Access To Knowledge (A2K)

February 11: The Day We Fight Back Against Mass Surveillance

divij — 2014-02-14T06:00:05Z

The expansive surveillance being perpetuated by governments and corporations is the single biggest threat to individual liberties in the digital age.

The expanding scope and extent of massive data collection and surveillance undertaken by bodies like the USA’s National Security Agency compromises our privacy and stifles our freedom of speech and expression in its most vital public spheres, affecting the civil liberties of citizens of countries all across the world.

The previous year has been a watershed year for reclaiming the internet as a free and open space, primarily through the exposure of the unwarranted systems of surveillance that threaten it, by whistle-blowers like Edward Snowden and WikiLeaks. Despite all these efforts, they have only managed a dent in the surveillance regimes, which continue unbridled, with the protection of the state and the surveillance industry. The future of a free internet depends upon the systematic challenge of these programs by the millions of internet users they affect.

February 11, 2014 is the day we fight back against mass surveillance. Organized by the Electronic Frontier Foundation, and supported by thousand of organizations like Mozilla and the Centre for Internet and Society, on this day of action, citizens around the world will demand an end to these programs that threaten the freedom of the internet. You can support this cause by signing and supporting the 13 Principles (International Principles on the Application of Human Rights to Communications Surveillance), and contacting your local media, petitioning your local legislators and telling your friends and colleagues about the topic. Publicizing the movement and creating a buzz around it will help spread the message to many others across the internet. Do anything that will make the fight more visible and viable, such as organizing or attending public lectures, or creating tools or memes or art to spread information. For more ways in which you can contribute, and more information on the event, visit the website.

The users of the internet deserve a free and open internet and deserve and end to mass surveillance. If we can make enough noise, make enough of an impact, we can greatly bolster the movement for reclaiming the internet.

For more details visit https://cis-india.org/internet-governance/blog/the-day-we-fight-back-against-mass-surveillance

Fear, Uncertainty and Doubt

sunil — 2015-04-17T01:44:39Z

Much confusion has resulted from the Section 66A verdict. Some people are convinced that online speech is now without any reasonable restrictions under Article 19 (2) of the Constitution. This is completely false.

There are many other provisions within the IT Act that still regulate speech online, for example the section on obscenity (Sec. 67) and also the data protection provision (Sec. 43A). Additionally there are provisions within the Indian Penal Code and other Acts that regulate speech both online and offline. For example, defamation remains a criminal offence under the IPC (Sec. 499), and disclosing information about children in a manner that lowers their reputation or infringes their privacy is also prohibited under the Protection of Children from Sexual Offences Act, 2012 (Sec. 23).

Others are afraid that the striking down of Section 66A results in a regulatory vacuum where it will be possible for bad actors to wreak havoc online because the following has been left unaddressed by the IT Act.

Criminal Intimidation: The phrase "criminal intimidation" was included in Sec. 66A(b), but the requirement was that intimidation should be carried out using "information which he knows to be false". Sec. 506 of the IPC which punishes criminal intimidation does not have this requirement and is therefore a better legal route for affected individuals, even though the maximum punishment is a year shorter than the three years possible under the IT Act.
Cyber-stalking: A new section for stalking - Sec. 345 D - was added into the IPC in 2013 which also recognised cyber stalking. The definition within Sec.345D is more precise compared to the nebulous phrasing in Sec. 66A, which read - "monitors the use by a woman of the internet, email or any other form of electronic communication, commits the offence of stalking".
Phishing: Sec. 66A (c) dealt with punishment to people who "deceive or mislead the addressee or recipient about the origin of such messages". Sec.66D, which will be the operative section after this verdict, deals with "cheating by impersonation" and forms a more effective safeguard against phishing.

Cyber-bulling of children is arguably left unaddressed. Most importantly, spam, the original intention behind 66A, now cannot be tackled using any existing provision of the law. However, the poorly drafted section made it impossible for law enforcement to crack down on spammers. A 2005 attempt by the ITU to produce model law for spam based on a comparative analysis of national laws resulted in several important best practices that were ignored during the 2008 Amendment of the Act. For example, the definition of spam must cover the following characteristics - mass, unsolicited and commercial. All of which was missing in 66A.

Good quality law must be drafted by an open, participatory process where all relevant stakeholders are consulted and responded to before bills are introduced in parliament.

A scanned copy of the article was published in the Deccan Chronicle on March 26, 2015.

For more details visit https://cis-india.org/internet-governance/blog/deccan-chronicle-march-26-2015-sunil-abraham-fear-uncertainty-doubt

FCRA July - September 2023

Admin — 2023-10-18T23:49:10Z

For more details visit https://cis-india.org/about/reports/fcra-july-september-2023

FCC’s plan to repeal net neutrality may not impact India

Admin — 2017-11-26T11:43:59Z

India is unlikely to be impacted by the US Federal Communications Commission’s plan to repeal net neutrality regulations.

The article by Surabhi Agarwal was published in the Economic Times on November 23, 2017. Sunil Abraham quoted.

India adopted a pro-net neutrality stand by taking a tough call against zero-rated plans such as Facebook’s Free Basics and Airtel Zero last year. According to experts, the Indian telecom regulator showed great courage and conviction by battling any type of preferential treatment of internet websites. This was even after a massive campaign by Facebook in support of its Free Basics programme, which promised access to a few basic services free of cost through partnerships with selected telecom service providers.

“Our regulator now thinks of itself as a forerunner in this space, so we doubt they are going to be influenced by the American move,” said Sunil Abraham, Executive Director of the Centre for Internet and Society in Bengaluru. He called the proposal to withdraw the President Barack Obama era regulations “incredible” since they took almost a decade and lots of debate to be framed. Abraham said there is no evidence to suggest that India copies what the US does and there is a long way to go before the new regulations come in.

