Pathways to Higher Education
https://cis-india.org
These are the search results for the query, showing results 71 to 85.
Open Data and Land Ownership
https://cis-india.org/openness/open-data-and-land-ownership
<b>In this chapter of the recently published volume on State of Open Data, Tim Davies and Sumandro Chattapadhyay discuss how the lessons from the land ownership field highlight the political nature of data, and illustrate the importance of politically aware interventions when creating open data standards, infrastructure, and ecosystems. State of Open Data, edited by Tim Davies, Stephen B. Walker, Mor Rubinstein, and Fernando Perini, is published by African Minds and International Development Research Centre, Canada.</b>
<p> </p>
<h4>State of Open Data: <a href="https://www.stateofopendata.od4d.net/" target="_blank">Website</a> and <a href="http://www.africanminds.co.za/dd-product/state-of-open-data/" target="_blank">Book</a> (Open Access)</h4>
<h4>Chapter on Open Data and Land Ownership: <a href="https://zenodo.org/record/2677839" target="_blank">Zenodo</a> (PDF)</h4>
<hr />
<h2>Key Points</h2>
<h4>- Global availability of land ownership and land deals data is patchy, but, when available, it has been used by individual citizens, entrepreneurs, civil society, and journalists.</h4>
<h4>- Over the last decade, a number of responsible data lessons have been learned. These lessons can provide guidance on how to balance transparency and privacy and on how to draw research conclusions from partial data.</h4>
<h4>- In spite of large donor investments in land registration systems, few resources are currently made available to enable open data related to these projects. There are untapped opportunities as a result.</h4>
<h4>- Lessons from the land ownership field highlight the political nature of data, and illustrate the importance of politically aware interventions when creating open data standards, infrastructure, and ecosystems.</h4>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/openness/open-data-and-land-ownership'>https://cis-india.org/openness/open-data-and-land-ownership</a>
</p>
No publishersumandroOpen DataFeaturedOpenness2019-05-22T11:32:18ZBlog EntryVote for the Everyday Digital Native Video Contest!
https://cis-india.org/digital-natives/vote-for-digital-natives
<b>The Centre for Internet & Society and Hivos are super excited to present the final videos in the Everyday Digital Native Video Contest. We invite readers to vote for the TOP 5 Videos. The finalists will each win EUR500! Voting closes March 31, 2012</b>
<h2>Who’s the Everyday Digital Native? This global video contest has the answer</h2>
<p><em>They effect social change through social media, place their
communities on the global map, and share a spiritual connection with the
digital world - Meet the Everyday Digital Native</em></p>
<p>The Everyday Digital Native video contest has got its pulse on what
makes youths from diverse socio-cultural backgrounds connect with one
another in the global community – it’s an affinity for digital
technologies and Web 2.0-mediated platforms coupled with a drive to
spearhead social change. The contest invited people from around the
world to make a video that would answer the question, ‘Who is the
Everyday Digital Native?’. Following a jury-based selection process, the
final videos are now online and open for public voting.</p>
<p>Run by the Bangalore-based Centre for Internet & Society (CIS)
with the support of Dutch NGO HIVOS, the contest will see the top five
videos with the most votes declared winners on April 1, 2012. The 12
finalists in the video, who come from different parts of the globe, are
each vying for the top prize of USD 500 and a chance to have their
shorts screened in a film screening and panel discussion hosted by CIS. <br /><br />Referring
to the theme of the contest, Dr Nishant Shah, Director of Research and
Co-founder of the Centre, says that the contest aims at highlighting the
alternative users of digital technologies. These are people who are
often not accounted for either in mainstream discourses of changemakers
or in academic biopics on digital natives. “The 12 video proposals show
that the everyday digital native does not wake up in the morning and
think, ‘hmmm today I will change the world’. And yet, in their everyday
lives, when they see the possibility of producing a change in their
immediate environments, they turn to the digital to find networks that
can start a change”, says Shah. <br /><br />Apart from the top five public
selections, the jury members will be instrumental in picking their two
favorites among the finalists. Talking about the range of ideas that
participants sent in jury member Leon Tan, a media-art historian,
cultural theorist and psychoanalyst based in Gothenburg, Sweden, says,
“The contest is an exciting project as it has the potential to portray
the lives of digital natives from different corners of the world. The
generosity of the contestants in creating video proposals is commendable
as is the range of ideas suggested. The ideas address both the
opportunities and risks of what we might call digital life.” <br /><br />Adds
Shashwati Talukdar, a filmmaker and jury member from India, “It was
really interesting to see how different all the proposals were. Some of
them were taking the notion of digital native as a personal one and some
were very clearly political and sought an intervention in the real
world. Dutch digital media artist and jury member Jeroen van Loon refers
to a proposal from the USA where the participant wanted to explore the
possibility of unplugging from his digital life. “It’s very interesting
how digital natives question their own world. The proposals are good
examples of how technology and culture constantly change each other. We
can learn a lot from the global digital natives.” </p>
<p><a href="https://cis-india.org/digital-natives/video-contest" class="external-link">Profiles of the finalists and their videos can be viewed here</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/digital-natives/vote-for-digital-natives'>https://cis-india.org/digital-natives/vote-for-digital-natives</a>
</p>
No publisherpraskrishnaVideoFeaturedResearchers at WorkDigital Natives2015-05-08T12:32:00ZBlog EntryHabeas Data in India
https://cis-india.org/internet-governance/blog/habeas-data-in-india
<b>Habeas Data is a latin word which can be loosely translated to mean “have the data”. The right has been primarily conceptualized, designed, ratified, and implemented by various nation-states in the background of a shared common history of decades of torture, terror, and other repressive practices under military juntas and other fascist regimes.</b>
<hr />
<p style="text-align: justify; "><a class="external-link" href="http://cis-india.org/internet-governance/files/habeas-data-india.pdf/view"><b>Download the Paper</b></a> (PDF)</p>
<hr style="text-align: justify; " />
<h3 style="text-align: justify; ">Introduction</h3>
<p style="text-align: justify; ">The writ of habeas data was a distinct response to these recent histories which provided individuals with basic rights to access personal information collected by the state (and sometimes byprivate agencies of a public nature) and to challenge and correct such data, requiring the state to safeguard the privacy and accuracy of people's personal data.<a href="#fn1" name="fr1">[1] </a></p>
<p style="text-align: justify; ">The origins of Habeas Data are traced back, unsurprisingly, to the European legal regime since Europe is considered as the fountainhead of modern data protection laws. The inspiration for Habeas Data is often considered to be the Council of Europe's 108th Convention on Data Protection of 1981.<a href="#fn2" name="fr2">[2] </a>The purpose of the Convention was to secure the privacy of individuals regarding the automated processing of personal data. For this purpose, individuals were granted several rights including a right to access their personal data held in an automated database.<a href="#fn3" name="fr3">[3] </a></p>
<p style="text-align: justify; ">Another source or inspiration behind Habeas Data is considered to be the German legal system where a constitutional right to information self-determination was created by the German Constitutional Tribunal by interpretation of the existing rights of human dignity and personality. This is a right to know what type of data is stored on manual and automatic databases about an individual, and it implies that there must be transparency on the gathering and processing of such data.<a href="#fn4" name="fr4">[4] </a></p>
<p style="text-align: justify; ">Habeas Data is essentially a right or mechanism for an individual complaint presented to a constitutional court, to protect the image, privacy, honour, information self-determination and freedom of information of a person. <a href="#fn5" name="fr5">[5] </a></p>
<p style="text-align: justify; ">A Habeas Data complaint can be filed by any citizen against any register to find out what information is held about his or her person. That person can request the rectification, update or even the destruction of the personal data held, it does not matter most of the times if the register is private or public.<a href="#fn6" name="fr6">[6] </a></p>
<h3 style="text-align: justify; ">Habeas Data in different jurisdictions</h3>
<p style="text-align: justify; ">Habeas Data does not have any one specific definition and has different characteristics in different jurisdictions. Therefore, in order to better understand the right, it will be useful to describe the scope of Habeas Data as it has been incorporated in certain jurisdictions in order to better understand what the right entails:<a href="#fn7" name="fr7">[7] </a></p>
<p style="text-align: justify; "><b>Brazil</b></p>
<p style="text-align: justify; ">The Constitution of Brazil grants its citizens the right to get a habeas data “a. to assure knowledge of personal information about the petitioner contained in records or data banks of government agencies or entities of a public character; b. to correct data whenever the petitioner prefers not to do so through confidential judicial or administrative proceedings;<a href="#fn8" name="fr8">[8] </a></p>
<p style="text-align: justify; ">The place or tribunal where the Habeas Data action is to be filed changes depending on who is it presented against, which creates a complicated system of venues. Both the Brazilian constitution and the 1997 law stipulate that the court will be:</p>
<ul style="text-align: justify; ">
<li>The Superior Federal Tribunal for actions against the President, both chambers of Congress and itself;</li>
<li>The Superior Justice Tribunal for actions against Ministers or itself;</li>
<li>The regional federal judges for actions against federal authorities;</li>
<li>State tribunals according to each state law;</li>
<li>State judges for all other cases.<a href="#fn9" name="fr9">[9] </a></li>
</ul>
<p style="text-align: justify; "><b>Paraguay</b><br />The Constitution of Paraguay grants a similar right of habeas data in its constitution which states:</p>
<p style="text-align: justify; ">"All persons may access the information and the data that about themselves, or about their assets, [that] is [obren] in official or private registries of a public character, as well as to know the use made of the same and of their end. [All persons] may request before the competent magistrate the updating, the rectification or the destruction of these, if they were wrong or illegitimately affected their rights."<a href="#fn10" name="fr10">[10] </a></p>
<p style="text-align: justify; ">Compared to the right granted in Brazil, the text of the Paraguay Constitution specifically recognises that the citizen also has the right to know the use his/her data is being put to.</p>
<p style="text-align: justify; "><b>Argentina</b></p>
<p style="text-align: justify; ">Article 43 of the Constitution of Argentina grants the right of habeas data, though it has been included under the action of “amparo”,<a href="#fn11" name="fr11">[11] </a>the relevant portion of Article 43 states as follows:</p>
<p style="text-align: justify; ">"Any person may file an amparo action to find out and to learn the purpose of data about him which is on record in public registries or data banks, or in any private [registers or data banks] whose purpose is to provide information, and in case of falsity or discrimination, to demand the suppression, rectification, confidentiality, or updating of the same. The secrecy of journalistic information sources shall not be affected."<a href="#fn12" name="fr12">[12] </a></p>
<p style="text-align: justify; ">The version of Habeas Data recognised in Argentina includes most of the protections seen in Brazil and Paraguay, such as the right to access the data, rectify it, update it or destroy it, etc. Nevertheless, the Argentinean constitution also includes certain other features such as the fact that it incorporates the Peruvian idea of confidentiality of data, being interpreted as the prohibition to broadcast or transmit incorrect or false information. Another feature of the Argentinean law is that it specifically excludes the press from the action, which may be considered as reasonable or unreasonable depending upon the context and country in which it is applied.<a href="#fn13" name="fr13">[13] </a></p>
<p style="text-align: justify; "><b>Venezuela</b><br />Article 28 of the Constitution of Venezuela established the writ of habeas data, which expressly permits access to information stored in official and private registries. It states as follows:</p>
<p style="text-align: justify; ">"All individuals have a right to access information and data about themselves and about their property stored in official as well as private registries. Secondly, they are entitled to know the purpose of and the policy behind these registries. Thirdly, they have a right to request, before a competent tribunal, the updating, rectification, or destruction of any database that is inaccurate or that undermines their entitlements. The law shall establish exceptions to these principles. By the same token, any person shall have access to information that is of interest to communities and groups. The secrecy of the sources of newspapers-and of other entities or individuals as defined by law-shall be preserved."<a href="#fn14" name="fr14">[14] </a></p>
<p style="text-align: justify; ">The Venezuelan writ of habeas data expressly provides that individuals "are entitled to know the purpose of and the policy behind these registries." Also, it expresses a right to "updating, rectification, or destruction of any database that is inaccurate or that undermines their entitlements." Article 28 also declares that the “secrecy of the sources of newspapers and of other entities or individuals as defined by law-shall be preserved."<a href="#fn15" name="fr15">[15] </a></p>
<p style="text-align: justify; "><b>Philippines</b></p>
<p style="text-align: justify; ">It is not as if the remedy of Habeas Data is available only in Latin American jurisdictions, but even in Asia the writ of Habeas Data has been specifically granted by the Supreme Court of the Philippines vide its resolution dated January 22, 2008 which provides that “The writ of habeas data is a remedy available to any person whose right to privacy in life, liberty or security is violated or threatened by an unlawful act or omission of a public official or employee, or of a private individual or entity engaged in the gathering, collecting or storing of data or information regarding the person, family, home and correspondence of the aggrieved party.” According to the Rule on Writ of Habeas Data, the petition is to be filed with the Regional Trial Court where the petitioner or respondent resides, or which has jurisdiction over the place where the data or information is gathered, collected or stored, at the option of the petitioner. The petition may also be filed with the Supreme Court or the Court of Appeals or the Sandiganbayan when the action concerns public data files of government offices.<a href="#fn16" name="fr16">[16] </a></p>
<p style="text-align: justify; ">Two major distinctions are immediately visible between the Philippine right and that in the latin jurisdictions discussed above. One is the fact that in countries such as Bazil, Argentina and Paraguay, there does not appear to be a prerequisite to filing such an action asking for the information, whereas in Philippines it seems that such a petition can only be filed only if an individual’s “right to privacy in life, liberty or security is violated or threatened by an unlawful act or omission”. This means that the Philippine concept of habeas data is much more limited in its scope and is available to the citizens only under certain specific conditions. On the other hand the scope of the Philippine right of Habeas Data is much wider in its applicability in the sense that this right is available even against private individual and entities who are “engaged in the gathering, collecting or storing of data or information regarding the person, family, home and correspondence”. In the Latin American jurisdictions discussed above, this writ appears to be available only against either public institutions or private institutions having some public character.</p>
<h3 style="text-align: justify; ">Main features of Habeas Data</h3>
<p style="text-align: justify; ">Thus from the discussion above, the main features of the writ of habeas data, as it is applied in various jurisdictions can be culled out as follows: <a href="#fn17" name="fr17">[17] </a></p>
<ul style="text-align: justify; ">
<li>It is a right to the individual or citizen to ask for his/her information contained with any data registry;</li>
<li>It is available only against public (government) entities or employees; or private entities having a public character;<a href="#fn18" name="fr18">[18] </a> </li>
<li>Usually it also gives the individuals the right to correct any wrong information contained in the data registry;</li>
<li>It is a remedy that is usually available by approaching any single judicial forum.</li>
</ul>
<p style="text-align: justify; ">Since the writ of Habeas Data has been established and evolved primarily in Latin American countries, there is not too much literature on it available freely in the English language and that is a serious hurdle in researching this area. For example, this author did not find many article mentioning the scope of the writ of habeas data, for example whether it is an absolute right and on what grounds can it be denied. The Constitution of Venezuela, for example, specifies that the law shall establish exceptions to these principles and infact mentions the secrecy of sources for newspapers as an exception to this rule.<a href="#fn19" name="fr19">[19] </a></p>
<p style="text-align: justify; ">Similarly in Argentina, there exists a public interest exception to the issuance of the writ of Habeas Data.<a href="#fn20" name="fr20">[20] </a></p>
<p style="text-align: justify; ">That said, although little literature on the specific exceptions to habeas data is freely available in English, references can still be found to exceptions such as state security (Brazil), secrecy of newspaper sources (Argentina and Venezuela), or other entities defined by law (Venezuela).<a href="#fn21" name="fr21">[21] </a></p>
<p style="text-align: justify; ">This suggests that the, as would be expected, the right to ask for the writ of habeas data is not an absolute right but would also be subject to certain exceptions and balanced against other needs such as state security and police investigations.</p>
<h3 style="text-align: justify; ">Habeas Data in the context of Privacy</h3>
<p style="text-align: justify; ">Data protection legislation and mechanisms protect people against misuse of personal information by data controllers. Habeas Data, being a figure for use only by certain countries, gives the individuals the right to access, correct, and object to the processing of their information.</p>
<p style="text-align: justify; ">In general, privacy is the genus and data protection is the species, data protection is a right to personal privacy that people have against the possible use of their personal data by data controllers in an unauthorized manner or against the requirements of force. Habeas Data is an action that is brought before the courts to allow the protection of the individual’s image, privacy, honour, self-determination of information and freedom of information of a person. In that sense, the right of Habeas Data can be found within the broader ambit of data protection. It does not require data processors to ensure the protection of personal data processed but is a legal action requiring the person aggrieved, after filing a complaint with the courts of justice, the access and/or rectification to any personal data which may jeopardize their right to privacy.<a href="#fn22" name="fr22">[22] </a></p>
<h3 style="text-align: justify; ">Habeas Data in the Indian Context</h3>
<p style="text-align: justify; ">Although a number of judgments of the Apex Court in India have recognised the existence of a right to privacy by interpreting the fundamental rights to life and free movement in the Constitution of India,<a href="#fn23" name="fr23">[23] </a></p>
<p style="text-align: justify; ">the writ of habeas data has no legal recognition under Indian law. However, as is evident from the discussion above, a writ of habeas data is very useful in protecting the right to privacy of individuals and it would be a very useful tool to have in the hands of the citizens. The fact that India has a fairly robust right to information legislation means that atleast some facets of the right of habeas data are available under Indian law. We shall now examine the Indian Right to Information Act, 2005 (RTI Act) to see what facets of habeas data are already available under this Act and what aspects are left wanting. As mentioned above, the writ of habeas data has the following main features:</p>
<ul style="text-align: justify; ">
<li>It is a right to the individual or citizen to ask for his/her information contained with any data registry;</li>
<li>It is available only against public (government) entities or employees; or private entities having a public character;<a href="#fn24" name="fr24">[24] </a></li>
<li>Usually it also gives the individuals the right to correct any wrong information contained in the data registry;</li>
<li>It is a remedy that is usually available by approaching any single judicial forum.</li>
</ul>
<p style="text-align: justify; ">We shall now take each of these features and analyse whether the RTI Act provides any similar rights and how they differ from each other.</p>
<p style="text-align: justify; "><b>Right to seek his/her information contained with a data registry</b></p>
<p style="text-align: justify; ">Habeas data enables the individual to seek his or her information contained in any data registry. The RTI Act allows citizens to seek “information” which is under the control of or held by any public authority. The term information has been defined under the RTI Act to mean “any material in any form, including records, documents, memos, e-mails, opinions, advices, press releases, circulars, orders, logbooks, contracts, reports, papers, samples, models, data material held in any electronic form and information relating to any private body which can be accessed by a public authority under any other law for the time being in force”.<a href="#fn25" name="fr25">[25] </a></p>
<p style="text-align: justify; ">Further, the term “record” has been defined to include “(a) any document, manuscript and file; (b) any microfilm, microfiche and facsimile copy of a document; (c) any reproduction of image or images embodied in such microfilm (whether enlarged or not); and (d) any other material produced by a computer or any other device”. It is quite apparent that the meaning given to the term information is quite wide and can include various types of information within its fold. The term “information” as defined in the RTI Act has been further elaborated by the Supreme Court in the case of Central Board of Secondary Education v. Aditya Bandopadhyay,<a href="#fn26" name="fr26">[26] </a></p>
<p style="text-align: justify; ">where the Court has held that a person’s evaluated answer sheet for the board exams held by the CBSE would come under the ambit of “information” and should be accessible to the person under the RTI Act.<a href="#fn27" name="fr27">[27] </a></p>
<p style="text-align: justify; ">An illustrative list of items that have been considered to be “information” under the RTI Act would be helpful in further understanding the concept:</p>
<ol style="text-align: justify; ">
<li>Asset declarations by Judges;<a href="#fn28" name="fr28">[28]</a></li>
<li>Copy of inspection report prepared by the Reserve Bank of India about a Co-operative Bank;<a href="#fn29" name="fr29">[29] </a></li>
<li>Information on the status of an enquiry;<a href="#fn30" name="fr30">[30] </a></li>
<li>Information regarding cancellation of an appointment letter;<a href="#fn31" name="fr31">[31] </a></li>
<li>Information regarding transfer of services;<a href="#fn32" name="fr32">[32] </a></li>
