We are anonymous, we are legion

A Tweet and a poke from the CEO

praskrishna — 2011-04-02T01:30:17Z

The official grapevine has moved online, and Twitter is the new water-cooler.

The office grapevine has moved online, and Twitter is the new water cooler. Social media may be all the rage, and every company may want in, but for the majority of Indian companies grappling with the phenomenon, it is proving too tempestuous a beast to control.

From India alone, for instance, 18 million unique visitors logged on to Facebook in May, each of them posting multiple status messages that often dealt with their places of work. Ban these practices all you like, experts say, but employees will still find ways to log on to social media. Better, then, to ride the wave rather than risk going down with it.

Some Indian companies have already begun to learn this the hard way. When Infosys Technologies Ltd announced its IRace (Infosys Role and Career Enchancement) programme in April, changing the company’s hierarchy drastically, disgruntled employees lashed out at their company on blogs and Facebook.

“The company couldn’t do much then, because they didn’t have a social media policy in place,” says Mahesh Murthy, CEO of Pinstorm Consulting and a social media expert. Murthy mentions another large financial services firm that fired employees for commenting on Orkut about internal incentive programmes.

The time has arrived, then, for companies to institute social media policies—to define, in a sense, what sort of tweet is appropriate and what will earn a black mark. But Indian firms trying to do just this are emerging with very mixed results.

There are, on the one hand, the fast adopters. Technology and media companies that were the first to run head-on into social media were also, not surprisingly, the first to put basic guidelines in place.

Wipro Ltd and HCL Technologies Ltd not only have social media policies, they also promote communication and events for their employees on these media. A couple of months ago, the Spirit of Wipro run was promoted in real-time on Twitter and on its official Facebook page. “Wipro became one of the first companies to hold a Twitter conference, for our joint CEO to discuss our diversity initiatives,” says Rajan Kohli, Wipro’s chief marketing officer.

Also Read The Future of the Internet (Complete Series)

HCL has named digital ambassadors who use their social networks and online personas to share ideas and help the company reach out. In HCL’s annual exercise to articulate the company’s vision, employees communicate with the CEO through Facebook. Infosys has formulated its own social media policy now, and is preparing to roll it out over the next six months.

The other early adopter has been the media sector. As traditional media houses have started to build digital presences, conglomerates such as HT Media Ltd and Bennet, Coleman and Co. Ltd specify what a journalist’s digital avatar can and cannot say online. (Mint has an extensive social media policy for its employees.) Print journalists typically cannot reveal their employer on their Facebook or Twitter pages, or post original opinions.

But here’s the catch with such a strategy: The Internet is a hard place to be anonymous. “If you are a well-known writer, even if you don’t identify yourself, people can easily put two and two together,” says Nishant Shah, of the Centre for Internet and Society (CIS). “Policies like that are hard to implement and don’t really make sense.”

To be sure, there are exceptions; Open, the weekly magazine, looks at Facebook and Twitter as channels to direct traffic to its online content. “We have no policy of employees not identifying themselves on social media or associating themselves with the magazine,” says Rajesh Jha, a deputy editor at Open.

Another surprisingly prompt responder to social media trends has been the education sector. While most institutions don’t have restrictive policies for public platforms such as Facebook, Twitter and blogs, some have gone in a different direction and created closed networks. Shah argues that a closed network has the same features—and issues—as open social media.

“These are again peer-to-peer platforms, where teachers and students interact with each other, and any communication has a large audience and gets recorded for posterity,” he says. “This makes it as much of a social medium as Facebook or Twitter.”

Bangalore’s Christ University has created an institutional repository for every single submission made by students and faculty. Test grades and lesson plans are posted online, and students and teachers communicate through the system. The Indian Institute of Management, Bangalore, has completely digitized its classrooms, so that write-ups on every lesson are available online. Students and teachers co-develop curricula through its platform as well.

One sector that has been slow to respond to these trends is the outsourcing sector. With annual attrition rates of 50-60%, these firms focus more on turnaround than on investment. Social media websites are typically banned altogether in call centres.

As social media evolves, ways to leverage it do as well. Large telecom firms such as Bharti Airtel Ltd, Tata Teleservices Ltd and Alcatel-Lucent use Facebook for research and development. Supriya Dhanda, Alcatel-Lucent’s head of human resources, says that her firm encourages “senior leaders...to keep blogs active and use them to promote key messages on strategy, people and operating mechanisms”.

In the US, a couple of smaller firms have been able to harness social media in innovative ways. Best Buy, an electronics retail chain, aggregates employee activity online, whether on blogs or Twitter, onto a platform called Best Buy Connect. Zappos, which sells shoes and bags online, has a similar Twitter aggregation tool that pulls any tweet mentioning the company. Employees are encouraged to post on the firm’s Facebook and YouTube pages, and its CEO, Tony Hsieh, has at least a million followers on Twitter.

But Murthy doesn’t necessarily think that Indian firms need to follow in the wake of US firms such as Intel, IBM and CNN, which have clearly defined social media policies. “First, the US is a litigious country and most social media policies there are circumscribed by what corporate lawyers allow employees to say and not say,” he says. “Two, Indian firms can actively use social media as a global marketing tool, especially because it involves no media costs. In the US, firms still look at it largely as a...customer-service function.”

Shah adds that India doesn’t have a clearly installed legal privacy framework, unlike the US or Australia. “What is public space and what is private is still largely a subject of interpretation,” Shah says. “So we will evolve our own path.”

Read the original in Livemint here

For more details visit https://cis-india.org/news/tweet-and-poke

December 2010 Bulletin

praskrishna — 2012-08-07T11:28:02Z

Greetings from the Centre for Internet and Society! It gives us immense pleasure to present regular updates on the progress of our research on the mainstream Internet media. In this issue of we bring our latest project updates, news and media coverage:

Researchers@Work

RAW is a multidisciplinary research initiative. CIS believes that in order to understand the contemporary concerns in the field of Internet and society, it is necessary to produce local and contextual accounts of the interaction between the Internet and socio-cultural and geo-political structures. To build original research knowledge base, the RAW programme has been collaborating with different organisations and individuals to focus on its three year thematic of Histories of the Internets in India. Monographs arising from these projects are now online for public review:

Pornography & the Law
This monograph attempts to unravel the relations between pornography, technology and the law in the shifting context of the contemporary. Deadline for review expires on 15 Jan 2011.
http://bit.ly/f1sQsi

Re:wiring Bodies
Dr. Asha Achutan historicises the attitudes, imaginations and policies that have shaped the Science-Technology debates in India, to particularly address the ways in which emergence of Internet Technologies have shaped notions of gender and body in India. Deadline for review expires on 15 Jan 2011.
http://bit.ly/gYCP1C

The Leap of Rhodes or, How India Dealt with the Last Mile Problem — An Inquiry into Technology and Governance
The project has fed into many different activities in teaching, in examining processes of governance and in looking at user behaviour. The deadline for peer review expires on 15 Jan 2011.
http://bit.ly/iiYJp1

New Blog Entries

Internet, Society and Space in Indian Cities

Queer Histories of the Internet

A Detour: The Internet and Forms of Narration: A Short Note

Digital Natives

CIS has interest in developing Digital Identities as a core research area and looks at practices, policies and scholarships in the field to explore relationships between Internet, technology and identity.

Columns on Digital Natives

A fortnightly column on ‘Digital Natives’ authored by Nishant Shah is featured in the Sunday Eye, the national edition of Indian Express, Delhi, from 19 September 2010 onwards. The following articles were published in the Indian Express recently:

Make a Wish [published on 19 December 2010]
Play Station [published on 5 December 2010]

Workshop

The third and final workshop in the Digital Natives with a Cause? research project will take place in Santiago, Chile, from the 8 to 10 February. Open Call and FAQs for the workshop are online:

Publication

Position papers from the Thinkathon conference held at Hague from 6 to 8 December have been published:

Digital Natives with a Cause? Thinkathon: Position Papers

Accessibility

Estimates of the percentage of the world's population that is disabled vary considerably. But what is certain is that if we count functional disability, then a large proportion of the world's population is disabled in one way or another. At CIS we work to ensure that the digital technologies, which empower disabled people and provide them with independence, are allowed to do so in practice and by the law. To this end, we support web accessibility guidelines, and change in copyright laws that currently disempower the persons with disabilities.

