Access To Knowledge (A2K)

Data Flow in the Unique Identification Scheme of India

vidushi — 2015-09-03T17:02:44Z

This note analyses the data flow within the UID scheme and aims at highlighting vulnerabilities at each stage. The data flow within the UID Scheme can be best understood by first delineating the organizations involved in enrolling residents for Aadhaar. The UIDAI partners with various Registrars usually a department of the central or state Government, and some private sector agencies like LIC etc– through a Memorandum of Understanding for assisting with the enrollment process of the UID project.

Many thanks to Elonnai Hickok for her invaluable guidance, input and feedback

These Registrars then appoint Enrollment Agencies that enroll residents by collecting the necessary data and sharing this with the UIDAI for de-duplication and issuance of an Aadhaar number, at enrolment centers that they set up. The data flow process of the UID is described below:[1]

Data Capture

Filling out an enrollment form – To enroll for an Aadhaar number, individuals are required to provide proof of address and proof of identity. These documents are verified by an official at the enrollment center.

Vulnerability: Though an official is responsible for verifying these documents, it is unclear how this verification is completed. It is possible for fraudulent proof of address and proof of identity to be verified and approved by this official.

The 'introducer' system: For individuals who do not have a Proof of Identity, Proof of Address etc the UIDAI has established an 'introducer' system. The introducer verifies that the individual is who they claim to be and that they live where they claim to live.

Vulnerability: This introducer is akin to the introducer concept in banking; except that here, the introducer must be approved by the Registrar, and need not know the person bring enrolled. This leads to questions of authenticity and validity of the data collected and verified by an 'introducer'. The Home Ministry in 2012, indicated that this must be reviewed.[2]

Categories of data for enrollment: The UIDAI has a standard enrollment form and list of documents required for enrollment. This includes: name, address, birth date, gender, proof of address and proof of identity. Some MoUs (Memorandum of Understanding) permit for the Registrars to collect additional information in addition to what is required by the UIDAI. This could be any information the Registrar deems necessary for any purpose.

Vulnerability: The fact that a Registrar may collect any information they deem necessary and for any purpose leads to concerns regarding (1) informed consent – as individuals are in placed in a position of having to provide this information as it is coupled with the Aadhaar enrollment process (2) unauthorized collection - though the MOU between the UIDAI and the Registrar has authorized the Registrar to collect additional information – if the information is personal in nature and the Registrar is a body corporate it must be collected as per the Information Technology Rules 2011 under section 43A. It is unclear if Registrars that are body corporates are collecting data in accordance to these rules. (3) As Registrars are permitted to collect any data they deem necessary for any purpose – this leads to concerns regarding misuse of this data..[3]

Verification of Resident’s Documents: true copies of original documents, after verification are sent to the Registrar for “permanent storage.”[4]

Vulnerability: It is unclear as to what extent and form this storage takes place. There is no clarity on who is responsible for the data once collected, and the permissible uses of such data are also unclear. The contracts between the UID and Registry claim that guidelines must be followed, while the guidelines state that, “The documents are required to be preserved by Registrar till the UIDAI finalizes its document storage agency” and states that the “Registrars must ensure that the documents are stored in a safe and secure manner and protected from unauthorized access.” [5] The question of what is “unauthorized access”, “secure storage”, when is data transferred to the UIDAI and when the UIDAI will access it and why remain unanswered. Moreover, there is nothing about deleting documents once the MoU lapses. The guidelines in question were also developed post facto.

Data collection for enrollment: After verification of proof of address and proof of identity, operators at the enrolling the agency will be enrolling individuals. Data Collection is completed by operators at the enrolling agency. This includes the digitization of enrollment forms and collection of biometrics. Enrollment information is manually collected and entered into computers operating software provided by the UIDAI and then transferred to the UIDAI. Biometrics are collected through devices that have been provided by third parties such as Accenture and L1Identity Solutions.

Vulnerability: After data is collected by enrollment operators it is possible for data leakage to occur at the point of collection or during transfer to the Registrar and UIDAI. Data operators, are therefore not answerable to the UIDAI, but to a private agency; a fact which has been the cause of concern even within the government.[6] There have also been instances of sub contracting which leads to more complications in respect of accountability. Misuse[7] and loss of data is a very real possibility, and irregularities have been reported as well.[8] By relying on technology that is provided by third parties (in many cases foreign third parties) data collected by these devices is also available to these companies while at the same time the companies are not regulated by Indian law.

Import pre-enrolment data into Aadhaar enrollment client, Syncing NPR/census data into the software: The National Population Register (NPR) enrolls usual residents, and is governed by the Citizenship Rules, which prescribe a penalty for non disclosure of information.

Vulnerability: Biometrics does not form part of the Rules that govern NPR data collection; the Citizenship Rules, 2003. In many ways, collection of biometrics without amending the citizenship laws amounts to a worrying situation. The NPR hands over information that it collects to UIDAI, biometrics collected as part of the UIDAI is included in the NPR, leading to concerns surrounding legality and security of such data.

Resident’s consent: for “whether the resident has agreed to share the captured information with organizations engaged in delivery of welfare services.”

Vulnerability: This allows the UIDAI to use data in an almost unfettered fashion. The enrolment form reads, “‘‘I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services.” Informed consent, Vague. What info and with whom. Why is necessary for the UIDAI to share this information, when the organization is only supposed to be a passive intermediary? Does beyond the mandate of the UIDAI, which is only to provide and authenticate the number.

Biometric exceptions: The operator checks if the resident’s eyes/hands are amputated/missing, and after the Supervisor verifies the same, the record is made as an exception and only the individuals photograph is recorded.

Vulnerability: There has widespread misuse of this clause, with data being fabricated to fall into this category, making it unreliable as a whole. In March 2013, 3.84 lakh numbers were cancelled as they were based on fraudulent use of the exception clause. [9]

Operator checks if resident wants Aadhaar enabled bank account: The UID project was touted to be a scheme that would ensure access to benefits and subsidies that are provided through cash transfers as well as enabling financial inclusion. Subsequently, the need for a Aadhaar embedded bank account was made essential to avail of these benefits. The operator at this point checks whether the resident would like to open such a bank account.

Vulnerability: The data provided at the time of linking UID with a bank account cannot be corrected or retracted. Although this has the vision of financial inclusion, it is now a threat of exclusion.

Capturing biometrics- The UIDAI scheme includes assigning each individual a unique identification number after collecting their demographic and biometric information. One Time Passwords are used to manually override a situation in which biometric identification fails.[10] The UIDAI data collection process was revamped in 2012 to include best finger detection and multiple try method.[11]

Vulnerabilities: The collection process is not always accurate, in fact, 70% of the residents who enrolled in Salt Lake, will have to re-enroll due to discrepancies at the time of enrollment.[12] Further, a large number of people in India are unable to give biometric information due to manual labour, or cataracts etc.

After such data is entered, the Operator shows such data to the Resident or Introducer or Head of the Family (as the case may be) for validation.

Operator Sign off – Each set of data needs to be verified by an Operator whose fingerprint is already stored in the system.

Vulnerability: Vesting authority to sign off in an operator allows for signing off on inaccurate or fraudulent data. For example, the issuance of aadhaar numbers to biometric exceptions highlight issues surrounding misuse and unreliability of this function.[13]

After this, the Enrolment operator gets supervisor’s sign off for any exceptions that might exist, Acknowledgement and consent for enrolment is stored. Any correction to specified data can be made within 96 hours.

Document Storage, Back up and Sync

After gathering and verifying all the information about the resident, the Enrolment Agency Operator will store photocopies of the documents of the resident. These Agencies also backup data “from time to time” (recommended to be twice a day), and maintain it for a minimum of 60 days. They also sync with the server every 7-10 days.

