We are anonymous, we are legion

India for UN body to resolve internet governance issues

praskrishna — 2013-12-26T08:51:05Z

Multi-stakeholder or multi-lateral - two words encapsulating diametrically opposite views on internet governance stands at the heart of a raging debate across the globe.

The article by Kim Arora was published in the Times of India on December 5, 2013. Sunil Abraham is quoted.

At the Working Group on Enhanced Cooperation (WGEC) meeting in Geneva last month, India suggested forming a multi-lateral UN body to co-ordinate on internet governance issues. And several activists feel that is not the right way forward.

Multi-stakeholder control over the world wide web means parties other than governments, which include the tech community, academia, businesses and civil society. In a multi-lateral arrangement, only the governments will be the decision-makers and every other stakeholder barring the state, is relegated to a purely advisory role. Simply put, the choice is between total state control over the internet or a more democratic set-up where other sections of society are also represented.

Civil society and businesses are concerned that being relegated to an advisory role rather than a decision-making one could lead to disregarding or dumping their inputs.

"Everyone must have a seat at the table," says Rajan Mathews, director general of the Cellular Operators Association of India (COAI). "If you are designing a new model, it is important that it is as inclusive as possible. That will create better decisions. It will also discourage back-door bargaining between governments," says Anja Kovacs of the Internet Democracy Project.

The internet architecture has always been controlled by the US. The demand for a more democratised set-up, where other countries also have a voice, started in early 2000s. In 2005, a consensus document, Tunis Agenda, had been signed under the aegis of the UN. It laid out much of the terms of the debate around internet governance, including the focus on enhanced cooperation and the need for a multi-stakeholder model.

In 2011, India put forward a detailed proposal for a multi-lateral UN body that was widely criticised by activists and business bodies at home. In Geneva this November, India's answer to a question on implementing "enhanced cooperation" in a WGEC questionnaire, went like this: "A suitable multilateral, transparent and democratic mechanism must be created where governments, on an equal footing, may carry out their roles and responsibilities in international public policy issues pertaining to the Internet and public policy issues pertaining to coordination and management of critical Internet resources, in consultation with all other stakeholders."

Ajay Kumar of the Department of Electronics and Communication Technology (DeitY), was a part of the delegation representing India at Geneva. The DeitY falls under the union ministry of communication and information technology. Kumar told TOI, that while there is a relook at the 2011 proposal, India has been following the Tunis Agenda when it comes to enhanced cooperation between different countries and other stakeholders.

Nonetheless, Parminder Jeet Singh of the NGO IT for Change has supported the government position at the WGEC meeting. The two other civil society bodies from India at Geneva wanted a multi-stakeholder model. Singh feels that the proposal may have an important role to play at a later stage when "real political talk shapes up". "We don't agree that a Google or an IT for Change should vote in the decision-making about actual public policies. We understand the fear (behind such an arrangement) but we prefer that public policy decisions at global level remain with governments as they are legitimate representatives of the people," he says.

However, Sunil Abraham, executive director of the Center for Internet and Society, warns against the governmental tendency to centralize and for being opaque. He also feels that a single model, whether multilateral or multi-stakeholder, will not work. Every model must change with every issue being brought to the table, he says. "For instance, something like controlling child pornography, will need one kind of model to deal with. The same won't work when dealing with hate speech," Abraham points out.

Activists are hoping that the Brazil global multi-stakeholder meeting in April next year will take the issue of democratised internet governance forward.

For more details visit https://cis-india.org/news/times-of-india-december-5-2013-kim-arora-india-for-un-body-to-resolve-internet-governance-issues

International View of the State-of-the-Art of Cryptography and Security and its Use in Practice (IV)

praskrishna — 2013-12-26T09:05:40Z

Building on the workshop in Dagstuhl in June-July 2011 (International View of the State-of-the-Art of Cryptography and Security and its Use in Practice), Beijing (International View of the State-of-the-Art of Cryptography and Security and its Use in Practice II), and Athens (International View of the State-of-the-Art of Cryptography and Security and its Use in Practice III) that set the stage for discussions on cryptography among a group of key researchers from Europe, Asia, and North America, the one day workshop in Bangalore, following AsiaCrypt 2013 will again bring together internationally recognized scientists to discuss direction and development in theoretical and applied cryptography and surrounding societal issues.

There will be four focus areas:

Real-life cryptography
Standardization
Regulatory requirements
Innovative use cases for cryptography

Each focus area will be anchored in an invited talk and/or panel, but the emphasis will be on discussion. The participants will address broad research directions in encryption and secure computation and their applications in cloud computing, smart grid, mobile and embedded computing, hardware, software, and network security. They will also examine non-technical issues surrounding deployment and adoption of new security technologies using encryption, such as privacy or economic consideration. Approaches and projects in different countries will be discussed, in order to increase awareness of the R&D activities internationally and continue to for a strong community of research and practice and in order to generate new ideas in this field.

Although the workshop will cover a broad spectrum of issues from the list presented below with a specific focus that will be announced shortly. The topics of interest include (but are not limited to) the following subjects:

Secret versus public ciphers
Cipher and algorithm development process
Algorithms maturity and review
Lightweight cryptography
New requirements for cryptography for novel applications
Cipher implementation and interoperability
Standardization
Regulatory initiatives
Privacy enhancing cryptography

8:15 a.m.	Registration
8:30 a.m.	Opening statement (Organizers)
8:40 a.m.	Opening keynote (TBD)
9:10 a.m.	Panel 1 and discussion: Advances in cryptography; new use cases, Participants: Dan Bernstein (University of Illinois at Chicago), Tanja Lange (Eindhoven), Veni Madhavan (ERNET), others TBD
10.30 a.m.	Coffee break
11.00 a.m.	Panel II and discussion: Regulatory environment and standardization: Sunil Abraham (India CIS), Kazue Sako (NEC), Claire Vishik (Intel), others TBD
12.30 a.m.	Lunch
1.30 p.m.	Panel 3 and discussion: Implementation and interoperability for new environments (e.g., smart grid, Internet of things): Reji Kumar (Smart Grid India), other TBD
3.00 p.m.	Coffee break
3.30 p.m.	Panel IV and discussion: Privacy, social networking, ubiquitous connectivity and cryptography: Rene Peralta (NIST), Kumar Ranganathan, others TBD
5.00 p.m.	Thoughts and next workshop
5.20 p.m.	Closing statements (Organizers)
5.30 p.m.	Adjourn

For more details visit https://cis-india.org/news/international-view-of-state-of-the-art-of-cryptography-and-security-and-its-use-in-practice

Card transactions with Aadhaar validation need more time: experts

praskrishna — 2013-12-26T06:25:04Z

Cost and supply implications are seen by experts as the main hurdles in implementing the RBI directive.

The article by Kirti V. Rao and Moulishree Srivastava was published in Livemint on December 5, 2013. Sunil Abraham is quoted.

The Reserve Bank of India’s (RBI’s) move to introduce a new card payment infrastructure able to authenticate transactions using Aadhaar unique identity number-linked biometrics may take some time to implement as it has cost and supply implications.

“All new card present infrastructure has to be enabled for both EMV chip and PIN and Aadhaar (biometric validation) acceptance,” RBI said in a notification on 26 November.

Europay MasterCard Visa, or EMV, chip and PIN authentication involves card information stored in a chip that is accessible through a PIN or personal identification number, which replaces a cardholder’s signature.

Currently, all card infrastructure in India such as automated teller machines (ATMs) and point-of-sales (PoS) machines are moving towards full compliance with the global EMV standard that requires reading integrated circuit cards to authenticate credit and debit card transactions.

Although all transactions through debit cards are now required to be authenticated by PIN, validating financial transactions by using the biometric Aadhaar identity number database is yet to gain traction. Such a service is expected to begin in May.

Not all experts are in favour of the central bank’s move to use biometrics data to authenticate transactions.

“This is a terrible idea. Biometrics should never be used as authentication factor since it cannot be revoked when it is compromised,” said Sunil Abraham, executive director of Bangalore-based think-tank Centre for Internet and Society. “Digital signatures and its variations like the EMV chip are the right way to proceed.”

A banker did not fully agree with Abraham.

Pulak Sinha, general manager (payment solutions) at State Bank of India, said: “In our experience, there is a need for biometric authentication in certain geographical segments in the country. Our bank has used biometric authentication for financial inclusion initiatives and has found it very useful. Having said that, each bank is the best judge as to which technology is more relevant for their customers.”

Sinha added, “Also changing new infrastructure to accept all types of technologies has its own challenges as well as financial implications. Again, business cases need to be built and when people get additional services they may have to pay.”

There are cost implications if the RBI directive is to be implemented, according to Rajiv Kaul, chief executive of CMS Info Systems Pvt. Ltd, which runs two cash management companies and has recently received an order from SBI to deploy 8,000 cash machines across the country.

“Some of the ATM infrastructure currently installed have some of the capabilities for EMV chip cards, but even as they are hardware-equipped, software will need to be upgraded,” Kaul said. “For biometric compliance, both hardware and software will need to be installed, which will result in extra cost. So, for the short term, from the biometric perspective, the cost will go up.”
Some experts hold that the notification provides a chance to assess the as-yet-untested Aadhaar-linked biometrics model where the EMV model may be hard to implement.

“RBI has been pragmatic in mandating it incrementally as it is giving Aadhaar a runway to evolve in terms of operations, use cases, risk, technology standards, dispute resolution and get these things in order,” Uttam Nayak, group country manager, India and South Asia at Visa Consolidated Support Services (India) Pvt. Ltd, told Mint on 26 November. “Because Aadhaar is tokenless and doesn’t need a card, it has great potential for inclusion.”

Biometrics-enabled cash and PoS machines will require additional expenditure as they need high-speed Internet connectivity to transmit biometrics data, Rajeev Chandrasekhar, member of the upper house of Parliament, said in a letter to RBI governor Raghuram Rajan.

“The hardware and software cost of upgrading a single unit with biometrics hardware is not very much but changing the entire ecosystem would have costs,” acknowledged SBI’s Sinha. “When people get additional services they will have to pay.”