National Award

Nirmita Narasimhan got a National Award for Empowerment of Persons with Disabilities from the Government of India on 3 December 2010. The award was presented by Smt. Pratibha Patil, President of India under the Role Model category. The event was telecast live on Doordarshan.

Nirmita Narasimhan wins National Award

Conference Report

An international conference on Enabling Access to Education through ICT was held in New Delhi from 27 to 29 October 2010. The full report of the conference is published online:

Enabling Access to Education through ICT - Conference Report

New Blog Entries

Intellectual Property

Copyright, patents and trademarks are the most important components on the Internet. CIS believes that access to knowledge and culture is essential as it promotes creativity and innovation and bridges the gaps between the developed and developing world positively. Hence, the campaigns for an international treaty on copyright exceptions for print-impaired, advocating against PUPFIP Bill, calls for the WIPO Broadcast Treaty to be restricted to broadcast, questioning the demonization of 'pirates', and supporting endeavours that explore and question the current copyright regime. Our latest endeavour has resulted into these:

New Blog Entries

Openness

CIS believes that innovation and creativity should be fostered through openness and collaboration and is committed towards promotion of open standards, open access, and free/libre/open source software, its latest involvement have yielded these results:

Reports

Event

Wikipedia Meetup in Bangalore, This time in TERI

Privacy

CIS is doing a couple of projects, one Privacy in Asia which is supported by Privacy International, UK and the other on Privacy and Identity which is funded by Ford Foundation and managed by the Centre for Study of Culture and Society. The project is a research inquiry into the history of privacy in India and how it shapes the contemporary debates around technology mediated identity projects like Aadhar.

New Blog Entries

Telecom

The growth in telecommunications in India has been impressive. While the potential for growth and returns exist, a range of issues need to be addressed for this potential to be realized. One aspect is more extensive rural coverage and the second aspect is a countrywide access to broadband which is low at about eight million subscriptions. Both require effective and efficient use of networks and resources, including spectrum. It is imperative to resolve these issues in the common interest of users and service providers. CIS campaigns to facilitate this.

Articles by Shyam Ponappa

Shyam Ponappa is a Distinguished Fellow at CIS. He writes regularly on Telecom issues in the Business Standard and these articles are mirrored on the CIS website as well.

Take 'Model T' for Telecom

News & Media Coverage

An online community platform for people with different needs (Sify News, 12 December 2010)

Self-regulation in media and society meet to gain legal perspectives (Indiantelevision.com, 13 December 2010)

This Is All India Radia (Outlook, 6 December 2010)

'Pakistan' hackers target India's top police agency (Google News, 4 December 2010)

Intellectual Property Rights as seen in a graphic novel (TimeOut Bengaluru, 1 December 2010)

The Niira Radia Tapes: Scrutinizing the Snoopers (The Wall Street Journal, 29 November 2010)

Mobile banking set to get a boost from IMPS (The Hindu, 28 November 2010)

UID elicits mixed response (Deccan Herald, 23 November 2010)

Time to bury e-mail? (DNA, 21 November 2010)

Follow us elsewhere

Get short, timely messages from us on Twitter
Follow CIS on identi.ca
Join the CIS group on Facebook
Visit us at www.cis-india.org

Looking forward to hearing from you. Please feel free to write to us for any queries or details required. If you do not wish to receive these emails, please do write to us and we will unsubscribe your mail ID from the mailing list.

For more details visit https://cis-india.org/about/newsletters/december-2010-bulletin

Privacy matters

praskrishna — 2011-04-04T07:22:24Z

Privacy India invites individuals to attend “Privacy Matters”, a one-day conference on 23 January 2011 at the WB National University of Juridical Sciences (NUJS) Law School in Kolkata. Privacy India, Society in Action Group and the Centre for Internet & Society have joined hands to organize this.

The conference will focus on discussing the challenges to privacy that India is currently facing. The right to privacy in India has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, e.g., the TRAI Act for telephony or RBI Guidelines for Banks, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. This lack of uniformity has led to ironically imbalanced results. In India today one has a stronger right to privacy over telephone records than over one’s own medical records. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities, prisoners, etc. – people who most need to know that sensitive information is protected.

The emergence of information and communications technologies over the past two decades has radically transformed the speed and costs of access to information. However, this enhanced climate of access to information has been a mixed blessing. Whilst augmenting our access to knowledge, this new networked information economy has also now made it much easier, quicker, and cheaper to gain access to intimate personal information about individuals than ever before. As people expose more and more of their lives to others through the use of social networks, reliance on mobile phones, global trade, etc., there has emerged a heightened risk of privacy violations in India. As privacy continues to be a growing concern for individuals, nations, and the international community, it is critical that India understands and addresses the questions, challenges, implications and dilemmas that violations of privacy pose.

Who We Are

Privacy India was set up in collaboration with the Centre for Internet & Society (CIS), Bangalore and Society in Action Group (SAG), under the auspices of the international organization ‘Privacy International’. Privacy International is a non-profit group that provides assistance to civil society groups, governments, international and regional bodies and the media and the public in a number of countries (see www.privacyinternational.org). Its Advisory Board is made up of distinguished intellectuals, academicians, thinkers and activists such as Noam Chomsky, the late Harold Pinter, and others, and it has collaborated with organizations such as the American Civil Liberties Union (ACLU).

Download the poster

" Privacy Matters" Conference Agenda

Time	Item
10:30 11:00	Welcome: Rajan Gandhi a. Who is PI b. What are our objectives c. Why is privacy important in India
11:00 11:30	Keynote: Sudhir Krishnaswamy
11:30 11:45	Tea Break
11:45 1:00	Session I: Prashant Iyengar and Elonnai Hickok a. Personal privacy: Violations and Indian legislation that addresses these violations Case study: Nira Radia and wiretapping b. Informational privacy: Violations and Indian legislation that addresses these violations Case study: The proposed data protection legislation in India c. What is the existing vacuum in Indian legislation concerning privacy
1:00 2:00	Lunch
2:00 3:30	Session II: Prashant Iyengar, Deva Prasad, Amba Kak a. Identity and privacy: why does it matter b. International approaches to identity c. The UID and privacy
3:30 3:45	Tea Break
3:45 4:30	Open discussion and opinion sharing

VIDEOS

For more details visit https://cis-india.org/events/privacy-matters

Does the UID Reflect India?

elonnai — 2012-03-22T05:45:32Z

On December 17th the Campaign for No UID held a press conference and public meeting in Bangalore. Below is a summary and analysis of the events.

Introduction

Scientifically speaking, we are each unique. We have unique bodies and minds, and these give rise to unique understandings, interactions, and perceptions. Despite being unique, we can be put into different categories and classes, one of which is a culture. A culture is defined by its values, which are reflected in its legal system. Consequently legal systems are always changing – bills are constantly being amended, passed, and retracted in order to make the governing legal structure reflect the ethos of that society. Thus, when analyzing a piece of legislation it is important to ask if that bill is meaningful in a way that reflects the ideas, values, attitudes, and expectations that a society has. This is the question that Usha Ramanathan, Mathew Thomas, and others in the Campaign for No UID have been asking about the UID project, and urged the public to ask the same question in the press conference and public meeting held on the 17th of December. According to the Campaign for No UID, the project and Bill fail to reflect and meet the current needs that exist in India. The UID Bill, the proposed legislation for the project, authorizes the creation of a centralized database of unique identification numbers that are to be issued to every resident of India. The numbers will act as identity. Recently, the Bill was sent to the Parliamentary Standing Committee on Finance, and is scheduled to be enacted in early 2011. The UID project is attempting to create a technological solution to the identification problem in India. It is well-known that India faces challenges in identifying its citizens and residents. Individuals either have no identification – restricting their access to society and benefits -- or, in some cases, they have multiple identities, therefore taking advantage of society at the expense of others, or a person does not have any identification – therefore escaping civil duties. The confusing identity system that exists in India has many negative drawbacks including the facilitation of corruption, illegal immigration, and possible security threats. The UID project attempts to provide a system of identity that is based on individuals’ biometrics, and that places the whole of India on a grid through the issuance of 12 digit Aadhaar numbers. The Campaign for NO UID does not deny the need for an efficient identity system, is not against technology, and does not deny that the current identity system has problems. Instead, it believes that the project does not adequately address the issues at hand, while at the same time creating a real prospect of harmful ramifications.