<li>Information regarding donations given by the President of India out of public funds.<a href="#fn33" name="fr33">[33] </a></li>
</ol>
<p style="text-align: justify; ">The above list would indicate that any personal information relation to an individual that is available in a government registry would in all likelihood be considered as “information” under the RTI Act.</p>
<p style="text-align: justify; ">However, just because the information asked for is considered to come within the ambit of section 2(h) does not mean that the person will be granted access to such information if it falls under any of the exceptions listed in section 8 of the RTI Act. Section 8 provides that if the information asked falls into any of the categories specified below then such information shall not be released in an application under the RTI Act, the categories are:</p>
<p style="text-align: justify; ">"(a) information, disclosure of which would prejudicially affect the sovereignty and integrity of India, the security, strategic, scientific or economic interests of the State, relation with foreign State or lead to incitement of an offence; <br />(b) information which has been expressly forbidden to be published by any court of law or tribunal or the disclosure of which may constitute contempt of court; <br />(c) information, the disclosure of which would cause a breach of privilege of Parliament or the State Legislature; <br />(d) information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information; <br />(e) information available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information; <br />(f) information received in confidence from foreign Government; <br />(g) information, the disclosure of which would endanger the life or physical safety of any person or identify the source of information or assistance given in confidence for law enforcement or security purposes; <br />(h) information which would impede the process of investigation or apprehension or prosecution of offenders; <br />(i) cabinet papers including records of deliberations of the Council of Ministers, Secretaries and other officers: <br />Provided that the decisions of Council of Ministers, the reasons thereof, and the material on the basis of which the decisions were taken shall be made public after the decision has been taken, and the matter is complete, or over: <br />Provided further that those matters which come under the exemptions specified in this section shall not be disclosed; <br />(j) information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information: <br />Provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person."</p>
<p style="text-align: justify; ">The above mentioned exceptions seem fairly reasonable and infact are important since public records may contain information of a private nature which the data subject would not want revealed, and that is exactly why personal information is a specific exception mentioned under the RTI Act. When comparing this list to the recognised exceptions under habeas data, it must be remembered that a number of the exceptions listed above would not be relevant in a habeas data petition such as commercial secrets, personal information, etc. The exceptions which could be relevant for both the RTI Act as well as a habeas data writ would be (a) national security or sovereignty, (b) prohibition on publication by a court, (c) endangering the physical safety of a person, (d) hindrance in investigation of a crime. It is difficult to imagine a court (especially in India) granting a habeas data writ in violation of these four exceptions.</p>
<p style="text-align: justify; ">Certain other exceptions that may be relevant in a habeas data context but are not mentioned in the common list above are (a) information received in a fiduciary relationship; (b) breach of legislative privilege, (c) cabinet papers; and (d) information received in confidence from a foreign government. These four exceptions are not as immediately appealing as the others listed above because there are obviously competing interests involved here and different jurisdictions may take different points of view on these competing interests.<a href="#fn34" name="fr34">[34] </a></p>
<p style="text-align: justify; ">Available only against public (government) entities or entities having public character.</p>
<p style="text-align: justify; ">A habeas corpus writ is maintainable in a court to ask for information relating to the petitioner held by either a public entity or a private entity having a public character. In India, the right to information as defined in the RTI Act means the right to information accessible under the Act held by or under the control of any public authority. The term "public authority" has been defined under the Act to mean “any authority or body or institution of self-government established or constituted—</p>
<p style="text-align: justify; ">(a) by or under the Constitution;<br />(b) by any other law made by Parliament;<br />(c) by any other law made by State Legislature;<br />(d) by notification issued or order made by the appropriate Government, and includes any— (i) body owned, controlled or substantially financed; (ii) non-Government organisation substantially financed, directly or indirectly by funds provided by the appropriate Government;"<a href="#fn35" name="fr35">[35] </a></p>
<p style="text-align: justify; ">Therefore most government departments as well as statutory as well as government controlled corporations would come under the purview of the term "public authority". For the purposes of the RTI Act, either control or substantial financing by the government would be enough to bring an entity under the definition of public authority.<a href="#fn36" name="fr36">[36]</a></p>
<p style="text-align: justify; ">The above interpretation is further bolstered by the fact that the preamble of the RTI Act contains the term “governments and their instrumentalities".<a href="#fn37" name="fr37">[37] </a></p>
<p style="text-align: justify; "><b>Right to correct wrong information</b> <br />While certain sectoral legislations such as the Representation of the People Act and the Collection of Statistics Act, etc. may provide for correction of inaccurate information, the RTI Act does not have any such provisions. This stands to reason because the RTI Act is not geared towards providing people with information about themselves but is instead a transparency law which is geared at dissemination of information, which may or may not relate to an individual.</p>
<p style="text-align: justify; "><b>Available upon approaching a single judicial forum<br /></b>While the right of habeas data is available only upon approaching a judicial forum, the right to information under the RTI Act is realised entirely through the bureaucratic machinery. This also means that the individuals have to approach different entities in order to get the information that they need instead of approaching just one centralised entity.</p>
<h3 style="text-align: justify; ">Conclusion</h3>
<p style="text-align: justify; ">There is no doubt that habeas data, by itself cannot end massive electronic surveillance of the kind that is being carried out by various governments in this day and age and the excessive collection of data by private sector companies, but providing the citizenry with the right to ask for such a writ would provide a critical check on such policies and practices of vast surveillance.<a href="#fn38" name="fr38">[38] </a></p>
<p style="text-align: justify; ">An informed citizenry, armed with a right such as habeas data, would be better able to learn about the information being collected and kept on them under the garb of law and governance, to access such information, and to demand its correction or deletion when its retention by the government is not justified.</p>
<p style="text-align: justify; ">As we have discussed in this paper, under Indian law the RTI Act gives the citizens certain aspects of this right but with a few notable exceptions. Therefore, if a writ such as habeas data is to be effectuated in India, it might perhaps be a better idea to approach it by amending/tweaking the existing structure of the RTI Act to grant individuals the right to correct mistakes in the data along with creating a separate department/mechanism so that the applications demanding access to one’s own data do not have to be submitted in different departments but can be submitted at one central place. This approach may be more pragmatic rather than asking for a change in the Constitution to grant to the citizens the right to ask for a writ in the nature of habeas data.</p>
<p style="text-align: justify; ">There may be calls to also include private data processors within the ambit of the right to habeas data, but it could be challenging to enforce this right. This is because it is still feasible to assume that the government can put in place machinery to ensure that it can find out whether information about a particular individual is available with any of the government’s myriad departments and corporations, however it would be almost impossible for the government to track every single private database and then scan those databases to find out how many of them contain information about any specific individual. This also throws up the question whether a right such as habeas data, which originated in a specific context of government surveillance, is appropriate to protect the privacy of individuals in the private sector. Since under Indian law section 43A and the Rules thereunder, which regulate data protection, already provide for consent and notice as major bulwarks against unauthorised data collection, and limit the purpose for which such data can be utilised, privacy concerns in this context can perhaps be better addressed by strengthening these provisions rather than trying to extend the concept of habeas data to the private sector.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">[<a href="#fr1" name="fn1">1</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p style="text-align: justify; ">[<a href="#fr2" name="fn2">2</a>]. Article 8 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, 1981, available at <a href="https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680078b37">https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680078b37</a></p>
<p style="text-align: justify; ">[<a href="#fr3" name="fn3">3</a>]. Guadamuz A, 'Habeas Data: The Latin-American Response to Data Protection',<a href="https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/">2000 (2)</a> <i>The Journal of Information, Law and Technology (JILT)</i>.</p>
<p style="text-align: justify; ">[<a href="#fr4" name="fn4">4</a>]. <i>Id.</i></p>
<p style="text-align: justify; ">[<a href="#fr5" name="fn5">5</a>]. Speech by Chief Justice Reynato Puno, Supreme Court of Philippines delivered at the <i>UNESCO Policy Forum and Organizational Meeting of the Information for all Program (IFAP), Philippine National Committee</i>, on November 19, 2007, available at <a href="http://jlp-law.com/blog/writ-of-habeas-data-by-chief-justice-reynato-puno/">http://jlp-law.com/blog/writ-of-habeas-data-by-chief-justice-reynato-puno/</a></p>
<p style="text-align: justify; ">[<a href="#fr6" name="fn6">6</a>]. Guadamuz A, 'Habeas Data: The Latin-American Response to Data Protection',<a href="https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/">2000 (2)</a> <i>The Journal of Information, Law and Technology (JILT)</i>.</p>
<p style="text-align: justify; ">[<a href="#fr7" name="fn7">7</a>]. The author does not purport to be an expert on the laws of these jurisdictions and the analysis in this paper has been based on a reading of the actual text or interpretations given in the papers that have been cited as the sources. The views in this paper should be viewed keeping this context in mind.</p>
<p style="text-align: justify; ">[<a href="#fr8" name="fn8">8</a>]. Article 5, LXXII of the Constitution of Brazil, available at <a href="https://www.constituteproject.org/constitution/Brazil_2014.pdf">https://www.constituteproject.org/constitution/Brazil_2014.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr9" name="fn9">9</a>]. Guadamuz A, 'Habeas Data vs the European Data Protection Directive', Refereed article, <a href="https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/">2001 (3)</a> <i>The Journal of Information, Law and Technology (JILT)</i>.</p>
<p style="text-align: justify; ">[<a href="#fr10" name="fn10">10</a>]. Article 135 of the Constitution of Paraguay, available at <a href="https://www.constituteproject.org/constitution/Paraguay_2011.pdf?lang=en">https://www.constituteproject.org/constitution/Paraguay_2011.pdf?lang=en</a></p>
<p style="text-align: justify; ">[<a href="#fr11" name="fn11">11</a>]. The petition for a writ of amparo is a remedy available to any person whose right to life, liberty and security is violated or threatened with violation by an unlawful act or omission of a public official or employee, or of a private individual or entity.</p>
<p style="text-align: justify; ">[<a href="#fr12" name="fn12">12</a>]. Article 43 of the Constitution of Argentina, available at <a href="https://www.constituteproject.org/constitution/Argentina_1994.pdf?lang=en">https://www.constituteproject.org/constitution/Argentina_1994.pdf?lang=en</a></p>
<p style="text-align: justify; ">[<a href="#fr13" name="fn13">13</a>].<a class="external-link" href="https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2001_3/guadamuz/"> https://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2001_3/guadamuz/</a></p>
<p style="text-align: justify; ">[<a href="#fr14" name="fn14">14</a>]. Article 28 of the Venezuelan Constitution, available at <a href="http://www.venezuelaemb.or.kr/english/ConstitutionoftheBolivarianingles.pdf">http://www.venezuelaemb.or.kr/english/ConstitutionoftheBolivarianingles.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr15" name="fn15">15</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p style="text-align: justify; ">[<a href="#fr16" name="fn16">16</a>]. Rule on the Writ of Habeas Data Resolution, available at <a class="external-link" href="http://hrlibrary.umn.edu/research/Philippines/Rule%20on%20Habeas%20Data.pdf">http://hrlibrary.umn.edu/research/Philippines/Rule%20on%20Habeas%20Data.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr17" name="fn17">17</a>]. The characteristics of habeas data culled out in this paper are by no means exhaustive and based only on the analysis of the jurisdictions discussed in this paper. This author does not claim to have done an exhaustive analysis of every jurisdiction where Habeas Data is available and the views in this paper should be viewed in that context.</p>
<p style="text-align: justify; ">[<a href="#fr18" name="fn18">18</a>]. Except in the case of the Philippines and Venezeula. This paper has not done an analysis of the writ of habeas data in every jurisdiction where it is available and there may be jurisdictions other than the Philippines which also give this right against private entities.</p>
<p style="text-align: justify; ">[<a href="#fr19" name="fn19">19</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p style="text-align: justify; ">[<a href="#fr20" name="fn20">20</a>]. The case of <i>Ganora v. Estado Nacional</i>, Supreme Court of Argentina, September 16, 1999, <i>cf.</i><a href="http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-Argentin.html">http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-Argentin.html</a></p>
<p style="text-align: justify; ">[<a href="#fr21" name="fn21">21</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p style="text-align: justify; ">[<a href="#fr22" name="fn22">22</a>].<a href="http://www.oas.org/dil/data_protection_privacy_habeas_data.htm"> http://www.oas.org/dil/data_protection_privacy_habeas_data.htm</a></p>
<p style="text-align: justify; ">[<a href="#fr23" name="fn23">23</a>]. Even the scope of the right to privacy is currently under review in the Supreme Court of India. See “Right to Privacy in Peril”, <a href="http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril">http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril</a></p>
<p style="text-align: justify; ">[<a href="#fr24" name="fn24">24</a>]. Except in the case of the Philippines. This paper has not done an analysis of the writ of habeas data in every jurisdiction where it is available and there may be jurisdictions other than the Philippines which also give this right against private entities.</p>
<p style="text-align: justify; ">[<a href="#fr25" name="fn25">25</a>]. Section 2(f) of the Right to Information Act, 2005.</p>
<p style="text-align: justify; ">[<a href="#fr26" name="fn26">26</a>]. 2011 (106) AIC 187 (SC), also available at <a href="http://judis.nic.in/supremecourt/imgst.aspx?filename=38344">http://judis.nic.in/supremecourt/imgst.aspx?filename=38344</a></p>
<p style="text-align: justify; ">[<a href="#fr27" name="fn27">27</a>]. The exact words of the Court were: “The definition of `information' in section 2(f) of the RTI Act refers to any material in any form which includes records, documents, opinions, papers among several other enumerated items. The term `record' is defined in section 2(i) of the said Act as including any document, manuscript or file among others. When a candidate participates in an examination and writes his answers in an answer-book and submits it to the examining body for evaluation and declaration of the result, the answer-book is a document or record. When the answer-book is evaluated by an examiner appointed by the examining body, the evaluated answer-book becomes a record containing the `opinion' of the examiner. Therefore the evaluated answer-book is also an `information' under the RTI Act.”</p>
<p style="text-align: justify; ">[<a href="#fr28" name="fn28">28</a>]. <i>Secretary General, Supreme Court of India</i> v. <i>Subhash Chandra Agarwal</i>, AIR 2010 Del 159, available at <a href="https://indiankanoon.org/doc/1342199/">https://indiankanoon.org/doc/1342199/</a></p>
<p style="text-align: justify; ">[<a href="#fr29" name="fn29">29</a>].<i> Ravi Ronchodlal Patel</i> v. <i>Reserve Bank of India</i>, Central Information Commission, dated 6-9-2006.</p>
<p style="text-align: justify; ">[<a href="#fr30" name="fn30">30</a>].<i> Anurag Mittal</i> v. <i>National Institute of Health and Family Welfare</i>, Central Information Commission, dated 29-6-2006.</p>
<p style="text-align: justify; ">[<a href="#fr31" name="fn31">31</a>].<i> Sandeep Bansal</i> v. <i>Army Headquarters, Ministry of Defence</i>, Central Information Commission, dated 10-11-2008.</p>
<p style="text-align: justify; ">[<a href="#fr32" name="fn32">32</a>].<i> M.M. Kalra</i> v. <i>DDA</i>, Central Information Commission, dated 20-11-2008.</p>
<p style="text-align: justify; ">[<a href="#fr33" name="fn33">33</a>].<i> Nitesh Kumar Tripathi</i> v. <i>CPIO</i>, Central Information Commission, dated 4-5-2012.</p>
<p style="text-align: justify; ">[<a href="#fr34" name="fn34">34</a>]. A similar logic may apply to the exceptions of (i) cabinet papers, and (ii) parliamentary privilege.</p>
<p style="text-align: justify; ">[<a href="#fr35" name="fn35">35</a>]. Section 2 (h) of the Right to Information Act, 2005.</p>
<p style="text-align: justify; ">[<a href="#fr36" name="fn36">36</a>].<i> M.P. Verghese</i> v. <i>Mahatma Gandhi University</i>, 2007 (58) AIC 663 (Ker), available at <a href="https://indiankanoon.org/doc/1189278/">https://indiankanoon.org/doc/1189278/</a></p>
<p style="text-align: justify; ">[<a href="#fr37" name="fn37">37</a>].<i> Principal, M.D. Sanatan Dharam Girls College, Ambala City</i> v. <i>State Information Commissioner</i>, AIR 2008 P&H 101, available at <a href="https://indiankanoon.org/doc/1672120/">https://indiankanoon.org/doc/1672120/</a></p>
<p style="text-align: justify; ">[<a href="#fr38" name="fn38">38</a>]. González, Marc-Tizoc, ‘Habeas Data: Comparative Constitutional Interventions from Latin America Against Neoliberal States of Insecurity and Surveillance’, (2015). Chicago-Kent Law Review, Vol. 90, No. 2, 2015; St. Thomas University School of Law (Florida) Research Paper No. 2015-06. Available at SSRN:<a href="http://ssrn.com/abstract=2694803">http://ssrn.com/abstract=2694803</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/habeas-data-in-india'>https://cis-india.org/internet-governance/blog/habeas-data-in-india</a>
</p>
No publisherVipul Kharbanda and edited by Elonnai HickokFeaturedHabeas DataInternet GovernancePrivacy2016-12-10T04:01:40ZBlog EntryCIS Submission to TRAI Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks
https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi
<b>This submission presents responses by the CIS on the Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks published by the TRAI on November 15, 2016. Our analysis of the solution proposed in the Note, in brief, is that there is no need of a solution for non-existing interoperability problem for authentication and payment services for accessing public Wi-Fi networks. The proposed solution in this Note only adds to over-regulation in this sector, and does not incentivise new investment in the sector, but only establishes UIDAI and NPCI as the monopoly service providers for authentication and payment services.</b>
<p> </p>
<p>The comments were authored by Japreet Grewal, Pranesh Prakash, Sharath Chandra, Sumandro Chattapadhyay, Sunil Abraham, and Udbhav Tiwari, with expert comments from Amelia Andersdotter.</p>
<hr />
<h2>1. Preliminary</h2>
<p><strong>1.1.</strong> This submission presents responses by the Centre for Internet and Society (“CIS”) <strong>[1]</strong> on the <em>Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks</em> (“the Note”) published by the Telecom Regulatory Authority of India (“TRAI”) on November 15, 2016 <strong>[2]</strong>.</p>
<p><strong>1.2.</strong> The CIS welcomes the effort undertaken by TRAI to map regulatory and other barriers to deployment of public Wi-Fi in India. We especially appreciate that TRAI has recognised <strong>[3]</strong> two key barriers to provision of public Wi-Fi networks identified and highlighted in our earlier response to the <em>Consultation Paper on Proliferation of Broadband through Public WiFi</em> <strong>[4]</strong>: 1) over regulation (including, licensing requirements, data retention, and Know Your Customer policy), and 2) paucity of spectrum <strong>[5]</strong>.</p>
<h2>2. General Responses</h2>
<p><strong>2.1.</strong> Before responding to the specific questions posed by the Note, we would like to make the following observations.</p>
<p><strong>2.2.</strong> There is no need of a solution for non-existing interoperability problem for authentication and payment services for accessing public Wi-Fi networks. The proposed solution in this Note only adds to over-regulation in this sector. The proposed solution does not incentivise new investment in the sector, but only establishes UIDAI and NPCI as the monopoly service providers for authentication and payment services.</p>
<p><strong>2.3.</strong> As the TRAI has consulted widely with industry and other stakeholders before it settled on the list of priority issues contained in Section C.6 of the Note, we are surprised to find that this Note aims to address only the problem of lack of “seamless interoperable payment system for Wi-Fi networks” (Section C.6.d. Of the Note), and does not discuss and propose solutions for any other key barriers identified by the Note.</p>
<p><strong>2.4.</strong> The Note fails to clarify the “interoperability” problem in the payment system for usage of public Wi-Fi networks that it is attempting to solve. The Note identifies that lack of “single standard” for “authentication and payment mechanisms” for accessing public Wi-Fi networks as a key impediment to provide scalable and interoperable public Wi-Fi networks across the country <strong>[6]</strong>. By conceptualising the problem in this manner, TRAI has bundled together two completely different concerns - authentication and payment - into one and this is at the root of the problems emanating from the proposed solution in this Note.</p>
<p><strong>2.5.</strong> Lack of standard process for authentication is created by over-regulation via Know Your Customer (“KYC”) policies, and selection of eKYC service provided by UIDAI as the only acceptable authentication mechanism for all users of public Wi-Fi networks across India, creating further economic and legal challenges for smaller would-be providers of public Wi-Fi networks as they assess their liabilities and start-up costs. Additionally, since this would amount to making UID/Aadhaar enrolment mandatory for any user of public wi-fi networks, it seems to create a contradiction with previously communicated policy from the UIDAI and the Government that no such obligation should arise. Supreme Court has also mandated over successive Orders that enrolment for UID/Aadhaar number should remain optional for the citizens and residents.</p>
