Access To Knowledge (A2K)

Do we need the Aadhar scheme?

sunil — 2012-02-03T10:11:24Z

"Decentralisation and privacy are preconditions for security. Digital signatures don’t require centralised storage and are much more resilient in terms of security", Sunil Abraham in the Business Standard on 1 February 2012.

We don’t need Aadhar because we already have a much more robust identity management and authentication system based on digital signatures that has a proven track record of working at a “billions-of-users” scale on the internet with reasonable security. The Unique Identification (UID) project based on the so-called “infallibility of biometrics” is deeply flawed in design. These design disasters waiting to happen cannot be permanently thwarted by band-aid policies.

Biometrics are poor authentication factors because once they are compromised they cannot be re-secured unlike digital signatures. Additionally, an individual’s biometrics can be harvested remotely without his or her conscious cooperation. The iris can be captured remotely without a person’s knowledge using a high-res digital camera.

Biometrics are poor identification factors in a country where the registrars have commercial motivation to create ghost identities. For example, bank managers trying to achieve targets for deposits by opening benami accounts. Biometrics for these ghost identities can be imported from other countries or generated endlessly using image processing software. The de-duplication engine at the Unique Identification Authority of India (UIDAI) will be fooled into thinking that these are unique residents.

An authentication system does not require a centralised database of authentication factors and transaction details. This is like arguing that the global system of e-commerce needs a centralised database of passwords and logs or, to use an example from the real world, to secure New Delhi, all citizens must deposit duplicate keys to their private property with the police.

Decentralisation and privacy are preconditions for security. The “end-to-end principle” used to design internet security is also in compliance with Gandhian principles of Panchayat Raj. Digital signatures don’t require centralised storage of private keys and are, therefore, much more resilient in terms of security.

Biometrics as authentication factors require the government to store biometrics of all citizens but citizens are not allowed to store biometrics of politicians and bureaucrats. The state authenticates the citizen but the citizen cannot conversely authenticate the state. Digital signatures as an authentication factor, on the other hand, does not require this asymmetry since citizens can store public keys of state actors and authenticate them. The equitable power relationship thus established allows both parties to store a legally non-repudiable audit trail for critical transactions like delivery of welfare services. Biometrics exacerbates the exiting power asymmetry between citizens and state unlike digital signatures, which is peer authentication technology.

Privacy protections should be inversely proportional to power. The transparency demanded of politicians, bureaucrats and large corporations cannot be made mandatory for ordinary citizens. Surveillance must be directed at big-ticket corruption, at the top of the pyramid and not retail fraud at the bottom. Even for retail fraud, the power asymmetry will result in corruption innovating to circumvent technical safeguards. Government officials should be required by law to digitally sign the movement of resources each step of the way till it reaches a citizen. Open data initiatives should make such records available for public scrutiny. With support from civil society and the media, citizens will themselves address retail fraud. To solve corruption, the state should become more transparent to the citizen and not vice versa.

UIDAI’s latest 23-page biometrics report is supposed to dispel the home ministry’s security anxieties. It says “biometric data is collected by software provided by the UIDAI, which immediately encrypts and applies a digital signature.” Surely, what works for UIDAI, that is digital signatures, should work for citizens too. The report does not cover even the most basic attack — for example, the registrar could pretend that UIDAI software is faulty and harvest biometrics again using a parallel set-up. If biometrics are infallible, as the report proclaims, then sections in the draft UID Bill that criminalise attempts to defraud the system should be deleted.

The compromise between UIDAI and the home ministry appears to be a turf battle for states where security concerns trump developmental aspirations. This compromise does nothing to address the issues raised by the Parliamentary Standing Committee on Finance, headed by the Bharatiya Janata Party’s Yashwant Sinha.

Read the original published in the Business Standard on 1 February 2012

For more details visit https://cis-india.org/internet-governance/do-we-need-the-aadhar-scheme

Do we need a Unified Post Transition IANA?

Pranesh Prakash, Padmini Baruah and Jyoti Panday — 2015-10-27T00:46:37Z

As we stand at the threshold of the IANA Transition, we at CIS find that there has been little discussion on the question of how the transition will manifest. The question we wanted to raise was whether there is any merit in dividing the three IANA functions – names, numbers and protocols – given that there is no real technical stability to be gained from a unified Post Transition IANA. The analysis of this idea has been detailed below.

The Internet Architecture Board, in a submission to the NTIA in 2011 claims that splitting the IANA functions would not be desirable.[1] The IAB notes, “There exists synergy and interdependencies between the functions, and having them performed by a single operator facilitates coordination among registries, even those that are not obviously related,” and also that that the IETF makes certain policy decisions relating to names and numbers as well, and so it is useful to have a single body. But they don’t say why having a single email address for all these correspondences, rather than 3 makes any difference: Surely, what’s important is cooperation and coordination. Just as IETF, ICANN, NRO being different entities doesn’t harm the Internet, splitting the IANA function relating to each entity won’t harm the Internet either. Instead will help stability by making each community responsible for the running of its own registers, rather than a single point of failure: ICANN and/or “PTI”.

A number of commentators have supported this viewpoint in the past: Bill Manning of University of Southern California’s ISI (who has been involved in DNS operations since DNS started), Paul M. Kane (former Chairman of CENTR's Board of Directors), Jean-Jacques Subrenat (who is currently an ICG member), Association française pour le nommage Internet en coopération (AFNIC), the Internet Governance Project, InternetNZ, and the Coalition Against Domain Name Abuse (CADNA).