Vulnerability: The security implications of third party operators storing information is greatly exacerbated by the fact that these operators use technology and devices from companies have close ties to intelligence agencies in other countries; L-1 Identity Solutions have close ties with America’s CIA, Accenture with French intelligence etc. [14]

Transfer of Demographic and Biometric Data Collected to CIDR

“First mile logistics” include transferring data by using Secure File Transfer Protocol) provided by UIDAI or through a “suitable carrier” such as India Post.

Vulnerability: There is no engagement between the UIDAI and the enrolling agencies; the registrars engage private enrolment agencies, and not the UIDAI. Further, the scope of people authorized to collect information, the information that can be collected, how such information is stored etc are all vague. In 2009, there was a notification that claimed that the UIDAI owns the database[15] but there is no indication on how it may be used, how this might react to instances of identity fraud, etc.

Data De-duplication and Aadhar Generation at CIDR

On receiving biometric information, the de-duplication is done to ensure that each individual is given only one UID number.

Vulnerability:

This de-duplication is carried out by private companies, some of which are not of indian origin and thus are also not bound by Indian law. Also, the volume of Aadhaar numbers rejected due to quality or technical reasons is a cause of worry; the count reaching 9 crores in May 2015.[16]
The MoUs promise registrars access to information contained in the Aadhaar letter, although individuals are ensured that such letter is only sent to them. [17]
General compliance and de-duplication has been an issue, with over 34,000 people being issued more than one Aadhaar number,[18] and innumerable examples of faulty Aadhaar cards being issued.[19]

[1] Enrolment Process Essentials : UIDAI , (December 13,2012), http://nictcsc.com/images/Aadhaar%20Project%20Training%20Module/English%20Training%20Module/module2_aadhaar_enrolment_process17122012.pdf

[2] UIDAI to review biometric data collection process of 60 crore resident Indians: P Chidambaram, Economic Times, (Jan 31, 2012), http://articles.economictimes.indiatimes.com/2012-01-31/news/31010619_1_biometrics-uidai-national-population-register.

[3]See: an MoU signed between the UIDAI and the Government of Madhya Pradesh. Also see: Usha Ramanathan, “States as handmaidens of UIDAI”, The Statesman (August 8, 2013).

[4]http://nictcsc.com/images/Aadhaar%20Project%20Training%20Module/English%20Training%20Module/module2_aadhaar_enrolment_process17122012.pdf

[5] Document Storage Guidelines for Registrars – Version 1.2, https://uidai.gov.in/images/mou/D11%20Document%20Storage%20Guidelines%20for%20Registrars%20final%2005082010.pdf

[6] Arindham Mukherjee, Lola Nayar, Aadhaar,A Few Basic Issues, Outlook India, (December 5, 2011), http://dataprivacylab.org/TIP/2011sept/India4.pdf.

[7] Aadhaar: UIDAI probing several cases of misuse of personal data, The Hindu, (April 29, 2012), http://www.thehindubusinessline.com/economy/aadhar-uidai-probing-several-cases-of-misuse-of-personal-data/article3367092.ece.

[8] Harsimran Julka, UIDAI wins court battle against HCL technologies, The Economic Times, (October 4, 2011), http://articles.economictimes.indiatimes.com/2011-10-04/news/30242553_1_uidai-bank-guarantee-hp-and-ibm.

[9] Chetan Chauhan, UIDAI cancels 3.84 lakh fake Aadhaar numbers, The Hindustan Times, (December 26, 2012), http://www.hindustantimes.com/newdelhi/uidai-cancels-3-84-lakh-fake-aadhaar-numbers/article1-980634.aspx.

[10] Usha Ramanathan, “Inclusion project that excludes the poor”, The Statesman (July 4, 2013).

[11] UIDAI to Refresh Data Collection Process, Zee News, (February 7, 2012) http://zeenews.india.com/news/delhi/uidai-to-refresh-data-collection-process_757251.html.

[12] Snehal Sengupta, Queue up again to apply for Aadhaar, The Telegraph, (February 27, 2015), http://www.telegraphindia.com/1150227/jsp/saltlake/story_5642.jsp#.VayjDZOqqko

[13] Chauhan, supra note 7.

[14] Usha Ramanathan, Three Supreme Court Orders Later, What’s the Deal with Aadhaar? Yahoo News, (April 13, 2015), https://in.news.yahoo.com/three-supreme-court-orders-later--what-s-the-deal-with-aadhaar-094316180.html.

[15] Usha Ramanathan, “Threat of Exclusion and of Surveillance”, The Statesman (July 2, 2013).

[16] Over 9 Crore Aadhaar enrolments rejected by UIDAI, Zee News (May 8, 2015).

[17] Usha Ramanathan, “States as handmaidens of UIDAI”, The Statesman (August 8, 2013).

[18] Surabhi Agarwal, Duplicate Aadhar numbers within estimate, Live Mint (March 5, 2013).

[19] Usha Ramanathan, “Outsourcing enrolment, gathering dogs and trees”, The Statesman (August 7, 2013).

For more details visit https://cis-india.org/internet-governance/blog/data-flow-in-unique-identification-scheme-of-india

Data Empowerment And Protection Architecture (DEPA) Workshop

Admin — 2019-05-28T02:15:14Z

On 18 May 2019 Pranav Manjesh Bidare attended a workshop on the Data Empowerment And Protection Architecture (DEPA) organised by the iSPIRT Foundation.

The workshop provided an introduction to the planned architecture for licensed account aggregators that are a part of the rollout of DEPA across the finance and telecom sectors. This account aggregator infrastructure aims to enable users to access their data more easily, and also enable them to manage consent concerning the sharing of their data. For more details see here.

For more details visit https://cis-india.org/internet-governance/news/data-empowerment-and-protection-architecture-depa-workshop

Data Breach: How will the biggest scandal that Facebook is mired in affect its credibility in India?

Admin — 2018-03-27T02:09:41Z

Facebook has not been able to catch a break lately.

The article by G. Seetharaman and Shephali Bhatt with additional inputs by Indulekha Aravind was published in the Economic Times on March 26, 2018. Sunil Abraham was quoted.

Rebuked for the misinformation spread on its platform by Russian agencies during the 2016 US presidential election, aiding Donald Trump’s victory, Facebook was on the defensive for most of 2017. Making matters worse for the Menlo Park, California-headquartered social media behemoth, another one of its past oversights has now come back to haunt it in what is undoubtedly its biggest public relations challenge.

Reports by the New York Times and the Observer of London on March 17 disclosed that a researcher linked to Cambridge Analytica (CA), a political consulting firm that worked on Trump’s campaign, had accessed details of 50 million Facebook users unbeknownst to them and shared it with CA, which uses online data to reach voters on social media with personalised messages. The reports were based on revelations by whistle-blower Christopher Wylie, who had worked with CA.

This is how it unfolded: in 2014, CA hired Aleksandr Kogan, a Soviet-born American citizen, to mine data on US voters on Facebook, through a personality quiz app. It was downloaded by 2,70,000 users, who logged in with their Facebook credentials. That enabled Kogan to access not just their data on Facebook, but also their friends’ profiles. Facebook says Kogan lied that the data was only for his research, while there was a commercial element to it as CA paid for the app. It is unclear at this point how exactly the data was used or whether it was effective.

In 2015, Facebook removed his app and sought an assurance from him that the data had been destroyed. But it later found out that the information had been passed on to CA. Facebook has since stopped apps from accessing information about a user’s friends and has even limited the data that can be collected about the user.

While the broad details of the issue have been known since 2015, the sheer number of accounts that were compromised was not known till now and has led to calls for Facebook to be deleted, with #DeleteFacebook trending on Twitter. The company, one of the world’s most valuable public companies, has shed $75 billion, or 14% of its market value, since March 16.

As Facebook spends the next few months trying to convince its users that their data is safe, India will be crucial to their plans. India is, after all, its largest market, with 250 million monthly active users, 12% of its global base, according to recent data by We Are Social and Hootsuite, firms involved in social media marketing and management, respectively.

