We are anonymous, we are legion

Privacy and Governmental Databases

elonnai — 2012-03-22T05:41:38Z

In our research we have found that most government databases are incrementally designed in response to developments and improvements that need to be incorporated from time to time. This method of architecting a system leads to a poorly designed database with many privacy risks such as: inaccurate data, incomplete data, inappropriate disclosure of data, inappropriate access to data, and inappropriate security over data. To address these privacy concerns it is important to analyze the problem that is being addressed from the perspective of potential and planned interoperability with other government databases. Below is a list of problems and recommendations concerning privacy, concerning government databases.

Government Databases and recommendations for privacy practices

Citizen-State relationships and privacy standards
Government databases foster different types of relationships between the state and its citizenry. For instance: User databases, service providing databases, and information providing databases. Each one these relationships requires a different level of privacy. Thus, it is important to identify the type of relationship that the database will foster in order to determine what type of privacy model to implement.
Specific privacy policy

Each government database should have a specific privacy policy that are tailored to the information that they hold. Each policy should cover the following areas:
- data collection
- digitization
- usage
- storage
- security
- disclosure
- retrieval
- access (inter departmental and public)
- anonymization, obfuscation and deletion.
Personal vs. personal sensitive and public vs. non-public data categories

Data in government databases requires varying degrees of privacy safeguards. The division of personal information vs. non personal information etc. creates distinct

categories for security levels over data and permissibility of public disclosure. Ex of personal information: Name, address, telephone number, religion. Ex of non-personal data: gender, age. This could work to avoid situations such as the census - where a person’s name, address, age, etc, were all printed for the public eye.
Standardization of Privacy Policies and Access Control

Government databases should all be designed upon interoperable standards so that the databases can "talk" to each other. The ability to coalesce databases strengthens the potential for use and reuse by different stakeholders. Furthermore, the interoperability of systems helps to avoid the creation of silos that hold multiple copies of the same data. To protect the privacy in interoperable systems - restricted and authorized access within departments and between departments is key. The Department of Information Technology has recently published a "Government Interoperability Framework" titled "Interoperability Framework for eGovernance" This policy document is the appropriate place to articulate interoperable privacy policies that could be adopted across eGovernance projects.
Record of breach notification

If data breach occurs in government database, the breach should be recorded and the appropriate individuals notified.
Anonymization/obfuscation and deletion policies

Once the purpose for which the data has been collected has been served it must be anonymized/obfuscated or deleted as appropriate. All data-sets cannot be deleted as bulk aggregate data is very useful to those interested in trend analysis. Anonymizing/obfuscating the personal details of a data set ensures that privacy is protected during such trend analysis.
Accountability for accuracy of data

Frequently data that is collected and entered into government databases is not accurate, because the departments are not collecting the data themselves. Thus, they feel no responsibility for its accuracy. If a mechanism is built into each database for identification of each data source this brings accountability for data accuracy.
Appropriate uses of government databases

Businesses should feel automatically entitled to aggregate and consolidate public information from government databases because it is technically possible to do so. Their uses of government database must be guided by policies that define "appropriate usage."
Access, updation and control of personal information

Citizens must be able to access and update their information. Furthermore, they should be able to define to a certain extent access control to their information - which would automatically make them eligible or ineligible for various government services.

Bibliography

Rezhui, Abdemounaam. Preserving Privacy in Web Services. Department of Computer Sciences, Virginia Tech.
Medjahed, Brahim. Infrastructure for E-Government Web Services. IEEE Internet Computing, Virgina Tech. January/Feburary 2003.

Mladen, Karen. A Report of Research on Privacy for Electronic Government. Privacy in Canada

joi.ito.com/privacyreport/Contents_Distilled/.../Canada_E_p252-314.pdf

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-govt-databases

Privacy Matters - A Public Conference in Ahmedabad

praskrishna — 2011-04-04T07:14:41Z

On behalf of Privacy India, and in partnership with the Research Foundation for Governance in India and Society in Action Group, the Centre for Internet and Society invites you to “Privacy Matters” a public conference focused on discussing the challenges and concerns to privacy in India. The event will be held at the Ahmedabad Management Association. We would be honored if you would attend the meeting and contribute your views.

The conference will focus on the questions and dilemmas posed by privacy in India today, with a concentration on security, national surveillance, prisoners rights and privacy. The right to privacy in India has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities,prisoners, etc. – people who most need to know that sensitive information is protected. Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India.

One of our goals is to build consensus towards the promulgation of a comprehensive privacy legislation in India through consultations with the public, legislators and the legal and academic community.

Please confirm your participation with:

elonnai@privacyindia.org, or
jsree.t@gmail.com

Agenda

Privacy Matters

March 26th 10:30 – 4:30 pm

Ahmedabad Management Association
Core-AMA Management House
Torrent-AMA Management Centre
ATIRA Campus, Dr. Vikram Sarabhai Marg
Ahmedabad 380 015, Gujarat, INDIA
Phone: +91-79-263086

Time	Session
10:00 to 10:30	Registration and Welcome Prashant Iyengar Prashant Iyengar is a practicing lawyer and lead researcher for Privacy India. He will present who Privacy India is, and the objectives of Privacy India's research. Lastly he will outline the present scenario of Privacy in India.
10:30 to 11:15	Keynote Address Usha Ramanathan Dr. Usha Ramanathan is an internationally recognized expert on law and poverty. Her research interests include human rights, displacement, torts and environment. Ms. Ramanathan will speak about the coerced decline of privacy. National security, corruption, pragmatism, and the emergence of technologies that often work to establish that privacy is an irrelevant notion. She will look at links not often made between privacy and personal security, between data bases and national security, and the centrality of dislodging privacy in projects of social control are, perhaps deliberate.
11:15 to 11:30	Tea break
11:30 to 1:00	Opinions on Privacy Justice J N Bhatt, Mr. Ajay Tomar, Renu Pokharna In this session key officials from Gujarat will share their experiences and opinions on privacy in the context of India. Speakers include: Justice J N Bhatt is the former Chief Justice of Gujarat and Bihar, and currently the head of the Gujarat State Law Commission. He has had ad successful career including having: joined the Office of the Government Pleader, at Jamnagar in 1976, worked as Central Government Counsel in special matter of Armed Forces and Labour Cases, and has authored more than 50 Articles on Jurisprudence, Constitution, International Law, A.D.R, Legal Aid and Lok Adalat and Judicial Reforms Renu Pokharna, a member of the Chief Minister's Office, State of Gujarat, has spent her career working towards the betterment of society, especially the poor and the hungry through policy and not charity. For example she is a part of the project “Gujarat Skill Development Mission”. The project tries to achieve convergence of skill training programs to make them more effective. Mr. Ajay Tomar is the chief of the Anti-Terrorism Squad in Gujarat. He has worked on cracking down on many cases involving national security and surveillance including the “Pepsi Bomber”.
1:00 to 2:00	Lunch Break
2:00 to 2:30	Privacy, Minority Identities, and Security Bobby Kuhnu Bobby Kuhnu is a lawyer, social activist, and writer. Mr. Kuhnu will examine the ideological underpinnings of the discourse on privacy and its bearings on socially marginalized identities particularly in the context of the Indian state and the constitutional right to privacy.
2:30 to 3:00	Privacy and National Security Mathew Thomas Mathew Thomas is a management consultant and activity leader for development centers. Mathew has held top positions in the Indian Army, and the Defense Research and Development Organization, where he headed the missile manufacturing facility. His presentation will focus on national security and privacy.
3:00 to 3:15	Tea Break
4:00 to 4:30	Open discussion and summary

Other Distinguished Participants

Justice Madhukar

Former Judge, Trial Courts, Gujarat

Kanan Divatia

Lawyer and Professor of Law, L A Shah Law College

Professor Amal Dhru

Visiting Professor, Indian Institute of Management, Ahmedabad

Madhusudan Agarwal

Founder, Ma'am movies

Gaurang Raval

Drishti Media

Rahul Chimanbhai Mehta

Independent Candidate, IIT Delhi Alumnus

Madhusudan Agarwal

Founder, Ma'am movies

For more details visit https://cis-india.org/events/privacy-matters-ahmedabad

Public Talk by Dr. Ian Brown on Privacy, Trust and Biometrics

nishant — 2011-04-04T07:15:29Z

Trust is hard to build, but easy to lose. What factors affect individuals' trust in new technologies? How can governments create citizen trust in biometric security tools? Can biometrics be designed to be privacy-friendly? And how did these questions lead to the cancellation of the UK's national identity scheme, after a decade of development costing tens of millions of pounds? About the speaker: Dr Ian Brown's research is focused on public policy issues around information and the Internet, particularly privacy and copyright. He also works in the more technical fields of communications security and healthcare informatics.