“The FCC is just one actor in this game — there are the Congress and the courts along with the Federal Trade Commission,” said Abraham, adding that the proposal is likely to be challenged at multiple levels. “I’m proposing to repeal the heavy-handed Internet regulations imposed by the Obama Administration and to return to the light-touch framework under which the Internet developed and thrived before 2015,” FCC chief Ajit Pai, who worked for Verizon Communications earlier, tweeted on Tuesday. The plan shared by Pai will be put to vote on December 14. Experts expect the plan to go through, given the Republican majority in the FCC and they fear it will allow internet service providers like Verizon, AT&T and Comcast to give preference to some sites and apps in return for a fee or for their own business interests.

“If it goes through, it will take control away from the user and companies will be free to make fast lanes and favour the content they like and play the gatekeepers,” said Mishi Choudhary, president at Software Freedom Law Centre.

She said the conversation has once again moved the power back to internet service providers, which will hurt small companies on the pretext of innovation and getting away from micro managing. “It is certainly not bolstering the position of the US as a leader for free and open internet,” added Choudhary. Streaming service Netflix tweeted in response saying that it supports strong net neutrality and opposes the FCC’s proposal.

The Telecom Regulatory Authority of India (Trai) fought a tough battle in 2016 against plans that promised select internet services to poor people by offering them free of cost. The regulator issued differential pricing regulations by which it banned what’s known as zerorating plans. “Trai showed immense foresight by releasing the rules and this is a good opportunity for India to occupy the vacuum of leadership in this space by providing the right regulatory environment,” said Choudhary.

For more details visit https://cis-india.org/internet-governance/news/economic-times-surabhi-agarwal-november-23-2017-fcc-plan-to-repeal-net-neutrality-may-not-impact-india

FB & Google have already monopolised Indian cyberspace

praskrishna — 2016-07-08T15:59:46Z

In an interview with Catch, Sunil Abraham, executive director of Center for Internet & Society, puts the recent US-India cyber relationship framework into perspective. Abraham also talks about how Indian surveillance policies are outdated and why the country has failed to check the hegemonic tendencies of companies like Facebook and Google.

The interview was published by Catch News on July 3, 2016.

US-India signed a cyber relationship framework earlier this month. Could you explain some of the takeouts that may have important implications in the near future?

In the framework, both sides have made a "commitment to the multi-stakeholder model of Internet governance" - in immediate practical terms that means India will accept the Internet Assigned Numbers Authority (IANA) transition proposed for the Internet Corporation for Assigned Names and Numbers (ICANN). Unfortunately, as my colleague Pranesh Prakash points out "U.S. state control over the core of the internet's domain name system is not being removed by the transition that is currently underway."

India along with Brazil and other emerging powers should have insisted that the question of jurisdiction be addressed before the transition. We must remember, that the multi-stakeholder model is just a fancy name for open and participatory self-regulation by the private sector. While the multi-stakeholder model is useful as a complement to traditional state-led regulation, it cannot be used to protect human rights or ensure the security of a nation state.

[That is precisely why - the very next sentence in the announcement for the the framework for the US-India Cyber Relationship says "a recognition of the leading role for governments in cyber security matters relating to national security". This is because ICANN-style multistakeholderism requires all stakeholders to be on "equal footing" without "distinct roles and responsibilities". In other words, the governments are saying that the multistakeholder model is fine for all Internet Governance areas with the exception of Cyber Security. Given the limits of the multistakeholder model this is indeed the wise thing to do. Since American corporations dominate the Internet, US foreign policy has historically pushed for the multistakeholder model as fig leaf for forbearance and reduced foreign regulatory burden American corporations operating in other jurisdictions. Therefore India must not drink the multistakeholder cool-aid whole sale. It cannot afford a laissez-faire approach where it waits for corporations to self-regulate - it must regulate whenever public interest or human rights are harmed. In other words, it must go beyond the multistakeholder model and produce appropriate regulation where necessary. Needless to add - it must also deregulate in areas where harms don't exist. Apart from this many of the details of the announcement are positive steps that will increase security in India and the USA, and indeed the also across the world.]

What are some aspects of Intellectual Property Rights that should be looked at, in the context of the framework?

There is some language around Intellectual Property Rights (IPR) that should be examined carefully too. The US corporations benefit from a maximalist IP regime. But Make in India, Digital India and Startup India all depend on flexibilities to the IP regime and therefore India should refuse signing. Trans-Pacific Partnership (TPP) obligations like the "Digital 2 Dozen" which the US is actively proselytizing across the Pacific. If we make that mistake, we will make zero progress in indigenous security research and product development and also many other areas of our economy, health sector and education sector will be severely compromised. Therefore it would be best to keep IP rights expansion and enforcement out of the framework for the US-India Cyber Relationship.

The PIL seeking a ban on WhatsApp was refused by the SC recently. Encrypted messaging services like Telegram however, have been used in the past by terror groups. What's your take on such end-to-end encryption services?

Privacy and security are two sides of the same coin. You cannot have one without the other. End-to-end encryption is the basis for online privacy. End-to-end encryption is a pre-requisite for many legitimate actions of law abiding citizens online such as commerce, banking, tele-medicine, protection of intellectual property, witness/source protection, client confidentiality etc. Therefore, banning end-to-end encryption would mean the death of individual privacy and national security.

If the government wants to promote cyber security it should promote the use of end-to-end encryption amongst law abiding citizens.

Terrorist have to be stopped through targeted profiling, surveillance and interception. Big data analytics may be useful to watch for patterns in the meta data but there is no replacement for good old fashioned police work.

Once suspects have been identified the encrypted channels can be compromised by:

Placing trojans on the end-user devices
Performing man-in-the-middle attacks and
Using brute force attacks with super computers.

Snowden's revelations have made it very clear that blanket and mass surveillance does not help foil terror attacks or stop organised crime. So far, research and government reports from across the world indicate that only a minority of terrorists use encryption. However, this situation may change.

We don't have any proper encryption policy under the IT Act yet. What's taking so long and what are the key points that any policy in this matter must include in future?

We need many different types of encryption policies. We need a policy that mandates encryption and digital signature for all government personnel and also for all government transactions. We need policies that promote research and development in cryptography and mathematics. We need to update our criminal procedure code so that encrypted communications and data can be targeted by law enforcement and used effectively in the criminal justice process.