The Internet Governance Project stated: “IGP supports the comments of Internet NZ and Bill Manning regarding the feasibility and desirability of separating the distinct IANA functions. Structural separation is not only technically feasible, it has good governance and accountability implications. By decentralizing the functions we undermine the possibility of capture by governmental or private interests and make it more likely that policy implementations are based on consensus and cooperation.”[2]

Similarly, CADNA in its 2011 submission to NTIA notes that that in the current climate of technical innovation and the exponential expansion of the Internet community, specialisation of the IANA functions would result in them being better executed. The argument is also that delegation of the technical and administrative functions among other capable entities (such as the IETF and IAB for protocol parameters, or an international, neutral organization with understanding of address space protocols as opposed to RIRs) determined by the IETF is capable of managing this function would ensure accountability in Internet operation. Given that the IANA functions are mainly registry-maintenance function, they can to a large extent be automated. However, a single system of automation would not fit all three.

Instead of a single institution having three masters, it is better for the functions to be separated. Most importantly, if one of the current customers wishes to shift the contract to another IANA functions operator, even if it isn’t limited by contract, it is limited by the institutional design, since iana.org serves as a central repository. This limitation didn’t exist, for instance, when the IETF decided to enter into a new contract for the RFC Editor role. This transition presents the best opportunity to cleave the functions logically, and make each community responsible for the functioning of their own registers, with IETF, which is mostly funded by ISOC, taking on the responsibility of handing the residual registries, and a discussion about the .ARPA and .INT gTLDs.

From the above discussion, three main points emerge:

Splitting of the IANA functions allows for technical specialisation leading to greater efficiency of the IANA functions.
Splitting of the IANA functions allows for more direct accountability, and no concentration of power.
Splitting of the IANA functions allows for ease of shifting of the {names,number,protocol parameters} IANA functions operator without affecting the legal structure of any of the other IANA function operators.

[1]. IAB response to the IANA FNOI, July 28, 2011. See: https://www.iab.org/wp-content/IAB-uploads/2011/07/IANA-IAB-FNOI-2011.pdf

[2]. Internet Governance Project, Comments of the Internet Governance Project on the NTIA's "Request for Comments on the Internet Assigned Numbers Authority (IANA) Functions" (Docket # 110207099-1099-01) February 25, 2011 See: http://www.ntia.doc.gov/federal-register-notices/2011/request-comments-internet-assigned-numbers-authority-iana-functions

For more details visit https://cis-india.org/internet-governance/blog/do-we-need-a-unified-post-tranistion-iana

Do IT Rules 2011 indirectly leads to Censorship of Internet

praskrishna — 2012-05-31T09:00:41Z

Pranesh Prakash along with Dr. Arvind Gupta, National Convener, BJP IT Cell and Ms. Mishi Choudhary, Executive Director, SFLC participated in a panel discussion on censorship of the Internet on May 8, 2012.

The discussion was broadcast on Yuva iTV. See the video below:

Video

Click for the video on YouTube

For more details visit https://cis-india.org/news/do-it-rules-indirectly-lead-to-censorship-of-internet

DNA Research

vanya — 2016-07-21T11:02:29Z

In 2006, the Department of Biotechnology drafted the Human DNA Profiling Bill. In 2012 a revised Bill was released and a group of Experts was constituted to finalize the Bill. In 2014, another version was released, the approval of which is pending before the Parliament. This legislation will allow the government of India to Create a National DNA Data Bank and a DNA Profiling Board for the purposes of forensic research and analysis. Here is a collection of our research on privacy and security concerns related to the Bill.

The Centre for Internet and Society, India has been researching privacy in India since the year 2010, with special focus on the following issues related to the DNA Bill:

Validity and legality of collection, usage and storage of DNA samples and information derived from the same.
Monitoring projects and policies around Human DNA Profiling.
Raising public awareness around issues concerning biometrics.

The Bill seeks to establish DNA Databases at the state and regional level and a national level database. The databases would store DNA profiles of suspects, offenders, missing persons, and deceased persons. The database could be used by courts, law enforcement (national and international) agencies, and other authorized persons for criminal and civil purposes. The Bill will also regulate DNA laboratories collecting DNA samples. Lack of adequate consent, the broad powers of the board, and the deletion of innocent persons profiles are just a few of the concerns voiced about the Bill.

Download the infographic. Credit: Scott Mason and CIS team.

1. DNA Bill

The Human DNA Profiling bill is a legislation that will allow the government of India to Create a National DNA Data Bank and a DNA Profiling Board for the purposes of forensic research and analysis. There have been many concerns raised about the infringement of privacy and the power that the government will have with such information raised by Human Rights Groups, individuals and NGOs. The bill proposes to profile people through their fingerprints and retinal scans which allow the government to create different unique profiles for individuals. Some of the concerns raised include the loss of privacy by such profiling and the manner in which they are conducted. Unless strictly controlled, monitored and protected, such a database of the citizens' fingerprints and retinal scans could lead to huge blowbacks in the form of security risks and privacy invasions. The following articles elaborate upon these matters.

2. Comparative Analysis with other Legislatures

Human DNA Profiling is a system that isn't proposed only in India. This system of identification has been proposed and implemented in many nations. Each of these systems differs from the other on bases dependent on the nation's and society's needs. The risks and criticisms that DNA profiling has faced may be the same but the manner in which solutions to such issues are varying. The following articles look into the different systems in place in different countries and create a comparison with the proposed system in India to give us a better understanding of the risks and implications of such a system being implemented.

For more details visit https://cis-india.org/internet-governance/blog/dna-research

dna exclusive: Geeks have a solution to digital surveillance in India: Cryptography

praskrishna — 2013-07-15T06:24:40Z

While you were thinking of what next to post on Twitter, the government has stealthily put an ambitious surveillance programme in place that tracks your every move in the digital world — through voice calls, SMS and MMS, GPRS, fax communications on landlines, video calls and emails.

The article by Joanna Lobo was published in DNA on July 7, 2013. Pranesh Prakash is quoted.

The programme, conceived in 2011, has now been brought under one umbrella referred to as the centralised monitoring system (CMS). It is the death of privacy.

