We are anonymous, we are legion

CIS Cybersecurity Series (Part 3) - Eva Galperin

purba — 2013-08-01T09:55:23Z

CIS interviews Eva Galperin, Global Policy Analyst at the Electronic Frontier Foundation (EFF).

"It is a vital tool for speaking truth to power. Unless you are able to speak anonymously, you are not really free to espouse unpopular ideas to people who have the power to do bad things to do... I think the value of anonymous speech vastly outweighs the difficulties that you can sometimes get into because people can speak anonymously. And on the whole, I think anonymity is worth protecting." - Eva Galperin, Global Policy Analyst at EFF.

Centre for Internet and Society presents its third installment of the CIS Cybersecurity Series.

The CIS Cybersecurity Series seeks to address hotly debated aspects of cybersecurity and hopes to encourage wider public discourse around the topic.

In this installment, CIS speaks to Eva Galperin, the Global Policy Analyst at the Electronic Frontier Foundation (EFF).She has worked for the EFF in various capacities for the last five years, applying the combination of her political science and technical background to organizing activism campaigns, and doing education and outreach on intellectual property, privacy, and security issues.

EFF homepage: https://www.eff.org/

This work was carried out as part of the Cyber Stewards Network with aid of a grant from the International Development Research Centre, Ottawa, Canada.

For more details visit https://cis-india.org/internet-governance/cis-cybersecurity-series-part-3-eva-galperin

The Difficult Balance of Transparent Surveillance

kovey — 2013-07-15T04:23:35Z

Is it too much to ask for transparency in data surveillance? On occasion, companies like Microsoft, Facebook, and the other silicon valley giants would say no. When customers join these services, each company provides their own privacy statement which assures customers of the safety and transparency that accompanies their personal data.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

Google even publishes annual “Transparency Reports” which detail the data movement behind the scenes. Governments, too, are somewhat open about surveillance methods, for example with the public knowledge of the existence and role of institutions like America’s NSA and India’s CMS. These façades of assurance, however, never satisfy the public enough to protect them from feeling cheated and deceived when information leaks about surveillance practices. And in the face of controversy around surveillance, both service providers and governments scramble to provide explanations for discrepancies between their promises and their practices.

So it seems that transparency might not be too much to ask, but instead is perhaps more complicated of a request than imagined. For some citizens, nothing would be more satisfying than complete transparency on all data collection. For those who recognize surveillance as crucial for national security, however, complete transparency would mean undermining the very efficacy of surveillance practices. And data companies often find themselves caught between these two ends, simultaneously seeking profits by catering to the public, while also trying to abide by political and legal frameworks. Therefore, in the process of modern data surveillance, each attempt at resolution of the transparency issue will become a delicate balance between three actors: the government, the big data companies, and the people. As rightly stated on the Digital Due Process website, rules for surveillance must carefully consider “the individual’s constitutional right to privacy, the government’s need for tools to conduct investigations, and the interest of service providers in clarity and customer trust.”[1]

So we must unpack the idea of transparency.

First, there should be a distinction made between proactive transparency and reactive transparency, or, the announcement of surveillance practices versus the later access to surveillance records. The former is more risky and therefore more difficult to entertain, while the latter may lack any real substance beyond satisfying inquiries. Also consider the discrepancy in motivation for transparency between the actors. For the citizen, is transparency really an end goal, or is it only a stepping stone in the argument for eradication of surveillance practices in the name of rights to privacy? Here, we ascertain the true value of total transparency; will it ever please citizens to learn of a government’s most recent undermining of the private sphere?

Reactive transparency has been achieved only in recent years in India, during a number of well publicized legal cases. In one of the earliest cases of reactive transparency, Reliance Communications made an affidavit in the Supreme Court over the exact number of surveillance directives given by the government. It was released that 151,000 Reliance accounts were monitored for a project between 2006 and 2010, with 3,588 tapped phones just from the Delhi region alone in 2005.[2]

But also there has been controversy over the extent of reactive transparency, because it has been especially problematic to discern the point where transparency once again encroaches on privacy, both for government and the people’s sake. After gathering the data, its release could further jeopardize the citizens and the government. It is important to carefully consider the productive extent of reactive transparency: What will become of the information? Will one publicly reveal how many people were spied on? Who was spied on? What was found when through spying? Citizens must take all of this into consideration when requesting transparency.

Meanwhile, service providers embrace transparency when it can benefit their corporation, or as a recent Facebook statement explained, “we’ve been in discussions with U.S. national security authorities urging them to allow more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.” [a] Many of the service providers mentioned in the recently leaked PRISM report have made well-publicized requests to the U.S. government for more transparency.[3]

Not only have they allegedly written requests to the government to allow them to disclose information, but the companies (including Facebook [a], Apple [b], Microsoft[c], and Google [d]) have all released explanatory statements in the wake of the June 2013 PRISM scandal. Although service providers claim that the request to release data about their cooperation is in the ‘interest of transparency,’ it instead seems that the motivation for this transparency is to ease consumers’ concerns and help the companies save face. The companies (and the government) will admit their participation in surveillance once it has become impossible to deny their association with the programs. This shrewd aspect of transparency can be seen most clearly in statements like those from Microsoft, who included in their statement on June 14^th, “We have not received any national security orders of the type that Verizon was reported to have received.” [c] Spontaneous allusions like this are meant to contrast guilt-conscious service providers favorably to telecom service providers such as AT&T and Verizon, who allegedly yielded the most communications data and who as of now have yet to release defensive public statements.

Currently, we find ourselves in a situation where entities admit to their collusion in snooping only once information has leaked, indignation has ignited, and scandal has erupted. A half-hearted proactive transparency leads to an outrage demanding reactive semi-transparency. These weak forms of transparency neither satisfy the public, nor allow governments and service providers to maintain dignity.

But now is also a crucial moment for possible reevaluation and reformation of this system, especially in India. Not only is India enacting its own national security surveillance system, the CMS[4] but the recent NSA and PRISM revelations are still sending shockwaves throughout the world of cyber security and surveillance. Last week, a Public Interest Litigation (PIL) was sent to the Indian Supreme Court, arguing that nine foreign service providers (Facebook, Hotmail, Yahoo!, Google, Apple, Skype, Paltalk, AOL, YouTube) violated the trust and privacy of their Indian customers through their collusion with the US government’s surveillance programs.[5]

Among other things, the PIL emphatically sought prosecution of the mentioned corporations, demands for the service providers to establish servers in India, and also sought stricter rules to prevent Indian officials from using these foreign services for work involving national security. Ultimately, the PIL was rejected by the Supreme Court; although the PIL stated the grounds of Rule 6 of the Information Technology Rules 2011 for the guidelines in protecting sensitive Indian citizen information, the SC saw the PIL as addressing problems outside of SC jurisdiction, and was quoted as saying “we cannot entertain the petition as an Indian agency is not involved.”[5][6]

The SC considered the PIL only partially, however, as certain significant parts of the petition were indeed within Indian domestic agency, for example the urge to prohibit federal officials from using the private email services such as Gmail, Hotmail, and Yahoo. And although the SC is not the correct place to push for new safeguard legislation, the ideas of the PIL are not invalid, as Indian leaders have long searched for ways of ensuring basic Indian privacy laws in the context of international service providers. This is also not a problem distinctive to India. International service providers have entered into agreements regarding the same problems of incorporating international customers’ rights, formal agreements which India could emulate if it wanted to demand greater privacy or transparency.

For example, there is the Safe Harbor Framework, an institution in place to protect and mediate European Union citizens’ privacy rights within the servers of foreign (i.e. American) Internet companies. These regulations were established in 2000, and serve the purpose of adjusting foreign companies’ standards to incorporate E.U. privacy laws. In accordance with the agreement, E.U. data is only allowed to be sent to outside providers who maintain the seven Safe Harbor principles, several of which focus on transparency of data usage.[7] India could enact a system similar to this, and it would likely alleviate some of the concerns raised in the most recent PIL. These frameworks, however, have not proven completely reliable safeguards either, especially when the service providers’ own government uses national security as a means to override the agreement. Although the U.S. government has yet to fully confirm or deny many of the NSA and PRISM allegations in regards to Europe, there is currently strong room to believe that the surveillance practices may have violated the Safe Harbor agreements by delivering sensitive E.U. citizen data to the U.S. government.[8] It is uncertain how these revelations will impact the agreements made between the big Silicon-Valley companies and their E.U. customers.

