All Blogs
- What is risk- risks in releasing development data and PII
- What kinds of risks are there
- Risk to whom?
- Risks in dealing with PII, discussed by way of several examples
- What is missing from the world
- Kinds of risk:
- physical harm:
- i. security issues
- ii. hate speech
- iii. voter issues
- iv. police action
- Legal harms- to explain what can be legal harms posed in releasing or sharing data, an example was discussed of an image marking exercise of a military camp wherein people joined in, marked military equipment and discovered people who are from that country.
- Reputational harm as an organization primarily.
- Privacy breach- which can lead to all sorts of harms.
- Risk to whom?
- i. Data collectors
- ii. Data processing team
- iii. Person releasing the data
- iv. Person using the data
- PII:
- What is missing from the world?
Human DNA Profiling Bill 2012 v/s 2015 Bill
This entry analyses the Human DNA Profiling Bill introduced in 2012 with the provisions of the 2015 Bill
Pervasive Technologies: Working Document Series - Research Questions and a Literature Review on the Actor-Network Theory
This document is divided into two parts - the first part lays out a series of research questions, potentially seeking to apply actor-network theory as a research methodology. The second part seeks to map literature around the Actor-Network Theory ("ANT") as a research methodology.
More On Those Dropped Calls
A basic problem is that the cost of spectrum and licences relative to earnings is too high, structurally.
Data Flow in the Unique Identification Scheme of India
This note analyses the data flow within the UID scheme and aims at highlighting vulnerabilities at each stage. The data flow within the UID Scheme can be best understood by first delineating the organizations involved in enrolling residents for Aadhaar. The UIDAI partners with various Registrars usually a department of the central or state Government, and some private sector agencies like LIC etc– through a Memorandum of Understanding for assisting with the enrollment process of the UID project.
CIS brings Nadustunna Charithra magazine under by CC BY SA licence
As a part of its content donation initiative, the Centre for Internet & Society's Access to Knowledge team (CIS-A2K) has brought all issues of Nadustunna Charithra magazine under Creative Common Licence.
Response by the Centre for Internet and Society to the Draft Proposal to Transition the Stewardship of the Internet Assigned Numbers Authority (IANA) Functions from the U.S. Commerce Department’s National Telecommunications and Information Administration
This proposal was made to the Global Multistakeholder Community on August 9, 2015. The proposal was drafted by Pranesh Prakash and Jyoti Panday. The research assistance was provided by Padmini Baruah, Vidushi Marda, and inputs from Sunil Abraham.
Supreme Court Order is a Good Start, but is Seeding Necessary?
This blog post seeks to unpack the ‘seeding’ process in the UIDAI scheme, understand the implications of the Supreme Court order on this process, and identify questions regarding the UID scheme that still need to be clarified by the court in the context of the seeding process.
Are we Throwing our Data Protection Regimes under the Bus?
In this blog post Rohan examines why the principle of consent is providing us increasingly less of an aegis in protecting our data.
Training in eSpeak Hindi
NVDA team conducted a workshop at Jeevan Jyoti School for the Blind, Varanasi from August 26 to 28, 2015. Eighty five students and 13 teachers took part in the training programme.
Governing Speech on the Internet: From the Free Marketplace Policy to a Controlled 'Public Sphere'
This post by Smarika Kumar is part of the 'Studying Internets in India' series. Smarika is a consultant with Alternative Law Forum, Bangalore. She is interested in issues concerning law and technology. In this essay, Smarika explores how through the use of policy and regulation, the private marketplace of the internet is sought to be reined in and reconciled to the public sphere, which is mostly represented through legislations governing the internet.
"Sau Dhuni Teen" project: Wikipedia workshop in TISS, Mumbai
A two-day multilingual Wikipedia workshop was organised at the Women's Studies Department of Tata Institute of Social Sciences (TISS), Mumbai during the 22nd through the 24th August. This was one of the outreach events under the scope of the "Sau Dhuni Teen" project that aims at bringing digital content on 100 notable persons, 100 key books, and 100 key concepts relating to women's studies, gender studies, and more broadly, interdisciplinary social sciences, between January 2015 and March 2016.
CIS Comments and Recommendations to the Human DNA Profiling Bill, June 2015
The Centre for Internet & Society (CIS) submitted a clause-by-clause comments on the Human DNA Profiling Bill that was circulated by the Department of Biotechnology on June 9, 2015.
Responsible Data Forum: Discussion on the Risks and Mitigations of releasing Data
The Responsible Data Forum initiated a discussion on 26th August 2015 to discuss the risks and mitigations of releasing data.
The discussion was regarding the question of adoption of adequate measures to mitigate risks to people and communities when some data is prepared to be released or for sharing purposes.
The following concerns entailed the discussion:
The first thing to be done is that if a dataset is made, then you have the responsibility that no harm is caused to the people who are connected to the dataset and a balance must be created between good use of the data on one hand and protecting data subjects, sources and managers on the other.
To answer what is risk, it was defined to be the “probability of something happening multiplied by the resulting cost or benefit if it does” (Oxford English Dictionary). So it is based on cost/benefit, probability, and a subject. For probability, all possible risks must be considered and work in terms of how much harm would happen and how likely that is about to happen. These issues must be considered necessarily.