There are other reasons why India is important to Facebook: WhatsApp, the country’s chat app of choice, has 200 million users, again more than any other market, and Instagram has 53 million. Both these apps are owned by Facebook, giving the company an outsize role in how Indians communicate.

Facebook will only grow as smartphone and internet adoption grows — India is set to add 100 million internet users and 250 million smartphone users by 2020. But at the same time, it has to deal with those wondering whether they should sign up or continue being on the network.

Soumya Sinha, a 32-year-old data consultant in Delhi, says FB is quite passive-aggressive when it comes to data. “It gives you a lot of privacy options, makes you feel you are in control of your wall, but buries an ‘unless you don’t want to share’ option at the bottom,” he says. “If you don’t opt out, it assumes you are happy to share. Even if you do, you can never be sure the non-consensual sharing has stopped.”

Privacy controls — not just on Facebook but on social media platforms in general — are not easy to find and even the most tech-savvy have a hard time ensuring the accounts are as secure as they can possibly be. “Indians are very liberal with others accessing their data. A lot of other accounts are linked to my FB account. Who knows which one of them will provide my data to others?” says Prateek Kharangar, a 30-year-old doctor in Rajasthan.

Mark Zuckerberg, Facebook’s billionaire chief executive, issued a statement on March 21 admitting that Facebook had made mistakes. He added that Facebook would do a thorough audit of suspicious apps and make its privacy policy stricter by limiting the user information it shares with third-party apps.

Facebook will also revoke permission to apps that a user has not accessed for three months and show an option at the top of the news feed, allowing users to do the same. Zuckerberg also said in a subsequent interview to the New York Times that Facebook would let concerned users know about the CA debacle. Questions sent by ET Magazine to Facebook India went unanswered. The US Federal Trade Commission and the European Union are also scrutinising the issue.

Protect Data
Facebook has faced criticism in the past, including about its facial recognition software In India, it was badly bruised in its fight against net neutrality. Its Free Basics campaign tried to push free access to a few websites, including its own, in partnership with telcos, but the telecom regulator in February 2016 ruled in favour of net neutrality. Sunil Abraham, executive director of the Centre for Internet and Society, believes sites like Facebook should periodically inform users about the data the apps have access to. “Facebook should also ask you every quarter if you want to revoke permission. It’s required in countries where users are naive, unaware and incapable of protecting their own interests.”

Many experts call for more transparency and clarity. Nayantara Ranganathan, programme manager at the Internet Democracy Project, says privacy policies are tweaked constantly and the changes the companies want us to know about are conveyed through blog posts and such, while there may be changes that we may not be aware of. Nikhil Pahwa, cofounder, Internet Freedom Foundation, says the process of notifying users of changes in terms and conditions needs to be improved. “So often, T&Cs are changed and the company just sends a generic mail to all its users. If they don’t respond, it is assumed they have agreed to the changes. That needs to change.” Some believe online consent agreements are being simplified.

While there have been calls for the privacy notice to be in local languages too, Rama Vedashree, CEO of Data Security Council of India, says that in markets like India, where millions are just being introduced to the internet, websites may have to look at pictorial representations to explain how user data will be used by third-party developers. Regardless of how intelligible tech companies make their privacy policy documents, given the number of websites we use, it is impossible to read every site’s terms. That is where a stringent law becomes necessary. “We don’t have a robust legal framework that acts swiftly, permits class action lawsuits and awards damages in tune with the harm incurred,” says Mishi Choudhary, legal director at the Software Freedom Law Center.

WHY FB CAN'T TAKE DATA SECURITY LIGHTLY IN INDIA

Source: Facebook, WhatsApp, We Are Social and Hootsuite, Ministry of Communications, Internet and Mobile Association of India

Abraham says presently only data security is covered under the Information Technology Act, 2000. “A mere infringement of your privacy without financial loss does not allow you to seek remedy.” However, India could have a data protection law sooner than later. A committee was appointed by the government last year to come up with a draft law, an important part of which will be a data protection authority. The Supreme Court, in a landmark ruling last year in a case related to Aadhaar, said privacy is a fundamental right.

The European Union’s General Data Protection Regulation (GDPR), which will come into effect in May, could be emulated in countries, including India. It makes tech companies more accountable for the privacy of those who use their services and has penalties up to £20 million, or 4% of the errant company’s global annual revenues, whichever is higher. This forced Facebook to put all of its privacy settings in one place in January.

“India must go further than Europe did with its General Data Protection Regulation, which requires companies to get unambiguous consent from users to collect data, to clearly disclose how personal data are being used, and to spell out why data is being collected. It must also ban any form of political advertising and the sale of data to third parties,” wrote Vivek Wadhwa, a tech entrepreneur and academic, in a column in ET on Friday.

In light of this controversy, there will be pressure on the government to hasten the process of introducing a data protection law, accompanied by a regulator. It is likely the draft document will draw on the European regulation. “The more we adopt from EU GDPR, the better,” says Pahwa, adding that users should also have the right to removal of personal data.

Ravi Shankar Prasad, India’s IT and law minister, has warned Facebook of stringent action if it is found influencing elections “through undesirable means”. The Indian government on Friday issued a notice to Cambridge Analytica asking if any entities engaged its services to harvest data of Indian Facebook users.

India could also take a leaf out of Germany’s playbook while enforcing data protection, especially if it involves tech companies that dominate the segment they operate in, like Google in search and Facebook in social media. Germany’s competition watchdog in December accused Facebook of abusing its dominant position to get users’ consent to access their data from third-party websites. The Competition Commission of India in February imposed a penalty of `136 crore on Google for abusing its dominant position in search to create a bias to favour its own services.

Messing Up Elections?
The ongoing controversy has been exacerbated by the fact that besides data privacy, electoral politics is at the centre of the issue. CA dug itself into a deeper hole when footage emerged of a UK television channel’s sting operation, in which the company’s top officials talk about using bribes and women to entrap their clients’ political opponents. CA has since suspended its chief executive, Alexander Nix, who was in the video. CA is partly funded by conservative US billionaire Robert Mercer, and Trump’s former White House chief strategist Stephen Bannon served on its board.

The issue has had political ramifications in India, with both the ruling Bharatiya Janata Party and opposition Congress trading charges about each other’s association with CA. The BJP has attacked the Congress by quoting news reports of talks between CA and the Congress ahead of the 2019 general election, while the Congress has hit back with a reference to the 2010 Bihar election on the CA website. The company claims that it worked on the Bihar election, reportedly through its parent Strategic Communication Laboratories, by identifying swing voters.

“Our client achieved a landslide victory, with over 90% of total seats targeted by CA being won,” says the website. The JD(U)-BJP combine was the victorious coalition. Interestingly, the company’s India partner, Ovleno Business Intelligence, is run by Amrish Tyagi, son of JD(U) leader KC Tyagi. When contacted by ET Magazine, Amrish Tyagi declined to comment. Both the Congress and the BJP have denied any ties to CA.

“We have been on social media as long as social media was around and we have always been ethical in our conduct,” says Amit Malviya, head of BJP’s IT Cell. Divya Spandana, who heads the social media team for the Congress, says the party does not engage external agencies. “We only use data with the consent of the individual, emails are subscribed to and WhatsApp is through people who have signed up to receive messages.” The BJP made good use of social media in its 2014 campaign, and Prime Minister Narendra Modi and most of his cabinet are quite active on Twitter.

Facebook, Twitter and WhatsApp will play an even bigger role in the upcoming assembly polls and the 2019 general election, WhatsApp perhaps more so than the other two, given its popularity and user engagement. “What makes WhatsApp worse than Facebook is Facebook knows what’s being sent around (on its platform). If it comes up with a fake news mitigation strategy, it might work. WhatsApp doesn’t know what’s being sent on its platform,” says Abraham.