“A high percentage of the population is still unbanked. The opportunity (to reach people through biometric validation and Aadhaar) is too tempting for the acquirers (banks and others using PoS devices) to not take this up,” said Robin Roy, associate director of financial services at consultancy firm PricewaterhouseCoopers Pvt. Ltd.

Whether there would be enough suppliers of machines to implement the directive is also a concern, some experts said.

For more details visit https://cis-india.org/news/livemint-december-5-2013-kirthi-v-rao-moulishree-srivastava-card-transactions-with-aadhar-validation-need-more-time

INSAF National Convention on Crisis of Capitalism and brazen onslaught on DEMOCRACY

praskrishna — 2013-12-26T10:18:35Z

Snehashish Ghosh is participating in this event as a speaker.

Ever since the Neo-liberal agenda began to unfold 22 years back, the democratic spaces within Indian polity have been squeezing continuously and the present scenario of run up to 2014 elections is reflecting the state of disarray in parliamentary democracy. The mainstream discourse appears to have deliberately failed in bringing out the intrinsic relationship between ‘capitalism’; its ‘crisis’ and ‘democracy’ to the core of analyzing and understanding the present amnesia in political process.

The characteristics of crony, fictitious, lumpen and speculative Capital that is on the driving seat of contemporary phase of capitalism are mirrored in the operational levels of parliamentary democracy - from governance to electoral process- in the form of corporate influences on policies and decision making, rampant corruption at the pinnacle of power, control of money and muscle-power in politics.

It is, therefore, important to bring out the correlation between the ensuing crisis in global capitalism - including in India - and the impending crisis in our democracy - to the fore. The divergence in the requirements of the neo-liberal phase of capitalism and ‘democracy’ as its analogous political system seems to be the key in explaining the despair engulfing Indian polity at present. The attempts to transform ‘Democracies’ into ‘Corporatocracies’ that we see today, also emanate from this despondency alone.

Last two decades have also seen the institution of ‘State’ posturing itself more and more aggressively against its own people in order to fulfill its obligations to international financial & trade institutions so to serve the interest of global capital. In such a course, it has extensively resorted to adopt the instrument of ‘fabricating’ cases against the voices of opposition to the interests of the global capital.

Though the instrument of ‘fabrication’ is not new to the ‘State Craft’ but this time it is being used in a targeted and selective manner. Not only the existing criminal laws have been used for this purpose but new laws like UAPA and various state ‘security laws’ were created during this period to meet this requirement.

The ‘Indian State’ is also proceeding feverishly to create a surveillance state through various means of ‘electronic surveillance’ using cutting edge technologies to track mobile phones, internet usage, emails etc. at home while colluding with U.S. military and security establishment internationally against other nations. The business of creating and sharing of its citizen’s databases (both demographic & biometrics etc) has been promoted by Indian establishment by subverting the Constitution, existing norms of parliamentary democracy and citizens’ rights.

It is in this context that INSAF has decided to hold its two day National Convention 2013.

Programme Schedule

Day 1: Crisis of Capitalism and brazen onslaught on DEMOCRACY

10.00 10.30	Registration & Tea/Coffee
10.30 11.00	Introduction by Anil Chaudhary
11.00 13.00	Inaugural address by eminent writer and journalist P. Sainath Chaired by Justice Rajinder Sachar
13.00 14.30	Lunch
14.30 17.30	Panel Discussion: Prof. Vibhuti Patel (Director, Centre for Study of Social Exclusion and Inclusive Policy, SNDT Women's University, Mumbai) Prof. Achin Vanaik (Former Dean of Social Sciences, Delhi University) Prof. Ramesh Dixit (Lucknow, UP)

Day 2: Surveillance state and perils of DEMOCRACY

10.00 10.30	Panel Discussion Dr. Usha Ramanathan (Law researcher and activist, New Delhi) Prabir Purkayastha (Delhi Science Forum) Ms. Subi Chaturvedi (Asstt. Prof. of Journalism Communication, Lady Shri Ram College for Women, Delhi Univ. Founder Hon. Managing Trustee, Media For Change) Snehashish Ghosh (Centre for Internet & Society) Chaired by Ms. Kalyani Menon-Sen (Feminist activist & researcher)
13.00 14.00	Lunch
14.00 16.30	Panel Discussion: Suppressing dissent: Stifling NGOs via FCRA Kabir Dixit (Advocate, Supreme Court of India) Mathew Cherian (Chairperson, Credibility Alliance) Chaired by Sanjay Parikh (Human Rights activist and Advocate, Supreme Court of India)
16.30 17.00	Tea/Coffee

For more details visit https://cis-india.org/news/insafnational-convention-on-crisis

A Three-Way Race Draws Delhi’s Young, and Everyone Else, Out to Vote

praskrishna — 2013-12-26T07:03:54Z

The polling stations were supposed to close at 5:30 p.m. on Wednesday, just after sunset. But with thousands still waiting in the dark to cast their vote in the state assembly elections, the Delhi Election Commission decided to extend the voting until 6:30 p.m. Then to 7:30 p.m.

The article by Betwa Sharma was published in the New York Times on December 4, 2013. Sunil Abraham is quoted.

Finally, the Election Commission said it would wait until 9:30 p.m. to close the polls. At the polling station in the New Delhi district, those waiting in line agreed that a relatively warm winter evening was helping to draw people out to vote.

Though no official data on voter turnout had been released by 9 p.m., it was clear that voters were coming out in unprecedented numbers for this year’s Delhi state elections. Analysts were predicting that this election would break the previous voter turnout record of 61.75 percent in 1993.

Unlike in the past, this year’s contest featured a potential spoiler in the Aam Aadmi, or Common Man, Party. Its leader, the firebrand anticorruption activist Arvind Kejriwal, was battling to dethrone the state’s longtime chief minister, Sheila Dikshit of the Congress Party, and siphon votes from the other establishment choice, the Bharatiya Janata Party, or B.J.P. (Exit polls by the local media on Wednesday night were showing that the B.J.P. was likely to win the most seats in the state assembly.)

The prospect of upending the political status quo brought out young voters like 23-year-old Hina Kousar, although she had to put up a fight with her family to cast her vote for the Aam Aadmi Party. Her mother lectured her on how governments don’t care about people, but that didn’t deter Ms. Kousar.

“They have the wrong mentality, and young people should change it,” she said. “My granny is 70 years old and I told her to vote.”

Many of the youthful voters turned voting into a social activity, both in person and online. At one polling station, most people cast their votes quietly and left, but many of the young voters came with their friends. They talked animatedly about their choices while leaving the polling stations.

Others called their families to say they had voted. Some clicked photos of each other on their smartphones and posted the images on their Facebook pages.

In less than a year, Mr. Kejriwal, 45, and his party has pasted itself quite literally on city’s consciousness with aggressive campaigns and posters of brooms, symbolizing sweeping away the old order. And that’s why he got Ms. Kousar’s vote.

“The most important thing is that he has promised to remove corruption. The money that is going into Swiss banks is our money. The rising market prices are because of it,” she said.

Several voters between the ages of 20 to 25 who were interviewed by India Ink said they were backing Mr. Kejriwal, who represented a change from the three-term winner Ms. Dikshit. The B.J.P. had no star state candidate that appealed to them, even though its prime ministerial candidate, Narendra Modi, engaged with students at Delhi University earlier this year and is extremely active on social media.

Besides corruption, several young voters, both male and female, said that ensuring women’s safety had to be a priority for any Delhi government.

Another Kejriwal voter, Kavita, a 27-year-old teacher who goes by one name, said that Ms. Dikshit’s government hadn’t effectively improved women’s safety after the gang rape of a physiotherapy student one year ago. “I don’t feel the difference,” she said. “I still feel unsafe on the streets, so let’s see what some new leaders can do to change this.”

Abhilash Sasidharan, 26, after he cast his vote at a polling booth in New Delhi on Wednesday.Betwa Sharma Abhilash Sasidharan, 26, after he cast his vote at a polling booth in New Delhi on Wednesday.

Another Kejriwal supporter, Abhilash Sasidharan, 27, said a safe environment for women is “absolutely” the most important thing to him, but the software engineer also was moved that Mr. Kejriwal had left his lucrative job as a revenue service officer to join politics.

Kavita, 27, after she cast her vote at a polling booth in New Delhi on Wednesday.

“I don’t have the courage to step into dirty politics, but he does and I want to support that,” he said. “Look, Congress has had 15 years, so why not see if someone can do better, and all these parties should feel a threat to do better.”

But not all young people are buying Mr. Kejriwal’s promises of sweeping change. Shiv Raj Syal, 20, called them “flowery and too good to believe,” as he cast his vote for Ms. Dikshit. “He is just very new at this and I don’t think it’s wise to hand over the running of a national capital to a party with no experience,” he said.

The chief minister had focused on development, the college student said, making Delhi a hub for foreign brands and corporates, and transforming it into an international city.

Abhilash Sasidharan, 26, after he cast his vote at a polling booth in New Delhi on Wednesday.

Despite the appearance of a robust youth presence at the polls on Wednesday, analysts are waiting on the Election Commission’s numbers before declaring this election cycle the year of the youth vote.

Sanjay Kumar, an election analyst from the Center for the Study of Developing Societies in Delhi, said that as of July, only 68 percent of eligible voters between the ages of 18 and 21 had registered to vote, far lower than the 86 percent average of other demographics.

V.S. Sampath, the chief election commissioner in India, said that youth participation in the electoral process had been a priority in recent years, and several efforts including visiting universities and colleges had been made to register them, which had resulted in a “significant increase.”

In 2011, Mr. Sampath said, 119,000 voters between the ages of 18 and 19 were on the electoral rolls in Delhi, which accounted for 0.93 percent of total Delhi voters, but now the numbers had gone up to 405,000, or 3.4 percent.

Election observers have also pointed out that the hype about social media, especially Twitter, becoming a tool for political expression and organization for the youth has not necessarily translated into a surge in voting in that demographic of users.

The political debates on social media could translate into votes by the next elections, according to Sunil Abraham from the Centere of Internet and Society in Bangalore, who describes the Internet penetration as “limited,” and social media use even smaller and dominated by the economic elite.

Mr. Abraham, however, said social media is influencing the political discourse, not by motivating voters, but by influencing the coverage in mainstream media.