Benefits for the Poor

Though the UID project only gives identity to an individual, it has been envisioned as a means of ensuring the delivery of benefits to the poor. According to the World Bank, within India 41% of the population lives below the poverty line, and targeting the need to ensure benefits for the poor is an appropriate vision. Furthermore, as reflected in the Right to Food Act, there is a cultural understanding and expectation that the State needs to work to bring benefits to the poor. The point that Ms. Ramanathan draws attention to, though, is that the goal of bringing benefits to the poor is just a vision. The project and the Bill are not structured in a way that guarantee benefits to the poor. Instead, by trying to include the perception of this benefit, the language of the Bill has become too broad. The wide-sweeping language allows room for abuse of how information that is collected will be used.

Appropriate Methodology

Ms. Ramanathan also questions the methodology of the UID project. The collection of biometrics is not an absolute insurer of identity, in the way that DNA would be. A person’s biometrics are in fact very public. They are left on anything one touches, and can easily be reproduced for use by others. Identity theft is thus easily accomplished if biometrics are the only safeguard. Realistically, the vast majority of India’s population would not know what to do or how to seek redress if identities were stolen – indeed, many would not even be aware of the fact that their identity had been stolen. Thus, the project establishes a hierarchy of vulnerability. Those who understand and have access to technology and the legal system are better able to protect their identity (or abuse another’s), and the rest of the population is at the mercy of the people who possess that knowledge and those connections.

Legal Questions

Ms. Ramanathan also brought up a few legal issues with the UID Bill. Most importantly she pointed out that the UID project is not legal, yet enrollment of individuals has been taking place. Not only is this action undemocratic, but it is presumptuous of the UIDAI to assume that their project will have legal validity. Another legal issue raised by Ms. Ramanathan was in concern with the compulsory nature of the Aadhaar number. Legally the UID Bill does not make the Aadhaar number compulsory. Instead, the project is structured in such a way that the UID number is socially compulsory. Ms. Ramanathan argues that this is unfair of the UIDAI. If the number were to be truly voluntary, the UID would need to include clauses that prohibit the denial of goods, services, entitlements and benefits for lack of a UID number. An individual would need to be able to access benefits with alternative forms of identification before the Aadhaar number would be truly voluntary.

Does India Comprehend what the UID Could Bring?

Another fear voiced by Mrs. Ramanathan in her presentation was the level of public comprehension. Even though the project will touch the lives of every human being who comes to India, the majority of the Indian population has not thought through why they support or do not support the project, and most do not comprehend the dangerous implications of the UID project. Connections are not being made and clearly publicized about how the project could be used in the future. For example, once everyone has a set of personal data that is uploaded on a centralized database, there is a new concern over that data. What is happening to it, who is using it, what is it being used for, who is seeing it, who is analyzing it, what happens if that data is lost? One of the serious implications of the project is its’ threat to anonymity. Anonymity results when the personal identity, or personally identifiable information of a person is not known. Anonymity already exists today in Indian society by default.. This will change, though, with the UID. One’s body will become a traceable marker that will be readily identifiable to law enforcement and other agencies. By issuing numbers to each person, that will be used for every transaction – it will be possible to create a map of the population and tag information about individuals in a way that changes the relationship between the state and the people. Though it is true India could benefit from a lesser degree of anonymity. For instance corruption might be easier to control. The Bill takes no steps, though, to ensure under what conditions anonymity will be preserved. Thus, the project has the potential to be widely misused for intensive surveillance and the policing of populations – not just for illegal activity but for disfavored or unpopular activity as well.

Conclusion

One way to avoid the misuse of data is through the adherence to privacy standards such as how data should be processed, transferred etc. India does not of yet have such a privacy law, and such principles are not reflected in the text of the Bill itself. The fact that the UID bill and project bring into focus principles that are not yet fully reflected in the social and legal framework of society can be problematic. On one hand this Bill can push India to adopt those principles, in which case a data protection and privacy bill must be enacted, and awareness must be raised. On the other hand, the Bill can simply overshadow the populace, allowing significant violations of privacy and anonymity to take place with no assurance of redress. As Ms. Ramanathan noted, even though the project is not reflective of Indian society, the way in which the project is being marketed is. The project has been tied to the image of Nandan Nilekani, and the message is clear: the project must be good. The Campaign for No UID is asking the public to look beyond the face of the project, and consider whether or not this is the India they imagine.

For more details visit https://cis-india.org/internet-governance/blog/privacy/uid-reflects-india

Mothers discuss kids, music, fashions, on Net

praskrishna — 2011-04-02T01:25:28Z

Among the many conversations about behavioural problems seen among teenage children and the benefits of organic foods, there is one that raves about a baby-sitter who takes care of pets too, and one that reviews newly opened art classes in the city. These are not the usual face-to-face discussions among women at a gathering, but threads that run on parenting websites and ‘mommy' blogs that have captured the imagination of many mothers in Chennai.

Many parenting forums register more than a thousand threads of interaction each every day from the city alone, with a variety of localised pages on Yahoo, Facebook, and netlog dedicated to facilitate communication between mothers.

Baby growth charts, immunisation schedules, home-made remedies, reviews of schools, summer camps, information on doctors and a collection of articles from the mothers themselves — these forums have it all.

Many mothers feel that going through related threads on various parenting sites before attending the PTA meetings helps to know what rest of the parents feel about issues.

“My daughter does not like me talking to her classmates' parents at meetings; discussing online helps to talk to parents without the interference of children,” says Shobana Mahadevan, a blogger and a mother.

Discussing concerns, especially those regarding increase in fees, change in examination patterns, homework, and school announcements with hundreds of other mothers on the internet helps them understand matters at hand and form opinions, she says.

Many of these forums have threads on car-pooling in selected areas where parents decide on turns to drop children at schools.

Subbiah Arunachalam, a distinguished fellow at the Centre for Internet and Society, says that with the computer finding its way into many urban households, an increasing number of mothers are focussing more on their children's performance in school.

The social network they form on the net provides the mothers a platform to be “collectively enlightened” about everything from culinary innovations to popular music and fashion trends, he says.

On “Babycentre”, a forum that monitors child's growth and gives regular inputs on expected child behaviour, Sangeetha Vijay (38), mother of a two-year-old says,

“It is like an elderly person helping you get prepared for everything from teething problems to allergies in children.”

Many mothers say that though communication on parenting forums starts out as a medium to interact with those who share similar concerns, it soon goes beyond the confines of the internet. “We have groups of ‘internet mothers' who often meet, hold competitions and spend time together,” says Penithia Selvi (32), mother of a five year old girl.

“These sites and blogs give mothers a platform to write, discuss their interests and talk openly, which is a priceless experience,” she adds.

“It is very much an urban phenomenon,” says Savithri. J., child counsellor with schools, “Since many working mothers have access to the internet for more hours, they try tracking their children's activities, and also explore the net in their own way,” she says. Many concerns such as addiction to gaming seen among children, are better discussed with mothers who experience similar problems, says Ranjitha Kumaran (32).

“Since mothers as young as 23 to those in their sixties share their experiences on these sites, the issues are approached with a lot of sensitivity and understanding,” she says.

Read the original in the Hindu

For more details visit https://cis-india.org/news/kids-music-fashion-on-net

The Privacy Rights of Whistleblowers

elonnai — 2012-03-22T05:47:16Z

The recent disclosures from Wikileaks have shown that the right to information, whistle-blowing, and privacy are interconnected. This note looks at the different ways in which the three are related, as well as looking at the benefits and drawbacks to Wikileaks in terms of privacy.