<p><strong>2.6.</strong> As was observed by the respondents to the TRAI Consultation concluded earlier this year, there is no interoperability problem that needs to be solved regarding payments for accessing public Wi-Fi networks. Payment services continue to be evolved and payment aggregator services provided by existing companies may be expected to resolve many of the outstanding issues of service proliferation in the upcoming years, at least in the absence of additional mandatory technical measures imposed by the government. Bundling of payment with authentication will only undermine the already existing independent market for payment aggregators, and further enforce mandatoriness of UID/Aadhaar number.</p>
<p><strong>2.7.</strong> Further, the payment mechanism proposed would seem to worsen difficulties for tourists and foreigners in accessing public Wi-Fi in India, as well adds an additional layer of authentication in a system already identified (even in the Note itself) to be overburdened by regulations regarding KYC and data retention. Section C.6.b of the Note highlights the problems faced by foreigners and tourists when the authentication mechanism is premised upon use of One Time Password (OTP) that requires a functioning local mobile phone number. It contradicts itself later by proposing an authentication method that requires the user to not only download an application onto their mobile/desktop device, but also to enrol for UID/Aadhaar number and/or to use their existing UID/Aadhaar number. Instead of reducing the existing barriers to provision of and access to public Wi-Fi, which the Note is supposed to achieve, it creates significant new barriers.</p>
<p><strong>2.8.</strong> The technological architecture advanced by the Note upholds support of governance and surveillance projects that, in addition to being costly in their implementation and thereby slowing down the objective of getting India connected, are also of questionable value to the security of the Indian polity. UID, UPI, and related projects risk undermining cyber-security through their reliance on centralised architectures and interfere with healthy competitive market dynamics between commercial and non-commercial actors.</p>
<p><strong>2.9.</strong> The Note continues to only consider and enable commercial models for the provision of public Wi-Fi networks. We have identified this as a problematic assumption in our last submission <strong>[7]</strong>. It is most crucial that TRAI does not ignore and fail to promote and facilitate the possibility of not-for-profit models that involve grassroot communities, academia, and civil society.</p>
<p><strong>2.10.</strong> Last but not the least, the term “Wi-Fi” refers to a particular technology for establishing wireless local area networks. Further, the term is a trademark of the Wi-Fi Alliance <strong>[8]</strong>. It is this not a neutral term, and it must not be used as a general and universal synonym for wireless local area networks. We recommend that TRAI may consider using a technology-neutral term, say “public wireless services” or “public networking services”, to describe the sector. Following the terminology used in the Note, we have decided to continue using the term “Wi-Fi” in this response. This does not reflect our agreement about the appropriateness of this term. Important: The recommendation for technology-neutral regulation also comes with the qualification that safeguards like regulations on Listen Before Talk and Cycle Time are required to prevent technologies like LTE-U from squatting on spectrum and interfering with connections based on other standards.</p>
<h2>3. Specific Responses</h2>
<h4>Q1. Is the architecture suggested in the consultation note for creating unified authentication and payment infrastructure will enable nationwide standard for authentication and payment interoperability?</h4>
<p><strong>3.1.</strong> No. The proposed infrastructure is likely to be costly for a large number of actors to implement and undermine some of the ongoing innovation in the Indian digital payment services industry. Rather than being helpful, it risks introducing additional requirements on an industry that TRAI has already identified as facing a number of large challenges.</p>
<p><strong>3.2.</strong> There is no need for a unified architecture that provides nationwide standard for authentication and payment interoperability. It does not offer any incentive towards provision of public Wi-Fi networks. Neither is there an interoperability problem at the physical or data link layers that has been pointed out, nor is government mandated interoperability required at the payment or ID layer since there are private entities that provide such interoperability (like, payment aggregators). Additionally, we believe it is inappropriate that the TRAI is trying to predict the most suitable business/technological model for digital payments to be used for accessing commercial Wi-Fi networks. India has a booming online payments industry, and it must be allowed to evolve in an enabling regulatory environment that allow for competition and ensures responsible practices.</p>
<p><strong>3.3.</strong> The Note identifies several structural impediments to expansion of public Wi-Fi networks in India, namely paucity of backhaul connectivity infrastructure (Section C.6.a), Inadequate associated infrastructure to offer carrier grade Wi-Fi network (Section C.6.c), dependency of authentication mechanism on pre-existing (Indian) mobile phone connection (Section C.6.b), and limited availability of spectrum to be used for public Wi-Fi networks (Section C.6.e). All these are crucial concerns and none of them have been addressed by the architecture suggested in the Note.</p>
<h4>Q2. Would you like to suggest any alternate model?</h4>
<p><strong>3.4.</strong> Yes. The model proposed in the Note is likely to exclude several types of potential users (say, foreigners and tourists), and impose a single authentication and payment service provider for accessing public Wi-Fi networks, which may undermine both competition and security in the market for these services.</p>
<p><strong>3.5.</strong> Internationally, there are cities and regions (say, the city of Barcelona and the Catalonia region in Spain) where public Wi-Fi networks have been provided in a pervasive and efficient manner by taking a light regulatory approach that enables opportunities for potential providers to set up their own infrastructures and additionally have access to backhaul. Further, reducing legal requirements on authentication should be considered in place of government mandated technical architectures for authentication and payment. In particular, allowing for anonymous access to Public Wi-Fi or wireless connectivity would reduce both the administrative and the technical burden on potential providers at the hyper-local level, especially for providers whose main activity it is not, and cannot be, to provide internet services (say, event venues, malls, and shops).</p>
<p><strong>3.6.</strong> The CIS suggests the following steps towards conceptualising an “alternative model”:</p>
<ol><li>remove existing regulatory disincentives,<br /><br /></li>
<li>urgently explore policies to promote deployment of wired infrastructures in general, and to enable a larger range of actors, including local authorities, to invest in and deploy local infrastructures by reducing licensing requirements in particular,<br /><br /></li>
<li>examine spectrum requirements for provision of public Wi-Fi, and<br /><br /></li>
<li>provide incentives, such as allowing telecom service providers to share backhaul traffic over public Wi-Fi, and ways for telecom service providers to lower their costs if they also make Internet access available for free.</li></ol>
<h4>Q3. Can Public Wi-Fi access providers resell capacity and bandwidth to retail users? Is “light touch regulation” using methods such as “registration” instead of “licensing” preferred for them?</h4>
<p><strong>3.7.</strong> CIS holds that capacity and bandwidth are neither comparable to tangible goods nor to digital currency. They are a utility, and the provider of the utility has to accept that their customers use the utility in the way they see fit, even if that use entails sharing said capacity and bandwidth with downstream private persons or customers. Wi-Fi capabilities are currently a built-in standardised feature of all consumer routers. Any individual, community, or store with access to an internet connection and a consumer router could become a public Wi-Fi access provider at no additional cost to themselves, furthering the goals of the Indian government in its Digital India strategy to ensure public and universal access to the internet.</p>
<p><strong>3.8.</strong> In order to exploit the opportunities awarded by a large amount of entities in the Indian society potentially becoming Public Wi-Fi providers, TRAI should require neither registration nor licensing of these actors. Imposing administrative burdens on potential public Wi-Fi access providers creates legal uncertainty and will cause a lot of actors, who may otherwise contribute to the goals of Digital India, not to do so. This is particularly true for community organisers and citizens, who may not have access to legal assistance and therefore may avoid contributing to the goals of the government.</p>
<p><strong>3.9.</strong> Light touch regulation when it comes to both granting license to public Wi-Fi access providers as well as authentication of retail users, however, are needed not only as an exceptional practice for such instances but as a general practice in case of entities offering public Wi-Fi services, either commercially or otherwise. Further, additional laxity in administrative responsibilities is needed to incentivise provision of free, that is non-commercial, public Wi-Fi networks.</p>
<h4>Q4. What should be the regulatory guidelines on “unbundling” Wi-Fi at access and backhaul level?</h4>
<p><strong>3.10.</strong> The Note refers to unbundling of activities related to provision of Wi-Fi but it does not define the term. It is neither explained which specific activities at access and backhaul levels must be considered for unbundling.</p>
<p><strong>3.11.</strong> While unbundling should clearly be allowed and any regulatory hurdles to unbundling should be removed, any such decision must be taken with a focus on urgently addressing the stagnated growth in landline and backhaul, as identified in Section C.6.a of the Note. Relying only on spectrum intensive infrastructures, such as mobile base stations, for providing connectivity, creates a heavy regulatory burden for the TRAI, while simultaneously not ensuring optimal connectivity for business and private users. The CIS is concerned that the focus of the Note on standardising a government-mediated authentication and payment mechanism detracts attention from this urgent obstacle to the fulfillment of the Digital India plans of accelerated provision of broadband highways, universal access, and public, especially free, access to internet services.</p>
<p><strong>3.12.</strong> From the example of European telecommunications legislations, implementation of policy measures to ensure that vertical integration between infrastructure (say, cables, switches, and hubs) providers and service (say, providing a subscriber with a household modem or a SIM card) providers in the telecommunications sector does not become a barrier to new market entrants has yielded much success in countries that have pursued it, like Sweden and Great Britain.</p>
<p><strong>3.13.</strong> Further, there should be no default assumption of bundling by the TRAI. In particular, the TRAI should consider reviewing all regulations that may cause bundling to occur when this is not necessary, and put in place in a monitoring mechanism for ensuring that bundled practises (especially in electronic networks, base station infrastructures, backhaul and similar) do not cause competitive problems or raise market entry barriers <strong>[9]</strong>. In most EU countries, especially where the corporate structure of incumbent(s) is not highly vertically integrated, interconnection requirements for electronic network providers of wired networks in the backhaul or backbone (effectively price regulated interconnection), and a conscious effort to ensure that new market players can enter the field, have ensured a competitive telecommunications environment. TRAI may consider reviewing the European regulation on local loop unbundling (1999) and discussions on functional separation (especially by the British regulatory authority Ofcom), within an Indian context.</p>
<h4>Q5. Whether reselling of bandwidth should be allowed to venue owners such as shop keepers through Wi-Fi at premise? In such a scenario please suggest the mechanism for security compliance.</h4>
<p><strong>3.14.</strong> Yes. Venue owners should be allowed to provide public Wi-Fi service both on a commercial and non-commercial basis.</p>
<p><strong>3.15.</strong> It is not clear from the Note and the question what type of security concerns the TRAI is seeking to address. In terms of payment security, the payment industry already has a large range of verification and testing mechanisms. The CIS objects to the mandatory introduction of the proposed payment system so as to ensure greater security for Wi-Fi access providers and the users.</p>
<p><strong>3.16.</strong> As far as hardware-related security issues are concerned, it is again unclear why consumer equipment compliant with existing Wi-Fi standards would not be sufficiently secure in the Indian context. Wi-Fi has proven to be a sturdy technical standard, its adoption is high in multiple jurisdictions around the world, and it also enjoys great technical stability. Similar security assessments could easily be made for alternative wireless technologies, such as WiMaX.</p>
<p><strong>3.17.</strong> The CIS foresees problems is in the allocation of risk and liability by law. The already existing legal obligation to verify the identity of each user, for instance, is likely to introduce a large administrative burden on potential Public Wi-Fi providers, which may lead to such potential providers abstaining from entering the market. Should the identification requirement be removed, however, other concerns pertaining to legal obligations may arise. These include liability for user activities on the web or on the internet (cf. copyright infringement, libel, hate speech). We propose a “safe harbour” mechanism in these cases, limiting the liability of the potential public Wi-Fi provider.</p>
<h4>Q6. What should be the guidelines regarding sharing of costs and revenue across all entities in the public Wi-Fi value chain? Is regulatory intervention required or it should be left to forbearance and individual contracting?</h4>
<p><strong>3.18.</strong> The market segments identified by the TRAI in Section F.18 of the Note should normally all be competitive markets themselves, and so do not require regulatory assistance in sharing of costs and revenues. The more elaborate the requirements imposed on each actor of each market segment identified by the TRAI in Section F.18, the more costly the roll-out of public Wi-Fi is going to be for the market actors. Such a cost is not avoided by price regulation.</p>
<p><strong>3.19.</strong> The TRAI may instead consider introducing public funding for backhaul roll-out in remote areas, where the market is unlikely to engage in such roll-out on its own. Presently, some Indian states (such as Karnataka) are committing to public funding for wireless access in remote areas. The Union Government can assist such endeavours.</p>
<h2>Endnotes</h2>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/">http://cis-india.org/</a>.</p>
<p><strong>[2]</strong> See: <a href="http://trai.gov.in/Content/ConDis/20801_0.aspx">http://trai.gov.in/Content/ConDis/20801_0.aspx</a>.</p>
<p><strong>[3]</strong> See Section C.6 of the Note.</p>
<p><strong>[4]</strong> See: <a href="http://trai.gov.in/Content/ConDis/20782_0.aspx">http://trai.gov.in/Content/ConDis/20782_0.aspx</a>.</p>
<p><strong>[5]</strong> See: <a href="http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks">http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks</a>.</p>
<p><strong>[6]</strong> See Section E.11. of the Note.</p>
<p><strong>[7]</strong> See: <a href="http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks">http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks</a>.</p>
<p><strong>[8]</strong> See: <a href="https://www.wi-fi.org/">https://www.wi-fi.org/</a>.</p>
<p><strong>[9]</strong> See: Monitoring bundled products in the telecommunications sector is also recommended by the OECD: <a href="http://oecdinsights.org/2015/06/22/triple-and-quadruple-play-bundles-of-communication-services-towards-all-in-one-packages/">http://oecdinsights.org/2015/06/22/triple-and-quadruple-play-bundles-of-communication-services-towards-all-in-one-packages/</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi'>https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi</a>
</p>
No publisherJapreet Grewal, Pranesh Prakash, Sharath Chandra, Sumandro Chattapadhyay, Sunil Abraham, and Udbhav Tiwari, with expert comments from Amelia AndersdotterDigital PaymentPublic Wireless NetworkTRAIInternet GovernanceTelecomFeaturedAadhaarHomepageUID2016-12-12T13:59:00ZBlog EntryComments on the Report of the Committee on Digital Payments (December 2016)
https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016
<b>The Committee on Digital Payments constituted by the Ministry of Finance and chaired by Ratan P. Watal, Principal Advisor, NITI Aayog, submitted its report on the "Medium Term Recommendations to Strengthen Digital Payments Ecosystem" on December 09, 2016. The report was made public on December 27, and comments were sought from the general public. Here are the comments submitted by the Centre for Internet and Society.</b>
<p> </p>
<h3><strong>1. Preliminary</strong></h3>
<p><strong>1.1.</strong> This submission presents comments by the Centre for Internet and Society (“CIS”) <strong>[1]</strong> in response to the report of the Committee on Digital Payments, chaired by Mr. Ratan P. Watal, Principal Advisor, NITI Aayog, and constituted by the Ministry of Finance, Government of India (“the report”) <strong>[2]</strong>.</p>
<h3><strong>2. The Centre for Internet and Society</strong></h3>
<p><strong>2.1.</strong> The Centre for Internet and Society, CIS, is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, and cyber-security.</p>
<p><strong>2.2.</strong> CIS is not an expert organisation in the domain of banking in general and payments in particular. Our expertise is in matters of internet and communication governance, data privacy and security, and technology regulation. We deeply appreciate and are most inspired by the Ministry of Finance’s decision to invite entities from both the sectors of finance and information technology. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved, especially the citizens and the users. CIS is thankful to the Ministry of Finance for this opportunity to provide a general response on the report.</p>
<h3><strong>3. Comments</strong></h3>
<p><strong>3.1.</strong> CIS observes that the decision by the Government of India to withdraw the legal tender character of the old high denomination banknotes (that is, Rs. 500 Rs. 1,000 notes), declared on November 08, 2016 <strong>[3]</strong>, have generated <strong>unprecedented data about the user base and transaction patterns of digital payments systems in India, when pushed to its extreme use due to the circumstances</strong>. The majority of this data is available with the National Payments Corporation of India and the Reserve Bank of India. CIS requests the authorities concerned to consider <strong>opening up this data for analysis and discussion by public at large and experts in particular, before any specific policy and regulatory decisions are taken</strong> towards advancing digital payments proliferation in India. This is a crucial opportunity for the Ministry of Finance to embrace (open) data-driven regulation and policy-making.</p>
<p><strong>3.2.</strong> While the report makes a reference to the European General Data Protection Directive, it does not make a reference to any substantive provisions in the Directive which may be relevant to digital payments. Aside from the recommendation that privacy protections around the purpose limitation principle be relaxed to ensure that payment service providers be allowed to process data to improve fraud monitoring and anti-money laundering services, the report is silent on significant privacy and data protection concerns posed by digital payments services. <strong>CIS strongly warns that the existing data protection and security regulations under Information Technology (Reasonable security practices and procedures and sensitive personal data or information), Rules are woefully inadequate in their scope and application to effectively deal with potential privacy concerns posed by digital payments applications and services.</strong> Some key privacy issues that must be addressed either under a comprehensive data protection legislation or a sector specific financial regulation are listed below. The process of obtaining consent must be specific, informed and unambiguous and through a clear affirmative action by the data subject based upon a genuine choice provided along with an option to opt out at any stage. The data subjects should have clear and easily enforceable right to access and correct their data. Further, data subjects should have the right to restrict the usage of their data in circumstances such as inaccuracy of data, unlawful purpose and data no longer required in order to fulfill the original purpose.</p>
<p><strong>3.3.</strong> The initial recommendation of the report is to “[m]ake regulation of payments independent from the function of central banking” (page 22). This involves a fundamental transformation of the payment and settlement system in India and its regulation. <strong>We submit that a decision regarding transformation of such scale and implications is taken after a more comprehensive policy discussion, especially involving a wider range of stakeholders</strong>. The report itself notes that “[d]igital payments also have the potential of becoming a gateway to other financial services such as credit facilities for small businesses and low-income households” (page 32). Thus, a clear functional, and hence regulatory, separation between the (digital) payments industry and the lending/borrowing industry may be either effective or desirable. Global experience tells us that digital transactions data, along with other alternative data, are fast becoming the basis of provision of financial and other services, by both banking and non-banking (payments) companies. We appeal to the Ministry of Finance to adopt a comprehensive and concerted approach to regulating, enabling competition, and upholding consumers’ rights in the banking sector at large.</p>
<p><strong>3.4.</strong> The report recognises “banking as an activity is separate from payments, which is more of a technology business” (page 154). Contemporary banking and payment businesses are both are primarily technology businesses where information technology particularly is deployed intimately to extract, process, and drive asset management decisions using financial transaction data. Further, with payment businesses (such as, pre-paid instruments) offering return on deposited money via other means (such as, cashbacks), and potentially competing and/or collaborating with established banks to use financial transaction data to drive lending decisions, including but not limited to micro-loans, it appears unproductive to create a separation between banking as an activity and payments as an activity merely in terms of the respective technology intensity of these sectors. <strong>CIS firmly recommends that regulation of these financial services and activities be undertaken in a technology-agnostic manner, and similar regulatory regimes be deployed on those entities offering similar services irrespective of their technology intensity or choice</strong>.</p>
<p><strong>3.5.</strong> The report highlights two major shortcomings of the current regulatory regime for payments. Firstly “the law does not impose any obligation on the regulator to promote competition and innovation in the payments market” (page 153). It appears to us that the regulator’s role should not be to promote market expansion and innovation but to ensure and oversee competition. <strong>We believe that the current regulator should focus on regulating the existing market, and the work of the expansion of the digital payments market in particular and the digital financial services market in general be carried out by another government agency, as it creates conflict of interest for the regulator otherwise.</strong> Secondly, the report mentions that Payment and Settlement Systems Act does not “focus the regulatory attention on the need for consumer protection in digital payments” and then it notes that a “provision was inserted to protect funds collected from customers” in 2015 (page 153). <strong>This indicates that the regulator already has the responsibility to ensure consumer protection in digital payments. The purview and modalities of how this function of course needs discussion and changes with the growth in digital payments</strong>.</p>
