We are anonymous, we are legion

Despite apex court order, IOC proceeds with Aadhaar-linked DBT

praskrishna — 2014-01-31T06:50:33Z

Once DBT starts, there is no other method to avail of subsidy: IOC official.

The article by Deepa Kurup was published in the Hindu on January 6, 2014. Sunil Abraham is quoted.

Despite an interim order by the Supreme Court disallowing the government from making the Aadhaar number mandatory for accessing State subsidies and benefits, Indian Oil Corporation (IOC) Ltd. continues to inform consumers that they will not get their LPG subsidy if they do not seed their Aadhaar-linked bank accounts to the IOC database.

SMSes and publicity material released by IOC in the past week indicate that the company is going ahead with the Union government’s deadlines for the Direct Benefit Transfer scheme for LPG. While the deadline for Udupi and Dharwad districts has been extended till January-end, the “grace period” for Bangalore Urban will expire on March 1.

Over the past week, LPG consumers have been receiving frequent SMSes requesting them to submit their Aadhaar number to their LPG distributor and their bank, with “no further delay”. Though the SMS does not state whether or not this is mandatory, frequent messages have been instilling a sense of urgency and panic among consumers. Further, several consumers told The Hindu that, upon enquiry, distributors had been telling them that they would have to forego their subsidy amount (for nine cylinders a year) if they failed to register their details with the IOC database. Once the DBT scheme is enforced, the IOC will migrate customers entirely to the new system — that is, consumers will have to pay the market price, and the subsidy amount will be credited to their bank accounts.

‘No other method’

Senior IOC officials said that while the oil manufacturing company was desisting from making statements on whether or not this was mandatory, in effect those whose details would not be seeded to the database would not be able to avail of the benefit. “Basically, once the DBT scheme starts there is no other method to receive or avail of the subsidy. As of now, there is no alternative method,” said R.K. Arora, executive director, Karnataka State office. He pointed out that in rural areas several other subsidies were already linked to Aadhaar, and the DBT scheme was at 100 per cent in Tumkur and Mysore districts.

As of January 1, an IOC official said, only 30 per cent of LPG consumers in the Bangalore Circle had ‘seeded’ their accounts to the IOC database, while in Udupi and Dharwad it was roughly around 50 per cent.

“We are not claiming it’s mandatory, and currently all companies have submitted an affidavit seeking the order be reconsidered. Meanwhile, we have just asked people to submit the details to the distributor as soon as they can,” the official said. He added that IOC was likely to keep extending the deadline to “be on the safe side”.

Meanwhile, there is confusion among consumers on the issue. Krishnan Pillai, a resident of R.T. Nagar here, said Aadhaar numbers were being delayed, and there was huge anxiety among people. “Last week, I saw an advertisement that implied that I will lose subsidy if I don’t submit my number. Is the Supreme Court verdict not applicable?” he said. Sumitra Gupta, a charted accountant from Majestic, said distributors were telling them to “ignore news report on the Supreme Court verdict”.

“This is arm twisting,” she said.

‘So-called voluntary’

Sunil Abraham of the Centre for Internet and Society, a Bangalore-based NGO that has been part of the anti-Aadhaar campaign, said IOC was “pushing the boundary”. “From the very beginning, people have been objecting to the so-called voluntary nature of the scheme. It’s unfortunate that the will of the Supreme Court in its interim order on such as a critical component of our citizenship is also being ignored,” he said.

For more details visit https://cis-india.org/news/hindu-january-6-2014-deepa-kurup-despite-apex-court-order-ioc-proceeds-with-aadhar-linked-dbt

Big Brother is watching you

chinmayi — 2014-01-06T09:31:22Z

India has no requirements of transparency whether in the form of disclosing the quantum of interception or in the form of notification to people whose communication was intercepted.

The article by Chinmayi Arun was published in the Hindu on January 3, 2014.

The Gujarat telephone tapping controversy is just one of many kinds of abuse that surveillance systems enable. If a relatively primitive surveillance system can be misused so flagrantly despite safeguards that the government claims are adequate, imagine what is to come with the Central Monitoring System (CMS) and Netra in place.

News reports indicate Netra — a “NEtwork TRaffic Analysis system” — will intercept and examine communication over the Internet for keywords like “attack,” “bomb,” “blast” or “kill.” While phone tapping and the CMS monitor specific targets, Netra is vast and indiscriminate. It appears to be the Indian government’s first attempt at mass surveillance rather than surveillance of predetermined targets. It will scan tweets, status updates, emails, chat transcripts and even voice traffic over the Internet (including from platforms like Skype and Google Talk) in addition to scanning blogs and more public parts of the Internet. Whistle-blower Edward Snowden said of mass-surveillance dragnets that “they were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.”

So far, our jurisprudence has dealt with only targeted surveillance; and even that in a woefully inadequate manner. This article discusses the slow evolution of the right to privacy in India, highlighting the context and manner in which it is protected. It then discusses international jurisprudence to demonstrate how the right to privacy might be protected more effectively.

Privacy and the Constitution

A proposal to include the right to privacy in the Constitution was rejected by the Constituent Assembly with very little debate. Separately, a proposal to give citizens an explicit fundamental right against unreasonable governmental search and seizure was also put before the Constituent Assembly. This proposal was supported by Dr. B.R. Ambedkar. If accepted, it would have included within our Constitution the principles from which the United States derives its protection against state surveillance. However, the proposed amendment was rejected by the Constituent Assembly.

Fortunately, the Supreme Court has gradually been reading the right to privacy into the fundamental rights explicitly listed in the Constitution. After its initial reluctance to affirm the right to privacy in the 1954 case of M.P. Sharma vs. Satish Chandra, the court came around to the view that other rights and liberties guaranteed in the Constitution would be seriously affected if the right to privacy was not protected. In Kharak Singh vs. The State of U.P., the court recognised “the right of the people to be secure in their persons, houses, papers, and effects” and declared that their right against unreasonable searches and seizures was not to be violated. The right to privacy here was conceived around the home, and unauthorised intrusions into homes were seen as interference with the right to personal liberty.

If the Kharak Singh judgment was progressive in its recognition of the right to privacy, it was conservative about the circumstances in which the right applies. The majority of judges held that shadowing a person could not be seen to interfere with that person’s liberty. Dissenting with the majority, Justice Subba Rao maintained that broad surveillance powers put innocent citizens at risk, and that the right to privacy is an integral part of personal liberty. He recognised that when a person is shadowed, her movements will be constricted, and will certainly not be free movements. His dissenting judgment showed remarkable foresight and his reasoning is consistent with what is now a universally acknowledged principle that there is a “chilling effect” on expression and action when people think that they are being watched.

The right to privacy as defined by the Supreme Court now extends beyond government intrusion into private homes. After Govind vs. State of M.P., and Dist. Registrar and Collector of Hyderabad vs. Canara Bank, this right is seen to protect persons and not places. Any inroads into this right for surveillance of communication must be for permissible reasons and according to just, fair and reasonable procedure. State action in violation of this procedure is open to a constitutional challenge.

Our meagre procedural safeguards against phone tapping were introduced in PUCL vs. Union of India (1997) after the Supreme Court was confronted with extensive, undocumented phone tapping by the government. The apex court found itself compelled to lay down what it saw as bare minimum safeguards, consisting mostly of proper record-keeping and internal executive oversight by senior officers such as the home secretary, the cabinet secretary, the law secretary and the telecommunications secretary. These safeguards are of little use since they are opaque and rely solely on members of the executive to review surveillance requests.

Right and safeguards

There is a difference between targeted surveillance in which reasons have to be given for surveillance of particular people, and the mass-surveillance which Netra sets up. The question of mass surveillance and its attendant safeguards has been considered by the European Court of Human Rights in Liberty and Others vs. the United Kingdom. Drawing upon its own past jurisprudence, the European Court insisted on reasonable procedural safeguards. It stated quite clearly that there are significant risks of arbitrariness when executive power is exercised in secret and that the law should be sufficiently clear to give citizens an adequate indication of the circumstances in which interception might take place. Additionally, the extent of discretion conferred and the manner of its exercise must be clear enough to protect individuals from arbitrary interference. The principles laid down by the European Court in relation to phone-tapping also require that the nature of the offences which may give rise to an interception order, the procedure to be followed for examining, using and storing the data obtained, the precautions to be taken when communicating the data to other parties, and the circumstances in which recordings may or must be erased or the tapes destroyed be made clear.

