the fact that these thinktanks are set up under state laws and it is difficult for the Central Government to coordinate a nationwide transparency regime. However, given that most are beneficiaries of income tax exemptions, it may be possible for the Centre to use the Income Tax Act to demand comprehensive disclosures. Since they enjoy tax benefits, they might also qualify as ‘public authorities’ under the Right To Information Act, 2005.

Another reason that disclosure of funding is important is to inform the analysis of people who usually see NGOs as selfless entities dedicated to nothing but a higher cause. While this may be true of some NGOs, many leaders of these set-ups have personal stakes in ensuring certain outcomes. After all, future donor grants often depend on sustaining one’s influence in the policy space. Many of the institutions described in this article have been regular recipients of funds from the same sources year after year.

Another question is the volume of funds coming in and where it will leave India’s public institutions that were originally meant to aid policymaking with unbiased intellectual inputs. How are cash-strapped Indian universities to compete with these well-funded thinktanks?

Government-run institutions of higher learning are supposed to have an inbuilt guarantee of academic independence, but would their scholarly voices be drowned out by those backed by bigger resources?

Also, given the frequency with which a few foreign funders appear on donor lists, is it time to worry about their influence on Indian policies? After all, generous funding lets the faculty of these thinktanks jetset around the world to attend conferences, organise seminars in India and network with officials at a level that most public universities cannot afford. How does this impact our civil society discourse? Should Parliament limit the amount that a single foreign entity can donate, or are we better off sticking to a regulatory regime that only insists on a set of disclosure norms?

On a concluding note, let us not forget that a large part of the credit for the RTI Act of 2005—the country’s most empowering piece of legislation since the Constitution of 1950—goes to the advocacy efforts of the Mazdoor Kisan Shakti Sangathan (MKSS), a farmers group in Rajasthan that does not accept institutional funding from either India or overseas. Bank interest on its corpus and donations by individuals are the MKSS’s only sources of funding. Together, the two gave it Rs 30 lakh for the financial year 2010-11, details of which are available on its website.

For more details visit https://cis-india.org/news/openmagazine-article-business-prashant-reddy-march-2-2013-foreign-funding-of-ngos

Forecasting the Implications of the CLOUD Act Around the World

Admin — 2018-09-20T15:51:48Z

Elonnai Hickok participated in the event organized by the Global Network Initiative at the Russell Senate Office Building, Washington D.C. on September 18, 2018 as a speaker.

Elonnai spoke on the CLOUD Act from an Indian perspective based on the article that she co-authored with Vipul Kharbanda.

For more details visit https://cis-india.org/internet-governance/news/forecasting-the-implications-of-the-cloud-act-around-the-world

For sex workers, mobile phone becomes a double-edged sword

Tushar Kaushik — 2019-07-30T01:01:26Z

Our research on the use of mobile phones by sex workers, as part of the project on Feminist Information Infrastructure in collaboration with Sangama, was cited in an article in the Economic Times.

The article by Tushar Kaushik was published in the Economic Times on July 23, 2019. CIS research was quoted.

A mobile phone makes sex workers more vulnerable to harassment and abuse; however, it also helps them protect themselves better, according to recent reports. The report compiled by research and advocacy group Centre for Internet and Society (CIS) in May was based on surveys and interviews of 64 sex workers in rural Bengaluru and Hassan conducted by the nonprofit Sangama, which works with sexual minorities and sex workers. It said most sex workers use basic phones rather than smartphones.

Some respondents said phones helped them conduct sex work discreetly and avoid solicitation on roads and in public spaces. “This was especially advantageous for workers employed in addition to sex work, allowing them to schedule appointments for sex work for short periods during the day,” the report said. Some respondents said it helped them stay connected with friends and family while working.

But, in some cases, clients circulated workers’ contacts, leading to frequent calls and messages, some of which turned abusive. Some said clients would circulate photos and videos that had them in a compromising situation, or record calls with them, and threaten to circulate the content among families and communities of the workers. Pooja S (name changed), 27, said many clients shared her numbers with others, who would then call and harass her. “Clients have sometimes taken my photos and videos without my knowledge,” she said. However, Pooja is also aware of the advantage of having a mobile phone — in case of any problem with any client, she can immediately call someone for help.

Many transgender sex workers also said the advantages of a mobile phone far outweigh the disadvantages. Trans-activist Uma Umesh, who works to help many sex workers from the community, said, “Some clients call workers for frivolous reasons, and when workers don’t respond well, clients turn abusive.” Some sex workers use a separate sim card when with clients, she said.

A journal published in February, titled ‘Female Sex Workers’ Use of Mobile Phones in India,’ made similar conclusions based on discussions with 67 sex workers and 18 staff members from local NGOs in Mumbai and parts of Karnataka between January and May 2015. The journal highlighted how phones helped workers to be less dependent on brokers. It also mentioned cases where the police, upon apprehending sex workers, called clients whose contacts were saved on the workers’ phone to use them as a witness.

Shubha Chacko, one of the authors and executive director at Solidarity Foundation, which works with sex workers, said the workers are being trained to use phones to minimise threats. “For instance, some clients don’t pay. We advise workers to seek digital payment in advance.”

For more details visit https://cis-india.org/internet-governance/news/economic-times-july-23-2019-tushar-kaushik-for-sex-workers-mobile-phone-becomes-a-double-edged-sword

For India’s complaints department, visit Facebook Live

praskrishna — 2017-01-25T02:03:03Z

Notebook: Social media cuts through red tape in a country beset by inertia.

The article by Amy Kazmin was published in the Financial Times on January 23, 2017. Sunil Abraham was quoted.

Rarely has a soldier’s lament about bad food received such attention. But Tej Bahadur Yadav, of India’s Border Security Force, made national headlines with Facebook videos complaining about his rations along India’s tense line-of-control with neighbouring Pakistan.

Standing against a landscape of desolate, snow-covered mountains, Mr Yadav bemoaned the fried flatbread and tea that constitutes breakfast, and the watery lentils, seasoned only with salt and turmeric, of his lunch. It was unclear whether his main complaint was about the poor cooking quality or limited food quantity but the video of the offending meals, including a burnt chapati, suggested both.

“I do not want to blame the government,” he said calmly in Hindi. “The government provides everything for us but these higher officers sell everything. Sometimes, we soldiers go hungry.”

Reaction to the videos, which were covered widely by the mainstream media, came fast and furious. The BSF publicly accused Mr Yadav of indiscipline, saying he was a chronic malcontent previously subjected to a court martial for aiming his weapon at a superior. It also noted he was taking voluntary retirement soon.

But many Indians found it easy to believe that their country’s troops are short-changed on food and they rallied to the disgruntled soldier as a courageous whistleblower. Prime Minister Narendra Modi ordered an investigation, and a dietitian was reportedly sent to the border to assess the soldiers’ food.