The recent PIL also strongly suggested establishing domestic data servers to keep Indian citizens’ information within the country and under the direct supervision of Indian entities. It strongly pushes for self-reliance as the best way to ensure both citizen and national security. The PIL assumes that domestic servers will not only offer better information protection, but also create much needed jobs and raise national tax revenue.[5] If allegations about PRISM and the E.U. prove true, then the E.U. may also decide to support establishment of European servers as well.

Several of the ideas outlined in the PIL have merit, but may not be as productive as the requesters assume. It is true that establishing servers and domestic regulators in India may temporarily protect from unwanted foreign, i.e. American, surveillance. But at the same time, this also increases likelihood of India’s own central government taking a stronger surveillance stance, more stringently monitoring their own servers and databases. It has not yet been described how the CMS will be operate its surveillance methods, but moving data to domestic servers may just result in shifting power from NSA to CMS. Rather than more privacy or transparency, the situation could easily become a matter of who citizens prefer spying over them.

Even if one government establishes rules which enforce transparency, this may clash with the laws of the service providers’ domestic government, i.e. confidentiality in surveillance. Considering all of this, rejection of foreign service providers and promotion of domestic self reliance may ultimately prove the most effective alternative for nations which are growing rapidly in both internet presence and internet consciousness. But that does not make this option the easiest. Facing the revelations and disillusionment of domestic (CMS) and international (PRISM) surveillance methods, countries like India are reaching an impeding critical juncture. Now is the most important time to establish new norms, while public sentiment is at its highest and transition is most possible, not only creating new laws which can safeguard privacy, but also strongly considering alternatives to foreign service providers like those outlined in June’s PIL. Privacy International’s guiding principles of communications surveillance also offer useful advice, urging for the establishment of oversight institutions which can access surveillance records and periodically publish aggregate data on surveillance methods.[9] Although the balance between security on the national level and security on the personal level will continue to be problematic for nations in the upcoming years, and even though service providers’ positions on surveillance usually seem contrived, Microsoft Vice President John Frank made a statement which deserves appreciation, rightly saying, “Transparency alone may not be enough to restore public confidence, but it’s a great place to start.”[c]

[1]. http://digitaldueprocess.org/

[2]. http://bit.ly/151Ue1H

[3]. http://bit.ly/12XDb1Z

[4]. http://ti.me/11Xh08V

[5]. Copy of 2013 PIL to Supreme Court, Prof. S.N. Singh [attached]

[6]. http://bit.ly/1aXWdbU

[7]. http://1.usa.gov/qafcXe

[8]. http://bit.ly/114hcCX

[9]. http://bit.ly/156wspI

[a]. Facebook Statement: http://bit.ly/ZQDcn6

[b]. Apple Statement: http://bit.ly/1akaBuN

[c]. Microsoft Statement:http://bit.ly/1bFIt31

[d]. Google Statement: http://bit.ly/16QlaqB

For more details visit https://cis-india.org/internet-governance/blog/the-difficult-balance-of-transparent-surveillance

dna exclusive: Geeks have a solution to digital surveillance in India: Cryptography

praskrishna — 2013-07-15T06:24:40Z

While you were thinking of what next to post on Twitter, the government has stealthily put an ambitious surveillance programme in place that tracks your every move in the digital world — through voice calls, SMS and MMS, GPRS, fax communications on landlines, video calls and emails.

The article by Joanna Lobo was published in DNA on July 7, 2013. Pranesh Prakash is quoted.

The programme, conceived in 2011, has now been brought under one umbrella referred to as the centralised monitoring system (CMS). It is the death of privacy.

But as concerned citizens argue for the need to formulate policies and laws to protect privacy, there's a simpler solution in sight for now: a CryptoParty.

At this 'party', an informal gathering of people, non-geeks can learn how to legally encrypt their digital communications and how to store data without the fear of anyone snooping in. Encryption is a process of encoding messages so that it can only be read by authorised parties.

What is it?
"A CryptoParty educates people in the domain of cryptography. It's usually about the basics: how to send encrypted email, how to protect your hardware and how to use free and open source software," says Satyakam Goswami, a free software consultant associated with the Software Freedom Law Centre (SFLC), Delhi (remove this). Goswami was one of the 72 participants at the CryptoParty organised on Saturday at Institute of Informatics & Communication (IIC), Delhi University South Campus On June 30, a CryptoParty organised at the Centre for Internet and Society (CIS) in Bangalore had 30 people in attendance. "We were taught about the what, how and who is watching us. We were also taught how to encrypt emails, chat, video calls or instant messaging,” says Siddhart Prakash Rao, a computer science graduate and a free software and open source enthusiast who is about to pursue a Masters in Cryptography.

The topics may be a mouthful for non-geeks but CryptoParty advocates maintain that all this is taught in the simplest way possible. The choice of subject depends on the composition of the group — if it is a gathering of geeks, like at the Bangalore event, then the topics are more technical.

How can it help?
CryptoParties started in August 2012 by an Australian woman (who goes by the pseudonym Asher Wolf) after a conversation on Twitter about The Australian Parliament's new cybercrime bill that allowed law enforcement to ask Internet Service Providers to monitor and store data.
Attending a CryptoParty is a good way to learn how to overcome government snooping legally.

“Citizens should use encryption to safeguard their private communications against both corporations and the government. Encryption is one of the best ways to react to CMS along with increased civic vigilance and democratic questioning of our government and parliamentarians,” says Pranesh Prakash, policy director, CIS, and one of the frontrunners in the fight to formulate a policy to safeguard privacy in India.

"In India, people tend to be rather ignorant. They are not aware of the kind of surveillance they are subjected to once online. It's a lack of understanding," says Sumandro Chattapadhyay, a researcher with Sarai, a programme of the Centre for the Study of Developing Societies, Delhi.

Bernadette Langle, who also works at CIS has been instrumental in organising the handful of CryptoParties in the country. When dna spoke to her, she was on her way to Delhi after participating in the Bangalore event. Langle will also be part of a CryptoParty being planned for October in Mumbai. "Ten years ago, you had to be a geek to be able to encrypt and protect yourself online. Now, you need software and it's much easier," she says.

The advantage is that the privacy tactics taught at such parties is completely legal. All knowledge is in the public domain. “A government will only deny its citizens basic communications privacy if it is authoritarian,” says Pranesh. “So while it can try social engineering and other means to gain access to what you've encrypted, it simply cannot 'decode' it as long as you have chosen a strong pass phrase and keep that protected, or they create quantum computers capable of breaking your encryption.”

The CIS is currently working on revisions of the Privacy (Protection) Bill 2013 with the objective of contributing to privacy legislation in India. Till that bill becomes an Act and till there's a better way to overcome needless government surveillance, attending a CryptoParty could possibly be the wisest solution for those concerned about privacy.

(For more details on CryptoParties, visit www.cryptoparty.in)

How to encrypt:
SMS: Make content secure by using software like TextSecure (Android) or CryptoSMS (Symbian). However, SMS metadata (who you are sending the message to and at what time) can still be tracked.

Instead of Whatsapp, install Jabbir and add off the record encryption.

For email, you can use OpenPGP in conjunction with Thunderbird to encrypt mails you send from Gmail/Yahoo Mail/Live Mail accounts so that even Google, Yahoo and Microsoft can't read them

For web browsing, use a VPN (which will hide your traffic from your ISP), or Tor (which will help anonymise your traffic, but will slow down your connection slower).

For more details visit https://cis-india.org/news/report-dna-july-7-2013-joanna-lobo-geeks-have-a-solution-to-digital-surveillance-in-india-cryptography

Biometrics or bust? India's Identity Crisis

praskrishna — 2013-07-01T09:49:48Z

Malavika Jayaram is speaking at an event organized by the Oxford Internet Institute on July 2, 2013. The talk will be held at Oxford Internet Institute, University of Oxford, 1 St Giles Oxford OX1 3JS.

This info was published on the Oxford Internet Institute website.

India's mammoth biometric ID project, which has registered around 270 million people and is yet to be fully realized, is already the worldís largest such endeavor. It is marketed as a potential game-changer both domestically (where it is touted as a silver bullet to solve most problems) and internationally (where countries wait and watch this experiment before importing it into their own jurisdictions). Alongside all the hype about the scale of the scheme, its potential for transforming the delivery of services and the scope for private participation in traditionally state-controlled functions, there are fears of function creep, of subversion to create new types of fraud and corruption, of increased profiling and targeting, and of a citizenry becoming transparent to its government in an unprecedented way, all in the name of ambiguous benefits and the rhetoric of inclusion.