Opaque and ineffective

Our safeguards apply only to targeted surveillance, and require written requests to be provided and reviewed before telephone tapping or Internet interception is carried out. CMS makes the process of tapping more prone to misuse by the state, by making it even more opaque: if the state can intercept communication directly, without making requests to a private telecommunication service provider, then it is one less layer of scrutiny through which the abuse of power can reach the public. There is no one to ask whether the requisite paperwork is in place or to notice a dramatic increase in interception requests.

India has no requirements of transparency whether in the form of disclosing the quantum of interception taking place each year, or in the form of subsequent notification to people whose communication was intercepted. It does not even have external oversight in the form of an independent regulatory body or the judiciary to ensure that no abuse of surveillance systems takes place. Given these structural flaws, the Amit Shah controversy is just the beginning of what is to come. Unfettered mass surveillance does not bode well for democracy.

(Chinmayi Arun is research director, Centre for Communication Governance, National Law University, Delhi, and fellow, Centre for Internet and Society, Bangalore.)

For more details visit https://cis-india.org/internet-governance/blog/the-hindu-january-3-2014-chinmayi-arun-big-brother-is-watching-you

Biometrics or Bust? Implications of the UID for Participation and Inclusion

praskrishna — 2014-01-06T08:56:51Z

Malavika Jayaram will give a talk on biometrics and the implications of UID for participation and inclusion at the office of the Centre for Internet and Society in Bangalore on January 10, 2014 at 6.00 p.m.

Abstract

Privacy is often portrayed as a luxury, as the intellectual preoccupation of nerdy privileged liberals, and an issue of salience only to the elite. This ignores the reality of the most marginalized sections of a society being disproportionately impacted by privacy intrusive technologies. The collusion of public and private agendas towards implementing large welfare projects is generally seen as progressive and neutral, yet the consequences of even well-intentioned efforts that trade privacy for convenience, welfare, security or a host of other compelling goals is troubling. The use of biometric technologies further complicates matters: the assumption that bodies can be rendered into infallible verifiers, as repositories of unchanging truth, is not without its catalogue of failures. This talk will examine the notion of biometric representations as a kind of capital, the possibility that failures are endemic to their functioning, and the implications of systemic errors on equality, participation and democracy.

Malavika Jayaram

Malavika is a Fellow at the Berkman Center for Internet and Society at Harvard University, focusing on privacy, identity and free expression. She is also a Fellow at the Centre for Internet and Society, Bangalore, and the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Done series.  Malavika is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection Lawyers directory. In August 2013, she was voted one of India’s leading lawyers and one of only 8 women to be featured in the “40 under 45” survey conducted by Law Business Research, London. In a different life, she spent 8 years in London, practicing law with global firm Allen & Overy in the Communications, Media & Technology group, and as VP and Technology Counsel at Citigroup. During 2012-2013, she was a Visiting Scholar at the Annenberg School for Communication, University of Pennsylvania. She is working on completing her PhD at the National Law School.

For more details visit https://cis-india.org/events/biometrics-or-bust-implications-of-uid-for-participation-and-inclusion

Seminar on "Hate Speech and Social Media"

praskrishna — 2014-02-13T06:22:41Z

NALSAR University of Law, in collaboration with the British Deputy High Commission organized a seminar on Hate Speech and Social Media in Hyderabad on January 4 and 5, 2014. Chinmayi Arun was one of the speakers at the seminar.

Richa Kaul Padte was a keynote speaker on the panel on ‘Marginalised Communities and the Experience of Social Media’, while Anja Kovacs was the keynote speaker on the panel on ‘Internet - A Democratic Space?’.

This seminar focused on emerging debates on free speech, marginalisation and radicalisation in the context of the internet. Long hailed as a great democratiser, the internet has been instrumental in granting a voice to millions of people, and yet, in permitting anonymity it raises important questions of liability and responsibility. Over the course of two days, the seminar explored issues through conversations between people who have worked on various aspects of this issue, including leading jurists, lawyers, bloggers and activists who have embraced new technologies. Some of the prominent speakers at the seminar included Hon’ble Justice Madan B Lokur, Hon’ble Dr. Justice S Muralidhar, Teesta Setalvad, Geeta Seshu, Chinmayi Arun, Anja Kovacs and Apar Gupta.

Click to read the details posted on Internet Democracy Project website.

For more details visit https://cis-india.org/news/nalsar-seminar-hate-speech-social-media

Rise of the bot: all you need to know about the latest threat online

praskrishna — 2014-01-31T07:16:36Z

In the last week of December, 2013, former union railway minister Pawan Kumar Bansal lodged a police complaint in Chandigarh after witnessing “an unusual rise in his online fan following”. The former minister told the police that his Facebook page had received more than 10,000 likes, within a span of 24 hours. While his allegation that the ‘likes’ were “fabricated” may be true, information technology experts believe a bot was at work.

The article by Danish Raza was published in the Hindustan Times on January 5, 2014. Snehashish Ghosh is quoted.

A bot is a software that mimics human behaviour on the Internet. Bots can be used to create artificial accounts on social media, provide numerous likes on a particular page, send tweets or visit various websites. All this is done without any human involvement.

Bots already constitute a significant percentage of Non Human Traffic (NHT) online, which has, according to some estimates, eclipsed human traffic. Comscore, a US-based Internet technology company noted on its blog that NHT, also known as Artificial Traffic, increased from approximately 6% of the total web traffic in 2011, to 36% in 2012. Last month, a report from Incapsula, a cloud-based security service, which aids the security and performance of websites, stated that more than 60% of web traffic was non-human in 2013. The figure was based on data collected from the 20,000 sites on Incapsula’s network .

Other than bots, NHT on the web includes traffic generated by Internet routers and back end services used by websites to communicate with third parties.

India is not immune to the problem. According to the Symantec Internet Security Threat Report for 2012, there was a 280% increase in bot infections in India between 2011 and 2012. 17% of bot-infected computers, the highest in the world, are in India and 15% of global bot-net spam is generated here. The report also states that 69 Indian cities are prone to bot infections which includes Bhubaneswar, Surat, Cochin, Jaipur, Visakhapatnam, Indore, Kota, Ghaziabad and Mysore.

Bot spotting
How do you spot a bot? When a bot or its friend is at work, the browser directs you to sites other than the ones you intend to visit, you get full-page pop ups and pop unders, and when you quit the browser, it gets relaunched after a few minutes. Chances are your computer is part of a chain of online events which create NHT on the web, the purpose of which may be to attack a site or a server.

Why you should be wary
Malicious traffic, malware, hacking attempts, viruses slow down the Internet and delay legitimate traffic and services. Used to target systems or take down websites, NHT generates fake clicks on advertisements to increase website statistics.

One of the perils of ignoring artificial web traffic is that it gets counted for real impressions for which clients end up paying. For example, a website owner may hire the services of a digital marketing firm to publicise the site. In the guise of increasing page views, the marketing firm can produce a bill for fake impressions, supplementing actual human traffic to the page with bot usage.

“Unless there is a curb on this practice of malicious NHT, one stands at risk of being duped by marketers, agencies and even clients,” said Chiragh Cherian, director, online PR at Perfect Relations, a brand management firm. Recent studies have estimated bot traffic to be between 4 - 31% of total web traffic in the US, which translates to between $650 million and $4.7 billion in wasted marketing spend. According to Miaozhen Systems, a leading Chinese advertising technology company, NHT caused advertisers in China to lose approximately US$ 1.6 billion between July 2012 and June 2013.