Relative to the country’s population, he added, social media users had a “disproportionate influence on discourse.”

But the young voters who spoke to India Ink said that at least for them, social media did play a role in drawing them into politics this year. Mr. Syal, the Congress voter, for instance, said that he had posted a message on his Facebook wall criticizing some of Mr. Kejriwal’s claims, which drew 50 comments.

And Mr. Sasidharan, the Aam Aadmi Party supporter, posted on Facebook a photo of him holding up his finger stained with ink, showing that he voted, immediately after coming out of the polling station. “I hope that it inspires more people to come and vote,” he said.

For more details visit https://cis-india.org/news/nytimes-december-4-2013-betwa-sharma-a-three-way-race-draws-delhis-young-and-everyone-else-out-to-vote

When the virtual world wakes up the real one

praskrishna — 2013-11-30T09:35:06Z

The unprecedented wave of voices speaking up against sexual harassment in recent times has as much to do with technology as the determination to seek justice. From Twitter to Tumblr, and blogs to pastebin, the internet's anonymity, reach and speed allow small, personal stories of abuse to swell into big stories.

The article by Malini Nair was published in the Times of India on November 24. Nishant Shah is quoted.

The outrage over the Tehelka case started with a post on pastebin, an anonymous document sharing site, on Wednesday evening. It contained the email managing editor Shoma Chaudhury had sent to the Tehelka staff with editor Tarun Tejpal's "atonement" letter appended below. A few hours later, the story had ballooned into a heated debate, and the outpouring forced what was being dismissed as an "internal matter" to be treated as a criminal case.

The two women who recently spoke up against harassment at the hands of a retired Supreme Court judge also used Facebook and the blogosphere to tell their stories, ensuring that the real world was actually moved into taking action. "The social web's biggest comfort is that we are no longer alone," says Nishant Shah, director, Research at the Centre for Internet and Society, Bangalore. "No matter what has happened to us, it has happened to somebody else. The possibility of finding credulous and empathetic audiences who but share our pain, understand it, and respond to it is unprecedented." Retweets and comments have often been described as the digital equivalent of holding hands.

Shah's pick of web campaigns that highlighted the problems include Blank Noise which calls women to talk of small, everyday stories of harassment, the Pink Chaddi drive and Why We Need Feminism, a web venture across American universities.

The other reason why the net encourages victims of abuse who might otherwise have stayed quiet to speak out is its "pseudonymity", as Shah terms it. In societies where there is shame attached to talking about sexual assault, the online space saves women from having to put themselves out in the "physical space" while ensuring that the perpetrator is exposed, he points out.

A plus for social web is that it gets other victims to speak up as well, gathering force and magnitude in the process. This happened in the instance of the legal interns. Another instance that surfaced just a month ago was of two American women science bloggers Danielle Lee and Monica Byrne. When Lee refused to write a piece for free for Biology Online, she was called "urban whore" by an enraged editor. She blogged about it and the ensuing storm over social media got her huge support. After Lee's expose, Byrne blogged about an acutely sexual conversation a powerful science writer inflicted on her. The outrage this provoked abated only after he made amends.

As an article in Gender and Culture blog project puts it: "( The digital world provided) a forum for these victims to document their abuse, and a courtroom where the abusers have been judged and found guilty by public opinion".

Of course there are problems with the internet's version of justice — it tends to play judge, jury and executioner with giddy recklessness. In the Tehelka case, the first questionable moment came when the survivor's email was tweeted and re-tweeted with no concern for her requests for anonymity. "The problem with Twitter and Facebook is the incredible and gross violations of privacy of the survivor. And otherwise responsible adults join lynch mobs calling either the survivor or the accused names, making ridiculous allegations, desperately looking for an easy narrative to hang everything on," says author Nisha Susan, who led the Pink Chaddi campaign.

Commentator Santosh Desai says that it is tough to choose between an unbridled but powerful social web and one that is cautious and governed by norms. "Earlier, there were receivers and broadcasters who were few and governed by licenses and a code of behaviour. Now everyone is a broadcaster, everyone is a circulator and everyone is an aggregator. Having no oversight here could be problematic," he says.

Susan says communities need to go beyond social media in such situations. "It should also be a time for us to reflect. On what we would do in such a situation, how we could perhaps prevent it, on the sense of entitlement powerful men have all over the world, on the awful pressures young women face. We should all be reflecting. Instead we are just re-tweeting."

For more details visit https://cis-india.org/news/the-times-of-india-malini-nair-november-24-2013-when-the-virtual-world-wakes-up-the-real-one

I Just Pinged to Say Hello

nishant — 2013-11-30T08:36:02Z

A host of social networks find us more connected than ever before, but leave us groping for words in the digital space.

Dr. Nishant Shah's article was published in the Indian Express on November 24, 2013.

I am making a list of all the platforms that I use to connect with the large networks that I belong to. Here goes: I use Yahoo! Messenger to talk to my friends in east Asia. Most of my work meetings happen on Skype and Google Hangout. A lot of friendly chatter fills up my Facebook Messenger. Twitter is always available for a little back-chat and bitching. On the phone, I use Viber to make VoIP calls and WhatsApp is the space for unending conversations spread across days. And these are just the spaces for real-time conversation. Across all these platforms, something strange is happening. As I stay connected all the time, I am facing a phenomenon where we have run out of things to say, but not the desire to talk.

I had these three conversations today on three different instant-messaging platforms:

Person 1 (on WhatsApp): Hi.

Me: Hey, good to hear from you. How are you doing?

Person 1: Good.

Me (after considerable silence): So what's up?

Person 1: Nothing.

End of conversation.

Person 2 (On an incoming video call on Skype): Hey, you there?

Me: Yeah. What time is it for you right now?

Person 2: It is 10 at night.

Me: Oh! That is late. How come you are calling me so late?

Person 2: Oh, I saw you online.

Me: Ok….. *eyes raised in question mark*

Person 2: So, that's it. I am going to sleep soon.

Me: Ok…. Er…goodnight.

Person2: Goodnight.

We hang up.

Person 3 (pinging me on Facebook): Hey, you are in the US right now?

Me: Yes. I am attending a conference here.

Person 3: Cool!

Me: Umm… yeah, it is.

Person 3: emoticon of a Facebook 'like'. Have fun. Bye.

Initially I was irritated at the futility of these pings that are bewildering in their lack of content. I dismissed it as one of those things, but I realise that there is a pattern here. Our lives are so particularly open and documented, such minute details of what we do, where we are and who we are with, is now available for the rest of the world to consume, making most of the conversations seeking information, redundant. If you know me on my social media networks, you already know most of the basic things that you would want to know about me. And it goes without saying that no matter how close and connected we are, we are not necessarily in a state where we want to talk all the time. The more distributed our lives are, the more diminished is the need for personal communication.

And yet, the habit or the urge to ping, buzz, DM or chat has not caught up with this interaction deficit. So, we still seem to reach out, using a variety of platforms just to say hello, even when there is nothing to say. I call this the 'Always On' syndrome. We live in a world where being online all the time has become a ubiquitous reality. Even when we are asleep, or busy in a meeting, or just mentally disconnected from the online spaces, our avatars are still awake. They interact with others. And when they feel too lonely, they reach out and send that empty ping — just to confirm that they are not alone. That on the other side of the glowing screen is somebody else who is going to connect back, and to reassure you that we are all together in this state of being alone.

This empty ping has now become a signifier, loaded with meaning. The need for human connection has been distributed, but it does not compensate our need for one-on-one contact. In the early days of the cell phone, when incoming calls were still being charged, the missed call, without any content, was a code between friends and lovers. It had messages about where to meet, when to meet, or sometimes, just that you were missing somebody. The empty ping is the latest avatar of the missed call — in a world where we are always online but not always connected, when we are constantly together, but also spatially and emotionally alone, the ping remains that human touch in the digital space that reassures us that on the other side of that seductive interface and the buzzing gadget, is somebody we can say hello to.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-november-24-2013-nishant-shah-i-just-pinged-to-say-hello

November 2013 Bulletin

praskrishna — 2014-01-04T04:38:08Z

Our newsletter for the month of November 2013 can be accessed below.

The Centre for Internet and Society (CIS) welcomes you to the eleventh issue of its newsletter (November) for the year 2013:

Highlights

CIS is pleased to announce the second "Institute on Internet and Society" to be held in Yashada, Pune from February 11 to 17, 2014. Any members from the civil society (students, research scholars, academicians, scientists, legal professionals, etc.) who engage in issues concerning Internet and Society are encouraged to apply.
The National Resource Kit team is pleased to bring you its research for the states of Tripura, Nagaland and Chattisgarh.
CIS-A2K team signed a memorandum of understanding (MoU) with Christ University in Bangalore to introduce Wikipedia in classrooms.
The Access to Knowledge narrative report capturing the work done by CIS-A2K team in the first ten months of the grant along with its strategy for the next 1 year is published.
Last month we organised the Seventh Privacy Round-table in collaboration with FICCI, DSCI, and Privacy International in Delhi. The developments are captured in a report by Elonnai Hickok.
Along with Wikimedia India and Acharya Narendra Dev College, we organised the Relaunch of Creative Commons in India. Dr. Shashi Tharoor was the chief guest.

Accessibility and Inclusion

As part of our project (under a grant from the Hans Foundation) on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India, we bring you draft chapters for the states of Madhya Pradesh and Arunachal Pradesh, and the union territory of Daman and Diu. With this we have completed compilation of draft chapters for 27 states and 5 union territories. Feedback and comments are invited from readers for the following chapters:

► National Resource Kit Chapter

The Tripura Chapter (by CLPR, November 13, 2013): http://bit.ly/1bCFPwq.
The Nagaland Chapter (by CLPR, November 13, 2013): http://bit.ly/1cmKzq0.
The Chattisgarh Chapter (by Anandhi Viswanathan, November 30, 2013): http://bit.ly/1cSczSt.

Note: All of these are early drafts and will be reviewed and updated.