<p><strong>3.6.</strong> The report identifies the high cost of cash as a key reason for the government’s policy push towards digital payments. Further, it mentions that a “sample survey conducted in 2014 across urban and rural neighbourhoods in Delhi and Meerut, shows that despite being keenly aware of the costs associated with transacting in cash, most consumers see three main benefits of cash, viz. freedom of negotiations, faster settlements, and ensuring exact payments” (page 30). It further notes that “[d]igital payments have significant dependencies upon power and telecommunications infrastructure. Therefore, the roll out of robust and user friendly digital payments solutions to unelectrified areas/areas without telecommunications network coverage, remains a challenge.” <strong>CIS much appreciates the discussion of the barriers to universal adoption and rollout of digital payments in the report, and appeals to the Ministry of Finance to undertake a more comprehensive study of the key investments required by the Government of India to ensure that digital payments become ubiquitously viable as well as satisfy the demands of a vast range of consumers that India has</strong>. The estimates about investment required to create a robust digital payment infrastructure, cited in the report, provide a great basis for undertaking studies such as these.</p>
<p><strong>3.7.</strong> CIS is very encouraged to see the report highlighting that “[w]ith the rising number of users of digital payment services, it is absolutely necessary to develop consumer confidence on digital payments. Therefore, it is essential to have legislative safeguards to protect such consumers in-built into the primary law.” <strong>We second this recommendation and would like to add further that financial transaction data is governed under a common data protection and privacy regime, without making any differences between data collected by banking and non-banking entities</strong>.</p>
<p><strong>3.8.</strong> We are, however, very discouraged to see the overtly incorrect use of the word “Open Access” in this report in the context of a payment system disallowing service when the client wants to transact money with a specific entity <strong>[4]</strong>. This is not an uncommon anti-competitive measure adopted by various platform players and services providers so as to disallow users from using competing products (such as, not allowing competing apps in the app store controlled by one software company). <strong>The term “Open Access” is not only the appropriate word to describe the negation of such anti-competitive behaviour, its usage in this context undermines its accepted meaning and creates confusion regarding the recommendation being proposed by the report.</strong> The closest analogy to the recommendation of the report would perhaps be with the principle of “network neutrality” that stands for the network provider not discriminating between data packets being processed by them, either in terms of price or speed.</p>
<p><strong>3.9.</strong> A major recommendation by the report involves creation of “a fund from savings generated from cash-less transactions … by the Central Government,” which will use “the trinity of JAM (Jan Dhan, Adhaar, Mobile) [to] link financial inclusion with social protection, contributing to improved Social and Financial Security and Inclusion of vulnerable groups/ communities” (page 160-161). <strong>This amounts to making Aadhaar a mandatory ID for financial inclusion of citizens, especially the marginal and vulnerable ones, and is in direct contradiction to the government’s statements regarding the optional nature of the Aadhaar ID, as well as the orders by the Supreme Court on this topic</strong>.</p>
<p><strong>3.10.</strong> The report recommends that “Aadhaar should be made the primary identification for KYC with the option of using other IDs for people who have not yet obtained Aadhaar” (page 163) and further that “Aadhaar eKYC and eSign should be a replacement for paper based, costly, and shared central KYC registries” (page 162). <strong>Not only these measures would imply making Aadhaar a mandatory ID for undertaking any legal activity in the country, they assume that the UIDAI has verified and audited the personal documents submitted by Aadhaar number holders during enrollment.</strong> A mandate for <em>replacement</em> of the paper-based central KYC agencies will only remove a much needed redundancy in the the identity verification infrastructure of the government.</p>
<p><strong>3.11.</strong> The report suggests that “[t]ransactions which are permitted in cash without KYC should also be permitted on prepaid wallets without KYC” (page 164-165). This seems to negate the reality that physical verification of a person remains one of the most authoritative identity verification process for a natural person, apart from DNA testing perhaps. <strong>Thus, establishing full equivalency of procedure between a presence-less transaction and one involving a physically present person making the payment will only amount to removal of relatively greater security precautions for the former, and will lead to possibilities of fraud</strong>.</p>
<p><strong>3.12.</strong> In continuation with the previous point, the report recommends promotion of “Aadhaar based KYC where PAN has not been obtained” and making of “quoting Aadhaar compulsory in income tax return for natural persons” (page 163). Both these measures imply a replacement of the PAN by Aadhaar in the long term, and a sharp reduction in growth of new PAN holders in the short term. <strong>We appeal for this recommendation to be reconsidered as integration of all functionally separate national critical information infrastructures (such as PAN and Aadhaar) into a single unified and centralised system (such as Aadhaar) engenders massive national and personal security threats</strong>.</p>
<p><strong>3.13.</strong> The report suggest the establishment of “a ranking and reward framework” to recognise and encourage for the best performing state/district/agency in the proliferation of digital payments. <strong>It appears to us that creation of such a framework will only lead to making of an environment of competition among these entities concerned, which apart from its benefits may also have its costs. For example, the incentivisation of quick rollout of digital payment avenues by state government and various government agencies may lead to implementation without sufficient planning, coordination with stakeholders, and precautions regarding data security and privacy</strong>. The provision of central support for digital payments should be carried out in an environment of cooperation and not competition.</p>
<p><strong>3.14.</strong> CIS welcomes the recommendation by the report to generate greater awareness about cost of cash, including by ensuring that “large merchants including government agencies should account and disclose the cost of cash collection and cash payments incurred by them periodically” (page 164). It, however, is not clear to whom such periodic disclosures should be made. <strong>We would like to add here that the awareness building must simultaneously focus on making public how different entities shoulder these costs. Further, for reasons of comparison and evidence-driven policy making, it is necessary that data for equivalent variables are also made open for digital payments - the total and disaggregate cost, and what proportion of these costs are shouldered by which entities</strong>.</p>
<p><strong>3.15.</strong> The report acknowledges that “[t]oday, most merchants do not accept digital payments” and it goes on to recommend “that the Government should seize the initiative and require all government agencies and merchants where contracts are awarded by the government to provide at-least one suitable digital payment option to its consumers and vendors” (page 165). This requirement for offering digital payment option will only introduce an additional economic barrier for merchants bidding for government contracts. <strong>We appeal to the Ministry of Finance to reconsider this approach of raising the costs of non-digital payments to incentivise proliferation of digital payments, and instead lower the existing economic and other barriers to digital payments that keep the merchants away</strong>. The adoption of digital payments must not lead to increasing costs for merchants and end-users, but must decrease the same instead.</p>
<p><strong>3.16.</strong> As the report was submitted on December 09, 2016, and was made public only on December 27, 2016, <strong>it would have been much appreciated if at least a month-long window was provided to study and comment on the report, instead of fifteen days</strong>. This is especially crucial as the recently implemented demonetisation and the subsequent banking and fiscal policy decisions taken by the government have rapidly transformed the state and dynamics of the payments system landscape in India in general, and digital payments in particular.</p>
<h3><strong>Endnotes</strong></h3>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/">http://cis-india.org/</a>.</p>
<p><strong>[2]</strong> See: <a href="http://finmin.nic.in/reports/Note-watal-report.pdf">http://finmin.nic.in/reports/Note-watal-report.pdf</a> and <a href="http://finmin.nic.in/reports/watal_report271216.pdf">http://finmin.nic.in/reports/watal_report271216.pdf</a>.</p>
<p><strong>[3]</strong> See: <a href="http://finmin.nic.in/cancellation_high_denomination_notes.pdf">http://finmin.nic.in/cancellation_high_denomination_notes.pdf</a>.</p>
<p><strong>[4]</strong> Open Access refers to “free and unrestricted online availability” of scientific and non-scientific literature. See: <a href="http://www.budapestopenaccessinitiative.org/read">http://www.budapestopenaccessinitiative.org/read</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016'>https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016</a>
</p>
No publisherSumandro Chattapadhyay and Amber SinhaUIDDigital IDBig DataDigital EconomyDigital AccessPrivacyDigital SecurityData RevolutionDigital PaymentInternet GovernanceDigital IndiaData ProtectionDemonetisationHomepageFeaturedAadhaar2017-01-12T12:32:22ZBlog EntryFlaws in the UIDAI Process
https://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process
<b>The accuracy of biometric identification depends on the chance of a false positive: the probability that the identifiers of two persons will match. Individuals whose identifiers match might be termed duplicands. When very many people are to be identified success can be measured by the (low) proportion of duplicands. The Government of India is engaged upon biometrically identifying the entire population of India. An experiment performed at an early stage of the programme has allowed us to estimate the chance of a false positive: and from that to estimate the proportion of duplicands. For the current population of 1.2 billion the expected proportion of duplicands is 1/121, a ratio which is far too high. </b>
<p style="text-align: justify; ">The article was published in <a class="external-link" href="http://www.epw.in/journal/2016/9/special-articles/flaws-uidai-process.html">Economic & Political Weekly</a>, Journal » Vol. 51, Issue No. 9, 27 Feb, 2016.</p>
<hr />
<p style="text-align: justify; ">A legal challenge is being mounted in the Supreme Court, currently, to the programme of biometric identification that the Unique Identification Authority of India (UIDAI) is engaged upon: an identification preliminary and a requisite to providing citizens with “Aadhaar numbers” that can serve them as “unique identifiers” in their transactions with the state. What follows will recount an assessment of their chances of success. We shall be using data that was available to the UIDAI and shall employ only elementary ways of calculation. It should be recorded immediately that an earlier technical paper by the author (Mathews 2013) has been of some use to the plaintiffs, and reference will be made to that in due course.</p>
<p style="text-align: justify; ">The Aadhaar numbers themselves may or may not derive, in some way, from the biometrics in question; the question is not material here. For our purposes a biometric is a numerical representation of some organic feature: like the iris or the retina, for instance, or the inside of a finger, or the hand taken whole even. We shall consider them in some more detail later. The UIDAI is using fingerprints and iris images to generate a combination of biometrics for each individual. This paper bears on the accuracy of the composite biometric identifier. How well those composites will distinguish between individuals can be assessed, actually, using the results of an experiment conducted by the UIDAI itself in the very early stages of its operation; and our contention is that, from those results themselves, the UIDAI should have been able to estimate <i>how many individuals would have their biometric identifiers matching those of some other person</i>, under the best of circumstances even, when any good part of population has been identified.</p>
<hr />
<p style="text-align: justify; "><a class="external-link" href="http://cis-india.org/internet-governance/blog/Flaws_in_the_UIDAI_Process_0.pdf">Read the full article here</a>.</p>
<hr />
<p style="text-align: justify; "><i>The author thanks Nico Temme of the Centrum Wiskunde & Informatica in The Netherlands for the bounds he derived on the chance of a false positive. He is particularly grateful to the anonymous referee of this journal who, through two rounds of comment, has very much improved the presentation of the results. A technical supplement to this paper is placed on the EPW website along with this paper</i>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process'>https://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process</a>
</p>
No publisherhansUIDPrivacyInternet GovernanceFeaturedAadhaarHomepage2016-03-06T10:40:59ZBlog EntryExploring Big Data for Development: An Electricity Sector Case Study from India
https://cis-india.org/raw/exploring-big-data-for-development-an-electricity-sector-case-study-from-india
<b>This working paper by Ritam Sengupta, Dr. Richard Heeks, Sumandro Chattapadhyay, and Dr. Christopher Foster draws from the field study undertaken by Ritam Sengupta, and is published by the Global Development Institute, University of Manchester. The field study was commissioned by the CIS, with support from the University of Manchester and the University of Sheffield.</b>
<p> </p>
<h4>Download the working paper: <a href="http://hummedia.manchester.ac.uk/institutes/gdi/publications/workingpapers/di/di_wp66.pdf" target="_blank">PDF</a></h4>
<hr />
<h3><strong>Abstract</strong></h3>
<p>This paper presents exploratory research into “data-intensive development” that seeks to inductively identify issues and conceptual frameworks of relevance to big data in developing countries. It presents a case study of big data innovations in “Stelcorp”; a state electricity corporation in India. In an attempt to address losses in electricity distribution, Stelcorp has introduced new digital meters throughout the distribution network to capture big data, and organisation-wide information systems that store and process and disseminate big data.</p>
<p>Emergent issues are identified across three domains: implementation, value and outcome. Implementation of big data has worked relatively well but technical and human challenges remain. The advent of big data has enabled some – albeit constrained – value addition in all areas of organisational operation: customer billing, fault and loss detection, performance measurement, and planning. Yet US$ tens of millions of investment in big data has brought no aggregate improvement in distribution losses or revenue collection. This can be explained by the wider outcome, with big data faltering in the face of external politics; in this case the electoral politics of electrification. Alongside this reproduction of power, the paper also reflects on the way in which big data has enabled shifts in the locus of power: from public to private sector; from labour to management; and from lower to higher levels of management.</p>
<p>A number of conceptual frameworks emerge as having analytical power in studying big data and global development. The information value chain model helps track both implementation and value-creation of big data projects. The design-reality gap model can be used to analyse the nature and extent of barriers facing big data projects in developing countries. And models of power – resource dependency, epistemic models, and wider frameworks – are all shown as helping understand the politics of big data.</p>
<hr />
<em>Cross-posted from <a href="http://www.gdi.manchester.ac.uk/research/publications/other-working-papers/di/di-wp66/">University of Manchester</a>.</em>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/exploring-big-data-for-development-an-electricity-sector-case-study-from-india'>https://cis-india.org/raw/exploring-big-data-for-development-an-electricity-sector-case-study-from-india</a>
</p>
No publishersumandroBig DataData SystemsResearchers at WorkResearchFeaturedPublicationsBig Data for Development2019-03-16T04:33:15ZBlog EntryThe Digital Classroom: Social Justice and Pedagogy
https://cis-india.org/digital-natives/pathways/facultyworkshop
<b>What happens when we look at the classroom as a space of social justice? What are the ways in which students can be engaged in learning beyond rote memorisation? What innovative methods can be evolved to make students stakeholders in their learning process? These were some of the questions that were thrown up and discussed at the 2 day Faculty Training workshop for participant from colleges included in the Pathways to Higher Education programme, supported by Ford Foundation and collaboratively executed by the Higher Education Innovation and Research Application and the Centre for Internet and Society, Bangalore.</b>
<p></p>
<p>The workshop focused on 3 chief challenges in contemporary
pedagogy and teaching in higher education in India as identified by <a class="external-link" href="http://heira.in/">HEIRA</a>: The need for innovative
curricula, challenges to social justice in education, and possibilities offered
by the intersection of digital and internet technologies with classroom
teaching and evaluation. In the open discussions, the participating faculty
members used their multidisciplinary skills and teaching experience to look at possibilities that we might implement in our classrooms to create a more
inclusive and participatory environment. The conversations were varied, and
through 3 blog entries I want to capture the focus points of the workshop. In
this first post, I focus specifically on the changing nature of student
engagement with education and innovative ways by which we can learn from the
digital platforms of learning and knowledge production and implement certain
innovations in pedagogy that might better help create inclusive and just learning
environments in the undergraduate classroom in India.</p>
<p><strong>Peer 2 Peer:</strong> One of the observations that was made
unanimously by all the faculty members was that students respond better, learn
faster, engage more deeply with their syllabus when the instructor has a
personal rapport with them. Traditionally, the teachers who have established
human contact which goes beyond the call of duty are also the teachers that
have become catalysts and inspirations for the students. Especially with the
digital aesthetics of non-hierarchical information interaction, this has become
the call of the day.</p>
<p>Establishing the teacher as a peer within the classroom,
rather than the fountainhead of information flow, is an experiment worth
conducting. Like on other digital platforms, can we think of the classroom as a
space where the interlocutors each bring their life experience and learning to
start an information exchange and dialogue that would make them stakeholders in
the process of learning? This would mean that the teacher would be a <em>facilitator</em> who builds conditions of
knowledge production and dissemination, thus also changing his/her relationship
with the idea of curriculum and teaching.</p>
<p><strong>Reciprocal evaluation</strong>: It was pointed out that the grade
oriented academic system often leads to students disengaging with innovative
and meaningful learning practices. With the pressure of completing the
curriculum, the students’ instrumental relationship with their classroom
learning and the highly conservative structures of higher education that do not
offer enough space to experiment with the teaching methods, it often becomes
difficult to initiate innovative pedagogic practices. Learning from the
differently hierarchised digital spaces, it was suggested that one of the ways
by which this could be countered is by introducing reciprocal evaluation
patterns which might not directly be associated with the grades but would
recognise and appreciate the skills that students bring to their learning.</p>
<p>Inspired by the Badges contest at <a class="external-link" href="http://hastac.org/tag/badges">HASTAC</a>,
it was suggested that evaluation has to take into account, more than grades.
Different students bring different skills, experiences, personalities and
behaviours to bear upon the syllabus. They work individually and in clusters to
understand and analyse the curriculum. Recognising these skills and the roles
that they play in their learning environments is essential. Getting students to
offer different badges to each other as well as to the teachers involved, helps
them understand their own learning process and engages them in new ways of
learning.</p>
<p><strong>Role based learning: </strong>Within the Web 2.0 there is a peculiar
condition where individuals are recognised simultaneously as experts and
novices. They bring certain knowledges and experiences to the table which make
them credible sources of information and analysis in those areas. At the same
time, they are often beginner learners in certain other areas and they harness
the power of the web to learn. Such a distributed imagination of a student as
not equally proficient in all areas, but diversely equipped to deal with
different disciplines is missing from our understanding of the higher education
classroom.</p>
<p>We discussed the possibility of making the student responsible not
only for his/her own learning but also the learning of the peers in the
classroom. Making the student aware of what s/he is good at and where s/he is
lacking allows them to gain confidence and also realise that everybody has
differential strengths and aptitudes. Such a classroom might look different
because the students don’t have to be pitched in stressful competition with
each other but instead work collaboratively to learn, research and produce
knowledge in a nurturing and supportive learning environment.</p>
<p>These initial discussions look at the possibility of
innovative classroom teaching that can accommodate for the skills and
differences of the students in higher education in India. The conversations
opened up the idea that the classroom can be reshaped so that it becomes a more
inclusive space where the quality of students’ access to education can be
improved. It also ties in with the larger imagination of classrooms as spaces
where principles of social justice can be invoked so that students who are
disadvantaged in language, learning skills, socio-economic backgrounds, are not
just looked at as either ‘beyond help’ or ‘victims of a system’. Instead, it
encourages to look at the students as differential learners who need to be made
stakeholders in their own processes of learning and education.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/digital-natives/pathways/facultyworkshop'>https://cis-india.org/digital-natives/pathways/facultyworkshop</a>
</p>
No publishernishantHigher EducationAccess to KnowledgeDigital NativesFeaturedNew PedagogiesResearchers at WorkDigital Pluralism2015-05-08T12:36:29ZBlog EntryPlatforms, Power, and Politics: Perspectives from Domestic and Care Work in India
https://cis-india.org/raw/platforms-power-and-politics-perspectives-from-domestic-and-care-work-in-india
<b>CIS has been undertaking a two-year project studying the entry of digital platforms in the domestic and care work in India, supported by the Association for Progressive Communications as part of the Feminist Internet Research Network. Implemented through 2019-21, the objective of the project is to use a feminist lens to critique platform modalities and orient platformisation dynamics in radically different, worker-first ways. Ambika Tandon and Aayush Rathi led the research team at CIS. The Domestic Workers’ Rights Union is a partner in the implementation of the project, as co-researchers. Geeta Menon, head of DWRU, was an advisor on the project, and the research team consisted of Parijatha G.P., Radha Keerthana, Zeenathunnisa, and Sumathi, who are office holders in the union and are responsible for organising workers and addressing their concerns.