For more details visit https://cis-india.org/events/ian

Muzzling the Internet

praskrishna — 2011-04-01T15:14:44Z

It is strange suddenly to be confronted with the provisions of a law passed way back in 2008. But why should the Information Technology Amendment Act, 2008, pushed through in the weeks following the 26/11 attacks in Mumbai be making news now? This news item by Sundeep Dougal was posted in Outlook on March 17, 2011.

The Economic Times, with a report headlined Government can switch off your internet if necessary breathlessly reported yesterday:

The Indian government has armed itself with powers to 'switch off' or kill the internet during times of national emergencies, becoming one of the first few countries to assume such far reaching authority. Even as the US and other western nations debate the judiciousness of giving the government's complete control to shut down cyber traffic, India has moved a step ahead and incorporated a provision under the IT Act of 2008, giving the Central government, or any of its officers specially authorised by it, to block the internet if necessary. The shutdown can happen in the interest of sovereignty and integrity of India, its defense, security of its states, friendly relations with foreign states or for public order. Failure to comply will result in imprisonment of up to seven

But perhaps the report can be excused for the simple reason that because the act was pretty much hustled through Parliament at a time when the national mindspace was preoccupied with other concerns, there was not much analysis or criticism in the mainstream media, though specialised blogs did raise an alarm even then. [See one critique dating back to December 2008 here April 2010 here -- and for the record, the bill was endorsed by the President in Feb 2009, and then only notified in October 2009.]

Read the ET report further and you realise that the reference was perhaps occasioned by the following development that the news report went on to provide:

Not satisfied with this provision, India is now moving ahead to develop alternate plans in case the 'switch' does not work. The draft plan by the Cabinet Committee on Security and Ministry of Home Affairs along with Ministry of IT & Communications to 'choke' the internet at will, which ET reported last year, is also learnt to be in its final stages.

Choking refers to handicapping the servers by subjecting it to multiple requests and attacks and preventing it from functioning effectively

But more dangerous to the issue of freedom of the internet were the recent reports, earlier in the month, of the blocking of Typepad, Mobango, Clickatell by some ISPs, though only one of them provided a message saying, "This site has been blocked as per request from the Department of Telecom". It was 2006 all over again.

As usual, the real problem was the total arbitrariness of the process and the confusion was confounded further when an unnamed Airtel spokesperson told the Hindu that there was no directive from the government, and this was “just a temporary network problem”.

The crux of the matter can be summed up in this one quote from Nikhil Pahwa of Medianama in the Hoot: "what gets me angry is that we wouldn't even have got to know of the blocking. There are never any indications of which websites are blocked and why. We have got to have more transparency on these issues."

Medianama also compiled and reported the following:

Tech2 wrote about a blogspot blackout on Feb 12th.
CuttingtheChai wrote about Kirtu.com, where the not-safe-for-work comic Savita Bhabhi was hosted, Mobango, Typepad and Clickatell being blocked on Feb 22nd.
Kafila reports, and this is something that we’ve also been told about as well, that Zone-H.org has been blocked as well. This is strange, but there is a suggestion that a company called E2 Labs got Zone-H blocked, because they did a post criticizing E2′s proposal to start a cyber security educational institution, alleging that there was falsification of information. A pdf of the post here, via Naavi.org. Again, we need clarity on why these blocks have been ordered. Also read Apar Gupta’s post
the utilitarian critique of E2 Labs v. Zone-H

Medianama further reported that on the sidelines of the Gov 2.0 conference last Friday, Communications & IT Minister Kapil Sibal passed the buck on the issue of lack of transparency in the way the Indian government blocks access to websites. Sibal told MediaNama that we should “Ask the Home Ministry, because this is a security issue.”

As Shivam Vij of Kafila asked:

All I want to ask Kapil Sibal is: How is Savita Bhabhi a threat to India’s national security? Wait, I have another question: why should I ask the Home Ministry when the orders for blocking come from your own Ministry, Mr Sibal, and the committee that decides on blocking has only one Home Ministry representative and two from your Ministry, sir?

In theory a lot of people will say that the internet can not be free of regulation, that the government must block some sites. But this is the problem in practice: the government will block a soft porn comic - only because it was talked about openly, discussed in the papers, and so on. Only because it came in the way of some bureaucrat’s antiquated sense of morality. Why, there are countless hard core Indian porn sites that are not blocked! (Oops, I shouldn’t be giving ideas.)

And when you wonder why the Government of India thinks Savita Bhabhi is too obscene for you, they will say national security!

If you don’t know about the Savita Bhabhi blocking issue, see this Huffington Post article.

All of this of course assumes ominous overtones when one considers the government's attitude on Wikileaks and offers an inkling of the shape of things to come when we look at the recent release of the long awaited draft rules for important sections of the Information Technology Act 2000, objections to which were sought from the public by February 28, 2011.

So far, the following draft rules have been formalised:

The Draft rule under section 43A- Reasonable security practices and procedures and sensitive personal information

Privacy India and Centre for Internet and Society, Bangalore have offered a detailed para-wise commentary here.

The Draft rule under section 79-Due diligence observed by intermediaries guidelines

A detailed, para-wise, criticism is available by the Centre for Internet and Society which pointed out, inter-alia:

they vest an extraordinary power of censorship in the hands of the intermediary, which could easily lead to the stifling of the constitutionally guaranteed freedom of speech online. Analogous restrictions do not exist in other fields, e.g., against the press in India or against courier companies, and there is no justification to impose them on content posted online. Taken together, these provisions make it impossible to publish critical views about anything without the risk of being summarily censored.

The rules are so loosely worded as to cover almost anything. For example, consider Section 3 of the proposed rules, particularly point (g):

"causes annoyance or inconvenience or deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;"

Imagine the number of sensitive souls out there who could be claiming "inconvenience" because of "annoyance" having been caused.

The Draft rule under section 79-Guidelines for Cyber Cafe

A critique by PRS blog | Medianama | Centre for Internet and Society points out, inter alia, that

if enforced it will end up choking public access Internet in the country, whether through Cybercafes or at Wifi hotspots, which would cover all regular cafes that offer Internet access, the airport, where some telcos allow access, or even on-campus connectivity.

While the comments for the above rules were invited only till 28.02.2011, perhaps it would still be useful to let the authorities know what one thinks about these rules by sending an email to: grai AT mit.gov.in

Read the original post in the Outlook here

For more details visit https://cis-india.org/news/muzzling-internet

Battle for the Internet

praskrishna — 2011-04-01T15:28:19Z

In this article written by Latha Jishnu and published by Down to Earth, Issue: March 15 2011, the author reports about the events in the United States in the post WikiLeaks scenario.

As the Internet becomes the public square and the marketplace of our world, it is increasingly becoming a contested terrain. Its potential for diffusing knowledge and subverting the traditional channels of information is tremendous. So it is not surprising that governments, corporations and even seemingly innocuous social networking sites all want to control and influence the way the Internet operates. It’s easy to see why. Close to a third of humanity is linked to this system—and the dramatic growth in Internet usage over the past decade is set to explode in coming years. So is its commercial promise. Latha Jishnu looks at events in the US following the WikiLeaks exposé of its diplomatic cables, and in the hot spots of political turmoil across the world to understand the significance of the Internet in today’s interconnected world and the threats it faces. Arnab Pratim Dutta explains the technology used to block access to the Net.

An opposition supporter holds up a laptop showing images of celebrations in Cairo's Tahrir Square, after Egypt's President Hosni Mubarak resigned (Photo: Reuters)

Ideas and ideologies, images and reports of events, both minor and cataclysmic, fly on the Internet, swirling through cyberspace, gathering resonance, metamorphosing and touching millions of lives in different ways. Many of the ideas—and visuals—could be banal (as they very often are), some dangerous, others bringing promise of change. Some have the power to subvert, helping to stir and stoke the smouldering embers of political and social unrest as recent uprisings in north Africa, West Asia and Asia have shown. To many, the Internet is the rebel hero of our times, subverting conventional media and leaking news and information that governments would like to censor. Even a village in the remote reaches of Odisha’s Malkangiri district which may have no electricity is in some way linked to cyberspace through smart cell phones because mobile operators are increasingly turning Internet service providers (ISPs) and bringing the worldwide web to the conflict-ridden forests of central India.