How to combat Non-Human Traffic
Most servers have defence mechanisms to tackle spam and cyber attacks. Websites are also now developing mechanisms such as asking for human authentication which is difficult for a bot to execute. “But even personal computers should be equipped with strong Internet security applications such as anti-virus and anti-spyware to prevent hacking and phishing attempts and to prevent being used as slave machines for distributed cyber attacks,” said Chintu Cherian Abraham, a digital media professional. Figures show that we need to watch out where and how we go online. According to Norton Report, 2013, 61% Indians access their social network accounts from unsecured wi-fi connections, while 42% access bank accounts and 44% shop online using unsecured wi-fi connections.

Social media companies are gradually devising mechanisms to filter bots. “When a page and a fan connect on Facebook, we want to ensure that connection involves a real person interested in hearing from a specific page and engaging with that brand’s content. As such, we have recently increased our automated efforts to remove Likes on Pages that may have been gained by means that violate our terms,” mentions Facebook’s site integrity policy.

Agency-client intervention is necessary to ensure that artificial traffic is not presented as real. “It’s also important to make all agencies, advertisers and clients aware of their responsibility to keep the Internet free from malicious NHT,” said Chiragh Cherian.

Government involvement is also needed to control the problem of malicious bots. “A lot needs to be done from the government’s side to tackle bots which can be used to target the country’s critical infrastructure such as banking websites,” said Jiten Jain, a cyber security analyst, adding, “Last year, I highlighted the flaws in HDFC’s net banking website which have been rectified now. They could have been exploited to block the net-banking service.”

Until we have a robust mechanism to filter out bogus traffic from real, it will be difficult to say whether the social media followers of Bansal and other public figures are human or not.

Know your Bots
Not all bots are used with a negative intent. Some help in research and monitoring.

The Malicious
Bots can be effectively used to impersonate and to hack accounts leading to financial losses and intellectual property theft. “Theft of personal details, username and password to operate one’s bank account is a classic example of how bots can lead to financial losses. It is an organised cyber crime,” explained Commander (Retd) Mukesh Saini, former national information security coordinator, Government of India. In May 2013, cyber criminals broke into the Mumbai-based account of the RPG group and siphoned off `2.4 crore. Three people were arrested in the case.

“The rate at which NHT is increasing is alarming,” says Tinu Cherian Abraham. “Any computer connected to the Internet is vulnerable to such attacks. The user will not get to know about it unless he or she has installed an Internet security application.”

Besides bots, computers also generate other kinds of secondary activities, while the user is surfing the Internet. This activity remains in the background and is never seen by the user, unlike the bot-generated pop ups, observes Comscore. For example, your computer might be being used as a channel to reach a server with the intention of hacking it. And you will never know.

The Good
Not all NHT is bad, though. In fact, good bots such as scrapers can be effectively used to conduct research. “Wikipedia can be scraped to investigate the frequency of edits on a Wikipedia page and track the increase in the number of editors,” explained Snehashish Ghosh, policy associate at the Bangalore-based Centre for Internet & Society.

Good bots are also used by search engines to track content on websites and enhance their search results. Search bots and other good bots formed 31% of total bots, the Incapsula report noted.

The Social
Apart from malicious and good bots, there are social media bots too. “Extensive analysis is done on social media traffic for monitoring, business lead generation, as well as reputation management. This has amounted to a lot of automated or non-human traffic,” said Abraham.

According to Facebook’s filings published in a Forbes report in February 2012, around 83 million of its users are bogus. “It’s a violation of our policies to use a fake name or operate under a false identity, and we encourage people to report any user they suspect of doing this, either through the report links we provide on the site or through the contact forms in our help centre,” a Facebook spokesperson told HT.

Twitter bots have also made its presence felt on the platform. “Twitter has witnessed very interesting bots which have found appreciation from the community for being funny and creative. The microblogging site cracked down on some harmful bots, but still some of the advanced level bots slip through the net,” said Ghosh.

In August 2012, London-based firm Digital Evaluators, which evaluates social media presence of worldwide companies, released an analysis of Twitter followers of the US Presidential Election candidates Barack Obama and Mitt Romney. 21.9% of Barack Obama’s 17.82 million Twitter followers were found to be bogus.

The Big Brother
Ghosh said that the increase in NHT related to the Internet of things, the concept which enables communication between two or more devices, results in privacy issues. “Take a situation where your mobile device is constantly tracking your location for the purpose of switching on the air conditioner at your home before you reach. Such applications produce huge amounts of personal data and there is no clarity whether this data is being stored,” he said.

“As the new networks link data from products, company assets, or the operating environment, they will generate better information and analysis, which can enhance decision making significantly. Some organisations are starting to deploy these applications in targeted areas, while more radical and demanding uses are still in the conceptual or experimental stages,” noted a McKinsey & Company report on Internet of things.

For more details visit https://cis-india.org/news/hindustan-times-january-5-2014-danish-raza-rise-of-the-bot

Inventions that will make a difference

praskrishna — 2014-02-12T11:07:02Z

In an increasingly tech-driven world, what does 2014 have to offer? Geeta Padmanabhan turns the spotlight on some life-changing gadgets.

Geeta Padmanabhan's article published in the Hindu on January 1, 2014 quotes Maria Xynou.

Digiterati, have you tried Snapchat, the service that makes messages/photos/captions you send disappear in a few seconds once opened? The app with its swelling popularity among the young demands a re-think about data: do you need it around forever? In a remarkable step forward, 2014 may see Forever Internet and Erasable Internet living side by side.

What else is in store? “Your mobile devices and PCs will get more intelligent and remember your different passwords,” said J. Prasanna, AVS labs. “Advanced biometrics will enable scanning (fingerprint/retina) without devices. Sharper attack simulation on the cyber-world will force corporates to improve defence. Industrial houses will opt for more mobile devices — computers like raspberry pi — for logistics/checking. “You may not see a workstation at all!” Maria Xynou, The Centre for Internet and Society, foresees surveillance technologies getting smarter with artificial intelligence software, and people fending them off with crypto-like privacy software. “This might trigger more intrusive technologies,” she said.

Big data will grow bigger. Many of the products we depend on — Google's spell-checker, translation service, traffic maps, search-suggestions; Amazon.com's AMZN +0.13% media; Facebook’s News Feed, “friend” facilities — have come out of a huge cache of user data. But Kaspersky Lab expects cybercriminals to use refined mobile-phishing, banking-Trojans and mobile-botnets to hack and modify private information. VPN (virtual private network) services and Tor-anonymisers will become popular, demand for local encryption tools will spurt, it predicts.

Folding phones?

Now that curved display (G-Flex) is here, 2014 may bring in “roll-up or fold” smartphones/tablets to fit into our wallets. Also, with smarter tracking-tools and voice-recognition technology smartphones will become so intuitive and efficient that they may reflexively cater to our needs. “It will become a context engine — aware of where it is, where you are going, what you need,” said futurist Paul Saffo. Apple will launch the anticipated big-screen iPhones and iPads (12.9-inch or 13.3-inch), reports Digitimes. Upcoming iPhone models will have a 20mm chipset, and a choice between 4.7-inch and 6-inch display panel. But don't throw away your MacBook Air or MacPro yet.

“Prepare for a life-changing gadget,” says BBC, referring to Oculus Rift, a “consumer-focused virtual-reality headset”, to be launched by Kickstarter. You wear it and you'll see yourself running along a beach, flying in a spaceship, riding a roller-coaster, it says. Impatient for the “real” one? There are no tech hurdles to having a vehicle that is part-car, part-plane, part-drone parked outside your home, says Missy Cummings, Aeronautics/Astronautics Professor, MIT. The fly-by-wire Airbus is a drone, anyway. Automated systems with micro-second reactions will make transportation network — ground and air — safer. Your regular car will gain advanced tech features, from in-built sat-navs, parking assistance to voice-activated/touchscreen DVD players and radios.

Educator Sugata Mitra hopes to launch an entire school in the cloud — the tech-cloud. Retired teachers in remote areas will teach through Skype, classrooms will be beamed from all parts of the planet — “deep in the jungle, or high on a mountain.” Kids can just gather at one home for lessons, he said.