Analysts pointed out that Mr Yadav’s gripe echoed official critiques of deficiencies in the army’s food procurement. “One can imagine the toil our jawans [junior soldiers] go through while guarding the border in chilling conditions. And the least they can expect is a good meal after long hours of hard duty,” an Indian Express editorial declared.

That a soldier posted in a remote border area could unleash such a kerfuffle via a video highlights how Indians armed with mobile phones are taking to social media to hold to account the traditionally non-responsive political and bureaucratic establishment.

Smartphones make up nearly 30 per cent of phones in use in India and that number is rising fast, according to the Asian research group CLSA. Sushma Swaraj, India’s foreign minister, has garnered attention for her rapid responses to individual Twitter pleas for help — whether from Indians in trouble abroad or those struggling to renew a passport or secure a visa for a visitor.

Now other ministers and government agencies, including local police forces, have begun to respond personally to pleas for help and public complaints on Twitter. It’s a big change from a time I recall well, when Indians tangled in red tape had no option but to find those with connections to try to influence, or prod, the seemingly impenetrable bureaucracy.

“Bureaucrats and politicians are now active and available on social media — ordinary citizens tweet politicians and there is a spectacle of immediate redress of complaints,” Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, told me. When New Delhi’s police department set up an office to receive complaints against corrupt officers, for example, many citizens provided audio or visual recordings of the alleged wrongdoing. It’s only a matter of time before such footage finds its way to social media — or beyond. Ironically, those whose plights gain traction on social media, and are then amplified by mainstream media, are sometimes low-ranking civil servants harassed by their superiors.

This week brought news of a female railway clerk punished for dereliction of duty after she refused to sing “one particular” duet with her senior manager at his farewell party. A friend who works for a major western social media platform here in India (who ironically can’t be identified as he wasn’t authorised to speak to me), tells me that “the power structures that governed who used to be heard and who wouldn’t be heard have changed”. As technology spreads further and deeper in India, we can expect that noise to amplify.

For more details visit https://cis-india.org/internet-governance/news/financial-times-amy-kazmin-january-23-2017-for-indias-complaints-department-visit-facebook-live

Flaws in the UIDAI Process

hans — 2016-03-06T10:40:59Z

The accuracy of biometric identification depends on the chance of a false positive: the probability that the identifiers of two persons will match. Individuals whose identifiers match might be termed duplicands. When very many people are to be identified success can be measured by the (low) proportion of duplicands. The Government of India is engaged upon biometrically identifying the entire population of India. An experiment performed at an early stage of the programme has allowed us to estimate the chance of a false positive: and from that to estimate the proportion of duplicands. For the current population of 1.2 billion the expected proportion of duplicands is 1/121, a ratio which is far too high.

The article was published in Economic & Political Weekly, Journal » Vol. 51, Issue No. 9, 27 Feb, 2016.

A legal challenge is being mounted in the Supreme Court, currently, to the programme of biometric identification that the Unique Identification Authority of India (UIDAI) is engaged upon: an identification preliminary and a requisite to providing citizens with “Aadhaar numbers” that can serve them as “unique identiﬁers” in their transactions with the state. What follows will recount an assessment of their chances of success. We shall be using data that was available to the UIDAI and shall employ only elementary ways of calculation. It should be recorded immediately that an earlier technical paper by the author (Mathews 2013) has been of some use to the plaintiffs, and reference will be made to that in due course.

The Aadhaar numbers themselves may or may not derive, in some way, from the biometrics in question; the question is not material here. For our purposes a biometric is a numerical representation of some organic feature: like the iris or the retina, for instance, or the inside of a ﬁnger, or the hand taken whole even. We shall consider them in some more detail later. The UIDAI is using ﬁngerprints and iris images to generate a combination of biometrics for each individual. This paper bears on the accuracy of the composite biometric identiﬁer. How well those composites will distinguish between individuals can be assessed, actually, using the results of an experiment conducted by the UIDAI itself in the very early stages of its operation; and our contention is that, from those results themselves, the UIDAI should have been able to estimate how many individuals would have their biometric identiﬁers matching those of some other person, under the best of circumstances even, when any good part of population has been identiﬁed.

Read the full article here.

The author thanks Nico Temme of the Centrum Wiskunde & Informatica in The Netherlands for the bounds he derived on the chance of a false positive. He is particularly grateful to the anonymous referee of this journal who, through two rounds of comment, has very much improved the presentation of the results. A technical supplement to this paper is placed on the EPW website along with this paper.

For more details visit https://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process

Flashpoint #TrollControl: Maneka versus NCW

praskrishna — 2016-07-09T02:11:59Z

Amidst the debate over controlling online trolls - the proposal by Union Women and Child Development Minister to curb violence against women on the internet has triggered a fight between the minister and the National Commission for Women (NCW).

While Maneka Gandhi asked the NCW to monitor the internet to control trolls against women - NCW Chief Lalitha Kumaramangalam questioning the feasibility of the Minister's proposal, saying the internet is too big a space to be monitored. Sunil Abraham was interviewed. Times Now Television interviewed Sunil Abraham on this. Watch the video here.

For more details visit https://cis-india.org/internet-governance/news/times-now-july-8-2016-flashpoint-troll-control-maneka-versus-ncw

Fixing India’s anarchic IT Act

pranesh — 2012-11-30T06:33:58Z

Section 66A of the Information Technology (IT) Act criminalizes “causing annoyance or inconvenience” online, among other things. A conviction for such an offence can attract a prison sentence of as many as three years.

Pranesh Prakash's article was published in LiveMint on November 28, 2012.

How could the ministry of communications and information technology draft such a loosely-worded provision that’s clearly unconstitutional? How could the ministry of law allow such shoddy drafting with such disproportionate penalties to pass through? Were any senior governmental legal officers—such as the attorney general—consulted? If so, what advice did they tender, and did they consider this restriction “reasonable”? These are some of the questions that arise, and they raise issues both of substance and of process.

When the intermediary guidelines rules were passed last year, the government did not hold consultations in anything but name. Industry and non-governmental organizations (NGOs) sent in submissions warning against the rules, as can be seen from the submissions we retrieved under the Right to Information Act and posted on our website. However, almost none of our concerns, including the legality of the rules, were paid heed to.

Earlier this year, parliamentarians employed a little-used power to challenge the law passed by the government, leading communications minister Kapil Sibal to state that he would call a meeting with “all stakeholders”, and will revise the rules based on inputs. A meeting was called in August, where only select industry bodies and members of Parliament were present, and from which a promise emerged of larger public consultations. That promise hasn’t been fulfilled.

Substantively, there is much that is rotten in the IT Act and the various rules passed under it, and a few illustrations—a longer analysis of which is available on the Centre for Internet and Society (CIS) website—should suffice to indicate the extent of the malaise.

Some of the secondary legislation (rules) cannot be passed under the section of the IT Act they claim as their authority. The intermediary guidelines violate all semblance of due process by not even requiring that a person whose content is removed is told about it and given a chance to defend herself. (Any content that is complained about under those rules is required to be removed within 36 hours, with no penalties for wilful abuse of the process. We even tested this by sending frivolous complaints, which resulted in removal.)

