We are anonymous, we are legion

Request for Specifics: Rebuttal to UIDAI

hans — 2016-10-30T15:06:31Z

Responding to the Unique Identification Authority of India’s article that found “serious mathematical errors” in “Flaws in the UIDAI Process” (EPW 12 March 2016), the main mathematical argument used to arrive at the number of duplicates in the biometric database is explained.

The article was published in the Economic & Political Weekly on September 3, 2016, Vol.51, Issue No.36.

The author of a technical paper will be alarmed when he is convicted of “serious mathematical errors” by someone who has not bothered himself with “going too deep into the mathematics” used. The man must possess miraculous powers of divination one feels: fears rather. The UIDAI seems to have even such formidable diviners in their employ: who have dismissed just so peremptorily, in their rebuttal, the calculations made in my paper titled Flaws in the UIDAI process. The paper appeared in the issue of this journal dated to February 27 of this year. The rebuttal was published in the issue dated to the 12th of March. The interested reader can confirm that I have only repeated what was said there. The rebuttal does not specify, in any way, the mathematical mistakes I am supposed to have made. So I shall rehearse the relevant calculations very broadly: and the experts of the UIDAI will then exhibit, I trust, the specific mistakes they impute to me.[*]

[*]My reply to the UIDAIs attempted rebuttal was sent in to the EPW a few days after that appeared in print: and published as a “web exclusive” article in Volume 51, Issue Number 36 of the EPW, on 03/09/2016.

Read the Full Article

For more details visit https://cis-india.org/internet-governance/blog/economic-and-political-weekly-journal-vol-51-issue-36-september-3-2016-hans-varghese-mathews-request-for-specifics

Here is why government twitter handles have been posting offensive and partisan messages

praskrishna — 2016-10-16T03:24:45Z

You have failed us big time Mr Kejriwal, for your petty political gains you can become headlines for Pakistani press,” read a tweet on October 5 from @IndiaPostOffice, the official twitter handle of the Indian postal service.

The article by Danish Raza was published in the Hindustan Times on October 15, 2016. Nishant Shah was quoted.

It was a reference to Delhi Chief Minister Arvind Kejriwal urging the Prime Minister to counter Pakistan’s propaganda over surgical strikes.

Within hours, India Post tweeted an apology saying that the account was hacked.

This is the latest in a series of opinions and statements posted from official twitter handles of government departments and bodies. Of late, the Twitter handles meant to broadcast information related to government programmes have appeared like personal accounts tweeting slander and criticism.

Last month, the Twitter handle of Digital India tweeted a poem in Hindi calling on the Indian Army to persistently fire at protesters in Kashmir.

In August, the Twitter handle of Startup India retweeted a post suggesting that the Indian Army should ‘take care’ of #Presstitutes, a reference to sections of Indian media critical of the government.

The tweets expose loopholes in the government’s social media policy and raise questions about the norms followed in the recruitment of social media professionals for ministries and government institutions.

Work in Progress

The process of adopting new tools is work in progress. While the government agencies are trying to leverage social media to enhance citizen engagement, for the vast majority of government bodies, it is unexplored territory. Babus who have traditionally been dealing in paperwork and file notings are overwhelmed to see hash tags and trends. With a tech- savvy Prime Minister at the helm, every government department is trying to increase its digital footprint. At the same time, they face the challenge of reinterpreting existing work ethics and codes of conduct and applying them to the use of social media. Ministries such as the Ministry of External Affairs, Information & Broadcasting and the Prime Minister’s Office which have cohesive programmes and big mandate, have separate social media wings of their own with well- defined protocols. But these are exceptions.

Overall, the government bodies lack social media guidelines for their own efforts or which others can learn from. According to Chinmayi Arun, executive director, Centre for Communication Governance, National Law University, Delhi, mistakes are bound to happen given that everyone is new to social media. But it should be non-negotiable that when anything is said using an official governmental handle, the government should take more responsibility than just saying ‘oops’. “One of course is a clear and unequivocal statement apologising and taking back whatever was said. However, it should take pro-active measures to train and test people who handle its public-facing accounts and publish a clear monitoring and accountability mechanism by which they can be called to account. It should not be open to anyone to misuse the government’s official handles in this manner,” said Arun.

One of the areas where the lack of sensitisation is apparent is the usage of the same mobile device for multiple twitter handles – the most common reason for such goof-ups cited by social media consultants attached to various government departments. “I believe these were inadvertently posted by people handling these accounts. It may neither have been their mandate nor their intention. It happens when the person has configured multiple twitter handles from the same device and ends up posting from the wrong account,” said Amit Malviya, BJP’s National Convener, IT.

The majority of ministries and government departments do not give phones to members of the social media teams. It is up to the individual to use his personal device or get an additional one to manage the professional handle (s). A mistake will happen if a comment which was to be posted from the personal handle is posted from the official handle.

Twitter Goof-ups from GoI Accounts

“Because of the personalised and individual nature of social media, it is easy to forget that they are representing an institution and not themselves when using these handles. This also suggests the lack of public usage training in these organisations, and the need to educate our public actors in using social media with more responsibility as office bearers of an institution rather than a personal expression or an opinion,” said Nishant Shah, co-founder of the Centre for Internet and Society, Bangalore.

Another issue is that access to the account is given to multiple people. “Each one of them brings their individual personality and politics to their operation of the handle,” said Shah.

Hiring Issues

Part of the problem lies in the fact that there is no standard protocol on who can access the twitter handle of Indian government bodies and how this person or team is hired.

A few ministries (example: the ministry of railways) have a team comprising of government employees and staff of private agencies handling their account. Others have outsourced the job to agencies.

During the campaigning for the 2009 election, political parties got outside expertise to mark their presence online. The selection parameters of social media consultants – established public relations firms in some cases and individuals in others – was not uniform.

Unlike the traditional public relations officers who are from the Indian Information Services cadre, the social media consultants were selected based on their expertise in the field, political affiliation, and proximity to a party or leader.

Those who started handling social media accounts of political parties and leaders included trolls and social media influencers. “Parties got youngsters who were politically motivated and willing to work for political parties. They became cheaper alternatives for social media experts,” said Ishan Russel, political communication consultant.

After the NDA came to power, almost every ministry outsourced its digital expertise to agencies. Many individuals who were earlier directly working with leaders and parties got back with them via agencies. “If an agency is looking for people to handle the twitter account or Facebook page of a certain ministry in the BJP government, then those who are politically inclined towards the BJP will apply for the vacancies and their chances of getting hired are also much higher than someone who is neutral or known to be an AAP sympathiser,” said Vikas Pandey, 32-year-old software engineer, who headed the “I Support Namo” campaign on Facebook and Twitter, as a volunteer for the BJP.

Last year, the Prime Minister felicitated more than a dozen social media enthusiasts, including Vikas. The move raised eyebrows because many felt that the government was encouraging trolls. “It illuminates the fact that trolls have found gainful employment in the Government of India. Also that the entire edifice of the centre is being taken over by woefully undereducated bigots,” said Swati Chaturvedi, senior journalist and author.

Agency, the Soft Target

Till the time the government staff is well versed with social media tools, attributing the mistakes to an ‘outside agency’ appears to be the norm.