The government praises the ease and efficiency of centralized databases, the promise of technology (including the myth of biometrics uniquely and unambiguously identifying people in a foolproof way) and the construction of the identified self. However, there is growing awareness of the dangers of joined-up databases resulting in exclusion rather than inclusion, and persecution rather than democratization.

The scheme is technically voluntary, but with the provision of benefits, goods and services being increasingly linked to the scheme, it will soon become impossible to function in India without a biometric ID. If every facet of everyday life is linked to this single number, it renders all claims of voluntariness meaningless. The lack of information self-determination in a biometrically mediated universe has important ramifications for anonymity, free speech and the maintenance of an essential private sphere.

In this talk, Malavika will provide an overview of the scheme as well as the debate around privacy and autonomy that it has triggered, framed against the backdrop of a larger civil liberties crisis. She will also describe Indiaís efforts to craft new privacy and data protection legislation.

For more details visit https://cis-india.org/news/biometrics-or-bust-indias-identity-crisis

Concerns over central snoop

praskrishna — 2013-07-01T09:33:27Z

Eyebrows have been raised at the Centre’s single-window system to intercept phone calls and internet exchanges — the desi version of the US’s surveillance programme, PRISM — that is expected to roll out this year-end.

The article by Aloke Tikku was published in the Hindustan Times on June 28, 2013. Sunil Abraham is quoted.

The Rs. 400-crore project — tentatively called the Central Monitoring System (CMS) — will not only allow the government to listen to a target’s phone conversation but also track down a caller’s precise location, match his voice against known suspects’ before the call is completed and see what people have been up to on the internet.

And then, it can also use analytics to discover possible links — between suspected terrorists, criminals or just about anybody — from the internet and phone data. All this will be done from one place without keeping the internet or phone service provider in the loop — something the telecom and home ministries insist will enhance citizens’ privacy.

Both ministries also insist that the CMS won’t change the rules of the game. “The process to seek authorisation for interception will not be diluted,” a home ministry official promised.

So is everything hunky dory?

Hardly. But technology — in this case, the CMS — is a smaller part of the problem.

The bigger chunk is the process of approving “lawful interception” orders and the lack of transparency around it.

It was in December 1996 that the Supreme Court held that the State could spy on its citizens in extraordinary circumstances but, as an interim measure, made it mandatory for the home secretary to approve each and every such request. Telecom minister Kapil Sibal, who appeared in this case in the mid-1990s, convinced the court that it didn’t have the powers to order that a judge decide each phone-tapping case. Instead, Sibal suggested that this power remain with the executive on lines of the law in the UK. A former home secretary, however, conceded that they hardly have the time to apply their mind before signing a wiretap order.

That isn’t surprising. The home secretary approves around 7,500-9,000 interception orders every month. That means he or she has to sign an average of 300 orders every day without a break.

If he were to spend just 30 seconds on each case, he would have to keep aside four-and-a-half hours just approving interception orders every day.

An official said the ministry was considering a suggestion to pick up a fixed number of cases at random for closer scrutiny before approval.

Many believe this might not be enough. It is argued that the government — which was trying to replicate surveillance technology from the west — needs to adopt their safeguards and transparency norms too.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, said he didn’t have a problem with CMS as long as it didn’t go for blanket surveillance.

“But there is no reason why the executive — and not a judge — should have the powers to decide on phone-tapping requests,” he said. Or for that matter, why shouldn’t there be an independent audit of phone-tapping decisions, their implementation and outcome?

“The aggregated data should be put in the public domain,” Abraham said. The US has such provisions. So does Britain, which inspired Sibal to argue for retaining interception powers with the executive in the mid-1990s. It is time to follow-up on that model.

For more details visit https://cis-india.org/news/hindustan-times-aloke-tikku-june-28-2013-concerns-over-central-snoop

Technology, Power, and Revolutions in the Arab Spring

praskrishna — 2013-07-01T08:36:57Z

The Centre for Internet and Society (CIS), Bangalore cordially invites you to a talk by Prof. Ramesh Srinivasan on technology, power and revolutions in the Arab Spring. The talk will be held in CIS office on July 2, 2013 from 6.00 p.m. onwards.

Ramesh Srinivasan

Ramesh Srinivasan, Associate Professor at UCLA in Design and Media/Information Studies, studies and participates in projects focused on how new media technologies impact political revolutions, economic development and poverty reduction, and the future of cultural heritage. He recently wrote an op/ed at the Washington Post explaining the complex nature of social media in revolutions and riots, such as those in Egypt and in London, and also a column for the Post’s Sunday Outlook section on the 5 Myths of Social Media. Additionally, he has written multiple front page articles for the Huffington Post, including a piece on Internet Freedom for the Huffington Post. He has had his work featured on the front page of the UCLA and USC websites.

Recent public outreach has built on his response in the New Yorker (from his blog: http://rameshsrinivasan.org) to Malcolm Gladwell’s writings critiquing the power of social media in impacting revolutionary movements. He has worked with bloggers, pragmatically studying their strengths and limitations, who were involved in recent revolutions in Egypt and Kyrgyzstan, as discussed in a recent NPR interview. He has also collaborated with non-literate tribal populations in India to study how literacy emerges through uses of technology, and traditional Native American communities to study how non-Western understandings of the world can introduce new ways of looking at the future of the internet. His work has impacted contemporary understandings of media studies, anthropology and sociology, design, and economic and political development studies. He has given several major invited talks, including recently at LIFT in 2009 (http://vimeo.com/5520100). He holds an engineering degree from Stanford, a Masters degree from the MIT Media Lab, and a Doctorate from Harvard University. His full academic CV can be found at http://rameshsrinivasan.org/cv

See Prof. Ramesh Srinivasan's blog page

For more details visit https://cis-india.org/internet-governance/events/technology-power-and-revolutions-in-arab-spring

Terms of Website Use

praskrishna — 2013-07-01T07:16:15Z

Parties and Ownership

These Terms of Website Use ("Terms") is made between the Centre for Internet & Society ("CIS") and you.
In these Terms, all references to "you" or "user" shall mean the end-user accessing the Website, its contents and using the services offered through the Website. "Service providers" mean independent third party service providers. All references to "we", "us" and "our" shall mean CIS.
The domain name www.cis-india.org ("Website") is owned by CIS. CIS offers this web site, including all information, tools and services available from this site, to you, the user, conditioned upon your acceptance of all the terms, conditions, policies and notices stated here. Your use of this site indicates that you have read, acknowledged and agreed to these Terms.

Due Diligence

These Terms are published in compliance with Rule 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011 notified by the Central Government in the Gazette of India Extraordinary vide Notification GSR 314(E) on 11 April 2011 ("Intermediaries Rules"). These Terms constitute an electronic record for the purposes of the Information Technology Act, 2000 ("IT Act").
You agree that you will not host, display, upload, modify, publish, transmit, update or share any information that:
- belongs to another person and to which you do not have any right to;
- is grossly harmful, harassing, blasphemous defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, racially or ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
- harms minors in any way;
- infringes any patent, trademark, copyright or other proprietary rights;
- violates any law for the time being in force;
- deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;
- impersonates another person;
- contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource; or,
- threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting to any other nation.
You agree that in the event of any non-compliance with these Terms, we have the right to immediately terminate your access or usage rights to this Website and our services and/or remove any information that is, or is deemed by us to be, non-compliant.

Use of this Website

Unauthorised use of this Website, any information contained therein and unauthorised entry into our systems is strictly prohibited. You may not use contact information provided on this Website for unauthorized purposes, including marketing. You may not use any hardware or software intended to damage or interfere with the proper working of this Website or to surreptitiously intercept any system, data or personal information from this Website. You agree not to interrupt or attempt to interrupt the operation of this Website in any way.
We reserve the right, in our sole discretion, to limit or terminate your access to or use of this Website at any time without notice. Termination of your access or use will not waive or affect any other right or relief to which we may be entitled at law or in equity.
You represent and warrant that you own or otherwise control all the rights to the content you supply; that the content is accurate; that use of the content you supply does not violate any provision herein and will not cause injury to any person or entity; and that you will indemnify us for all claims resulting from content you supply.
You shall comply, and cause compliance, with all applicable provisions of any law, statute, ordinance, order, rule, regulation, bye-law, notification, custom, circular, press note, policy or other usage or mandatory requirement having, in the territory of India, the force of law.