In his New York Times interview, Zuckerberg said that after the US presidential election, Facebook developed artificial intelligence tools to identify fake accounts and fake news, which were deployed during the French presidential polls in 2017. “This is a massive focus for us to make sure we’re dialed in for not only the 2018 elections in the US, but the Indian elections, the Brazilian elections, and a number of other elections that are going on this year that are really important,” he was quoted as saying. Both government authorities and the Election Commission of India will keep a close watch on how social media is used in poll campaigns.

While things do not look up for Facebook in the immediate future, some think it will get past the issue. Vineet Sehgal, chief marketing officer of Quikr, says while marketers will take a hard look at Facebook, the company will act swiftly to change its policies.

"There is too much at stake." More and more Indians are using social media, in addition to searching for information on the internet, buying things on ecommerce sites, booking app-based cabs, and making payments and transfers on online payment platforms. They will also buy more devices, including wearables and smart speakers, which gather large amounts of data. So naturally, it is imperative that the sanctity of that data become a top priority for tech companies, consumers and the government. "The emphasis of any (data protection) law needs to be protecting people, not data. Our legislators should ask about relationships of all entities with social media and data analytics companies," says Choudhary of Software Freedom Law Center.

For more details visit https://cis-india.org/internet-governance/news/economic-times-g-seetharaman-shephali-bhatt-march-25-2018-data-breach-how-will-the-biggest-scandal-that-facebook-is-mired-in-affect-its-credibility-in-india

Dark waders

praskrishna — 2011-04-20T05:22:10Z

Akhila Seetharaman finds out why a group of artists and researchers are preoccupied with chasing shadows. This article was published in Time Out Bengaluru, Vol. 3, Issue 20, April 15 - 28, 2011.

The New Bharat Brass Band from Kalasipalayam performed an unusual ditty at the Chitrakala Parishat last month. In a typical concert, the band plays raucous renditions of the latest hit Hindi film songs, but the music at this gig had its origin in a database of photographs of the city. These images had been taken by a group of student-artists, who converted the visual data into binary codes of 0s and 1s, and then transcribed the codes into musical notation, which they asked the band to perform. The result: strange, random, almost robotic music which represented a uniquely distilled experience of the city, peppered with the band’s characteristic filmy flourishes.

This performance was one among the several experimental art projects developed by participants as part of the Space the Final Frontier project, an initiative by the Dutch Art Institute and Centre for Experimental Media Arts at Srishti School of Art, Design and Technology to get students to – as described in a introduction to the project – articulate “spaces of flux” and “index the shadow worlds” of the city.

“When we speak about mapping the city, we immediately think in terms of physical geography. We don’t usually approach it in an aesthetic or theoretical way,” said Deepak DL, an art student from Chitrakala Parishat who participated in the two-week programme. His group chose to map shadow sounds – birds, buses on the street, sounds from a bar, and pressure cookers whistling in homes – piecing together an aural landscape of the city. “This project was about mapping the non-spaces. For instance when you go to a restaurant, you rarely see what’s going on behind the wall in the kitchen. We tried to do just that using sound,” said Deepak.

“Wherever there is light, there is also shadow. For all the spaces getting attention, there are many more spaces not getting attention, but surviving and often thriving,” said Prayas Abhinav, faculty member and researcher at CEMA and one of the organisers of Space the Final Frontier. In collaboration with Renée Ridgeway, founder of an online platform for art activities called n.e.w.s., and a third collaborator Stephen Wright, Abhinav is currently working on a book which examines the distribution of human attention in the art world, based on a concept known as “attention economy”.

The trio’s fascination with the theme also led them to hunt for shadow art activities on the internet. In the course of their search they found themselves wondering how to find art online without necessarily limiting themselves to work that described itself as “art”. For Abhinav and his colleagues this became more than a technical problem, since search engines assume that users are looking for what others are looking for and throw up the most popular or valid entries first, leaving the vast majority of less popular entries in the shadow. “Lesser known artists don’t refer to themselves as ‘lesser known artists’, so finding them online via Google isn’t all that easy,” said Abhinav. “Everyone is operating in the same space with established hierarchies. Shadows exist, but how do we look for them?”

“In the 1990s we used to have a culture of community web sites that looked really bad, but were thriving hubs,” said Abhinav. He pointed out that over the decade, with the advent of search engines, the larger databases gained priority among users. To democratise search results, Abhinav and Ridgeway, along with the Centre for Internet and Society, launched the Shadow Search Project with an open call for entries in early 2010 to find an algorithm that could bring up entries that otherwise exist under the radar, through search.

“If the new currency is attention – that is, if users are supposed to pay not money but time –, certain kinds of priorities are set up and vast amounts of information will always remain invisible,” said Nishant Shah, researcher at the Centre for Internet and Society. The Shadow Search Project is intended to serve as a platform to look for these shadows and give them visibility.

The winning entry, a search engine called Narcissus, which will be demonstrated this fortnight, takes the search results of a regular search engine like Google and reverses it, such that the user gets the last page first. “The least popular results come up first, and as those become more popular, the new least popular results come up. This continues in a cyclical manner,” said Ridgeway.

Data gathered and indexed by students during the Space the Final Frontier programme will be used to test the Narcissus algorithm. “If one of the strengths of the Internet is serendipity – stumbling upon a small, but great find by chance – the idea of a search engine plug in like Narcissus that scrambles Google results and presents it in a democratic manner, definitely has appeal,” said Shah.

Read the original in Time Out Bengaluru here

For more details visit https://cis-india.org/news/chasing-shadows

Dark days for the creative class in India: Siddiqui

praskrishna — 2014-02-17T09:14:43Z

As India’s literacy rate improves, governments, courts, media, publishers and big business are all stifling free speech.

Haroon Siddiqui's article was published in thestar.com on February 16, 2014. Pranesh Prakash is quoted.

In contrast to North America and Europe, India’s book publishers, newspapers and TV/radio stations are doing well, thanks to a rising literacy rate and a growing middle class. Authors, artists, journalists and filmmakers are enjoying big audiences and relatively good paycheques. Yet, paradoxically, free speech has never been so imperilled in the world’s largest democracy, for several reasons.

Governments are using colonial-era laws to stifle free speech. The lower courts and police are caving in to religious bigots who demand bans on what they don’t want to see and hear. Vigilante groups are using goon tactics to intimidate the creative class. Big business is slapping lawsuits and creating libel chill. Publishing houses are capitulating to legal, political and economic pressure. The media are too busy mollycoddling governments and advertisers to stand up for free speech.

Legal framework

The constitution guarantees free speech but, as in Canada and several European nations, it also imposes “reasonable restrictions” to maintain peace and public order. The Supreme Court has set a high bar for imposing any restrictions, yet both the federal and state governments routinely shut down anything that might flare communal riots, especially between Hindus and Muslims — a real and ever-present danger. Politicians don’t want blood on their hands to uphold the right of a preening writer to poke people in the eye. Critics counter that the political class doesn’t really care for intellectual freedom.

Libel and defamation laws criminalize speech and prescribe jail terms. This, again, is not much different than, say, the Canadian Criminal Code, under which those convicted of hate speech may be jailed for up to three years. (That’s what we are left with after the Stephen Harper Conservatives axed the civilian remedy that was available under the Human Rights Act.)

India’s Anti-Sedition Act prohibits words and actions that may cause “hatred or contempt or disaffection” toward government. This is used even against journalists, activists and those protesting government policies. As many as 6,000 farmers and fishermen were charged for opposing a nuclear plant along the southeast coast.

The Penal Code makes it an offence, punishable by up to three years in jail, to hurt anyone’s religious sensibilities; promote enmity between different religious groups; circulate “any statement or report containing rumour or alarming news with intent to create or promote, or which is likely to create or promote, on grounds of religion, race, place of birth, residence, language, caste or community feelings of enmity,” etc., etc.