Introduction

In a recent interview, the Canadian Privacy Commissioner was quoted as saying “Information and the manipulation of information is the key to power. Those who can control the information can influence society enormously.” History and present-day society have both proven the truth in this statement. It is one among many reasons that the right to information is important to uphold. In India, and in other countries, there are statutes – in India, the Right To Information Act – that entitles the public to request and receive information that pertains to public bodies and their conduct, information that is publicly available because it is intrinsically related to the public interest. An entirely separate but equally critical way in which the public is kept informed is through whistle-blowing. Traditionally, whistle-blowing is any disclosure made in the name of public interest. Recent events such as the Ratan Tata case and the leaks of US diplomatic cables have brought to light the relationship between the public’s right to information, the rights of whistleblowers, and the rights of individuals to privacy. These recent cases have shown that the right to information, whistle-blowing, and the right to privacy are interconnected, because privacy can provide individuals with the means to sustain autonomy against potentially overwhelming forces of government and persons who might have mixed motivations. The right to information and whistle-blowing are means by which the government is held accountable to the public if they violate the law or the public trust. The Wikileaks case and the Ratan Tata case raise important questions about when those two interests need to give way to private interests. One of the key questions that Wikileaks raises is: if whistleblowing is supposed to be disclosure in the public interest -- i.e., to protect the public – should disclosure of personal information be permissible only if a person can demonstrate that he/she is trying to remedy or avoid actual wrongdoing rather than simply publishing information that is "interesting to the public?"

What is a Whistleblower and how does a Whistleblower Benefit from Wikileaks?

Whistleblowing is the modern counterpart to “informers” – people who reveal others’ wrongdoing. Much whistleblowing occurs by going "up the chain" in a person's own department or agency or company. If the person is reporting wrongdoing and the person ultimately goes to the authorities about illegal activity, the individual reporting the leak can sometimes get immunity for his or her own actions, can sometimes collect part of the penalties, and can under certain statutes in some countries even bring suit if the company retaliates against him -- for example, by firing him. In this way traditional whistleblowing places the responsibility for legal and ethical conduct on employees who are better situated to see wrongdoing than outsiders would be. In many countries, a person may present information of a whistleblowing nature to a judicial body. The judicial body then determines the validity of the information, the degree of public interest involved, and the proper form of redress to be taken. The judicial body offers legal protection to the whistleblower. Another method of whistleblowing is to leak information to the press. Once information is in the public domain – at least if there is freedom of press -- the information can no longer be covered up. Neither the right to free press, nor the right to protection as a whistleblower is universal. The current critique of the Indian Whistle Blowing Bill is that the right to protection will not be ensured. A Times of India article issued in September 2010 pointed out that the Whistle Blowing Act’s biggest weakness is that the Bill’s Central Vigilance Commission is designated to play both the role as competent authority to deal with complaints file by whistleblowers and as the tribunal to protect whistleblowers. Structuring the power to allow one body to fulfil both functions runs the risk of bias and could breed distrust that would cause people to avoid the system altogether. The article complained that the Bill has no teeth, and that even if the Commission believes that the whistleblowing is valid, it is able only to give advice rather than actually to prosecute individuals. The article recites extreme instances in which individuals have blown the whistle and paid for it with their lives. For example: in 2005 a manager of the Indian Oil Corporation was killed after exposing a scheme in adulterated petrol, and in 2010 an RTI activist was killed after exposing land scams in Mahrashtra. In these situations, Wikileaks is an interesting and powerful tool for individuals who either do not want to leak their information to a judicial body or are not protected if they do so in their own country. Leaking information to Wikileaks is in one sense analogous to leaking information to the press, but it is not precisely the same because it is not a news media outlet, but instead is a way for a person to post information on a mass media outlet. It should be noted, however, that informants who leak to Wikileaks are not afforded the same immunity that individuals who leak to authorities are granted. When an individual shares documents or information with Wikileaks, the site in turn acts as a platform to publish the information on the web and with the press. Being an independent entity that is neither tied down to a certain territory, government, or entity – Wikileaks has the pull of non-bias. But the strength of Wikileaks is also its weakness. When 250,000 diplomatic cables were posted, there was no one who understood the context of the content to monitor to ensure that everything was appropriate to post. As a result, the information was transmitted to an audience who normally would not be entitled to it. By doing so, the leaked information placed individual diplomats in precarious positions that could potentially put them in harm’s way and unnecessarily damage their reputations, as well as putting the reputation of the United States on the line.

Privacy and Whistleblowing

As a result the United States is looking to press charges against Julian Assange, founder of Wikileaks, for espionage. The way in which Wikileaks leaked information and the nature of the leak has brought privacy into the picture. When looking at the act of whistleblowing through the lens of privacy, there are obvious privacy concerns for the whistleblower, for the person or entity whose information has been leaked, and for possible third parties involved. Paul Chadwick, the Victorian Privacy Commissioner, pointed out that for the whistleblower the main privacy concerns include the individual’s identity, safety, and reputation. For the alleged wrongdoer the privacy concerns include: identity, safety, employment, and liberty (where sanctions may include imprisonment). For third parties, reputation and safety can both be jeopardized by disclosures by whistleblowers. The Wikileaks leaks squarely present the question whether intent should be brought into the analysis of privacy and whistleblowers. If a whistleblower is disclosing with the intent protect the public, the protections afforded to this person should weigh differently against the privacy interests of alleged wrongdoers and third parties than for someone who is simply defining the public interest as “interesting to the public,” or, worse, as seen in the false leak by Pakistan against India, is looking to leak information to disrupt public interest. Even though Wikileaks works to protect the anonymity of individuals who leak information, it is not bound by any law to protect the privacy of individuals involved in the leak. The concept behind Wikileaks is important. By interacting with government information, it has the ability to bring accountability and transparency to governments, but the only regulation over Wikileaks is internal (and thus inherently subjective). Wikileaks needs to change its structure to take into account leaks shared without the intent of protecting the public interest and even then needs to monitor to prevent leaks that could place individuals in precarious situations or damage reputations with no validating information.

Sources:

http://www.ctv.ca/generic/generated/static/business/article1833688.html

Chadwick, Paul. Whistleblowing, Transparency, and Privacy: Aspects of the relationship between Victoria’s Whistleblowers Protection Act and the Information Privacy Act.

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-wikilileaks-whistleblowers

'Pakistan' hackers target India's top police agency

praskrishna — 2011-04-02T01:26:57Z

Cyber-attackers who identified themselves as the "Pakistan Cyber Army" have hacked the website of India's top police agency, officials said on Saturday. The website of the Central Bureau of Investigation (CBI) was hacked by programmers who left a message saying that the attack was in revenge for similar Indian assaults on Pakistani sites, Press Trust of India said. The hackers signed their message on the Indian police website: "Long Live Pakistan."

CBI authorities said they were working to restore the site, which offered information to the public.

The spokeswoman said she could not comment on Indian media reports that more than 200 other Indian sites had also been attacked by Pakistani hackers.

"We came to know the CBI site had been compromised Friday night," the spokeswoman told AFP, asking not to be named. "It will take us a couple of days to restore the site."

She said she could not immediately say who was responsible for the attack.

The CBI has "registered a case" and is investigating the attack, she said.

The message posted on the CBI site said the attack was "in response to the Pakistani websites hacked by 'Indian Cyber Army'," the Press Trust of India (PTI) reported.

"Hacked hahaa funny," the message said. "Let us see what you investigating agency so called CBI can do" (sic).

Hackers had also infiltrated the server of the National Informatics Centre (NIC), which maintains most of the government's websites, PTI reported.

In August, a group also calling itself the "Pakistan Cyber Army" hacked into the website of independent Indian MP Vijay Mallya, a flamboyant liquor baron, who is also head of Kingfisher Airlines.

The group claims to have hacked a number of Indian websites in recent years, including India's state-run Oil and Natural Gas Corporation, in retaliation for Indian hackers accessing Pakistan sites.

Indian IT specialists have long lamented what they say is a lack of awareness about Internet security across the country, including in the corridors of power.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, said it would have been easy for attackers to get into the CBI public site as it was "not a particularly sensitive" one.

The Indian government "has a very low level of cyber awareness and cyber security. We don't take cyber security as seriously as the rest of the world," he said.

He added that the government needed to "make at least 10 times the current level of investment to get their standards to match the rest of the world."

According to the Indian Computer Emergency Response Team, a government agency that tracks IT security issues, more than 3,600 Indian websites were hacked in the first six months of this year.