It is about the power and reach of connection, unprecedented since people first began communicating with each other. The Internet, therefore, is turning into a conflict zone with everyone seeking control of it: governments, corporations and social networking sites, all of whom have different agendas. Social networks may seem innocuous but they are as much a hazard as the others to Internet freedom. Surveillance of “netizens” is becoming commonplace, whether in democracies or in totalitarian regimes, through a host of new laws and regulations ostensibly aimed at strengthening national security, cyber security or protecting business interests.

While most governments are seeking to filter and block specific content, in extreme cases, as in Egypt, the Net has been blacked out using what some experts say is the “kill switch” (see ‘The Egypt shutdown’). This could emerge as the biggest threat to the Internet since other regimes could be tempted to go the Egyptian way. Most governments, however, prefer not to use it, not even the censorship-obsessed Chinese and Saudi regimes because the Internet is also about business—commerce of increasing significance is being routed through its sinews. Take one small example: In January alone, Britons spent a whopping £5.1 billion online, recording a 21 per cent jump in e-commerce revenues over January 2010, according to the latest edition of the IMRG/CapGemini e-Retail Sales Index. It is the kind of figure that stops authorities from reaching for the kill switch.

In the case of China, e-commerce transactions hit 4.5 trillion yuan (US $682.16 billion) in 2010, up 22 per cent year-on-year, according to China e- Business Research Center and CNZZ Data Center. Of this, online B2B or business-to-business deals accounted for the bulk: 3.8 trillion yuan (US

Popular whistleblower website wikileaks.org was unavailable for some time in December 2010

$576.05 billion). And retail sales are expected to zoom, too, pretty soon with e-commerce websites selling directly to customers growing to more than 18,600 last year. Thanks to a dramatic spike in the rate of Net penetration and impressive growth of online business.

But the world has a long way to go before the Internet becomes ubiquitous or an all-encompassing global commons. Currently, just two billion people are linked to the system (see above: ‘Big picture’), which is less than a third of the world’s population. And the reach, as the chart shows, is rather patchy. India may be in the top five Internet user nations with a total of 81 million users but penetration is an abysmal 6.9 per cent, the worst in the list. Blame that on our pathetic education levels and poverty. China, however, is the undisputed leviathan with 420 million users in 2010—some estimates put the figure closer to 500 million now—who account for more than a fifth of the world’s Internet users. No other country’s growth in this sector matches China’s either in speed or drama.

This is one reason Washington frequently raises the issue of China’s policing of the Internet in different fora. The most recent was on February 15 when secretary of state Hillary Clinton made the second of her rousing speeches on safeguarding the Internet from all kinds of government interference. Speaking at George Washington University in Washington DC, Clinton pointed out that the attempts to control the Internet were rife across the world but singled China for repeated attacks.

“In China, the government censors content and redirects search requests to error pages. In Burma, independent news sites have been taken down with distributed denial of service (DDoS) attacks. In Cuba, the government is trying to create a national intranet, while not allowing their citizens to access the global internet. In Vietnam, bloggers who criticize the government are arrested and abused. In Iran, the authorities block opposition and media websites, target social media, and steal identifying information about their own people in order to hunt them down. These actions reflect a landscape that is complex and combustible, and sure to become more so in the coming years as billions of more people connect to the Internet.”

That seemed a fair assessment of the trends but the irony is that even as the secretary of state was speaking, the Department of Justice was seeking to enforce a court order to direct Twitter Inc, to provide the US government records of three individuals, including Birgitta Jonsdottir, a member of Iceland's Parliament who had been in touch with others about WikiLeaks and its founder Juan Assange last year when WikiLeaks released its huge cache of US diplomatic cables.

A commentary in China Daily noted with asperity: “The Assange case reveals such rhetoric is just so much hypocrisy. It is apparent that when Internet freedom conflicts with self-declared US national interests, or when Internet freedom exposes lies by the self-proclaimed open and transparent government, it immediately becomes a crime.”

The Assange case more than anything else has exposed how vulnerable the Net is to political meddling and control. In December last year, Amazon said it stopped hosting the WikiLeaks website because it “violated its terms of service” and not because the office of the Senate Homeland Security Committee chaired by Joe Lieberman had questioned Amazon about its relationship with WikiLeaks.

WikiLeaks had turned to Amazon to keep its site available after hackers tried to flood it and prevent users accessing the classified information. Few people were willing to credit Amazon’s feeble explanation for cutting off WikiLeaks and the general surmise was that Lieberman had put some kind of pressure on the webhosting platform. According to one analyst, the simple reason is that the US government is one of the company’s biggest clients. According to a press note issued by the company: “Government adoption of AWS (Amazon Web Services) grew significantly in 2010. Today we have nearly 20 government agencies leveraging AWS, and the US federal government continues to be one of our fastest growing customer segments.”

As Amazon abandoned WikiLeaks, Paypal, Visa and MasterCard had also dumped WikiLeaks. This set off a fullscale cyber war in which a fourth party made its presence felt: Hackers/ ‘hacktivists’ who unleashed operation payback for what they deemed unfair targeting of WikiLeaks and Assange. This involved a series of (DDOS) attacks on Paypal, MasterCard, Swiss Bank PostFinance and Lieberman’s website.

So while governments in many parts of the world block sites, jail or kill dissidents for expressing their views on the Net, threats to the freedom of the Internet come primarily from the paranoia that governments suffer and from badly crafted policies they implement to protect business and other interests.

US enforcement agencies shut down 84,000 sites, falsely accusing them of child pornography

The US, the ultimate symbol of liberal democracy, is no less uneasy about the power of the Internet. A slew of laws are making their way through the Senate, laws that will give the administration sweeping powers to seize domain names and shut down websites, even those outside its territory, and laws that strengthen the powers of the president in the time of a cyber emergency, including the use of a kill switch. In September, the US Senate introduced the Combating Online Infringement and Counterfeits Act, which would allow the government to create a blacklist of websites that are suspected to be infringing IP rights and to pressure or require all ISPs to block access to those sites. In these cases, no due process of law protects people before they are disconnected or their sites are blocked.

In India, in the wake of the terrorist attacks in Mumbai in November 2008, Parliament hastily passed amendments to the Information Technology Act, 2000, without any discussion in either House. The December 2008 amendments have some good points but they also allow increased online surveillance. Section 69A permits the Centre to “issue directions for blocking of public access to any information through any computer resource”, which means that the government can block any website.

Pranesh Prakash of the Bengalurubased Centre for Internet and Society notes that while necessity or expediency in terms of certain restricted interests is specified, no guidelines have been specified. “It has to be ensured that they are prescribed first, before any powers of censorship are granted to anybody,” said Prakash in an analysis of the amendments. “In India, it is clear that any law that gives unguided discretion to an administrative authority to exercise censorship is unreasonable.”

Civil rights activists say the section has broadened the scope of surveillance and that there are no legal or procedural safeguards to prevent violation of civil liberties.

As the battle for keeping the Internet is joined by netizens who are aware of the power of connection, governments, too, are ramping up command and control measures. Among the risks to an open, democratic Internet are the following:

Threat to universality

The basic design principle underlying the World Wide Web is universality, and, according to its founder Tim Berners-Lee, several threats are emerging. Among these are: cable companies that sell Internet connectivity wanting to limit their Net users to downloading only the company’s mix of entertainment and social networking sites (see ‘Hidden dangers of Facebook’).

Another is by pricing Net connectivity out of the reach of the poor and allowing differential pricing. Berners- Lee, warned at a recent London conference: “There are a lot of companies who would love to be able to limit what web pages you can see...the moment you let Net neutrality go, you lose the web as it is...You lose something essential—the fact that any innovator can dream up an idea and set up a website at some random place and let it just take off from word of mouth...”

Actions against piracy

The nub of such operations lies in the US Department of Homeland Security, whose Immigration and Customs Enforcement (ICE) and the Department of Justice (DoJ) have been seizing domains because they are suspected of hawking pirated goods. The first seizure was in November last year when 82 websites selling counterfeit goods ranging from handbags to golf clubs were taken out.