An example in this context was that of the Syrian government where the bakeries were targeted as the bombers knew where the bakeries are, making them easy targets. It was discussed how in this backdrop of secure data release mechanism, local context is an important issue.
Another example of bad practice was the leak of information in the Ashley Madison case wherein several people have committed suicide.
The next point of discussion was regarding kinds of the physical risks to data subjects when there is release/sharing of data related to them. Some of them were:
Hence PII goes both ways- where some choose to run the risk of PII being identified; on the other hand some run the risk of being identified as the releaser of information.
Data subjects – this includes:
Also, the likely hood of risk ranges from low, medium and high. We as a community are at a risk at worse.
- Any data which can be used to identify any specific individual. Such information does not only include names, addresses or phone numbers but could also be data sets that don’t in themselves identify an individual.
For example, in some places sharing of social security number is required for HIV+ status check-up; hence, one needs to be aware of the environment of data sets that go into it. In another situation where there is a small population and there is a need to identify people of a street, village or town for the purpose of religion, then even this data set can put them to risk.
Hence, awareness with respect to the demographics is important to ascertain how many people reside in that place, be aware of the environment and accordingly decide what data set must be made.
- Another way to mitigate risks at the time of release/sharing of data is partial release only to some groups, like for the purpose of academics or to data subjects.
- Different examples were discussed to identify how release of data irresponsibly has affected the data subjects and there is a need to work to mitigate harms caused in such cases.
Example- in the New York City taxi case data about every taxi ride was released-including pickup and drop locations, times, fares. Here it becomes more problematic if someone is visiting strip clubs, then re-identification takes place and this necessitates protection of people against such insinuation.
This shows how data sets can lead to re-identification, even when it is not required. Hence, the involved actors must understand the responsibilities when engaging in data collection or release and accordingly mitigate the risks so associated.
- A concern was raised over collection and processing of the information of genetic diseases of a small population since practically it is not possible to guarantee that the information of data subjects to whom the data relates will not be released or exposed or it won’t be re-identifiable. Though best efforts would be made by experts, however, realistically, it is not possible to guarantee people that they will not be identified. So the question of informing people of such risks is highly crucial. It is suggested that one way of mitigating risks is involving the people and letting them know. Awareness regarding potential impact by breach of data or identification is very important.
- Another factor for consideration is the context in which the information was collected. The context for collection of data seems to change over a period of time. For example, many human rights funders want information on their websites changed or removed in the backdrop of changing contexts, circumstances and situation. In this case also, the collection and release of data and the risks associated become important due to changing contexts.
Though recognition of risks has been done and is an ongoing process, what is missing from the world are uniform guidelines, rules or law. There are no policies for informed consent or for any means to mitigate risks collectively in a uniform manner. There must be adoption of principles of necessity, proportionality and informed consent.
Workshop on Open Data for Human Development - Sessions Report
CIS facilitated a workshop on open data policy and tools for government officials from Sikkim, Meghalaya, and Tripura, and those from Bhutan and Maldives, in June 2015. The workshop was co-facilitated with Akvo, DataMeet, and Mapbox, and was supported by International Centre for Human Development of UNDP India. Here we share the workshop report and other related documents. The report is written by Sumandro, along with Amitangshu Acharya of Akvo.
The seedy underbelly of revenge porn
Intimate photos posted by angry exes are becoming part of an expanding online body of dirty work.
'We Need to Proactively Ensure that People Can't File Patents Representative of the Creativity of a FOSS Community'
Rohini Lakshané attended “Open Innovation, Entrepreneurship, and Our Digital Culture” in Bangalore on August 13, 2015. Major takeaways from the event are documented in this post.
Wikipedia workshop in the theme of “Sau Dhuni Teen” in Pune University
A two-day Wikipedia workshop was organised in the Srimati Savitribai Phule Pune University on the 20th August 2015. The workshop was focused on enriching Wikipedia with 100 articles related to notable Indian women under the scope of the “Sau Dhuni Teen” project.
Survey of Estimates of Economic Value of Open Government Data
This is a survey of estimates of economic value of open government data, and public sector information in general, across regions, countries, and sectors offered by several reports published during the last decade. The survey is undertaken by Ömer Faruk Sarı, a student of Business Administration at Koc University in Istanbul, Turkey, and research intern with CIS.
Edit-a-thon to improve Kannada-language science-related Wikipedia articles
A three-day Kannada Wikipedia edit-a-thon was conducted for science lecturers of institutions who gathered at the District Institute of Education and Training (DIET), Bengaluru this August 18. The idea of this event was to improve science-related articles that are part of the Government of Karnataka's high school syllabus.
Civil Society Organisations and Internet Governance in India - Open Review
This is a book section written for the third volume (2000-2010) of the Asia Internet History series edited by Prof. Kilnam Chon. The pre-publication text of the section is being shared here to invite suggestions for addition and modification. Please share your comments via email sent to raw[at]cis-india[dot]org with 'Civil Society Organisations and Internet Governance in India - Comments' as the subject line. This text is published under Creative Commons Attribution-NoDerivatives 4.0 International license.