Robots will take longer strides in 2014. Google's Japanese start-up robot won the Darpa rescue-challenge by carrying out all the eight rescue-themed tasks ahead of rivals. Its dexterous, independent “robot army” will carry packages, push strollers. LiveScience reports Knightscope's five-foot K5 robot-cop's on-board sensor that can see, hear, touch and smell its surroundings will combine its observations with public data and use the information to predict if, when and where a crime is likely to occur. Asutosh Saxena's team at Cornell University has created a robot (PR2) programmed to free shop-assistants from drudgery — it packs purchases at check-out counters. Forrester Research's Jeff Ernst believes ICANN’s gTLD (generic top-level domain) program is a game-changer. The introduction of .brand and .category will help you choose products with ease and marketers fight off cybersquatters.

The best gift

To me the best gift of 2014 is the Copenhagen wheel. With an attached computer/sensor-aided device, this bicycle wheel monitors pedalling and activates an on-board electric-motor when you need support. Connecting wirelessly to the biker's smartphone, the device tracks distance travelled and elevation gained, shares with friends the number of calories burned, locks the wheel remotely as you walk away from the bike. An electric-hybrid bicycle!

Mark Anderson, Strategic News Service anticipates Apple's Siri-like products to get an upgrade, visualisation tools to usher in “seeing data.” Software-defined networking and storage will cause a “stampede to virtualise everything.” Technical work to break down barriers between clouds will spawn software that can run anywhere. E-mapping will include MALT (Micromapping, Advertising, Location/ID, Transactions). Indoor maps and location information will place advertising targeted at you, leading to transaction in which “your phone will direct you to where things on your shopping-list are. You pick them up, the store knows who you are, how you pay, and you’ll just walk out.”

Track these

2014 will see computers that can learn from their own mistakes.
Spending on mobile, work-collaboration and video-conferencing apps will rise.
Demand for “big data” analysts will soar.
Small start-ups will raise money more through crowdfunding, less from venture capitalists.

For more details visit https://cis-india.org/news/the-hindu-january-1-2014-geeta-padmanabhan-inventions-that-will-make-a-difference

India's Identity Crisis

malavika — 2014-01-09T07:56:08Z

Malavika Jayaram's article was published in 2013 Internet Monitor Annual Report: Reflections on the Digital World, published by Harvard's Berkman Center for Internet and Society.

India’s Unique Identity (UID) project is already the world’s largest biometrics identity program, and it is still growing. Almost 530 million people have been registered in the project database, which collects all ten fingerprints, iris scans of both eyes, a photograph, and demographic information for each registrant. Supporters of the project tout the UID as a societal game changer. The extensive biometric information collected, they argue, will establish the uniqueness of each individual, eliminate fraud, and provide the identity infrastructure needed to develop solutions for a range of problems. Despite these potential benefits, however, critical concerns remain about the UID’s legal and physical architecture as well as about unforeseen risks associated with the linking and analysis of personal data.

The most basic concerns regarding the UID project stem from the fact that biometric technologies have never been tested on such a large population. As a result, well-founded concerns exist around scalability, false acceptance and rejection rates, and the project’s core premise that biometrics can uniquely and unambiguously identify people in a foolproof manner. Some of these concerns are based on technical issues—collecting fingerprints and iris scans “in the field,” for instance, can be complicated when a registrant’s fingerprints are eroded by manual labor or her irises are affected by malnutrition and cataracts. Other concerns relate to the project’s federated implementation architecture, which, by outsourcing collection to a massive group of private and public registrars and operators, increases the chance for data breaches, error, and fraud.

Perhaps even more vexing are concerns regarding how the UID, which promises financial inclusion (by reducing the identification barriers to opening bank accounts, for example), might in fact lead to new types of exclusion for already marginalized groups. Members of the LGBT community, for instance, question whether the inclusion of the transgender category within the UID scheme is a laudable attempt at inclusion, or a new means of listing and targeting members of their community for exclusion. More fundamentally, as more and more services and benefits are linked to the UID, the project threatens to exclude all those who cannot or will not participate in the scheme due to logistical failures or philosophical objections.

It is worth noting that the UID is not the only large data project in India. A slew of “Big Brother” projects exist: the Centralised Monitoring System (CMS), the Telephone Call Interception System (TCIS), the National Population Register (NPR), the Crime and Criminal Tracking Network and Systems (CCTNS), and the National Intelligence Grid (NATGRID), which is working to aggregate up to 21 different databases relating to tax, rail and air travel, credit card transactions, immigration, and other domains. The UID is intended to serve as a common identifier across these databases, creating a massive surveillance state. It also facilitates an ecosystem where access to goods and services, from government subsidies to drivers’ licenses to mobile phones to cooking gas, increasingly requires biometric authentication.

The UID project was originally vaunted as voluntary, but the inexorable slippery slope toward compulsory participation has triggered a series of lawsuits challenging the legality of forced enrollment and the constitutionality of the entire project. Most recently, in September 2013, India’s federal Supreme Court affirmed by way of an interim decision that the UID was not mandatory, that not possessing a UID should not disadvantage anybody, and that citizenship should be ascertained as a criteria for registering in order to ensure that UIDs are not issued to illegal immigrants. This last stipulation is particularly thorny given that the Unique Identification Authority of India (UIDAI, the body in charge of the UID project) has consistently distanced the UID from questions of citizenship under the justification that it is a matter beyond their remit (i.e., the UID is open to residents, and is not linked to citizenship). The government moved quickly to urge a modification of the order, but the Supreme Court declined to do so and will instead release its final decision after it reviews a batch of petitions from activists and others. The UIDAI approached the court, arguing that not making the UID mandatory has serious consequences for welfare schemes, but the court recently ordered the federal government, the Reserve Bank of India, and the Election Commission to delink the LPG cooking gas scheme from the UID. This is a considerable setback for the project, given that this was one of the most hyped linkages for the UID. It remains to be seen whether the court will similarly halt other attempts to make the UID mandatory.

In the meantime, the UID project is effectively being implemented in a legal vacuum without support from the Supreme Court or Parliament. The Cabinet is seeking to rectify this and has cleared a bill that would finally provide legal backing for the UID program—its previous attempt was rejected by the Standing Committee on Finance in 2010. This bill is scheduled to come up for debate during the winter session of Parliament. The bill’s progress, along with the final decision of the Supreme Court, will have far reaching consequences for the UID project’s implementation and longevity, as well as for the relationship between India’s citizens and the state.

If fully implemented, the UID system will fundamentally alter the way in which citizens interact with the government by creating a centrally controlled, technology-based standard that mediates access to social services and benefits, financial systems, telecommunications, and governance. It will undoubtedly also have implications for how citizens relate to private sector entities, on which the UID rests and which have their own vested interests in the data. The success or failure of the UID represents a critical moment for India. Whatever course the country takes, its decision to travel further toward or turn away from becoming a “database nation” will have implications for democracy, free speech, and economic justice within its own borders and also in the many neighboring countries that look to it as a technological standard bearer.

The Indian government seems to envision “big data” as a panacea for fraud, corruption, and abuse, but it has given little attention to understanding and addressing the fraud, corruption, and abuse that massive databases can themselves engender. The government’s actions have yet to demonstrate an appreciation for the fact that the matrix of identity and surveillance schemes it has implemented can create a privacy-invading technology layer that is not only a barrier to online activity but also to social participation writ large.

The lack of identification documents for a large portion of the Indian population does need to be addressed. Whether the UID project is the best means to do this—whether it has the right architecture and design, whether it can succeed without an overhaul of several other failures of governmental institutions, and whether fixing the identity piece alone causes more harm than good—should be the subject of intense debate and scrutiny. Only through rigorous threat modeling and analysis of the risks arising out of this burgeoning “data industrial complex” can steps be taken to stem the potential repercussions of the project not just for identity management, fraud, corruption, distributive justice, and welfare generally, but also for autonomy, openness, and democracy.

Click to download the article published in the annual report of Berkman's Center for Internet and Society (PDF 7223 Kb)

For more details visit https://cis-india.org/internet-governance/blog/internet-monitor-2013-malavika-jayaram-indias-identity-crisis

December 2013 Bulletin

praskrishna — 2014-02-25T13:51:47Z

Our newsletter for the month of December 2013 can be accessed below.