However, we should not have any broad encryption policy that tries to regulate encryption as a technology. That would be a highly regressive move and will be impossible to enforce. That would breed contempt for rule of law.

Surveillance and the tech around it has been contentious for various governments. Where do we stand vis-a-vis regulating surveillance measures by the state?

Our surveillance and interception laws are outdated. They need to be modernized to deal with advancements in technology and also global developments when it comes to data protection and privacy law.

In fact, our organisation was part of a global effort called Necessary and Proportionate which identified 13 principles to modernise surveillance which are connected to various aspects such as Legality, Legitimate aim, Competent judicial authority, Integrity of communications and systems and more. Some of these principles may have to be customised for the Indian context. [For example, given the load on courts perhaps India should stay with executive authorization of interceptions and data access requests. However, getting the law correct is only half the job. For the law cannot fix what the technology has broken. Some surveillance projects are well designed. For ex. the NATGRID - from what I understand it is a standard and platform that which will allow 12 security, intelligence and law enforcement agencies to temporarily make unions of sub-sets of 21 data sources. These automated temporary databases will be created under existing data access provisions of the law. I also hope the NATGRID is also using cryptography to ensure the maintenance of a non-repudiable log that will identify all officers involved in authorizing the each request and accessing the resultant data. Unfortunately, other surveillance projects are unmitigated disasters. For example, UID or Aadhaar. Many Indians don't realize that Aadhaar is a surveillance project. Biometrics is just a fancy name for remote, covert and non-consensual identification technology. Using the UID database the government can identify every single Indian without their consent. The so called "consent layer" in the India Stack is being developed by volunteers outside the UIDAI to avoid transparency under the Right to Information Act. Nothing in the current layer of the "consent layer" allows citizens to revoke consent. There is no facility in the UID Act to delete yourself from the database. Identity information aka the UID number and authentication information aka your biometrics for about a billion Indians have been collected and stored in a centralized location. It is as if our parliamentarians have written an open letter to criminals and foreign governments says "here is the information you need to wreck whole sale damage - come and get it". Hopefully the Supreme Court will save us from this impending disaster.]

With a sluggish US market, India has the biggest potential for companies like FB & Google, next only to China. Do you feel that in the quest to take over the Indian market, FB & Google are going to monopolise cyberspace in India?

I have news for you - they have already monopolised Indian cyberspace. They have completely wiped out competition in certain domains.

One of the many reasons they have done this is because we don't have laws and regulations to temper their hegemonic tendencies. For example, we could use data portability and interoperability mandates for social media to spark competition in markets where there are entrenched monopolies.

Competition law can be used to protect other firms from abuse of market power. Consumer protection law and privacy law could be used to ensure that user's rights are not compromised in the race for market share. In addition, a modern privacy law compliant with the best practices in the European Data Protection Regulation 2016, would allow emerging Indian companies to compete with giants like Facebook and Google on a level playing field. [Speaking of level playing field - only recently has the government introduced the "equalization levy". This was long overdue. Imagine the amount of tax that could have been collected so far and damage that has been done to competition. Regardless the current NDA government deserves our kudos for ensuring that Facebook and Google contribute their fair share of taxes. The new IPR Policy was also an opportunity to address the monopoly of Google and Facebook. There should have been a concerted attempt to use free/open source software, open standard and open content to bolster Indic language technologies. A billion dollars from every spectrum auction should be used to create incentives for Indian private sector, research and academic organisation who can contribute openly to the Indic cyberspace. This is the market where we can still build a highly competitive market. Today, given government inaction - millions of Indians are training Google's language platforms every time they use machine translation or speech to text technologies. This corpus of information will not be available for public interest research. Ideally we should also have Indians contributing to commons-based peer production projects like Wikipedia for their Indic language needs. Unfortunately the government totally missed this opportunity.]

For more details visit https://cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace

Farming the Future: Deployment of Artificial Intelligence in the agricultural sector in India

Elonnai Hickok, Arindrajit Basu, Siddharth Sonkar and Pranav M B — 2019-10-16T13:41:02Z

This case study was published as a chapter in the joint UNESCAP-Google publication titled Artificial Intelligence in Public Service Delivery. The chapter in its final form would not have been possible without the efforts and very useful interventions by our colleagues at Digital Asia Hub,Google, and UNESCAP.

Although agriculture is a critical sector for India’s economic development, it continues to face many challenges including a lack of modernization of agricultural methods, fragmented landholdings, erratic rainfalls, overuse of groundwater and a lack of access to information on weather, markets and pricing. As state governments create policies and frameworks to mitigate these challenges, the role of technology has often come up as a potential driver of positive change.

Farmers in the southern Indian states of Karnataka and Andhra Pradesh are facing significant challenges. For hundreds of years,these farmers have relied on traditional agricultural methods to make sowing and harvesting decisions, but now volatile weather patterns and shifting monsoon seasons are making such ancient wisdom obsolete. Farmers are unable to predict weather patterns or crop yields accurately, making it difficult for them to make informed financial and operational decisions associated with planting and harvesting. Erratic weather patterns particularly affect those farmers who reside in remote areas, cut off from meaningful accessto infrastructure and information. In addition to a lack of vital weather information, farmers may lack information about market conditions and may then sell their crops to intermediaries at below-market prices.

Against this backdrop, the state governments and local partners in southern India teamed up with Microsoft to develop predictive AI services to help smallholder farmers to improve their crop yields and give them greater price control. Since 2016 three applications have been developed and applied for use in these communities, two of which are discussed in this case study: the AI-sowing app and the price forecasting model.

Click to read the report here.

For more details visit https://cis-india.org/internet-governance/blog/artificial-intelligence-in-the-delivery-of-public-services-elonnai-hickok-pranav-bidare-arindrajit-basu-siddharth-october-16-2019-farming-the-future

FAQ on the Aadhaar Project and the Bill

Elonnai Hickok, Vanya Rakesh, and Vipul Kharbanda — 2016-04-13T14:06:43Z

This FAQ attempts to address the key questions regarding the Aadhaar/UIDAI project and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 (henceforth, Bill). This is neither a comprehensive list of questions, nor does it contain fully developed answers. We will continue to add questions to this list, and edit/expand the answers, based on our ongoing research. We will be grateful to receive your comments, criticisms, evidences, edits, suggestions for new answers, and any other responses. These can either be shared as comments in the document hosted on Google Drive, or via tweets sent to the information policy team at @CIS_InfoPolicy.