In the case of the twitter goof-up involving Startup India, Commerce and Industry minister Nirmala Sitharaman blamed a private agency that was managing the account of Startup India. “The retweets were done by an employee of the agency hired by the department of industrial policy and promotion. The person assigned by the agency for this particular job is not decided by the department and is the sole prerogative of the agency,” she said.

S Radha Chauhan, CEO of National e-Governance Division, attributed the controversial post from Digital India’s twitter handle to an agency called Trivone. “The person responsible had mistakenly tweeted from the official handle what he wanted to tweet from his personal account,” said Chauhan.

Those familiar with the functioning of the government’s social media verticals say that agencies are mentioned to cover up for mistakes often committed by someone from the government staff. “When in crisis, blame the agency, is the thumbrule the government follows. The fact is that each twitter post is approved by the client before it is posted,” said a senior executive with a digital marketing firm attached to a ministry which has recently earned lot of praise for its social media initiatives.

Nishtha Arora, social media and digital consultant in a reputed ad agency, was handling a political account till very recently. She said that the client required her to just randomly tweet or RT to be heard by the followers of a tech-savvy minister and be his digital mouthpiece. “I often had to draft tweets which looked like press releases,” she said.

“Digital faux pas is blamed on to someone who might be an expert in the field but yet has to bow down to the client pressure so that their agenda for the day is met and the said government body or ministry remains in the news,” she added.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-danish-raza-october-15-2016-here-is-why-government-twitter-handles-have-been-posting-offensive-and-partisan-messages

Hakon 2016

praskrishna — 2016-10-15T10:04:41Z

Udbhav Tiwari attended attended Hakon 2016, a conference held between September 30 and October 2, 2016 at Indore, Madhya Pradesh, India,on behalf of CIS under the Hewlett Cyber Security Project.

Hakon 2016 was the third edition of the conference which has been organised by Ninja Information Security Systems, an ISO 27001:2013 & 9001:2008 certified training organisation and the primary sponsor of the conference from Indore. The conference was efficiently organised, had about 150 to 200 people attending overall and provided an unique window into the non-tech hub/big city ethical hacker ecosystem and their place within the cyber security setup in India. The agenda of this year's conference was the Underground Digital Black Market & Digital Terrorism, with a fair mix of participants from the industry, academia and the government. The conference website can be looked up at http://www.hakonindia.org/ for further details, including a look at past editions of the conference.

The technical workshops held during the first two days of the conference were well organised and networking with the teachers during and mostly at the end of the conference was very helpful in understanding a practitioners perspective on cutting edge aspects of cyber security. This was particularly true for Chuck Easttom Williams, an accomplished cyber security expert from the USA who regularly trains government agencies and in a fairly reputed industry veteran who has been an invited speaker at DEFCON and even has a couple of patents to his name.

For more details visit https://cis-india.org/internet-governance/news/hakon-2016

IANA Transition: A Case of the Emperor’s New Clothes?

vidushi — 2016-11-03T06:20:46Z

Transparency is key to engaging meaningfully with ICANN. CIS has filed the most number of Documentary Information Disclosure Policy (DIDP) requests with ICANN, covering a range of subjects including its relationships with contracted parties, financial disclosure, revenue statements, and harassment policies. Asvatha Babu, an intern at CIS, analysed all responses to our requests and found that only 14% of our requests were answered fully.

The post was published by Digital Asia Hub on October 6, 2016.

In March 2014, the US Government committed to ending its contract with ICANN to run the Internet Assigned Numbers Authority (IANA), and also announced that it would hand over control to the “global multistakeholder community”. The conditions for this handover were that the changes must be developed by stakeholders across the globe, with broad community consensus.

Further, it was indicated that any proposal must support and enhance the multistakeholder model; maintain the security, stability, and resiliency of the Internet Domain Name System (DNS); meet the needs and expectation of the global customers and partners of the IANA services and maintain the openness of the Internet. Further, it must not replace the NTIA role with a solution that is government-led or by an inter-governmental organisation.

These conditions were met, ICANN’s Supporting Organisations (SO’s) and Advisory Committees (ACs) accepted transition proposals, and these proposals were then accepted by the ICANN Board as well, putting the transition in motion. But not quite. The “global multistakeholder community” still had to wait for approval from the NTIA and the US government, both of whom eventually approved the proposal. The latter’s approval was confirmed after considerable uncertainty due to Senator Ted Cruz’s efforts to stop the transition, due to his belief that the transition was an exercise of the US government handing over control of the internet to foreign governments. Notwithstanding this, on 29th September, the US Senate passed a short term bill to keep the US Government funded till the end of the year, without a rider on the IANA transition. The next hurdle was a lawsuit filed in federal court in Texas by the attorney generals of four states to stop the handover of the IANA contract. As on the 30^th of September, the court denied the Plaintiffs’ Application, thus allowing the transition to proceed.

What does this transition mean? What does it change? The transition, while a welcome step, leaves much to be desired in terms of tangible change, primarily because it fails to address the most important question, that of ICANN jurisdiction. It is important to have the Internet’s core Domain Name System (DNS) functioning free from the pressures and control of a single country or even a few countries; the transition does not ensure this, as the Post Transition IANA entity (PTI) will be under Californian jurisdiction, just like ICANN was pre-transition. The entire ICANN community has been witness to a single American political figure almost derailing its meticulous efforts simply because he could; and in many ways these events cemented the importance of having diversity in terms of legal jurisdiction of ICANN, the PTI and the root zone maintainer.

My colleague Pranesh Prakash has identified 11 reasons why the question of jurisdiction is important to consider during the IANA transition. Some of these issues depend on where ICANN, the PTI and the root zone maintainer are situated, some depend on the location of the office in question and still others depend on contracts that ICANN enters into. ICANN’s new bylaws state that it will be situated in California, the post transition IANA entities bylaws also make a Californian jurisdiction integral to its functioning. As an alternative, the Centre for Internet & Society has called for the “jurisdictional resilience” of ICANN, encompassing three crucial points: legal immunity for core technical operators of Internet functions (as opposed to policymaking venues) from legal sanctions or orders from the state in which they are legally situated, division of core Internet operators among multiple jurisdictions, and jurisdictional division of policymaking functions from technical implementation functions.

Transparency is also key to engaging meaningfully with ICANN. CIS has filed the most number of Documentary Information Disclosure Policy (DIDP) requests with ICANN, covering a range of subjects including its relationships with contracted parties, financial disclosure, revenue statements, and harassment policies. Asvatha Babu, an intern at CIS, analysed all responses to our requests and found that only 14% of our requests were answered fully. 40% of our requests had no relevant answers disclosed at all (these were mostly to do with complaints and contractual compliance). To illustrate the importance of engaging with ICANN transparency, CIS has focused on understanding ICANN’s sources of income since 2014. This is because we believe that conflict of interest can only be properly understood by following the money in a granular fashion. This information was not publicly available, and in fact, it seemed like ICANN didn’t know where it got its money from, either. It is only through the DIDP process that we were able to get ICANN to disclose sources of income, and figures along with those sources for a single financial year.