Worse, the code allows anyone offended by anything to demand that the offensive material be removed.

Indians are easily offended, indeed are “desperate to be offended,” jokes novelist Manu Joseph. The milieu allows religious leaders and politicians to stoke real or imagined grievances and rush to the courts and the police, both of which usually cave in rather than risk the wrath of frenzied protesters.

“Instead of protecting the right of free expression, the state defends the offended,” writes Salil Tripathi on the website Index on Censorship.

Adds Kian Ganz, editor of the website Legally India: “Many of these British-colonial laws were written and enforced to ‘control’ a multi-ethnic and religious population. Yet they are still around and are regularly used to stifle free speech.”

Religious bigotry

While we hear mostly of angry Muslims taking offence to alleged insults to Islam — the 1988 ban on Salman Rushdie’s The Satanic Verses being the prime example — increasingly it is Hindu fundamentalists who have been agitating successfully against what they do not like.

“Hindu bigots have matched, or perhaps even outperformed, their Islamic counterparts,” writes Ramachandra Guha, India’s pre-eminent historian. He was condemning Penguin India’s decision last week to recall and pulp American academic Wendy Doniger’s The Hindus: an Alternative History, under pressure from a Hindu group that said the 2009 book contained “heresies” and was focused on “sex and eroticism.”

There has been no bigger victim of Hindu wrath than the late M.F. Hussain, the “Picasso of India.” His priceless work was vandalized, he was slapped with hundreds of lawsuits and threatened with death for painting Hindu deities in the nude. He went into exile in Doha, Qatar, where I spoke to him on the phone in 2011 and heard his pain at having been hounded out of his beloved India. We agreed to meet later but he died soon after, at age 95.

Last year, India’s leading intellectual Ashish Nandy was threatened with arrest for ostensibly offending Dalits (Hindus of a lower caste, formerly known as untouchables).

In 2012, Mumbai police arrested a young woman who complained on Facebook about the shutdown of the city of 18 million on the death of Bal Thackeray, leader of a chauvinist regional Hindu party. Another woman who “liked” the page was also detained,both for “hurting religious sentiments.”

In 2011, the western state of Gujarat stopped the sale of American journalist Joseph Lelyveld’s biography of Mahatma Gandhi, which suggested that the great leader may have had a sexual relationship with a male German architect. The chief minister (premier), Narendra Modi, is now the prime ministerial candidate of the Hindu nationalist Bharata Janata Party for federal elections in May, which he is favoured to win.

In 2010, Canadian author Rohinton Mistry’s 1995 book, A Fine Balance, was removed from the syllabus of Bombay University, his alma mater, following objections by a student, the grandson of Thackeray. The head of the university’s English Department had to go into hiding after receiving death threats.

In 2008, Delhi University expunged from its history course an essay by A.K. Ramanujam on Hinduism following complaints by a Hindu group, and Oxford University Press India temporarily stopped printing it.

Other examples:

In 2007, a court issued an arrest warrant for actor Richard Gere for kissing Bollywood actress Shilpa Shetty, following complaints by irate Hindus. An institute in the western city of Pune was vandalized because American academic James Laine had done part of his research there for his book, Shivaji: Hindu King in Islamic India. An art gallery in Bangalore hastily removed partially nude pictures of Hindu deities fearing retaliation by a Hindu moral squad.

Guha, the historian, once suggested that both Rushdie and Hussain, one pilloried by Muslims and the other by Hindus, be conferred India’s highest civilian honours. “That would have been a blow for artistic freedom. And it’d have equally offended Hindu and Islamic bigots.”

Libel chill

There has been a steady rise in what free speech advocates see as nuisance lawsuits by corporate houses, businessmen and political parties.

In December, Jitender Bhargava, executive director of Air India until 2010, saw his book on the national airline withdrawn by Bloomsbury India, allegedly under political pressure.

The same month, another book, Sahara: The Untold Story, on the controversial finance and real estate conglomerate, was held back under a court order.

In 2011, Penguin removed a chapter in The Beautiful and the Damned from its Indian edition after Arindam Chaudhuri, who runs business schools, sued about his profile in it. He also sued Caravan, a journal of politics and culture, for an article on how he had “made a fortune off the aspirations and insecurities of India’s middle class.” The Delhi-based businessman still has the Delhi-based magazine entangled in the case he filed in a jurisdiction 1,750 kilometres away — and 300 kilometres from the nearest airport.

Penguin also held back a biography of J. Jayalalithaa, chief minister of the southern state of Tamil Nadu, who had a stay order issued against it.

In 1998, a book about the head of a textile conglomerate, Dhirubhai Ambani, was not published in India after the publisher was threatened with lawsuits. A second edition of The Polyester Prince was issued in India but with the offending material cut out.

It is difficult for outsiders, especially without the benefit of reading the materials in dispute, to judge the timidity of the publishers. But there’s no questioning the creeping self-censorship.

Obeisant media

Vinod Jose, executive editor of Caravan, writes in its annual media issue:

“Media owners bargained with the government to secure lucrative licences to mine coal blocks in return for their power to influence the public. Editors got caught on tape striking deals with lobbyists but remained arrogantly unapologetic. Owners fired political editors who wrote about politics independently . . . Forbes India pulled a story because it irked the finance ministry.”

Jose said that in 2013, the year surveyed, “the dominant mood of the press was docility.” If in the 1950s and 1960s, the media served the state, now they serve big business. They have begun to expose government corruption but remain mostly mum on corporate malfeasance. The Times of India, the country’s largest English daily, takes equity in some companies it provides advertising space to.

State surveillance

India, like the United States and other democracies, is under heavy criticism for invasion of citizen privacy under sweeping state surveillance, especially by its eight intelligence agencies that operate under mostly secretive powers.

“The real problem is that we don’t know what powers they do have — we only know bits and pieces about the Centralised Monitoring System (CMS), from some tender documents that indicate that the government intends to track web usage, phone calls, text messages and map location information, apparently without the knowledge of even telecom operators,” says Nikhil Pahwa of MediaNama (Media Journal), a website that provides news and analysis of digital media. “The issue is even less obvious here than that of the NSA,” the National Security Agency in the United States.

“The rules give the Indian government the ability to gag free speech, and block any website it deems fit, without publicly disclosing why or who blocked it — or providing adequate recourse for getting the block removed.”

“Intelligence agencies are not answerable to parliament, only to the Home ministry,” says Anja Kovacs of the Centre for Internet and Society. There are few checks and balances, little or no civilian oversight.

“The Indian government’s centralized monitoring is chilling, given its reckless and irresponsible use of the sedition and Internet laws,” says Human Rights Watch. “New surveillance capabilities have been used . . . to target critics, journalists and human rights activists.”

“Every month at the federal level, 7,000 to 9,000 phone taps are authorized or re-authorized,” writes Pranesh Prakash, policy director for the Centre for Internet and Society.

Conclusion

It is useful to remember that whatever is true of India, the exact opposite may also be true. So, while the situation is getting bleaker on the free speech front, in India the state is not the sole culprit, unlike in Russia, China or other authoritarian places. India also has a vibrant civil society that’s hammering away — is free to hammer away — at the need for a liberal polity to be liberal. The intellectuals, activists and NGOs I have quoted, testify to that. Here’s another:

The PEN All-India Centre in Mumbai and the newly formed Delhi Pen, both part of the global network of writers dedicated to free speech, said this last week:

“The removal of books from our bookshops, bookshelves and libraries, whether through state-sanctioned censorship, private vigilante action or publisher capitulation are all egregious violations of free speech that we shall oppose in all forms at all times.”