Read the original news here

For more details visit https://cis-india.org/news/police-agency-targetted

Self-regulation in media and society meet to gain legal perspectives

praskrishna — 2011-04-02T01:22:15Z

With electronic media generally expressing its opposition to government imposed regulations, a two-day workshop is being organised here from tomorrow on 'Comparative Perspectives on Media Self-Regulation and Society'.

The workshop will explore international and comparative perspectives on media regulation as it affects current and the future role of information in society, Star India said in a statement.

The workshop will explore contemporary issues around media self-regulation in India from the differing perspectives of academics, bureaucrats and politicians, industry leaders, civil society and legal experts. In light of the current controversies in the media, including growing demands for content regulation on India's entertainment channels, as well as debates over media ethics, this will be a highly relevant and contemporary workshop.

The University of Oxford's Programme in Comparative Media Law and Policy (PCMLP) in collaboration with the National Law University- New Delhi, the National University of Juridical Sciences- Kolkata, and the Annenberg School for Communication, University of Pennsylvania, with support from Star India .

Information and Broadcasting Minister Ambika Soni, Ministry Joint Secretary Arvind Kumar, and National Commission for Women member Secretary Zohra Chatterjee will be speaking at the workshop.

Among other expected speakers are ex-chief justice of India JS Verma who had drawn up a code for the electronic media on behalf of the News Broadcasters Association, academician Professor Satish Deshpande, former Central Board of Film Certification chairperson Anupam Kher, Centre for Internet and Society's Sunil Abraham, senior columnist Sevanti Ninan, BAG Films and Media CMD and President of the Association of Radio Operators of India (AROI) Anurradha Prasad, senior advocates Prashant Bhushanand Siddharth Luthra, TV Today Executive Director and CEO and IBF Vice President G Krishnan and NDTV CEO KVL Narayan Rao.

Leading international researchers and experts in media regulation, Professor Monroe E Price from the University of Pennsylvania, Jonathan Blake of Covington and Burling, and Professor Wolfgang Shulz from the Hans Bredow Institute will be a part of this Seminar.

Star India will be represented by COO Sanjay Gupta, EVP and General Counsel Deepak Jacob and EVP (Marketing and Communications) Anupam Vasudev.

The workshop is aimed at bringing together diverse views of academics, bureaucrats, policy makers, industry leaders, civil society and legal experts.

"In light of the current controversies in the media fraternity around the world, this workshop will deal with increased demands for content regulation on entertainment channels in India, as well as current debates on media ethics," the Star India release said.

Read the original news here

For more details visit https://cis-india.org/news/self-regulation

UID & Privacy - A Call for Papers

elonnai — 2012-03-21T10:03:44Z

Privacy India is inviting individuals to author short papers focused on Unique Identity (UID) and Privacy. Selected candidates will have their papers published on the CIS website, and their transportation and accommodation provided for the “Privacy Matters” conference being held in Kolkata on 22 January 2010.

Topic

Privacy and the UID

Submission Deadline

By 15 January 2010 to admin@privacyindia.org

Word Length

3,000-5,000 words

Topic Summary

The Aadhaar scheme, or Unique Identity (UID) scheme is a plan to provide citizens identity cards that are tied to their unique biometric data – such as their fingerprints or retinal scans. Although the most frequently cited justification for this project is to ensure the secure delivery of relief to beneficiaries of government aid schemes, it is clear that the uses to which it will be put exceed this narrow mandate.

As India embarks on one of its most ambitious techno-administrative projects to date, there is surprisingly little clarity or introspection into the implications of having such a concentrated identity locked into a single card. In particular it appears that the grave threats to privacy the scheme poses have not received due attention. Although the final draft UID Bill circulated by the UIDAI in October 2010 contains some provisions that reference privacy, there seems to be a tacit assumption that privacy is an expendable or at least a less-desirable privilege that can be attended to fully once the scheme is in fully in place.

We invite individuals to author short inter-disciplinary papers that engage various topics on the theme of Privacy and the UID, including but not limited to the following:

Comparative studies on privacy and national identity card schemes in other countries

Privacy and the UID Bill

How will a project such as the UID change the relationship between the state, the individual, and the market?

Selected candidates will have their papers published on the CIS website, and their transportation and accommodation provided for the “Privacy Matters” conference being held in Kolkata on January 22nd 2010.

Who We Are

Privacy India was set up with the collaboration of the Centre for Internet and Society (CIS) and Society in Action Group (SAG), under the auspices of the international organization ‘Privacy International’. Privacy International is a non-profit group that provides assistance to civil society groups, governments, international and regional bodies, the media and the public in a number of countries (see www.privacyinternational.org). Privacy India's objective is to raise awareness, spark civil action and promoting democratic dialogue around privacy challenges and violations in India. In furtherance of this goal we aim to draft and promote an over-arching privacy legislation in India by drawing upon legal and academic resources and consultations with the public.

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy_callforpapers

DSCI Information Security Summit 2010 – A Report

elonnai — 2012-03-21T10:04:22Z

On 2 and 3 December 2010, the DSCI Information Security Summit 2010 took place in the Trident Hotel, Chennai. The two day summit included a broad spectrum of speakers/panels and topics, ranging from Securing Data & Systems to how to leverage the Cloud. The key speakers were Mr. Gulshan Rai, Director General, CERT-In, DIT, Mr. Rajeev Kapoor, Joint Secretary, DoPT, Govt. of India, Mr. Vakul Sharma, Advocate, Supreme Court of India and Dr. Kamlesh Bajaj, CEO, DSCI. Elonnai Hickok attended the summit.

Day one commenced with keynote address given by Jeffery Carr, Principal, GreyLogic, US who spoke about the gravity and risk that businesses and countries are facing in the digital age. A prominent theme in every presentation throughout the day was that India is facing both serious changes and challenges in light of evolving technology and global standards. A few specific challenges addressed were: encryption standards, the cloud, and securing business transactions. During the panel on encryption standards it was pointed out that India desperately needs a clear and comprehensive policy on encryption standards. Not only will this serve to facilitate transactions in India, but it will increase trade as foreign countries will have an enforced policy to ensure them that India is a safe destination to export to. The panel addressing the cloud focused on the challenges that businesses are facing in terms of the cloud in the Indian context. The three main challenges to the Cloud are:

data security and privacy
compliance requirements
legal and contractual requirements

It was pointed out that in particular the Indian legal environment is serving as an obstacle to businesses wishing to move to the cloud, because of policies such as 40 bit encryption, and the Indian Telecom licensing policy which do not permit data transfer outside the cloud. Discussed also were measures that organisations have adopted to address data protection challenges in the cloud including: Including security & privacy clauses in the contractual agreement, making the Cloud service provider liable for a data breach, and auditing the services of Cloud service providers. Further information about the Cloud in the Indian context can be found in the DSCI report on Data Protection Challenges in Cloud Computing: An Indian Perspective. In the session on Securing Business Transactions, the challenge of protecting data and transactions was addressed. Many approaches were presented which explained how securing systems has moved away from using security enables software to security embedded hardware. The first day concluded with a presentation of DSCI Study Reports, including their recent study on the State of Data Security and Privacy in the Indian BPO Industry, Service Provider Assessment Framework – A Study Report, and the DSCI Security Framework.

The second day included presentations and panel discussions on privacy, the economics of security, and security technologies. The presentation on privacy presented many different viewpoints which ranged from the stance that India has been taking the right steps towards securing individuals privacy, and in contrast, that India has seen a dilution of privacy standards in the recent years. Contributing to the panel on privacy, Vakul Sharma, Supreme Court Advocate created a timeline of privacy in India, dispelling the popular belief that India does not have a history of privacy. Mr. Sharma closed his presentation with a challenge to those who believe that India does not have adequate privacy protections - to return to the clauses in the ITA, see if they are indeed being followed, and then assess if India does not have adequate privacy protection. The panel on the Economics of Security spoke about the rising costs of security in the wake of cyber crime, and the rising cost of not adequately protecting one’s business. In the session on Technology Challenges to Fight Data Breaches and Cyber Crimes a debate evoked on current measures taken by industry and government to fight cyber crime, and steps that still need to be taken. Opening the session was a presentation by Mr. West, member of the National Cyber Forensics Training and Alliance. His presentation introduced a new approach taken by the States in which key stakeholders including students and local law enforcement were engaged when tracking down cyber criminals. Mr. West demonstrated the success of the program, and explained how such an approach could be easily adapted in India. From different comments made by the panel and audience it was clear from this session that there is a need for the Indian government to be more invested in funding and supporting smaller cybercrime initiatives. Closing the day was a panel on E-Security for the next five years including the application and enforcement of DSCI’s best practices for a Security and Privacy Framework.