ICANN prides itself on being transparent and accountable, but in reality it is not. The most often used exception to avoid answering DIDP requests has been “Confidential business information and/or internal policies and procedures”, which in itself is a testament to ICANN’s opacity. Another condition for non-disclosure allows ICANN to reject answering “Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual.”. These exemptions are not only vague, they are also extremely subjective: again, demonstrative of the need for enhanced accountability and transparency within ICANN. Key issues have not been addressed even at the time that the transition is formally underway. The grounds for denying DIDP requests are still vague and wide, effectively giving ICANN the discretion to decline answering difficult questions, which is unacceptable from an entity that is at the center of the multi-billion dollar domain name industry.

ICANN’s jurisdictional resilience and enhanced accountability are particularly vital for countries in Asia. Its policies, processes and functioning have historically been skewed towards western and industry interests, and ICANN can neither be truly global nor multistakeholder till such countries can engage meaningfully with it in a transparent fashion. The IANA transition is, of course, largely political, and may symbolise a transition to the global multistakeholder community, but in reality, it changes very little, if anything.

For more details visit https://cis-india.org/internet-governance/blog/digital-asia-hub-october-6-2016-vidushi-marda-iana-transition

Tech companies like Gmail, WhatsApp may be asked to store user information

praskrishna — 2016-10-14T01:12:14Z

The government is moving to formulate rules that will require technology ‘intermediaries’— including email services like Gmail, chat apps such as WhatsApp and Snapchat or even ecommerce firms like Amazon — to retain user information, a development that is expected to be met with determined opposition.

The article by Surabhi Agarwal was published in Economic Times on October 14, 2016. Pranesh Prakash was quoted.

What the government is looking to do now is draft rules for Section 67C of the Information Technology Act, and this will be done by a committee that has been set up for the purpose. The rules — whose drafting has been waiting since 2008 — will spell out what type of data has to be stored, in which format, and for how long, according to three members of the newly-formed committee. All this so that law-enforcement agencies can access the information if they need it.

Sharing of information between foreign firms and the Indian government has been a contentious issue, and experts said the mandate may be impossible to implement for firms such as WhatsApp that promise end-to-end encryption. Or for Snapchat – a chat app where messages disappear within seconds and are not even stored on the company’s servers.

Firms may also oppose the diktat, especially since most of them are not governed by Indian laws and also due to the high cost of data retention.

The committee is headed by additional secretary in the ministry of electronics and IT (MEITY), Ajay Kumar, and has one representative each from the ministry of home affairs, department of telecom, department of personnel and training, Nasscom, Internet Service Provider Association of India (ISPAI), along with an advocate specialising in cyber law and a few officers from MEITY. The first meeting of the committee took place in the last week of September.

“This is a fairly complex issue, compounded by the general lack of understanding of mobile apps and over the top service providers,” said a person on the committee who did not wish to be identified. This person said that most technology players are based in the United States and they have always been at loggerheads about sharing of information with the government. “Even if it is for national security reasons, how much are these companies answerable to the Indian security establishment? And we do know how Apple refused to unlock the phone even for FBI."

Google and Facebook did not respond to requests for comment.

‘Huge balancing act’

Supreme Court lawyer and cyber law expert Pavan Duggal said the section has been drafted in very “broad” terms and the move may be driven by the realisation that these companies are huge data repositories – some of which might be relevant to law enforcement investigations. “It will have to be a huge balancing act and will be interesting to see what this committee decides,” added Duggal.

While Section 67C refers to the obligation of the service providers to retain information, the nature of the data to be retained and the time period is not specified. Companies which do not comply with the law can be levied fine and its officers sent to jail.

Another member on the committee said the ambit of this task is huge. “In the last meeting we argued that the rules should be the same for everybody and there should be no differential treatment for foreign companies such as Google or Microsoft,” he said. This person said that ambiguity is rampant as various government arms have different sets of rules for data retention.

For instance, the Department of Telecommunications (DoT) asks for data to be stored for six months, while the Registrar of Companies mandates some information to be retained for one year while the income-tax rules mandate data storage for six-seven years. “There has only been one meeting so far. It is a long procedure and will require several rounds of consultation,” said a third person on the committee.

Privacy activists like Pranesh Prakash of the Centre for Internet and Society said that one of the principles that’s frequently cited while discussing international practices on surveillance is that data retention should not be required of service providers.

And internationally too, there is no standard on this issue. “There were norms at the European Union-level regarding data retention, but they were struck down in 2014 by the European Court of Justice as being violative of human rights,” he said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information

National Cyber Defence Summit 2016

praskrishna — 2016-10-10T12:54:29Z

National Cyber Defence Summit – 2016 was organized by the National Cyber Safety and Security Standards in association with State & Central Governments, Ministry of Defence, Government of India, AICTE & Anna University on 30 September and 1 October 2016 in Chennai. Vanya Rakesh attended the summit.

The Summit focused on multiple issues linked with the current use of cyberspace by the various stake holders and creating awareness of the responsibility associated with the judicious use of this significant and powerful tool, without endangering the fragile security and social framework. The mission of the Summit is to establish a multi-stakeholder consortium that brings together Industry, Government, and Academic interests in an effort to improve the state of Cyber Security on both a domestic and international level. Primarily, the Summit focuses on multiple issues linked with the current use of cyberspace by the various stake holders and creating awareness of the responsibility associated with the judicious use of this significant and powerful tool, without endangering the fragile security and social framework.

In fact this is the one and only High Level Summit which gathers the presence of Multi-Stakeholders from State/Central Governments, Defence, MNCs, PSUs, Academics, PSBs, Intelligence Agencies, Enforcement Agencies and etc. For more info see the website here. Agenda can be viewed here.

For more details visit https://cis-india.org/internet-governance/news/national-cyber-defence-summit-2016

Internet Democratisation: IANA Transition Leaves Much to be Desired

vidushi — 2016-11-03T07:52:37Z

At best, the IANA transition is symbolic of Washington’s oversight over ICANN coming to an end. It is also symbolic of the empowerment of the global multistakeholder community. In reality, it fails to do either meaningfully.

The article was published in the Hindustan Times on October 6, 2016.

Many suspect Washington’s 2014 announcement of handing over control of the IANA contract to be fuelled by the outcry following Edward Snowden’s revelations of the extent of US government surveillance. Source: AFP

September 30, 2016, marked the expiration of a contract between the US government and the Internet Corporation for Assigned Names and Numbers (ICANN) to carry out the Internet Assigned Numbers Authority (IANA) functions.

In simpler, acronym-free terms, Washington’s formal oversight over the Internet’s address book has come to an end with the expiration of this contract, with control now being passed on to the “global multistakeholder community”.

ICANN was incorporated in California in 1998 to manage the backbone of the Internet, which included the domain name system (DNS), allocation of IP addresses and root servers. After an agreement with the US National Telecommunications and Information Administration (NTIA), ICANN was tasked with operating the IANA functions, which includes maintenance of the root zone file of the DNS. Over the years Washington has rejected calls to hand over the control of IANA functions, but in March 2014 it announced its intentions to do so and laid down conditions for the handover. Many suspect the driving force behind this announcement to be the outcry following Edward Snowden’s revelations of the extent of US government surveillance.

The conditions laid down by the NTIA were met, and the US government accepted the transition proposal, amidst much political pressure and opposition, most notably from Senator Ted Cruz.

This transition is a step in the right direction, but in reality, it changes very little as it fails to address two critical issues: Of jurisdiction and accountability.