For more details visit https://cis-india.org/news/the-star-op-ed-february-16-2014-haroon-siddiqui-dark-days-for-creative-class-in-india

Darjeeling’s e-commerce Crumbles after 100 days sans Internet

Avijit Sarkar — 2017-12-20T03:16:40Z

Strap: The shutdown on ground and that of the internet have together hurt the economy critically

Darjeeling, West Bengal: Chitra Dutta, 80, owner of a courier service in Darjeeling called Turant, says the 108 days of bandh (strike), including the 100-day ban on internet, had almost paralyzed her business. The shutdown on ground and that of the internet led to courier packages being undistributed for three months. Despite suffering severe loss of revenue, Dutta says she had to pay her employees’ salaries during the bandh, and “it won’t be before March next year” that she will be able to make up for the losses.

When Darjeeling suffered 108 days of bandh called by the Gorkha Janmukti Morcha (GJM) to press their demand for a separate state of Gorkhaland, the worst hit were businesses in the hills. What made it even more difficult for traders to cope up with the loss was the complete absence of internet services, as several of them depended on the medium to run their operations.

GJM’s movement for Gorkhaland picked up momentum when Mamata Banerjee’s Trinamool Congress (TMC) government tried to impose Bengali as a compulsory subject for all schools in West Bengal in early 2017. GJM party chief Bimal Gurung called for an indefinite bandh of all activities in the hills from June 15. It led to several incidents of arson, violence and deaths in retaliatory police action. From June 18, internet services were banned in Darjeeling and Kalimpong. The ban was lifted on September 25.

Dutta’s Turant, a third-party firm, has a tie-up with major courier service providers Bluedart and Ecospeed to distribute their consignments in Darjeeling and around. Another major player in the delivery business, Amazon, had finalized Turant as its service provider in the hills just before the internet ban, but the deal remained in a dicey state after the situation worsened and Darjeeling was cut off from rest of the state, she says. Her business largely depends on a software to track the goods and communicate with business providers and customers, but the prolonged breakdown of internet has brought it to a halt. Dutta says they used to deliver around 40 parcels per day before the shutdown, but no business materialized during the bandh.

Bitter days for tea trade

Girish Sarda, a third generation owner of Nathmulls Tea and Sunset Lounge, an online-cum-retail business outlet that exports Darjeeling tea, says he is disappointed with the state of affairs in the hills.

“Ninety per cent of my business is internet-based. In international trading if you stop supplies to your client for three months, they will source tea from elsewhere to run their business. Clients from Japan started asking me how I was surviving,” says Sarda.

Explaining the losses he faced due to the internet shutdown, he says, “Only 5% of my business is operational at present. I have six months of tea produce and I don’t know how I am going to sell that. It will take months for me to get back on my feet. I’m gone. Things are still hazy here and god only knows when the situation will return to normal.”

The harvest season’s second plucking (of tea leaves), called the second flush, is considered to provide high quality premium tea, and draws the best price. The shutdown in Darjeeling overlapped with the second and the third flush, which occur between the months of June and August, and October and November, respectively. Sarda says, “The bandh ensured there was no second flush and a poor third flush. The entire tea industry has seen the worst phase ever. It may take three years to get back to normalcy.”

Darjeeling produces around 8.9 million kg of tea per annum. Of this, around 20 lakh kg is premium tea and sold at high price, according to S K Saria, owner of Rohini and Gopaldhara Tea Estates. While 80% of the tea produce is sold through auction in Siliguri and Kolkata, the rest is sold directly by traders in Kolkata and Darjeeling, including the 45-60kg tea per day sold online.

Hotel business too saw a downfall in the Darjeeling hills. Vijay Khanna, secretary of Gorkha Hotel Owners Association, says, “Most of the hotel bookings are done online, and we need the internet to check these. The sudden shutdown has left the hotel industry in a bad shape. Clients from abroad could not be informed of the sudden closure of all establishments and few even failed to understand what a bandh is.”

“It was and still is a very difficult time for the industry. Neither the state nor the central government is interested in our plight. There are just a handful of tourists here. Darjeeling hills are out of business,” Khanna says.

Restraining GJM's 'message'

Bimal Gurung, the GJM chief who floated the party in 2007 to capitalize on the growing public disenchantment with Subhash Ghisingh’s way of leading Gorkha National Liberation Front (GNLF), realised the power of internet and social media early on, and utilized the medium to push the propaganda for Gorkhaland statehood through his party.

Several audio and video messages, where Gurung alleges the present TMC government and the chief minister of dividing the hill people by creating separate bodies for each tribe and taking them for a ride, had been going around on WhatsApp and other platforms before his call for an indefinite strike in Darjeeling. West Bengal government responded to the GJM’s call for strike with a heavy hand, initiating police action against protesters and raiding Gurung’s home and offices. However, the Gorkha community residing in the Dooars and Terai region kept on getting his messages throughout the shutdown period as internet was on in these regions.

The movement only kept the Gorkhas away from critical resources like internet that fortify their market, it has not led to any productive dialogue towards statehood yet. The combined effect of internet ban and indefinite strike has hurt the economy of the hills so bad that it will take months to recover. However, people are still unsure about the recovery.

Avijit Sarkar is a Siliguri-based journalist and a member of 101Reporters.com, a pan-India network of grassroots reporters.

Shutdown stories are the output of a collaboration between 101 Reporters and CIS with support from Facebook.

For more details visit https://cis-india.org/internet-governance/blog/darjeeling2019s-e-commerce-crumbles-after-100-days-sans-internet

Danish Expert Group on Data Ethics

Admin — 2018-12-01T04:42:42Z

Amber Sinha was one of the stakeholders who provided inputs to the Danish Expert Group on Data Ethics in June 2018 during their visit to New Delhi. The Expert Group has prepared and submitted its final report.

In April the Danish Expert Group on Data Ethics commenced work on developing recommendations on Data Ethics for the Danish Government. The expert group have now handed over their recommendations to the Danish Minister of Industry, Business and Financial Affairs. Read the report.

For more details visit https://cis-india.org/internet-governance/news/danish-expert-group-on-data-ethics

Dadri reopens debate on online hate speech

praskrishna — 2015-10-11T05:42:02Z

The friction between free speech and hate speech has become newly intense because of social media. Twitter reflected the turmoil after the lynching of Mohammed Akhlaq in Dadri, Uttar Pradesh, when some tweets justified the murder as a legitimate reaction against cow-slaughter, trending the hashtag #cowmurderers.

The article by Amulya Gopalakrishnan was published in the Times of India on October 9, 2015. Pranesh Prakash gave inputs.

"Jo bhi gau ka mans khaye, use aur uske parivar ko turant maar do (those who eat beef should be killed along with their families)" is just one example of the kind of tweets that got an FIR filed against the handle. The UP police also booked a person for spreading inflammatory rumours about cow-smugglers killing a police officer.

Their comrades immediately alleged censorship, and various profiles with pictures of weapon-brandishing deities rallied under hashtags of support. Taslima Nasreen summed up their grievance, claiming that "free speech allows hate tweets".

There are, of course reasonable restrictions to free speech when it looks likely to spiral into violence, what a 1989 Supreme Court judgment called a "spark in a powder keg" situation. The IPC has Section 153A, 153B, 295 and 505 and more, which curb speech that promotes enmity between groups on the basis of religion, race, place, birth or language, defiles places of worship, insults religious sentiments, creates public mischief and so on. But social media presents an almost daily dilemma, and makes it clear that it is time for more discriminating decisions on what kinds of extreme speech can be gagged. As the SC judgment knocking down the over-broad Section 66A of the IT Act noted, discussion and advocacy , however, hateful or prejudiced, are not incitement.

All hate speech seeks to sharpen tensions, but not all such speech is equally damaging. As Pranesh Prakash, policy director of the Centre for Internet and Society , Bangalore, puts it, "freedom of speech operates within fields of power".Hate speech either aims to taunt and diminish a minority, or tell others in an in-group that their feelings are shared.Different countries make their own judgment calls as they balance these two values, both fundamental to a democracy: free expression and the defence of human dignity and inclusion.