We at the Centre for Internet & Society (CIS) wish you all a great year ahead and welcome you to the twelfth issue of its newsletter (December) for the year 2013:

-------------------------------
Highlights
-------------------------------

The National Resource Kit team has published a draft chapter highlighting the state of laws, policies and programmes for persons with disabilities in the state of Gujarat.
Government of India has passed the National Electronic Accessibility Policy. CIS had worked with the Department of Electronics and Information Technology to formulate this policy. We bring you a brief analysis of the policy and provisions therein in a blog post.
Nehaa Chaudhari on behalf of CIS submitted comments on the Proposed WIPO Treaty for the Protection of Broadcasting Organizations to the Ministry of Human Resource Development.
CIS-A2K team has published a report highlighting the key accomplishments about the work accomplished on Konkani Wikipedia from September to December 2013.
Vipul Kharbanda has provided an analysis of the laws and regulations that apply to Bitcoin in India concluding that government can regulate Bitcoin.
We released the first documentary film (DesiSec) on cyber security in India in Bangalore on December 11.
In the module on Global Histories of the Internet (part of the Knowledge Repository on Internet Access project) Nishant Shah analyses the understanding of the internet, cyberspace and everyday life and why do we need to know the history of the internet.
The second "Institute on Internet and Society" will be held in Yashada, Pune from February 11 to 17, 2014.
As part of the Making Change project, Denisse Albornoz provides an analysis of the benefits and limitations of increasing access to information to enable citizenship and political participation.

-----------------------------------------------
Jobs
-----------------------------------------------
CIS is seeking applications for the posts of Program Officer (Access to Knowledge) and Program Officer (Internet Governance): http://bit.ly/1aA57K6. There are two vacancies each for these posts and these are full-time based in Delhi. To apply, please send your resume to Sunil Abraham (sunil@cis-india.org) and Pranesh Prakash (pranesh@cis-india.org) with three writing samples of which at least one demonstrates your analytic skills, and one that shows your ability to simplify complex policy issues.

----------------------------------------------
Accessibility and Inclusion
----------------------------------------------
As part of our project (under a grant from the Hans Foundation) on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India, we bring you draft chapters for the states of Madhya Pradesh and Arunachal Pradesh, and the union territory of Daman and Diu. With this we have completed compilation of draft chapters for 27 states and 5 union territories. Feedback and comments are invited from readers for the following chapter:

► National Resource Kit Chapter

The Gujarat Chapter (by Anandhi Viswanathan, December 31, 2013): http://bit.ly/Kxbg3b.

Note: All of the chapters published so far in this project are early drafts and will be reviewed and updated.

►Other

# Media Coverage

An “Advocacy” Saga and the Inspiring Legacy of Rahul Cherian (by Shamnad Basheer, Spicy IP, December 16, 2013): http://bit.ly/1a5B7sU.

# Blog Entry

National Policy on Universal Electronic Accessibility – An Analysis (by Anandhi Viswanathan, December 27, 2013): http://bit.ly/1dfCW3I.

-----------------------------------------------------------
Access to Knowledge
-----------------------------------------------------------
The Access to Knowledge programme addresses the harms caused to consumers and human rights, and critically examines Open Government Data, Open Access to Scholarly Literature, and Open Access to Law, Open Content, Open Standards, and Free/Libre/Open Source Software.

# Submission

Comments on Proposed WIPO Treaty for the Protection of Broadcasting Organizations (by Nehaa Chaudhari, December 7, 2013). CIS submitted its comments to the Ministry of Human Resource Development: http://bit.ly/1hpWeuu.

# Events Participated In

3rd Global Congress on IP and the Public Interest & Open A.I.R. Conference on Innovation and IP in Africa (organized by University of Cape Town, December 9-13, 2013). Sunil Abraham participated as a speaker in the sessions on Bridging into the Global Congress: Global Issues, Local Answers?, User Rights Track: What Medicines Can Teach Tech: Exploring Patent Pooling and Compulsory Licensing in the Indian Mobile Device Market (http://bit.ly/1f74yir), User Rights Track: Reclaiming the World Trade Organisation: A Modest Proposal for a WTO Agreement on the Supply of Global Public Goods (http://bit.ly/1f74yir), and was a keynote speaker on The Freedom Continuum (http://bit.ly/1dH1WEM). Nehaa Chaudhari also participated in this event: http://bit.ly/1bJArFJ.
Twenty-Sixth Session of the Standing Committee on Copyrights and Related Rights (organized by WIPO, Geneva, December 16 – 20, 2013). CIS gave its statement on Limitations and Exceptions for Libraries and Archives (http://bit.ly/JWnjq7) and on Limitations and Exceptions for Education, Teaching and Research Institutions and Persons with Other Disabilities (http://bit.ly/JWnjq7). Nehaa Chaudhari participated as a speaker. India and the United States introduced 6 proposals on the WIPO Broadcast Treaty: http://bit.ly/1edqvr3.

The following has been done under grant from the Wikimedia Foundation (http://bit.ly/SPqFOl). As part this project (http://bit.ly/X80ELd), we held 3 workshops in the month of December, published a detailed report of key accomplishments of the work done in Konkani Wikipedia, a report on Train the Trainer Program held in the month of October and published an article in DNA.

►Wikipedia

# Article

Telugu Wikipedia completes 10 years (by Rahmanuddin Shaik, DNA, December 16, 2013): http://bit.ly/19OAvUV. The article was edited by Rohini Lakshané.

# Report

CIS-A2K: Work Accomplished on Konkani Wikipedia (by Nitika Tandon, December 31, 2013): http://bit.ly/1l6ttmp. The report throws some light on the work accomplished on Konkani Wikipedia from September to December 2013.

# Blog Entries

First ever Train-the-Trainer Program in India (by Nitika Tandon, December 5, 2013): http://bit.ly/1euwSXt.

The following are videos of participants from the Konkani Vishwakosh Digitization project (jointly organised by CIS-A2K and Goa University) speaking on their experiences with Wikimedia projects.

Priyadarshini Tadkodkar on Konkani language (by Subhashish Panigrahi, November 17, 2013): http://bit.ly/1hldNM8. We are featuring this here as we didn’t carry this in the last newsletter.
Varsha Kavlekar on Konkani Wikipedia Incubator (by Nitika Tandon, December 12, 2013): http://bit.ly/KmxyFo.
Darshan Kandolkar on Konkani Vishwakosh Digitization Process (by Nitika Tandon, December 13, 2013): http://bit.ly/1cqKyQ2.
Darshana Mandrekar speaks on Konkani Wikipedia (by Nitika Tandon, December 16, 2013): http://bit.ly/1keWyya.
Pooja Tople on Wikimedia Projects (by Nitika Tandon, December 17, 2013): http://bit.ly/1hlbubU.

# Events Organised

You Too Can Write on Wikipedia! — Training workshop (National Institute of Tourism and Hotel Management, Gachibowli, Hyderabad, December 5, 2013): http://bit.ly/1edmx1z.
Telugu Wikipedia Training Workshop (KBN College, Vijaywada, December 16, 2013): http://bit.ly/1i8ScnL.
Kannada Wikipedia Workshop at Alvas Vishva Nudisiri Virasat (Moodabidre, December 19 – 22, 2013). Dr. U.B. Pavanaja gave a presentation about Kannada Wikipedia and also conducted a workshop on Kannada Wikipedia as a parallel track. The event was covered by Prajavani (December 22), Hosadigantha (December 22), and Deccan Herald (December 22): http://bit.ly/1dGTBkw.

# Events Co-organised

Wikipedia Orientation Workshop (organised by CIS-A2K and Christ University, Bangalore, December 2, 2013): http://bit.ly/1lrkwEy.
Wikipedia Training Session @ Tiruvur (organised by CIS-A2K and Telugu Wikipedia community, Srivahini College, Tiruvur, December 19, 2013). T. Vishnu Vardhan and Rahmanuddin Shaik conducted the workshop: http://bit.ly/1e3oQX7. It was covered by Andhraprabha (http://bit.ly/1bU5VsQ), Eenadu (http://bit.ly/19fsttf), Sakshi (http://bit.ly/1e3pQdU), and Prajasakthi (http://bit.ly/JJs7ja) on December 19, 2013.