Jurisdiction is important while considering the resolution of contractual disputes, application of labour and competition laws, disputes regarding ICANN’s decisions, consumer protection, financial transparency, etc. Many of these questions, although not all, will depend on where ICANN is located. ICANN’s new bylaws mention that it will continue to be incorporated in California, and subject to California law just as it was pre-transition. Having the DNS subject to the laws of a single country can only lend to its fragility. ICANN’s US jurisdiction also means that it is not free from the political pressures from the US Senate and in turn, the toxic effect of American party politics that were made visible in the events leading up to September 30.

Another critical issue that the transition does not address is that of ICANN accountability. Post-transition, ICANN’s board will continue to be the ultimate decision-making authority, thus controlling the organisation’s functioning, and ICANN staff will be accountable to the board alone.

To put things in perspective, look at the board’s track record in the recent past. In August, an Independent Review Panel (IRP) found that ICANN’s board had violated ICANN’s own bylaws and had failed to discharge its transparency obligations when it failed to look into staff misbehaviour. Following this, in September, ICANN decided to respond to such allegations of mismanagement, opacity and lack of accountability by launching a review. The review however, would not look into the issues, failures and false claims of the board, but instead focus on the process by which ICANN staff was able to engage in such misbehaviour. This ironically, will be in the form of an internal review that will pass through ICANN staff — the subjects of the investigation — before being taken up to the board.

At best, the transition is symbolic of Washington’s oversight over ICANN coming to an end. It is also symbolic of the empowerment of the global multistakeholder community. In reality, it fails to do either meaningfully.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-october-6-2016-vidushi-marda-internet-democratisation

If all goes well, Indian IT Act may enter 21st century

praskrishna — 2016-10-06T16:49:12Z

The government is aiming to refresh the main law governing information technology by giving it a revamp which it hopes will bring it in tune with the times and address criticisms about its weaknesses, a senior official said on condition of anonymity.

The article by Surabhi Agarwal was published in the Economic Times on October 6, 2016. Sunil Abraham was quoted.

The move is triggered by the realisation that the Information Technology Act passed in 2000 and last amended eight years ago may be wanting in many respects due to advances in technology and its ubiquitousness in nearly every aspect of life.

The government will take a first step by constituting a committee whose job will be to make suggestions to refresh the law. The magnitude of fraud, terrorism, bullying and stalking in cyber space has grown along with advances in technology and its adoption, and these are some of the areas where the law could do with an update.

The government's massive push on Digital India is also leading to significant digitisation of government services and records. In 2000, when the Act was first passed, there were a mere 5 million internet users in the country. India has surpassed the US to become the second-largest Internet market with 436 million users as of June 2016.

"It has been realised that we need more provisions on things such as mobile security, internet of things," the official said. "The last amendment came in 2008, so almost a decade has passed." This person said that there is confusion among various law enforcement agencies regarding the ambit of the IT Act.

Fresh provisions are also required in fields such as how long agencies – both state as well as private – should hold citizens' information, which has been shared by them, for any kind of authentication through means such as emails. Supreme Court advocate and cyber security expert Pavan Duggal called the IT Act an "outdated" piece of legislation.

"The Act and the amendments are in the pre-social media era. Current realities, challenges and the policy aspects of cyberspace have not been addressed," he said. There are no provisions, for instance, for mandatory reporting of cyber-crime and cyber-security breaches, he said. Besides, there are the challenges posed by the dark net where everything from weapons to drugs are being peddled.

"Cyber bullying is the number one problem in Indian schools and universities which is not addressed in the Act. There have been no convictions for cyber stalking which is extremely prevalent in India," Duggal said, suggesting measures such as the setting up of special courts for cyber crime and terror.

In the past couple of years, the government has come under fire for several attempts to bring in laws on encryption, contain pornography and the spread of obscene material online. The Internet and Mobile Association of India (IAMAI) said that while the move to change the Act is welcome, it should be done in an "inclusive" manner with the "widest possible public consultation" and not by a committee which consists only of government representatives.

Subho Ray, president of IAMAI said that while the definition of intermediaries needs to be reviewed and the list expanded, citizens' fundamental rights need to kept in mind while trying to bring back a modified form of Section 66A (it dealt with offences on the internet), which was struck down by the Supreme Court as unconstitutional.

The ministry of electronics and IT is currently trying to form a committee with experts from the private sector, the source said, and cautioned about the prospect of a "long-haul" before changes come about. Sunil Abraham, director of the Centre for Internet and Society (CIS) said that India's data protection laws under Section 43A of the IT Act must be upgraded and this would help Indian companies which export IT-enabled services.

"We also need to apply the principle of equivalence more clearly, which says that if something is illegal offline, it should also be illegal online," said Abraham.

For more details visit https://cis-india.org/internet-governance/news/economic-times-surabhi-agarwal-october-6-2016-if-all-goes-well-indian-it-act-may-enter-twenty-first-century

Services like TwitterSeva aren’t the silver bullets they are made out to be

sunil — 2016-10-06T16:31:51Z

TwitterSeva is great, but it should not be considered a sufficient replacement for proper e-governance systems. This is because there are several serious shortcomings with the TwitterSeva approach, and it is no wonder that enthusiastic police officers and bureaucrats are somewhat upset with the slow deployment of e-governance applications. They are also right in being frustrated with the lack of usability and scalability of existing applications that hold out the promise of adopting private sector platforms to serve citizens better.

Sunil Abraham, executive director of the Centre for Internet and Society, wrote this in response to the FactorDaily story on TwitterSeva, a special feature developed by Twitter’s India team to help citizens connect better with government services. Sunil's article in FactorDaily can be read here.

Let’s take a look at why the TwitterSeva approach is not adequate:

1. Vendor and Technology Neutrality: Providing a level ground for competing technologies in e-governance has been a globally accepted best practice for about 15 years now. This is usually done by using open standards policies and interoperability frameworks.

India does have a national open standards policy, but the National Informatics Centre (NIC) has only published one chapter of the Interoperability Framework for e-Governance .

The thing is, while Twitter might be the preferred choice for urban elites and the middle class, it might not be the choice of millions of Indians coming online. By implicitly signaling to citizens that Twitter complaints will be taken more seriously than e-mail or SMS complaints, the government is becoming a salesperson for Twitter. Ideally, all interactions that the state has with citizens should be such that citizens can choose which vendor and technology they would like to use. Ideally, the government should have its own work-flow so that it can harvest complaints, feedback and other communications from all social media platforms be it Twitter or Identica, Facebook or Diaspora, and publish responses back onto them.

By implicitly signalling to citizens that Twitter complaints will be taken more seriously than e-mail or SMS complaints, the government is becoming a salesperson for Twitter

Apart from undermining the power of choice for citizens, lack of vendor and technology neutrality in government use of technology undermines the efficient functioning of a competitive free market, which is the bedrock of future innovation.

When it comes to micro-blogging, Twitter has established a near monopoly in India. There are no clear signs of harm and therefore it would not be wise to advocate that the Competition Commission of India investigate Twitter. However, if the government helps Twitter tighten its grip over the Indian market, it is preventing the next cycle of creative destruction and disruption. Therefore, e-governance applications should ideally only “loosely couple” with the APIs of private firms so that competition and innovation are protected.