The definition of “cyber terrorism” in section 66F(1)(B) of the IT Act includes wrongfully accessing restricted information that one believes can be used for defamation, and this is punishable by imprisonment for life. Phone-tapping requires the existence of a “public emergency” or threat to “public safety”, but thanks to the IT Act, online surveillance doesn’t. The telecom licence prohibits “bulk encryption” over 40 bits without key escrow, but these are violated by all, including the Reserve Bank of India, which requires that 128-bit encryption be used by banks. These are but a few of the myriad examples of careless drafting present in the IT Act, which lead directly to wrongful impingement of our civil and political liberties. While we agree with the minister for communications, that the mere fact of a law being misused cannot be reason for throwing it out, we believe that many provisions of the IT Act are prone to misuse because they are badly drafted, not to mention the fact that some of them display constitutional infirmities. That should be the reason they are amended, not merely misuse.

What can be done? First, the IT Act and its rules need to be fixed. Either a court-appointed amicus curiae (who would be a respected senior lawyer) or a committee with adequate representation from senior lawyers, Internet policy organizations, government and industry must be constituted to review and suggest revisions to the IT Act. The IT Act (in section 88) has a provision for such a multi-stakeholder advisory committee, but it was filled with mainly government officials and became defunct soon after it was created, more than a decade ago. This ought to be reconstituted. Importantly, businesses cannot claim to represent ordinary users, since except when it comes to regulation of things such as e-commerce and copyright, industry has little to lose when its users’ rights to privacy and freedom of expression are curbed.

Second, there must be informal processes and platforms created for continual discussions and constructive dialogue among civil society, industry and government (states and central) about Internet regulation (even apart from the IT Act). The current antagonism does not benefit anyone, and in this regard it is very heartening to see Sibal pushing for greater openness and consultation with stakeholders. As he noted on the sidelines of the Internet Governance Forum in Baku, different stakeholders must work together to craft better policies and laws for everything from cyber security to accountability of international corporations to Indian laws. In his plenary note at the forum, he stated: “Issues of public policy related to the Internet have to be dealt with by adopting a multi-stakeholder, democratic and transparent approach” which is “collaborative, consultative, inclusive and consensual”. I could not have put it better myself. Now is the time to convert those most excellent intentions into action by engaging in an open reform of our laws.

Pranesh Prakash is policy director at the Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/livemint-opinion-november-28-2012-pranesh-prakash-fixing-indias-anarchic-it-act

Fixing Aadhaar: Security developers' task is to trim chances of data breach

sunil — 2018-01-10T16:47:59Z

The task before a security developer is not only to reduce the probability of identity breach but to eliminate certain occurrences.

The article was published in Business Standard on January 10, 2017

I feel no joy when my prophecies about digital identity systems come true. This is because from a Popperian perspective these are low-risk prophecies. I had said that that all centralised identity databases will be breached in the future. That may or may not happen within my lifetime so I can go to my grave without worries about being proven wrong. Therefore, the task before a security developer is not only to reduce the probability but more importantly to eliminate the possibility of certain occurrences.

The blame for fragility in digital identity systems today can be partially laid on a World Bank document titled “Ten Principles on Identification for Sustainable Development” which has contributed to the harmonisation of approaches across jurisdictions. Principle three says, “Establishing a robust — unique, secure, and accurate — identity”. The keyword here is “a”. Like The Lord of the Rings, the World Bank wants “one digital ID to rule them all”. For Indians, this approach must be epistemologically repugnant as ours is a land which has recognised the multiplicity of truth since ancient times.

In “Identities Research Project: Final Report” funded by Omidyar Network and published by Caribou Digital — the number one finding is “people have always had, and managed, multiple personal identities”. And the fourth finding is “people select and combine identity elements for transactions during the course of everyday life”. As researchers they have employed indirect language, for layman the key takeaway is a single national ID for all persons and all purposes is an ahistorical and unworkable solution.

Revoke all Aadhaar numbers that have been compromised, breached, leaked, illegally published or inadvertently disclosed and regenerate new global identifiers. Photo: Reuters

monoculture can be prevented. The traditional approach is followed in the US - you could have multiple documents that are accepted as valid ID. Or you could have multiple identity providers providing ID artifacts using an interoperable framework as they do in the UK. Another approach is tokenisation. The first time tokenisation was suggested in the Aadhaar context was in an academic paper published in August 2016 by Shweta Agrawal, Subhashis Banerjee and Subodh Sharma from IIT Delhi titled “Privacy and Security of Aadhaar: A Computer Science Perspective”.

Though I had spoken about tokenisation as a fix for Aadhaar earlier, I wrote about it for the first time on the 31st of March, 2017, in The Hindu. The steps would be required are as follows. First, revoke all Aadhaar numbers that have been compromised, breached, leaked, illegally published or inadvertently disclosed and regenerate new global identifiers aka Aadhaar Numbers. Second, reduce the number of KYC transactions by eliminating all use cases that don’t result in corresponding transparency or security benefits. For example, most developed economies don’t have KYC for mobile phone connections. Three, the UIDAI should issue only tokens to those government entities and private sector service providers that absolutely must have KYC. When the NATGRID wants to combine subsets of 20 different databases for up to 12 different intelligence/law enforcement agencies they will have to approach the UIDAI with the token or Aadhaar number of the suspect. The UIDAI will then be able to release corresponding tokens and/or the Aadhaar number to the NATGRID. Implementing tokenisation introduces both technical and institutional checks and balances in our surveillance systems.

On 25th of July 2017, UIDAI published the first document providing implementation details for tokenisation wherein KUAs and AUAs were asked to generate the tokens. But this approach assumed that KYC user agencies could be trusted. This is because the digital identity solution for the nation as conceived by Aadhaar architects is based on the problem statement of digital identity within a firm. Within a firm all internal entities can be trusted. But in a nation state you cannot make this assumption. Airtel, a KUA, diverted 190 crores of LPG subsidy to more than 30 lakh payment bank accounts that were opened without informed consent. Axis Bank Limited, Suvidha Infoserve (a business correspondent) and eMudhra (an e-sign provider or AUA) have been accused of using replay attacks to perform unauthorised transactions. In November last year, the UIDAI indicated to the media that they were working on the next version of tokenisation — this time called dummy numbers or virtual numbers. This work needs to be accelerated to mitigate some of the risks in the current system.