Information on this Website

We are not responsible if information made available on this Website is not accurate, complete or current. The material on this Website is provided for general information only and should not be relied upon or used as the sole basis for making decisions without consulting primary, more accurate, more complete or timelier sources of information. Any reliance on the material on this Website is at your own risk. This Website may contain information that has typographical errors or inaccuracies. This Website may contain certain historical information. Historical information is provided for your reference only. We reserve the right to modify the contents of this Website at any time, but we have no obligation to update any information on this Website. You agree that it is your responsibility to monitor changes to this Website. Your use of this Website constitutes agreement to all such changes. We may discontinue or change any product or service described or offered on this Website at any time.

Trademarks, Copyright and Other Proprietary Rights

You or third parties acting on your behalf are not allowed to frame this site or use our proprietary marks as meta tags, without our written consent. These marks include, but are not limited to:

You may not use frames or utilize framing techniques or technology to enclose any content included on the site without our express written consent. Further, you may not utilize any site content in any meta tags or any other "hidden text" techniques or technologies without our express written consent.
Trademarks, logos and service marks displayed on this site are registered and unregistered trademarks of ours and our partners, sponsors, content providers, or other third parties. All of these trademarks, logos and service marks are the property of their respective owners. Nothing on this site shall be construed as granting, by implication, estoppel, or otherwise, any license or right to use any trademark, logo or service mark displayed on the site without the owner's prior written permission, except as otherwise described herein. We reserve all rights not expressly granted in and to the site and its content.

Disclaimer of Warranties

Your use of this Website is at your sole risk. This Website is provided on an "as is" basis. We reserve the right to restrict or terminate your access to this Website or any feature or part thereof at any time. We expressly disclaim all warranties of any kind, whether express or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose and any warranties that materials on this Website are non-infringing, as well as warranties implied from a course of performance or course of dealing; that access to this Website will be uninterrupted or error-free; that this Website will be secure; that the site or the server that makes this Website available will be virus-free; or that information on this Website will be complete, accurate or timely. If you download any materials from this Website, you do so at your own discretion and risk. You will be solely responsible for any damage to your computer system or loss of data that results from the download of any such materials. No advice or information, whether oral or written, obtained by you from us shall create any warranty of any kind. We do not make any warranties or representations regarding the use of the materials on this Website in terms of their completeness, correctness, accuracy, adequacy, usefulness, timeliness, reliability or otherwise.

Limitation of Liability

You acknowledge and agree that you assume full responsibility for your use of this Website. You acknowledge and agree that any information you send or receive during your use of this Website may not be secure and may be intercepted by unauthorized parties. You acknowledge and agree that your use of this Website is at your own risk. Recognizing such, you acknowledge and agree that, to the fullest extent permitted by applicable law, neither we, our partners, sponsors or content providers will be liable for any direct, indirect, punitive, exemplary, incidental, special, consequential or other damages arising out of or in any way related to this Website, or any other site you access through a link from this Website or from any actions we take or fail to take as a result of communications you send to us, or the delay or inability to use this Website, or for any information, products or services advertised in or obtained through this Website, removal or deletion of any materials submitted or posted on this Website, or otherwise arising out of the use of this Website, whether based on contract, tort, strict liability or otherwise, even if we, our affiliates or any of our suppliers have been advised of the possibility of damages.
This disclaimer applies, without limitation, to any damages or injury arising from any failure of performance, error, omission, interruption, deletion, defects, delay in operation or transmission, computer viruses, file corruption, communication-line failure, network or system outage, your loss of profits, or theft, destruction, unauthorized access to, alteration of, loss or use of any record or data, and any other tangible or intangible loss. You specifically acknowledge and agree that neither we nor our suppliers shall be liable for any defamatory, offensive or illegal conduct of any user of this Website. Your sole and exclusive remedy for any of the above claims or any dispute with us is to discontinue your use of this Website. Subject to the terms of the Limitation Act, 1963, you agree that any cause of action arising out of or related to the site must commence within one (1) year after the cause of action accrues otherwise the cause of action is permanently barred.

Indemnification

You agree to indemnify us, defend us and hold us harmless, including our affiliates and our officers, members, directors, employees, consultants, contractors, agents, licensors, service providers, subcontractors and suppliers from and against any and all losses, liabilities, expenses, damages and costs, including reasonable attorneys' fees and court costs, arising or resulting from your use of this Website and any violation of these Terms. If you cause a technical disruption to this Website or the systems transmitting this Website to you or others, you agree to be responsible for any and all losses, liabilities, expenses, damages and costs, including reasonable attorneys' fees and court costs, arising or resulting from that disruption. We reserve the right to assume exclusive defence and control of any matter otherwise subject to indemnification by you and, in such an event, you agree to cooperate with us in the defence of such matter.

Governing Law, Jurisdiction and Definitive Agreement

This Website is controlled, operated and administered within India. We do not make any representation that materials on this Website are appropriate or available for use at other locations outside India and access to them from territories where their contents are illegal is prohibited. You may not use this Website in violation of Indian laws. If you access this Website from locations outside India, you are responsible for compliance with all local laws. These Terms shall be governed by the laws of India, without giving effect to its conflict of laws provisions. You agree that the courts at Bangalore shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with your use of this Website and these Terms.
These Terms constitute the entire and definitive agreement between you and us with respect to your use of this Website. If for any reason a court of competent jurisdiction finds any provision of these Terms, or portion thereof, to be unenforceable, that provision shall be enforced to the maximum extent permissible so as to give effect to the intent of these Terms, and the remainder of these Terms shall continue in full force and effect.

For more details visit https://cis-india.org/about/policies/website-use

Privacy Policy

praskrishna — 2013-07-01T06:25:37Z

Preliminary

This Privacy Policy ("Policy") states the internal policy of the Centre for Internet & Society ("CIS") with regard to the collection, storage, security, processing and disclosure of personal data.
This Policy constitutes compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 that were notified by the Central Government in the Gazette of India vide Notification GSR 313(E) on 11 April 2011.

Collection of Personal Data

CIS will not collect any personal data that is not necessary for the achievement of a purpose that is connected to a stated CIS function.
CIS will not collect any personal data without obtaining the prior consent of the person to whom it pertains. CIS may obtain such consent in any manner, and through any medium, but will not employ threats, duress or coercion to obtain such consent.
Personal data collected in respect of a grant of consent by the person to whom it pertains will, if that consent is subsequently withdrawn for any reason, be destroyed or anonymised.

Storage of Personal Data

CIS will not store any personal data for a period longer than is necessary to achieve the purpose for which it was collected, or, if that purpose is achieved or ceases to exist for any reason, for any period following such achievement or cessation.
Any personal data collected in relation to the achievement of a purpose will, if that purpose is achieved or ceases to exist for any reason, be destroyed or anonymised.
CIS may store personal data for a period longer than is necessary to achieve the purpose for which it was collected, or, if that purpose has been achieved or ceases to exist for any reason, for any period following such achievement or cessation, if –
- the person to whom it pertains grants consent to such storage;
- it is required to be stored under the provisions of applicable law; or
- it is the subject of a pending legal proceeding.

Processing of Personal Data

CIS will not process any personal data that is not necessary for the achievement of the purpose for which it was collected unless the person to whom it pertains grants consent to such processing.

Security of Personal Data

CIS will not collect, store or process any personal data in the absence of measures, including, but not restricted to, technological, physical and administrative measures, adequate to secure the confidentiality, secrecy, sanctity and safety of the personal data, including from theft, loss, damage or destruction.
Any person who collects, stores or processes any personal data on behalf of CIS will be subject to a duty of confidentiality and secrecy in respect of it.
CIS will, if the confidentiality, secrecy, sanctity or safety of any personal data collected, stored or processed by CIS is violated by theft, loss, damage or destruction, or as a result of any disclosure contrary to the provisions of this Policy, notify, to the extent possible, the person to whom the personal data pertains.