But as concerned citizens argue for the need to formulate policies and laws to protect privacy, there's a simpler solution in sight for now: a CryptoParty.

At this 'party', an informal gathering of people, non-geeks can learn how to legally encrypt their digital communications and how to store data without the fear of anyone snooping in. Encryption is a process of encoding messages so that it can only be read by authorised parties.

What is it?
"A CryptoParty educates people in the domain of cryptography. It's usually about the basics: how to send encrypted email, how to protect your hardware and how to use free and open source software," says Satyakam Goswami, a free software consultant associated with the Software Freedom Law Centre (SFLC), Delhi (remove this). Goswami was one of the 72 participants at the CryptoParty organised on Saturday at Institute of Informatics & Communication (IIC), Delhi University South Campus On June 30, a CryptoParty organised at the Centre for Internet and Society (CIS) in Bangalore had 30 people in attendance. "We were taught about the what, how and who is watching us. We were also taught how to encrypt emails, chat, video calls or instant messaging,” says Siddhart Prakash Rao, a computer science graduate and a free software and open source enthusiast who is about to pursue a Masters in Cryptography.

The topics may be a mouthful for non-geeks but CryptoParty advocates maintain that all this is taught in the simplest way possible. The choice of subject depends on the composition of the group — if it is a gathering of geeks, like at the Bangalore event, then the topics are more technical.

How can it help?
CryptoParties started in August 2012 by an Australian woman (who goes by the pseudonym Asher Wolf) after a conversation on Twitter about The Australian Parliament's new cybercrime bill that allowed law enforcement to ask Internet Service Providers to monitor and store data.
Attending a CryptoParty is a good way to learn how to overcome government snooping legally.

“Citizens should use encryption to safeguard their private communications against both corporations and the government. Encryption is one of the best ways to react to CMS along with increased civic vigilance and democratic questioning of our government and parliamentarians,” says Pranesh Prakash, policy director, CIS, and one of the frontrunners in the fight to formulate a policy to safeguard privacy in India.

"In India, people tend to be rather ignorant. They are not aware of the kind of surveillance they are subjected to once online. It's a lack of understanding," says Sumandro Chattapadhyay, a researcher with Sarai, a programme of the Centre for the Study of Developing Societies, Delhi.

Bernadette Langle, who also works at CIS has been instrumental in organising the handful of CryptoParties in the country. When dna spoke to her, she was on her way to Delhi after participating in the Bangalore event. Langle will also be part of a CryptoParty being planned for October in Mumbai. "Ten years ago, you had to be a geek to be able to encrypt and protect yourself online. Now, you need software and it's much easier," she says.

The advantage is that the privacy tactics taught at such parties is completely legal. All knowledge is in the public domain. “A government will only deny its citizens basic communications privacy if it is authoritarian,” says Pranesh. “So while it can try social engineering and other means to gain access to what you've encrypted, it simply cannot 'decode' it as long as you have chosen a strong pass phrase and keep that protected, or they create quantum computers capable of breaking your encryption.”

The CIS is currently working on revisions of the Privacy (Protection) Bill 2013 with the objective of contributing to privacy legislation in India. Till that bill becomes an Act and till there's a better way to overcome needless government surveillance, attending a CryptoParty could possibly be the wisest solution for those concerned about privacy.

(For more details on CryptoParties, visit www.cryptoparty.in)

How to encrypt:
SMS: Make content secure by using software like TextSecure (Android) or CryptoSMS (Symbian). However, SMS metadata (who you are sending the message to and at what time) can still be tracked.

Instead of Whatsapp, install Jabbir and add off the record encryption.

For email, you can use OpenPGP in conjunction with Thunderbird to encrypt mails you send from Gmail/Yahoo Mail/Live Mail accounts so that even Google, Yahoo and Microsoft can't read them

For web browsing, use a VPN (which will hide your traffic from your ISP), or Tor (which will help anonymise your traffic, but will slow down your connection slower).

For more details visit https://cis-india.org/news/report-dna-july-7-2013-joanna-lobo-geeks-have-a-solution-to-digital-surveillance-in-india-cryptography

DNA Databases and Human Rights

praskrishna — 2012-09-17T05:39:06Z

Using DNA to trace people who are suspected of committing a crime has been a major advance in policing.

For more details visit https://cis-india.org/internet-governance/dna-databases-and-human-rights.pdf

DNA Database for Missing Persons and Unidentified Dead Bodies

vipul — 2014-11-04T15:46:29Z

This blog discusses the possible implications of the public interest litigation that has been placed before the Supreme Court petitioning for the establishment of a DNA database in respect to unidentified bodies.

In the year 2012 Lokniti, a Non Governmental Organization filed a public interest litigation in the Supreme Court of India asking the government to establish a DNA database in respect of unidentified dead bodies as well as for those individuals for whom missing persons reports have been filed so that DNA of unidentified dead bodies can be matched against missing persons - arguing that the right to be identified is a part of the right to dignity, and that such systems have been adopted across the globe. The case has come up a few times since 2012 and parties have been given time to file their replies in these instances. Prior to the 2012 Public Interest Litigation filed by Lokniti, in 2009 a Public Interest Litigation was filed by a Haryana based doctor. The PIL petitioned for the DNA profiling of unidentified bodies to be made mandatory - arguing that thousands of individuals die with their identity being unknown. During the hearing the Bench asked a number of questions including why the Ministry of Health was not brought into the case, given the fact that a number of labs that conduct DNA profiling function under the ministry.