The paper in its fourth key recommendation says “cryptographically embed Aadhaar ID into Authentication User Agency (AUAs) and KYC User Agency (aka KUAs) — specific IDs making correlation impossible”. The paper considers several designs for such local identifier where — 1) no linking is possible, 2) only unidirectional linking is possible, and 3) bidirectional linking is possible referring to a similar scheme in the LSE identity report.Though I had spoken about tokenisation as a fix for Aadhaar earlier, I wrote about it for the first time on the 31st of March, 2017, in The Hindu. The steps would be required are as follows. First, revoke all Aadhaar numbers that have been compromised, breached, leaked, illegally published or inadvertently disclosed and regenerate new global identifiers aka Aadhaar Numbers. Second, reduce the number of KYC transactions by eliminating all use cases that don’t result in corresponding transparency or security benefits. For example, most developed economies don’t have KYC for mobile phone connections. Three, the UIDAI should issue only tokens to those government entities and private sector service providers that absolutely must have KYC. When the NATGRID wants to combine subsets of 20 different databases for up to 12 different intelligence/law enforcement agencies they will have to approach the UIDAI with the token or Aadhaar number of the suspect. The UIDAI will then be able to release corresponding tokens and/or the Aadhaar number to the NATGRID. Implementing tokenisation introduces both technical and institutional checks and balances in our surveillance systems.On 25th of July 2017, UIDAI published the first document providing implementation details for tokenisation wherein KUAs and AUAs were asked to generate the tokens. But this approach assumed that KYC user agencies could be trusted. This is because the digital identity solution for the nation as conceived by Aadhaar architects is based on the problem statement of digital identity within a firm. Within a firm all internal entities can be trusted. But in a nation state you cannot make this assumption. Airtel, a KUA, diverted 190 crores of LPG subsidy to more than 30 lakh payment bank accounts that were opened without informed consent. Axis Bank Limited, Suvidha Infoserve (a business correspondent) and eMudhra (an e-sign provider or AUA) have been accused of using replay attacks to perform unauthorised transactions. In November last year, the UIDAI indicated to the media that they were working on the next version of tokenisation — this time called dummy numbers or virtual numbers. This work needs to be accelerated to mitigate some of the risks in the current system.

For more details visit https://cis-india.org/internet-governance/blog/business-standard-sunil-abraham-january-10-fixing-aadhaar

Five Nations, One Future?

praskrishna — 2015-07-18T02:34:16Z

The Silicon Valley model for success - what Bangalore, Chile, London and Rwanda want to learn from California.

When it comes to IT, Silicon Valley is viewed worldwide as the model for success. What can we learn from the drivers of innovation in California? We investigate in Bangalore, Chile, London and Rwanda. The article by Bjorn Ludtke, Ellen Lee, Jaideep Sen, Gwendolyn Ledger, David Nicholson, and Jesko Johannsen was published by Voestalpine. Sunil Abraham was quoted extensively. Read more about the article.

For more details visit https://cis-india.org/internet-governance/news/five-nations-one-future

Five Frequently Asked Questions about the Amended ITRs

chinmayi — 2013-01-30T05:36:26Z

This piece discusses the five major questions that have been the subject of debate after the World Conference on International Telecommunications 2012 (WCIT). The politics surrounding the WCIT are not discussed here but it must be kept in mind that they have played a significant role in the outcome of the conference and in some of the debates about it.

Each question is discussed with reference to the text of the treaty, to the minutes of the plenary sessions (which are available via the ITU website), a little international law and a few references to other people’s comments on the treaty.

1. Do the ITRs apply to content on the internet?

Article 1.1 (a) has been amended to add the sentence “These Regulations do not address the content-related aspects of telecommunications”. Although some discussions about the International Telecommunication Regulations (ITRs) and content have ignored this altogether, others seem concerned about its interpretation.

The ITU Secretary General has issued a statement in which he has clarified that “The new ITR treaty does NOT cover content issues and explicitly states in the first article that content-related issues are not covered by the treaty”.

Commentators like Chuan-Zheng Lee however, continue to view the treaty with suspicion, on the basis that it is necessary to examine content in order to tell whether it is spam (Lee and Chaparro differ on this question). However, others like Eric Pfanner have pointed to this paragraph in their skepticism about the US refusal to sign.

Some highlights from the plenary session discussions

The Chairman proposed the addition to Article 1.1(a) at the tenth plenary session. He did this to address concerns that the ITRs text could be interpreted to apply to content on the Internet. The original formulation that he proposed was ‘These regulations do not address and cannot be interpreted as addressing content’. This text was suggested in the middle of an extended discussion on Article 5A.

Many countries were skeptical of this insertion. Sudan argued that content could not be avoided in telecommunication networks “because it will always be in transit.” The United Arab Emirates seemed concerned about international interference in states’ existing regulation of content, and said “maybe we could actually say this in the minutes of the meeting that this regulation should not be interpreted as on alteration to Member States content regulation”.

Concerns about what the term ‘content’ means and whether it would apply broadly were raised by more than one country, including Saudi Arabia. For instance, it was argued that the text proposed by the Chairman might interfere with parts of the treaty that require operators to send tariff information correspondence. More than one country that felt that the insertion of this text would impact several parts of the treaty, and that it would be difficult to determine what amounted to dealing with content. The primary issue appeared to be that the term ‘content’ was not defined, and it therefore remained unclear what was being excluded. In response to these concerns, the Chairman withdrew his proposal for the amendment excluding content.

However, several states then spoke up in favour of the Chairman’s proposal, suggesting that the proposed amendment to Article 1.1 influenced their acceptance of Article 5A (on security and robustness of networks – discussed in detail below). Brazil suggested that an answer to the definitional concerns may be found in the work by Study Group 17, which had a definition available.

Following this, the next day, at the twelfth plenary, the Chairman brought back the Article 1.1 amendment excluding content. He stated explicitly that this amendment might be the way to get Articles 5A and 5B approved. The text he read out was insertion of the words “to the exclusion of their content”, after ‘’services’ at the end of 1.1A. Interestingly however, the term ‘content’ was never defined.

At the next plenary session, Iran raised the objection that this phrase was overbroad, and proposed the following formulation instead: “These Regulations do not address the content-related aspects of telecommunications”. This formulation found its way into the amended ITRs as the treaty stands today.

2. Does Article 5A on network security legitimize surveillance of Internet content?

Article 5A deals with ‘security and robustness of networks’ and requires member states to “individually and collectively endeavour to ensure the security and robustness of international telecommunication networks...”. This may have given rise to concerns about interpretations that may extend the security of networks to malware or viruses, and therefore to content on the Internet. However, Article 5A has to be read with Article 1.1(a), and therefore must be interpreted such that it does not ‘address the content-related aspects of telecommunications’.

Some commentators continue to see Article 5A as problematic. Avri Doria has argued that the use of the word ‘security’ in addition to ‘robustness’ of telecommunication infrastructure suggests that it means Internet security. However Emma Llansó of the Centre for Democracy and Technology has noted that the language used in this paragraph is “ far too vague to be interpreted as a requirement or even a recommendation that countries surveil users on their networks in order to maintain security”. Llansó has suggested that civil society advocates make it clear to countries which attempt to use this article to justify surveillance, that it does not lend itself to such practices.