To comment on and/or download the file, click here.

For more details visit https://cis-india.org/internet-governance/blog/aadhaar-project-and-bill-faq

Faking it on WhatsApp: How India's favourite messaging app is turning into a rumour mill

praskrishna — 2017-05-19T14:44:05Z

Spreading fast and wild on WhatsApp fake news about riots, ‘miracle’ currency

The article by Samarth Bansal was published in the Hindustan Times on May 19, 2017. Pranesh Prakash was quoted.

It didn’t take long after demonetisation for almost everyone to hear about the ‘special properties’ of the new Rs 2000 note, which was said to include a ‘built-in GPS-enabled nano-chip’. News of this high-tech feature spread rapidly, even though there was no notification about it from the Reserve Bank of India or any other government department. What there was, instead, was a popular WhatsApp message.

WhatsApp messages were involved in another fake-news controversy the very same month, when word of a salt shortage in North India spread widely. The fake news unleashed panic, and in Hyderabad, among other places, salt prices increased by a factor of four. It even extracted a victim, a woman died in Bakarganj Bazaar, Kanpur, when she slipped and fell into a drain in a panicked buying melee.

This isn’t the only time that fake news that circulated on WhatsApp led to violence. In 2013, messages sent on WhatsApp helped to incite riots in Muzaffarnagar. A two-year old video of a lynching in Pakistan was mischievously promoted as an attack on two Hindu boys by Muslims in Kawal village of Muzaffarnagar. The video, in turn, provoked calls for revenge. Though the police blocked the video on the internet, its spread could not be stopped on the app.

Facebook, WhatsApp’s parent company, has faced much flak for not curbing the circulation of fake news. On its part, Facebook has now said it will try to flag questionable news stories with the help of users and external fact checkers to cope with this problem.

But the instant messaging app poses similar challenges in a particularly intractable form. WhatsApp offers a particularly private medium of communication, something many people like about it. A case currently being heard at the Supreme Court of India concerns the protection of this very quality — while WhatsApp would like to allow Facebook to access its user data, a PIL contends that this move would be a violation of privacy.

The same factors of WhatsApp’s design that protect its users also make it difficult or impossible to study many aspects of communication on the platform. Even as anecdotal evidence piles up that WhatsApp is being used to distribute fake news, then, it remains hard to know just what is happening or what can be done in response.

Facebook vs WhatsApp

The differences between WhatsApp and Facebook dictate the ways people share news on each platform. “Facebook is a social platform where people express their concerns, react, and build perceptions based on an individual’s posts,” says Anoop Mishra, a digital marketing and social media consultant. “However, on WhatsApp, which is an end-to-end messaging platform, people share content in a more personal and closed way.”

It is because the primary mode of sharing on instant messaging apps is one-to-one, as opposed to the one-to-many relationship on Facebook, that the former feels more personal. This personal quality of most of the content shared directly or on small groups via WhatsApp carries with it the implicit endorsement of people you know. Given that the app is now a large and growing part of people’s lives on mobile devices, the way it influences news consumption demands more attention. “Lack of content moderation and privacy controls gives WhatsApp an edge over Facebook for sharing any type of multimedia content,” says Mishra.

For instance, to get your friends’ attention on Facebook, you need to tag them. Not every post by every friend shows up on your news feed; what you see is dictated by an algorithm. WhatsApp has a big advantage here since it works like a text message. You know that your message will be received by everyone you send it to.

A black hole for content

There is no non-anecdotal way to track the spread of content on WhatsApp. Facebook, for instance, is compatible with analytics tools capable of determining that a particular news report has been shared 7,000 times, say, or viewed 20,000 times.

Such analysis is not feasible with WhatsApp, which offers no way to mine social media data to understand the patterns, trends, or reach of any given message. Even its original source is completely opaque. What is true of particular texts also applies to the total sum of activity on WhatsApp: it is impossible to determine what kinds of messages the public is sharing most, what sorts of conditions people are sharing these messages in, or where in the world they are spreading.

Surpassing one billion

WhatsApp arrived in India at the beginning of the decade. At that time, chat apps were generally considered to be interchangeable with text messages. Today they’re widely understood to support sharing of all forms of multimedia content — photos, videos, audio files and even text documents.

Simplicity is one of WhatsApp’s signature virtues. All you need to do is download it: the programme automatically scans your phone book and links up with your contacts who are also users. Crucially, you don’t even need a password. According to Guide to Chat Apps, a report by the Tow Center for Digital Journalism at Columbia University, the requirement of a password is “a significant barrier to entry for many people in emerging markets when it comes to other apps and social media platforms.”

In February 2016, WhatsApp crossed the one billion mark for active users worldwide. India is its largest market, with about 160 million active users.

WhatsApping the news

WhatsApp’s reach and growing role in the consumption of photos and videos has prompted media companies to take it seriously as a distribution channel. A report by the Reuters Institute for the Study of Journalism highlights the increasing adoption of new social networks among young people and the growing importance of recommendations as a gateway to news. “The digital generation expects the news to come to them,” says the report’s author journalist Nic Newman in a press release. “Young people rarely go directly to a mainstream news website anymore.”

But unlike apps like WeChat and Snapchat, which are gaining currency among millennials, WhatsApp hasn’t positioned itself as a media distribution platform. Media organisations have been experimenting nonetheless. For instance, the BBC ran pilots on WhatsApp and WeChat for the Indian elections in 2014. Users subscribed to the BBC news service on WhatsApp by adding a number to their contacts and sending a request message to join. They were then put on a broadcast list that sent them up to three updates a day in Hindi and English. Many media outlets, including ours, now have a WhatsApp sharing icon on their mobile websites.