2. Holistic Approach and Accountability: Ideally, as the Electronic Service Delivery Bill 2011 had envisaged, every agency within the government was supposed to (within 180 days of the enactment of the Act) do several things: publish a list of services that will be delivered electronically with a deadline for each service; commit to service-level agreements for each service and provide details of the manner of delivery; provide an agency-level grievance redressal mechanism for citizens unhappy with the delivery of these electronic services.

Notwithstanding the 180-day commitment, the Bill required that “all public services shall be delivered in electronic mode within five years” after the enactment of the Bill with a potential three-year extension if the original deadline was not met. The Bill also envisaged the constitution of a Central Electronic Service Delivery Commission with a team of commissioners who “monitor the implementation of this Bill on a regular basis” and publish an annual report which would include “the number of electronic service requests in response to which service was provided in accordance with the applicable service levels and an analysis of the remaining cases.”

The Electronic Service Delivery Bill 2011 had a much more comprehensive and accountable plan for e-governance adoption in the country

Citizens suffering from non-compliance with the provisions of the Bill and unsatisfied with the response from the agency level grievance redressal mechanism could appeal to the Commission. The state or central commissioners after giving the government officials an opportunity to be heard were empowered to impose a fine of Rs 5000.

Unlike the piecemeal approach of TwitterSeva, the Bill had a much more comprehensive and accountable plan for e-governance adoption in the country.

3. Right To Transparency: Some of the interactions that the government has with citizens and firms may have to be disclosed under the obligation emerging from the Right to Information Act for disclosure to the public or to the requesting party. Therefore it is important that the government take its own steps for the retention of all data and records — independent of the goodwill and lifecycles of private firms.

Twitter is only 10 years old. It took 10 years for Orkut to shut down. Maybe Twitter will shut down in the next 10 years. How then will the government comply with RTI requests? Even if the government is not keen on pushing for data portablity as a right for consumers (just like mobile number portability in telecom, so that consumers can seamlessly shift between competing service providers), it absolutely should insist on data portability for all government use.

Twitter is only 10 years old. It took 10 years for Orkut to shut down. Maybe Twitter will shut down in the next 10 years. How then will the government comply with RTI requests?

This will allow it to shift to a) support multiple services, b) shift to competing/emerging services c) incrementally build its own infrastructure and also comply with the requirements of the Right to Information Act.

4. Privacy: Unfortunately, thanks to the techno-utopians behind the Aadhaar project, the current government is infected with “data ideology.” There is an obsession with collecting as much data as possible from citizens, storing it in centralized databases and providing “dashboards” to bureaucrats and politicians. This is diametrically opposed to the view of the security community.

Unfortunately, thanks to the techno-utopians behind the Aadhaar project, the current government is infected with “data ideology”

For example, Bruce Schneier posted on his blog in March this year (in a piece titled ‘Data is a Toxic Asset‘) saying: “What all these data breaches are teaching us is that data is a toxic asset and saving it is dangerous. This idea has always been part of the data protection law starting with the 2005 EU Data Protection Directive expressed as the principle of “Data Minimization” or “Collection Limitation”. More recently technologists and policy makers also use the phrase “Privacy by Design”. Introducing an unnecessary intermediary or gate-keeper between what is essentially transactions between citizens and the state is an egregious violation of a key privacy principle.”

5. Middle Class and Elite Capture: The use of Twitter amplifies the voices of the English-speaking, elite, and middle class citizens at the expense of the voices of the poor. While elites don’t exhibit fear when tagging police IDs and making public complaints from the comforts of their gated communities with private security guards shielding them the violence of the state, this might be a very intimidating option for the poor and disempowered.

While elites don’t fear tagging police IDs and making public complaints from the comforts of their gated communities, it’s intimidating for the disempowered

While the system may not be discriminatory in its design, it will have disparate impact on different sections of our society. In other words, the introduction of TwitterSeva will exacerbate power asymmetries in our society rather than ameliorating them.

The canonical scholarly reference for this is Kate Crawford’s analysis of City of Boston’s StreetBump smartphone, which resulted in an over-reporting of potholes in elite neighbourhoods and under-reporting from poor and elderly residents. This meant that efficiency in the allocation of the city’s resources was only a cover for increased discrimination against the powerless.

6. Security: The most important conclusion to draw from the Snowden disclosure is that the tin-foil conspiracy theorists who we used to dismiss as lunatics were correct. What has been established beyond doubt is that the United States of America is the world leader when it comes to conducting mass surveillance on netizens across the globe. It is still completely unclear how much access the NSA has to the databases of American social media giants. When the complete police force of a state starts to use Twitter for the delivery of services to the public, then it may be possible for foreign intelligence agencies to use this information to undermine our sovereignty and national security.

For more details visit https://cis-india.org/internet-governance/blog/factordaily-sunil-abraham-october-6-2016-services-like-twitterseva-are-not-the-silver-bullets-they-are-made-out-to-be

Not Everyone Plays by the Rules in the Digital Playground: Addressing Online Child Sexual Exploitation

praskrishna — 2016-10-05T15:08:40Z

Japreet Grewal spoke at a panel on 'Prevention through Awareness and Education' at a meeting titled 'Not Everyone Plays by the Rules in the Digital Playground:Addressing Online Child Sexual Exploitation' that was organised by the International Centre for Missing and Exploited Children, Singapore (ICMEC) and TULIR - Centre for the Prevention and Treatment of Child Sexual Abuse, India on October 3-4, 2016 at India Habitat Centre, New Delhi.

Click the links below to access:

For more details visit https://cis-india.org/internet-governance/news/not-everyone-plays-by-the-rules-in-the-digital-playground-addressing-online-child-sexual-exploitation

An 'app'ening world

praskrishna — 2016-10-05T00:24:19Z

A ‘forward’ has been doing the rounds on WhatsApp about the privacy concerns relating to that instant messaging app; it’s asking for permission to share user data with Facebook.

The article by Chetana Divya Vasudev was published in Deccan Herald on October 4, 2016. Rohini was quoted.

In the WhatsApp notification, asking users to agree to the terms and conditions again, the option to share these user details to help improve ads on Facebook is already selected. Those who are uncomfortable parting with this information have to uncheck it before clicking on the ‘I agree’ button.

“Agreeing to this would mean Facebook can see who you’re chatting with and what you’re talking about,” says tech expert Chinmayi S K. “So if you’re talking about cat adoption, the ads displayed on the side could be relevant to that.”

When it comes to other smartphone apps, she cites Zomato as an example. “It has been asking for user history — previous orders and other such details — to make recommendations,” she says. “This comes with the app update. Tinder, too, is asking for your location using wifi, which is more accurate than the GPRS location.”
It’s alright to agree to these permissions, she says, so long as you’re aware of what you’re signing up for and how that data is going to be used.

If you have qualms about agreeing to this, there are usually alternatives you can find, adds Rohini Lakshane, program officer, Centre for Internet and Society. “If not, it’s usually a trade-off: you have to see how much you want the app,” she points out.

There are, however, other apps that might be duplicates asking for access to your device or files, cautions Chinmayi.

“If a cooking app, a simple one that gives you recipes, asks for your call logs or other files, for example,” she says.