While the case is still pending, the Supreme Court on 22^nd September 2014 gave another interim order which was a little more detailed. On this date the Ministry of Science and Technology of the Government of India, through the Department of Biotechnology stated that they are piloting a DNA profiling Bill that would establish a DNA Profiling Board and a National DNA Data Bank. The National DNA Data Bank is envisaged to maintain the following indices for various categories of data:

I. a crime scene index;

II. a suspects' index;

III. an offenders' index;

IV. a missing persons' index;

V. unknown deceased persons' index

VI. a volunteers' index; and

VII. such other DNA indices as may be specified by regulations made by the Board.

One of the Ministry's plans under this Bill is to create DNA profiles of individuals whose relatives have gone missing, on a voluntary basis to help the relatives identify missing persons and unidentified dead bodies. They also stated that cross-matching of DNA profiling data in the database would require specialized software and the CDFB, Hyderabad is in the process of acquiring the same from the Federal Bureau of investigation, USA.

The advocate for Lokniti responded to this saying that the DNA profiling Bill has been pending for a long time and has not seen the light of day for the last seven years. To this the response of the government was that it was a complex Bill involving a number of issues which take a long time to resolve.

At this point the Supreme Court, without going into the details of the Bill asked the advocate for the Union of India to obtain instructions regarding the following two aspects:

(1) Whether pending the Bill coming into force the concerned Department can constitute a Data Bank in respect of dead persons who are not identifiable; and

(2) when there are missing reports in respect of persons to collect the DNA from the permissible sources like siblings or others so that in case any unidentified dead body is found to match the DNA to arrive at the conclusion about the missing persons who are dead; or as an ancillary the missing person who is a victim of the crime of kidnapping or where any child, who is not able to find out his parents, can be in a position to find out through the DNA.

Thus it seems that the Supreme Court, recognizing its limitations in directing the legislature to pass a law and the fact that the passing of the DNA profiling Bill may take a long time to become law, has tried to find a way out in which the concerns of the petitioner regarding a DNA Databank for missing persons and unidentified dead bodies could be addressed without the passage of the DNA profiling Bill. However since the case is still pending in the Supreme Court no final directions have been given in this regard. Thus, the Court has left the government with the responsibility to address the question of whether a DNA Databank can be established without the passing of a legislation providing legal basis for the collection, profiling, databasing, and use of DNA samples.

http://indianexpress.com/article/india/india-others/sc-wants-centre-to-create-dna-data-bank/#sthash.7zqU0Ill.dpuf

http://indianexpress.com/article/india/india-others/sc-seeks-govt-response-on-making-dna-profiling-mandatory/

The order dated September 22, 2014 can be found at http://courtnic.nic.in/supremecourt/temp/wc%2049112p.txt

For more details visit https://cis-india.org/internet-governance/blog/dna-database-for-missing-persons-and-unidentified-dead-bodies

DNA ‘Evidence’: Only Opinion, Not Science, And Definitely Not Proof Of Crime!

Elonnai Hickok and Murali Neelakantan — 2018-08-22T00:43:54Z

On August 9, 2018, the DNA Technology (Use and Application) Regulation Bill, 2018 was introduced in the Lok Sabha and we commented on some key aspects of it earlier.

The article was published in Bloomberg Quint on August 20, 2018.

Though taking some steps in the right direction such as formalising the process for lab accreditation, the Bill ignores many potential cases of ‘harm’ that may arise out of the collection, databasing, and using DNA evidence for criminal and civil purposes.

DNA evidence is widely touted as the most accurate forensic tool, but what is not widely publicised is it is not infallible. From crime scene to database, it is extremely vulnerable to a number of different unknown variables and outcomes. These variables are only increasing as the technology becomes more precise – profiles can be developed from only a few cells and technology now exists that generates a profile in 90 minutes. Primary and secondary transfer, contamination, incomplete samples, too many mixed samples, and inaccurate or outdated methods of analysis and statistical methodologies that may be used, are all serious reasons as to why DNA evidence may paint an innocent person guilty.

Importantly, DNA itself is not static and predicting how it may have changed over time is virtually impossible.

Innocent, But Charged

In April 2018, WIRED carried a story of Lukis Anderson who was charged with the first-degree murder of Raveesh Kumra, a Silicon Valley investor after investigators found Anderson’s DNA on Kumra’s nails. Long story short – Anderson earlier that day had been intoxicated in public and had been attended by paramedics. The same paramedics handled Kumra’s body and inadvertently transferred Anderson’s DNA to Kumra’s body. The story quotes some sobering facts that research has found about DNA:

Direct contact is not necessary for DNA to be transferred. In an experiment with a group of individuals sharing a bottle of juice, 50 percent had another’s DNA on their hand and ⅓rd of the glasses contained DNA from individuals that did not have direct contact with them.
An average person sheds 50 million skin cells a day.
Standing still our DNA can travel over a yard away and will be easily carried over miles on others clothing or hair, for example not very differently from pollen.
In an experiment that tested public items, it was found that items can contain DNA from a half-dozen people.
A friendly or inadvertent contact can transfer DNA to private regions or clothing.
Different people shed detritus at different levels that contain DNA.
One in five has some other person’s DNA under the fingernails on a continuous basis.

A police office carries crime scene tape in Alexandria, Virginia, U.S. (Photographer: Andrew Harrer/Bloomberg)

In another case, the police in Idaho, USA, used a public DNA database to run a familial DNA search – a technique used to identify suspects whose DNA is not recorded in a law enforcement database, but whose close relatives have had their genetic profiles cataloged, just as India's DNA Bill seeks to do. The partial match that resulted implicated Michael Usry, the son of the man whose DNA was in the public database. It took 33 days for Michael to be cleared of the crime. That an innocent man only spent 33 days under suspicion could be considered a positive outcome when compared to the case of Josiah Sutton who spent four years convicted of rape in prison due to misinterpretation of DNA samples by the Houston Police Department Crime Laboratory, which is among the largest public forensic centers in Texas. The Atlantic called this out as “The False Promise of DNA Testing – the forensic technique is becoming ever more common and ever less reliable”.

Presently, there is little confidence that such safeguards exist – prosecutors do not share any exculpatory evidence with the accused and India does not even follow the ‘fruit of a poisonous tree’ doctrine with respect to the admissibility of evidence and India has yet to develop a robust jurisprudence for evaluating scientific evidence.