The event was sponsored by: Trusted Computing Group, Computer Associates, McAfee, Verizon Business, Tata Consultancy Services, Deloitte, (ISC)2, BlackBerry, ACS, CSC, Microsoft, RSA, and Intel.

For more details visit https://cis-india.org/internet-governance/blog/dsci-information-summit

Public Statement to Final Draft of UID Bill

elonnai — 2012-03-22T05:48:00Z

The final draft of the UID Bill that will be submitted to the Lok Sabha was made public on 8 November 2010. If the Bill is approved by Parliament, it will become a legal legislation in India. The following note contains Civil Society's response to the final draft of the Bill.

On 8 November 2010, the UID Authority issued the final draft of the UID Bill that will be submitted to the Lok Sabha for review and approval. Earlier this year in June 2010 the Authority issued a draft UID Bill to the public for comment and review. Civil Society responded with a detailed summary and high summary of points that amended the draft or were missing in the draft Bill. We are disappointed that none of the concerns raised by Civil Society, including those listed below, were addressed.

Architecture

The centralized architecture of the UID project is unnecessary. A federated and decentralized structure to the UID project would achieve the same goal of providing identity, authentication, and delivery of benefits.

Scope

The scope of the Bill is overboard. Though the main purpose of the Bill is to facilitate the delivery of benefits to residents, the loose language and intermixing of terms creates a threat that data will be collected and used beyond delivery of benefits

Voluntary and not Mandatory

The Bill should prohibit the denial of goods, services, entitlements, and benefits for lack of a UID number- provided that an individual furnishes equivalent ID, thus ensuring that the Aadhaar number is truly voluntary.

Inadequate Privacy Safeguards

The Bill inadequately elaborates on the principles of privacy relating to identity and transaction data. The protections needed should be self-contained within the Bill. Thus, the UID Bill itself should be clear and concise about data collection, transfer, retention, security, and dissemination.

Unwarranted Data Retention

The Bill does not provide adequate privacy protection for transaction data. In particular section 32(2) empowers the Authority to determine the duration that data is to be retained for.

Lack of accountability for all Actors

The Bill holds only the Authority accountable for violations. Rather the Bill needs to hold enrolling agencies, registrars, and other service providers accountable. Furthermore, the Bill does not provide adequate regulations or accountability for the data that are outsourced.

Lack of Exceptions

The Bill does not detail the circumstances and categories of people who will be excused or accommodated with respect to the issuing of Aadhaar numbers or authentication of transactions.

Lack of Anonymity

The Bill does not provide adequate specificity as to the situations in which anonymity will be preserved and/or an Aadhaar number should not be requested.

Inadequacy of Penalties

The penalties provided in the Bill are inadequate, because they do not cover several types of misuse.

Unaffordability of Fees

It is incompatible with the Bill’s stated purpose of inclusion to require an individual to pay to be authenticated.

Lack of Rollback and Ombudsman Office

The Bill does not provide adequate redress for system/transaction errors and fraud.

Inappropriate Structure and Governance

The Bill does not provide appropriate judicial and parliamentary oversight.

Upon comparison of the draft Bill and the final Bill, CIS finds the following changes the most significant:

Definition of Resident

Section 2 (q): “resident” means an individual usually residing in a village or rural area or town or ward or demarcated area (demarcated by the Registrar General of Citizen Registration) within ward in a town or urban area”

Comment: This section clarifies the definition of ‘resident’ from the draft Bill, which defined resident as an “individual usually residing within the territory of India”. By specifying that individuals in demarcated areas will not receive UID numbers, the definition of resident is brought into line with the scope of the Bill as laid out in the preamble. We see this change as a positive revision.

Prohibition of Dissemination of Information

Section 30 (3): “Notwithstanding anything contained in any other law and save as otherwise provided in this Act, the Authority or any of its officer or other employee or any agency who maintains the Central Identities Data Repository shall not, whether during his service as such or thereafter, reveal any information stored in the Central Identities Data Repository to any person”

Comment: This section prohibits the dissemination of any information that is stored in the Central Identities Data Repository. This prohibition extends to anyone or any entity that handles information, and supersedes other laws that might permit dissemination of information. We see this change as a positive revision.

Disclosure of Information in the Case of a National Security

Section 33 (b):“Any disclosure of information (including identity information) made in the interests of national security in pursuance of a direction to that effect issued by an officer or officers not below the rank of Joint Secretary or equivalent in the Central Government specifically authorised in this behalf by an order of the Central Government”

Comment: This section is a minor improvement on the previous draft since it requires specific authorization from the Central Government (rather than from a Minister in charge). Unfortunately, however, it retains the undesirable language of "national security" from the previous draft which, as we had previously pointed out, is not currently clearly defined under Indian law. An alternative phrase that we recommend instead is the Constitutional vocabulary of "public emergency" which already has a considerable volume of judicial reasoning that has elaborated what it means. Eg. in Hukam Chand v. Union of India (AIR 1976 SC 789) it was held that a public emergency "is one which raises problems concerning the interest of public safety", the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order, or the prevention of incitement to the commission of an offence."

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-publicstatement-UID

UID elicits mixed response

praskrishna — 2011-04-02T06:32:44Z

Which is the root cause for pilferage of welfare funds in India: fake identity or corruption?

Can the Unique Identity Card (UID) project solve this problem or will it create other more serious issues like infringement of constitutional rights, etc? These were the points fiercely debated at a panel discussion on UID organised by the Centre for Internet Society and Citizens' Action forum.

Chief Electoral Officer M N Vidyashankar, who made a presentation on the progress of the UID project in the State, at times, struggled to convince the audience on the necessity and feasibility of the project.

According to Mathews Thomas of the Citizens' Action Forum, the UID project creates more problems than it is expected to resolve.

“First, it was launched bypassing Parliament. It will only store biometric and other data of all citizens. This could result in illegal migrants claiming citizenship. Further, it will not prevent corruption in Public Distribution System or other schemes. The huge expenditure it will incur is also a matter of grave concern,” he said.

Defending the project, Vidyashankar said it was necessary to weed out discrepancies in multiple identity documents.

“It's well known that inconsistencies in a person's name, father's name, address, etc, creep in multiple documents. For instance, there will be different spellings of a person on a voter ID card, a driving Licence, a passport, and a PAN card. The UID will help in checking such discrepancies,” he asserted.

No operator will be able to tamper with the data. The laptops will have two screens to help the applicant see the entries. Data will first go to the Grameen Business Centre from where it will head to the Central Identity Database Repository which will issue a randomly generated number, he added.

Former Minister Prof B K Chandrashekhar said that there were several concerns in the UID project which need to be addressed properly.

Read the original in Deccan Herald

For more details visit https://cis-india.org/news/uid-mixed-response

Information Security Summit 2010

praskrishna — 2011-04-02T06:33:18Z

The Information Security Summit 2010 will be held between 2-3 December 2010 in Chennai. The following is the agenda for the event.