# Event Participated In

A Wikipedia Workshop at IISC (organised by the Assamese Wikipedia community, Bangalore, December 1, 2013). CIS-A2K team and Wikipedian Shiju Alex supported this event: http://bit.ly/1dSutY2.

# Media Coverage

CIS gave its inputs for the following media coverage:

A Feature on Telugu Wikipedia (Namaste Telengana Newspaper, December 8, 2013): http://bit.ly/19Yjwj6.
Odisha: Odia Wikipedia reaching 5000 article mark! (Odisha Diary Bureau, December 17, 2013): http://bit.ly/1dGU2vc.

-----------------------------------------------
Internet Governance
-----------------------------------------------
CIS is doing a project (under a grant from Privacy International and International Development Research Centre (IDRC)) on conducting research on surveillance and freedom of expression (SAFEGUARDS). So far we have organised seven privacy round-tables and drafted the Privacy (Protection) Bill. This month we bring you an analysis on whether Bitcoin can be banned by the government and a blog post on misuse of surveillance powers in India. As part of its project (funded by Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the IDRC) on mapping cyber security actors in South Asia and South East Asia a film DesiSec: Episode 1was screened. We also did an interview with Pranesh Prakash on cyber security. With this we have completed a total of 13 video interviews so far:

# Analysis

Can Bitcoin Be Banned by the Indian Government? (by Vipul Kharbanda, December 24, 2013): http://bit.ly/1lJrnGF.

# Blog Entries

Misuse of Surveillance Powers in India (Case 1) (by Pranesh Prakash, December 6, 2013): http://bit.ly/1donbaJ.
Brochures from Expos on Smart Cards, e-Security, RFID & Biometrics in India (by Maria Xynou, December 18, 2013): http://bit.ly/1f714fN.
India’s Identity Crisis (by Malavika Jayaram, December 31, 2013 Internet Monitor Annual Report: Reflections on the Digital World, published by Harvard's Berkman Center for Internet and Society): http://bit.ly/1lTRuuz.

# Upcoming Events

Digital Citizens: Why Cyber Security and Online Privacy are Vital to the Success of Democracy and Freedom of Expression (CIS, Bangalore, January 14, 2014): http://bit.ly/KucEU5. Michael Oghia will give a talk.
CPDP 2014 Reforming Data Protection: The Global Perspective (Brussels, January 22 – 24, 2014): http://bit.ly/KsgCws.
Nullcon Goa Feb 2014 — International Security Conference (organised by Nullcon, Bogmallo Beach Resort, Goa, February 12 – 15, 2014). CIS is one of the sponsors for this event: http://bit.ly/1lrBu5I.

# Events Organised

Big Democracy: Big Surveillance - A talk by Maria Xynou (CIS, Bangalore, December 3, 2013): http://bit.ly/19YnA31.
DesiSec: Episode 1 - Film Release and Screening (CIS, December 11, 2013): http://bit.ly/1lJt2fm.
Legal Issues pertaining to Cloud Computing (NLSIU Campus, Bangalore, December 14-15, 2013): http://bit.ly/1cvcmGq.
Biometrics or Bust? Implications of the UID for Participation and Inclusion (CIS, Bangalore, January 10, 2014). Malavika Jayaram will give a talk: http://bit.ly/1lJZhuK.

# Events Participated In

Convention on Crisis of Capitalism and brazen onslaught on Democracy (organized by INSAF, December 6, 2013). Snehashish Ghosh participated as a speaker: http://bit.ly/1gAxmNy.
International View of the State-of-the-Art of Cryptography and Security and its Use in Practice (IV) (jointly organized by Microsoft Research India, Indian Institute of Science, and Indian Institute of Technology Madras, December 6, 2013). Sunil Abraham was a panellist: http://bit.ly/1eAXl5t.
Technology in Government and Topics in Privacy (organized by Data Privacy Lab, CGIS Cafe, Cambridge Street, Harvard University Campus, December 9, 2013). Malavika Jayaram participated as a speaker on Biometrics in Beta – India's Identity Experiment: http://bit.ly/1bJDqht.
Cyberscholars Working Group at MIT (organized by the Berkman Center for Internet & Society, Harvard University, December 12, 2013): Malavika Jayaram made a presentation on Biometrics or Bust - India’s Identity Crisis: http://bit.ly/1eIpHef.
Seventh NLSIR Symposium on “Bridging the Security-Liberty Divide” (organised by National Law School, Bangalore, December 21-22). Chinmayi Arun and Bhairav Acharya were speakers at this event: http://bit.ly/1gjsxYe.

--------------------------------
News & Media Coverage
--------------------------------
CIS gave its inputs to the following media coverage:

MongoDB startup hired by Aadhaar got funds from CIA VC arm (by Lison Joseph, Economic Times, December 3, 2013): http://bit.ly/1f77bRg.
A Three-Way Race Draws Delhi’s Young, and Everyone Else, Out to Vote (by Betwa Sharma, New York Times, December 4, 2013): http://bit.ly/1gAxoFf.
India for UN body to resolve internet governance issues (by Kim Arora, The Times of India, December 5, 2013): http://bit.ly/JWESqe.
Card transactions with Aadhaar validation need more time: experts (by Kirti V. Rao and Moulishree Srivastava, Livemint, December 5, 2013): http://bit.ly/1hq35UL.
Indian government wakes up to risk of Hotmail, Gmail (originally published by AFP, December 7, 2013): http://bit.ly/19LrlOS. This was also mirrored in The Times of India (http://bit.ly/1hpYEJu), Reuters (http://bit.ly/1gaHhZk), Dawn (http://bit.ly/1azuV95), NDTV (http://bit.ly/19Ys7lS), Yahoo News (http://yhoo.it/JCSreE), The Malaysian Insider (http://bit.ly/1eAPAMW) and Asia One Digital (http://bit.ly/JWuw9R). A slightly modified version was published by Silicon India on December 11: http://bit.ly/1gAtzjd.

# Announcement

Pranesh Prakash has been elected as the Asia-Pacific representative to the executive committee of the NonCommercial Users Constituency (NCUC) (part of the Non-Commercial Stakeholders Group, which is in turn part of the Generic Names Supporting Organization, which is in turn part of ICANN): http://bit.ly/KuIVeC.

--------------------------------
Telecom
-------------------------------
Shyam Ponappa, a Distinguished Fellow at CIS is a regular columnist with the Business Standard. The articles published on his blog Organizing India Blogspot is mirrored on our website:

# Newspaper Column

For a Telecom Revival (by Shyam Ponappa, Business Standard, December 4, 2013 and Organizing India Blogspot, December 5, 2013): http://bit.ly/1avRDii.

--------------------------------
Digital Humanities
--------------------------------
CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

# Blog Entry

The Conflict of Konigsberg (by Anirudh Sridhar, December 17, 2013): http://bit.ly/1cEXhhU.

--------------------------------
Digital Natives
--------------------------------
CIS is doing a research project titled “Making Change”. The project will explore new ways of defining, locating, and understanding change in network societies. Having the thought piece 'Whose Change is it Anyway' as an entry point for discussion and reflection, the project will feature profiles, interviews and responses of change-makers to questions around current mechanisms and practices of change in South Asia and South East Asia:

►Making Change Project

# Blog Entries

Tactical Technology: Information is Power? (by Denisse Albornoz, December 26, 2013): http://bit.ly/1cEUrcY.
Tactical Technology: Designing Activism (by Denisse Albornoz, December 27, 2013): http://bit.ly/1a9IuzH.

►Other

# Newspaper Column

Digital Native (by Nishant Shah, Indian Express, December 22, 2013): http://bit.ly/1f7mU2P.

------------------------------------------------------------
Knowledge Repository on Internet Access
------------------------------------------------------------
CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at the Internet Institute website: http://bit.ly/1iQT2UB.

# Upcoming Event

Institute on Internet and Society (organised by Ford Foundation and CIS, Yashada, Pune, February 11-17, 2014): http://bit.ly/180mQi9. Registrations are closed for this event.