Last month, there was another raid on the Internet. According to TorrentFreak and other Internet monitoring sites, the two agencies wrongly shut down 84,000 websites that had not broken the law, falsely accusing them of child pornography crimes. After the mistake was identified, it took about three days for some of the websites to go live again. The domain provider, FreeDNS, was taken aback. “Freedns.afraid.org has never allowed this type of abuse of its DNS service. We are working to get the issue sorted as quickly as possible,” it said.

Earlier, DoJ and ICE had seized the domain of the popular sports streaming and P2P download site Rojadirecta. What is shocking is that the site is based in Spain and is perfectly legal. Two courts in Spain have ruled that the site operates legally, and other than the .org domain the site has no links to the US.

Internet freedom could easily become the biggest casualty in the illconceived and poorly designed procedures adopted by developed countries— France, the UK, South Korea, Taiwan and New Zealand have similar laws—to protect intellectual property from counterfeiters and pirates, primarily at the behest of the film and music recording industries.

There are indications India may be planning to follow suit (see ‘India’s three-strikes policy’), although civil rights groups say it could amount to a form of deprivation of liberty.

Surveillance technology

The problem with the use of technology in keeping the Internet safe cuts both ways. With increasing number of cyber attacks on both official and public websites from an array of hackers and malware, governments are reaching for ever more sophisticated high-tech surveillance systems. For instance, computer systems of the US Congress and the executive branches are under attack an average of 1.8 billion times per month, according to a recent Senate report. The result: more spyware. One such is deep packet inspection technology. It is a tool that protects customers from rampant spam and virus traffic. Experts say the Internet could not survive without this technology and yet, it helps authorities to keep a close watch on what people are doing on the Net. In the US, ISPs are required to have this technology.

So what can be done? Keep close tabs on government involvement in the Internet and ensure that its intrusion in both the content and the engines of this system is kept to the minimum.

Read the original article written by Latha Jishnu in Down to Earth here

For more details visit https://cis-india.org/news/battle-internet

Catch-all approach to Net freedom draws activist ire

praskrishna — 2011-04-01T15:43:55Z

The Internet has revolutionized the way we socialise, date and even protest. Online activism is a faster, more effective way to get more people to react to a cause. But at the same time it is this speed that makes Internet-generated protests a far graver danger than offline protests. Egypt faced an Internet shutdown when the protest started gaining steam and China has been throttled with heavy cyber censorship for years. Unfortunately, silencing the voices of dissent online is as easy as raising them. This article by Annie Johnny appeared in the Sunday Guardian, New Delhi on 13 March 2011.

A workshop recently conducted at the Constitution Club in New Delhi brought together human rights activists, bloggers and techies and explored the challenges faced by online activists.

“When the Internet was in its nascent stage, there was the Utopian belief that the government would not have the same role to play as it does offline. However, the Internet is being increasingly regulated by the government,” says Dr. Anja Kovacs, fellow, Centre for Internet and Society, Bangalore.

The Binayak Sen and Pink Chaddi campaigns provide a picture of how fast and efficient online activism is. “Initially, the campaign was restricted to a centralised network of people and was a way for me and my friends to vent out our thoughts. But it grew beyond our expectations. Between March 2008 and May 2009, we had about 1.5 million visitors. Our experience with the Internet as an effective tool in mobilising people has been very positive,” says Satya Sivaraman, one of the initiators of the Free Binayak Sen Campaign website.

Blocking websites that promote child pornography and hate speech is acceptable. Activists, however, are concerned about the mysterious disappearances of blogs and the vague explanations given to justify them.

“There is a provision for spam in the IT Act. While the rule is meant for only for spam, it is extended over a much wider area. According to it, anything that is deemed objectionable can be blocked. Instead of targeting offensive material, the act should target harmful content. Child pornography and hate speeches cause harm, whereas what is ‘offensive’ is subjective,” says Pranesh Prakash, programme manager, Centre for Internet and Society.

Bloggers in countries like Thailand and Singapore face serious consequences for posting anti-state views online. However, very few people all over the world are standing up against the curtailing of the right to freedom of expression online.

“There are ways to access blocked sites but most people do not bother to do that. If a site is blocked, they will simply accept it. The government in India is becoming increasingly restrictive. While their reason for concern is valid as the restrictions are in place to protect national security, the way they are dealing with this is inappropriate. Drafting vague rules related to objectionable content’ without specifying whom the content is objectionable to, is not going to help. There needs to be clearly defined categories for banning sites,” says Kovacs.

Rising against the growing restrictions and the wide gaps in Internet accessibility, The Internet Rights and Principles coalition, which works on Internet rights, is coming up with a Charter for Human Rights and Principles for the Internet.

The charter, which is still being drafted and has been put online for suggestions, emphasises that human rights apply the same way online as they do offline, and lays down rules and Internet policies necessary to protect human rights.

Another interesting observation is that most online protests don’t always spark parallel offline protests. The Meter Jam protest against the high auto fares in Mumbai is one such example.

“While it helped the middle class vent their frustration, on the day of the actual offline protest, hardly anyone boycotted autos. Business went on as usual,” says Kovacs.

See the article on the Sunday Guardian website
Download the original pdf here

For more details visit https://cis-india.org/news/catch-all

Cause and effect Facebook-style

praskrishna — 2011-04-01T15:44:47Z

While the world is crediting Facebook for triggering the Arab revolution, do Facebook groups in India say anything about top of mind causes for young Indians? Crime touches a chord - the pages that have sprung up for Radhika Tanwar and Aarushi Talwar illustrate this - but it's the ideological issues that have made it to our top five list. Anja Kovas, a fellow at the Centre for Internet and Society, a Bengaluru-based research organisation, analyses the success of these causes.

Save the Tiger: The biggest Indian group on Facebook 'Save the Tiger' has a following of over 8,43,663 people.

Content talk: The site tracks news items about the tiger and features comments and quotes about the animal. The group's motto 'Read between the stripes' encourages members to 'like' conservation.

Pages: As the most popular cause, this also links to over 30 pages such as the 'Save the Leopard', Save the Tiger Fund' and 'Only 1411 left in India'

Anja-speak: This campaign was successful because several celebrities were a part of the cause. TV campaigns and celebs always ensure a larger audience. Also world over, environmental issues triggers stronger reactions.
Terrorism: It's a subject that affects every single Indian, and 'Stop Terrorism in India' has already clocked 1, 39, 436 members.

Content talk: "If you want to sleep peacefully then wake up now…" It's comments like these that would best explain what the group is all about. Members of this group share videos of 26/11, violence in Kashmir, Salman Khan, anti-hunger campaign and other subjects like peace, liberty and justice.

Pages: Other related pages are 'Stop terror in India and specially Mumbai'. 'Stop Terror in India, Pakistan'

Anja-speak: The Mumbai attacks shook the nation and touched a chord with everyone across age groups, classes and beliefs.
Kashmir: Over four lakh Kashmiris have been displaced from their state since 1989-90. It's not surprising then that Kashmir comes third in our list of causes. 'Frontline Kashmir' supports the 'freedom movement' and has about 24,000 members.

Content talk: Peppered with calls for freedom, the comments on the walls also speak out against separatists. Pages: For various viewpoints on Kashmir, also check out Amnesty International, Revolt, I Cry, We Love Syed Ali Shah Geelani.

Anja-speak:Facebook played an important role in letting young Kashmiris voice their opinions online. It's obviously a platform for young Kashmiris who want to air grievances.
Corruption: Despite the fact that corruption is one of the foremost issues in India today, the largest group against corruption 'India Against Corruption' has only 16,499 members.

Content talk: From information on marches to news articles, this page deals with anything related to corruption in India. A much talked about issue on this page is the CWG and the 2G scam. Pages: Do check out the 'Commonwealth Jhel' page as well and the 'I Paid A Bribe' and 'Choosna Bandh Campaign'!

Anja-speak: It's a topic that unites people across classes in India. With big scams unfolding every other day, people are definitely interested in such a group.
Free Binayak Sen: With 8,479 'likes', the Facebook page 'Release Dr Binayak Sen: Protest against mockery of justice against him', a cause by the same name that is supported by 7,745 people, stands as the most popular group.

Content talk: The campaign on Facebook is an offshoot of a section of society that believes Dr Sen has been denied justice by the state and speaks of all related matters including the sedition law. Pages: There are 15 groups and 22 pages related to Dr Binayak Sen, including 'Free Binayak Sen! Repeal Section 124A IPC' and 'Free Binayak Sen - Global Campaign'.