Day 1		2-Dec-10
TIME	SESSION	AGENDA
9:30am to 10:30am	Inaugural Session	Summit Theme Dr. Kamlesh Bajaj, CEO, DSCI Welcome Address Mr. Som Mittal, President, NASSCOM Keynote Address Mr. Jeffrey Carr, Principal, GreyLogic, United States
10:30am to 11:15am	Plenary Session	Encryption – No more a paradox Secure Business Transaction v/s National security Role of Policy Makers Session Chair Dr. P.K. Saxena, Director – SAG, DRDO Panelists Mr. Hitesh Barot, Director, Intel Dr. Kamlesh Bajaj, CEO, DSCI Dr. Sachin Lodha, TCS Mr. Ashutosh Saxena, Principal Research Scientist, SETLabs, Infosys
11:15am to 11:30am		Tea/Coffee Break
11:30am to 11:50am	Session I A	Securing Data & Systems with Trusted Computing Now and in the Future Mr. Brian Berger, TCG Promoter Board Member, Executive Vice President Marketing & Sales, Wave Systems Corp.
11:50am to 12:10pm	Session I B	Take Control of Identities & Data Loss Mr. Vipul Kumra, Consultant, CA Technologies
12:10pm to 12:30pm	Session I C	Security and the Cloud Ms. Smitha Murthy, Head of Product Management, McAfee India
12:30pm to 1:15pm	Session II	DSCI Data-Centric Approach: Information Visibility Moderator Ms. Nandita Mahajan, CISO &CPO, India & South-Asia, IBM & IBM Daksh Presentation Mr. Vinayak Godse, Director – Data Protection, DSCI Panelists Mr. Pradeep Verma, CISO, FirstSource Solutions Mr. Bhaskar Parashuram, Head – Information Security CoreLogic Mr. Agnelo D’souza, CISO, Kotak Mahindra Bank
1:15pm to 2:15pm		Networking Lunch
2:15pm to 2:30pm	Session III	DSCI – KPMG Annual Security Survey 2010 Mr. Akhilesh Tuteja, Executive Director, KPMG
2:30pm to 3:15pm	Session IV	Leveraging Cloud to deliver Security Services Session Chair Mr. Felix Mohan, CSO, Bharti Group Panelists Mr. Geoff Charron, VP Software Engineering, CA Technologies Mr. Prashant Gupta, Head of Solutions – India, Verizon Business Ms. Smitha Murthy, Head of Product Management, McAfee India
3:15pm to 4:00pm	Session V	Security 3.0 – Embedding Security in Design – Trusted Computing, Trusted Environment Session Chair Mr. P.S. Venkat Subramanyan, Head – Data Protection & Privacy, CSC India Panelists Mr. Mark Schiller, TCG Promoter Board Member, Director of HP Security Technology, Hewlett Packard Corp. Mr. Sanjay Bahl, CSO, Microsoft India Mr. Avinash Kadam, Lead Instructor, (ISC)2 and Director, MIEL e-Security Mr. Chris Leach, CISO, ACS Inc
4:00pm to 4:45pm	Session VI	Securing Business Transactions Session Chair Mr. B. Sambamurthy, Director, IDRBT Panelists Ms. Smitha Murthy, Head of Product Management, McAfee India Mr. Shankara Narayanan, Head – Professional Services, Verizon Business Mr. Kartik Shahani, Country Manager – India and SAARC, RSA
4:45pm to 5:00pm		Tea/Coffee Break
5:00pm to 6:00pm	Session VII	DSCI Study Reports Session Chair Mr. B J Srinath, DIT Presentations Theme Introduction – Rahul Jain, Sr. Consultant, DSCI Insider Threats – Sivarama K, Executive Director, PwC Service Provider Assessment Framework – Terry Thomas, Partner, E&Y Reasonable Security Practices – PVS Murthy, Global Head IRM Consulting Practice, TCS Security and Privacy Issues in Cloud Computing – Sai Lakshmi, General Manager, Information Security, Wipro
:30pm onwards		Networking Cocktail and Dinner
DAY 2		3-Dec-10
TIME	SESSION	AGENDA
9:30am to 10:30am	Session I	Economics of Security – ‘Business Flexibility’ and ‘Security & Investment’ in the wake of Cyber crime and expanding compliance regimes Session Chair Mr. Brian J. Manning, President and Managing Director, CSC India Panelists Mr. Laxmikanth Venkatraman, Head – India Operations, Broadridge Financial Solutions Mr. Kumar Rao, Global Head, Cards & Payments Practice, Tata Consultancy Services Prof. Anjali Kaushik, MDI Gurgaon
0:30am to 11:15am	Session II	Panel Discussion – DSCI Best Practices Advisory Group Session Chair Dr. Kamlesh Bajaj, CEO, DSCI Panelists Mr. B.J. Srinath, DIT Ms. Nandita Jain Mahajan, IBM Mr. Abhay Gupte, Deloitte Mr. Anurana Saluja, Infosys Mr. Rahul Biswari, HP Mr. Chalam Peddada, Fidelity
11:15am to 11:30am		Tea/Coffee Break
11:30am to 12:15pm	Session III	Evolution of Privacy in India – ITAA, UIDAI, Privacy Laws, Global Regulations Session Co-chairs Dr. Gulshan Rai, Director General, CERT-In Mr. Rajeev Kapoor, Joint Secretary, DoPT, Govt. of India Speakers Mr. Hitesh Barot, Director – Global Public Policy, Intel Corporation Mr. Sunil Abraham, Executive Director, Centre for Internet and Society Mr. Vakul Sharma, Advocate, Supreme Court of India Mr. Vikram Asnani, Sr. Consultant – Security Practices, DSCI
12:15pm to 12:30pm	Session IV	Deloitte’s India Security Survey Mr. Sundeep Nehra, Sr. Director, Deloitte
12:30pm to 1:30pm	Session V	Technology Challenges To Fight Data Breaches and Cyber Crimes: Collaboration through Public Private Partnerships – The Way Forward Moderator Mr. Pratap Reddy, Director, Cyber Security, NASSCOM Principal Speaker Mr. Michael West, Member of the Board, NCFTA (National Cyber-Forensics Training and Alliance), USA and Strategic Technology Investigator, Fidelity Investments Panelists Mr. Krishna Sastry Pendyala, Cyber Forensics Expert at GEQD, Central Forensics Sciences Laboratory, MHA, Government of India Dr. Srinivas Mukkamala, Sr. Research Scientist Institute for Complex Additive Systems Analysis (ICASA) Adjunct Faculty New Mexico Tech., USA and Advisor Cyber Security Works Pvt. Ltd. Mr. Anil Kona, Specialist and Sr. Manager, Analytics and Forensics Technologies, Deloitte Mr. Samir Datt, Founder CEO, Foundation Futuristic Technologies
1:30pm to 2:30pm		Networking Lunch
2:30pm to 3:15pm	Session VI	Security Technologies in Focus Session Chair Mr. Srikant Vissamsetti, Vice President – Network Security, McAfee India Panelists Mr. Prashant Gupta, Head of Solutions – India, Verizon Business Mr. Kartik Shahani, Country Manager – India and SAARC, RSA Ms. Rashmi Chandrashekar, Vice President, Accenture India
3:15pm to 4:00pm	Session VII	Making their Presence felt in the Security Market: Indian Vendors Session Chair Dr. Gulshan Rai, Director General – Cert-In, DIT Panelists Mr. Prakash Baskaran, CEO, Pawaa Software Mr. Ajay Data, CEO, Data Infosys Ltd Mr. Arnab Chattopadhyay, VP Technology, iViz Technosolutions Mr. Tushar Sighat, Vice President, Cyberoam – India and SAARC, Elitecore Technologies
4:00pm to 4:15pm		Tea/Coffee Break
4:15pm to 5:00pm	Session VIII	E-Security Strategy for the next 5 years – The Way Forward Session Chair Prof. N. Balakrishnan, Chairman, DSCI Panelists Dr. Gulshan Rai, Director General, CERT-In, DIT Mr. Kumar Ranganathan, Principal Engineer and Manager, Intel Labs Mr. Sanjay Bahl, CSO, Microsoft India Mr. Y.D. Wadaskar, Managing Director, WYSE Biometrics Systems Dr. Kamlesh Bajaj, CEO, DSCI
5:00pm to 5:15pm		Closing Remarks by DSCI

See the original here

For more details visit https://cis-india.org/news/security-summit

This Is All India Radia

praskrishna — 2011-04-02T07:28:26Z

Our news media blanked it out, but the Internet forced the issue, says Debarshi Dasgupta in an article published in the Outlook Magazine.

If you depend on just the Times of India or Hindustan Times for your daily news fix, chances are you have missed the story that has put Indian journalism under its fiercest gaze ever. For it turns out that a majority of Indian journalism censors news about its own indiscretions. After Open and Outlook magazine published transcripts of conversations between Niira Radia and high-profile journalists, much of the mainstream media erased the coverage about the controversy. Even the few papers and TV stations that covered the issue in the days to follow did not name names and avoided the meat of the story, hiding behind the sophistry of the transcripts being “unauthenticated”.