Internet intermediaries, ISPs or powerful private corporations like Twitter and Facebook, have to comply with court orders and official government requests, but they are not always on the same page about unacceptable content. For a company like Twitter, for instance, the need to preserve individual voices, however discordant, is more valuable than the need to create a more perfect public sphere. It advised offended users to simply block controversial content, though recently , it has begun to consider "direct, repeated attacks on an individual" a potential violation too.

Susan Benesch, of Harvard University's Berkman Center, has suggested a framework to identify a dangerous speech act, which factors in the profile of the speaker, the emotional state of the audience, the content of the speech itself as a call to action, the social context in which it occurs, and the means used to spread it.

The UP police has a social media lab to track and scotch rumours. "That's how we recently busted a false story about a khap panchayat ordering gangrapes," says a UP police official who did not wish to be named. Rather than appealing to the social media company for takedowns -an onerous process, and one where provocations are often difficult to explain -it is easier to find and deal with the source of the content, he says. One can identify problematic material either by location or keywords, says Ponnurangam K, assistant professor at IIIT, Delhi, who has developed the social network analytics tool used by UP police. Given the speed and scale of the internet and the volume of user-generated content, legal curbs cannot be invoked for every instance of hate speech. "It is far more feasible to monitor these rumours and take preventive action on the ground, where the harm is likely to be felt, and to use the same medium to counter the rumours with truth," says Prakash. Social media was assumed to have responsible for spreading the 2011 riots in the UK, but it turned out to be even more effective in stemming the contagion, righting rumours and helping law enforcers.

During the 2013 general election in Kenya, the Umati project trawled social media for trending hate content and tried to counter its effects by exposing and shunning those advocating violence. A repository called Hatebase tries to identify local words and phrases that indicate brewing trouble, to make it easier to find the active signals of threat from the low-level hum -repeated references to cow meat in India, or "sakkiliya", a Sinhala word to disparage Tamils in Sri Lanka.

"The government should work with platforms to find the nodes of dangerous speech, to counter them, and support campaigns for those victimised," says Chinmayi Arun, research director of the Centre for Communication Governance at the National Law University, Delhi, who is leading a three-year project on online hate speech, in collaboration with the Berkman Center.

It is far more effective to boost media literacy, help people sniff out bias and propaganda, understand how photos can be morphed and fake videos passed off as real. "Law enforcers need the imagination and patience to develop these strategies, rather than try to censor controversial speech wherever possible," she says.

Of course, when IT cells of political parties are the fount of the most of these excitable handles, that's easier said than done.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-amulya-gopalakrishnan-october-9-2015-dadri-reopens-debate-on-online-hate-speech

CyFy 2018

Admin — 2018-10-08T15:36:40Z

Swaraj Paul Barooah and Arindrajit Basu participated in CyFy 2018 organized by Observer Research Foundation at Hotel Taj Mahal, New Delhi from October 3 - 5, 2018.

Click to see the agenda

For more details visit https://cis-india.org/internet-governance/news/cyfy-2018

CyFy 2017

Admin — 2017-11-26T09:36:25Z

CyFy is a conference on internet governance and cyber security organised by the Observer Research Foundation (ORF) in New Delhi between 2 and 4 October 2017. Sunil Abraham was a speaker.

Sunil Abraham was a speaker on a panel titled "Security Through Identity?" on the 4 October 2017 and chaired an invite only session titled "Encryption: The End of Surveillance?" on the 3rd of October, 2017. Saikat Dutta and Udbhav Tiwari also participated in the encryption session. Saikat was a speaker in a session titled "Digital Vulnerabilities: Capacity Building for Tackling Cyber Crime" on 3 October 2017. Udbhav Tiwari chaired a session titled "Dangerous Disclosures: Cyber Security Incident Reporting" on 4 October 2017.

Conference agenda here

For more details visit https://cis-india.org/internet-governance/news/cy-fy-2017

CYFY 2016 - The India Conference on Cyber Security and Internet Governance

praskrishna — 2016-09-13T15:23:59Z

Sunil Abraham will participate as a panelist at CYFY 2016 event organized by Observer Research Foundation in New Delhi from September 28 to 30, 2016.

Into its fourth edition this year, CyFy: The India Conference on Cyber Security and Internet Governance has emerged as a global platform to discuss, debate and deliver digital policy solutions. CyFy 2015 featured nearly 110 participants from over 33 countries, with nearly 800 delegates in attendance. Prominently, the conference sessions featured several experts from Africa and the Asia Pacific, who addressed the policy priority of connecting the next billion. The 2016 iteration of CyFy will highlight the political, economic and strategic questions that underpin this imperative.

Download the Agenda

See the announcement on CYFY website or write to Samir Saran at ssaran@orfonline.org or Arun at arun.sukumar@orfonline.org for more details on the conference.

For more details visit https://cis-india.org/internet-governance/news/cyfy-2016-the-india-conference-on-cyber-security-and-internet-governance-4th-edition

Cyfy 2015: The India Conference on Cyber Security and Internet Governance

praskrishna — 2015-10-17T14:44:42Z

In its third year, Cyfy; South Asia’s biggest internet policy conference is being held in New Delhi, from 14-16 October, 2015. The event is organized by Observer Research Foundation at Hotel Taj Mansingh. Sunil Abraham is a panelist in the session "Protection of Intellectual Property and Business Secrets in the Knowledge Economy".

Building on its scope and scale of the previous year — over 55 speakers, from 12 countries, with 350 attendees — the conference discusses issues that affect the emerging world and developed world alike. The conversations will further and widen the debate around internet governance, security, surveillance, freedom of expression, norms of state behaviour, technology and specific societal challenges that emerging and developing countries seek to address by the effective design and deployment on these technologies. In 2015, Cyfy will bring together more experts from South Asia, in order to present new thought on the specific challenges of internet access, policy and regulation, e-governance, financial inclusion, and bottom of the pyramid solutions.

Along with its growing network of both Indian and international partners, ORF looking forward to hosting another thought-provoking and productive few days, and bridging some digital divides in contemporary internet cyber policy debates.

Protection of Intellectual Property and Business Secrets in the Knowledge Economy

Over the past decade, there has been an exponential rise in cyber-enabled theft of intellectual property, and it has been recognized as an unfair predatory practice. With the rise of the globalized knowledge economy, the stability of open trading systems increasingly depends on cross-border IP protection. What is the relevance of the protection of intellectual property and business secrets for economic development and stability of the international trading system?

Download the agenda For more info visit here.

For more details visit https://cis-india.org/internet-governance/news/cyfy-2015-india-conference-on-cyber-security-and-internet-governance

CYFY 2013: India Conference on Cyber Security and Cyber Governance

praskrishna — 2013-09-26T06:50:15Z

The Observer Research Foundation in collaboration with the Federation of Indian Chambers of Commerce and Industry is holding the India Conference on Cyber Security and Cyber Governance at the Oberoi Hotel in New Delhi on October 14 and 15, 2013. Sunil Abraham will participate in this event as a speaker.

Click to download the full details in the event brochure.

Shri Kapil Sibal, Minister of Communications & Technology will give the inaugural address. Shri Shivshankar Menon, National Security Advisor, Government of India will give the keynote address. Shri Shashi Tharoor, Minister of State, Human Resource Development, Government of India will give the dinner table address on October 14.

On the second day, October 15, Minister Jaak Aaviksoo will give the keynote address and Shri Nehchal Sandhu, Deputy National Advisor, Government of India will give the valedictory address.