# Modules

History of the Internet: Building Conceptual Frameworks (by Nishant Shah, December 31, 2013): http://bit.ly/19WRHLb.
Internet Privacy in India (by Elonnai Hickok, December 31, 2013): http://bit.ly/19SNk6v.

-----------------------------------------------------
About CIS
-----------------------------------------------------
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

► Follow us elsewhere

Twitter:https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at:https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration:
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/december-2013-bulletin

CIS Cybersecurity Series (Part 13) - Pranesh Prakash

purba — 2014-01-20T06:20:44Z

CIS interviews Pranesh Prakash, lawyer and policy director with Centre for Internet and Society, as part of the Cybersecurity Series.

"When it comes to things cyber we completely lose our sense of proportion. While killing someone by negligence only attracts two years of punishment, saying something that people can define "offensive" attracts even more under 66A of the Information Technology Act. Something that can be a nuisance, under the Criminal Laws, can attract up to six months punishment, whereas under the IT act, it is up to three years..." - Pranesh Prakash, lawyer and policy director, Centre for Internet and Society

Centre for Internet and Society presents its thirteenth installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

Pranesh is a Policy Director with the Centre, and is a graduate of the National Law School of India University, Bangalore, with a degree in Arts and Law.

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/cis-cybersecurity-series-part-13-pranesh-prakash

Pranesh Prakash elected as Asia-Pacific Representative to the Executive Committee of NonCommercial Users Constituency

praskrishna — 2014-01-06T02:50:52Z

Pranesh Prakash has been elected as the Asia-Pacific representative to the executive committee of the NonCommercial Users Constituency (NCUC) (part of the Non-Commercial Stakeholders Group, which is in turn part of the Generic Names Supporting Organization, which is in turn part of ICANN).

More information about the NCUC including how to join can be found at http://www.ncuc.org/

Background & Mission Statement:
The purpose of the NonCommercial Users Constituency (NCUC) is to represent, through its elected representatives and its interest groups, the interests and concerns of non-commercial registrants and non-commercial Internet users of generic Top-level Domains (gTLDs).

It provides a voice and representation in ICANN processes to: non-profit organizations that serve non-commercial interests; nonprofit services such as education, philanthropies, consumer protection, community organizing, promotion of the arts, public interest policy advocacy, children's welfare, religion, scientific research, and human rights; public interest software concerns; families or individuals who register domain names for noncommercial personal use; and Internet users who are primarily concerned with the noncommercial, public interest aspects of domain name policy.

Chair
William Drake, U. Zurich, Switzerland

Executive Committee (Europe)
Stefania Milan, Tilburg University, the Netherlands

Executive Committee (Africa)
Grace Githaiga, Kenya ICT Action Network

Executive Committee (Asia and the Pacific)
Pranesh Prakash, Centre for Internet and Society, India

Executive Committee (North America)
Roy Balleste, St. Thomas University, USA

Executive Committee (Latin America)
Carlos Affonso Pereira de Souza, Rio de Janeiro Institute for Technology of Society

The election results were as under:

Total Ballots Cast (including duplicates): 146
Ballots Counted (excluding duplicates): 124
Voters Who Haven't Voted: 84

Chair
1: 155 votes: William Drake
2: 22 votes: Abstain

Executive Committee (Europe)
3: 152 votes: Stefania Milan
4: 21 votes: Abstain

Executive Committee (Africa)
5: 37 votes: Hago Dafalla
6: 106 votes: Grace Githaiga
7: 34 votes: Abstain

Executive Committee (Asia and the Pacific)
8: 43 votes: Peter Green (aka Zuan Zhang)
9: 17 votes: Imran Ahmed Shah
10: 38 votes: Walid Al-Saqaf
11: 62 votes: Pranesh Prakash
12: 33 votes: Abstain

Executive Committee (North America)
13: 145 votes: Roy Balleste
14: 32 votes: Abstain

Executive Committee (Latin America)
15:149 votes: Carlos Affonso Pereira de Souza
16: 24 votes: Abstain

For more details visit https://cis-india.org/news/icann-december-24-2013-pranesh-prakash-elected-as-asia-pacific-representative-to-executive-committee-of-nuc

Indian government wakes up to risk of Hotmail, Gmail

praskrishna — 2013-12-30T04:24:57Z

Worried by US spying revelations, India has begun drawing up a new email policy to help secure government communications, but the man responsible for drafting the rules still regularly uses Hotmail.

This was originally published by AFP on December 7, 2013, was also mirrored by the Times of India, Livemint, Reuters, Dawn, NDTV, Yahoo News, The Malaysian Insider and Asia One Digital. A slightly modified version was published by Silicon India on December 11. Sunil Abraham is quoted.

Like many of his peers in ministries across New Delhi, IT Minister Kapil Sibal's office recently sent an email inviting journalists to the launch of his new personal website using the free email service.

Others, including senior foreign ministry officials, the information and broadcasting minister and the health ministry secretary, also use Gmail, Hotmail or Yahoo instead of their government accounts.

When asked why he continued to use his Hotmail for official use, Sibal declined to comment, but a senior bureaucrat in his ministry admitted that he personally preferred Gmail because it is "just a lot easier".

"We keep moving, get different designations, go different places and with that, our emails change. You lose contacts and important emails, which you don't need to worry about with a Gmail account," the bureaucrat told AFP.

"To be honest, the quality of our official mail isn't that great yet. It still needs some work," he added on condition of anonymity.

Security concerns

IT security expert Sunil Abraham said the use of Gmail and the like was highly risky since the American services had their servers in the US and the National Security Agency has been known to tap into their database systems.

It is unclear how many state and federal public workers actively use popular email services for office, but some of the estimates are startling.

"As much as 90 percent of government officials use private email (services) for official use... that's because their official email is not as stable or speedy," said Abraham, executive director of the Bangalore-based Centre for Internet and Society.

In September Sibal's ministry announced a new "Email Policy of the Government of India" in the wake of spying allegations about the NSA revealed by former NSA contractor Edward Snowden.
NSA's tentacles not only crept into the Indian embassy in Washington and its UN office in New York, but also accessed email and chat messenger contact lists of hundreds of millions of ordinary citizens worldwide, according to media reports.

During a single day last year, the NSA's Special Source Operations branch collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, The Washington Post said, according to an internal NSA presentation.

The $11 million Indian project aims to bring some five million public employees onto the government's email domain powered by the National Informatics Centre (NIC) as early as mid-December.

It is awaiting clearances and suggestions from all ministries before the proposal goes to the cabinet this month.

J. Satyanarayana, secretary of the department of electronics and IT, dismissed claims that the policy was too late and was a response to the Snowden scandal.

"The policy is not a reaction to any global spying revelations, it was already in the works. It is just a mere coincidence that both came around the same time," he said.

Fresh doubts

Some cyber security experts say bringing millions aboard a centralised server could make a hacker's job easier, with all critical government information available on a single platform.
More than 11,000 Indian websites were hacked or defaced between May and August this year, with a large number of attacks on the ".in" domain whose servers are in India, the Times of India reported last month.

"Making the use of a centralised government server is not the best way to proceed. Having everything on one platform makes it even more vulnerable to cyber attacks and hacking," said Abraham.

"It also brings about new worries of the NIC becoming the local snoop."

Some also predict that the ambitious policy would eventually fizzle out for lack of attention from ministers and bureaucrats, who work in government offices where stacks of yellowing files and papers are still a common sight.

"It's sad but most of these officials don't understand much about technology, so mastering email is something that is miles and miles away," said Vijay Mukhi, a Mumbai-based cyber security expert.

"These guys saw all the snooping news and suddenly they woke up and said 'lets make an email policy'. Enforcing this is not possible on a practical basis."

The IT ministry also plans to conduct workshops to teach employees about email security such as when to change passwords and user names and how to use email.

"Every employee should know how, what and when critical data can be vulnerable... with most work still done on paper, it is important to know the nitty-gritty of using email," Satyanarayana said.