Among the few that did, The New Indian Express and Mail Today (it did not name a former editor at the group though) picked up pieces of the conversations and the Deccan Herald carried an editorial on November 22. Among the vernacular papers, Sakshi and Andhra Jyoti in Andhra carried some excerpts. The Malayalam news channel Asianet picked up the story, but the English news channels were deafeningly quiet. CNN-IBN had a show on November 22 that claimed to “break the silence” but neither identified the people involved nor featured the transcripts; instead it pontificated on where to draw the line between lobbying and journalism. G. Sampath, deputy editor at Daily News & Analysis, Mumbai, wrote on his blog, “What is really scary is that, despite living in a ‘democracy’ that boasts of a ‘free press’, if you were dependent only on TV and the big newspapers for the biggest news developments of the day, you would never have known about the Niira Radia tapes, and the murky role of media as political power brokers.”

Sevanti Ninan of The Hoot, an online media watch website, latched on to this “great media blackout”. “The list of those who took no note is long and illustrious: The Indian Express, always quick off the mark on sensational disclosures. The Hindu, The Times of India, Hindustan Times, India Today, all those Hindi news channels,” Sevanti wrote. “Not a story that three prominent journalists were trying to help a lobbyist get A. Raja a ministerial berth in the second upa government.” Filling the gap, the site has opened a forum to debate the ethical transgressions in the Radia tapes.

Despite its blackout in print, the story has largely survived because of the tremendous interest among India’s netizens. The news was also carried prominently online in The Wall Street Journal, The Washington Post and The Huffington Post. Blogs are abuzz with indignant reactions to this censorship. The ‘Radia Tapes Controversy’ is now even a rapidly evolving and fairly detailed Wikipedia entry. YouTube throws up 35 matches for Radia and Barkha (Dutt), with one video (a transcript of one of the conversations) viewed close to 72,000 times. There are also numerous Facebook groups with discussions on how to “fix” the media. Google Barkha Dutt and the engine throws up Niira Radia as a prompt. And there’s no dearth of tweets about “Barkhagate”—there are several every minute asking for these journalists to resign and some even call for them to be jailed. For some, especially among the Right, the controversy has come as a boon, lending credence to their argument that the “pseudo-secular” English media has sold its soul.

Finally, when the ToI reported online on November 25 about how the internet had kept the story alive, there were bursts of self-congratulatory messages and tweets exchanged online. For Sunil Abraham, executive director, Centre for Internet and Society, the Radia tapes controversy illustrates the “tension and disconnect” that exists between the internet and traditional media. “This is unlike on 26/11 when there was a kind of synergy between the two in their coverage,” he says. Yet Net users deserve some credit for having made the debate interactive and infusing it with a much-needed spunk and pluralism. “For me, the most exciting thing about the ‘Barkhagate’ controversy is not the internet’s influence on the attention economy,” adds Abraham. “It’s actually been its crowd-sourcing ability to bring together the intelligence of many amateurs from across the world and to put their insights into one collective analysis of the controversy.” While the Net, with just about 20 million users, is yet to rival the traditional media’s hold on India, the latter undoubtedly have a force it must now reckon with.

Read the original article in the Outlook

For more details visit https://cis-india.org/news/all-india-radia

The Niira Radia Tapes: Scrutinizing the Snoopers

praskrishna — 2011-04-02T07:29:21Z

There’s been plenty of outrage in India over taped phone calls between corporate lobbyist Niira Radia and local journalists, revealing what some people believe is evidence that star reporters at the country’s newspapers and TV channels are too cozy with the subjects they’re supposed to be reporting on.

Amid that firestorm, though, there’s been much less scrutiny of why and how the wiretaps happened in the first place, whether they were justified or a governmental overreach, and how these infamous tapes got from the government into the hands of media companies.

Here are just a few questions that merit more consideration: Who orders telephone surveillance in India and on what grounds? How often is it done? What protections are in place to ensure government officials don’t abuse their surveillance authority to settle scores with journalists, corporate officials or ordinary citizens they have a beef with?

The quick answer to all of these: India trusts its bureaucrats to do the right thing. The central government’s Home Secretary, along with some intelligence agencies and state officials, has the authority to approve wiretaps. Unlike in the U.S. and other countries, where investigators must generally obtain court warrants for surveillance to pursue matters ranging from drug-trafficking to insider trading, in India there is no such legal tradition or rule.

“There is no oversight infrastructure, either in parliament or in the judiciary,” said Sunil Abraham, executive director of the Bangalore-based Center for Internet and Society. There is only “post facto” protection in the sense that you can sue the government later if you feel you were wrongly wiretapped, he said.

According to local media reports, industrial giant Ratan Tata on Monday petitioned the Supreme Court over the leaking of the tapes, on which he is heard bantering with Ms. Radia (his lobbyist) about a range of topics related to the $70 billion Tata Group. The reports say he feels the episode violated his privacy and wants the leakers to be punished. (While there’s no explicit constitutional protection of privacy in India, the Supreme Court in some cases has held it is covered by Article 21 of the Constitution, which says, “No person shall be deprived of his life or personal liberty except according to procedure established by law.”)

A report in the Economic Times Monday said government is going to investigate the leak. A Home Ministry spokesman declined to comment on whether an inquiry has been launched but said India’s system of allowing a handful of security and intelligence officials to approve or deny wiretaps sufficiently guards Indian citizens’ privacy. “It isn’t an unchecked kind of thing, that anyone can just do it,” the spokesman said.

India draws its wiretap authority from a few laws, including the 1885 Telegraph Act and a separate information technology law enacted in 2000 and amended in 2008. The government can tap phones or intercept emails for reasons such as “any public emergency” or “in the interest of the public safety” – pretty broad language that gives a lot of leeway to bureaucrats, critics say.

A report in the Hindu last week claimed that more than 5,000 Indian phones are being bugged daily, citing anonymous sources. Mr. Abraham, of the Center for Internet and Society, says that breadth of surveillance in a country of 1.2 billion people wouldn’t be unreasonable. But his organization is planning a Right to Information request to find out more about the scope of government wiretapping.

The government may have had good reasons to conduct the wiretaps of Ms. Radia, which local media reports say were done by the income tax department for two four-month stints in 2008 and 2009, during which time they reportedly logged 5,851 calls.

The income tax agency hasn’t stated publicly what the rationale was and its officials declined to comment Monday.

Media reports suggest that the material was supposed to help probe the irregular allocation of mobile phone spectrum in 2008 to several Indian telecom firms. (The official in charge of that allocation, A. Raja, resigned as telecom minister Nov. 14 amid charges that he rigged the process to favor some companies over others.)

But much of the content in the several hours of so-called “2G tapes” that have leaked to Indian news organizations has little or nothing to do with taxes or 2G spectrum. There’s talk of the billionaire Ambani brothers’ natural gas pricing dispute, mining policy, a dog who is named Google because he is good at finding things, which corporate honchos are easy to get on the phone, and plenty of titillating exchanges between New Delhi’s power brokers on the politics of cabinet appointments. Some pretty top-notch gossip, in other words.

To be sure, the content on the tapes does raise disturbing and serious questions about whether some elements of the Indian media carry water for particular government ministers or corporations. And it pulls the veil back on how the titans of Indian business and politics shape policy away from the public spotlight, as Siddharth Varadarajan explained in Monday’s edition of the Hindu when he made a clever analogy to the movie The Matrix. (We’ve separately parsed the contents of some of the tapes for their potential significance.)

But it’s still worth asking tough questions about the legal and ethical foundations of wiretapping citizens, because, as Indian civil liberties expert Lawrence Liang said in an email, “if this can happen to a Nira Radia, then it can easily be used for a Nida Nobody.”

Update, 5:09 p.m.: “A Home Ministry spokesman confirmed the ministry has asked the Intelligence Bureau and Central Board of Direct Taxes to conduct a probe into the leak.”

Read the original in Wall Street Journal

For more details visit https://cis-india.org/news/niira-radia-tapes