► Other Accessibility Update

# Events Participated In

E-Accessibility Workshop 2013 (organised by Directorate of Information Technology, Government of Maharashtra, Mahaonline Limited and National Internet Exchange of India, November 19-20, 2013): http://bit.ly/1cQ0wd8. CIS was one of the trainer organisations for the event.
National Conference on Harnessing Technology for the Empowerment for Persons with Visual Impairments (organized by NAB Centre for Blind Women & Disability Studies, Indian Islamic Cultural Centre, New Delhi, November 19, 2013). Dr. Nirmita Narasimhan participated as a speaker: http://bit.ly/IzLOty.

Access to Knowledge

The Access to Knowledge programme addresses the harms caused to consumers and human rights, and critically examines Open Government Data, Open Access to Scholarly Literature, and Open Access to Law, Open Content, Open Standards, and Free/Libre/Open Source Software.

The following has been done under grant from the Wikimedia Foundation (http://bit.ly/SPqFOl). As part this project (http://bit.ly/X80ELd), we held 8 workshops, signed a MoU with Christ University for teaching Wikipedia to students, published a detailed narrative report of activities done during the initial period of the Wikimedia grant.

►Wikipedia

# Articles

ಅಂತರ್ಜಾಲದಲ್ಲಿ ನೆಟ್ಟ ಸಸಿಗೆ ಈಗ ಹತ್ತು ವರ್ಷ (by Dr. U.B. Pavanaja, Kannada Prabha, November 1, 2013): http://bit.ly/17LOw4O. The article highlights 10 years of Kannada Wikipedia, the current status of the Kannada Wikipedia vis-a-vis number of articles, number of editors, active editors, and page views per month.
Train The Trainer Programme for Wikipedians (by Subhashish Panigrahi, DNA, November 14, 2013): http://bit.ly/1ehr8kz. The article was edited by Rohini Lakshane of DNA.

# Announcement

CIS Signs MoU with Christ University, Bangalore (November 20, 2013): The Access to Knowledge team signed a MoU as part of which CIS-A2K and Christ University will impart Wikipedia education in Indian classrooms: http://bit.ly/1ehr8kz.

# Report

CIS-A2K Narrative Report (September 2012 – June 2013) (by T. Vishnu Vardhan, Nitika Tandon and Subhashish Panigrahi, November 29, 2013): http://bit.ly/1dFyjpO. The report throws some light on the CIS-A2K program strategy in the next one year.

# Blog Entries

Note: A couple of the below blog entries were carried in the Access to Knowledge newsletter last month.

Konkani Vishwakosh Digitization Project (by Nitika Tandon, November 13, 2013): http://bit.ly/1dodyuK.
Konkani Vishwakosh Under CC-BY-SA (by Nitika Tandon, November 13, 2013): http://bit.ly/1cm9wBH.
Train the Trainer Program (by Subhashish Panigrahi, November 18, 2013): http://bit.ly/18hjw0n.

# Event Co-organised

The Relaunch of Creative Commons India (co-organised by Wikimedia India, Acharya Narendra Dev College and CIS, India Islamic Cultural Centre, November 12, 2013): http://bit.ly/HPxrAO. Dr. Shashi Tharoor, Minister of State for Human Resource Development was the chief guest at the event.

# Events Organised

Wikipedia Orientation Programme for MA Students (Christ University, Bangalore, November 12, 2013): http://bit.ly/ItxAtu. Syed Muzammiluddin was the trainer. Twenty students participated.
Wikipedia Orientation Programme for the Second Language Students (Christ University, Bangalore, November 12, 13, 16 and 19, 2013): http://bit.ly/1bxsOYF. T. Vishnu Vardhan, Syed Muzammiluddin and Dr. U.B.Pavanaja were the trainers. About 1200 second language students participated in the programme.
Documentation and Wikipedia Contribution — A One Day Workshop (Kalinga Institute of Social Studies, Bhubaneswar, November 14, 2013). The workshop was conducted by Subhashish Panigrahi: http://bit.ly/1fSvl1v.
Documentation and Wikipedia Workshop (Kalinga School of Management, Bhubaneswar, November 16, 2013): http://bit.ly/Imf0DV. Subhashish Panigrahi conducted the workshop.
Konknni Wikipedia Workshop (organised by Dalgado Konknni Akademi and CIS-A2K, Goa Central State Library, November 16 and 17, 2013): http://bit.ly/1fSwiH5.
Tenth Anniversary of Wikipedia (H N Multimedia Hall, National College, Basavanagudi, Bangalore, November 17, 2013): http://bit.ly/1eJ6da9. Dr. U R Ananthamurthy, Prof. G. Venkatasubbiah and Ravi Hegde were the guests of honour. Dr. U.B. Pavanaja conducted the workshop.
First Phase of Odia Wikipedia Workshop (Indian Institute of Mass Communication, Bhubaneswar, November 18, 2013): http://bit.ly/18doDer. Subhashish Panigrahi conducted the workshop.
Konkani Wikipedia Workshop (Nirmala Institute of Education, Goa, November 19, 2013): http://bit.ly/1fSAUwT. Nitika Tandon conducted the event.

# Event Participated In

Wikimedia Diversity Conference (organized by German Wikipedia Community, GLS Campus, Berlin): http://bit.ly/Ixr9W8.

# Media Coverage

CIS gave its inputs for the following media coverage:

Kannada Wikipedia and its Tenth Anniversary (RadioCity, November 2, 2013): http://bit.ly/1dHEwBI.
10th anniversary of Kannada wikipedia (The Times of India, November 15, 2013): http://bit.ly/IxqDr7.
Tenth Anniversary of Kannada Wikipedia (Udayavani, November 15, 2013): http://bit.ly/1aFwqF1.
ಕನ್ನಡ ವಿಕಿಪೀಡಿಯಕ್ಕೆ ಈಗ ದಶಮಾನೋತ್ಸವ. ಅದರ ಪ್ರಯುಕ್ತ ಒಂದು ಆಚರಣೆ (Avadhi Website, November 16, 2013): http://bit.ly/ImiBSy.
ಕನ್ನಡ ವಿಕಿಪೀಡಿಯಗೆ 10, ಬೆಳವಣಿಗೆ ಸಾಲದು : ಪ್ರೊ .ಜಿವಿ (OneindiaKannada, November 17, 2013): http://bit.ly/1fSAUwT.
Tenth Anniversary of Kannada Wikipedia (Vijayavani, November 17, 2013): http://bit.ly/1b7exSa.
ಕನ್ನಡ ವಿಕಿಪೀಡಿಯಕ್ಕೆ ದಶಮಾನೋತ್ಸವ ಸಂಭ್ರಮ (Prajavani, November 18, 2013): http://bit.ly/1hWtt9v.
ಕನ್ನಡದ ಆನ್‌ಲೈನ್ ವಿಶ್ವಕೋಶ ದುರ್ಬಲ (Vijaya Karnataka, November 19, 2013): http://bit.ly/1hWtsCy.
Panaji: DKA organizes two day Konkani Wikipedia workshop (Daijiworld, November 18, 2013): http://bit.ly/1inoi03.

Note: The following are not a part of the Wikimedia Grant:

► Other

# Blog Entries

History of Creative Commons in India (by Priyank Dwivedi, November 13, 2013): http://bit.ly/17txcH7.
How Can We Make Open Education Truly Open? (by Dr. Nishant Shah, DML Central, November 22, 2013): http://bit.ly/1ezsAyj.

# Events Participated In

Conference on e-Governance for India: Opportunities, Challenges and Policy Alternatives (organised by OECD Korea Policy Centre in partnership with the Centre for Good Governance, Hyderabad, November 6-7, 2013): http://bit.ly/1cGP13c. Sunil Abraham was a panelist in the session on OECD Principles on eGovernment and their applicability to the developing world and India.
Indo-European Conference on the Role of the Patent System in Fostering Innovation and Technology Transfer (organized by European Patent Office, FICCI and European Business & Technology Centre, November 29, 2013, New Delhi). Nehaa Chaudhari participated in this conference.

Internet Governance

CIS is doing a project (under a grant from Privacy International and International Development Research Centre (IDRC)) on conducting research on surveillance and freedom of expression (SAFEGUARDS). So far we have organised seven privacy round-tables and drafted the Privacy (Protection) Bill. This month we bring you a report from the seventh privacy round-table held in Delhi, and an analysis on why Facebook is more dangerous than government spying. As part of its project (funded by Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the IDRC) on mapping cyber security actors in South Asia and South East Asia we did an interview with Namita A Malhotra, a researcher and lawyer from Alternative Law Forum. With this we have completed a total of 12 video interviews:

►Privacy

# Event Report

Seventh Privacy Round-table (organised by FICCI, DSCI, Privacy International and CIS, October 19, 2013): http://bit.ly/187pFOO. The report was published in the month of November.

# Newspaper Columns

Open Secrets (by Nishant Shah, Indian Express, October 27, 2013): http://bit.ly/1b5uvK0.
I Just Pinged to Say Hello (by Nishant Shah, Indian Express, November 24, 2013): http://bit.ly/183H34t.

# Blog Entries

An Interview with Caspar Bowden (by Maria Xynou, November 6, 2013): http://bit.ly/17LQqFX.
India's Response to WGEC Questionnaire (by Snehashish Ghosh, November 13, 2013): http://bit.ly/HX0r96.
Why 'Facebook' is More Dangerous than the Government Spying on You (by Maria Xynou, November 19, 2013): http://bit.ly/HWLFzi.
CIS Supports the UN Resolution on “The Right to Privacy in the Digital age” (by Elonnai Hickok, November 30, 2013): http://bit.ly/1c2A89q.

# Events Organised

IDEX Impact Assessment Workshop (organised by IDEX, CIS, Bangalore, November 16, 2013): http://bit.ly/1bxRfFm.
The Evolving Cyber Threat and How to Address It (CIS, Bangalore, November 22, 2013): http://bit.ly/1cEkUZY.
Panel on Privacy, Surveillance & the UID in the post-Snowden era (Institution of Agricultural Technologists, Bangalore, November 30, 2013): http://bit.ly/1ctSHW3.