A discerning user, interjects Rohini, will check for permission to access files or functions that are not strictly necessary for the features the app supports. “I don’t want to name anything but some e-commerce and travel apps ask to access your browsing history and the other apps or networks you’re connect to. It could be to serve you contextual ads or content, like Zomato, or to sell it to someone. You never know,” she says. However, some devices or versions of the Android OS let you control what permissions you enable, she informs.

Aeronautical engineer Pavan Raj P V says he takes care not to compromise on his safety, whenever possible. “But there are a few apps that I have on my phone no matter what — Facebook, WhatsApp, LinkedIn, Instagram. Most of them auto-update and require no extra permissions.”

However, he has noticed that LinkedIn asks for access to Gmail contacts that you could accidentally accept “if you’re logging in mechanically”.

Varsha C V, communications specialist at Karnataka State Highways Improvement Project, says, “Last month, my husband asked me to download a Google app for free calls that required all sorts of permissions, such as access to your phone logs. When Skype offers the same features without asking for all this, why should anyone use this app?”

She believes privacy in India is not taken as seriously as it should be. “You should keep in mind that if you’re giving them access to your contacts, you’re also compromising on others’ privacy,” she points out.

Lokanand, a sound engineer, admits to not paying attention to what he’s giving apps access to. “I’m no expert but if you ask me, you download apps because they are useful. So I don’t really bother about what I’m saying yes to.”

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-chetana-divya-vasudev-october-4-2016-an-appening-world

Eye on Mumbai

praskrishna — 2016-10-02T10:22:20Z

The feeds will be beamed to a video wall that stretches 21 feet across at the police’s command and control room.

The article by Tariq Engineer was published in Mumbai Mirror today. Sunil Abraham was quoted.

When seven bombs exploded on local trains between Khar and Borivali killing 209 people and injuring 714 in 2006, the Maharashtra police looked for CCTV footage but couldn’t find any because no cameras existed at railway stations back then.

When terrorists landed near Machimar colony in Cuffe Parade in 2008 and proceeded to slaughter hundreds of people in the city, CCTV footage was found only at the Taj and Trident hotels, Chhatrapati Shivaji Terminus and near the Times of India building. Places like Cama Hospital, Nariman House and Leopold Café were simply off the grid.

When Mumbai journalist J Dey was gunned down in Powai in 2011, the police obtained CCTV footage from a shopping centre nearby but it was so blurry, it was useless.

In each of these situations, a fully functioning high-definition CCTV system could have altered the outcome or aided the investigation in critical ways. That glaring gap in Mumbai’s security has now been filled by the Mumbai City Surveillance Project, which officially goes live today.

Over the last 20 months, a total of 4697 cameras have been installed at 1510 locations around Mumbai city. In addition to these, another 146 will survey the Bandra Kurla Complex. The tender for the project was issued in 2015 and won by a consortium led by construction major Larsen & Toubro with MTNL, CMS Computers and Infinova, which supplied the cameras, as partners.

The project is actually an outcome of the 26/11 attacks, having been recommended by the Ram Pradhan Committee, which was appointed to evaluate the city administration’s responses to the terror strike. According to Additional Chief Secretary (Home) KP Bakshi these cameras will ensure roughly 80 per cent of Mumbsi will be watched 24 hours a day, seven days a week. The city’s inhabitants will now have to be on their best behaviour.

“It was the police’s call to decide what they want to observe,” Bakshi said. “Do they want to look at the traffic or at a place where people gamble or do a lot of drinking?” The policeman in charge of selection of spots for installation of cameras was former additional commissioner of police Vasant Dhoble. Calling him a “game-changer”, one of the project managers said it was thanks to Dhoble that all the locations were surveyed in just twoand-a-half months. Dhoble was also instrumental in ensuring that the cameras were installed at the appropriate angles.

While the initial estimate was for 6,000 cameras, it was eventually determined that 4,697 were sufficient at this stage. The cameras have been placed on poles similar to street lights — 2290 of them — some with multiple cameras. “Let’s say there is a pole at Haji Ali Juice Center,” Bakshi said. “It may have three cameras — one looking towards Heera Panna, the other looking towards Mahalaxmi, the third looking towards Worli.”

The vast majority of the cameras — roughly 4200 — will be fixed and stare unblinkingly in one direction. The other 500 will be PTZ, or pan/tilt/zoom cameras, so those watching can scan an area or take a closer look at something that seems suspicious. All of the cameras can see in high definition, with visibility ranging from 50m to 120m. Some of them also have thermal imaging and night vision.

According to those involved in the project, the cameras have been built to withstand the rigours of Mumbai’s weather — specifically the heat and rain. Larsen & Toubro and CMS Computers are responsible for the maintenance of the system. Once the system is fully operational, the target is to have 99% of the cameras live at all times barring accidents. The responsibility for this lies with the service providers.

A smart system

The software that runs the cameras includes a Picture Intelligence Unit (PIU) that will conduct facial recognition analysis. If there is an image of a wanted person in the database, the program will scan the footage for matches and send a signal if it finds any. It will also send an alert if it notices a suspicious object, say one that has been left unattended for a pre-specified amount of time, so the cops can check it out. Tracking police vehicles — like you can follow the path of an Uber or Ola — is yet another feature, so if there is trouble, the nearest vehicle can be dispatched.

By Bakshi’s reckoning, if it is a small crime, then the police should be on the scene in five to ten minutes. If it is something like a bomb blast, then a Quick Response Team will be deployed, which will take a little longer – say 10 to 15 minutes.

Who will be watching you?

The feeds from these cameras will be fed to a video wall that stretches 21 feet across in a control room that has been set up in the Commissioner of Police Headquarters at Crawford Market. The footage will be monitored by about 20 observers who have been specially trained for the job.

However, a project manager said, watching the wall for more than eight minutes “would make anyone mad” because it is so chaotic. Therefore, each observer has his own workstation with three computer screens where he can only watch the feeds he has been assigned.

Entry to the control room is also strictly monitored. It requires five fingerprint access just to get in the room and a thumb print to turn individual workstations on. Mobile phones and personal effects are banned and the computers have no USB ports, so data can’t be copied.

In addition, there are viewing screens in each of the additional commissioner’s zonal offices and in all 23 police stations and roughly 200 observers will eventually be required to operate them. A project manager said he hoped to have a 60-40 or 50-50 split between male and female observers. The observers are monitored by the police, who will decide what actions to take depending on what alerts are generated.

The manpower is being provided by CMS Computers, with applicants having their resumes verified by the police. Observers will spend anywhere from four to six weeks in training before they get on the job, one of the project managers said.

Keeping the data secure

The images from the standard cameras will be stored for 90 days, while those taken with PTZ cameras will be stored for 30 days. “If you store for longer periods, it involves more cost,” Bakshi said. “We feel that if something has to be reported to us, it will be reported within 90 days.”

MTNL has set up a data centre in Worli and a disaster recovery centre in Belapur. If something goes wrong in Worli, there will still be connectivity via Belapur. Both centres have been “tied-up” to make the data as safe as possible. At the test lab at Larsen & Toubro’s project headquarters in Mallet Bunder, they even have a rodent detection device that broadcasts an ultrasonic frequency to drive away rats and stop them from chewing up the wires.

False starts

The project took some time to get off the ground because getting the details worked out was a painstaking elaborate process, former Maharashtra chief secretary ( home) Amitabh Rajan, told Mumbai Mirror. The committee wanted to make sure everything was transparent and that there were no allegations against the project. Control and security were also zealously guarded. “No compromise on security, not even cost,” Rajan said. “Like titration in chemistry, we eventually got the right concentration.”