</b>
<p><span>The Executive Summary for the project report is below.</span></p>
<p>The full report, ‘Platforms, power, and politics: Perspectives from domestic and care work in India’, can be found <a href="https://cis-india.org/raw/platforms-power-and-politics-pdf" class="external-link">here</a>.</p>
<p>The press release can be found <a href="https://cis-india.org/raw/platforms-power-and-politics-press-release-pdf" class="external-link">here</a>.</p>
<hr />
<h3></h3>
<h3><span>Introduction</span></h3>
<div></div>
<p style="text-align: justify; ">Paid domestic and care work is witnessing the entry of digital intermediaries over the past decade. More recently, there has been tremendous growth of digital platforms. This holds the potential to impact millions of workers in the sector, which is characterised by a long history of informality and exclusion from rights-according legal frameworks. Digital intermediation of domestic and care work has been a space of high-growth, but also high-attrition. In India, order books of digital platforms providing domestic and care work services were reported to have been growing by upto 60 percent month-on-month in 2016. This is expected to shift the organisation of workers and employment relations profoundly. <br /><br />Broadly, the discourse on digital platforms providing home-based services can be summarised as follows: proponents argue that digitisation will act as a step towards bringing formalisation to the sector, while critics argue that platforms could replicate the exploitation of workers by further disguising the employer-employee relationship. Similar debates around lack of protections and precarity have also taken place in other occupations in gig work such as transportation and food delivery. In fact, the similarity in precarity and the informal nature of this relationship across gig work and domestic work has led to domestic workers being labelled the original gig workers. Domestic work is a particularly vulnerable and unprotected sector, which makes work in the sector qualitatively different from most other sectors in the gig or sharing economy.<br /><br />Through a feminist approach to digital labour, our project aimed to examine the dynamics of platformisation in, and of domestic or reproductive care work. Our hypothesis was that platforms are reconfiguring labour conditions, which could empower and/or exploit workers in ways qualitatively different from non-standard work off the platform. In order to interrogate this further, we studied several aspects of the work relationship, including wages, conditions of work, social security, skill levels, and worker surveillance off platforms.</p>
<h3>Methodology</h3>
<p style="text-align: justify; ">We borrowed from ethnographic methods and feminist principles to co-design and implement the research tools with grassroots workers and organisers. Between June to November 2019, we conducted 65 in-depth semi-structured interviews primarily in New Delhi and Bengaluru. A majority of these were with domestic workers who were seeking or had found work through platforms. We also did interviews with workers who had found work through traditional placement agencies to compare our findings, and with representatives from platforms, government labour departments, and workers collectives. Of the workers we interviewed, a majority were women, but men were included as well. Interviews in New Delhi were undertaken by CIS, while interviews with workers in Bengaluru were undertaken by grassroots activists in Bengaluru, affiliated with the Domestic Workers Rights Union (DWRU).</p>
<div></div>
<p style="text-align: justify; ">In implementing the data collection approach, we employed feminist methodological principles of intersectionality, self-reflexivity, and participation. The methodology draws on standpoint theory, which encourages knowledge production that centres the lived experiences of marginalised groups. We were acutely aware of our own positionality as high income, Savarna researchers studying a sector dominated by Dalit, Bahujan and Adivasi women from low income groups. This power differential was softened partially by involving DWRU through the course of the project. Workers across both field sites were also interviewed in spaces familiar to them, most often their homes, in languages that they were comfortable with including Hindi, Kannada, and Tamil.</p>
<div></div>
<p style="text-align: justify; ">Feminist principles also instrumental during the data analysis, with focus on intersectionality and self-reflexivity. We highlighted the ways in which inequalities of gender, income, migration status, caste, and religion are replicated and amplified in the platform economy. In particular, we discussed the impact of the digital gender gap in access and skills on workers’ ability to find economic opportunities.</p>
<h3></h3>
<h3>Findings</h3>
<p style="text-align: justify; ">Our typology of platforms mediating domestic work finds three types of platforms – (i) marketplace, or platforms that list workers’ data on their profile, provide certain filters for automated selection of a pool of workers, and charge a fee from customers for access to workers’ contact details, (ii) digital placement agency, or platforms that provide an end-to-end placement service to customers, identify appropriate workers on the basis of selection criteria, and negotiate conditions of work on behalf of workers, and (iii) on-demand platforms, or companies that provide services or ‘gigs’ such as cleaning on an hourly basis, performed by a roster of workers who are characterised as ‘independent contractors’.</p>
<div></div>
<p style="text-align: justify; ">When it comes to the role played by platforms in determining employment relations, there is a wide variation within and across platform categories. There are both weak and strong models of intervention. On one end of the spectrum are marketplaces, with minimal intervention in the recruitment process, and on the other on-demand platforms, that exact control over each aspect of work. Digital platforms reconfigure the conception of intermediaries in the domestic work sector, functioning as next-generation placement agencies. All three platform types contain aspects that provide workers agency, as well as those that reinforce their positions of low-power. Platform design impacts the role platforms play in setting conditions of work, but does not determine it entirely.</p>
<div></div>
<p style="text-align: justify; "><strong>(Re)shaping the terms of work</strong><br />Across the three types of platforms, wages are slightly higher than or matching those of workers off platforms. Some marketplace platforms have incorporated features to nudge customers towards setting higher wages, such as enforcing minimum wage standards, or informing customers of expected wages in their locality. Conversely, on-demand platforms charge a high rate of commission from workers, despite refusing to recognise them as employees. This indicates that this is a misclassification of an employment relationship, given that workers are unable to set their own conditions or wages for work. Despite the high rates of commission and appropriation of labour by platforms, on-demand workers earn higher wages than workers on other platforms. The relatively high wage is a result of marketing on-demand cleaning as professionalised and more skilled than day-to-day cleaning. Tasks in the sector continue to be distributed along the lines of gender and caste, as has historically been the case. Dalit, Bahujan and Adivasi women are more likely to take up work such as cleaning and washing dishes, while men and women across castes are equally distributed in cooking work. Women dominate tasks such as elderly and childcare, as in the traditional economy. Workers in professionalised tasks such as deep cleaning that requires technical equipment and chemicals are almost entirely men.</p>
<div></div>
<p style="text-align: justify; "><strong>Digital divides and workers’ agency</strong><br />We find that workers are primarily onboarded onto platforms by learning about it from other workers, through onboarding camps held by platforms, or offline advertising by platforms. Such in-person onboarding techniques allows workers with no digital access or literacy to register themselves on marketplace platforms and digital placement agencies.</p>
<div></div>
<p style="text-align: justify; ">However, we find that low levels of education and digital literacy continue to impact platformed labour by creating a strong informational asymmetry between workers and platforms. For instance, we find that women workers from low income communities have very little information about how platforms work, causing deep distrust. Workers with digital devices and literacy (and therefore a relatively better understanding of the functionality of the platform), physical mobility and the resources to bear indirect costs that were outsourced to them were at a significant advantage in finding better-paying jobs. Workers who were seeking flexibility and were not necessarily dependent on the platform for their primary income were also better placed than those entirely dependent on platforms. Women workers tended to be disadvantaged on all these counts, limiting their agency and capacity to reap the benefits of the platform economy.</p>
<div></div>
<p style="text-align: justify; ">Across the three types of platforms, systems of placement and ratings add to the information asymmetry, as workers are not aware of the impact of ratings on their ability to find work or charge better wages. Ratings and filtering systems also hard-code the impact of workers’ social characteristics on their work. Workers are unable to exercise control over their data, further undermining their agency vis-a-vis platforms and employers. We identify a clear need for collective bargaining structures to protect workers’ rights, although platformed domestic workers remained distant from both domestic work unions and emergent unions of platform workers in other sectors.</p>
<div></div>
<p style="text-align: justify; "><strong>Intersectionalities of formalisation</strong><br />We find that inequalities of caste, class, and gender that have historically shaped the sector continue to be replicated or even amplified in the platform economy. What remains clear is that platforms in the domestic work sector adopt the logics of this sector, more than the converse. Platformisation is conflated with formalisation, and it is within this vector, from complete informality to piecemeal formalisation, that platforms operate. Labour benefits do not take the form of labour protections or welfare entitlements that are the central function of formalisation processes. Instead, the so-called benefits are intended to transform domestic workers to participate within the logics and vagaries of the market.</p>
<h3>Policy Recommendations</h3>
<p style="text-align: justify; "><strong>Recognise and implement labour protections for domestic workers </strong><br />Domestic workers have historically occupied the most vulnerable positions in the workforce, with limited legal protections. Exposed to the regulatory grey areas that platforms operate in, this doubly exposes domestic workers to precarious conditions of work. Despite an avowed move towards formalisation of domestic work, platform-mediated labour continues to retain characteristics of informal labour, even heightening some.</p>
<div></div>
<p style="text-align: justify; ">If pushed to do so, platform companies can be instrumental in resolving some of the implementation challenges that governments have faced in enforcing legislative protections sought to be made available to domestic workers. Platforms have databases of workers, which can be used to mandatorily register them for social security schemes offered by the government. This data can also be used for better policy making, in the absence of reliable statistics particularly on migrant workers in the informal economy.<em><strong><br /></strong></em></p>
<p style="text-align: justify; "><strong>Reduce the protective gap between employment and self-employment </strong><br />The (mis)classification of “gig” work within labour law frameworks is still a matter that continues to be hotly debated within policy practitioners, legal scholarship, and civil society actors. Three positions, in particular, have been taken—treating gig workers as employees, independent contractors, or occupying a third intermediate category. More recently, there have been some legal victories guaranteeing employment protections and increasing platform companies’ accountability. However, these successes have been more visible in Global North jurisdictions.</p>
<div></div>
<p style="text-align: justify; ">Regardless of the resolution of these ongoing debates over employment status, labour frameworks should provide some universal protections to all categories of labour. Such protections must include universal coverage of social security, in addition to rights such as freedom of association, collective bargaining, equal remuneration and anti-discrimination. Policies geared towards achieving this objective would be significant in reducing the protective gaps between different categories of labour, and would particularly help historical and emerging occupational categories of workers such as “gig” workers and domestic workers.</p>
<div></div>
<p style="text-align: justify; "><strong>Recognise the specific challenge(s) and potential of platformisation of domestic work </strong><br />Platforms hold the potential of acting as effective facilitators in informal labour markets. Even when they do not replace existing recruitment pathways, they provide alternate ones. Workers were more likely to register on a platform if they were entering the domestic work labour market recently (often distress and migration driven), or had not enjoyed success with informal, word-of-mouth networks. However, platforms also heighten labour market insecurities, and create new ones. These potential risks need to be specifically recognised through appropriate frameworks, such as social security, discrimination law and data protection.</p>
<div></div>
<p style="text-align: justify; "><strong>Tailor policy-making to platform models </strong><br />We identify three types of platforms, each of which intervene to varying degrees in the work relationship. We recommend that digital placement agencies and marketplace platforms be registered with governments and enforce basic protections for workers such as provision of minimum wage, preventing abuse (including non-payment of wages) and trafficking. On-demand companies on the other hand, must be treated as employers, and workers be accorded employment protections including social security.</p>
<div></div>
<p style="text-align: justify; ">In addition to rights-based policy actions, legal-regulatory mechanisms geared towards mitigating the precariousness of platform-based work are required. This can take the shape of clarifying and expanding existing legal-regulatory formulations, or preparing new ones. Such policy making should factor in the power and information asymmetry between domestic workers (and gig workers, generally) and platforms.</p>
<div></div>
<p style="text-align: justify; ">Further, in the absence of health or retirement benefits, risks and indirect costs of operations are shifted from employers to workers. For instance, workers provide capital in the form of tools or equipment, support the fluctuation of business and income, and can be ‘deactivated’ from an application as a result of poor ratings or periods of inactivity. Any regulation aiming to extend employee status should mandate platforms to support such indirect costs.</p>
<h3>Related Publications</h3>
<p>1. <a class="external-link" href="https://www.genderit.org/articles/digital-mediation-of-reproductive-and-care-work">Research notes</a> with reflections from union members. <br />2. The <a class="external-link" href="https://cis-india.org/raw/platformisation-of-domestic-work-in-india-report-from-a-multistakeholder-consultation">event report</a> from a stakeholder consultation with workers, unions, companies and government representatives. <br />3. A <a class="external-link" href="https://www.genderit.org/articles/doing-standpoint-theory">reflection note</a> on the participatory approach taken by the project. <br />4. A <a class="external-link" href="https://library.fes.de/pdf-files/bueros/singapur/17840.pdf">paper</a> with a comparative analysis of the policy landscape on domestic work in the platform economy.</p>
<p>
For more details visit <a href='https://cis-india.org/raw/platforms-power-and-politics-perspectives-from-domestic-and-care-work-in-india'>https://cis-india.org/raw/platforms-power-and-politics-perspectives-from-domestic-and-care-work-in-india</a>
</p>
No publisherAayush Rathi, and Ambika TandonDigital EconomyResearchers at WorkPlatform-WorkFeaturedRAW ResearchHomepageDigital Domestic Work2021-07-07T15:19:37ZBlog EntryWeb Accessibility Policy Making: An International Perspective
https://cis-india.org/accessibility/web-accessibility-policy-making-an-international-perspective
<b>G3ict and CIS are pleased to announce the publication of a new, improved edition of the Web Accessibility Policy Making: An International Perspective. The report published in cooperation with the Hans Foundation provides an updated synopsis of the many policies that governments have implemented around the world to ensure that the Internet and websites are accessible to persons with disabilities. </b>
<p>The report contains a Foreword by Axel Leblois, Founder and Executive Director of G3ict, an introduction and studies from countries like Australia, Canada, Germany, Ireland, Italy, Japan, South Korea, New Zealand, Philippines, Portugal, Sweden, Thailand, United Kingdom, United States, and the European Union. The report contains contributions from Prashanth Ramadas, Asma Tajuddin, G Aravind, Katie Reisner, Sucharita Narasimhan, Bama Balakrishnan and Nirmita Narasimhan. Axel Leblois, Donal Rice, Immaculada Placienca Porrero, Kevin Carey, Licia Sbattella and Sunil Abraham are the expert reviewers.</p>
<h2>Foreword by Axel Leblois</h2>
<p>This third edition of our joint report with CIS “WEB ACCESSIBILITY POLICY MAKING: AN INTERNATIONAL PERSPECTIVE” provides an updated synopsis of the many policies that governments have implemented around the world to ensure that the Internet and web sites are accessible to persons with disabilities. With 153 countries parties to the Convention on the Rights of Persons with Disabilities as of December 2011, an increasing number of governments are now in the midst of developing policies and programs to ensure that web sites and services under their jurisdictions are accessible.</p>
<p>Indeed, the Preamble of the Convention on the Rights of Persons with Disabilities recognizes “the importance of accessibility to the physical, social, economic and cultural environment, to health and education and to information and communication, in enabling persons with disabilities to fully enjoy all human rights and fundamental freedoms”. Its article 9 stipulates that: “To enable persons with disabilities to live independently and participate fully in all aspects of life, States Parties shall take appropriate measures to ensure to persons with disabilities access, on an equal basis with others, to the physical environment, to transportation, to information and communications, including information and communications technologies and systems” (1). It further specifies that “State Parties shall also take appropriate measures to … Promote access for persons with disabilities to new information and communications technologies and systems, including the Internet” (2.g).</p>
<p>There is therefore no doubt that all State Parties have an obligation to act upon those commitments. However, as this report demonstrates it clearly, web accessibility policies and their levels of enforcement vary considerably among countries with some common denominators such as the compliance with the W3C – WAI guidelines on web accessibility.</p>
<p>G3ict and CIS hope that this new, improved edition, which will now be available in print as well as in electronic format, will help accelerate the development of web accessibility policies and programs around the world. We want to express our sincere appreciation to Nirmita Narasimhan, programme manager at CIS and editor of the G3ict Publications and Reports for her dedication to this report which would not have been made possible without her incredible work and motivation as Disability Advocate.</p>
<p><a href="https://cis-india.org/accessibility/web-accessibility.pdf" class="internal-link" title="Web Accessibility Policy Making">Download a PDF of the Web Accessibility Policy Making here</a> [335 KB]</p>
<p><a href="https://cis-india.org/accessibility/daisy-file" class="internal-link" title="Web Accessibility (Daisy) File">Download the Daisy File</a> [23412 KB]</p>
<p>
For more details visit <a href='https://cis-india.org/accessibility/web-accessibility-policy-making-an-international-perspective'>https://cis-india.org/accessibility/web-accessibility-policy-making-an-international-perspective</a>
</p>
No publishernirmitaFeaturedAccessibilityAccess to Knowledge2012-09-25T05:33:25ZBlog EntryDelhi High Court Orders Blocking of Websites after Sony Complains Infringement of 2014 FIFA World Cup Telecast Rights
https://cis-india.org/internet-governance/blog/delhi-high-court-orders-blocking-of-websites-after-sony-complains-infringement-of-2014-fifa-world-cup-telecast-rights
<b>Of late the Indian judiciary has been issuing John Doe orders to block websites, most recently in Multi Screen Media v. Sunit Singh and Others. The order mandated blocking of 472 websites, out of which approximately 267 websites were blocked as on July 7, 2014. This trend is an extremely dangerous one because it encourages flagrant censorship by intermediaries based on a judicial order which does not provide for specific blocking of a URL, instead provides for blocking of the entire website. </b>
<p style="text-align: justify; ">The High Court of Delhi on June 23, 2014 issued a <a class="external-link" href="http://delhihighcourt.nic.in/dhcqrydisp_o.asp?pn=119642&yr=2014">John Doe injunction</a> restraining more than 400 websites from broadcasting 2014 FIFA world cup matches. <a href="http://www.khelnama.com/140624/football/news/delhi-high-court-bans-400-websites-live-streaming-fifa-wold-cup/16001">News reports</a> indicate that the Single judge bench of Justice V. Kameswar Rao directed the <a class="external-link" href="http://www.dot.gov.in/">Department of Telecom</a> to issue appropriate directions to ISPs to block the websites that Multi Screen Media provided, as well as <b>“any other website identified by the plaintiff”</b> in the future. <b>On July 4, Justice G. S. Sistani permitted <a href="http://ibnlive.in.com/news/airtel-blocks-219-websites-for-infringing-on-sonys-world-cup-2014-telecast-rights/484439-11.html">reducing the list to 219 websites</a></b>. <b> </b></p>
<h2 style="text-align: justify; "><b>Background</b></h2>
<p style="text-align: justify; ">Multi Screen Media (MSM) is the official broadcaster for the ongoing 2014 FIFA World Cup tournament. FIFA (the Governing body) had exclusively licensed rights to MSM which included live, delayed, highlights, on demand, and repeat broadcast of the FIFA matches. MSM complained that the defendants indulged in hosting, streaming, providing access to, etc, thereby infringing the exclusive rights and broadcast and reproduction rights of MSM.</p>