# Events Participated In

Chances and Risks of Social Participation (organised by Alexander von Humboldt Institute for Internet and Society and Friedrich Ebert Foundation, Berlin, November 22, 2013). Dr. Nishant Shah gave the keynote: http://bit.ly/18PcMXN.
Expert Committee Meeting on Human DNA Profiling Bill (organised by the Ministry of Science & Technology, Government of India, New Delhi). Sunil Abraham participated in the meeting: http://bit.ly/19CpDbD.

# Upcoming Event

Big Democracy: Big Surveillance - A Talk by Maria Xynou (CIS, Bangalore, December 3, 2013): http://bit.ly/1j4mzgu.

► Cyber Security

Laird Brown, a strategic planner and writer with core competencies on brand analysis, public relations and resource management and Purba Sarkar who in the past worked as a strategic advisor in the field of SAP Retail are working in this project:

# Video Interview

Part 12: An Interview with Namita A. Malhotra (November 15, 2013): http://bit.ly/1j8MCjN.

# Documentary Film

First Look: Cyber Security Film (by Purba Sarkar, November 18, 2013): http://bit.ly/1alHhVu. The trailer was presented by Laird Brown recently at the IGF.

# Upcoming Event

DesiSec: Episode 1 - Film Release and Screening (December 11, 2013): Screening of the first documentary film on cyber security in India.

News & Media Coverage

CIS gave its inputs to the following media coverage:

EC guidelines on social media: Welcome move, but not enough (by Shruti Dhapola, FirstPost, November 1, 2013): http://bit.ly/1c3fNkt.
NSA leaks helping India become 'Big Brother' state? (British Broadcasting Corporation, November 1, 2013): http://bit.ly/1b7ftDG.
Spy agencies, IB and RAW, put spanner in proposed privacy law (by Nagender Sharma and Aloke Tikku, Hindustan Times, November 2, 2013): http://bit.ly/1aox4HP.
India must support UN's e-snooping move: Human rights activists (by Indu Nandakumar, Economic Times, November 11, 2013): http://bit.ly/18LrI5s.
Social media promotions can backfire, too (by Ratna Bhushan and Varuni Khosla, The Times of India, November 11, 2013): http://bit.ly/1gMj7rg.
YouTube is the answer to what has changed in India (by Moulishree Srivastava, Livemint, November 20, 2013): http://bit.ly/1fg214A.
When the virtual world wakes up the real one (by Malini Nair, November 24, 2013): http://bit.ly/1hovyd3.

Digital Natives

CIS is doing a research project titled “Making Change”. The project will explore new ways of defining, locating, and understanding change in network societies. Having the thought piece 'Whose Change is it Anyway' as an entry point for discussion and reflection, the project will feature profiles, interviews and responses of change-makers to questions around current mechanisms and practices of change in South Asia and South East Asia.:

► Making Change

# Blog Entries

Methods to Conceive and Condense Social Change (by Denisse Albornoz, November 30, 2013): http://bit.ly/1ezrBhw.
Blank Noise and the Active Citizen Dissonance (by Denisse Albornoz, November 30, 2013): http://bit.ly/IwOHu9.

► Other

# Blog Entry

Digitally Enhanced Civil Resistance (by Denisse Albornoz, November 20, 2013): http://bit.ly/18ndc7p.

Telecom

Shyam Ponappa, a Distinguished Fellow at CIS is a regular columnist with the Business Standard. The articles published on his blog Organizing India Blogspot is mirrored on our website:

► Newspaper Column

Predictability in Infrastructure (by Shyam Ponappa, Business Standard, November 6, 2013 and Observer India Blogspot, November 10, 2013): http://bit.ly/1dLZ0Fp.

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at the Internet Institute website: http://bit.ly/1iQT2UB.

►Upcoming Event

Institute on Internet and Society (organised by Ford Foundation and CIS, Yashada, Pune, February 11-17, 2014): http://bit.ly/180mQi9. The application form is available at http://internet-institute.in/form. Registrations close on December 15, 2013.

► Modules

Internet Engineering Task Force (by Anirudh Sridhar, November 30, 2013). The Internet Engineering Task Force (IETF) is an open standards body with no requirements for membership and does not have a formal membership process either: http://bit.ly/1c4aOQr.
World Summit on Information Society (WSIS) (by Anirudh Sridhar, November 30, 2013). The World Summit on Information Society was first proposed by the International Telecommunication Union in 1998. The main focus of the WSIS was to address issues related to the global digital divide. However, the scope of the WSIS was broadened later to include internet related public policy issues: http://bit.ly/186dbnV.

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

► Event Participated In

From Seemingly Transparent to Definitely Opaque (organised by University of St. Gallen, Switzerland, November 4-7, 2013): http://bit.ly/19b6IW1. Nishant Shah taught this course and also presented on a panel on 'Secrets of Digital Culture'.

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

► Follow us elsewhere

Twitter: https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration:

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/november-2013-bulletin

CIS Supports the UN Resolution on “The Right to Privacy in the Digital age”.

elonnai — 2013-11-30T07:25:18Z

The United Nations adopted the resolution on the right to privacy recently. It recognised privacy as a human right, integral to the right to free expression, and also declared that mass surveillance could have negative impacts on human rights.

On November 26, 2013, the United Nations adopted a non-binding resolution on The Right to Privacy in the Digital Age. The resolution was drafted by Brazil and Germany and expressed concern over the negative impact of surveillance and interception on the exercise of human rights. The resolution was controversial as countries such as the US, the UK, and Canada opposed language that spoke to the right to privacy extending equally to citizens and non-citizens of a country. The resolution welcomed the report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression that examined the implications of surveillance of communications on the human rights of privacy and freedom of expression.

The resolution made a number of important statements that India, as a member of the United Nations, and as a country in the process of implementing a number of surveillance projects, like the Central Monitoring System, should take cognizance of, including in short:

Privacy is a human right: Privacy is a human right according to which no one should be subjected to arbitrary or unlawful interference with his or her privacy, family, home, or correspondence.
Privacy is integral to the right to free expression: an integral component in recognizing the right to freedom of expression.
Unlawful and arbitrary surveillance violates the right to privacy and freedom of expression: Unlawful and/or arbitrary surveillance, interception, and collection of personal data are intrusive acts that violate the right to privacy and freedom of expression.
Exceptions to privacy and freedom of expression should be in compliance with human rights law: Public security is a potential exception justifying collection and protection of information, but States must ensure that this is done fully in compliance with international human rights law.
Mass surveillance may have negative implications for human rights: Domestic and extraterritorial surveillance, interception, and the collection of personal data on a mass scale may have a negative impact on individual human rights.
Equal protection for online and offline privacy: The right to privacy must be equally protected online and offline.

The resolution further called upon states to:

Respect and protect the right to privacy, particularly in the context of digital communications.
To ensure that relevant legislation is in compliance with international human rights law
To review national procedures and practices around surveillance to ensure full and effective implementation of obligations under international human rights law.
To establish and maintain effective domestic oversight mechanisms around domestic surveillance capable of ensuring transparency and accountability.

The resolution finally calls upon the UN High Commissioner for Human Rights to present a report with views and recommendations on the protection and promotion of the right to privacy in the context of surveillance to the Human Rights Council at its twenty-seventh session and to the General Assembly at its sixty-ninth session and decides to examine “Human rights questions, including alternative approaches for improving the effective enjoyment of human rights and fundamental freedoms”.

The UN Resolution on the Right to Privacy in the Digital Age is a welcome step towards an international recognition of privacy as a human right in the context of communications and extra territorial surveillance. The Centre for Internet and Society encourages the Government of India to, as called upon in the Resolution, to review national procedures and practices around surveillance to ensure full and effective implementation of obligations under international human rights law.

Prior to the UN Resolution on “The Right to Privacy in the Digital Age”, a group of international NGO’s developed the Necessary and Proportionate principles that seek to form a backbone for a response to mass surveillance and provide a framework for governments to assess if domestic surveillance regimes are in compliance with international Human Rights Law. CIS has contributed to the process of developing these principles. The principles include legality, legitimate aim, necessity, adequacy, proportionality, competent judicial authority, due process, user notification, transparency, public oversight, integrity of communications and systems, safeguards for international cooperation, and safeguards against illegitimate access. A petition to sign onto the principles and demand an end to mass surveillance is currently underway.

Both the Government of India and public of India should take into consideration the UN Resolution and the necessary and proportionate principles to reflect on how India’s surveillance regime and practices can be brought in line with international human rights law and understand where the balance is drawn for necessary and proportionate surveillance, specific to the Indian context.

For more details visit https://cis-india.org/internet-governance/blog/cis-supports-the-un-resolution-on-201cthe-right-to-privacy-in-the-digital-age201d

DesiSec: Episode 1 - Film Release and Screening

purba — 2013-12-17T08:13:32Z

The Centre for Internet and Society is pleased to to announce the release of the first documentary film on cybersecurity in India - DesiSec. We hope you can join us for a special screening of the first episode of DesiSec, on 11th December, at CIS!

Early 2013, the Centre for Internet and Society began shooting its first documentary film project. After months of researching and interviewing activists and experts, CIS is thrilled to announce the release of the first documentary film on cybersecurity in India - DesiSec: Cybersecurity and Civi Society in India.

Trailer link: http://cis-india.org/internet-governance/blog/cis-cybersecurity-series-film-trailer

CIS is hosting a special screening of DesiSec: Episode 1 on 11th December, 2013, 6 pm and invites you to this event. The first episode is centered around the issue of privacy and surveillance in cyber space and how it affects Indian society.

We look forward to seeing you there!

RSVP: purba@cis-india.org

Venue: http://osm.org/go/yy4fIjrQL?m=

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/desisec-episode-1-film-release-and-screening

Big Democracy: Big Surveillance - A talk by Maria Xynou

maria — 2013-12-12T10:23:21Z

Next Tuesday, Maria Xynou will be presenting her latest research on surveillance in India. Come and engage in a discussion on India's controversial surveillance schemes, surveillance industry and much much more!

And so we've heard a lot about the Edward Snowden leaks and about the NSA's controversial mass surveillance projects. But what's happening in India?

It turns out that the world's largest democracy has some of the most controversial surveillance schemes in the world! Some of India's laws, schemes, projects and technologies are unbeatable when it comes to mass surveillance, censorship and control. While India may be a developing country with issues ranging from poverty to corruption, it nonetheless appears to be at the forefront of surveillance on an international level.