Anja-speak: This campaign owes its success, in terms of its outreach, to years of determination and relentless action by those that support Dr Sen.

This article by Malvika Nanda was published in the Hindustan Times on March 13, 2011. Read the original here

For more details visit https://cis-india.org/news/cause-and-effect

Govt proposal to muzzle bloggers sparks outcry

praskrishna — 2011-04-01T15:46:23Z

A government proposal seeking to police blogs has come in for severe criticism from legal experts and outraged the online community. The draft rules, drawn up by the government under the Information Technology Amendment Act, 2008, deal with due diligence to be observed by an intermediary. This article was published in the Times of India on March 10, 2011.

Under the Act, an 'intermediary' is defined as any entity which on behalf of another receives, stores or transmits any electronic record. Hence, telecom networks, web-hosting and internet service providers, search engines, online payment and auction sites as well as cyber cafes are identified as intermediaries. The draft has strangely included bloggers in the category of intermediaries, setting off the online outcry.

Blogs are clubbed with network service providers as most of them facilitate comment and online discussion and preserve the traffic as an electronic record, but equating them with other intermediaries is like comparing apples with oranges, says Pavan Duggal, advocate in the Supreme Court and an eminent cyber law expert.

'This will curtail the freedom of expression of individual bloggers because as an intermediary they will become responsible for the readers' comments. It technically means that any comment or a reader-posted link on a blog which according to the government is threatening, abusive, objectionable, defamatory, vulgar, racial, among other omnibus categories, will now be considered as the legal responsibility of the blogger," he explains.

Even Google, the host of Blogger, among India's most popular blogging sites, expressed displeasure at the proposal. "Blogs are platforms that empower people to communicate with one another, and we don't believe that an internet middlemen should be held unreasonably liable for content posted by users," a spokesperson told TOI.

Blogs, which are typically maintained and updated by individuals, have showcased their political importance in recent times and the internet community views these rules as a lopsided attempt to curtail an individual's right to expression.

"If individual blogs are an intermediary, then why can't Facebook and Twitter also be classified as such, as they too receive, store and transmit electronic records and facilitate online discussions," retorts the spokesperson of the Centre for Internet and Society (CIS), a Bangalore-based organization, which works on digital pluralism. "These rules will not only bring bloggers and the ISP provider on the same platform, but the due diligence clause will also result in higher power of censorship to the larger player. Imagine your ISP provider blocking your blog because it finds that certain user-comments fit these omnibus terms," the CIS spokesperson added.

Most experts, including Duggal, see these rules as the outcome of the government's one-size-fits-all approach — at least in regulating online activities — and ask for an amendment to the IT Act.

Read the original article in the Times of India here

For more details visit https://cis-india.org/news/govt-proposal

Anti-Social Network

praskrishna — 2011-04-01T15:59:51Z

Social media is driving teens to a reality they can't handle. This article by Max Martin was published in Mail Today on February 27, 2011.

THIS is the generation of instant messaging and two-minute noodles. Impatient teenagers are always plugged in to their computers and cell phones. Their reality is virtual and most of their friends can be found online. "It's the coolest way to keep in touch," says Charlotte William, a college student in Bangalore whose Facebook was got flooded with birthday greetings on Saturday. Her FB page is an almost-instantly updated open book of her life.

Such minute-by-minute minute updates are an integral part of any teenager's life but the older generation is cautious. Not just old-fashioned people but even the tech-savvy are raising several issues with this uncontrolled explosion of social networking. India is the seventh largest social networking market in the world, with millions of users and many issues like privacy, etiquette, commercial, and political interests. Even though people have control over the information they post online, unauthorised access -- usage and republication -- is a major cause of concern, says Nikhil Pahwa, who publishes MediaNama, a mobile business news site based in Delhi. "You put up information about friends and family without realising the enormous consequences of it being in the public domain," says Pahwa.

"I see a lot of people exchanging personal messages and phone numbers on their walls. A lot of people are rather nonchalant about it," says Christian Wolff, a German development researcher, living in Hyderabad, who finds it amazing how Indians are not as concerned about their privacy as they should be. Bangalore-based lawyer Sarim Naved says the internet gives people a misplaced sense of anonymity, which makes them shed their inhibitions -- and etiquette. Should you allow a friend to post pictures of you from that crazy party last night? What if a family member sees them? We still live by traditional values and customs and footloose pictures may not be appreciated.

And while you may think that your privacy settings are in place to never allow such an unfortunate incident take place, privacy settings give a false sense of security. "Many people cannot figure out how to put filters on," says Yamini Atmavilas, a teacher of gender studies in Hyderabad. She also says that social networking is a mixed bag: "Studies show that women use social networks differently from men. They have helped build women's social capital, providing an outlet for connection and expression."

AARTI Mundkur, who was involved in the national 'Pink Chaddi' campaign against the pub-attacking Sri Ram Sene, agrees. "Social networks capture only the imagination of the upper middle class -- and fail to evoke any other kind of response," says this activist lawyer. While the social media is powerful -- and can be used for many purposes -- it is limited in scope.

Also, these sites are turning into what Wolff calls 'all-devouring marketing machines'. Facebook, for instance, is always in the midst of some controversy over its automatic personalisation or using technology to accommodate differences between individuals, so that disbursing personalised advertisements gets easier. Most of us do not realise that every little bit of information we post online is under the scrutiny of corporate entities that analyse and track browsing, spending, networking, and even music preferences.

"They make money with the data you post online for free," says Anivar Aravind, an IT consultant and commentator who started the online campaign for justice for Binayak Sen. "Even worse is when these service providers pass on this personal information to the government as Yahoo did in China leading to the imprisonment of a journalist," says Aravind.

Also getting increasingly active in the online circuit are crooks, says Shantanu Ghosh, who handles the India product operations of Symantec, a leading network and computer security firm. These crooks, he says, launch virus attacks, put up false events to attract people, and spoof networking sites to extract personal data.

"This attack was observed before the Cricket World Cup 2011. Attackers had created a page offering ticket deals for the World Cup final in Mumbai, requiring users to log into their social networking accounts. Those who fell for this trick would have ended up revealing their confidential login information to these attackers." Ghosh advises: "You should treat anything you see online with skepticism -- especially if it involves clicking a link or installing an application." Also make sure you check and understand privacy policies and settings.

This is even more important because existing laws on cyber crime are not strong enough. Also, the question whether new laws will be effective remains.

"It really depends on the law. If it goes into too much detail then it will be rendered irrelevant because of advancements in technology," says Sunil Abraham, who heads Centre for Internet and Society, a Bangalore-based research group. "A good law usually focuses on principles. What we need in India is a privacy regulator that can dynamically interpret the principles in law to quickly react to developments on the internet."

Read the article in Mail Today here
Also see the article in the Free Library here
Download the news from Mail Today here (pdf, 2.92 MB)

For more details visit https://cis-india.org/news/anti-social-network

New Indian Rules May Make Online Censorship Easier

praskrishna — 2011-04-01T15:57:20Z

Draft rules proposed by the Indian government for intermediaries such as telecommunications companies, Internet service providers and blogging sites could in effect aid censorship, according to experts. The article by John Ribeiro was published in Yahoo News on March 7, 2011.

Under the draft rules, intermediaries will have to notify users of their services not to use, display, upload, publish, share or store a variety of content, for which the definition is very vague, and liable to misuse.

Content that is prohibited under these guidelines ranges from information that may "harm minors in any way" to content that is "harmful, threatening, abusive."

Some of the terms are so vague that to stay on the right side of the law, intermediaries may in effect remove third-party content that is even mildly controversial, said Pavan Duggal, a cyberlaw consultant and advocate in India's Supreme Court.

While the definition of some of the terms like obscenity have been ruled on by India's Supreme Court, some of the other terms do not have a precise legal definition, said Pranesh Prakash, program manager at the Centre for Internet and Society, a research and advocacy group focused on consumer and citizen rights on the Internet.

"Would creating a Facebook profile for a minor, for example be considered as harming a minor ?" Duggal said.

The draft rules are secondary legislation framed by the government under the country's Information Technology (Amendment) Act of 2008. Under the IT Act, an intermediary is not liable for any third-party information, data, or communication link made available or hosted by him, if among other things, he has observed due diligence under the draft rules.

The new rules will give rise to subjective interpretations, thus giving a lot of discretion to non-judicial authorities in the country to decide whether the intermediary has observed due diligence or not, Duggal said.