Disclosure of Personal Data

CIS will not disclose to any person to whom any personal data does not pertain, or otherwise cause any such a person to receive, the content or nature of that personal data, including any other details in respect thereof, unless the person to whom it pertains grants consent to such disclosure. CIS may obtain such consent in any manner, and through any medium, but will not employ threats, duress or coercion to obtain such consent.
CIS may disclose personal data with a person to whom it does not pertain, whether located in India or otherwise, for the purpose only of processing it to achieve the purpose for which it was collected, if such a disclosure is pursuant to an agreement that binds the person receiving it to same or stronger measures in respect of its storage, processing and disclosure as are contained in this Policy.
If the disclosure of any personal data is necessary to –
- prevent a reasonable threat to national security, defence or public order; or
- prevent, investigate or prosecute a cognisable offence;
CIS may, upon receiving an order in writing from a judicial authority or law enforcement officer, disclose the personal data that is the subject of the order without seeking the consent of the person to whom it pertains.
CIS may, to the extent possible, notify the person to whom any personal data pertains of its disclosure and the identity of the person it was disclosed to, and any other details in respect thereof.

Accuracy of Personal Data

CIS will reasonably afford any person whose personal data is collected, stored or processed by CIS the opportunity to review it and, where necessary, rectify anything that is inaccurate or not up to date.

For more details visit https://cis-india.org/about/policies/privacy-policy

Non-Discrimination and Equal Opportunities Policy

praskrishna — 2020-07-29T06:59:09Z

Preliminary

This Non-Discrimination and Equal Opportunities Policy ("Policy") states the internal policy of the Centre for Internet & Society ("CIS") with regard to non-discrimination at the workplace and equal opportunities during recruitment.
This Policy is internal to CIS and is meant to provide a safe, diverse and comfortable workplace at CIS. This Policy is not legally mandated and, therefore, is not judicially enforceable in India. This Policy is without prejudice to any anti-discrimination provisions of applicable law including, but not restricted to, the provisions of:
- Article 17 of the Constitution of India;
- the Protection of Civil Rights Act, 1955,
- the Scheduled Castes and Scheduled Tribes (Prevention of Atrocities) Act, 1989;
- the Sexual Harassment of Women at the Workplace (Prevention, Prohibition and Redressal) Act, 2013;
- Sections 354 and 509 of the Indian Penal Code, 1860; and,
- the Persons with Disabilities (Equal Opportunities, Protection of Rights and Full Participation) Act, 1995.

Non-discrimination

CIS will not adversely discriminate, and prohibits other adverse discrimination at the workplace, on the basis of religion, race, caste, sex, place of birth, descent, sexual orientation, gender identity, disability, age or any of them ("Discrimination Characteristics"). CIS will not condone any adverse discrimination against any person on its premises, whether that person is in its employment or otherwise.
Any person who believes himself or herself to have been subjected to adverse discrimination on the basis of the Discrimination Characteristics is encouraged to bring the matter to the attention of the Diversity Committee of CIS at the earliest practical opportunity. No person will be punished, retaliated against, or limited in employment or other opportunity for exercising anything set out in this Policy, or for filing a complaint, furnishing information for, or participating in an investigation, or any other activity related to the administration of this Policy.
Any adverse discrimination or other action or behaviour that constitutes a violation of law will be reported to the police.

Equal Opportunities

CIS provides equal opportunities to its employment, consultancy or otherwise without regard for the Discrimination Characteristics. All actions of CIS with regard to its employees, consultants, advisors, interns and staff, including but not limited to those relating to compensation, benefits, transfers, leave, layoffs, training, education, and assistance, will be made without regard for the Discrimination Characteristics.
Notwithstanding anything contained in the previous paragraph, if CIS reasonably believes that its employment, workplace or premises do not adequately represent the balance of diversity of persons who share one or more of the Discrimination Characteristics, it may, with the aim only of redressing that imbalance, take positive discriminatory action in respect of persons who share that aspect, or those aspects, of the Discrimination Characteristics that are sought to be adequately represented.
Any person who believes himself or herself to have been subjected to adverse discrimination, or impermissible positive discrimination, on the basis of the Discrimination Characteristics is encouraged to bring the matter to the attention of the Diversity Committee of CIS at the earliest practical opportunity.

Diversity Committee

The Interim Diversity Committee of CIS is comprised of:

Pallavi Bedi
Torsha Sarkar
Gurshabad Grover

For more details visit https://cis-india.org/about/policies/non-discrimination-equal-opportunities-policy

Ethical Research Guidelines

praskrishna — 2018-10-13T12:21:48Z

The Centre for Internet and Society will endeavour to protect the physical, social and psychological well-being of those who participate in their research. The guidelines below state the necessary steps to follow while doing research.

The ethical research guideline requires CIS staff and consultants to consider and take the following steps while engaging in research.

Providing notice to the individual of the: Aims, methods, his/her right to abstain from participation in the research and his/her right to terminate at any time his/her participation; the confidential nature of his/her replies and any limits on such confidentiality.
Providing informants and other participants the right to remain anonymous.
Taking informed consent from the individual that he/she agrees to participate. If children are involved in the research, informed consent will be taken from the parents. Informed consent will entail communicating :
- Purpose(s) of the study, and the anticipated consequences of the research;
- Identity of funders and sponsors
- Anticipated uses of the data
- The degree of anonymity and confidentiality which may be afforded to informants and subjects.
Ensuring that when audio/visual-recorders and photographic records are being used, participants that are being recorded will be made aware of the use of the devices, and have the option to request that they not be used.
Ensuring that the identity and identifying information of the participant (if not already in the public domain) is destroyed at the end of project, unless the individual has consented to otherwise.
At public events organized by CIS, it will be announced and publicly posted that the event is being recorded. Individuals will be given the choice object to being recorded or their name and organization shared in conference reports, blogs, articles etc. If the individual does not object, it will be considered that they have given their consent.
The Centre for Internet and Society strictly follows a policy of No Plagiarism.

For more details visit https://cis-india.org/about/policies/ethical-research-guidelines

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback)

elonnai — 2013-07-12T10:50:22Z

In 2013 CIS drafted the Privacy Protection Bill as a citizens' version of a privacy legislation for India. Since April 2013, CIS has been holding Privacy Roundtables in collaboration with FICCI and DSCI, with the objective of gaining public feedback to the Privacy Protection Bill and other possible frameworks for privacy in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

As a part of this process, CIS has been amending the Privacy Protection Bill based on public feedback. Below is the text of the Bill as amended according to feedback gained from the New Delhi, Bangalore, and Chennai Roundtables.

Click to download the Privacy Protection Bill, 2013 with latest amendments (PDF, 196 Kb).

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-with-amendments-based-on-public-feedback

June 2013 Bulletin

praskrishna — 2013-07-27T09:48:16Z

Our newsletter for the month of June 2013 can be accessed below.

The Centre for Internet & Society (CIS) welcomes you to the sixth issue of its newsletter for 2013. Hivos published a White Paper by Nishant Shah titled Whose Change is it Anyway?, which attempts to reflect critically on existing patterns of making change and its implications for the future of citizen action in information and network societies. The Access to Knowledge team carried out a quantitative analysis to identify trends and growth patterns in Indian Language Wikipedias from September 2012 to April 2013. CIS drafted the Privacy Protection Bill and amended it as per feedback gained from the New Delhi, Bangalore, and Chennai Privacy Roundtable Events. CIS made closing statement on the Treaty for the Blind at the WIPO Diplomatic Conference which was concluded with the adoption of the Marrakesh Treaty to Facilitate Access to Published Works for Persons who are Blind, Visually Impaired, or otherwise Print Disabled. In a research paper Nehaa Chaudhari gives an analysis of patent pools, Sameer Boray gives an analysis of video piracy and Pranav Menon gives an analysis of India-EU FTA and issues surrounding data protection and security. In this period we organised the Institute on Internet and Society with support from the Ford Foundation at Golden Palms, Bangalore from June 8 to 14, 2013.

Celebrating 5 Years of CIS
CIS is now 5 years old and we just celebrated this by holding an open exhibition in our offices in Bangalore and Delhi from May 20 to 23, showcasing our work and accomplishments over the period. We had about 170 visitors from the general public coming in to our office. Videos of the event are here.

Google Policy Fellowship
CIS has initiated processing of applications for the Google Policy Fellowship programme. Shortlisted candidates would be informed about their interview. However, as of now there will be a 20 days delay in announcing the list for the interview.

Jobs
CIS is inviting applications for the posts of Developer (NVDA Screen Reader Project) and Editor/Content Developer. To apply for these posts, send in your resume to Nirmita Narasimhan (nirmita@cis-india.org). CIS is also seeking applications for the post of Programme Officer (Internet Governance). To apply send your resume to Sunil Abraham (sunil@cis-india.org) and Pranesh Prakash (pranesh@cis-india.org).