The 2015 Law Commission Report cites four cases that speak to the role and reliance on expert opinion as evidence. Though these cases point to the importance of expert opinion they differ on the weight that should be given to the same. International best practice requires the submission of corroborating evidence, training law enforcement, and court officers, and ensuring that prosecution and defence have equal access to forensic evidence.

Consider India with a population of 1.3 billion people – 70 percent mostly residing in rural areas and less educated and a heavy migrant population in urban centres, an overwhelmed police force in nascent stages of forensic training, and an overburdened judiciary and no concrete laws to govern issues of the admissibility of forensic techniques.

In such circumstances, the question is not only how many criminals can be convicted but also how many innocents could be convicted.

A pair of standard issue handcuffs sits on a table. (Photographer: Jerome Favre/Bloomberg)

The DNA Bill seeks to establish DNA databanks at the regional and national level but how this will be operationalised is not quite clear. The Bill enables the DNA Regulatory Board to accredit DNA labs. Will databases be built from scratch? Will they begin by pulling in existing databases?

The question is not if the DNA samples match but how they came to match. The greater power that comes from the use of DNA databases requires greater responsibility in ensuring adequate information, process, training, and laws are in place for everyone – those who give DNA, collect DNA, store DNA, process DNA, present DNA, and eventually decide on the use of the DNA. As India matures in its use of DNA evidence for forensic purposes it is important that it keeps at the forefront what is necessary to ensure and protect the rights of the individual.

Elonnai Hickok Chief Operating Officer at The Centre for Internet and Society. Murali Neelakantan is an expert in healthcare laws, and the author of ‘DNA Testing as Evidence - A Judge’s Nightmare’ in the Journal of Law and Medicine.

For more details visit https://cis-india.org/internet-governance/blog/bloomberg-quint-elonnai-hickok-and-murali-neelakantan-august-20-2018-dna-evidence-only-opinion-not-science-and-definitely-not-proof-of-crime

DML Conference 2013

praskrishna — 2013-03-04T03:54:58Z

The Centre for Internet & Society and Digital Media & Learning Research Hub Central are jointly organizing the DML Conference 2013 in Chicago from March 14 to 16, 2013.

Conference Theme: "Democratic Futures: Mobilizing Voices and Remixing Youth Participation"

The fourth annual conference - DML2013 - will explore the shifting contours of participatory democracy with a focus, for example, on the role of networked publics in mobilizing social movements; the remixing of civic engagement; and youth-driven forms of social innovation and community transformation. This conference is meant to be an inclusive, international and annual gathering of scholars and practitioners in the field, focused on fostering interdisciplinary and participatory dialog and linking theory, empirical study, policy, activism, and practice.

The Digital Media and Learning Conference is an annual event supported by the MacArthur Foundation and organized by the Digital Media and Learning Research Hub located at the UC Humanities Research Institute, University of California, Irvine.

Nishant Shah has a featured session at the DML Conference. See http://bit.ly/13zhpmz

Feature Session: Whose Change Is It Anyway? Futures, Youth, Technology And Citizen Action In The Global South (And The Rest Of The World)

Whose Change Is It Anyway? seeks to explore new entry points into the discourse on youth, technology and change, with a specific focus on (but not restricted to) the Global South and the last decade of citizen action. This conference track seeks to fashion frameworks and structures that provide new ways of interpreting and understanding outcomes that technology mediated citizen action has to offer, as well as the future of citizen led interventions: What enables, catalyzes and moves young people to reinvent themselves as citizen actors? What are the interventions and narratives of change that fail to fit into a ‘success’ rubric, but are still significant in the processes of change they initiate? How do we understand these ‘new’ events as hybrids, connecting with existing histories, contexts, media and technologies in their regions? Is there an alternative discourse that does not necessarily adopt frameworks arising from the knowledge centers of the West? Do these discourses help challenge and rework global vocabularies by offering new ways of looking at citizen action and change? The track will invite provocative hypotheses, in-depth analyses, dialogues and contestations around these ideas, through innovative interactive presentation formats. The dialogue will be informed by experimental and new methods of information and knowledge production, focusing on the Global South and its larger transnational contexts at the junctures of youth, technology and change.

Organizer(s):

Nishant Shah

Participants:

Radhika Gajalla

Kavita Philip

Ramesh Srinivasan

Nighat Dad

Contact:
Email us at dmlhub@hri.uci.edu or subscribe to our mailing list at http://bit.ly/dmlhub-l to receive up-to-date information regarding the 2013 conference.

For more details visit https://cis-india.org/internet-governance/events/dml-conference-2013

DML 2013 – Fourth Annual Conference

praskrishna — 2013-03-21T09:52:59Z

The fourth annual conference – DML2013 – was organized around the theme “Democratic Futures: Mobilizing Voices, and Remixing Youth Participation” and was held between March 14-16, 2013 in Chicago, Illinois. The Centre for Internet and Society was one of the sponsors for this event.

We had a special track that ran through the conference on "Whose Change Is It Anyway? Futures, Youth, Technology And Citizen Action In The Global South (And The Rest Of The World)". Noopur Raval was one of the 16 presenters that we had selected on the tracks. Nishant Shah was one of the members in the Conference Committee.