Some highlights from the plenary session discussions

Article 5A was one of the most controversial parts of the ITRs and was the subject of much debate.

On December 11^th, in the Chairman’s draft that was being discussed, Article 5A was titled ‘security of networks’, and required members to endeavour to ensure the “security and robustness of international telecommunication networks”. The Chairman announced that this was the language that came out of Committee 5’s deliberations, and that ‘robustness’ was inserted at the suggestion of CEPT.

Several countries like Poland, Australia, Germany and the United States of America were keen on explicitly stating that Article 5A was confined to the physical or technical infrastructure, and either wanted a clarification that to this effect or use of the term ‘robustness’ instead of security. Many other countries, such as Russia and China, were strongly opposed to this suggestion and insisted that the term security must remain in the document (India was one of the countries that preferred to have the document use the term ‘security’).

It was in the course of this disagreement, during the tenth plenary session, that the Chairman suggested his global solution for Article 1.1 – a clarification that this would not apply to content. This solution was contested by several countries, withdrawn and then reinstated (in the eleventh plenary) after many countries explained that their assent to Article 5A was dependant on the existence of the Article 1 clarification about content (see above for details).

There was also some debate about whether Article 5A should use the term ‘robustness’ or the term ‘security’ (eg. The United States clarified that its preference was for the use of ‘resilience and robustness’ rather than security). The Secretary General referred to this disagreement, and said that he was therefore using both terms in the draft. The title of Article 5A was changed, in the eleventh plenary, to use both terms, instead of only referring to security.

3. Does Article 5B apply to spam content on the Internet?

The text of the amended treaty talks of ‘unsolicited bulk electronic communications’ and does not use the term ‘spam’[Article 5B says that ‘Members should endeavour to take necessary measures to prevent the propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services’].If this phrase is read in isolation, it may certainly be interpreted as being applicable to spam. Commentators like Avri Doria have pointed to sources like Resolution 130 of the Plenipotentiary Conference of the International Telecommunication Union (Guadalajara, 2010) to demonstrate that ‘unsolicited bulk electronic communications’ ordinarily means spam. However, others like Enrique A. Chaparro argue that it cannot possibly extend to content on the Internet given the language used in Article 1.1(a). Chapparo has explained, that given the exclusion of content, Article 5B it authorizes anti-spam mechanisms that do not work on content.

Article 5B, which discusses ‘unsolicited bulk electronic communications’, must be read with Article 1, which is the section on purpose and scope of the ITRS. Article 1.1 (a) specifies that the ITRs “do not address the content-related aspects of telecommunications”. Therefore it may be argued that ‘unsolicited bulk electronic communications’ cannot be read as being applicable to content on the Internet.

However, many continue to be concerned about Article 5B’s applicability to spam on the Internet. Although some of them that their fear is that some states may interpret Article 5B as applying to content, despite the contents of Article 1.1(a), many have failed to engage with the issue in the context of Article 1.1(a).

Some highlights from the plenary session discussions

Article 5B is inextricably linked with the amendment to Article 1.1. Mexico asked specifically about what the proposed amendment to Article 1.1 would mean for Article 5B: “I’m referring to the item which we’ll deal with later, namely unsolicited bulk electronic communications. Could that be referred to as content, perhaps?”. The Chairman responded saying, “This is exactly will solve the second Article 5B, that we are not dealing with content here. We are dealing with measures to prevent propagation of unsolicited bulk electronic messages”.

The amendment to Article 1.1 was withdrawn soon after it was introduced. Before it was reintroduced, Sweden said (at the eleventh plenary) that it could not see how Article 5B could apply without looking into the content of messages. The United States agreed with this and went on state that the issue of spam was being addressed at the WTSA level, as well as by other organisations. It argued that the spam issue was better addressed at the technical level than by introducing it in treaty text.

The amendment excluding content was reintroduced during the twelfth plenary. The Chairman explicitly stated that it might be the way to get Articles 5A and 5B approved.

The word ‘spam’ was dropped from the ITRs in the eight plenary, and “unsolicited bulk electronic communications” was used instead. However, in the eleventh plenary, as they listed their reasons for not signing the newly-amended ITRs, Canada and the United States of America referred to ‘spam’ which suggests that they may have viewed the change as purely semantic.

4. Does the resolution on Internet Governance indicate that the ITU plans to take over the Internet?

Much controversy has arisen over the plenary resolution ‘to foster an enabling environment for the greater growth of the Internet’. This controversy has arisen partly thanks to the manner in which it was decided to include the resolution, and partly over the text of the resolution. The discussion here focuses on the text of the resolution and then describes the proceedings that have been (correctly) criticized.

The history of this resolution, as Wolfgang Kleinwächter has explained, is that it was part of a compromise to appease the countries which were taking positions on the ITU’s role in Internet governance, that were similar to the controversial Russian proposal. The controversial suggestions about Internet governance were excluded from the actual treaty and included instead in a non-binding resolution.

The text of the resolution instructs the Secretary General to “to continue to take the necessary steps for ITU to play an active and constructive role in the development of broadband and the multi-stakeholder model of the Internet as expressed in § 35 of the Tunis Agenda”. This paragraph is particularly controversial since of paragraph 35 of the Tunis Agenda says “Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues.” Kleinwächter has pointed out that this selection leaves out later additions that have taken place with progression towards a multi-stakeholder model.

The resolution also resolves to invite member states to “to elaborate on their respective positions on international Internet-related technical, development and public-policy issues within the mandate of ITU at various ITU forums including, inter alia, the World Telecommunication/ICT Policy Forum, the Broadband Commission for Digital Development and ITU study groups”.

A little after its introduction, people began expressing concerns such as the Secretary General may treat the resolution as binding, While the language may raise cause for concern, it is important to note that resolutions of this nature are not binding and countries are free to opt out of them. Opinions vary about the intentions that have driven the inclusion of this resolution, and what it may mean for the future. However commentators like Milton Mueller have scoffed at these concerns, pointing out that the resolution is harmless and may have been a clever political maneuver to resolve the basic conflict haunting the WCIT, and that mere discussion of the Internet in the ITU harms no one.

Some highlights from the plenary session discussions

Egypt and Bulgaria suggested that the resolution refer to paragraph 55 of the Tunis agenda instead of paragraph 35, by inserted the following text “”Recognizing that the existing arrangements for Internet Governance have worked effectively to make the Internet the highly robust, dynamic and geographically diverse medium it is today, with the private sector taking the lead in day-to-day operations and with innovation and value creation at the edges.” The US was also quite insistent on this language (although it did also argue that this was the wrong forum to discuss these issues).

The Chairman was willing to include paragraph 55 in addition to paragraph 35 but Saudi Arabia objected to this inclusion. Finland suggested that the resolution should be removed since it was not supported by all the countries present and was therefore against the spirit of consensus. The Secretary General defended the resolution, suggesting both that it was harmless and that since it was a key component of the compromise, eliminating it would threaten the compromise. South Africa and Nigeria supported this stand.