For all its susceptibility to the dissemination of fake news, WhatsApp presents unique challenges to the mass sharing of content, just as it does for the mass tracking of it. It has no official application program interface (API), the service which allows programmers to build applications that automate the functions of a platform. “An official WhatsApp API release could spawn an entirely new industry of startups, in much the same way that the release of Twitter’s API did,” says the Tow Center report. “Except this time, it could be even bigger, given WhatsApp’s near-billion account user base.” Reaching out to a wider audience on WhatsApp — with either fake or authentic news — needs to be performed manually, via broadcast lists, which allow you to send the same message to many people at once, and groups.

State of control

Fake news might lead only to harmless speculation or minor inconvenience, as it did with rumours about the Rs 2000 note, or it could be dangerous, as was the case during the Muzaffarnagar riots. Pranesh Prakash, a policy director at the Centre for Internet and Society, a research and advocacy group focused on digital technology, believes that social media rumours gain potency after the imposition of censorship, under which people begin to wonder what the government is trying to conceal. “There is no way rumours can be completely quelled,” he says, “but the state can act against rumours through clear communication that calls out particular rumours, and tells people not to believe them.”

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-samarth-bansal-faking-it-on-whatsapp-how-india-s-favourite-messaging-app-turned-into-a-rumour-mill

Faking a stand

praskrishna — 2015-09-27T12:41:51Z

A 'Like' here, a forward there, new-age India's patriotism is confined to social media

The article by Shweta T. Nanda was published in the Week on September 20, 2015. Pranesh Prakash was quoted.

On the eve of Independence Day, Pune-based homemaker Archana Chaurasia, 36, was engaged in an animated conversation with friends when a WhatsApp message notification broke the rhythm of their chat. The content of the forwarded text pushed her into a deep thought for a few seconds. Brimming with pride, she forwarded it to five others on her contact list before returning to the chitchat.

The message read:
The property left behind by Dr A.P.J. Abdul Kalam:
He owned 6 pants (2 DRDO uniforms), 4 shirts (2 DRDO uniforms), 3 suits (1 western, 2 Indian), 2500 books, 1 flat (which he has donated), 1 Padmashri, 1 Padmabhushan, 1 Bharat Ratna, 16 doctorates, 1 website, 1 twitter account, 1 email id. He didn't have any TV, AC, car, jewellery, shares, land or bank balance.

He had even donated the last 8 years' pension towards the development of his village. He was a real patriot and true Indian... India will forever be grateful to you, sir… Is there any politician compared to him? Make sure all your friends and dear ones read this before 15th August.

“Such forwards evoke patriotism. While most of us aren’t able to do much for the nation, the least one can do is forward such interesting messages and share your love for the country,” explains Chaurasia.

Taken in by a sense of national pride, netizens are not thinking twice before forwarding messages. What we overlook though is how such innocent forwards are propelling a sense of false patriotism, especially among the youth. Often, the content of such messages is erroneous. For instance, DRDO doesn’t have a uniform!

Similarly, you might have thought that when the Empire State Building in New York was lit up in tricolour for Independence Day, it was a US government initiative. But in reality, some Indian Americans had raised money, booked it in advance and adorned it with saffron, white and green lights. The building can be booked in advance by anyone like a swish hall in a five-star hotel.

The messages could be provocative in the garb of ‘faux patriotism’—a recent video clip showing Indian Army firing at its Pakistani counterpart was, in fact, a footage of a three-year-old artillery exercise. Likewise, forwarded messages claiming Brahmos Missiles have been deployed on the Indo-Pak border and UNESCO has judged Jana Gana Mana as the world’s best national anthem were also incorrect.

“The desire to proclaim the greatness of your own political identity, which can often be linked to a religion, is a large part of what fuels the forwarding phenomenon, apart from the innate desire to share new-found knowledge,” says Pranesh Prakash, policy director at The Centre for Internet and Society, Bengaluru. That is why, forwarded messages that celebrate the achievements of historical figures and reassert that Indians have always been great go viral, he explains. “As you trust the person who is sending it, you don’t think about its accuracy. In fact, you don’t tend to question the authenticity of anything that reinforces a view that you already hold,” he says.

Faiz Ullah, assistant professor of media and cultural studies at Tata Institute of Social Sciences, Mumbai, however, looks at it as the signal of a changing society, one that is witnessing the rise of a show-off culture, symbolism and individualism.

“The idea of patriotism is being trivialised,” he says. “It happens when you let the market decide your action. You are known for what you consume than what you give up. And the focus is more on forwarding patriotic messages or marketers announcing freedom sales than doing something substantial for the nation.”

E-forwards are a powerful tool in mobilising people, says Gaurav Singh, owner of Poltubaaz, an election management firm and political consultancy. The Delhi-based company also offers bulk e-texting services across social media and communication platforms.

While there is no study on the exact market size and open rate of such forwards across platforms, in case of emails, says Singh, out of 100 such messages, at least 30 are opened by users. Data analytics also allows one to zero in on the areas of interest of users and forward them relevant content accordingly.

“Some people create such messages just for fun, some do it to serve a commercial purpose, and some others aim to gain political mileage out of it,” says Singh. “For instance, supporters of political parties or those who swear by a certain kind of ideology create and circulate such messages to evoke a particular kind of mass sentiment.” Agrees Rakshit Tandon, a consultant with Internet and Mobile Association of India: “These networks play a key role in peddling strong ideologies.”

Congress spokesman Randeep Singh Surjewala says many such messages are the work of BJP supporters, who want to alter the country’s cultural landscape to reap long-term political dividends. “Their dirty tricks department is using vitriolic measures and false propaganda to influence people,” he says.

But Vinod Bansal, a spokesman of Vishva Hindu Parishad and Bajrang Dal, says these organisations don't believe in false propaganda but in doing national service. “Anyway, if such forwarded messages are factually correct and evoke patriotism, there is nothing wrong with them,” he says. For instance, if a video of terrorist Yakub Memon’s hanging is being popularised, you can’t call it Hinduisation; instead it is nationalism, he adds.