There was also a battle between a lobby that wanted the system to be set up using dedicated fibre optic cables, and a lobby of technology providers that wanted to use wireless technology. The cops backed cables, which are not only safer but make it easy to add additional bandwidth, whereas wireless networks have limited bandwidth. It was a battle the cops would eventually win but at the cost of time.

The tender process didn’t go smoothly either. Larsen and Toubro were actually the winners of the fourth tender the Maharashtra government put forward. The first tender had to be cancelled because the winning consortium had not properly disclosed its ownership structure — one of the companies turned out to be controlled by a subsidiary of Reliance Industries. The second was cancelled when the vendor’s bank guarantee cheque of Rs 2 crore bounced and the owner disappeared. He was eventually found and arrested two years later.

The third tender received no bidders because it did not offer up-front payment for capital expenditure, according to then IT secretary Rajesh Aggarwal, who was part of the committee. It was finally on the fourth occasion, when the committee decided to offer a certain percentage of the project cost at the start and the rest over the remaining five years as maintenance fees, that a deal could be sealed.

Coordination headache

The next hurdle was coordinating the work between all the different organisations that populate Mumbai. The final total was around 35 or 40 bodies, including the Municipal Corporation of Greater Mumbai (MCGM), BEST and Reliance Power, the police, MMRDA, the Government of India and the High Court. “To explain to everyone that it is a security project and please don’t go by normal rules, you have to give concessions for all these things, all this co-ordination was a big job,” Bakshi said.

It led to delays, which is why the project had to take the extraordinary step of getting permission from the MCGM to dig up roads during the monsoon to lay the fibre-optic cables. It was the only way the project could make its deadline.

“If we had done it like a normal project, it would have taken five years,” an engineer said.

A question of privacy

Two experts in privacy issues that Mirror spoke to said that such a system is in the public interest, but safeguards must be built to prevent abuse. “If the data falls into the wrong hands, it can create havoc,” said Pavan Duggal, an expert in the field of cyber law. “Large scale surveillance of the public should not be the norm, it should be the exemption to the norm.” he said. “It can create unease and lessen the enjoyment of living in a democratic society.”

According to Sunil Abraham, director of the Centre for Internet and Society, the biggest problem is that India does not have an “omnibus privacy law”.

Instead, it has about 50 different laws across sectors and therefore privacy regulations are not consistent, which has created a legal thicket. “110 countries have passed privacy laws to European Union standards. India is really far behind,” he said.

He also listed a number of principles that he hoped the project would abide by, such as the principles of notice (CCTV cameras should be advertised as such), of openness (details of the system should be made public), security (“if you don’t have security, you can’t ensure privacy”) and of access (“we should have a right to get the footage of ourselves”). He also warned against the footage being shared between different security agencies without due process.

Additional Chief Secretary (Home) Bakshi said most of these principles were part of the system. There would be boards demarcating the CCTV cameras, the system would be publicly launched, it was being made as secure as possible and footage could be handed over depending on the circumstances. “If it is your own, then no problem,” Bakshi said. “If it is someone else’s then there are privacy issues. Is it because of criminal intent or you want to track your girlfriend’s other boyfriend to see if he is following her? These are issues. If you want yours, on merit we can give. No issue.”

Another concern Abraham raised is unique to India and the Aadhaar card, which uses biometric data as passwords, not identification. Since the CCTV cameras are high resolution, it raises the risk of someone recreating your iris or finger prints from a captured image and then “somebody could empty your Aadhaarlinked bank accounts,” Abraham said.

This is not as far-fetched as it sounds. Abraham pointed out that in 2014 a member of the Chaos Collective Club, the largest association of hackers in Europe, recreated the finger print of a German minister from a photograph they took of her hand.

“Other risks are smaller, a revealing photograph or someone trying to blackmail you,” Abraham said.

Not just for crime

The camera feed has other applications too, beginning with traffic management. An automatic number plate recognition system will be installed as well. If you look around the corner, don’t see a cop and jump a light, you could still get in trouble. “6000 [sic] police in the sky are watching you and you will get a challan sitting at home,” Aggarwal said. Other uses include tracking of encroachments by the Municipal Corporation of Greater Mumbai which will have an additional viewing centre. Also garbage disposal and other civic issues such as water logging and a subject dear to Mumbai citizens — potholes. “Somebody complains that this road has a pothole, immediately you can zoom in and see that yes, there is a pothole on this road,” Bakshi said.

There is also a provision to allow a further 103 locations to plug-in and play. For example, if the Taj Mahal Hotel wants the police to survey the hotel for a period of time, the hotel’s CCTV system can be hooked up to the main control room within 48 hours. The same goes for the airport or the railway stations.

Effect of CCTV surveillance

Worldwide the academic literature on CCTV surveillance suggests its effectiveness, especially on crime prevention, is uncertain or limited. “Post crime it really, really helps,” Aggarwal said, “but for prevention, we have to wait and watch. If it reduces sexual harassment for example, then that is priceless. Time will tell how people try to beat the system and how the system tries to catch up.”

Joint Commissioner of Police, Law and Order, Deven Bharti said he was already seeing an improvement in traffic management and in prevention and detection of crimes thanks to the 3000-plus cameras that were live when Mirror spoke to him two days ago, though he said he could not provide details. “The system is working to our satisfaction,” Bharti said.

Bakshi said the effects of the system should start showing roughly a month after the project is fully operational. “In Pune, results started being seen within a month. Once all 4700 [cameras] are live, you will start seeing the results on traffic violations, street crimes, and at general discipline level. [First] Let the people know they are under surveillance, that they are completely covered in Mumbai by CCTV.”

The total cost of the project is Rs 1008 crore. Out of this, about Rs 400 crore has already been spent. The balance will be paid out in regular installments until October 2021. At that point the Maharashtra government and Mumbai police will take complete control of the project. “We presume that in five years’ time, we will have enough trained people to run it ourselves,” Bakshi said.

For more details visit https://cis-india.org/internet-governance/news/mumbai-mirror-tariq-engineer-october-2-2016-eye-on-mumbai

WhatsApp ruling: Experts seek privacy law

praskrishna — 2016-09-27T02:35:06Z

On August 25, Whatsapp updated its policy to share user content with social network; the decision opened new monetisation models for the messaging app.

The article by Apurva Venkat and Moulishree Srivastava quoted Sunil Abraham. It was published in the Business Standard on September 24, 2016.

The recent Delhi High Court ruling that messaging app Whatsapp cannot share user data highlights the need for legislation on privacy, according to experts.

On August 25, Whatsapp, a platform with 70 million users in India that was acquired by Facebook in 2014, updated its policy to share user content with the social network. The decision opened new monetisation models for the messaging app.

In response to a PIL, the court ordered WhatsApp to delete data of users who chose to opt out of its policy changes before September 25. It also orderedWhatsApp not to share data collected before September 25 with Facebook for users who had not opted out.

"The decision makes a strong statement on privacy," said Sunil Abraham, executive director of the Centre for Internet Society. According to him, a user trusts a platform and provides access to his data. As another firm acquires the platform, it gains access to the data.