According to the draft rules, an intermediary has to inform users that in case of non-compliance of its terms of use of the services and privacy policy, it has the right to immediately terminate the access rights of the users to its site. After finding out about infringing content, either on its own or through the authorities, the intermediary has to work with the user or owner of the information to remove access to the information.

Rather than recognizing the diversity of the businesses of intermediaries, the draft rules use a "one-size, fits all" set of rules across a variety of intermediaries including telecom service providers, online payment sites, e-mail service providers, and Web hosting companies, Duggal said.

An intermediary such as a site with user-generated content, like Wikipedia, would need different terms of use from an intermediary such as an e-mail provider, because the kind of liability they accrue are different, Prakash wrote in his blog.

The draft rules also add new provisions that appear designed to give the government easier access to content from intermediaries. Intermediaries will be required to provide information to authorized government agencies for investigative, protective, cybersecurity or intelligence activity, according to the rules.

Information will have to be provided for the purpose of verification of identity, or for prevention, detection, prosecution and punishment of offenses, on a written request stating clearly the purpose of seeking such information, the rules add.

The IT Act already has specific procedures in this connection for very specific information requirements, but the draft rules have broadened this to a general requirement for intermediaries to provide information, Prakash said. The new rule could in fact be a way of circumventing the earlier laws, he added.

The draft rules assume significance in the context of recent moves by the Indian government to get Research In Motion to provide access to information on BlackBerry services in India. While providing lawful access to its consumer services like BlackBerry Messenger, RIM has declined to provide access to its corporate service, BlackBerry Enterprise Server, claiming that it does not have access to customers' encryption keys.

The Indian government has previously also said it would demand lawful access from Google's Gmail and Skype, but has not taken any action so far in this direction.

The draft rules will require compliance from a number of entities who until now had thought they were outside the ambit of compliance, Duggal said.

Google did not immediately respond to e-mailed requests for its comments on the new rules. Microsoft said that the government should set the policy objectives and provide directional framework, and still allow flexibility to intermediaries to set the data protection measures as they deem fit for different situations and services.

"We believe that the intermediary should be obliged to take down non-compliant content on being notified of the same as well as terminate access rights for those who use these platforms for dissemination of non-compliant content," Microsoft said in an e-mailed statement. Non-compliance include, but is not limited to, copyrights, it added.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service.

Read the original in Yahoo News here

For more details visit https://cis-india.org/news/online-censorship

Tactical Tech's ONO Party!

praskrishna — 2011-04-04T07:19:47Z

Tactical Tech has made friends with ONO Robot , a friendly Robot Guide and the star of four animated shorts of a series called Survival in the Digital Age, and we'd like to invite you to watch the series with us at our ONO Party.

Activists and independent journalists don't often realise that the information and communications technologies they use can compromise their security and have implications for privacy, freedom of expression and access to information. As an organisation working at the meeting point of advocacy and technology, Tactical Tech finds these issues essential to anyone using technologies to facilitate and strengthen their advocacy work. To raise awareness about the digital traces we leave behind Survival in the Digital Age aims to engage activists to better understand the information and communications technologies they use, so that they can make more informed decisions about the risks they may face.

We're going to be showing the four shorts over party games, snacks and drinks at our ONO Party so do join us on Thursday, March 3rd

For more details visit https://cis-india.org/events/CIS-tacticaltechONO

February 2011 Bulletin

praskrishna — 2012-07-30T11:16:29Z

Greetings from the Centre for Internet and Society! In this issue we are pleased to present you the latest updates about our research, upcoming events, and news and media coverage:

Researchers@Work

RAW is a multidisciplinary research initiative. CIS believes that in order to understand the contemporary concerns in the field of Internet and society, it is necessary to produce local and contextual accounts of the interaction between the Internet and socio-cultural and geo-political structures. To build original research knowledge base, the RAW programme has been collaborating with different organisations and individuals to focus on its three year thematic of Histories of the Internets in India. Monographs finalised from these projects have been published online for public review:

Internet, Society & Space in Indian Cities

Digital Natives

CIS has interest in developing Digital Identities as a core research area and looks at practices, policies and scholarships in the field to explore relationships between Internet, technology and identity. The Digital Natives project is funded by Hivos, Netherlands. CIS involvement has resulted into these:

Columns on Digital Natives

A fortnightly column on ‘Digital Natives’ authored by Nishant Shah is featured in the Sunday Eye, the national edition of Indian Express, Delhi, from 19 September 2010 onwards. The following articles were published in the Indian Express recently:

Pull the Plug [published in the Indian Express on February 20, 2011]
A FLASH of Change [published in the Indian Express on February 6, 2011]
Wiki changes the world [published in the Indian Express on January 23, 2011]

Workshop

The third and final workshop in the Digital Natives with a Cause? research project took place in Santiago, Chile, from 8 to 10 February 2011. Samuel Tettner wrote a report about the workshop:

Digital Natives with a Cause? —Workshop in Santiago — an Afterthought

Blog Entries by Maesey Angelina

Maesy Angelina is doing Masters on International Development, specializing in Children and Youth Studies at the International Institute of Social Studies, Erasmus University of Rotterdam. She is working on her research on the activism of digital natives under the Hivos-CIS Digital Natives Knowledge Programme. She spent a month at CIS, working on her dissertation, exploring the Blank Noise Project under the Digital Natives with a Cause? framework. She writes a series of blog entries. The new ones are:

Blog Entry by Samuel Tettner

Samuel Tettner is a Coordinator in the Digital Natives project. He has written one blog entry:

Computer Science & Society – The Roles Defined

Accessibility

Estimates of the percentage of the world's population that is disabled vary considerably. But what is certain is that if we count functional disability, then a large proportion of the world's population is disabled in one way or another. At CIS we work to ensure that the digital technologies, which empower disabled people and provide them with independence, are allowed to do so in practice and by the law. To this end, we support web accessibility guidelines, and change in copyright laws that currently disempower the persons with disabilities.

New Blog Entry

The Working Draft of the Rights of Persons with Disabilities Act, 2010: Does it exceed its Mandate in Including Provisions Relating to Other Disability Legislations?

Intellectual Property

CIS believes that access to knowledge and culture is essential as it promotes creativity and innovation and bridges the gaps between the developed and developing world positively. Hence, the campaigns for an international treaty on copyright exceptions for print-impaired, advocating against PUPFIP Bill, calls for the WIPO Broadcast Treaty to be restricted to broadcast, questioning the demonization of 'pirates', and supporting endeavours that explore and question the current copyright regime. Our latest endeavour has resulted into these:

New Blog Entries

Openness

CIS believes that innovation and creativity should be fostered through openness and collaboration and is committed towards promotion of open standards, open access, and free/libre/open source software, its latest involvement have yielded these results:

New Blog Entries

Internet Governance

Although there may not be one centralised authority that rules the Internet, the Internet does not just run by its own volition: for it to operate in a stable and reliable manner, there needs to be in place infrastructure, a functional domain name system, ways to curtail cyber crime across borders, etc. The Tunis Agenda of the second World Summit on the Information Society (WSIS), paragraph 34 defined Internet governance as “the development and application by governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.” CIS involvement in the field of Internet governance has taken the following shape:

Announcement

Google Policy Fellowship Program: Asia Chapter

New Blog Entries

Privacy

CIS is doing a project, ‘Privacy in Asia’. It is funded by Privacy International (PI), UK and the International Development Research Centre, Canada and is being administered in collaboration with the Society and Action Group, Gurgaon. The two-year project commenced on 24^th March 2010 and will be completed as agreed to by the stakeholders. It was set up with the objective of raising awareness, sparking civil action and promoting democratic dialogue around challenges and violations of privacy in India. In furtherance of these goals it aims to draft and promote over-arching privacy legislation in India by drawing upon legal and academic resources and consultations with the public.

Blog Entries by Elonnai Hickok

Elonnai Hickok is a Programme Associate in the Privacy in Asia project. She has published a series of Open Letters to the Finance Committee regarding the UID:

Other New Blog Entries

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions. Both require effective and efficient use of networks and resources, including spectrum. It is imperative to resolve these issues in the common interest of users and service providers. CIS campaigns to facilitate this:

Column

Shyam Ponappa is a Distinguished Fellow at CIS. He writes regularly on Telecom issues in the Business Standard and these articles are mirrored on the CIS website as well.