Another entrepreneur who owns a political campaign management firm that provided consultancy services to a national party in the 2014 general elections, however, reveals that party supporters, particularly of the youth wing, work round-the-clock to circulate e-forwards targeting a particular vote bank, aiming at both long-term and immediate political benefits. “We cater to such requests, and make sure that the content is not in-your-face but subtle yet effective.”

But is there a way to curb such erroneous e-forwards? Although it is possible to zero in on the point of origin of such messages on social media, it also means invading users’ privacy, says Rakesh Sharma, Supreme Court lawyer and founder of social networking platform Sabakuch.com. “Until someone objects to the content of the forwarded message [finding it defaming or explicit], we can’t do anything about it.”

Tandon, who is also an adviser to Uttar Pradesh Police’s cyber complaint redressal cell, says that unless cyber users learn “netiquettes” and take to “internet hygiene”, this menace will not stop. “Users have a responsibility, too,” he says. “Unless you know the authenticity of forwarded messages, don’t circulate them. Also, educate others.”

For more details visit https://cis-india.org/internet-governance/news/the-week-september-20-2015-shweta-t-nanda-faking-a-stand

Fake News, Rumors & Online Content Regulation

praskrishna — 2017-02-28T02:46:13Z

Medianama and Mint organized #NAMApolicy open house on 'Fake News, Rumors & Online Content Regulation' on February 22, 2017 at the India Habitat Centre. Japreet Grewal and Amber Sinha attended the event.

The discussions broadly covered the impact of Fake News on democratic processes, Legal status of online content regulation in India & administrative challenges with Fake News, Responsibility and accountability of online platforms, while addressing challenges of identification of sources of Fake News, Potential legal and non-legal ways of addressing Fake News, etc.

Agenda

06:30 to 07:00 pm - Registration
07:00 to 07:10 pm - Introductory note
07:10 to 09:00 pm - Round-table discussion moderated by Nikhil Pahwa
09:00 pm onwards - Networking dinner

For more details visit https://cis-india.org/internet-governance/news/fake-news-rumors-online-content-regulation

Fake Narendra Modi apps aplenty, but it’s up to users to protect themselves

praskrishna — 2016-12-10T04:24:24Z

The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded.

The article was published by Indian Express on December 2, 2016. Pranesh Prakash was quoted. Also see Nandini Yadav's blog post in BGR on December 3, 2016.

The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded.

A “Narendra Modi” app, purportedly offered by the Government of India, caught the attention of Internet expert Pranesh Prakash on Thursday as the app developer was found to be using a Bangladesh-based web host and e-mail address. Suggesting that this could be the work of a con-artist, Prakash underlined that granting access to fake apps could lead to security breach. The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded. The original NaMo, however, only gets access to read, modify and delete the user’s media files. The “fake” app was downloaded more than 1 lakh times and has an average rating of 4.4 from over 2,000 reviews. A simple search on the play store throws up dozens of Narendra Modi apps, some even calling themselves fake apps. The original app was published by Narendramodi.in and Government Of India. But there are scores of other apps trying to imitate the original.

Pranesh, who is Policy Director at The Centre for Internet and Society, also questioned how users can differentiate between fake and genuine apps when even the official app was registered using a gmail address. While the Government of India Narendra Modi app has been published using info@narendramodi.press, the one by Narendramodi.in has been published using a simple Gmail app. He also highlighted how the play store was flooded with fake banking apps, with one such “SBI app” gaining full access to the user’s files. Incidentally, the fake Modi Ki Note app which has been in the limelight since the demonetisation on high value notes and issue of new ones itself has many duplicates.

In the last two days, the Congress and its vice-president Rahul Gandhi fell victim to hacking as their verified Twitter accounts were compromised. Profane content was shared from both accounts, targeting the Gandhi and his family. This lead to the Congress questioning Prime Minister Narendra Modi’s digital India push as security remains a huge concern.

For more details visit https://cis-india.org/internet-governance/news/indian-express-december-2-2016-fake-narendra-modi-apps-aplenty-but-it-is-up-to-users-to-protect-themselves

Fairness, Transparency and Accountable AI

Admin — 2018-05-20T14:26:59Z

Amber Sinha participated remotely in the inaugural meeting of Fairness, Transparency and Accountable AI working group of the Partnership on Artificial Intelligence on May 10, 2018. The meeting was held at DeepMind's office in London.

Agenda of the meeting here

For more details visit https://cis-india.org/internet-governance/news/fairness-transparency-and-accountable-ai

Fair process frameworks for cross-border online spaces

praskrishna — 2013-10-21T09:02:02Z

This workshop is being organised by the Internet & Jurisdiction Project, Civil Society of France, Western Europe and Others Group and Internet & Jurisdiction Project, Civil Society of Germany, Western Europe and Others Group. Sunil Abraham is one of the panelists for this workshop.

The Internet Governance Forum 2013 is being held at Bali from October 22 to 25. The overarching theme for the 2013 IGF meeting is: "Building Bridges"- Enhancing Multistakeholder Cooperation for Growth and Sustainable Development".

Read the original published on IGF website. Also read it on Internet & Jurisdiction website.

Theme: Legal Frameworks and Cyber-crime (Spam, Cyber-security, etc.)

This workshop is organized by the Internet & Jurisdiction Project, a global multi-stakeholder dialogue process launched in January 2012, which engages key actors from states, international organizations, companies, civil society, academia and the technical community from all around the world to address the tension between the cross-border Internet and national jurisdictions.

Over 2,5 billion Internet users interact in shared cross-border online spaces where they can post content potentially accessible worldwide. On the one hand platforms’ Terms of Service try to set transnational rules on acceptable postings, but on the other hand content that is legal in one jurisdiction can be illegal or sensitive in other territories. No clear frameworks exist yet to handle the tensions between these competing normative orders or values and enable peaceful cohabitation in cross-border cyberspaces. This challenge constitutes a rare issue of common concern for all stakeholder groups.