It was during this debate that the procedural controversy arose. Late into the night, the Chairman said there was a long list of countries that wished to speak and said “I just wanted to have the feel of the room on who will accept the draft resolution”. He proceeded to have countries indicate whether they would accept the draft resolution or not, and then announced that the majority of the countries in the room were in favour of retaining the resolution. The resolution was then retained. Upon Spain’s raising the question, the Chairman clarified that this was not a vote. The next day, other countries raised the same question and the Chairman, while agreeing that the resolution was adopted on the basis of the ‘taking of temperature’ insisted that it was not a vote so much as an effort to see what majority of the countries wanted.

5. Does the human rights language used in the preamble, especially the part about states’ access to the Internet, threaten the Internet in any way?

The preamble says “Member States affirm their commitment to implement these Regulations in a manner that respects and upholds their human rights obligations”, and “These Regulations recognize the right of access of Member States to international telecommunication services”. The text of the preamble can be used as an interpretation aid since it is recognized as providing context to, and detailing the object and purpose of, a treaty. However if the meaning resulting from this appears to be ambiguous, obscure, absurd or unreasonable, then supplementary means such as the preparatory work for the treaty and the circumstances for its conclusion may also be taken into account.

Therefore anyone who is concerned about the impact of the text inserted in the preamble must (a) identify text within the main treaty that could be interpreted in an undesirable manner using the text in the preamble; and (b) consider preparatory work for the treaty and see whether it supports this worrying interpretation. For example, if there were concerns about countries choosing to interpret the term ‘human rights’ as subordinating political rights to economic rights, it would be important to take note of the Secretary General’s emphasis on the UDHR being applicable to all member states.

Initially, only the first insertion about ‘human rights obligations’ was part of the draft treaty. The second insertion, recognizing states’ rights followed after the discussion about human rights language. Some states argued that it was inconsistent to place human rights obligations on states towards their citizens, but to leave out their cross-border obligations. It was immediately after this text was voted into the draft, that the United States, the United Kingdom and other countries refused to sign the ITRs. This particular insertion is phrased as a right of states rather than that of individuals or citizens, which does not align with the language of international human rights. While it may not be strictly accurate to say that human rights have traditionally been individual centric (since collective rights are also recognized in certain contexts), it is certainly very unusual to treat the rights of states or governments as human rights.

Some highlights from the plenary session discussions

The United States of America and the Netherlands wanted to include language to state explicitly that states’ international human rights obligations are not altered in anyway. This was to clarify that the inclusion of human rights language was not setting the ITU up as a forum in which human rights obligations are debated. Malaysia objected to the use of human rights language in the preamble right at the outset, on the grounds that the ITRs are the wrong place for this, and that the right place is the ITU Constitution. It even pointed to the fact that jurisprudence is ever-evolving, to suggest that the meaning of human rights obligations might change over time. These were the two major perspectives offered towards the beginning of the discussion.

The Chairman underlined the fact that the Universal Declaration of Human Rights is already applicable to all UN countries. He argued that reflection of these principles in the ITRs would help build universal public faith in the conference.

The first traces of the states’ access rights can be seen in Cuba’s intervention at the ninth plenary – Cuba argued that limiting states’ access to public information networks amounted to infringement of human rights. At the fourteenth plenary, Nigeria proposed on behalf of the African group that the following text be added to the preamble “And recognize the right of access of all Member States to international telecommunication networks and services." Countries like China which had been ambivalent about the human rights language in the preamble, were happy with this move away from an individual-centric understanding of human rights, to one that sees states as representative of people.

The United States was express in its dissent, and said “human rights obligations go to the individual”. Sweden was also not happy with the proposal and argued that it moved away from well-established human rights language that affirmed existing commitments to drafting new human rights language.

It was an amended version of the African group proposal that finally found its way into the preamble. It was supported by many countries such as China, Nigeria and Sudan, who took the position that group rights are included within human rights, and that governments represent their citizens and therefore have rights on their behalf. This position was strenuously disputed by states like the USA, Switzerland, United Kingdom and Canada.

For more details visit https://cis-india.org/internet-governance/blog/five-faqs-on-amended-itrs

First Privacy and Surveillance Roundtable

anandini — 2014-08-09T04:13:50Z

The Privacy and Surveillance Roundtables are a CIS initiative, in partnership with the Cellular Operators Association of India (COAI), as well as local partners. From June 2014 – November 2014, CIS and COAI will host seven Privacy and Surveillance Roundtable discussions across multiple cities in India. The Roundtables will be closed-door deliberations involving multiple stakeholders.

Through the course of these discussions we aim to deliberate upon the current legal framework for surveillance in India, and discuss possible frameworks for surveillance in India. The provisions of the draft CIS Privacy Bill 2013, the International Principles on the Application of Human Rights to Communication Surveillance, and the Report of the Group of Experts on Privacy will be used as background material and entry points into the discussion. The recommendations and dialogue from each roundtable will be compiled and submitted to the Department of Personnel and Training.

The first of seven proposed roundtable meetings on “Privacy and Surveillance” conducted by the Centre for Internet and Society in collaboration with the Cellular Operators Association of India and the Council for Fair Business Practices was held in Mumbai on the 28th of June, 2014.

The roundtable’s discussion centered on the Draft Privacy Protection Bill formed by CIS in 2013, which contains provisions on the regulation of interception and surveillance and its implications on individual privacy. Other background documents to the event included the Report of the Group of Experts on Privacy, and the International Principles on the Application of Human Rights to Communications Surveillance.

Background and Context

The Chair of the Roundtable began by giving a brief background of Surveillance regulation in India, focusing its scope to primarily telegraphic, postal and electronic surveillance.

Why a surveillance regime now?

A move to review the existing privacy laws in India came in the wake of Indo-EU Fair Trade Agreement negotiations; where a Data Adequacy Assessment conducted by European Commission found India’s data protection policies and practices inadequate for India to be granted EU secure status. The EU’s data protection regime is in contrast, fairly strong, governed by the framework of the EU Data Protection Directive, 1995.

In response to this, the Department of Personnel and Training, which drafted the Right to Information Act of 2005 and the Whistleblower’s Protection Act, 2011 was given the task of forming a Privacy Bill. Although the initial draft of the Bill was made available to the public, as per reports, the Second draft of the Bill has been shared selectively with certain security agencies and not with service providers or the public.

Discussion

The Chair began the discussion by posing certain preliminary questions to the Roundtable:

What should a surveillance law contain and how should it function?
If the system is warrant based, who would be competent to execute it?
Can any government department be allowed a surveillance request?

A larger question posed was whether the concerns and questions posed above would be irrelevant with the possible enforcement of a Central Monitoring System in the near future? As per reports, the Central Monitoring System would allow the government to intercept communications independently without using service providers and thus, in effect, shielding such information from the public entirely.