Spectrum auctions - 'Jhatka' or 'Halal'? [published in the Business Standard on February 3, 2011]

Forthcoming Events

CIS is holding some conferences/workshops in the month of March in Delhi and Bangalore:

Role of the Internet in Fostering Freedom of Expression and Strengthening Activism in India - A Workshop in Delhi (March 4, 2011, Constitutional Club, Rafi Marg, New Delhi)
Global Challenges to Freedom of Expression (March 4, 2011, Constitutional Club, Rafi Marg, New Delhi)
Electronication: Ragas and the Future (March 6, 2011 Jaaga, Bangalore)
Design!publiC (March 18, 2011, Taj Vivanta, New Delhi)

Staff Update

Deepti Bharthur

Deepti Bhartur is a Research Intern at CIS. She did her BA (Hons) in Journalism from Lady Sriram College, University of Delhi and completed her Masters in Communication from Sarojini Naidu School of Arts and Communication, University of Hyderabad. Deepti joined the Accessibility team of CIS and is working on accessibility in telecom policy in India.

News & Media Coverage

Growing cyberspace controls, Internet filtering (Hindu, February 20, 2011)
2(m) or not 2(m) (Business Standard, February 19, 2011)
Can the twitterati change the world? (The Times of India, February 12, 2011)
Can the mouse be a tool of revolution in India? (DNA, February 12, 2011)
Social Network Suicide (Bangalore Mirror, February 6, 2011)
New Kids on the Blog (Indian Express, February 6, 2011)
Procuring books in Indian libraries (Hri Institute for Southasian Research and Exchange, February 4, 2011)
What Are You Accused of? Find Out Online (Wall Street Journal, February 1, 2011)
One among the clan of Wikipedians (Hindu, January 27, 2011)
Digital Wrongs (Forbes India, January 24, 2011)

Follow us elsewhere

Get short, timely messages from us on Twitter
Follow CIS on identi.ca
Join the CIS group on Facebook
Visit us at www.cis-india.org

Looking forward to hearing from you. Please feel free to write to us for any queries or details required. If you do not wish to receive these emails, please do write to us and we will unsubscribe your mail ID from the mailing list.
CIS is grateful to Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/february-2011-bulletin

Social Network Suicide

praskrishna — 2011-04-01T15:54:43Z

Those disillusioned with their virtual friends circle are saying goodbye through web applications that wipe out your net identity. What’s more, you can even have your own memorial page, says Sahana Charan in this article published in the Bangalore Mirror on Sunday, February 6, 2011.

It is funny that even though some young people claim to have a thousand friends on social networking sites, they may actually never socialise with any of their virtual buddies. So when the “net” benefits don’t translate to reality, there is disillusionment. And then they may stop being active on networking sites. That’s the beauty and tragedy of virtual friendships.

And this is just one of the many reasons why your friend — who was otherwise tweeting her every mundane activity or would update her status message on Facebook every nano-second — might have suddenly become incommunicado.

As pressures to keep up virtual appearances become taxing and unpleasant experiences make social networking sites “not-so-safe” to share intimate details, many young people are opting out of these networks, deactivating their accounts and taking web sanyaas.

Sunil Abraham, Executive Director, Centre for Internet and Society, Bangalore says that in India this is a relatively new phenomenon and only a small group of people have actually committed web suicide using applications that wipe out your virtual identity. But a bigger number of netizens may be killing their networking accounts, because of a variety of resons — ranging from internet stalking to “no guaranteed benefits.”

“Many people may get onto a social networking site to use it for meeting rituals, to look for partners and to get information on jobs. When these are fulfilled they may decide to move out. Some people realise that a lot of their time and energy goes into updating accounts on Facebook, Twitter or Myspace, but it has not helped them get ‘real world’ benefits, so they just stop being active,” says Abraham.

Virtual disappearance

With the deactivation came some applications which help you go peacefully into a social network death — Web 2.0 Suicide Machine and Sepukkoo.com promise to remove your virtual identity completely so that you can make real friends. While Suicide Machine irreversibly removes all your friends, groups, photos and vidoes one by one and joins you to its “Social Network Suiciders,” Sepukkoo goes one step ahead and creates a memorial page for you.

What’s ironical is that you are actually going to another network and this one’s called ‘suicide networking’, where you encourage friends to leave their social circles. Both applications have been banned by Facebook but work on other sites.

So why would a popular guy deactivate his account ? Joe V J, a 28-year-old IT professional, who was regularly uploading pictures of his new bike or parties with friends on Facebook, took himself off the site recently. He realised that people who were not meant to see his profile and candid shots, had access and were posting comments.

“I got into the site because it was a great place to bond with friends. But then I realised that relatives and acquaintances who I had no clue about, were on the social network, had started pinging. They would look at pictures and express shock and then tell other people. It became a little too much, so I just decided to click the deactivate option,” he says.

Privacy concerns

It can get really ugly and those being harassed online may just disappear to save their privacy. Tinu Cherian, a techie and Wikipedia administrator speaks of an incident where another administrator was harassed by a cyber troll because he had blocked this guy from making wrong updates on Wiki’s pages.

“He had no option but to wipe out his Twitter account, which was hacked into and damning information was uploaded.”

Privacy concerns rise as Facebook decides to share account information with marketeers. “When Facebook first started, only 10 per cent of your information on the site could be seen by an outsider, but in 2011, 90 per cent of your information can be accessed by people other than your friends,” says Abraham.

There is another reason why people go off online networks. “When it first came, Facebook was considered the Ivy league and everyone wanted to be there. Youngsters suddenly thought Orkut was infradig and ceased to be on that site. So sometimes, people may just move out because they want to be somewhere else.” And that’s why the networking tamasha continues.

Read the article in the Bangalore Mirror

For more details visit https://cis-india.org/news/social-network-suicide

CIS Para-wise Comments on Cyber Café Rules, 2011

Prashant Iyengar — 2012-12-14T10:32:02Z

On February 7th 2011, the Department of Information Technology, MCIT published draft rules on its website (The Information Technology (Guidelines for Cyber Cafe) Rules, 2011) in exercise of the powers conferred by Section 87(2) (zg), read with Section 79(2) of the Information Technology Act, 2000. Comments were invited from the public before February 25th 2011. Accordingly, Privacy India and Centre for Internet and Society, Bangalore have prepared the following para wise comments for the Ministry’s consideration.

A. General Objections

These rules have no nexus with their parent provision, namely s.79(2). Section 79(1) provides for exemption from liability for intermediaries. Section 79(2) thereupon states:

79. Intermediaries not to be liable in certain cases—

(2) The provisions of sub-section (1) shall apply if—

(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hasted; or
(b) the intermediary does not—

(i) initiate the transmission,
(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

Therefore, by not observing any of the provisions of the Rules, the intermediary opens itself up for liability for actions of its users. However, the provisions contained in these rules have no rational nexus with due diligence to be observed by the intermediary to absolve itself from liability for third-party actions.

While the government may have authority to regulate cybercafes, that regulation should not be promulgated as rules under s.79(2). Doing so would be ultra vires s.79(2) itself.

Recommendation

These rules should be deleted in toto.

B. Specific Objections

These specific objections are in addition to the above-stated general objection, and do not detract from out recommendation that these rules should be deleted in their entirety.

Rule 2(c)

(c) “Cyber Cafe” means cyber café as defined in clause (na) of sub-section (1) of section 2 of the Act

Comment

The Act defines a cyber cafe as meaning “any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public”. This would include internet access provided in airports, in restaurants, and in many other places where the provisions of these rules (such as those about height of partitions, etc.) just will not be practicable. Thus, this provision will have unintended consequences.

Rule 3

Agency for issuance of license: Appropriate government will notify an agency to issue license to cyber cafes.

Comment

Rule 3 requires the issuing of a license for the establishment of a cyber café. We believe this is unwarranted since cybercafes, like most commercial establishments are already subject to registration and licensing under the “Shops and Establishments Acts” which have been enacted in all states. These Acts already specify an elaborate procedure for the application, registration and monitoring of all establishments and there is no need to multiply the levels of permission a cyber café must obtain. The current rules do not specify an application procedure, fee, and a maximum or minimum time frame within which such a license must be granted or denied nor does it specify the criterion on which such license applications will be evaluated. We think that in the absence of such legislative guidance, this provision is likely to be abused.

Cyber cafes in India contribute greatly to India’s increasing internet penetration and inserting a licensing regime would greatly impede access to the internet.