Building upon the intersessional work conducted by the Internet & Jurisdiction Project since the 2012 IGF, the roundtable will address the following topics:

Can commonly agreed interoperability procedures ensure fair process in interactions between platforms, public authorities, technical operators and users regarding seizures, content takedowns and access to user data? regarding seizures, content takedowns and LEA access to user data? - See more at: http://www.internetjurisdiction.net/igf2013-workshop/#sthash.q6PQ3uMn.dpuf

How could appropriate multi-stakeholder frameworks be developed?

Note: This roundtable is listed above under the “legal frameworks and cybercrime” track. However it equally touches upon other thematic areas: Human Rights/ Freedom of Expression on the Internet (addressing takedown procedures); Internet Governance Principles (eg. fair process and accountability) and Principles of Multi-Stakeholder Cooperation (the development of mutual frameworks).

Has the proponent organised a workshop with a similar subject during past IGF meetings?

Yes

Indication of how the workshop will build on but go beyond the outcomes previously reached

At the IGF 2012, after a year of interaction with different stakeholders, the Internet & Jurisdiction Project organized two workshops titled: “What is the Geography of Cyberspace?” and “What frameworks for cross-border online communities and services?” These sessions explored the roots of the tension between the Internet and the patchwork of national jurisdictions and examined how to address this common concern. Both these two workshops and the ongoing dialogue facilitated by the I&JProject in 2013 (including several preparatory meetings around the world) confirmed the need to explore how to develop appropriate frameworks to handle the tension in a multi-stakeholder setting. Therefore, the I&J Project will gather involved stakeholders at the 2013 workshop “Fair process frameworks for cross-border online spaces” to discuss the way forward: How could appropriate frameworks be developed and what commonly agreed interoperability procedures could ensure fair process?

Background Paper: No background paper provided

Session Type: Roundtable

Mr. Bertrand De La Chapelle, Internet & Jurisdiction Project, Civil Society, France, Western Europe and Others Group - WEOG

Mr. Paul Fehlinger, Internet & Jurisdiction Project, Civil Society, Germany, Western Europe and Others Group - WEOG

Have the Proponent or any of the co-organisers organised an IGF workshop before?

Yes

The link(s) to the workshop report(s):

Panelists

Please click on biography to view the biography of the panelist:

Fiona Alexander, Department of Commerce, NTIA, Female, Government, United States, Western Europe and Others Group – WEOG
Biography
Anne Carblanc, OECD, Female, Intergovernmental Organizations, France, Western Europe and Others Group – WEOG
Biography
Elvana Thaci, Council of Europe, Female, Intergovernmental Organizations, France, Western Europe and Others Group – WEOG
Biography
Sunil Abraham, Centre for Internet & Society, Male, Civil Society, India, Asia-Pacific Group
Biography
Anriette Esterhuysen, Association for Progressive Communications, Female, Civil Society, South Africa, African Group
Biography
Carlos Affonso Pereira Da Souza, Fundacao Getulio Vargas, Male, Technical Community, BRAZIL, Latin American and Caribbean Group – GRULAC
Biography
Ross Lajeunesse, Google, Male, Private Sector, United States, Western Europe and Others Group – WEOG Biography
Ebele Okobi, Yahoo, Female, Private Sector, United States, Western Europe and Others Group – WEOG
Biography
Linda Corugedo Steneberg, European Commission, Belgium, Western Europe and Others Group – WEOG
Biography

Agenda

Can commonly agreed interoperability procedures ensure fair process in interactions between platforms, public authorities, technical operators and users regarding seizures, content takedowns and access to user data?
How could appropriate multi-stakeholder frameworks be developed?

Inclusiveness of the Session

The format of the workshop is going to be an open roundtable discussion between a diverse group of stakeholders on the basis of a structured agenda, without formal presentations. Taking stock of the preparatory process with meetings around the world, the participants will be able to discuss the outcomes of the multi-stakeholder dialogue process, explore the components of possible frameworks and how to move forward. The objective is to produce a structured but fluid and dynamic discussion that includes the audience in the debate.

Suitability for Remote Participation

In addition to the remote participation tools provided by the IGF, the session will be covered live on Twitter with a dedicated hashtag and questions can also be submitted through tweets to open the discussion and engage new stakeholders. Moreover, participants of the Internet & Jurisdiction dialogue process around the world will be encouraged to participate remotely in the discussion.

For more details visit https://cis-india.org/news/igf-2013-workshop-42-fair-process-frameworks-for-cross-border-online-spaces

Factcheck: No, phones of users who provided only Aadhaar as proof of identity won’t be disconnected

Admin — 2018-10-28T06:13:12Z

Ever since the Supreme Court’s judgment on Aadhaar, which prohibited the use of the 12-digit biometrics-linked unique identity number by private entities as well as its linking with phone numbers and bank accounts, telecom companies and their customers in particular are wondering what this means for them.

The blog post by Kanishk Karan was published in Scroll.in on October 18, 2018. Pranesh Prakash was quoted.

On Thursday, the Times of India reported that crores of mobile phone connections face the “prospect of disconnection” if their SIM cards are not backed up by identity documents other than Aadhaar. The report also appeared on TimesNowHindi. The reports prompted the Union government to issue a statement insisting that the disconnection concerns are “completely untrue and imaginary”. But questions still remain about what comes next.

Joint statement

The news reports said that 50 crore mobile phone customers – who had used only Aadhaar to verify their identity as part of the Know Your Customer verification process, which became mandatory for all phone numbers last year – will need to re-verify their identity using alternative documents or face disconnection. This is because the Supreme Court verdict had concluded that linking Aadhaar to mobile connections, even voluntarily, is illegal.

In a joint press statement on Thursday, the Department of Telecommunication and Unique Identification Authority of India, the body that oversees Aadhaar, refuted this claim. The statement said that a “few news reports” have tried to create “unnecessary panic” by claiming that phone numbers may be at risk of disconnection. It insisted that those customers who used only Aadhaar for their verification process could use other documents to re-verify their identities, without being worried about their phones being disconnected. “In any case her/his mobile no. will not be disconnected,” the statement said. “What Supreme Court has done is that it has prohibited issue of new SIM cards via Aadhaar eKYC process due to lack of a law. There is no direction to deactivate the old mobile phones.”