Accessibility

CIS is doing two projects in partnership with the Hans Foundation. One is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and another for developing a screen reader and text-to- speech synthesizer for Indian languages:

National Resource Kit for Persons with Disabilities
CIS and the Centre for Law and Policy Research (CLPR) are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapter on Jharkhand:

The Jharkhand Chapter (by CLPR, June 30, 2013).

Note: All the chapters published on the website are early drafts and will be reviewed and updated.

Award

Girls in ICT Day 2013 (organized by ITU-APT Foundation of India with support from CMAI - Association of India Communication and Infrastructure, FICCI Auditorium, Tansen Marg, New Delhi, May 7, 2013). Dr. Nirmita Narasimhan got a felicitation for her contribution and achievements in the field of Information and Communication Technology. The honour was conferred during the celebration of this event.

Media Coverage

A Treat for the Blind (by Chitra Narayanan, Business World, June 26, 2013). Pranesh Prakash was quoted.

Access to Knowledge and Openness

The Wikimedia Foundation has given a grant to CIS to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. CIS also promotes openness including open government data, open standards, open access, and free/libre/open source software through its Openness programme.

Access to Knowledge (Previously IP Reforms)

WIPO
Pranesh Prakash participated in the WIPO Diplomatic Conference to Conclude a Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities in Marrakesh, Morocco, June 17 to 28, 2013. The conference concluded with the adoption of the Marrakesh Treaty to facilitate access to published works by blind persons, persons with visual impairment, and other print disabled persons, by requiring mandatory exceptions in copyright law to enable conversions of books into accessible formats, and by enabling cross-border transfer of accessible format books. Click for:

CIS's Closing Statement at Marrakesh on the Treaty for the Blind (by Pranesh Prakash, June 28, 2013).
India's Closing Statement at Marrakesh on the Treaty for the Blind (June 29, 2013).

Pervasive Technologies

Pervasive Technologies: Patent Pools (by Nehaa Chaudhari, June 27, 2013).

Other (FTA, Piracy)

The Right Way to Fight Video Piracy? (by Sameer Boray, June 6, 2013).
India-EU Proposed Free Trade Agreement: Issues Surrounding Data Protection and Security (by Pranav Menon, June 8, 2013).
India- EU FTA: A Note on the Copyright Issues (by Nehaa Chaudhari, June 18, 2013).

Event Participated

Governance in the Age of the Internet and Free Trade Agreements (organized by Thai Netizen Network and co-hosted by the Ministry of Information and Communication and the National Science and Technology Development Agency, Queen Sirikit National Convention Center, June 8, 2013). Sunil Abraham was a speaker.

Access to Knowledge (Wikipedia)

The A2K team consists of three members based in Bangalore: T. Vishnu Vardhan, Dr. U.B. Pavanaja and Subhashish Panigrahi and one team member Nitika Tandon who is working from Delhi office.

Statistical Report

Indian Language Wikipedia Statistics (by Nitika Tandon, June 30, September 2012 – April 2013).

Event Organised

A 'Kannada' Wikipedia Workshop for Bloggers (Suchitra, Bengaluru, June 23, 2013). Dr. U.B. Pavanaja conducted the workshop.

Event Co-organised

Telugu Wikipedia Training Workshop (co-organised by A2K team and Theatre Outreach Unit, University of Hyderabad, Golden Threshold, Nampally, Hyderabad, March 8, 2013). T. Vishnu Vardhan conducted the workshop.

Upcoming Event

Digital Humanities for Indian Higher Education (co-organised by HEIRA-CSCS, Tumkur University, CILHE-TISS and CCS, Indian Institute of Science, July 13, 2013).

Blog Entries

My First Wikipedia Training Workshop – Theatre Outreach Unit, University of Hyderabad (by T. Vishnu Vardhan, June 26, 2013). The workshop was conducted in March but the report was published only in June.
Wikipedia Visual Editor (by Nitika Tandon, June 27, 2013).

Press Coverage (including videos)

A Feature on Wikipedia and Telegu Wikipedians (HMTV, May 30-31, 2013). Watch the video.
Wikipedia Live Phone-in Programme (HMTV, June 1, 2013). T. Vishnu Vardhan took part in a one hour live phone-in programme on Wikipedia.
Wiki donors (by Akhila Seetharaman, TimeOut Bengaluru, June 21, 2013). T. Vishnu Vardhan and Dr. U.B. Pavanaja are quoted.
Kannada Wikipedia Workshop at Hasan (Prajavani, June 5, 2013). Dr. U.B. Pavanaja conducted the workshop on June 4, 2013.
Kannada Wikipedia Workshop at Hasan (Samyukta Karnataka, June 5, 2013). Dr. U.B.Pavanaja conducted the workshop on June 4, 2013.
Kannada Wikipedia Workshop at Hasan (Vijaya Karnataka, June 5, 2013). Dr. U.B.Pavanaja conducted the workshop on June 4, 2013.
Wiki Rahasya: Panel Discussion (Suvarna News, June 13, 2013). Dr. U.B.Pavanaja participated in a panel discussion around Wikipedia in general and about Kannada Wikipedia in specific.

Openness

Column

Big Data, People's Lives, and the Importance of Openness (by Nishant Shah, DML Central, June 24, 2013).

Event Hosted

RHoK Global Event (Centre for Internet and Society, Bangalore, June 1 – 2, 2013). Yogesh Londhe shares with you a post-event report.

Internet Governance

CIS began two projects earlier this year. The first one on facilitating research and events on surveillance and freedom of expression is with Privacy International and support from the International Development Research Centre, Canada. The second one on mapping cyber security actors in South Asia and South East Asia is with the Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the International Development Research Centre, Canada:

Cyber Stewards Project
Laird Brown, a strategic planner and writer with core competencies on brand analysis, public relations and resource management and Purba Sarkar who in the past worked as a strategic advisor in the field of SAP Retail are working in this project.

Video Interview

An Interview with Ram Mohan (June 30, 2013)

Event Organized

The Geopolitics of Information Controls: A Presentation by Masashi Crete-Nishihata (TERI, Bangalore, June 19, 2013). About 20 people participated in the event.

Privacy Research

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback) (by Elonnai Hickok, June 30, 2013): CIS drafted the Bill. Based on feedback received from the New Delhi, Bangalore, and Chennai Roundtables the Bill was amended.

Interviews

Interview with the Citizen Lab on Internet Filtering in India (June 24, 2013). Maria Xynou interviewed Masashi Crete-Nishihata and Jakub Dalek from the Citizen Lab on internet filtering in India.
Interview with Billy Hawkes (June 20, 2014). Maria Xynou interviewed Billy Hawkes, the Irish Data Protection Commissioner on recommendations for data protection in India.

Columns

Indian Surveillance Laws & Practices Far Worse than US (by Pranesh Prakash, Economic Times, June 13, 2013).
World Wide Rule (by Nishant Shah, Indian Express, June 14, 2013). Nishant Shah reviews Schmidt and Cohen's book “The New Digital Age”.
Way to Watch (by Chinmayi Arun, Indian Express, June 26, 2013).
The State is Snooping: Can You Escape? (by Snehashish Ghosh, India Together, June 26, 2013).

Blog Entries

India Subject to NSA Dragnet Surveillance! No Longer a Hypothesis — It is Now Officially Confirmed (by Maria Xynou, June 13, 2013).
SEBI and Communication Surveillance: New Rules, New Responsibilities? (by Kovey Coles, June 27, 2013).
Open Letter to "Not" Recognize India as Data Secure Nation till Enactment of Privacy Legislation (by Elonnai Hickok, June 19, 2013).
Open Letter to Prevent the Installation of RFID tags in Vehicles (by Maria Xynou, June 27, 2013).

Events Organised

Technology, Power, and Revolutions in the Arab Spring (CIS, July 2, 2013). Prof. Ramesh Srinivasan gave a talk.
Learn to Secure Your Online Communication! (CIS, Bangalore, June 30, 2013). A Crypto Party was organised.
Learn to Secure Your Online Communication! (IIC, Delhi University, South Campus, New Delhi, July 6, 2013). A Crypto Party was organised.

Event Co-organised

4^th Privacy Round Table Meeting (co-organised with the Federation of Indian Chambers of Commerce and Industry and the Data Security Council of India, Mumbai, June 15, 2013).