Whose Change Is It Anyway? Futures, Youth, Technology And Citizen Action In The Global South (And The Rest Of The World)

Whose Change Is It Anyway? sought to explore new entry points into the discourse on youth, technology and change, with a specific focus on (but not restricted to) the Global South and the last decade of citizen action. This conference track sought to fashion frameworks and structures that provide new ways of interpreting and understanding outcomes that technology mediated citizen action has to offer, as well as the future of citizen led interventions: What enables, catalyzes and moves young people to reinvent themselves as citizen actors? What are the interventions and narratives of change that fail to fit into a ‘success’ rubric, but are still significant in the processes of change they initiate? How do we understand these ‘new’ events as hybrids, connecting with existing histories, contexts, media and technologies in their regions? Is there an alternative discourse that does not necessarily adopt frameworks arising from the knowledge centers of the West? Do these discourses help challenge and rework global vocabularies by offering new ways of looking at citizen action and change? The track invited provocative hypotheses, in-depth analyses, dialogues and contestations around these ideas, through innovative interactive presentation formats. The dialogue was informed by experimental and new methods of information and knowledge production, focusing on the Global South and its larger transnational contexts at the junctures of youth, technology and change.

For more info on the event, click here

For more details visit https://cis-india.org/news/dml-hub-net-dml-2013

Divergence between the General Data Protection Regulation and the Personal Data Protection Bill, 2019

Pallavi Bedi — 2020-02-21T11:08:50Z

Our note on the divergence between the General Data Protection Regulation and the Personal Data Protection Bill can be downloaded as a PDF here.

The European Union’s General Data Protection Regulation (GDPR), replacing the 1995 EU Data Protection Directive came into effect in May 2018. It harmonises the data protection regulations across the European Union. In India, the Ministry of Electronics and Information Technology had constituted a Committee of Experts (chaired by Justice Srikrishna) to frame recommendations for a data protection framework in India. The Committee submitted its report and a draft Personal Data Protection Bill in July 2018 (2018 Bill). Public comments were sought on the bill till October 2018. The Central Government revised the Bill and introduced the revised version of the Personal Data Protection Bill (PDP Bill) on December 11, 2019 in the Lok Sabha.

The PDP Bill has incorporated certain aspects of the GDPR, such as requirements for notice to be given to the data principal, consent for processing of data, establishment of a data protection authority, etc. However, there are some differences and in this note we have highlighted the areas of divergence between the two. It only includes provisions which are common to the GDPR and the PDP Bill. It does not include the provisions on (i) Appellate Tribunal, (ii) Finance, Account and Audit; and (iii) Non- Personal Data.

For more details visit https://cis-india.org/internet-governance/blog/divergence-between-the-general-data-protection-regulation-and-the-personal-data-protection-bill-2019

DIT's Response to RTI on Website Blocking

pranesh — 2011-08-02T07:13:47Z

For the first time in India, we have a list of websites that are blocked by order of the Indian government. This data was received from the Department of Information Technology in response to an RTI that CIS filed. Pranesh Prakash of CIS analyzes the implications of these blocks, as well as the shortcomings of the DIT's response.

Quick Analysis of DIT's Response to the RTI

Blocked websites

The eleven websites that the DIT acknowledges are blocked in India are:

Of the eleven blocked websites, one was still accessible on a Tata Communications DSL connection. Two of the blocked websites are grassroots news organizations connected to the Independent Media Centre: IndyBay (San Francisco Bay Area IMC) and the Arizona Indymedia website. The Bloggernews.net page that is on the blocked list is in fact an article by N. Vijayashankar (Naavi) from March 12, 2010 titled "Is E2 labs right in getting zone-h.org blocked?", criticising the judicial blocking of Zone-H.org by E2 Labs (with E2 Labs being represented by lawyer Pawan Duggal). The Zone-H.org case is still going through the judicial motions in the District Court of Delhi, but E2 Labs managed to get an ex parte (i.e., without Zone-H being heard) interim order from the judge asking Designated Officer (Mr. Gulshan Rai of DIT) to block access to Zone-H.org.

As has happened in the past, the government (or the court) accidentally ordered the blocking of all of website host webs.com, instead of blocking only http://donotdial100.webs.com (which subdomain apparently hosted 'defamatory' and 'abusive' information about mafia links within the Maharashtra police and political circles).

It is interesting to note that for most of the websites on most ISPs one gets a 'request timed out' error while trying to access the blocked websites, and not a sign saying: "site blocked for XYZ reason on request dated DD-MM-YYYY received from the DIT". On Reliance broadband connections, for some of the above websites an error message appears, which states: "This site has been blocked as per instructions from Department of Telecom".

Judicial blocking

As per the response of the government, all eleven seem to have been blocked on orders received from the judiciary. While they don't state this directly, this is the conclusion one is led to since the Department admits to blocking eleven websites and also notes that there have been eleven requests for blocking from the judiciary. Normally the judiciary is often thought of as a check on the executive's penchant for banning (seen especially in the recent book banning cases in Maharashtra, for instance, where the Bombay High Court has overturned most of the government's banning orders). However, in these cases the ill-informed lower judiciary seem to be manipulated by lawyers to suppress freedom of speech and expression, even going to the extent of blocking grassroots activist news organizations like the Independent Media Centre.

Websites not blocked by DIT

The DIT also notes that the blocks on Typepad.com was not authorized by it (nor, according to the RTI response received by Nikhil Pahwa of Medianama was the Mobango.com block authorised by the DIT). Typepad.com, Mobango.com, and Clickatell.com don't seem to be blocked currently. However, as was reported by Medianama, for a while when they were being blocked, some sites and ISPs (such as Typepad.com on Bharti Airtel DSL) showed a message stating that the website was blocked on request from the Department of Telecom, which we don't believe has the authority to order blocking of websites. While we still await a response from the Department of Telecom to the RTI we filed with them on this topic, in a letter to the Hindu, the Department of Telecom has clarified that it did not order any block on Typepad.com or any of the other websites. This leaves us unsure as to who ordered these blocks. Further, it points out a lacuna in our information policy that ISPs can suo motu block websites without justifications (such as violation of terms of use), proper notice to customers, or any kind of repercussions for wrongful blocking.