Join us at the Centre for Internet and Society (CIS) on 3rd December 2013 to hear about India's surveillance laws, schemes and technologies and to engage in a discussion on the potential implications. All that is required is an open mind, critical thought and a will to challenge that which has not been challenged!

We look forward to seeing you all and to hearing your thoughts, ideas and opinions!

VIDEO

For more details visit https://cis-india.org/internet-governance/events/big-democracy-big-surveillance-a-talk-by-maria-xynou

Election Commission to monitor conduct of political parties on Facebook, Twitter and Google

praskrishna — 2013-12-30T07:02:06Z

With Congress and BJP hammering away at each other in the ongoing assembly contests that will set the stage for national polls next year, the Election Commission wants to make sure social media and online platforms run by Google, Facebook and Twitter are not used to breach the code of conduct that governs candidates and parties. The commission's key concerns relate to malicious content and exceeding the campaign expense limit.

The article by Ajmer Singh was published in the Economic Times on November 25, 2013. Sunil Abraham is quoted.

The Election Commission, which summoned the social media companies to a meeting last Monday, directed them to cooperate in monitoring content. They were asked to set up a mechanism that would help prevent posting of material that could vitiate the election atmosphere, according to Election Commission officials who are aware of the development and didn't want to be named. If such content is posted, the mechanism should also allow for its speedy removal, they said.

"It is difficult to monitor and track content on social media or Internet sites, since the servers are based out of the US," said one of the officials cited above. "EC has asked social media giants to cooperate for compliance with the code of conduct, pre-certification of advertisement on the web and monitoring malicious content."

The companies declined to comment and referred ET to the Internet and Mobile Association of India (IAMAI) for a response. "It was a sensitising meeting on the code of conduct with some legal and corporate affairs representatives of Internet firms which are members of IAMAI," said Subho Roy, president of the grouping.

"The Election Commission representatives explained to us the model code of conduct, its importance during the last 48 hours of the election, the pre-certified advertisements and why they were important in accounting of the candidate's expenses. They also wanted to understand from us what are the current methods of removing illegal content from websites under existing laws. The Election Commission also assured us that at no point there would be any attempt to censor social media," said Subho Roy, IAMAI president and one of those present at the November 18 meeting.

The commission has classified social media into five types - collaborative projects such as Wikipedia; blogs and micro blogs such as Twitter; content communities such as Google-owned YouTube; social networking sites such as Facebook; and games and apps.

"We have received many complaints about misuse of social media platforms, and it is becoming unmanageable. So all these sites shall now be strictly monitored and asked to comply with EC's instructions," an official said.

According to Election Commission guidelines, "Legal provisions relating to election campaigning apply to social media in the same manner in which they apply to any other form of election campaigning using any other media."

The social media companies will also need to make sure that any advertising they carry conforms to the rules.

An official said social media companies have been asked to "keep an eye on any breach of model code of conduct, in respect of any party or candidate who posts hate messages or creates hatred or tension between different castes, communities, religions, etc. The social media giants have been directed to ensure pre-certification of advertisement on web/social media (clearance of political advertisement by a committee before being displayed in social media/web by any registered party or by any group or association)".

An executive at one of the companies said it would be difficult to keep a check on what was being posted as this may count as a breach of privacy, besides being impinging on other rules.
"It is a highly contentious issue and (it's) impossible to monitor malicious content," said this person who didn't want to be named. "The diktat issued by EC can't be implemented since it overrides the Information Technology Act. We all comply with the IT Act, and the model code of conduct is not for us but for political parties and candidates."

A privacy advocate pointed out the difficulties that the social media companies may face when it comes to implementing the Election Commission guidelines.

"This is what we call proactive censorship or proactive monitoring and may interfere with the intermediary's immunity from liability, when they have no actual knowledge of content. It may be in conflict with provisions of the IT Act (Section 79) and could have serious privacy implications," said Sunil Abraham of the Centre for Internet Society, and an expert on privacy laws. "Pre-censorship is required by Indian law and courts only for cinema that is exhibited in theatres. In the case of books, this type of censorship has been held to be unconstitutional. This case is worse because it is private pre-censorship of user-generated content that is not subject to judicial review."

The Election Commission had, on October 25, asked candidates to provide information about social media accounts and expenditure on online campaigns. It had clarified that the provisions of the code of conduct would apply to the Internet, including social media websites.

A Congress member said social media accounts would be difficult to police as these may be in the name of individuals and have no direct links to parties or candidates.

"The biggest problem is that candidates or political parties may not be operating their Twitter handles or posting advertisements on Facebook or the web, but (through) an unknown Internet army, which builds up a social media campaign and posts hate messages," the person said. A senior Congress MP, who didn't want to be named, suggested that such efforts were extensive on behalf of BJP prime ministerial candidate Narendra Modi, the chief minister of Gujarat.

"More than 90% of Twitter traffic is emanating from Rajkot, Ahmedabad and Baroda, all in Gujarat," this person said. "Who are these people, campaigning and managing an obnoxious campaign?"

BJP denied that its Internet campaigns were in violation of any Election Commission guidelines.
"There is no truth in these allegations and Congress has little understanding of this," said Arvind Gupta, who heads BJP's IT cell. "Narendra Modi has a pan-India presence and is a popular leader, they are just jealous of him. We have a social media cell, which acts responsibly and complies with guidelines."

Election Commission officials said social media companies have been asked to resolve issues related to malicious content and provide details of serious infringements. The ministry of communications and information technology has also been asked to suggest ways of tackling the matter.

For more details visit https://cis-india.org/news/economic-times-november-25-2013-ajmer-singh-election-commission-to-monitor-conduct-of-political-parties-on-facebook-twitter-google

Panel on Privacy, Surveillance & the UID in the post-Snowden era

praskrishna — 2013-11-26T19:05:54Z

The Centre for Internet and Society (CIS) and the Say No to UID campaign invite you to a discussion on the UID and on the implications of the world's largest biometric data collection scheme in a post-Snowden era. The panel will take place on November 30th at the Institution of Agricultural Technologists in Bangalore.

Probably one of the most important things that we learnt following the Edward Snowden revelations is that our data has value. In fact, what we learnt is that our data has immense value...since it is clearly worth billions of dollars — to say the least.

However, not only does India lack privacy legislation which could safeguard our data from potential abuse, but it is also currently implementing some of the most controversial surveillance schemes in the world, in addition to the world's largest biometric data collection scheme. What's probably more alarming is that such schemes, such as the UID, lack legal backing, as well as public and parliamentary debate!

We aim to change that. As such, the Centre for Internet and Society (CIS) and the Say No to UID campaign jointly invite you to attend a panel which will discuss all of these crucial topics.

Schedule of panel:

3.30pm - 4pm: Tea/Coffee/Refreshments & Registration

4pm - 5.30pm: Panel on Privacy, Surveillance & the UID in the post-Snowden era

5.30pm - 6pm: Q&A and Open Discussion

Panelists:

- Dr. Usha Ramanathan: Academic, Jurist and Activist

- K V Narendra: Director of Rezorce Research Foundation

- Vinay Baindur: Researcher on Urban Local Government & Decentralisation

- Maria Xynou: Policy Associate on the Privacy Project at the Centre for Internet & Society

For more details visit https://cis-india.org/events/panel-on-privacy-surveillance-uid-in-the-post-snowden-era

Chances and Risks of Social Participation

praskrishna — 2013-11-30T09:19:34Z

Participation is a key issue within Internet research and hence also for the Alexander von Humboldt Institute for Internet and Society. For this reason the institute is going to host a thematically focused meeting on Chances and Risks of Social Participation in Berlin on 22 November 2013 in co-operation with the Friedrich Ebert Foundation.

Nishant Shah gave the keynote for this event.

Morning Session
by invitation only
International senior researchers from a broad field of disciplines are invited to join the discussion and contribute with their expertise to various sessions as well as a public panel discussion. Thereby, the institute aims to push ahead research and exchange of ideas around the field of participation ranging from encouragement in context of democracy to the impact on innovation management.

Public Afternoon: Online into Politics?
open to the public, registration required
In the afternoon, the meeting will be opened to the public. We are pleased to announce that Helen Margetts, director of the Oxford Internet Institute (OII) has agreed to hold a keynote. We are also excited to be able to share first findings from a study on the e-petition platform of the German parliament, the Bundestag, with the attendants. Representatives of politics and society will reveal national perspectives on political participation within the concluding panel discussion.

Side Events

This meeting adds to the activities of the newly founded Network of Internet & Society Research Centers (NoC). Alongside the meeting on participation the annual Early Stage Researchers Colloquium and a meeting of participants of the Network of Centers will take place – guaranteeing fruitful and inspiring discourses across disciplines and research institutions.

Hosts and Co-Hosts

The event is hosted in co-operation with the Friedrich Ebert Foundation and serves as a Network of Centers (NoC) regional event. The event is furthermore supported by the British Embassy Berlin.

Click to download the brochure of the event.

For more details visit https://cis-india.org/news/alexander-von-humbodt-institute-for-internet-november-22-chances-and-risks-of-social-participation

Seventh Privacy Round-table

elonnai — 2013-11-20T09:58:39Z

On October 19, 2013, the Centre for Internet and Society (CIS) in collaboration with the Federation for Indian Chambers of Commerce and Industry, the Data Security Council of India, and Privacy International held a “Privacy Round-table” in New Delhi at the FICCI Federation House.

The Round-table was the last in a series of seven, beginning in April 2013, which were held across India.

Previous Privacy Round-tables were held in:

New Delhi: (April 13, 2013) with 45 participants;
Bangalore: (April 20, 2013) with 45 participants;
Chennai: (May 18, 2013) with 25 participants;
Mumbai, (June 15, 2013) with 20 participants;
Kolkata: (July 13, 2013) with 25 participants; and
New Delhi: (August 24, 2013) with 40 participants.

Chantal Bernier, Assistant Privacy Commissioner Canada, Jacob Kohnstamm, Dutch Data Protection Authority and Chairman of the Article 29 Working Party, and Christopher Graham, Information Commissioner UK were the featured speakers for this event.