Upcoming / Ongoing Events

Digital Activism in Europe (The Sarai Programme, Centre for the Study of Developing Societies, New Delhi, July 8, 2013). Bernadette Längle will give a talk.
Privacy Round Table, Kolkata (co-organised with the Federation for Indian Chambers of Commerce and Industry, and the Data Security Council of India, Lytton Hotel, Sudder Street, Kolkata, July 13, 2013).

Event Participated In

Biometrics or bust? India's Identity Crisis (organized by the Oxford Internet Institute, July 2, 2013). Malavika Jayaram was a speaker.

Video

Pranesh Prakash on the US snooping into Indian cyber space (by Tehelka, June 2013).

Media Coverage

Indian student in Cornell University hacks into ICSE, ISC database (by Kim Arora, Times of India, June 6, 2013). Pranesh Prakash is quoted.
‘Hacking’ sparks row over exam evaluation (by Vasudha Venugopal and Karthik Subramanian, Hindu, June 7, 2013). Pranesh Prakash is quoted.
Internet firms deny existence of PRISM (by Javed Anwer and Ishan Srivastava, Times of India, June 8, 2013). Sunil Abraham and Pranesh Prakash are quoted.
Indian Government Quietly Brings In Its 'Central Monitoring System': Total Surveillance Of All Telecommunications (Tech Dirt, June 8, 2013). Pranesh Prakash is quoted.
Facebook, Google deny spying access (by Javed Anwer, Times of India, June 9, 2013). Pranesh Prakash is quoted.
Govt mulls advisory on privacy issues related to Google, Facebook (by Thomas K Thomas, Hindu Business Line, June 10, 2013). Sunil Abraham is quoted.
Cyber experts suggest using open source software to protect privacy (by Kim Arora, Times of India, June 22, 2013). Sunil Abraham is quoted.
Govt goes after porn, makes ISPs ban sites (by Javed Anwer, Times of India, June 26, 2013). Sunil Abraham is quoted.
Indian govt blocks 40 smut sites, forgets to give reason (by Phil Muncaster, The Register, June 27, 2013). Sunil Abraham is quoted.
Concerns over central snoop (by Aloke Tikku, Hindustan Times, June 28, 2013). Sunil Abraham is quoted.
Internet users enraged over US online spying (by Maitreyee Boruah, Times of India, June 29, 2013). Sunil Abraham is quoted.
Issue of duplication of identities of users under control: Nilekani (by Anirban Sen, Livemint, June 29, 2013). Sunil Abraham is quoted.
In India, Prism-like Surveillance Slips Under the Radar (by Anjan Trivedi, Time World, June 30, 2013). Sunil Abraham is quoted.

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project on Internet Access. It covers the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access. It will also touch upon various policies and regulations which has an impact on internet access and bodies and mechanism which are responsible for formulation of policies related to internet access. The blog posts and modules are being published in the Internet Institute website:

Event Organised

Institute on Internet and Society (supported by Ford Foundation, Golden Palms Resort, Bangalore, June 8 – 14, 2013). Pranesh Prakash, Bernadette Längle, Vir Kamal Chopra, AK Bhargava, Ananth Guruswamy, Archana Gulati, Chakshu Roy, Elonnai Hickok, Gaurab Raj Upadhaya, Helani Galpaya, Michael Ginguld, Dr. Nadeem Akhtar, C. Nandini, Dr. Nirmita Narasimhan, Dr. Nishant Shah, Parminder Jeet Singh, Ravikiran Annaswamy, Dr. Ravina Aggarwal, Satyen Gupta, Dr. Subbiah Arunachalam, Sunil Abraham, Tulika Pandey and T. Vishnu Vardhan were speakers at the event. The presentations can be accessed here.

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Law & Order through Traffic Systems (by Shyam Ponappa, Business Standard, June 5, 2013 and cross-posted in Organizing India Blogspot).

Digital Natives

Digital Natives with a Cause? examines the changing landscape of social change and political participation in light of the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who critically engage with discourse on youth, technology and social change, and look at alternative practices and ideas in the Global South:

White Paper

Whose Change is it Anyway? (by Nishant Shah, Hivos, June 18, 2013).

Digital Humanities

We are building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia.

Blog Entries

Mapping the Field of Digital Humanities (by Sara Morais, June 11, 2013).
A Suggested Set of Values for the Digital Humanities (by Sara Morais, June 12, 2013).
Archive Practice and Digital Humanities (by Sara Morais, June 24, 2013).

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/june-2013-bulletin

In India, Prism-like Surveillance Slips Under the Radar

praskrishna — 2013-07-03T09:31:18Z

Prism, the contentious U.S. data-collection surveillance program, has captured the world’s attention ever since whistle-blower Edward Snowden leaked details of global spying to the Guardian and Washington Post.

The article by Anjan Trivedi was published in Time World on June 30, 2013. Sunil Abraham is quoted.

However, it turns out India, the world’s largest democracy, is building its own version to monitor internal communications in the name of national security. Yet India’s Central Monitoring System, or CMS, was not shrouded in secrecy — New Delhi announced its intentions to watch over its citizens, however mutedly, in 2011, and rollout is slated for August. And while reports that the American system collected 6.3 billion intelligence reports in India led to a lawsuit at the nation’s Supreme Court, comparable indignation has been conspicuously lacking with the domestic equivalent.

CMS is an ambitious surveillance system that monitors text messages, social-media engagement and phone calls on landlines and cell phones, among other communications. That means 900 million landline and cell-phone users and 125 million Internet users. The project, which is being implemented by the government’s Centre for Development of Telematics (C-DOT), is meant to help national law-enforcement agencies save time and avoid manual intervention, according to the Department of Telecommunications’ annual report. This has been in the works since 2008, when C-DOT started working on a proof-of-concept, according to an older report. The government set aside approximately $150 million for the system as part of its 12th five-year plan, although the Cabinet ultimately approved a higher amount.

Within the internal-security ministry though, the surveillance system remains a relatively “hush-hush” topic, a project official unauthorized to speak to the press tells TIME. In April 2011, the Police Modernisation Division of the Home Affairs Ministry put out a 90-page tender to solicit bidders for communication-interception systems in every state and union territory of India. The system requirements included “live listening, recording, storage, playback, analysis, postprocessing” and voice recognition.

Civil-liberties groups concede that states often need to undertake targeted-monitoring operations. However, the move toward extensive “surveillance capabilities enabled by digital communications,” suggests that governments are now “casting the net wide, enabling intrusions into private lives,” according to Meenakshi Ganguly, South Asia director for Human Rights Watch. This extensive communications surveillance through the likes of Prism and CMS are “out of the realm of judicial authorization and allow unregulated, secret surveillance, eliminating any transparency or accountability on the part of the state,” a recent U.N. report stated.

India is no stranger to censorship and monitoring — tweets, blogs, books or songs are frequently blocked and banned. India ranked second only to the U.S. on Google’s list of user-data requests with 4,750 queries, up 52% from two years back, and removal requests from the government increased by 90% over the previous reporting period. While these were largely made through police or court orders, the new system will not require such a legal process. In recent times, India’s democratically elected government has barred access to certain websites and Twitter handles, restricted the number of outgoing text messages to five per person per day and arrested citizens for liking Facebook posts and tweeting. Historically too, censorship has been India’s preferred means of policing social unrest. “Freedom of expression, while broadly available in theory,” Ganguly tells TIME, “is endangered by abuse of various India laws.”

There is a growing discrepancy and power imbalance between citizens and the state, says Anja Kovacs of the Internet Democracy Project. And, in an environment like India where “no checks and balances [are] in place,” that is troubling. The potential for misuse and misunderstanding, Kovacs believes, is increasing enormously. Currently, India’s laws relevant to interception “disempower citizens by relying heavily on the executive to safeguard individuals’ constitutional rights,” a recent editorial noted. The power imbalance is often noticeable at public protests, as in the case of the New Delhi gang-rape incident in December, when the government shut down public transport near protest grounds and unlawfully detained demonstrators.

With an already sizeable and growing population of Internet users, the government’s worries too are on the rise. Netizens in India are set to triple to 330 million by 2016, according to a recent report. “As [governments] around the world grapple with the power of social media that can enable spontaneous street protests, there appears to be increasing surveillance,” Ganguly explains.