<p style="text-align: justify; ">The court in the instant order held that the defendants had <b><i>prima facie</i></b> infringed MSM’s broadcasting rights, which are guaranteed by section 37 of the <a class="external-link" href="http://copyright.gov.in/Documents/CopyrightRules1957.pdf">Copyright Act, 1957</a>. In an over-zealous attempt to pre-empt infringement the court called for a blanket ban on all websites identified by MSM. Further, the court directed the concerned authorities to ensure ISPs complied with this order and block the websites mentioned by MSM presently, and other websites which may be subsequently be notified by MSM.</p>
<h2 style="text-align: justify; "><b>Where the Court went Wrong</b></h2>
<p style="text-align: justify; ">The court stated that MSM successfully established a <b>prima facie case</b>, and on its basis granted a sweeping injunction to MSM ordering <b>blocking 471 second level domains</b>. I’d like to point out numerous flaws with the order-</p>
<ol style="text-align: justify; ">
<li><b>Dissatisfactory "Prima facie case"</b></li>
</ol>
<div style="text-align: justify; "><span style="text-align: justify; ">In my opinion the court could have scrutinised the list of websites provided by MSM more carefully. There is nothing in the order to suggest that evidence was proffered by MSM in support of the list. The order reveals that the list was prepared by </span><a href="http://www.markscan.co.in/index.php" style="text-align: justify; ">MarkScan</a><span style="text-align: justify; ">, a </span><i style="text-align: justify; ">“consulting boutique dedicated to (the client’s) IP requirements in the cyberspace and the Indian sub-continent.”</i><span style="text-align: justify; "> The list throws up names such as docs.google.com, goo.gl & ad.ly (provide URL shortening service </span><i style="text-align: justify; ">only</i><span style="text-align: justify; ">), torrent indexing websites, IP addresses, online file streaming websites, etc., at a cursory glance. Evidently, perfectly legitimate websites have been targeted by an ill conducted search and shoddily prepared list which may lead to blocking of legitimate content on account of no verification by the court. </span><b style="text-align: justify; ">471 websites out of 472 mentioned in the first list are second level domains</b><span style="text-align: justify; "> and </span><b style="text-align: justify; ">23</b><span style="text-align: justify; "> websites have been </span><b style="text-align: justify; ">listed twice</b><span style="text-align: justify; ">.</span></div>
<div style="text-align: justify; "><b style="text-align: justify; "><br /></b></div>
<div style="text-align: justify; "><span style="text-align: justify; ">2. </span><b style="text-align: justify; ">Generic order which abysmally fails to identify specific infringing URLS</b></div>
<p style="text-align: justify; ">Out of the 472 websites (list provided in the order by MarkScan)-</p>
<p class="MsoListParagraph" style="text-align: justify; ">471 are file streaming websites, video sharing websites, file lockers, URL shorteners, file storage websites; <b>only one is a specific URL</b> [<a href="http://www.24livestreamtv.com/brazil-2014-fifa-world-cup-football-%20%C2%A0%C2%A0live-streaming-online-t">http://www.24livestreamtv.com/brazil-2014-fifa-world-cup-football-%20%C2%A0%C2%A0live-streaming-online-t</a> ].</p>
<p class="MsoListParagraph" style="text-align: justify; "><img src="https://cis-india.org/copy_of_Untitled.jpg/image_preview" alt="Breakdown of the list in the July 23rd Order" class="image-inline image-inline" title="Breakdown of the list in the July 23rd Order" /></p>
<p class="MsoListParagraph" style="text-align: justify; ">The order calls for blocking of complete websites. This is in complete contradiction to the 2012 Madras High Court’s order in <a href="https://cis-india.org/internet-governance/blog/internet-governance/resources/john-doe-order-r.k.-productions-v.-bsnl-mtnl-and-ors.-movie-3">R K Productions v BSNL</a> which held that only a particular URL where the infringing content is kept should be blocked, rather than the entire website. The Madras High Court order had also made it mandatory for the complainants to provide exact URLs where they find illegal content, such that ISPs could block only that content and not the entire site. MSM did not adhere to this and I have serious doubts if the defendants brought the distinguishing Madras High Court judgment to the attention of the bench. The entire situation is akin to MarkScan scamming MSM by providing their clients a dodgy list, and MSM scamming the court and the public at large.</p>
<p class="MsoListParagraph" style="text-align: justify; ">3.<b> Lack of Transparency – Different blocking messages on different ISPs</b></p>
<p class="MsoListParagraph" style="text-align: justify; ">The message displayed uniformly on blocked websites was:</p>
<p style="text-align: justify; ">"This website/URL has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications."</p>
<p style="text-align: justify; ">I observed that a few websites showed the message <b>“Error 404 – File or Directory not found”</b> without the blocking message (above) on the network provider Reliance, and same Error 404 with the blocking message on the network provider Airtel highlighting the non-transparent manner of adherence to the order. Further, both the messages do not indicate the end period of the block.</p>
<h3 style="text-align: justify; "><b>Legality of John Doe orders in Website Blocking</b></h3>
<p style="text-align: justify; ">It is pertinent to reiterate the ‘misuse’ of John Doe orders to block websites in India. The judiciary has erred in applying the John Doe order to protect copyrightable content on the internet. While the <i>R K Productions v BSNL</i> case appears reasonable in terms of permitting blocking of only URL specific content, the application of John Doe order to block websites remains unfounded in law. Ananth Padmanabhan in a three part study (<a href="https://cis-india.org/internet-governance/blog/a2k/blog/john-doe-orders-isp-blocking-websites-copyright-1">Part I</a>, <a href="https://cis-india.org/internet-governance/blog/a2k/blog/john-doe-orders-isp-blocking-websites-copyright-2">II</a> and <a href="https://cis-india.org/internet-governance/blog/a2k/blog/john-doe-orders-isp-blocking-websites-copyright-3">III</a>) had earlier analysed the improper use of John Doe injunctions to block websites in India. The John Doe order was conceived by US courts to pre-emptively remedy the irreparable damages suffered by copyright holders on account of unidentified/unnamed infringers. The interim injunction allowed collection of evidence from infringers, who were identified later as certain defendants and the final relief was accordingly granted. The courts routinely advocated judicious use of the order, and ensured that the identified defendants were provided and informed of their right to apply to the court within twenty four hours for a review of the order and a right to claim damages in an appropriate case. Therefore, the John Doe order applied against <i>primary</i> infringers <i>per se.</i></p>
<p style="text-align: justify; ">On the other hand, whilst extending this remedy in India the <b>courts have unfortunately placed onus on the conduit i.e. the ISP to block websites</b>. This is <a href="https://cis-india.org/internet-governance/blog/a2k/blog/john-doe-orders-isp-blocking-websites-copyright-1">tantamount to providing final relief at the interim stage</a>, since all content definitely gets blocked; however, this hardly helps in identifying the actual infringer on the internet. <b>The court is prematurely doling out blocking remedies to the complaining party, which, legally speaking should be meted out only during the final disposition of the case after careful examination of the evidence available.</b> Thus, the intent of a John Doe order is miserably lost in such an application. Moreover, this lends an arbitrary amount of power in the hands of intermediaries since ISPs may or may not choose to approach the court for directions to specifically block URLs which provide access to infringing content only.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/delhi-high-court-orders-blocking-of-websites-after-sony-complains-infringement-of-2014-fifa-world-cup-telecast-rights'>https://cis-india.org/internet-governance/blog/delhi-high-court-orders-blocking-of-websites-after-sony-complains-infringement-of-2014-fifa-world-cup-telecast-rights</a>
</p>
No publishersinhaFeaturedHomepageInternet GovernanceCensorship2014-07-08T07:02:16ZBlog EntryFinFisher in India and the Myth of Harmless Metadata
https://cis-india.org/internet-governance/blog/fin-fisher-in-india-and-myth-of-harmless-metadata
<b>In this article, Maria Xynou argues that metadata is anything but harmless, especially since FinFisher — one of the world's most controversial types of spyware — uses metadata to target individuals. </b>
<p align="JUSTIFY">In light of PRISM, the Central Monitoring System (CMS) and other such surveillance projects in India and around the world, the question of whether the collection of metadata is “harmless” has arisen.<a href="#fn1" name="fr1">[1]</a> In order to examine this question, FinFisher<a href="#fn2" name="fr2">[2]</a> — surveillance spyware — has been chosen as a case study to briefly examine to what extent the collection and surveillance of metadata can potentially violate the right to privacy and other human rights. FinFisher has been selected as a case study not only because its servers have been recently found in India<a href="#fn3" name="fr3">[3]</a> but also because its “remote monitoring solutions” appear to be very pervasive even on the mere grounds of metadata.</p>
<h2 align="JUSTIFY">FinFisher in India</h2>
<p style="text-align: justify; ">FinFisher is spyware which has the ability to take control of target computers and capture even encrypted data and communications. The software is designed to evade detection by anti-virus software and has versions which work on mobile phones of all major brands.<a href="#fn4" name="fr4">[4]</a> In many cases, the surveillance suite is installed after the target accepts installation of a fake update to commonly used software.<a href="#fn5" name="fr5">[5]</a> Citizen Lab researchers have found three samples of FinSpy that masquerades as Firefox.<a href="#fn6" name="fr6">[6]</a></p>
<p style="text-align: justify; ">FinFisher is a line of remote intrusion and surveillance software developed by Munich-based Gamma International. FinFisher products are sold exclusively to law enforcement and intelligence agencies by the UK-based Gamma Group.<a href="#fn7" name="fr7">[7]</a> A few months ago, it was reported that command and control servers for FinSpy backdoors, part of Gamma International´s FinFisher “remote monitoring solutions”, were found in a total of 25 countries, including India.<a href="#fn8" name="fr8">[8]</a></p>
<p align="JUSTIFY">The following map, published by the Citizen Lab, shows the 25 countries in which FinFisher servers have been found.<a href="#fn9" name="fr9">[9]</a></p>
<table class="plain">
<tbody>
<tr>
<th>
<p style="text-align: center; "><img src="https://cis-india.org/home-images/Map.png" alt="Map" class="image-inline" title="Map" /></p>
</th>
</tr>
<tr>
<td><i>The above map shows the results of scanning for characteristics of FinFisher command and control servers</i>.</td>
</tr>
</tbody>
</table>
<p align="JUSTIFY">FinFisher spyware was not found in the countries coloured blue, while the colour green is used for countries not responding. The countries using FinFisher range from shades of orange to shades of red, with the lightest shade of orange ranging to the darkest shade of red on a scale of 1-6, and with 1 representing the least active servers and 6 representing the most active servers in regards to the use of FinFisher. On a scale of 1-6, India is marked a 3 in terms of actively using FinFisher.<a href="#fn10" name="fr10">[10]</a></p>
<p align="JUSTIFY">Research published by the Citizen Lab reveals that FinSpy servers were recently found in India, which indicates that Indian law enforcement agencies may have bought this spyware from Gamma Group and might be using it to target individuals in India.<a href="#fn11" name="fr11">[11] </a>According to the Citizen Lab, FinSpy servers in India have been detected through the HostGator operator and the first digits of the IP address are: 119.18.xxx.xxx. Releasing complete IP addresses in the past has not proven useful, as the servers are quickly shut down and relocated, which is why only the first two octets of the IP address are revealed.<a href="#fn12" name="fr12">[12]</a></p>
<p align="JUSTIFY">The Citizen Lab's research reveals that FinFisher “remote monitoring solutions” were found in India, which, according to Gamma Group's brochures, include the following:</p>
<ul>
<li style="text-align: justify; "><b>FinSpy: </b>hardware or software which monitors targets that regularly change location, use encrypted and anonymous communications channels and reside in foreign countries. FinSpy can remotely monitor computers and encrypted communications, regardless of where in the world the target is based. FinSpy is capable of bypassing 40 regularly tested antivirus systems, of monitoring the calls, chats, file transfers, videos and contact lists on Skype, of conducting live surveillance through a webcam and microphone, of silently extracting files from a hard disk, and of conducting a live remote forensics on target systems. FinSpy is hidden from the public through anonymous proxies.<a href="#fn13" name="fr13">[13]</a></li>
</ul>
<ul>
<li style="text-align: justify; "><b>FinSpy Mobile:</b> hardware or software which remotely monitors mobile phones. FinSpy Mobile enables the interception of mobile communications in areas without a network, and offers access to encrypted communications, as well as to data stored on the devices that is not transmitted. Some key features of FinSpy Mobile include the recording of common communications like voice calls, SMS/MMS and emails, the live surveillance through silent calls, the download of files, the country tracing of targets and the full recording of all BlackBerry Messenger communications. FinSpy Mobile is hidden from the public through anonymous proxies.<a href="#fn14" name="fr14">[14]</a></li>
</ul>
<ul>
<li style="text-align: justify; "><b>FinFly USB: </b>hardware which is inserted into a computer and which can automatically install the configured software with little or no user-interaction and does not require IT-trained agents when being used in operations. The FinFly USB can be used against multiple systems before being returned to the headquarters and its functionality can be concealed by placing regular files like music, video and office documents on the device. As the hardware is a common, non-suspicious USB device, it can also be used to infect a target system even if it is switched off.<a href="#fn15" name="fr15">[15]</a></li>
</ul>
<ul>
<li style="text-align: justify; "><b>FinFly LAN: </b>software which can deploy a remote monitoring solution on a target system in a local area network (LAN). Some of the major challenges law enforcement faces are mobile targets, as well as targets who do not open any infected files that have been sent via email to their accounts. FinFly LAN is not only able to deploy a remote monitoring solution on a target´s system in local area networks, but it is also able to infect files that are downloaded by the target, by sending fake software updates for popular software or to infect the target by injecting the payload into visited websites. Some key features of the FinFly LAN include: discovering all computer systems connected to LANs, working in both wired and wireless networks, and remotely installing monitoring solutions through websites visited by the target. FinFly LAN has been used in public hotspots, such as coffee shops, and in the hotels of targets.<a href="#fn16" name="fr16">[16]</a></li>
</ul>
<ul>
<li style="text-align: justify; "><b>FinFly Web:</b> software which can deploy remote monitoring solutions on a target system through websites. FinFly Web is designed to provide remote and covert infection of a target system by using a wide range of web-based attacks. FinFly Web provides a point-and-click interface, enabling the agent to easily create a custom infection code according to selected modules. It provides fully-customizable web modules, it can be covertly installed into every website and it can install the remote monitoring system even if only the email address is known.<a href="#fn17" name="fr17">[17]</a></li>
</ul>
<ul>
<li style="text-align: justify; "><b>FinFly ISP:</b> hardware or software which deploys a remote monitoring solution on a target system through an ISP network. FinFly ISP can be installed inside the Internet Service Provider Network, it can handle all common protocols and it can select targets based on their IP address or Radius Logon Name. Furthermore, it can hide remote monitoring solutions in downloads by targets, it can inject remote monitoring solutions as software updates and it can remotely install monitoring solutions through websites visited by the target.<a href="#fn18" name="fr18">[18]</a></li>
</ul>
<p align="JUSTIFY">Although FinFisher is supposed to be used for “lawful interception”, it has gained notoriety for targeting human rights activists.<a href="#fn19" name="fr19">[19]</a> <span>According to </span>Morgan Marquis-Boire, a security researcher and technical advisor at the Munk School and a security engineer at Google, FinSpy has been used in Ethiopia to target an opposition group called Ginbot.<a href="#fn20" name="fr20">[20]</a> Researchers have argued that FinFisher has been sold to Bahrain's government to target activists, and such allegations were based on an examination of malicious software which was emailed to Bahraini activists.<a href="#fn21" name="fr21">[21]</a> Privacy International has argued that FinFisher has been deployed in Turkmenistan, possibly to target activists and political dissidents.<a href="#fn22" name="fr22">[22]</a></p>
<p align="JUSTIFY">Many questions revolving around the use of FinFisher and its “remote monitoring solutions” remain vague, as there is currently inadquate proof of whether this spyware is being used to target individuals by law enforcement agencies in the countries where command and control servers have been found, such as India.<a href="#fn23" name="fr23">[23]</a> However, FinFisher's brochures which were circulated in the ISS world trade shows and leaked by WikiLeaks do reveal some confirmed facts: Gamma International claims that its FinFisher products are capable of taking control of target computers, of capturing encrypted data and of evading mainstream anti-virus software.<a href="#fn24" name="fr24">[24]</a> Such products are exhibited in the world's largest surveillance trade show and probably sold to law enforcement agencies around the world.<a href="#fn25" name="fr25">[25] </a>This alone unveils a concerning fact: spyware which is so sofisticated that it even evades encryption and anti-virus software is currently in the market and law enforcement agencies can potentially use it to target activists and anyone who does not comply with social conventions.<a href="#fn26" name="fr26">[26] </a>A few months ago, two Indian women were arrested after having questioned the shutdown of Mumbai for Shiv Sena patriarch Bal Thackeray's funeral.<a href="#fn27" name="fr27">[27] </a>Thus, it remains unclear what type of behaviour is targeted by law enforcement agencies and whether spyware, such as FinFisher, would be used in India to track individuals without a legally specified purpose.</p>
<p align="JUSTIFY">Furthermore, India lacks privacy legislation which could safeguard individuals from potential abuse, while sections 66A and 69 of the Information Technology (Amendment) Act, 2008, empower Indian authorities with extensive surveillance capabilites.<a href="#fn28" name="fr28">[28] </a>While it remains unclear if Indian law enforcement agencies are using FinFisher spy products to unlawfully target individuals, it is a fact that FinFisher control and command servers have been found in India and that, if used, they could potentially have severe consequences on individuals' right to privacy and other human rights.<a href="#fn29" name="fr29">[29]</a></p>
<h2 align="JUSTIFY">The Myth of Harmless Metadata</h2>
<p align="JUSTIFY">Over the last months, it has been reported that the Central Monitoring System (CMS) is being implemented in India, through which all telecommunications and Internet communications in the country are being centrally intercepted by Indian authorities. This mass surveillance of communications in India is enabled by the omission of privacy legislation and Indian authorities are currently capturing the metadata of communications.<a href="#fn30" name="fr30">[30]</a></p>
<p align="JUSTIFY">Last month, Edward Snowden leaked confidential U.S documents on PRISM, the top-secret National Security Agency (NSA) surveillance programme that collects metadata through telecommunications and Intenet communications. It has been reported that through PRISM, the NSA has tapped into the servers of nine leading Internet companies: Microsoft, Google, Yahoo, Skype, Facebook, YouTube, PalTalk, AOL and Apple.<a href="#fn31" name="fr31">[31]</a> While the extent to which the NSA is actually tapping into these servers remains unclear, it is certain that the NSA has collected metadata on a global level.<a href="#fn32" name="fr32">[32]</a> Yet, the question of whether the collection of metadata is “harmful” remains ambiguous.</p>
<p align="JUSTIFY">According to the National Information Standards Organization (NISO), the term “metadata” is defined as “structured information that describes, explains, locates or otherwise makes it easier to retrieve, use or manage an information resource”. NISO claims that metadata is “data about data” or “information about information”.<a href="#fn33" name="fr33">[33]</a> Furthermore, metadata is considered valuable due to its following functions:</p>
<ul>
<li>Resource discovery</li>
<li>Organizing electronic resources</li>
<li>Interoperability</li>
<li>Digital Identification</li>
<li>Archiving and preservation</li>
</ul>
<p align="JUSTIFY">Metadata can be used to find resources by relevant criteria, to identify resources, to bring similar resources together, to distinguish dissimilar resources and to give location information. Electronic resources can be organized through the use of various software tools which can automatically extract and reformat information for Web applications. Interoperability is promoted through metadata, as describing a resource with metadata allows it to be understood by both humans and machines, which means that data can automatically be processed more effectively. Digital identification is enabled through metadata, as most metadata schemes include standard numbers for unique identification. Moreover, metadata enables the archival and preservation of large volumes of digital data.<a href="#fn34" name="fr34">[34]</a></p>
<p align="JUSTIFY">Surveillance projects, such as PRISM and India's CMS, collect large volumes of metadata, which include the numbers of both parties on a call, location data, call duration, unique identifiers, the International Mobile Subscriber Identity (IMSI) number, email addresses, IP addresses and browsed webpages.<a href="#fn35" name="fr35">[35]</a> However, the fact that such surveillance projects may not have access to content data might potentially create a false sense of security.<a href="#fn36" name="fr36">[36]</a> When Microsoft released its report on data requests by law enforcement agencies around the world in March 2013, it revealed that most of the disclosed data was metadata, while relatively very little content data was allegedly disclosed.<a href="#fn37" name="fr37">[37]</a></p>