The Privacy Round-tables were organised to ignite spark in public dialogues and gain feedback for a privacy framework for India. To achieve this, the Privacy Protection Bill, 2013, drafted by the Centre for Internet and Society, Strengthening Privacy through Co-regulation by the Data Security Council of India, and the Report of the Group of Experts on Privacy by the Justice A.P. Shah committee were used as background documents for the Round-tables. As a note, after each Round-table, CIS revised the text of the Privacy Protection Bill, 2013 based on feedback gathered from the general public.

The Seventh Privacy Round-table meeting began with an overview of the past round-tables and a description of the evolution of a privacy legislation in India till date, and an overview of the Indian interception regime. In 2011, the Department of Personnel and Training drafted a Privacy Bill that incorporated provisions regulating data protection, surveillance, interception of communications, and unsolicited messages. Since 2010, India has been seeking data secure status from the European Union, and in 2012 a report was issued noting that the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules found under section 43A of the Information Technology Act, were not sufficient to meet EU data secure adequacy. In 2012, the Report of the Group of Experts on Privacy was published recommending a privacy framework for India and was accepted by the government, and the Department of Personnel and Training is presently responsible for drafting of a privacy legislation for India.

Presentation: Jacob Kohnstamm, Dutch Data Protection Authority and Chairman of the Article 29 Working Group

Jacob Kohnstamm, made a presentation on the privacy framework in the European Union. In his presentation, Khonstamm shared how history, such as the Second World War, shaped the present understanding and legal framework for privacy in the European Union, where privacy is seen as a fundamental human right. Kohnstamm also explained how over the years technological developments have made data gold, and subsequently, companies who process this data and create services that allow for the generation of more data are becoming monopolies. This has created an unbalanced situation for the individual consumer, where his or her data is being routinely collected by companies, and once collected — the individual loses control over the data. Because of this asymmetric relationship, data protection regulations are critical to ensure that individual rights are safeguarded.

Kohnstamm recognized the tension between stringent data protection regulations and security for the government, and the provision of services for businesses was recognized. However, he argued that the use of technology without regulation — for commercial reason or security reasons, can lead to harm. Thus, it is key that any regulation incorporate proportionality as a cornerstone to the use of these technologies to ensure trust between the individual and the State, and the individual and the corporation. This will also ensure that individuals are given the right of equality, and the right to live free of discrimination. Kohnstamm went on to explain that any regulation needs to ensure that individuals are provided the necessary tools to control their data and that a robust supervisory authority is established with enough powers to enforce the provisions, and that checks and balances are put in place to safeguard against abuse.

In response to a question asked about how the EU addresses the tension of data protection and national security, Kohnstamm clarified that in the EU, national security is left as a matter for member states to address but the main principles found in the EU Data Protection Directive also apply to the handling of information for national security purposes. He emphasized the importance of the creation of checks and balances. As security agencies are given additional and broader powers, they must also be subjected to stronger safeguards.

Kohnstamm also discussed the history of the fair trade agreement with India, and India’s request for data secure status. It was noted that currently the fair trade agreement between India and the EU is stalled, as India has asked for data secure status. For the EU to grant this status, it must be satisfied that when European data is transferred and processed in India and that it is subject to the same level of protections as it would be if it were processed in the EU. Without a privacy legislation in place, India’s present regime does not reflect the same level of protections as the EU regime. To find a way out of this ‘dead lock’, the EU and India have agreed to set up an expert group — with experts from both the EU and India to find a way in which India’s regime can be modified to meet EU date secure adequacy. As of date, no experts from the Indian side have been nominated and communicated to the EU.

Key Points:

Europe’s history has influenced the understanding and formulation of the right to privacy as a fundamental right.
Any privacy regulation must have strong checks and balances in place and ensure that individuals are given the tools to control their data.
India’s current regime does not meet EU data secure adequacy. Currently, the EU is waiting for India to nominate experts to work with the EU to find a way of the ‘dead lock’.

Discussion: National Security, Surveillance and Privacy

Opening the discussion up to the floor, it was discussed how in India, there is a tension between data protection and national security, as national security is always a blanket exception to the right to privacy. This tension has been discussed and debated by both democratic institutions in India and commercial entities. It was pointed out that though data protection is a new debate, national security is a debate that has existed in India for many years. It was also pointed out that currently there are not sufficient checks and balances for the powers given to Indian security agencies. One missing safeguard that the Indian regime has been heavily criticized for is the power of the Secretary of the Home Ministry to authorize interception requests, as having the authorization power vested in the executive leaves little space between interested parties seeking approval of interception orders, and could result in abuse or conflict of interest. With regards to the Indian interception regime, it was explained that currently there are five ways in which messages can be intercepted in India. Previously, the Law Commission of India had asked that amendments be made to both the Indian Post Office Act and the Indian Telegraph Act.

Moving the discussion to the Privacy Protection Bill, 2013 by CIS, in Chapter V “Surveillance and Interception of Communications” clause 34, the authorization of interception and surveillance orders is left to a magistrate. Previously, the authorization of interception orders rested with the Privacy Commissioner, but this model was heavily critiqued in previous round-tables, and the authorizing authority has been subsequently changed to a magistrate. Participants pointed out that the Bill should specify the level of the magistrate that will be responsible for the authorization of surveillance orders, and also raised the concern that the lower judiciary in India is not adequately functioning as the courts are overwhelmed, thus creating the possibility for abuse. Participants also suggested that perhaps data protection and surveillance should be de-linked from each other and placed in separate bills. This echoes public feedback from previous roundtables.

While discussing needed safeguards in an interception and surveillance regime for India, it was called out that transparency of surveillance, by both the government and the service providers as key safeguards to ensuring the protection of privacy, as it would enable individuals to make educated decisions about the services they choose to use and the extent of governmental surveillance. The need to bring in a provision that incorporated the idea of "nexus of surveillance" was also highlighted. It was also pointed out that in Canada, entities wanting to deploy surveillance in the name of public safety, must take steps to prove nexus. For example, the organization must empirically prove that there is a need for a security requirement, demonstrate that only data that is absolutely necessary will be collected, show how the technology will be effective, prove that there is not a less invasive way to collect the information, demonstrate security measures in place to ensure against loss and misuse, and the organizations must have in place both internal and external oversight mechanisms. It was also shared that in Canada, security agencies are regulated by the Office of the Canadian Privacy Commissioner, as privacy and security are not seen as separate matters. In the Canadian regime, because security agencies have more powers, they are also subjected to greater oversight.

Key Points:

The Indian surveillance regime currently does not have strong enough safeguards.
The concept of ‘nexus’ should be incorporated into the Privacy Protection Bill, 2013.
A magistrate, through judicial oversight for interception and surveillance requests, might not be the most effective authority for this role in India.

Presentation: Chantal Bernier, Deputy Privacy Commissioner, Canada

In her presentation, Bernier made the note that in the Canadian model there are multiple legislative initiatives that are separate but connected, and all provide a legislative basis for the right to privacy. Furthermore, it was pointed out that there are two privacy legislations in Canada, one regulating the private sector and the other regulating the public sector. It has been structured this way as it is understood that the relationship between individuals and business is based on consent, while the relationship between individuals and the state is based on human rights. Furthermore, aspects of privacy, such as consent are different in the public sector and the private sector. In her presentation, Bernier pointed out that privacy is a global issue and because of this, it is critical that countries have privacy regimes that can speak to each other. This does not mean that the regimes must be identical, but they must at the least be inter-operable.

Bernier described three main characteristics of the Canadian privacy regime including:

It is comprehensive and applies to both the public and the private sectors.
The right to privacy in Canada is constitutionally based and is a fundamental right as it is attached to personal integrity. This means that privacy is above contractual fairness. That said, the right to privacy must be balanced collectively with other imperatives.
The Canadian privacy regime is principle based and not rule based. This flexible model allows for quick adaption to changing technologies and societal norms. Furthermore, Bernier explained how Canada places responsibility and accountability on companies to respect, protect, and secure privacy in the way in which the company believes it can meet. Bernier also noted that all companies are responsible and accountable for any data that they outsource for processing.

Furthermore, any company that substantially deals with Canadians must ensure that the forum for which complaints etc., are heard is Canada. Furthermore, under the Canadian privacy regime, accountability for data protection rests with the original data holder who must ensure — through contractual clauses — that any information processed through a third party meets the Canadian level of protection. This means any company that deals with a Canadian company will be required to meet the Canadian standards for data protection.

Speaking to the governance structure of the Office of the Privacy Commissioner in Canada, Bernier explained that the OPC is a completely independent office and reports directly to the Parliament. The OPC hears complaints from both individuals and organizations. The OPC does not have any enforcement powers, such as finding a company, but does have the ability to "name" companies who are not in compliance with Canadian regulations, if it is in the public interest to do so. The OPC can perform audits upon discretion with respect to the public sector, and can perform audits on the private sector if they have reasonable grounds to investigate.

Bernier concluded her presentation with lessons that have been learned from the Canadian experience including:

The importance of having strong regulators.
Privacy regulators must work and cooperate together.
Privacy has become a condition of trade.
In today’s age, issues around surveillance cannot be underestimated.
Companies that have strong privacy practices now have a competitive advantage in place in today’s global market.
Privacy frameworks must be clear and flexible.
Oversight must be powerful to ensure proper protection of citizens in a world of asymmetry between individuals, corporations, and governments.

Key Points:

The Right to Privacy is a fundamental right in Canada.
The Canadian privacy regime regulates the public sector and the private sector, but through two separate legislations.
The OPC does not have the power to levy fines, but does have the power to conduct audits and investigations and ‘name’ companies who are not in compliance with Canadian regulations if it is in the public interest.

Discussion: The Data Protection Authority

Participants also discussed the composition of the Data Protection Authority as described in chapter IV of the Privacy Protection Bill. It was called out that the in the Bill, the Data Protection Authority might need to be made more independent. It was suggested that to avoid having the office of the Data Protection Authority be filled with bureaucrats, the Bill should specify that the office must be staffed by individuals with IT experience, lawyers, judges, etc. On the other hand it was cautioned, that though this might be useful to some extent, it might not be helpful to be overly prescriptive, as there is no set profile of what composition of employees makes for a strong and effective Data Protection Authority. Instead the Bill should ensure that the office of the Data Protection Authority is independent, accountable, and chosen by an independent selection board.