India’s junior minister for telecommunications attempted to explain the benefits of this system during a recent Google+ Hangout session. He acknowledged that CMS is something that “most people may not be aware of” because it’s “slightly technical.” A participant noted that the idea of such an intrusive system was worrying and he did not feel safe. The minister, though, insisted that it would “safeguard your privacy” and national security. Given the high-tech nature of CMS, he noted that telecom companies would no longer be part of the government’s surveillance process. India currently does not have formal privacy legislation to prohibit arbitrary monitoring. The new system comes under the jurisdiction of the Indian Telegraph Act of 1885, which allows for monitoring communication in the “interest of public safety.”

The surveillance system is not only an “abuse of privacy rights and security-agency overreach,” critics say, but also counterproductive in terms of security. In the process of collecting data to monitor criminal activity, the data itself may become a target for terrorists and criminals — a “honeypot,” according to Sunil Abraham, executive director of India’s Centre for Internet and Society. Additionally, the wide-ranging tapping undermines financial markets, Abraham says, by compromising confidentiality, trade secrets and intellectual property. What’s more, vulnerabilities will have to be built into the existing cyberinfrastructure to make way for such a system. Whether the nation’s patchy infrastructure will be able to handle a complex web of surveillance and networks, no one can say. That, Abraham contends, is what attackers will target.

National security has widely been cited as the reason for this system, but no one can say whether it will actually help avert terrorist activity. India’s own 9/11 is a case in point: the Indian government was handed intelligence by foreign agencies about the possibility of the 2008 Mumbai terrorist attacks, but did not act. This is a “clear indication that having access to massive amounts of data is not necessarily going to make people safer,” Kovacs tells TIME. However, officers familiar with the new system say it will not increase surveillance or enhance intrusion beyond current levels; it will only strengthen the policy framework of privacy and increase operational efficiency. Spokespersons and officials in the internal-security and telecom departments did not respond to requests or declined to comment.

The government has been cagey about details on implementation and extent. This ability to act however the authorities deems fit “just makes it really easy to slide into authoritarianism, and that is not acceptable for any democratic country,” Kovacs says. Indeed, India has seen that before — almost four decades ago, Indira Gandhi declared a state of emergency for 19 months, which suspended all civil liberties. Indians complaining about Prism may want to look a little closer to home.

For more details visit https://cis-india.org/news/time-world-anjan-trivedi-june-30-2013-in-india-prison-like-surveillance-slips-under-the-radar

Internet users enraged over US online spying

praskrishna — 2013-07-01T04:10:05Z

India is the fifth most tracked nation by American intelligence agencies.

The article by Maitreyee Boruah was published in the Times of India on June 29, 2013. Sunil Abraham is quoted.

Have you been posting pictures and messages with gay abandon on your social networking sites or having personal discussions on instant chat or video messaging and thinking that no one other than the intended recipient(s) has access to it? Well, going by the recent revelation that government agencies, and that too from the US, have been spying on our internet usage and collating private information, even the most hardcore security settings for your online data are apparently of no use.

According to former US Central Intelligence Agency (CIA) employee Edward Snowden's testimony, the US National Security Agency ( NSA) has been using major tech giants to spy on private information of users around the world. And India is the fifth most tracked nation by the US intelligence system. But isn't this a direct infringement on our right to privacy? Or are such measures the need of the hour, given the increasing incidences of terror acts across the world?

What should the Indian government do?

Recently, a PIL (Public Interest Litigation) was filed in the Indian Supreme Court on the issue of the web snooping by the US. The PIL sought the Centre to initiate action against internet companies for sharing information with foreign authorities, which amounts to breach of contract and violation of the right to privacy.

"First, we need to urgently enact a horizontal privacy law, which articulates privacy principles and institutes the office of the privacy commissioner. Second, we need to promote the use of encryption and other privacy-enhancing technologies. The use of foreign internet infrastructure by those in public offices should be banned, except in the case of public dissemination. And last, but not the least, take action against online firms that have access to personal data of users and violate the privacy of Indian citizens through the office of the regulator," suggests Sunil Abraham, executive director of Bangalore-based research organization, Centre for Internet and Society.

Anja Kovacs, project director at the Internet Democracy Project in India, meanwhile, wants the Indian government to assert itself. "The best the Indian government can do is to demand that this kind of snooping does not happen. However, it can't ensure that such episodes won't happen in the future, as there is no enforceable global legal framework to deal with online snooping."

Era of the Big Brother?

Given the lack of legal support, does it mean that internet users have no right to privacy? "We do have a right to privacy. Unfortunately, our right is not respected. By and large, unless they use special tools to protect themselves, internet users do not have any real privacy in many countries, including India," says Anja, adding, "The right to privacy is not explicitly included in the Constitution, and the Privacy Bill continues to be pending. Also, Indian intelligence agencies are not under supervision of the Parliament, which is an important weakness in the accountability system." Echoing Anja, Sunil says, "In India, unfortunately, our right to privacy is not sufficiently protected. Indian laws are not strong enough to safeguard privacy of Internet users."

Anger in the online community

A large number of internet users who we spoke to said they were "shocked" after hearing about the US government's spying mechanism. "The recent revelation of snooping by the US government is a clear case of intrusion into our privacy. It is absolutely illegal," says 24-year-old IT professional Subodh Gupta.

For more details visit https://cis-india.org/news/times-of-india-maitreyee-boruah-june-29-2013-internet-users-enraged-over-us-online-spying

Issue of duplication of identities of users under control: Nilekani

praskrishna — 2013-07-02T10:13:10Z

Nandan Nilekani says UIDAI system almost completely accurate, duplication of identities virtually negligible.

The article by Anirban Sen was published in Livemint on June 29, 2013. Sunil Abraham is quoted.

The Unique Identification Authority of India (UIDAI) chief Nandan Nilekani said the government agency was in preliminary discussions with some embassies to use the Aadhaar project to simplify visa application procedures and that the issue of duplication of identities of users was well under control.

In March, a UIDAI spokesperson told Mint that it had detected 34,015 cases where one person had been issued two Aadhaar numbers. The figures represented a little over 0.01% of the 290 million people who had been enrolled at the time.

Nilekani, who was delivering a keynote address at a three-day conference on the success and failures of information technology (IT) in the public and private sector at the Indian Institute of Management in Bangalore, said the UIDAI system was almost completely accurate and duplication of identities was virtually negligible.

“Knowing what we know now, we believe we have accuracy of upto 99.99%,” said Nilekani, chairman of the Unique Identification Authority of India (UIDAI).

Nilekani, on Saturday, assured that the project was completely secure and user data and biometrics were safe in the hands of the agencies it works with and brushed aside any concerns on security of user data that have been widely raised by Internet security groups and activists.

“We’re not giving any access to data, except when it is resident authorized. It is shared only when a resident participates in a transaction and authorizes the data which is shared,” said Nilekani, who was one of the seven co-founders of India’s second largest software exporter Infosys Ltd. He served as CEO of Infosys from 2002 to 2007.

“The system is also not open to the internet—the system has rings of authentications of service agencies. There are lots of concentric rings of security,” he added. “The biometric data is not used except for enrolment, re-duplication and authentication.”

Internet rights groups and activists such as Sunil Abraham of the Centre for Internet and Society (CIS), a research thinktank that focuses on issues of Internet governance, have often raised concerns over UID’s overtly broad scope and privacy issues in the project.

“We don’t need Aadhaar because we already have a much more robust identity management and authentication system based on digital signatures that has a proven track record of working at a “billions-of-users” scale on the Internet with reasonable security. The Unique Identification (UID) project based on the so-called “infallibility of biometrics” is deeply flawed in design. These design disasters waiting to happen cannot be permanently thwarted by band-aid policies,” Abraham wrote in a blog post on the CIS website last year.

Nilekani also acknowledged that the department had faced several challenges, due to the sheer scale of the project that aims to cover the country’s entire population of 1.2 billion.

“We have had lots of challenges on this project—we have backlogs of enrolment because we have more packets than we can process, we backlogs of letter deliveries because we cannot handle so many letters…but fundamentally notwithstanding those challenges, we believe we are on the right track,” said Nilekani.

Both UIDAI and the census department under the National Population Register project are recording biometric data, which includes fingerprint and iris data. Even though both the agencies reached a truce after a cabinet decision in January 2012 and were allowed to co-exist, there have been several reports of duplication between the two agencies in biometric collection.

UIDAI is not just being used as the main platform for rolling out the government’s direct cash transfer scheme, but is also being regarded as an important authentication scheme for financial transactions and other security measures.

For more details visit https://cis-india.org/news/livemint-anirban-sen-june-29-2013-issue-of-duplication-of-identities-of-users-under-control