The statement made it clear that telecom companies cannot ask for Aadhaar as proof of identity when issuing new SIMs. The authorities also used the statement to clarify a few other questions that have come up following the September 26 Aadhaar verdict.

Aadhaar data

One of the big sources of confusion that the verdict created was the Aadhaar data that telecom companies had already collected while carrying out Know Your Customer verification for phone numbers over the last year. The verdict seemed to suggest that all such data needs to be deleted within a certain time frame.

But the joint statement insists that this direction only applies to UIDAI and not to telecom companies. “The Court has also not asked to delete all the eKYC data of telecom customers after six months,” it said. The statement claims that the verdict only orders the UIDAI to delete the authentication data it holds, and, in fact, says that telecom companies are mandated to keep that data and that “there is no need” for them to delete it.

But not everyone agrees with this interpretation of the judgment.

Prasanna S, one of the lawyers who appeared on behalf of those petitioning against Aadhaar in the Supreme Court, said that the statement’s claim that telecoms do not need to delete Aadhaar data is wrong.

The Aadhaar ruling was a 4:1 majority judgment with Justice DY Chandrachud the sole dissident.

“The government and Telecom Regulatory Authority of India [should have issued] direction on the directive given by the Supreme Court to delete data within two weeks,” he said, referring to the portion of Chandrachud’s dissenting opinion in the verdict. Chandrachud had disagreed with the majority on a number of issues. But all five judges on the bench had agreed that linking Aadhaar to phone numbers was unconstitutional and posed a grave threat to privacy, liberty and autonomy of individuals. In his order, Chandrachud issued directions for Aadhaar data to be deleted within two weeks, which some lawyers believe should be binding even though it was in the dissenting opinion.

New authentication app

Since telecom companies can no longer use Aadhaar-based verification to authenticate new customers, the statement also said that the Department of Telecom and UIDAI are working on a mobile application that will perform the gask instead. According to the statement, when carrying out the authentication of a new SIM, the application will capture a “live photograph”, including location coordinates and a time stamp. Along with the live photograph, the application will require other government-issued identification documents such as voter ID or passport.

While that may solve the problem of having a simple authentication process instead of Aadhaar, questions have been raised about whether this procedure is vulnerable to fraud.

Pranesh Prakash, a fellow at the Centre for Internet and Society, said as of now it is unclear how the government would find a way to prevent “a single live photo being used multiple times”. If the same photo is used for issuing three SIM cards by the agent, would the government be any wiser, he wondered. Prakash said that, rather than the technology infrastructure, the important area to focus here is the security loopholes in the identity verification process.

Earlier this year, UIDAI had introduced a number of new provisions, including the virtual ID and face authentication, saying it will make fraud and data leaks less likely, as well as make it easier for those who are facing trouble with biometric authentication. Later, the directive was put on hold by the Department of Telecom. Thursday’s statement suggests a similar application, using live photos, but does not say when this technology will be rolled out.

For more details visit https://cis-india.org/internet-governance/news/scroll-kanishk-karan-october-18-2018-factcheck-no-phones-of-users-who-provided-only-aadhaar-as-proof-of-identity-wont-be-disconnected

Facial Recognition Technology in India

Elonnai Hickok, Pallavi Bedi, Aman Nair and Amber Sinha — 2021-09-02T16:21:24Z

The Human Rights, Big Data and Technology Project, University of Essex, UK and the Centre for Internet & Society (CIS) have jointly published a research paper on facial recognition technology. Authors, Elonnai Hickok, Pallavi Bedi, Aman Nair and Amber Sinha, examine technological tools such as CCTV and FRT which are increasingly being deployed by the government.

Executive Summary

Over the past two decades there has been a sustained effort at digitising India’s governance structure in order to foster development and innovation. The field of law enforcement and safety has seen significant change in that direction, with technological tools such as Closed Circuit Television (CCTV) and Facial Recognition Technology (FRT) increasingly being deployed by the government.

Yet for all its increased use, there is still a lack of a coherent legal and regulatory framework governing FRT in India. Towards informing such a framework, this paper seeks to document present uses of FRT in India, specifically by law enforcement agencies and central and state governments, understand the applicability of existing legal frameworks to the use of FRT, and define key areas that need to be addressed when using the technology in India. We also briefly look at how the coverage of FRT has increased beyond law enforcement; it now covers educational institutions, employment purposes, and it is now being used for providing Covid-19 vaccines.

We begin by examining use cases of FRT systems by various divisions of central and state governments. In doing so, it becomes apparent that there is a lack of uniform standards or guidelines at either the state or central level - leading to different FRT systems having differing standards of applicability and scope of use. And while the use of such systems seems to be growing at a rapid rate, questions around their legality persist.

It is unclear whether the use of FRT is compliant with the fundamental right to privacy as affirmed by the Supreme Court in 2017 in Puttaswamy. While the right to privacy is not an absolute right, for the state to curtail this right, the restrictions will have to comply with a three-fold requirement— first, being the need for explicit legislative mandate in instances where the government looks to curtail the right. However, the FRT systems we have analysed do not have such a mandate and are often the result of administrative or executive decisions with no legislative blessing or judicial oversight.

We further locate the use of FRT technology within the country’s wider legislative, judicial and constitutional frameworks governing surveillance. We also briefly articulate comparative perspectives on the use of FRT in other jurisdictions. We further analyse the impact of the proposed Personal Data Protection Bill on the deployment of FRT. Finally, we propose a set of recommendations to develop a path forward for the technology’s use which include the need for a comprehensive legal and regulatory framework that governs the use of FRT. Such a framework must take into consideration the necessity of use, proportionality, consent, security, retention, redressal mechanisms, purpose limitation, and other such principles. Since the use of FRT in India is also at a nascent stage, it is imperative that there is greater public research and dialogue into its development and use to ensure that any harms that may arise in the field are mitigated.

Click to download the entire research paper here

For more details visit https://cis-india.org/internet-governance/blog/hrbdt-and-cis-august-31-2021-facial-recognition-technology-in-india