For more details visit https://cis-india.org/news/afp-december-7-2013-annie-banerjee-indian-government-wakes-up-to-risk-of-hotmail-gmail

VII NLSIR Symposium

praskrishna — 2014-01-09T07:08:33Z

The National Law School of India Review (NLSIR) - the flagship journal of the National Law School of India University (NLSIU), Bangalore is pleased to announce the seventh NLSIR Symposium on “Bridging the Security-Liberty Divide” scheduled to be held on December 21 and December 22, 2013 at the National Assessment and Accreditation Council (NAAC, opposite NLSIU Campus, Nagarhavi) Conference Hall, Bangalore.

This was published by NLSIR on December 20, 2013.

The decade following September 11 has been dubbed “liberty’s lost decade”, not just for the United States of America but for the world at large, marked by increasing tension between State interests in national security and individual liberty. As we continue to grapple with the implications of this clash, one clear winner seems to be emerging, best observed by examining changes in legal systems throughout this decade. The recent upsurge of criticism against NSA activity globally, however, could be seen as indicative of a changing trend. The VIIth NLSIR Symposium seeks to trace this dialogue between competing notions of security and liberty, and hopes to assess and analyse similar developments in India Confirmed speakers for the symposium include renowned legal experts such as Hon’ble Justice Muralidhar, Menaka Guruswamy, Mrinal Satish, Bharat Karnad, Aparna Chandra, Chinmayi Arun, Shyam Diwan, Bhairav Acharya, Roshni, Yug Mohit Chaudhary and Saikat Datta.

This year, the discussions will be divided into four panels:

Session I: Securing Liberty from the State - Redefining Criminal Thresholds in Law
(Forenoon, December 21, 2013, Saturday)

Session II: Intrusive Intelligence - Surveillance Programs and Privacy in India
(Afternoon, December 21, 2013, Saturday)

Session III: Beyond Borders - Extradition, Asylum and Concerns of State Security
(Forenoon, December 22, 2013, Sunday)

Session IV: Connecting the Dots
(Afternoon, December 22, 2013, Sunday)

For more details visit https://cis-india.org/news/nlsir-december-21-2013-nlsir-symposium

Brochures from Expos on Smart Cards, e-Security, RFID & Biometrics in India

maria — 2013-12-26T05:24:39Z

Electronics Today organised a series of expos on smart cards, e-security, RFID and biometric technology in Delhi on 16-18 October 2013. The Centre for Internet and Society is sharing the brochures it collected from these public expos for research purposes.

In Pragati Maidan, New Delhi, many companies from India and abroad gathered to exhibit their products at the following expos which were organised by Electronics Today (India's first electronic exhibition organiser) on 16-18 October 2013:

SmartCards Expo 2013
e-Security Expo 2013
RFID Expo 2013
Biometrics Expo 2013

The Centre for Internet and Society (CIS) attended these exhibitions for research purposes and is sharing the publicly available brochures it gathered through the attached zip file. The use of these brochures constitutes Fair Use.

For more details visit https://cis-india.org/internet-governance/blog/brochures-from-expos-in-india-2013

Nullcon Goa Feb 2014 — International Security Conference

praskrishna — 2013-12-13T06:42:48Z

Nullcon (http://nullcon.net) is celebrating its 5th Anniversary with efforts being made to bring key decision makers, thought leaders with an expectation of 500+ participants from the industry and government sector. Nullcon is scheduled from February 12 to 15, 2014 at Bogmallo Beach Resort, Goa, comprising of 2 days of technical trainings, followed by 2days of talks, workshops, exhibition, networking parties and CTFs.

The Centre for Internet and Society (CIS) is one of the sponsors for this event.

The Conference

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform which caters to the needs of IT Security industry at large in a comprehensive way.

About Nullcon

Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto - "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology. The idea started as a gathering for researchers and organizations to brain storm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security. In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

Nullcon is managed and marketed by Payatu Technologies. The idea of nullcon emerged out of null - The open security community, a registered not-for-profit society and the largest active security community in India with over 8 chapters in major cities - Bangalore, Mumbai, Chennai, Pune, Hyderabad, Mysore, Trivandrum and Delhi. As a tribute to the community nullcon funds null to further null's cause and supports all of its initiatives. If you are interested in knowing how null can help your organization and would like to contribute to null, please get in touch with null team at info@null.co.in

Dates:
Training: February 12 - 13, 2014
Conference: February 14-15, 2014
Registation: http://nullcon.net/website/register.php
Keynotes:

Jeff Moss, VP & CSO - ICANN, Founder - Defcon/Blackhat
Dr. Kiran Bedi, Ex-IPS (Police)

For more details visit https://cis-india.org/events/nullcon-goa-2014-intl-security-conference

MongoDB startup hired by Aadhaar got funds from CIA VC arm

praskrishna — 2013-12-13T11:53:32Z

Two weeks ago, Max Schireson, chief executive of MongoDB, a New York-based technology startup, was in New Delhi to sew up a very important contract for his company — with the Unique Identification Authority of India (UIDAI).

The article by Lison Joseph was published in the Economic Times on December 3, 2013. Sunil Abraham is quoted.

The contract is yet to be announced but what could raise eyebrows is the fact that MongoDB is part-funded by the US' Central Intelligence Agency.

The company is expected to help in capturing and analysing data related to the ambitious plan to issue a unique identity number — Aadhaar — to over a billion citizens.

MongoDB, which makes software that helps manage large databases, especially unstructured data, has raised $231 million (Rs1,400 crore) since being founded in 2007. Some of its funding is from In-Q-Tel, the not-for-profit venture capital arm of CIA.

While MongoDB lists In-Q-Tel as one of its investors on its website, the company has not disclosed the quantum of funding received from it. The fund's stated mission is to identify, adapt and deliver innovative technology solutions to support the missions of CIA and the broader US intelligence community.

Besides CIA, In-Q-Tel works with National Geospatial-Intelligence Agency, Defense Intelligence Agency and Department of Homeland Security Science and Technology Directorate.

"Once an investment is made, IQT (the fund) works with the company and the intelligence community partner agency to complete a work program and facilitate solution delivery," the fund's website said. The quote describes IQT's relationship with any company in which it invests in and is not specific to MongoDB.

Neither UIDAI nor MongoDB responded to queries from ET on whether the CIA link was considered before entering into a partnership. UIDAI Chairman Nandan Nilekani did not respond to emails, messages and phone calls.

A senior UIDAI official confirmed the agency has entered into an agreement with MongoDB and that the company's database software is already being used for analysing the pace at which registration of new beneficiaries is taking place.

It is not clear if MongoDB's vendor relationship would be with UID directly or with one of the system integrators that UID works with. Schireson, the CEO, was also one of the national co-chairs for Technology for Obama, an interest group that campaigned for the reelection of President Barack Obama after his first term.

There is no evidence in the public domain that the firm is controlled or significantly influenced by the CIA in any manner.

But the revelations of Edward Snowden, a former NSA contractor-turned-whistleblower that US intelligence agencies routinely intercepted communication in Europe and Asia, including in India has raised concerns. Experts said the UID's centralised design could pose a risk, where even a single mistake can make the whole system disproportionately vulnerable.

"The risk exposure because of CIA involvement (could be that) if MongoDB is a data controller, then secret courts and secret court orders could be used to get access to the UID data," said Sunil Abraham, executive director at the Centre for Internet and Society.

He added that even if UIDAI is only using the source code without getting into a commercial relationship with MongoDB, they should audit the source code to check if CIA has introduced any back doors. "This is because Snowden has told us that the army of mathematicians working for the US government has compromised some standards even though they were developed in an open, participatory and transparent fashion." MongoDB, whose name is a play on the word humongous, competes with Oracle, IBM and Microsoft. It has around 320 employees and some 600 customers. At its latest round of $150 million in fund-raising in October, the company was valued at about $1.2 billion, according to Bloomberg. Other investors include Intel Capital, Salesforce-.com, Red Hat and Sequoia.

For more details visit https://cis-india.org/news/economic-times-december-30-2013-lison-joseph-mongo-db-startup-hired-by-aadhar-got-funds-from-cia-vc-arm