"Facebook owns Whatsapp. It has to look at ways of monetising it," said Nikhil Pahwa, co-founder of SavetheInternet.in.

"With so much digital data being generated, there is a need for a privacy law in the country," said Pahwa.

"Facebook's consent interface is confusing. It can make a person who wants to opt out let the company access his data," said Abraham, adding a law would take care of such intricacies. The government is working on a privacy bill.

Saroj Kumar Jha, partner, SRGR Law Offices, said there were few judgments on privacy in India based on constitutional rights.

"While the Information Technology Act enables courts to pass judgments on global companies on privacy, enforcing the orders is difficult," he said.

"What is required is a privacy law that can protect user data and uphold the individual's right to privacy," he added.

For more details visit https://cis-india.org/internet-governance/news/business-standard-september-24-apurva-venkat-and-moulishree-srivastava-whasapp-ruling-experts-seek-privacy-law

Right to Food Campaign, Ranchi Convention, 2016

sumandro — 2019-03-16T04:40:52Z

The Right to Food Campaign held its 2016 Convention in Ranchi during September 23-25, 2016. While three years have elapsed since the passage of the National Food Security Act, despite improvements in the Public Distribution System (PDS), large implementation gaps remain. This is what the Convention focused on, and gathered researchers and campaigners from across the country to share experiences and case studies on effectiveness and exclusions from the PDS. Sumandro Chattapadhyay took part in a session of the Convention to discuss how UID-linked welfare delivery is being rolled out across key programmes like provision of pension and rationed distribution of essential commodities, and their impact on people's right to welfare services.

Right to Food Campaign: Website.

Right to Food Campaign: Cash Transfers and UID: Our Main Demands.

Ranchi Convention, 2016: Programme.

For more details visit https://cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016

When the war’s on WhatsApp

praskrishna — 2016-09-25T16:36:01Z

Slick, jingoistic videos are whipping up pro-war rhetoric on social media after the Uri terror attack.

The article by Manju V was published in the Times of India on September 25, 2016. Nishant Shah was quoted.

It packs a meaner punch than any 140-character tweet. In 140 jingoistic seconds, the cleverly packaged YouTube film veers from Mohammed Rafi to Chandra Shekhar Azad drumming up pro-war rhetoric to avenge the Pathankot attack. Set to the tone of chirping crickets on a moonlit night somewhere along the western border that India shares with its neighbour, the short film has two armymen in fatigues deliberate over the absolute need to respond with a counter attack. It ends in a staccato military drumbeat with a voiceover quoting Azad: "If yet your blood does not rage, then it is water that flows in your veins."

Posted about 10 days after the Pathankot attack in January, the video was resurrected last week after the country woke up to the Uri attack that killed 18 Indian soldiers in the deadliest assault on security forces in Kashmir in over two decades. Even as photographs of a grenade smoke-filled valley, tricolour-draped coffins, grieving sons, daughters and widows made the rounds in media outlets scores of Indians marched onto social media, some armed with incendiary prose and other with slick videos that expressed more anger than anguish.

In another video doing the rounds, a jawan, or someone in uniform, sings a poem warning Pakistan. His mates join in the refrain: "Kashmir toh hoga, lekin Pakistan nahi hoga."

These videos of jawans threatening to decimate Pakistan were shared by thousands. WhatsApp profile pictures and statuses were changed, Facebook posts got longer and vitriolic, Twitter #UriAttack exploded with expletives as the enough-is-enough sentiment peaked. It heralded the beginning of an era where the dynamics of Indo-Pakistan relations will play out not just in the diplomatic corridors of Delhi and Islamabad, the valley of Kashmir or the barracks of security forces; but also on the mobile phones, tablets and laptops of millions of Indians.

When contacted for a comment, the makers of the war-mongering 'Pathankot Tolerance' video didn't endorse war outright. "My individual opinion is that war is not a solution," said producer Santosh Singh, who heads the Mumbai-based V Seven Pictures. "Before we resort to war, we have to solve our internal problems. How can we let infiltration take place so blatantly?" he asked. Why then does the video not talk about this? Singh said that when one hears about such attacks, the instant reaction is to retaliate. "The video is based on that sentiment."

An electronics engineer, Singh also owns an IT recruitment firm. His film production company, which he runs along with his friend Vivek Joshi, made the Mauka Mauka World Cup video that went viral and also produces short films and videos for clients. "We have no political affiliations, in fact we turned down a couple of political parties who approached us," says Singh, adding that his company has made 30-35 films in less than two years. "Of these, about 10 are on issues close to our heart, like those on Afzal Guru and the Pathankot attack. We upload them on YouTube, they are aired without ads. We don't earn money from them," he adds.

Ugly gets outlet

Nitin Pai, director of Takshashila Institution, an independent centre for research and education in public policy, says that social media and some television studios have enabled people to express their subconscious fears and desires. "It is not just today that the people of India have been angry with Pakistan for fomenting terrorism in our country. But it is only now that they have ways to express this anger; unfortunately, social media dynamics amplify this anger in a grotesque, distorted manner, allowing the ugly and less-sensible views to rise to the top of the public discourse," said Pai.

Tracing the many origins of this phenomenon, psychiatrist Harish Shetty says that in an angst-ridden, globalized world, we need a whipping boy. "With the Uri attacks, the entire nation had a common enemy. In expressing collective anger, there's catharsis." The current outpouring is not just over the deaths of soldiers; such an incident also opens up older wounds, he says. "For a long time, Indians have found their leaders to be helpless. It's like a family that is attacked again and again by a neighbour, but the father does nothing about it. There has been a lack of strong response from 'papa figures' across time, which has led to a sense of anger and rage. After the Uri attacks, the collective self-esteem of the country took a beating, and people felt a need to assert themselves on social media. At such times strong action is viewed as legitimate, valid and free of guilt," he adds.

Amplifying angst

If social media brought together protesters in Tunisia and Egypt during the Arab spring, in democratic India it has turned into a platform for expressing mass disenchantment with the government, especially in the wake of such attacks.

Social media plays several roles in times of crises, says Nishant Shah, professor of digital media and co-founder of the Centre for Internet & Society, Bengaluru. One, it amplifies what is already being said in friend circles and living-room conversations in front of the telly, but spreads it to a larger audience. "The second role it plays is distribution: social media allows people to inherit other people's opinions, thus exposing them to new ways of thinking but also find corroborators for their own viewpoints," he says. The third is catalysis — social media also has the capacity to generate new information. "The format creates new kinds of truths. Things that can be caught in Snapchat videos, or visuals which can be remixed, all become a part of this zeitgeist," Shah says.

Virtual wars

But in India at least, social media is no indicator of considered public opinion, points out Pai. Shah adds: "What we are seeing is a filter bubble of a privileged set of people who are engaging in this debate."

Then again, what's said on social media needn't be endorsed in real life. Vivek Joshi, who wrote and directed the Pathankot video, says nobody in the world would want a war. "But when it comes to the lives of our soldiers, an answer has to be given. If the government had taken any visible action, then there would have been no need to put out a video like this," Joshi adds. And therein probably comes the new-age heuristic of venting out on social media.

For more details visit https://cis-india.org/internet-governance/news/times-of-india-september-25-2016-manju-vi-when-the-war-is-on-whatsapp