The CIS Privacy Protection Bill’s Regulatory Mechanism

The discussion then focused on the type of regulatory mechanism that a privacy and surveillance regime in India should have in place. The participants did not find favour in either a quasi-judicial body or a self-regulatory system – instead opting for a strict regulatory regime.

The CIS Draft Privacy Protection Bill proposes a regime that consists of a Data Protection Regulation Authority that is similar to the Telecom Regulatory Authority of India, including the provision for an appellate body. The Bill envisions that the Authority will act as an adjudicating body for all complaints relating to the handling of personal data in addition to forming and reviewing rules on personal data protection.

Although, the Draft Bill dealt with privacy and surveillance under one regulatory authority, the Chair proposes a division between the two frameworks, as the former is governed primarily by civil law, and the latter is regulated by criminal law and procedure. Though in a 2014 leaked version of the governments Privacy Bill, surveillance and privacy are addressed under one regulation, as per reports, the Department of Personnel and Training is also considering creating two separate regulations: one for data protection and one for surveillance.

Authorities in Other Jurisdictions

The discussion then moved to comparing the regulatory authorities within other jurisdictions and the procedures followed by them. The focus was largely on the United States and the United Kingdom, which have marked differences in their privacy and surveillance systems.

In the United Kingdom, for example, a surveillance order is reviewed by an Independent Commissioner followed by an Appellate Tribunal, which has the power to award compensation. In contrast, the United States follows a far less transparent system which governs foreigners and citizens under separate legislations. A secret court was set up under the FISA, an independent review process, however, exists for such orders within this framework.

The Authority for Authorizing Surveillance in India

The authority for regulating requests for interceptions of communication under the Draft CIS Privacy Protection Bill is a magistrate. As per the procedure, an authorised officer must approach the Magistrate for approval of a warrant for surveillance. Two participants felt that a Magistrate is not the appropriate authority to regulate surveillance requests as it would mean vesting power in a few people, who are not elected via a democratic process.

In the present regime, the regulation of interception of telecommunications under Indian Law is governed by the Telegraph Act,1885 and the Telegraph Rules,1951. Section 5(2) of the Act and Rule 419A of the Telegraph Rules, permit interception only after an order of approval from the Home Secretary of the Union Government or of the State Governments, which in urgent cases, can be granted by an officer of the Joint Secretary Level or above of the Ministry of Home Affairs of the Union or that State’s Government.

Although most participants felt confident that a judicial authority rather than an executive authority would serve as the best platform for regulating surveillance, there was debate on what level of a Magistrate Judge would be apt for receiving and authorizing surveillance requests - or whether the judge should be a Magistrate at all. Certain participants felt that even District Magistrates would not have the competence and knowledge to adjudicate on these matters. The possibility of making High Court Judges the authorities responsible for authorizing surveillance requests was also suggested. To this suggestion participants noted that there are not enough High Court judges for such a system as of now.

The next issue raised was whether the judges of the surveillance system should be independent or not, and if the orders of the Courts are to be kept secret, would this then compromise the independence of such regulators. As part of this discussion, questions were raised about the procedures under the Foreign Intelligence Surveillance Act, the US regulation governing the surveillance of foreign individuals, and if such secrecy could be afforded in India. During the discussions, certain stakeholders felt that a system of surveillance regulation in India should be kept secret in the interests of national security. Others highlighted that this is the existing practice in India giving the example of the Intelligence Bureau and Research and Analysis Wing orders which are completely private, adding however, that none of these surveillance regulations in India have provisions on disclosure.

When can interception of communications take place?

The interception of communications under the CIS Privacy Protection Bill is governed by the submission of a report by an authorised officer to a Magistrate who issues a warrant for such surveillance. Under the relevant provision, the threshold for warranting surveillance is suspicious conduct. Several participants felt that the term ‘suspicious conduct’ was too wide and discretionary to justify the interception of communication and suggested a far higher threshold for surveillance. Citing the Amar Singh Case, a participant stated that a good way to ensure ‘raise the bar’ and avoid frivolous interception requests would be to require officers submitting interception request to issue affidavits. A participant suggested that authorising officers could be held responsible for issuing frivolous interception requests. Some participants agreed, but felt that there is a need for a higher and stronger standard for interception before provisions are made for penalising an officer. As part of this discussion, a stakeholder added that the term “person” i.e. the subject of surveillance needed definition within the Bill.

The discussion then moved to comparing other jurisdictions’ thresholds on permitting surveillance. The Chair explained here that the US follows the rule of probable cause, which is where a reasonable suspicion exists, coupled with circumstances that could prove such a suspicion true. The UK follows the standard of ‘reasonable suspicion’, a comparatively lesser degree of strength than probable cause. In India, the standard for telephonic interception under the Telegraph Act 1885 is the “occurrence of any public emergency or in the interest of public safety” on the satisfaction of the Home Secretary/Administrative Officer.

The participants, while rejecting the standard of ‘suspicious conduct’ and agreeing that a stronger threshold was needed, were unable to offer other possible alternatives.

Multiple warrants, Storing and sharing of Information by Governmental Agencies

The provision for interception in the CIS Privacy Protection Bill stipulates that a request for surveillance should be accompanied by warrants previously issued with respect to that individual. The recovery of prior warrants suggests the sharing of information of surveillance warrants across multiple governmental agencies which certain participants agree, could prevent the duplication of warrants.

Participants briefly discussed how the Central Monitoring System will allow for a permanent log of all surveillance activities to be recorded and stored, and the privacy implications of this. It was noted that as per reports, the hardware purported to be used for interception by the CMS is Israeli, and is designed to store a log of all metadata.

A participant stated that automation component of the Centralized Monitoring System may be positive considering that authentication of requests i.e. tracing the source of the interception may be made easier with such a system.

Conditions prior to issuing warrant

The CIS Privacy Protect Bill states that a Magistrate should be satisfied of either. A reasonable threat to national security, defence or public order; or a cognisable offence, the prevention, investigation or prosecution of which is necessary in the public interest. When discussing these standards, certain participants felt that the inclusion of ‘cognizable offences’ was too broad, whereas others suggested that the offences would necessarily require an interception to be conducted should be listed. This led to further discussion on what kind of categorisation should be followed and whether there would be any requirement for disclosure when the list is narrowed down to graver and serious offences.

The chair also posed the question as to whether the term ‘national security’ should elaborated upon, highlighting the lack of a definition in spite of two landmark Supreme Court judgments on national security legislations, Terrorist and Disruptive Activities Act,1985 and the Prevention of Terrorism Act, i.e. Kartar Singh v Union of India [1] and PUCL v Union of India.[2]

Kinds of information and degree of control

The discussion then focused on the kinds of information that can be intercepted and collected. A crucial distinction was made here, between content data and metadata, the former being the content of the communication itself and the latter being information about the communication. As per Indian law, only content data is regulated and not meta-data. On whether a warrant should be issued by a Magistrate in his chambers or in camera, most participants agreed that in chambers was the better alternative. However, under the CIS Privacy Protection Bill, in chamber proceedings have been made optional, which stakeholders agreed should be discretionary depending on the case and its sensitivity.