We believe that cyber cafes should be allowed to be established in the same manner as other shops and establishments, without the requirement of a special license.

Rule 4(2)

...When an user cannot establish his/her identify to the satisfaction of the Cyber Café as per sub-rule (1), he/she may be photographed by the Cyber Café using a web camera installed on one of the computers in the Cyber Café for establishing the identity of the user.

Comment

Sub-Rule 4 (2) Requires that if an individual is unable to establish identity, their photograph must be taken if they wish to use cyber café facilities. We believe that an individual’s photograph should be taken only as a last resort, where identity has been established.

Rule 4(3)

Children without photo identity card shall be accompanied by an adult with any of the documents as prescribed in sub-rule (1).

Comment

We recommend that children below 18 years should be specifically exempt from proving their identities to cyber café owners. Children are usually the quickest to adopt technology, and the requirement of possessing a valid identity might prove to be a deterrent to their developing computer skills. Likewise, being accompanied by an adult is also an onerous obligation since children’s access to the internet would depend on the availability of an adult/parent who may be too busy to accompany the child on every occasion the child wishes to access the internet or use a computer.

To reiterate, we feel that the current provision specially and adversely targets children from poorer classes (since they are most likely to routinely access internet through cyber cafes) and denies them the opportunity of developing their computer skills which are crucial for the growth of the “knowledge economy” that India is trying to head towards.

In addition, we believe that children are more susceptible to exploitation and consequently have a heightened privacy expectation which must be honoured. We recommend that the current sub-rule be deleted and replaced with a clause which specifically exempts children from proving their identity and forbids taking photographs of them under any circumstance.

Rule 5(1)

... Log Register: After the identity of the user has been established as per sub-rule (1) of rule 4 above, the Cyber Café shall record and maintain the required information of each user in the log register for a minimum period of one year. Also, Cyber Café may maintain an online version of the log register.

Comment

Rule 5(1) Provides a minimum period of one year that Cyber Cafes must retain their log registers. The rule does not specify the details which the log register must provide. In the interests of minimising threats to privacy, we recommend that these details recorded be confined only to the name and duration of use.

In addition, we believe that there should also be a coinciding mandatory deletion clause for the log register requiring details to be purged after the minimum retention period.

Rules 5(3)and 6(2)

5(3): “The cyber café owner shall be responsible for storing and maintaining following backups of logs and computer resource records for at least six months for each access or login by any user :

·    History of websites accessed using computer resource at cyber cafe

·    Logs of proxy server installed at cyber café

·    Mail server logs

·    Logs of network devices such as router, switches, systems etc. installed at cyber café

·    Logs of firewall or Intrusion Prevention/Detection systems, if installed.”

6(2): “The screen of all computers, installed other than in Partitions or Cubicles, shall face ‘outward’, i.e. they shall face the common open space of the Cyber Café.”

Comment

We recommend deletion of this rule since it is an unreasonable intrusion into a person’s privacy and an indirect attempt to censor content which users may wish to access. There are many uses of the internet for which a user may legitimately require privacy: For instance, patients, including HIV patients and those with mental illness, may wish to obtain information about their condition. Similarly sexuality minorities may wish to seek support or reach out to a larger community. Enforcing the architecture stipulated in this rule would discourage their access to such vital information. In addition, this architecture would make it easier for cyber crimes such as identity theft to take place since it would be easier to observe the login details of other users at the cyber café.

Rule 7(1)

Inspection of Cyber Café : “An officer, not below the rank of Police Inspector as authorised by the licensing agency, is authorized to check or inspect cyber café and the computer resource or network established therein at any time for the compliance of these rules. The cyber café owner shall provide every related document, registers and any necessary information to the inspecting officer on demand.

Comment

We recommend this clause be omitted since it confers unfettered and unsupervised powers on any Police Inspector to examine any cyber café premises he may choose without any restriction on time.

Additionally, the provisions of Shops and Establishments Acts of most states already prescribe a procedure for inspection of establishments and examination of records. The current rules merely add another layer of supervision to the existing laws without adequate safeguards.

Comment

Sub-Rule 5(3) holds cyber café owners responsible for the storage and maintenance of back up logs concerning the following information: history of websites, logs of proxy servers, mail server logs, logs of network devices, logs of firewalls installed. We believe that the maximum length for retention of this data should be defined and a mandatory deletion clause should be inserted requiring cyber café owners to delete these logs periodically. We further believe that access to the history of websites and mail server logs is a serious invasion of a person’s privacy, and should be omitted from the back up logs.

This is especially so when currently there is no requirement that cyber café owners maintain their logs under conditions of utmost secrecy and confidence.

For more details visit https://cis-india.org/internet-governance/blog/cyber-cafe-rules

CIS Para-wise Comments on Draft Reasonable Security Practices Rules, 2011

Prashant Iyengar — 2012-12-14T10:32:06Z

On February 7th 2011, the Department of Information Technology, MCIT published draft rules on its website (The Information Technology (Reasonable security practices and procedures and sensitive personal information) Rules, 2011) in exercise of the powers conferred by Section 87(2)(ob), read with Section 43A of the Information Technology Act, 2000. Comments were invited from the public before February 25th 2011. Accordingly, Privacy India and Centre for Internet and Society, Bangalore have prepared the following para-wise comments for the Ministry’s consideration.

A. Specific Objections

Rule 3

Sensitive personal data or information.— Sensitive personal data or information of a person shall include information collected, received, stored, transmitted or processed by body corporate or intermediary or any person, consisting of :

Password;

...

Call data records;

Comment

We suggest that this list be expanded to include information such as sexual orientation, religion and caste. In addition, “electronic communication records” including emails, chat logs and other communications using a computer should be designated sensitive personal information.

Rule 4

Body Corporate to provide policy for privacy and disclosure of information.— (1) The body corporate or any person who on behalf of body corporate collects, receives, possess, stores, deals or handle shall provide a privacy policy for handling of or dealing in user information including sensitive personal information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract. Such policy shall provide for:

Type of personal or sensitive information collected under sub-rule (ii) of rule 3;

Purpose, means and modes of usage of such information;

Disclosure of information as provided in rule 6

Comment

We recommend that the privacy policy be made available for view to all individuals to whom the information held by the body corporate pertains. Currently the privacy policy will only be disclosed to the “providers of information” who may not be the individual concerned directly.

Rule 5

Collection of information.—

(1) Body corporate or any person on its behalf shall obtain consent of the provider of the information regarding purpose, means and modes of uses before collection of such information.

Comment

We recommend the substitution of the term “individual to whom the data pertains” instead of the phrase “provider of the information”.

(2) Body corporate or any person on its behalf shall not collect sensitive personal information unless—

the information is collected for a lawful purpose connected with a function or activity of the agency; and

the collection of the information is necessary for that purpose.

Comment

We recommend a blanket prohibition of collection of biometric data unless a heightened security interest is demonstrated.

(3) While collecting information directly from the individual concerned, the body corporate or any person on its behalf shall take such steps as are, in the circumstances, reasonable to ensure that the individual concerned is aware of.

Comment

We recommend a simpler phrase like “The body corporate.. shall take reasonable steps to inform the individual concerned” instead of the current complex phrasing. Reasonableness has generally been interpreted by courts contextually. For instance, the Supreme Court has remarked, “`Reasonable’ means prima facie in law reasonable in regard to those circumstances of which the actor, called upon to act reasonably, knows or ought to know. See Gujarat Water Supply and Sewage Board v. Unique Erectors (Guj) AIR 1989 SC 973.

(4) Body corporate or any person on its behalf holding sensitive personal information shall not keep that information for longer than is required for the purposes for which the information may lawfully be used.

Comment

We recommend that this be converted into a mandatory obligation to delete or anonymise the information collected within a stipulated period (say 6 months) after the expiry of use for which it was collected.

(6) Body corporate or any person on its behalf shall permit the users to review the information they had provided and modify the same, wherever necessary.

Comment

Individuals should have the right to review and modify information pertaining to them whether or not they themselves had provided the information to the body corporate. This right should be provided to them wherever the information that pertains to them is incorrect.

(7) Body corporate or any person on its behalf shall provide an option to the provider of the information to opt-in or opt-out.

Comment

We recommend that the wording be changed to “individual to whom the data pertains” instead of “provider of information”.

For more details visit https://cis-india.org/internet-governance/blog/security-practices-rules