Insufficient information on Committee for Examination of Requests

All requests for websites blocking (except those directly from the judiciary) must be vetted by the Committee for Examination of Requests (CER) under Rule 8(4) of the Rules under s.69A of the IT Act. Given that the DIT admits that the Designated Officer (who carries out the blocking) has received 21 requests to date, there should be at least 21 recommendations of the CER. However, the DIT has not provided us with the details of those 21 requests and the 21 recommendations. We are filing another RTI to uncover this information.

Text of the DIT's Response

Government of India
Ministry of Communications & Information Technology
Department of Information Technology
Electronics Niketan, 6 CGO Complex,
New Delhi-110003

No : 14(3)/2011-ESD

Shri Pranesh Prakash
Centre for Internet and Society
194, 2-C Cross,
Domulur Stage II,
Bangalore- 560071.

Subject: Request for information under RTI Act,

Sir,
Reference your request dated 28lh February 2011 on the above subject.
The point wise information as received from the custodian of Information is enclosed for your reference and records.

sd/-
(A.K.Kaushik)
Additional Director & CPIO
Tel: 011-24364803

Subject : RTI on website blocking requested by Shri Pranesh Prakash

(i) Did the Department order Airtel to block TypePad under S.69A of the Information Technology Act ("IT Act"), 2000 read with the Information Technology (Procedures and Safeguards for Blocking Access of Information by Public) Rules, 2009 ("Rules") or any other law for the time being in force? If so, please provide a copy of such order or orders. If not, what action, if at all, has been taken by the Department against Airtel for blocking of websites in contravention of S.69A of the IT Act?

Reply - This Department did not order Airtel to block the said site.

(ii) Has the Department ever ordered a block under s.69A of the IT Act? If so, what was the information that was ordered to be blocked?

Reply - The Department has issued directions for blocking under section 69A for the following websites:
(a) www.zone-h.org.
(b) http://donotdial100.webs.com (IP 216.52.115.50)
(c) www.bloggernews.net/124029
(d) http://www.google.co.in/#h 1 =en&source=hp& biw=1276&bih=843&=dr+babasaheb+ambedkar+ wallpaper&aq=4&aqi=g10&aql =&oq=dr+ babas& gs_rfai=&fp=e791 fe993fa412ba
(e) http://www.cinemahd.net/desktop-enhancements/wallpaper/23945- wallpapers-beautiful-girl-wallpaper.html
(f) http://www.chakpak.com/find/images/ kamasutra-hindi-movie
(g) http://www.submitlink.khatana.net/2010/09/jennifer-stano-is-engaged- to.html
(h) http://www.result.khatana.net/2010/11/im-no-panty-girl-yana-gupta- wardrobe.html.
(i) http://www.facebook.com/pages/l-Hate-Ambedkar/172025102828076
(j) www.indybay.org
(k) www.arizona.indymedia.org

(iii) How many requests for blocking of information has the Designated Officer received, and how many of those requests have been accepted and how many rejected? How many of those requests were for emergency blocking under Rule 9 of the Rules?

Reply - Designated Officer received 21 request for blocking of information. 11 websites have been blocked on the basis of orders received from court of law. One request has been rejected. For other requests, additional input/information has been sought from the Nodal Officer.

No request for emergency blocking under rule 9 of the Rules have been received.

(iv) Please provide use the present composition of the Committee for Examination of Requests constituted under Rule 7 of the Rules.

Reply - The present composition of the Committee is :
(a) Designated Officer (Group Coordinator - Cyber Law)
(b) Joint Secretary, Ministry of Home Affairs
(c) Joint Secretary, Ministry of Information and Broadcasting
(d) Additional Secretary and Ministry of Law & Justice
(e) Senior Director, Indian Computer Emergency Response Team

(v) Please provide us the dates and copies of the minutes of all meetings held by the Committee for Examination of Requests under Rule 8(4) of the Rules, and copies of their recommendations.

Reply - The Committee had met on 24-08-2010 with respect to request for blocking of website www.betfair.com.

(vi) Please provide us the present composition of the Review Committee constituted under rule 419A of the Indian Telegraph Rules, 1951.
(vii) Please provide us the dates and copies of the minutes of all meetings held by the Review Committee under Rule 14 of the Rules, and copies of all orders issued by the Review Committee.

Reply - This Department do not have details for above. The said information may be available with Department of Telecommunications.

For more details visit https://cis-india.org/internet-governance/blog/rti-response-dit-blocking

Discussion on Ranking Digital Rights in India (Delhi, January 07)

amber — 2016-12-29T07:07:34Z

Towards developing an understanding of how Indian ICT companies are recognising and upholding digital rights of their users, and to raise public awareness about the same, the Center for Internet and Society (CIS), with the support of Privacy International, has studied 8 Indian ICT companies, using the same methodology as the 2015 Corporate Accountability Index, to gain greater insight into company practices and initiate public dialogues. Please join us on Saturday, January 07, at the India Islamic Cultural Centre, New Delhi, for a presentation of our findings followed by an open structured discussion on the methodology and implications of the study.

Download: Invitation and agenda (PDF)

The Ranking Digital Rights Corporate Responsibility Index is a project hosted by the Open Technology Institute at New America Foundation that aims to rank Information and Communications Technology (ICTs) companies with respect to their Governance, Freedom of Expression, and Privacy practices. The inaugural Corporate Accountability Index, released in November 2015, evaluated 16 companies based on the project’s methodology that included 31 indicators in total.

Please join us on Saturday, January 07, at the India Islamic Cultural Centre, New Delhi, for a presentation of our findings followed by an open structured discussion on the methodology and implications of the Ranking Digital Rights study. We will begin at 10:30 am with a round of tea and coffee.

The event is open to all but the venue has limited space. The participants are requested to RSVP by sending an email to nisha@cis-india.org.

To further encourage programmers, researchers, journalists, students, and users in general to use and contribute to the findings of the Ranking Digital Rights study, and critique the underlying methodology, we are also organising a “rankathon” on Sunday, January 08, at the CIS office in Delhi. More details can be found here.