When discussing possible models for the framework of the Data Protection Authority, it was pointed out that there are many models that could be adopted. Currently in India the commission model is not flexible, and many commissions that are set up, are not effective due to funding and internal bureaucracy. Taking that into account, in the Privacy Protection Bill, 2013, the Data Protection Authority, could be established as a small regulator with an appellate body to hear complaints.

Key Points:

The Data Protection Authority established in the Privacy Protection Bill must be adequately independent.
The composition of the Data Protection Authority be diverse and it should have the competence to address the dynamic nature of privacy.
The Data Protection Authority could be established as a small regulator with an appellate body attached.

Presentation: Christopher Graham, Information Commissioner, United Kingdom

Christopher Graham, the UK Information Commissioner, spoke about the privacy regime in the United Kingdom and his role as the UK Information Commissioner. As the UK Information Commissioner, his office is responsible for both the UK Data Protection Act and the Freedom of Information Act. In this way, the right to know is not in opposition to the right to privacy, but instead an integral part.

Graham said that his office also provides advice to data controllers on how to comply with the privacy principles found in the Data Protection Act, and his office has the power to fine up to half a million pounds on non-compliant data controllers. Despite having this power, it is rarely used, as a smaller fine is usually sufficient enough for the desired effect. Yet, at the end of the day, whatever penalty is levied, it must be proportionate and risk based i.e., selective to be effective. In this way the regulatory regime should not be heavy handed but instead should be subtle and effective. In fact, one of the strongest regulators is the reality of the market place where the price of not having strong standards is innovation and economic growth. To this extent, Graham also pointed out that self regulation and co-regulation are both workable models, if there is strong enforcement mechanisms. Graham emphasized the fact that any data protection must go beyond, and cannot be limited to, just security.

Graham also explained that he has found that currently there is a lack of confidence in Indian partners. This is problematic as the Indian industry tries to grow with European partners. For example, he has been told that customers are moving banks because their previous bank’s back offices were located in India. Citing other examples of cases of data breaches from Indian data controllers, such as a call center merging the accounts of two customers and another call centre selling customer information, he explained that the lack of confidence in the Indian regime has real economic implications. Graham further explained that one difficulty that the office of the UK ICO is faced with, is that India does not have the equivalent of the ICO. Thus, when a breach does happen, it is unclear who can be approached in India about the breach.

Touching upon the issue of data adequacy with the EU, Graham noted that if data adequacy is a goal of India, the privacy principles as defined in the Directive and reflected in the UK Data Protection Act, must be addressed in addition to security. In his presentation, Graham emphasized the importance of India amending their current regime, if they want data secure status and spoke about the economic benefits for both Europe and India, if India does in fact obtain data secure status. In response to a question about why it is so important that India amend its laws, if in effect the UK has the ability to enforce the provisions of UK Data Protection Act, Graham clarified that most important is the rule of law, and according to UK law and more broadly the EU Directive, companies cannot transfer information to jurisdictions that do not have recognized adequate levels of protection. Thus, if companies still wish to transfer information to India, this must be done through binding corporate rules.

Another question which was put forth was about how the right to privacy differs from other human rights, and why countries are requiring that other countries to uphold the right to privacy to the same level, when, for example this is not practiced for other human rights such as children’s rights. In response Graham explained that data belongs to the individual, and when it is transferred to another country — it still belongs to the individual. Although the UK would like all countries to uphold the rights of children to the standard that they do, the UK is not exporting UK citizen’s children to India. Thus, as the Information Commissioner he has a responsibility to protect his citizen’s data, even when it leaves the UK jurisdiction. Graham explained further that in the history of Europe, the misuse of data to do harm has been a common trend, which is why privacy is seen as a fundamental right, and why it is paramount that European data is subject to the same level of protection no matter what jurisdiction it is in. India needs to understand that privacy is a fundamental right and goes beyond security, and that when a company processes data it does not own the data, the individual owns the data and thus has rights attached to it to understand why Europe requires countries to be ‘data secure’ before transferring data to them.

Key Points:

The UK Information Commissioners Office regulates both the right to information and privacy, and thus the two rights are seen as integral to each other.
Penalties must be proportionate and scalable to the offense.
Co-regulation and self-regulation can both be viable models to for privacy, but enforcement is key to them being effective.

Discussion: Collection of Data with Consent and Collection of Data without Consent

Participants also discussed the collection of data with consent and the collection of data without consent found in Chapter III of the Bill. When asked opinions about the circumstances when informed consent should not be required, it was pointed out that in the Canadian model, the option to collect information without consent only applies to the public sector if it is necessary for the delivery of a service by the government. In the private sector all collection of information requires informed and meaningful consent. Yet, collection of data without consent in the commercial context is an area that Canada is wrestling with, as there are instances, such as online advertising, where it is unreasonable to expect consent all the time. It was also pointed out that in the European Directive, consent is only one of the seven grounds under which data can be collected. As part of the conversation on consent, it was pointed out that the Bill currently does not take explicitly take into account the consent for transfer of information, and it does not address changing terms of service and if companies must re-take consent, or if providing notice to the individual was sufficient. The question about consent and additional collection of data that is generated through use of that service was also raised. For example, if an individual signs up for a mobile connection and initially provides information that the service provider stores in accordance to the privacy principles, does the service provider have an obligation to treat all data generated by the user while using the service of the same? The exception of disclosure without consent was also raised and it was pointed out that companies are required to disclose information to law enforcement when required. For example, telecom service providers must now store location data of all subscribers for up to 6 months and share the same when requested by law enforcement.

Key Points:

There are instances where expecting companies to have informed consent for every collection of information is not reasonable. Alternative models, based on — for example transparency — must be explored to address these situations.
The Privacy Protection Bill should explicitly address transfer of information to other countries.
The Privacy Protection Bill should address consent in the context of changing terms of service.

Discussion: Penalties and Offences

The penalties and offenses prescribed in chapter VI of the Privacy Protection Bill were discussed by participants. While discussing the chapter, many different opinions were voiced. For example, some participants held the opinion that offences and penalties should not exist in the Privacy Protection Bill, because in reality they are more likely than not to be effective. For example, when litigating civil penalties, it takes a long time for the money to be realized. Others argued that in India, where enforcement of any law is often weak, strong, clear, and well defined criminal penalties are needed. Another comment raised the point that a distinction should be made between breaches of the law by data controllers and breaches by rogue individuals — as the type of violation. For example, a breach by a data controller is often a matter identifying the breach and putting in place strictures to ensure that it does not happen again by holding the company accountable through oversight. Where as a breach by a rogue agent entails identifying the breach and the rogue agent and creating a strong enough penalty to ensure that they will not repeat the violation. Adding to this discussion, it was pointed out that in the end, scalability is key in ensuring that penalties are proportional and effective. It was also noted that in the UK, any fine that is levied is appealable. This builds in a system of checks and balances, and ensures that companies and individuals are not subject to unfair or burdensome penalties.

The possibility of incentivizing compliance, through rewards and distinctions, was discussed by participants. Some felt that incentivizing compliance would be more effective as it would give companies distinct advantages to incorporating privacy protections, while others felt that incentives can be included but penalties cannot be excluded, otherwise the provisions of the Privacy Protection Bill 2013 will not be enforceable. It was also pointed out that in the context of India, ideally there should be a mechanism to address the ‘leakages’ that happen in the system i.e., corruption. Though this is difficult to achieve, regulations could take steps like specifically prohibiting the voluntary disclosure of information by companies to law enforcement. Taking a sectoral approach to penalties was also suggested as companies in different sectors face specific challenges and types of breaches. Another approach that could be implemented is the statement of a time limit for data controllers and commissioners to respond to complaints. This has worked for the implementation of the Right to Information Act in India, and it would be interesting to see how it plays out for the right to privacy. Throughout the discussion a number of different possible ways to structure offenses and penalties were suggested, but for all of them it was clear that it is important to be creative about the type of penalties and not rely only on financial penalty, as for many companies, a fine has less of an impact than perhaps having to publicly disclose what happened around a data breach.

Key Points:

Penalties and offenses by companies vs. rogue agents should be separately addressed in the Bill.
Instead of levying penalties, the Bill should include incentives to ensure compliance.
Penalties for companies should go beyond fines and include mechanisms such as requiring the company to disclose to the public information about the breach.

Discussion: Cultural Aspects of Privacy

The cultural realities of India, and the subsequent impact on the perception of privacy in India were discussed. It was pointed out that India has a history of colonization, multiple religions and languages, ethnic tensions, a communal based society, and a large population. All of these factors impact understandings, perceptions, practices, and the effectiveness of different frameworks around privacy in India. For example, the point was raised that given India’s cultural and political diversity, having a principle based model might be too difficult to enforce as every judge, authority, and regulator will have a different perspective and agenda. Other participants pointed out that there is a lack of awareness around privacy in India, and this will impact the effectiveness of the regulation. It was also highlighted that anecdotal claims that cultural privacy in India is different, such as the fact that in India on a train everyone will ask you personal questions, and thus Indian’s do not have a concept of privacy, cannot influence how a privacy law is framed for India.

Key Points:

India’s diverse culture will impact perceptions of privacy and the implementation of any privacy regulation.
Given India’s diversity, a principle based model might not be adequate.
Though culture is important to understand and incorporate into the framing of any privacy regulation in India, anecdotal stories and broad assumptions about India’s culture and societal norms around privacy cannot influence how a privacy law is framed for India.

Conclusion

The seventh privacy round-table concluded with a conversation on the NSA spying and the Snowden Revelations. It was asked if domestic servers could be an answer to protect Indian data. Participants agreed that domestic servers are just a band aid to the problem. With regards to the Privacy Protection Bill it was clarified that CIS is now in the process of collecting public statements to the Bill and will be submitting a revised version to the Department of Personnel and Training. Speaking to the privacy debate at large, it was emphasized that every stakeholder has an important voice and can impact the framing of a privacy law in India.

For more details visit https://cis-india.org/internet-governance/blog/report-of-sevent-privacy-round-table