<p align="JUSTIFY">imilarily, Google's transparency report reveals that the company disclosed large volumes of metadata to law enforcement agencies, while restricting its disclosure of content data.<a href="#fn38" name="fr38">[38]</a></p>
<p align="JUSTIFY">Such reports may potentially provide a sense of security to the public, as they reassure that the content of personal emails, for example, has not been shared with the government, but merely email addresses – which might be publicly available online anyway. However, is content data actually more “harmful” than metadata? Is metadata “harmless”? How much data does metadata actually reveal?</p>
<p align="JUSTIFY">The Guardian recently published an article which includes an example of how individuals can be tracked through their metadata. In particular, the example explains how an individual is tracked – despite using an anonymous email account – by logging in from various hotels' public Wi-Fi and by leaving trails of metadata that include times and locations. This example illustrates how an individual can be tracked through metadata alone, even when anonymous accounts are being used.<a href="#fn39" name="fr39">[39]</a></p>
<p align="JUSTIFY">Wired published an article which states that metadata can potentially be more harmful than content data because “unlike our words, metadata doesn't lie”. In particular, content data shows what an individual says – which may be true or false – whereas metadata includes what an individual does. While the validity of the content within an email may potentially be debateable, it is undeniable that an individual logged into specific websites – if that is what that individuals' IP address shows. Metadata, such as the browsing habits of an individual, may potentially provide a more thorough and accurate profile of an individual than that individuals' email content, which is why metadata can potentially be more harmful than content data.<a href="#fn40" name="fr40">[40]</a></p>
<p align="JUSTIFY">Furthermore, voice content is hard to process and written content in an email or chat communication may not always be valid. Metadata, on the other hand, provides concrete patterns of an individuals' behaviour, interests and interactions. For example, metadata can potentially map out an individuals' political affiliation, interests, economic background, institution, location, habits and the people that individual interacts with. Such data can potentially be more valuable than content data, because while the validity of email content is debateable, metadata usually provides undeniable facts. Not only is metadata more accurate than content data, but it is also ideally suited to automated analysis by a computer. As most metadata includes numeric figures, it can easily be analysed by data mining software, whereas content data is more complicated.<a href="#fn41" name="fr41">[41]</a></p>
<p align="JUSTIFY">FinFisher products, such as FinFly LAN, FinFly Web and FinFly ISP, provide solid proof that the collection of metadata can potentially be “harmful”. In particular, FinFly LAN can be deployed in a target system in a local area network (LAN) by infecting files that are downloaded by the target, by sending fake software updates for popular software or by infecting the payload into visited websites. The fact that FinFly LAN can remotely install monitoring solutions through websites visited by the target indicates that metadata alone can be used to acquire other sensitive data.<a href="#fn42" name="fr42">[42]</a></p>
<p align="JUSTIFY">FinFly Web can deploy remote monitoring solutions on a target system through websites. Additionally, FinFly Web can be covertly installed into every website and it can install the remote monitoring system even if only the email address is known.<a href="#fn43" name="fr43">[43]</a> FinFly ISP can select targets based on their IP address or Radius Logon Name. Furthermore, FinFly ISP can remotely install monitoring solutions through websites visited by the target, as well as inject remote monitoring solutions as software updates.<a href="#fn44" name="fr44">[44]</a> In other words, FinFisher products, such as FinFly LAN, FinFly Web and FinFly ISP, can target individuals, take control of their computers and their data, and capture even encrypted data and communications with the help of metadata alone.</p>
<p align="JUSTIFY">The example of FinFisher products illustrates that metadata can potentially be as “harmful” as content data, if acquired unlawfully and without individual consent.<a href="#fn45" name="fr45">[45]</a> Thus, surveillance schemes, such as PRISM and India's CMS, which capture metadata without individuals' consent can potentially pose a major threat to the right to privacy and other human rights.<a href="#fn46" name="fr46">[46]</a> Privacy can be defined as the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others.<a href="#fn47" name="fr47">[47]</a> Furthermore, privacy is at the core of human rights because it protects individuals from abuse by those in power.<a href="#fn48" name="fr48">[48]</a> The unlawful collection of metadata exposes individuals to the potential violation of their human rights, as it is not transparent who has access to their data, whether it is being shared with third parties or for how long it is being retained.</p>
<p align="JUSTIFY">It is not clear if Indian law enforcement agencies are actually using FinFisher products, but the Citizen Lab did find FinFisher command and control servers in the country which indicates that there is a high probability that such spyware is being used.<a href="#fn49" name="fr49">[49] </a>This probability is highly concerning not only because the specific spy products have such advanced capabilities that they are even capable of capturing encrypted data, but also because India currently lacks privacy legislation which could safeguard individuals.</p>
<p align="JUSTIFY">Thus, it is recommended that Indian law enforcement agencies are transparent and accountable if they are using spyware which can potentially breach their citizens' human rights and that privacy legislation is enacted into law. Lastly, it is recommended that all surveillance technologies are strictly regulated with regards to the protection of human rights and that Indian authorities adopt the principles on communication surveillance formulated by the Electronic Frontier Foundation and Privacy International.<a href="#fn50" name="fr50">[50]</a> The above could provide a decisive first step in ensuring that India is the democracy it claims to be.</p>
<hr />
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr1" name="fn1">1</a>]. Robert Anderson (2013), <i>“Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, </i><span>The CSIA Foundation, </span><a class="external-link" href="http://bit.ly/1cIhu7G">http://bit.ly/1cIhu7G</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr2" name="fn2">2</a>]. Gamma Group, FinFisher IT Intrusion, <a class="external-link" href="http://bit.ly/fnkGF3">http://bit.ly/fnkGF3</a><a href="http://www.finfisher.com/FinFisher/en/index.php"></a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr3" name="fn3">3</a>]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, <i>“You Only Click Twice: FinFisher's Global Proliferation”, </i><span>The Citizen Lab, 13 March 2013, </span><a class="external-link" href="http://bit.ly/YmeB7I">http://bit.ly/YmeB7I</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr4" name="fn4">4</a>]. Michael Lewis, <i>“FinFisher Surveillance Spyware Spreads to Smartphones”, </i><span>The Star: Business, 30 August 2012, </span><a class="external-link" href="http://bit.ly/14sF2IQ">http://bit.ly/14sF2IQ</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr5" name="fn5">5</a>]. Marcel Rosenbach, <i>“Troublesome Trojans: Firm Sought to Install Spyware Via Faked iTunes Updates”, </i><span>Der Spiegel, 22 November 2011, </span><a class="external-link" href="http://bit.ly/14sETVV">http://bit.ly/14sETVV</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr6" name="fn6">6</a>]. Intercept Review, <i>Mozilla to Gamma: stop disguising your FinSpy as Firefox, </i><span>02 May 2013, </span><a class="external-link" href="http://bit.ly/131aakT">http://bit.ly/131aakT</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr7" name="fn7">7</a>]. Intercept Review, <i>LI Companies Review (3) – Gamma, </i><span>05 April 2012, </span><a class="external-link" href="http://bit.ly/Hof9CL">http://bit.ly/Hof9CL</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr8" name="fn8">8</a>]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, <i>For Their Eyes Only: The Commercialization of Digital Spying, </i><span>Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, </span><a class="external-link" href="http://bit.ly/ZVVnrb">http://bit.ly/ZVVnrb</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr9" name="fn9">9</a>]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, <i>“You Only Click Twice: FinFisher's Global Proliferation”, </i><span>The Citizen Lab, 13 March 2013, </span><a class="external-link" href="http://bit.ly/YmeB7I">http://bit.ly/YmeB7I</a></p>
<p style="text-align: justify; ">[<a href="#fr10" name="fn10">10</a>]. Ibid.</p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr11" name="fn11">11</a>]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, <i>For Their Eyes Only: The Commercialization of Digital Spying, </i><span>Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, </span><a class="external-link" href="http://bit.ly/ZVVnrb">http://bit.ly/ZVVnrb</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr12" name="fn12">12</a>]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, <i>“You Only Click Twice: FinFisher's Global Proliferation”, </i><span>The Citizen Lab, 13 March 2013, </span><a class="external-link" href="http://bit.ly/YmeB7I">http://bit.ly/YmeB7I</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr13" name="fn13">13</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinSpy: Remote Monitoring & Infection Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/zaknq5">http://bit.ly/zaknq5</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr14" name="fn14">14</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinSpy Mobile: Remote Monitoring & Infection Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/19pPObx">http://bit.ly/19pPObx</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr15" name="fn15">15</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinFly USB: Remote Monitoring & Infection Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/1cJSu4h">http://bit.ly/1cJSu4h</a><i> </i></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr16" name="fn16">16</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinFly LAN: Remote Monitoring & Infection Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/14J70Hi">http://bit.ly/14J70Hi</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr17" name="fn17">17</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinFly Web: Remote Monitoring & Intrusion Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/19fn9m0">http://bit.ly/19fn9m0</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr18" name="fn18">18</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinFly ISP: Remote Monitoring & Intrusion Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/13gMblF">http://bit.ly/13gMblF</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr19" name="fn19">19</a>]. Gerry Smith, <i>“FinSpy Software Used To Surveil Activists Around The World, Reports Says”, </i><span>The Huffington Post, 13 March 2013, </span><a class="external-link" href="http://huff.to/YmmhXI">http://huff.to/YmmhXI</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr20" name="fn20">20</a>]. Jeremy Kirk, <i>“FinFisher Spyware seen Targeting Victims in Vietnam, Ethiopia”, </i><span>Computerworld: IDG News, 14 March 2013, </span><a class="external-link" href="http://bit.ly/14J8BwW">http://bit.ly/14J8BwW</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr21" name="fn21">21</a>]. Reporters without Borders: For Freedom of Information (2012), <i>The Enemies of the Internet: Special Edition: Surveillance, </i><a class="external-link" href="http://bit.ly/10FoTnq">http://bit.ly/10FoTnq</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr22" name="fn22">22</a>]. Privacy International, <i>FinFisher Report, </i><a class="external-link" href="http://bit.ly/QlxYL0">http://bit.ly/QlxYL0</a><span><a href="https://www.privacyinternational.org/finfisherreport"></a> </span></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr23" name="fn23">23</a>]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, <i>“You Only Click Twice: FinFisher's Global Proliferation”, </i><span>The Citizen Lab, 13 March 2013,<a class="external-link" href="http://bit.ly/YmeB7I"> </a></span><a class="external-link" href="http://bit.ly/YmeB7I">http://bit.ly/YmeB7I</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr24" name="fn24">24</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinSpy: Remote Monitoring & Infection Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/zaknq5">http://bit.ly/zaknq5</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr25" name="fn25">25</a>]. Adi Robertson, <i>“Paranoia Thrives at the ISS World Cybersurveillance Trade Show”, </i><span>The Verge, 28 December 2011, </span><a class="external-link" href="http://bit.ly/tZvFhw">http://bit.ly/tZvFhw</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr26" name="fn26">26</a>]. Gerry Smith, <i>“FinSpy Software Used To Surveil Activists Around The World, Reports Says”, </i><span>The Huffington Post, 13 March 2013, </span><a class="external-link" href="http://huff.to/YmmhXI">http://huff.to/YmmhXI</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr27" name="fn27">27</a>]. BBC News, <i>“India arrests over Facebook post criticising Mumbai shutdown”, </i><span>19 November 2012, </span><a class="external-link" href="http://bbc.in/WoSXkA">http://bbc.in/WoSXkA</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr28" name="fn28">28</a>]. Indian Ministry of Law, Justice and Company Affairs, <i>The Information Technology (Amendment) Act, 2008, </i><a class="external-link" href="http://bit.ly/19pOO7t">http://bit.ly/19pOO7t</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr29" name="fn29">29</a>]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, <i>For Their Eyes Only: The Commercialization of Digital Spying, </i><span>Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, </span><a class="external-link" href="http://bit.ly/ZVVnrb">http://bit.ly/ZVVnrb</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr30" name="fn30">30</a>]. Phil Muncaster, <i>“India introduces Central Monitoring System”, </i><span>The Register, 08 May 2013,<a class="external-link" href="http://bit.ly/ZOvxpP"> </a></span><a class="external-link" href="http://bit.ly/ZOvxpP">http://bit.ly/ZOvxpP</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr31" name="fn31">31</a>]. Glenn Greenwald & Ewen MacAskill, <i>“NSA PRISM program taps in to user data of Apple, Google and others”, </i><span>The Guardian, 07 June 2013, </span><a class="external-link" href="http://bit.ly/1baaUGj">http://bit.ly/1baaUGj</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr32" name="fn32">32</a>]. BBC News, <i>“Google, Facebook and Microsoft seek data request transparency”, </i><span>12 June 2013, </span><a class="external-link" href="http://bbc.in/14UZCCm">http://bbc.in/14UZCCm</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr33" name="fn33">33</a>]. National Information Standards Organization (2004), <i>Understanding Metadata, </i><span>NISO Press, </span><a class="external-link" href="http://bit.ly/LCSbZ">http://bit.ly/LCSbZ</a></p>
<p style="text-align: justify; ">[<a href="#fr34" name="fn34">34</a>]. Ibid.</p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr35" name="fn35">35</a>]. The Hindu, <i>“In the dark about 'India's PRISM'”, </i><span>16 June 2013, </span><a class="external-link" href="http://bit.ly/1bJCXg3">http://bit.ly/1bJCXg3</a><span><a href="http://www.thehindu.com/sci-tech/technology/in-the-dark-about-indias-prism/article4817903.ece"></a> ; Glenn Greenwald, </span><i>“NSA collecting phone records of millions of Verizon customers daily”, </i><span>The Guardian, 06 June 2013, </span><a class="external-link" href="http://bit.ly/16L89yo">http://bit.ly/16L89yo</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr36" name="fn36">36</a>]. Robert Anderson, <i>“Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, </i><span>The CSIA Foundation, 01 July 2013, </span><a class="external-link" href="http://bit.ly/1cIhu7G">http://bit.ly/1cIhu7G</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr37" name="fn37">37</a>]. Microsoft: Corporate Citizenship, <i>2012 Law Enforcement Requests Report,</i><a class="external-link" href="http://bit.ly/Xs2y6D">http://bit.ly/Xs2y6D</a><a href="http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/"><span></span></a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr38" name="fn38">38</a>]. Google, <i>Transparency Report</i><span>, </span><a class="external-link" href="http://bit.ly/14J7hKp">http://bit.ly/14J7hKp</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr39" name="fn39">39</a>]. Guardian US Interactive Team, <i>A Guardian Guide to your Metadata, </i><span>The Guardian, 12 June 2013, </span><a class="external-link" href="http://bit.ly/ZJLkpy">http://bit.ly/ZJLkpy</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr40" name="fn40">40</a>]. Matt Blaze, <i>“Phew, NSA is Just Collecting Metadata. (You Should Still Worry)”, </i><span>Wired, 19 June 2013, </span><a class="external-link" href="http://bit.ly/1bVyTJF">http://bit.ly/1bVyTJF</a></p>
<p style="text-align: justify; ">[<a href="#fr41" name="fn41">41</a>]. Ibid.</p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr42" name="fn42">42</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinFly LAN: Remote Monitoring & Infection Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/14J70Hi">http://bit.ly/14J70Hi</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr43" name="fn43">43</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinFly Web: Remote Monitoring & Intrusion Solutions, </i><span>WikiLeaks: The Spy Files, </span><a class="external-link" href="http://bit.ly/19fn9m0">http://bit.ly/19fn9m0</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr44" name="fn44">44</a>]. Gamma Group, FinFisher IT Intrusion, <i>FinFly ISP: Remote Monitoring & Intrusion Solutions, </i><span>WikiLeaks: The Spy Files,<a class="external-link" href="http://bit.ly/13gMblF"> </a></span><a class="external-link" href="http://bit.ly/13gMblF">http://bit.ly/13gMblF</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr45" name="fn45">45</a>]. Robert Anderson, <i>“Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, </i><span>The CSIA Foundation, 01 July 2013, </span><a class="external-link" href="http://bit.ly/1cIhu7G">http://bit.ly/1cIhu7G</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr46" name="fn46">46</a>]. Shalini Singh, <i>“India's surveillance project may be as lethal as PRISM”, </i><span>The Hindu, 21 June 2013, </span><a class="external-link" href="http://bit.ly/15oa05N">http://bit.ly/15oa05N</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr47" name="fn47">47</a>]. Cyberspace Law and Policy Centre, <i>Privacy, </i><a class="external-link" href="http://bit.ly/14J5u7W">http://bit.ly/14J5u7W</a><span><a href="http://www.cyberlawcentre.org/genl0231/privacy.htm"></a> </span></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr48" name="fn48">48</a>]. Bruce Schneier, <i>“Privacy and Power”, </i><span>Schneier on Security, 11 March 2008, </span><a class="external-link" href="http://bit.ly/i2I6Ez">http://bit.ly/i2I6Ez</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr49" name="fn49">49</a>]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, <i>For Their Eyes Only: The Commercialization of Digital Spying, </i><span>Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, </span><a class="external-link" href="http://bit.ly/ZVVnrb">http://bit.ly/ZVVnrb</a></p>
<p class="sdfootnote" style="text-align: justify; ">[<a href="#fr50" name="fn50">50</a>]. Elonnai Hickok, <i>“Draft International Principles on Communications Surveillance and Human Rights”, </i><span>The Centre for Internet and Society, 16 January 2013, </span><a class="external-link" href="http://bit.ly/XCsk9b">http://bit.ly/XCsk9b</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/fin-fisher-in-india-and-myth-of-harmless-metadata'>https://cis-india.org/internet-governance/blog/fin-fisher-in-india-and-myth-of-harmless-metadata</a>
</p>
No publishermariaFeaturedInternet GovernancePrivacy2013-08-13T11:30:15ZBlog EntryHigh Level Comparison and Analysis of the Use and Regulation of DNA Based Technology Bill 2017
https://cis-india.org/internet-governance/blog/high-level-comparison-and-analysis-of-the-use-and-regulation-of-dna-based-technology-bill-2017
<b>This blog post seeks to provide a high level comparison of the 2017 and 2015 DNA Profiling Bill - calling out positive changes, remaining issues, and missing provisions. </b>
<p style="text-align: justify; ">In July 2017 the Law Commission published a report on DNA profiling and the <a href="http://lawcommissionofindia.nic.in/reports/Report271.pdf"><i>“Draft Use and Regulation of DNA Based Technology Bill 2017”</i></a>. India has been contemplating a draft DNA Profiling Bill since 2007. There have been two publicly available versions of the bill, <a href="https://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf">2012,</a> and <a href="http://www.prsindia.org/uploads/media/draft/Draft%20Human%20DNA%20Profiling%20Bill%202015.pdf">2015,</a> and one version in 2016. In 2013, the Department of Biotechnology formulated an <a href="https://cis-india.org/internet-governance/blog/expert-committee-meetings.zip/view">Expert Committee </a>to discuss different aspects and issues raised regarding the Bill towards finalizing the text. The Centre for Internet and Society was a member of the Expert Committee, and in its conclusion, issued a note of <a href="https://cis-india.org/internet-governance/blog/dna-dissent">dissent to the Expert Committee for DNA Profiling</a>.</p>
<p style="text-align: justify; ">This post provides a high level overview of the Use and Regulation of DNA Based Technology Bill 2017 and calls out positive changes from the 2015 Bill, remaining issues, and missing provisions. The post also calls out if, and where, CIS's recommendations to the Expert Committee have been incorporated.</p>
<p style="text-align: justify; ">If enacted, the 2017 Bill will establish national and regional DNA data banks that will maintain five different types of indices: a crime scene index, missing persons, offenders, suspects, and unknown deceased persons. The data banks will be led by a Director, responsible for communicating information with requesting entities, foreign states, and international organizations. Information relating to DNA profiles, DNA samples, and records maintained in a DNA laboratory can be made available in six instances: to law enforcement and investigating agencies, in judicial proceedings, for facilitating prosecution and adjudication of criminal cases, for taking defence of an accused, for investigation of civil disputes, and other cases which might be specified by regulations. Offences related to unauthorized disclosure of information in the DNA data bank, obtaining information from DNA data banks without authorization, unlawful access to information in the DNA Data Bank, using DNA sample or result without authorization, and destroying, altering, contaminating, or tampering with biological evidence.</p>
<p style="text-align: justify; ">Below are some key positive changes from the 2015 Bill, remaining issues, and missing safeguards from the 2017 Bill:</p>