We look forward to your participation and contribution to the discussion. Please support us by sharing this invitation with your colleagues and networks.

Agenda

10:30-11:00	Coffee and Tea
11:00-11:15	Introduction
11:15-13:00	Presentation of the Findings and Discussion Divij Joshi and Aditya Singh Chawla
13:00-14:00	Lunch
14:00-15:00	Open Discussion #1: Parameters of Evaluation The RDR methodology was based upon evaluating commitments to uphold human rights through their services – in particular towards their commitment to users’ freedom of expression and privacy. Are there other parameters that may be considered in the Indian context?
15:00-16:00	Open Discussion #2: Towards Protecting Digital Rights What steps can be taken by the government, civil society, and industry in India to create an environment that recognizes and protects users digital rights? What are the relevant legal, political, and economic factors to take into consideration towards this? What are steps that other, multinational ICT companies have taken? Would these be realistic for Indian companies to implement?
16:00-16:30	Conclusion
16:30-17:00	Coffee and Tea

For more details visit https://cis-india.org/internet-governance/events/discussion-on-ranking-digital-rights-in-india-delhi-jan-07-2017

Discussion at CyFy on Technology, Policy and National Security: Building 21st Century Curricula in India’s Law Schools

Admin — 2019-10-20T07:23:11Z

Arindrajit Basu attended the session and gave comments on the course outline which included thoughts on:

Threshold of technical knowledge-comparison with WTO law
Need for India-centric approaches both in domestic and foreign policy
Possibility of executive training of senior diplomats
Need to include fintech security in the syllabus
Necessity of international law as a tool of conflict 6. Sustained collaboration between think-tanks and universities

The event was organized by Centre for Communication Governance at National Law University Delhi and Observer Research Foundation at Villa Medici, Taja Mahal Hotel, Man Singh Road, New Delhi.

For more details visit https://cis-india.org/internet-governance/news/discussion-at-cyfy-on-technology-policy-and-national-security-building-21st-century-curricula-in-india2019s-law-schools

Discrimination in the Age of Artificial Intelligence

Arindrajit Basu — 2018-10-26T14:47:57Z

The dawn of Artificial Intelligence (AI) has been celebrated by both government and industry across the globe. AI offers the potential to augment many existing bureaucratic processes and improve human capacity, if implemented in accordance with principles of the rule of law and international human rights norms. Unfortunately, AI-powered solutions have often been implemented in ways that have resulted in the automation, rather than mitigation, of existing societal inequalities.

This was originally published by Oxford Human Rights Hub on October 23, 2018

Image Credit: Sarla Catt via Flickr, used under a Creative Commons license available at https://creativecommons.org/licenses/by/2.0/

In the international human rights law context, AI solutions pose a threat to norms which prohibit discrimination. International Human Rights Law recognizes that discrimination may take place in two possible ways, directly or indirectly. Direct discrimination occurs when an individual is treated less favourably than someone else similarly situated on one of the grounds prohibited in international law, which, as per the Human Rights Committee, includes race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status. Indirect discrimination occurs when a policy, rule or requirement is ‘outwardly neutral’ but has a disproportionate impact on certain groups that are meant to be protected by one of the prohibited grounds of discrimination. A clear example of indirect discrimination recognized by the European Court of Human Rights arose in the case of DH&Ors v Czech Republic. The ECtHR struck down an apparently neutral set of statutory rules, which implemented a set of tests designed to evaluate the intellectual capability of children but which resulted in an excessively high proportion of minority Roma children scoring poorly and consequently being sent to special schools, possibly because the tests were blind to cultural and linguistic differences. This case acts as a useful analogy for the potential disparate impacts of AI and should serve as useful precedent for future litigation against AI-driven solutions.

Indirect discrimination by AI may occur at two stages. First is the usage of incomplete or inaccurate training data that results in the algorithm processing data that may not accurately reflect reality. Cathy O’Neil explains this using a simple example. There are two types of crimes-those that are ‘reported’ and others that are only ‘found’ if a policeman is patrolling the area. The first category includes serious crimes such as murder or rape while the second includes petty crimes such as vandalism or possession of illicit drugs in small quantities. Increased police surveillance in areas in US cities where Black or Hispanic people reside lead to more crimes being ‘found’ there. Thus, data is likely to suggest that these communities commit a higher proportion of crimes than they actually do – indirect discrimination that has been empirically been shown through research published by Pro Publica.

Discrimination may also occur at the stage of data processing, which is done through a metaphorical ‘black-box’ that accepts inputs and generates outputs without revealing to the human developer how the data was processed. This conundrum is compounded by the fact that the algorithms are often utilised to solve an amorphous problem-which attempts to break down a complex question into a simple answer. An example is the development of ‘risk profiles’ of individuals for the determination of insurance premiums. Data might show that an accident is more likely to take place in inner cities due to more densely packed populations in these areas. Racial and ethnic minorities tend to reside more in these areas, which means that algorithms could learn that minorities are more likely to get into accidents, thereby generating an outcome (‘risk profile’) that indirectly discriminates on grounds of race or ethnicity.

It would be wrong to ignore discrimination, both direct and indirect, that occurs as a result of human prejudice. The key difference between that and discrimination by AI lies in the ability of other individuals to compel the decision-maker to explain the factors that lead to the outcome in question and testing its validity against principles of human rights. The increasing amounts of discretion and, consequently, power being delegated to autonomous systems mean that principles of accountability which audit and check indirect discrimination need to be built into the design of these systems. In the absence of these principles, we risk surrendering core tenets of human rights law to the whims of an algorithmically crafted reality.

For more details visit https://cis-india.org/internet-governance/blog/oxford-human-rights-hub-arindrajit-basu-october-23-2018-discrimination-in-the-age-of-artificial-intelligence