Evidentiary Value

The foundation of this discussion, the Chair noted, is the evidentiary value given to information collected from interception of communications. For instance, the United States follows the exclusionary rule, also known as the “fruit of the poisonous tree rule”, where evidence collected from an improper investigation discredits the evidence itself as well as further evidence found on the basis of it.

Indian courts however, allow for the admission of evidence collected through improper collection, as does the UK. In Malkani v State of Maharashtra[3] the Supreme Court stated that an electronically recorded conversation can be admissible as evidence, and stated that evidence collected from an improper investigation can be relied upon for the discovery of further evidence - thereby negating the application of the exclusionary rule.

Emergent Circumstances: who should the authority be?

The next question posed to the participants was who the apt authority would be to allow surveillance in emergent circumstances. The CIS Privacy Protection Bill places this power with the Home Secretary, stating that if the Home Secretary is satisfied of a grave threat to national security, defence or public order, he can permit surveillance. The existing law under the Telegraph Act 1885 uses the term ‘unavoidable circumstance’, though not elaborating on what this amounts to for such situations, where an officer not below the rank of a Joint Secretary evaluates the request. In response to this question, a stakeholder suggested that the issuing authority should be limited to the police and administrative services alone. In the CIS Privacy Protection Bill - a review committee for such decisions relating to interception is comprised of senior administrative officials both at the Central and State Government level. A participant suggested that the review committee should also include the Defence secretary and the Home secretary.

Sharing of Information

The CIS Privacy Protection Bill states that information gathered from surveillance should not be shared be shared amongst persons, with the exception that if the information is sensitive in terms of national security or prejudicing an investigation, an authorised officer can share the information with an authorised officer of any other competent organisation.

A participant highlighted that this provision is lacking an authority for determining the sharing of information. Another participant noted that the sharing of information should be limited amongst certain governmental agencies, rather than to ‘any competent organisation.’

Proposals for Telecommunication Service Providers

In the Indian interception regime, although surveillance orders are passed by the Government, the actual interception of communication is done by the service provider. Certain proposals have been introduced to protect service providers from liability. For example, an execution provision ensures that a warrant is not served on a service provider more than seven days after it is issued. In addition an indemnity provision prevents any action being taken against a service provider in a court of law, and indemnifies them against any losses that arise from the execution of the warrant, but not outside the scope of the warrant. During discussions, stakeholders felt that the standard should be a blanket indemnity without any conditions to assure service providers.

Under the Indian interception regime, a service provider must also ensure confidentiality of the content and meta data of the intercepted communications. To this, a participant suggested that in situations of information collection, a service provider may have a policy for obtaining customer consent prior to the interception. The Information Technology (Reasonable security practices and procedures and sensitive personal information) Rules, 2011 are clearer in this respect, which allow for the disclosure of information to governmental agencies without consent.

Another participant mentioned that the inconsistencies between laws on information disclosure and collection, such as the IT Act, the Right to Information Act and the recently enacted Whistleblower’s Protection Act, 2011 need to be harmonised. Other stakeholders agreed with this, though they stated that surveillance regulations should prevail over other laws in case of any inconsistency.

Conclusions

The inputs from the Bombay Roundtable seem to point towards a more regulated approach, with the addition of a review system to enhance accountability. While most stakeholders here agreed that national security is a criterion that takes precedence over concerns of privacy vis-à-vis surveillance, there is a concomitant need to define the limits of permissible interception. The view here is that a judicial model would prove to be a better system than the executive system; however, there is no clear answer as of yet on who would constitute this model. While the procedure for interception was covered in depth, the nature of the information itself was covered briefly and more discussion would be welcome here in forthcoming sessions.

Click to download the Report (PDF, 188 Kb)

[1]. 1994 4 SCC 569.

[2]. (1997) 1 SCC 301.

[3]. [1973] 2 S.C.R. 417.

For more details visit https://cis-india.org/internet-governance/blog/privacy-surveillance-roundtable-mumbai

First Meeting of the Multistakeholder Advisory Group for India Internet Governance Forum

praskrishna — 2014-03-06T05:28:38Z

The Department of Electronics and Information Technology organized a meeting of the Multistakeholder Advisory Group (MAG) for India Internet Governance Forum (IIGF) at Electronics Niketan in New Delhi on February 10, 2014. Sunil Abraham participated in this meeting.

For more details visit https://cis-india.org/news/first-meeting-of-mag-india-internet-governance-forum

First Look: CIS Cybersecurity documentary film

purba — 2013-12-17T08:16:42Z

CIS presents the trailer of its documentary film DesiSec: Cybersecurity & Civil Society in India

The Centre for Internet and Society is pleased to release the trailer of its first documentary film, on cybersecurity and civil society in India.

The documentary is part of the CIS Cybersecurity Series, a work in progress which may be found here.

DesiSec: Cybersecurity and Civil Society in India

The trailer of DesiSec: Cybersecurity and Civil Society in India was shown at the Internet Governance Forum in Bali on October 24. It was a featured presentation at the Citizen Lab workshop, Internet Governance For The Next Billion Users.

The transcript of the workshop is available here: http://www.intgovforum.org/cms/component/content/article/121-preparatory-process/1476-ws-344-internet-governance-for-the-next-billion-users

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer

First draft of Technology Business Incubators: An Indian Perspective and Implementation Guidance Report

vidushi — 2015-07-25T16:14:44Z

The Centre for Internet and Society presents the first draft of its analysis on technology business incubators("TBI") in India. The report prepared by Sunil Abraham, Vidushi Marda, Udbhav Tiwari and Anumeha Karnatak looks at operating procedures, success stories and lessons that can be learnt from TBIs in India.

A technology business incubator (TBI) is an organisational setup that nurtures technology based and knowledge driven companies by helping them survive during the startup period in the company’s history, which lasts around the initial two to three years. Incubators do this by providing an integrated package of work space, shared office services, access to specialized equipment along with value added services like fund raising, legal services, business planning, technical assistance and networking support. The main objective of the technology business incubators is to produce successful business ventures that create jobs and wealth in the region, along with encouraging an attitude of innovation in the country as a whole.

The primary aspects that this report shall go into are the stages of a startup, the motivational factors behind establishing incubators by governments & private players, the process followed by them in selecting, nurturing talent as well as providing post incubation support. The report will also look at the role that incubators play in the general economy apart from their function of incubating companies, such as educational or public research roles. A series of case analysis of seven well established incubators from India shall follow which will look into their nurturing processes, success stories as well as lessons that can be learnt from their establishment. The final section shall look into challenges faced by incubators in developing economies and the measures taken by them to overcome these challenges.

Download the full paper

For more details visit https://cis-india.org/internet-governance/blog/technology-business-incubators