<p style="text-align: justify; "><b>Positive Changes: </b>The Bill contains a number of positive changes from the 2015 draft. Key ones include: <b> </b></p>
<ol style="text-align: justify; ">
<li><b>Consent:</b> Section 21 prohibits the taking of samples from arrested persons without consent, except in the case of a specified offence - a specified offence being any offence punishable with death or imprisonment for a term exceeding seven years. If consent is refused, a magistrate can order the taking of the sample. This can be in the case of any matter listed in the Schedule of the Act. Section 22 provides for consent from volunteers. It is important to note that despite being an improvement from the 2015 Bill, which did not address instances of collection with our without consent, this provision is still broad as the list of offences under the Schedule is expansive and can be further expanded by the Central Government.<b> </b>Furthermore, the Magistrate can overrule a refusal of consent of the parent or guardian of a voluneet who is a minor, which does not provide adequate protection to childrens' rights.</li>
<li><b>Deletion</b>: Section 31 defines instances for deletion of suspect profiles, under trial profiles, and all other profiles. Though a step in the right direction, as the 2015 Bill only addressed retention and deletion of the offenders index, this provision does not address the automatic removal of innocents.</li>
<li><b>Purpose limitation</b>: Section 33 limits the purpose of profiles in the DNA Data Bank to that of facilitating identification. This is a positive step from the 2015 Bill - which enabled use of DNA profiles for the creation and maintenance of a population statistics data bank. Section 34 also limits the purposes for which information relating to DNA profiles, samples, and records can be made available.</li>
<li><b>Destruction of samples:</b> Section 20 defines instances for destruction of DNA samples. Destruction of samples was not address in the 2015 Bill, and is an important protection as it prevents samples from being re-analyzed.</li>
<li><b>Comparison of profiles</b>: Section 29 clarifies that if the individual is not an offender or a suspect, their information will not be compared with DNA profiles in the offenders’ or suspects index. This creates an important distinction between types of indices held in the data bank and the purpose for the same i.e missing persons are not treated as potential offenders. In the 2015 Bill, profiles entered in the offenders or crime scene index could be compared by the DNA Data Bank Manger against all profiles contained in the DNA Data Bank.</li>
<li><b>Re-testing</b>: Section 24 allows for an accused person to request for a re-examination of fresh bodily substances if it is believed the sample has been contaminated. The closest provision to this in the 2015 was the creation a post - conviction right for DNA profiling - which is now deleted. It is important to note that fresh samples can easily be obtained from individuals, but if contamination happens at a crime scene, it is much more difficult to obtain a fresh sample.</li>
<li><b>Limiting Indices and including a crime scene index</b>: The 2017 Bill limits the number of indices to five - a crime scene index, missing persons, offenders, suspects, and unknown deceased persons. This is an improvement from the 2015 Bill which provides for the maintenance of indices in the DNA Bank and includes a missing person’s index, an unknown deceased person’s index, a volunteers’ index, and such other DNA indices as may be specified by regulation. </li>
</ol>
<p style="text-align: justify; "><b>Remaining Issues: </b>There are some remaining issues in the 2017 Bill. Some of these include:</p>
<ol style="text-align: justify; ">
<li><b>Delegating and Expanding through Regulation:</b> The Bill delegates a number of procedures to regulation - many which should be in the text of the Bill. For example: the format for receiving and storing DNA profiles, and additional criteria for entry, retention, and deletion of DNA profiles. Furthermore, a number of provisions allow for expansion through regulation. For example, the sources from which DNA can be collected from to be expanded as specified by regulations. Further purposes for making DNA profiles available can be defined by regulation. Important procedures such as privacy and security safeguards are also left to regulation.</li>
<li><b>Broad Powers and Composition of the Board:</b> The Bill designates twenty one responsibilities to the Board. As pointed out in 1, many of these should be detailed in the text of the legislation. </li>
</ol>
<p style="text-align: justify; ">While serving on the Expert Committee,<a href="http://cis-india.org/internet-governance/blog/expert-committee-meetings.zip/view">CIS recommended</a> that the functions of the DNA Profiling Board should be limited to licensing, developing standards and norms, safeguarding privacy and other rights, ensuring public transparency, promoting information and debate and a few other limited functions necessary for a regulatory authority. This recommendation has not been incorporated.</p>
<p style="text-align: justify; ">Ideally, the Board should also include privacy experts, an expert in ethics, as well as civil society. Towards this, the Board should be comprised of separate Committees to address these different functions. There should be a Committee addressing regulatory issues pertaining to the functioning of Data Banks and Laboratories and an Ethics Committee to provide independent scrutiny of ethical issues.<b> </b></p>
<p style="text-align: justify; "><b>As a positive note, the reduction of the size of the Board was agreed upon by </b><a href="http://cis-india.org/internet-governance/blog/expert-committee-meetings.zip/view"><b>the Expert Committee from 16 members (2012 Bill) to 11 member</b></a><b>s. This reccomendation has been incorporated. </b></p>
<p style="text-align: justify; ">CIS also provided <a href="http://cis-india.org/internet-governance/blog/dna-dissent">language regarding</a> how the Board could consult with the public:<i>The Board, in carrying out its functions and activities, shall be required to consult with all persons and groups of persons whose rights and related interests may be affected or impacted by any DNA collection, storage, or profiling activity. The Board shall, while considering any matter under its purview, co-opt or include any person, group of persons, or organisation, in its meetings and activities if it is satisfied that that person, group of persons, or organisation, has a substantial interest in the matter and that it is necessary in the public interest to allow such participation. The Board shall, while consulting or co-opting persons, ensure that meetings, workshops, and events are conducted at different places in India to ensure equal regional participation and activities.</i> This language has not been fully incorporated<i> </i></p>
<ol style="text-align: justify; ">
<li><b>Lack of Authorization Procedure:</b> Though the Bill defines instances of when DNA information can be made available, it fails to establish or refer to an authorization process for making information available and the decision currently seems to rest with the DNA Bank Director.</li>
<li><b>Expansive Schedule:</b> The Bill creates a schedule containing a list of matters for DNA testing which includes whole acts and a range of civil disputes and matters that are broad and do not relate to criminal cases - most notably “issues relating to immigration or emigration and issues relating to establishment of individual identity.”</li>
<li><b>Unclear Data Stored:</b> Though the Bill clarifies the circumstance that the identity of the individual will be associated with a profile, it allows for ‘information of data based on DNA testing and records relating thereto” to be stored, yet it is unclear what information this would entail.</li>
<li><b>Lack of procedures for chain of custody:</b> Presently, the Bill defines quality assurance procedures for a sample that is already at the lab. There are no provisions defining a process for the examination of a crime scene and laying down standards for the chain of custody of a sample from the crime scene to a DNA laboratory. </li>
</ol>
<p style="text-align: justify; "><b>Missing Safeguards: </b></p>
<p style="text-align: justify; ">There are some safeguards that, if added, would strengthen the Bill and ensure rights to the individual:</p>
<ol style="text-align: justify; ">
<li><b>Notification to the individual:</b> There are no provisions that ensure that notification is given to an individual if his/her information is accessed or made available.</li>
<li><b>Right to challenge</b>: There are no provisions that give the individual the right to challenge the storage of their DNA.</li>
<li><b>Established profiling standard</b>: Though the Law Commission report refers to the 13 CODIS standard, the Bill does not mandate the use of the 13 CODIS profiling standard.</li>
<li><b>Reporting standard</b>: There are no standards for how matches or other information should be communicated from the DNA director to the authority or receiving entity including instances of partial matches.</li>
<li><b>Right to access and review:</b> There are no provisions that allow an individual to review his/her information contained in the regional or the national database.</li>
<li><b>Lack of costing:</b> There is no cost estimate in the report or a requirement for one to be carried out.</li>
<li><b>Study for the potential for false matches:</b> This must consider the size of the population and large family size, i.e. relatively large numbers of closely related people and is particularly necessary given the the size over population as large as India's. </li>
</ol>
<p style="text-align: justify; "><b>Importantly</b>, in the DNA Expert Committee, CIS requested the Expert Committee that the Bill be brought in line with the nine national principles defined in the Report of Experts on Privacy led by Justice AP Shah. These include the principles of notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, openness, and accountability. These principles have not been fully incorporated.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/high-level-comparison-and-analysis-of-the-use-and-regulation-of-dna-based-technology-bill-2017'>https://cis-india.org/internet-governance/blog/high-level-comparison-and-analysis-of-the-use-and-regulation-of-dna-based-technology-bill-2017</a>
</p>
No publisherelonnaiFeaturedHomepageInternet GovernancePrivacy2017-08-11T02:16:52ZBlog EntryEnabling Elections
https://cis-india.org/accessibility/blog/enabling-elections
<b>For making the 2014 General Elections in India participatory and accessible for voters with disabilities the Centre for Law and Policy Research and the Centre for Internet and Society have come up with a report. The report addresses the barriers that people with disabilities face during elections and recommends solutions for the same.</b>
<h2 style="text-align: justify; ">Executive Summary</h2>
<p>The report examines three main areas:</p>
<ol>
<li>The barriers that people with disabilities face at the time of elections.</li>
<li>The legal framework around this issue.</li>
<li>The measures which need to be taken to eliminate the barriers in the pre-voting phase, during voting phase and also post-voting phase, so as to enhance the participation of voters with disabilities.</li>
</ol>
<p style="text-align: justify; ">Access to the public sphere and full political participation is a matter of right for persons with disabilities and the state is constitutionally mandated to enforce this right. The rights of voters with disabilities are examined under the constitutional provisions, the Representation of People’s Act 1951, the relevant directions of the Supreme Court and the international conventions. This report also considers international best practices while making recommendations, to the extent that they are suitable and practical in the Indian context.</p>
<p style="text-align: justify; ">This report looks at Electoral Participation in two dimensions:</p>
<ul>
<li>“Pre-electoral Participation” and</li>
<li>“Actual Electoral Participation”</li>
</ul>
<p>The report then goes on to make recommendations for enhancing accessibility in both these categories.</p>
<p>On Pre-electoral Participation, the report inter alia recommends the following:</p>
<ul>
<li style="text-align: justify; ">Opportunities for people with disabilities to participate in public consultations.</li>
<li style="text-align: justify; ">Immediate outreach programs for higher voter registrations.</li>
<li style="text-align: justify; ">Making election material and candidate guides available in different formats such as large print, Braille and audio formats upon request so that voters can have full knowledge of the candidate they want to vote for.</li>
<li style="text-align: justify; ">Providing information for voters about locations which have special access, wheelchair facilities, technological assistance for visually impaired, etc.</li>
</ul>
<p>On Actual Electoral Participation, we inter alia recommend the following:</p>
<ul>
<li>Accessible polling sites.</li>
<li>Training election staff to be sensitive to diverse needs of voters.</li>
<li>Enabling privacy and independent voting by persons with disabilities.</li>
<li>Arranging for mobile polling booths.</li>
<li>Making EVM’s compatible and accessible such as by providing for Braille, large print.</li>
<li>Tactile buttons, 'sip and puff' and audio devices.</li>
</ul>
<p style="text-align: justify; ">The report also recommends the need to monitor participation of voters with disabilities in the forthcoming elections.There is a need to collect data, surveys and studies in the pre-election, election and post-election phases.</p>
<hr />
<p><a href="https://cis-india.org/accessibility/blog/enabling-elections.pdf" class="internal-link">Click here</a> to download and read the full report (PDF, 4.5 MB)</p>
<p>
For more details visit <a href='https://cis-india.org/accessibility/blog/enabling-elections'>https://cis-india.org/accessibility/blog/enabling-elections</a>
</p>
No publishernirmitaFeaturedHomepageAccessibility2014-05-10T00:12:00ZBlog EntryComments on the DoT Panel Report via MyGov
https://cis-india.org/telecom/blog/comments-on-dot-panel-report-via-mygov
<b>On behalf of the Centre for Internet and Society, I must commend the Department of Telecom Panel on its report. Overall, it displays a far better understanding of the underlying issues than the TRAI consultation paper did, and is overall a good effort at balancing the different sides. However, some of its most important recommendations are completely off-mark and would be disastrous if accepted by the government.</b>
<p style="text-align: justify; ">It is praiseworthy that the panel emphasizes the separation in regulatory terms between the network layer and the service layer. This also means that telecom carriers should be regulated differently from OTT services.</p>
<h3>Licensing of Communication OTT Services</h3>
<p style="text-align: justify; ">The proposal by the DoT panel of a licensing regime for communication OTT services is a terrible idea. It would presumptively hold all licence non-holders to be unlawful, and that should not be the case; as the panel itself notes, apps that lower the cost of communication are a welcome development and should be encouraged by the government and not made presumptively unlawful.<br /><br />While it is in India's national interest to want to hold VoIP services to account if they do not follow legitimate regulations, it is far better to do this through ex-post regulations rather than an ex-ante licensing scheme. <br /><br />A licensing scheme would benefit Indian VoIP companies (including services like Hike, which Airtel has invested in) over foreign companies like Viber, or free/open source technologies like WebRTC. The Universal Licence is designed for a world where all the licencees have an operational presence in India. This is not true of communications OTT services. Therefore a licensing regime would unjustly favour some services over others.<br /><br />Further, VoIP services need not be provided by a company: a person can choose to run XMPP, SIP, or Mumble — all of which are protocol that support VoIP — on their own computers. Will a licensing regime force such individuals' many of whom may not be Indian nationals — to become licence-holders if they facilitate domestic communications within India? The DoT panel report doesn't say. This would also result in a licensing regime unjustly favouring some services over others.<br /><br />The report also doesn't say how one would distinguish between OTT communication services and OTT application services, when many apps such as personal assistance apps like HelpChat, are centred around communications. It also does not mention what regulatory distinction exists between text communication services and video/voice communication services, or between purely domestic and international video/voice communications. Stating that certain telecom companies are currently earning most of their revenue from domestic voice traffic will not suffice as a regulatory, just as it did not suffice to say that VSNL's international telephony monopoly earned it a lot of money. Regulatory fairness is the important issue and not protecting specific business models. Thus, there is no rational distinction to be drawn. Even if the panel has some regulatory distinction that it has not stated, this is an impossibility to enforce. Much domestic IP traffic is 'round-tripped', with traffic leaving India and coming back in. How would the regulator propose to regulate that?<br /><br />Will there be a revenue-sharing mechanism, as is currently the case under the Unified Licence? If so, how will it be calculated in case of services like WhatsApp? These questions too find no answer in the report.<br /><br />Given these numerous objections and unanswered questions, the government would be well-advised not seek to license OTT communications services. Instead, it would be useful for the government to hold public consultations about:<br /><br /> 1. What Universal Licence conditions makes sense in the world of IP-based services, and international services?<br /> 2. How can we frame ex-post regulations that address legitimate concerns? Is there overlap with provisions of the IT Act such as s.69, s.69B, s.79, and others?<br /> 3. How can we ensure that the regulatory burden for telecom players with respect to their being able to provide IP-based services that are equivalent to OTT communication services?</p>
<h3>Net neutrality</h3>
<p style="text-align: justify; ">While the DoT panel reiterates a number of times that the core principles of Net neutrality should be adhered to, it nowhere defines what these core tenets are. We suggest the following definition:</p>
<ul>
<li style="text-align: justify; "> net neutrality is the principle that we should regulate gatekeepers to ensure they do not use their power to unjustly discriminate between similarly situated persons, content or traffic.</li>
</ul>
<p style="text-align: justify; ">The above definition applies to the way the ISPs treat consumers, treat interconnecting networks, as well as the way they treat traffic internally.<br />We agree with the panel that in that while Net neutrality should find place in a new law, for the time being Net neutrality principles can be enforced through the licence agreement between the DoT and telecom providers.</p>
<h3>Traffic Management</h3>
<p style="text-align: justify; ">It is unclear what precisely the DoT panel means by "application-agnostic" and "application-specific" network management. Different scholars on this issue — such as Barbara van Schewick and Christopher Yoo — mean different things when they use the word "application". Without a definition, it is difficult to say whether the panel's recommendation on that front are sound.<br />Instead, we suggest the following tests:<br />Discrimination between classes of traffic for the sake of network management should only be permissible if:</p>
<ul>
<li>there is an intelligible differentia between the classes which are to be treated differently, and</li>
<li>there is a rational nexus between the differential treatment and the aim of such differentiation, and </li>
<li style="text-align: justify; ">the aim sought to be furthered is legitimate, and is related to the security, stability, or efficient functioning of the network, or is a technical limitation outside the control of the ISP, and </li>
<li>the network management practice is the least harmful manner in which to achieve the aim.</li>
</ul>
<p style="text-align: justify; ">As for the provision of enterprise and managed services, which we more broadly term "specialized services", we would recommend:</p>
<ul>
<li> Provision of specialized services is permitted if and only if it is shown that</li>
<li>The service is available to the user only upon request, and not without their active choice, and</li>
<li style="text-align: justify; ">The service cannot be reasonably provided with "best efforts" delivery guarantee that is available over the Internet, and hence requires discriminatory treatment, or</li>
<li>The discriminatory treatment does not unduly harm the provision of the rest of the Internet to other customers.</li>
</ul>
<p style="text-align: justify; ">Lastly, we would recommend that the above regulatory guidlines only be applied against ISPs, and not against public providers of Internet connectivity, such as a library, a school, an airport, a hotel, etc.</p>
<h3>Zero-rating</h3>
<p style="text-align: justify; ">On the contentious issue of zero-rating, a process that involves both ex-ante and ex-post regulation is envisaged to prevent harmful zero-rating, while allowing beneficial zero-rating. Further, the report notes that the supposed altruistic or "public interest" motives of the zero-rating scheme do not matter if they result in harm to competition, distort consumer markets, violate the core tenets of Net neutrality, or unduly benefit an Internet "gatekeeper".<br /><br />Much of the discussion around zero-rating has been happening around an assumption of common understanding of the phrase. Unfortunately, that is not true. There is no consensus as to whether a "special Facebok pack of 200MB for Rs.20" offered by a telecom company constitutes zero-rating or not. Without a working definition of zero-rating, not much progress can be made.<br /><br />We propose the following as a definition:</p>
<ul>
<li> Zero-rating is the practice of not counting (aka "zero-rating") certain traffic towards a subscriber's regular Internet usage. </li>
</ul>
<p style="text-align: justify; "><br />The zero-rated traffic could be zero-priced or fixed-price; capped or uncapped; subscriber-paid, Internet service-paid, paid for by both, or unpaid; content- or source/destination-based, or agnostic to content or source/destination; automatically provided by the ISP or chosen by the customer.<br /><br />We believe that zero-rating can be non-discriminatory in nature, and such zero-rating should not be prohibited. Having a system with both ex-ante and ex-post checks is rather heavy-handed regulation, but since the issue is very contentious in India, we believe it might be merited.<br /><br />We thank you for giving us this opportunity to comment.<br />Pranesh Prakash, Policy Director at the Centre for Internet and Society</p>
<p>
For more details visit <a href='https://cis-india.org/telecom/blog/comments-on-dot-panel-report-via-mygov'>https://cis-india.org/telecom/blog/comments-on-dot-panel-report-via-mygov</a>
</p>
No publisherpraneshTelecomFeatured2015-09-26T10:16:44ZBlog Entry