List of Speakers

Kapil Sibal, Minister for Communications and Information Technology, India
Shivshankar Menon, National Security Advisor, Government of India
Shashi Tharoor, Minister of State for Human Resource Development, India
Nehchal Sandhu, Deputy National Security Advisor, Government of India
A.P. Shah, Former Chief Justice, Delhi High Court
Arvind Gupta, Director General, Institute for Defence Studies and Analyses, India
Ashish Chauhan, CEO, Bombay Stock Exchange
C. Raja Mohan, Distinguished Fellow, ORF
Christopher Painter, Office of the Coordinator for Cyber Issues, Department Of State, USA
Dirk Brengelmann, Commissioner for International Cyber Policy, Federal Foreign Office, Germany
Eric H. Loeb, Vice President, International External Affairs, AT&T
Gabriel Siboni, Director, Cyber Warfare Program, Institute for National Security Studies, Tel Aviv University, Israel
Jaak Aaviksoo, Minister of Education and Research of the Republic of Estonia
Jamie Shea, Deputy Assistant Secretary General, Emerging Security Challenges, NATO
Joe Sullivan, CSO, Facebook
John Mallery, Research Scientist, MIT Computer Science & Artificial Intelligence Laboratory, USA
Maurizio Martellini, Secretary General, Landau Network-Centro Volta and IWG Executive Secretary, Italy
Michael Cheatham, Head U.S. Representative Office, Indo-US Science and. Technology Forum, USA
M.M.Oberoi, Indian Police Service, Joint commissioner of Police, Delhi Police, Government of India
Oleg Demidov, The Russian Center for Policy Studies, Russia
Peter Grabosky, Researcher, Australian National University, Australia
Prakash Nagpal, Senior Vice President, Product Marketing and Marketing, Narus
Rajan Mathews, Director General, Cellular Operators Association of India
Ram Narain, Deputy Director General (Security), Department of Telecommunication (DoT), Government of India
Sandro Gaycken, Freie Universität Berlin, Institute of Computer Science, Germany
Sean Kanuck, National Intelligence Officer for Cyber Issues, Office of the Director of National Intelligence, USA
Sunil Abraham, Executive Director, Centre for Internet and Society, Bangalore
Vijay Madan, Chief Mentor, Tata Teleservices (former Director, C-DOT), India
Vivke Lall, President & CEO, Reliance Industries Limited

For more details visit https://cis-india.org/news/india-conference-on-cyber-security-and-cyber-governance

Cyberstalkers, the new bullies in town

praskrishna — 2016-07-04T02:44:39Z

The advent of social media and an increase in accessibility has led to increasing concerns with regard to cyber safety.

The article by S. Poorvaja was published in the Hindu on July 4, 2016. Pranesh Prakash gave inputs.

Bombarded with messages, poems and photographs from a cyber stalker across multiple social networking platforms, Shradha Muralidharan, a consultant in the city, said that being curt and asking the stalker to stop bothering was of no use.

“I initially did not want to engage with him as I was afraid that it would only provoke him more. But then ignoring him did not help as well and I was forced to speak to him. He, however, went ahead and contacted a host of my friends on these sites and asked them if they could introduce me to him,” she recalled.

Cyberstalking is now on the increase with people being flooded with messages and having their information online manipulated and used to threaten them with.

Vandhana,* an engineer from the city, says she thinks twice before posting content online — be it on her Instagram or her Facebook profile.

“Despite having adequate privacy tools, I later found that my photos and other information were being shared by a colleague who was on my friends’ list to his friend, who then proceeded to cyberstalk me,” she said.

What to share?

While multiple tools that social media sites offer do allow people to mute, block or even report people, Pranesh Prakash, Policy Director for the Centre for Internet and Society, said technical restrictions didn’t play much of a part in a situation where information one posts to a private audience is shared further, without their consent.

“Trust plays a large role in what you share online since someone can find a way to get around technological restrictions. While there are some violations that can be addressed by the law, a few cannot be, and it is important for people to be aware of the legal provisions that exist,” he added.

Be it social media meet-ups, Facebook friends catching up outside of the virtual world or web writers meeting to brainstorm ideas, the last five years have seen a gradual increase in such socialising and new safety concerns have cropped up.

Karthika, a chartered accountant from the city who went through an unpleasant experience of being stalked on social media sites and cyber-bullied, said that while the police were helpful when she sought them out, she was also constantly questioned as to why she was befriending people online in the first place.

“I tried not to keep mum about what was happening to me but was also simultaneously told by people that it would seem like I was drawing unnecessary attention to myself if I made public what was happening to me. More people should come forward and support the person who is getting stalked, rather than be intimidated,” she said.

The use of internet, email or any form of electronic communication to contact and harrass a person who has expressed disinterest, and to cause them trauma is what qualifies as Cyberstalking

To prevent misuse of information, social media users can use privacy tools and settings that enable them have a control on who vies their information

With smartphone apps for social media sites that have access to the user's location, caution must be exercised by the user in knowing who is privy to such information

With children being active online as well, the use of parental control softwares that helps monitor the content they share is necessary as they are vulnerable victims to stalking and cyber bullying

Knowledge about the cyber crime laws and where/whom to report incidences of the same to.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-s-poorvaja-july-4-2016-cyberstalkers-the-new-bullies-in-town

Cyberspying: Government may ban Gmail for official communication

praskrishna — 2013-09-02T04:19:53Z

The government will soon ask all its employees to stop using Google's Gmail for official communication, a move intended to increase security of confidential government information after revelations of widespread cyberspying by the US.

This article was published in the Times of India on August 30, 2013. Sunil Abraham is quoted.

A senior official in the ministry of communications and information technology said the government plans to send a formal notification to nearly 5 lakh employees barring them from email service providers such as Gmail that have their servers in the US, and instead asking them to stick to the official email service provided by India's National Informatics Centre.

"Gmail data of Indian users resides in other countries as the servers are located outside. Currently, we are looking to address this in the government domain, where there are large amounts of critical data," said J Satyanarayana, secretary in the department of electronics and information technology.

Snowden fallout

The move comes in the wake of revelations by former US National Security Agency contractor Edward Snowden that the US government had direct access to large amounts of personal data on the internet such as emails and chat messages from companies like Google, Facebook and Apple through a programme called PRISM.

Documents leaked by Snowden showed that NSA may have accessed network infrastructure in many countries, causing concerns of potential security threats and data breaches. Even as the new policy is being formulated, there has been no mention yet of how compliance will be ensured.

Several senior government officials in India, including ministers of state for communications & IT Milind Deora and Kruparani Killi, have their Gmail IDs listed in government portals as their official email.

A Google India spokeswoman said the company has not been informed about the ban, and hence it cannot comment on speculation. "Nothing is documented so far, so for us, it is still speculation," Google said in an email response.

A senior official in the IT department admitted on condition of anonymity that employees turn to service providers such as Gmail because of the ease of use compared with official email services, as well as the bureaucratic processes that govern creation of new accounts.

"You can just go and create an account in Gmail easily, whereas for a government account, you have to go through a process because we have to ensure that he is a genuine government user."

Last week, IT Minister Kapil Sibal said the new policy would require all government officials living abroad to use NIC servers that are directly linked to a server in India while accessing government email services. Sibal said there has been no evidence of the US accessing Internet data from India.

Sunil Abraham, executive director of Bangalore-based research firm Centre for Internet and Society, said he agrees with the government's decision to ban Gmail for official communication and that any official violating this needs to be punished.

"After Snowden's revelations, we can never be sure to what extent foreign governments are intercepting government emails," he said. Abraham, however, called the government's decision a "late reaction", as the use of Gmail and other free email services by bureaucrats has increased in the past.

"Use of official government email would also make it easier to achieve greater transparency and anti-corruption initiatives. Ministers, intelligence and law enforcement officials should not be allowed to use alternate email providers under any circumstance."

For more details visit https://cis-india.org/news/times-of-india-august-30-2013-cyberspying-govt-may-ban-gmail-for-official-communication