We are anonymous, we are legion

Risk integration is key to better cybersecurity management

Dr. R. Seetharaman — 2019-03-03T06:26:44Z

Digital connectivity plays an anchor role in unlocking innovation and prosperity around the world, but increasing cyber threat is a roadblock to collective path of progress.

The article by Dr. R. Seetharaman was published in the Gulf Times on February 24, 2019.

The fourth industrial revolution, which combines advanced technologies in innovative ways, is set to dramatically reshape the way people live, work and relate to one another. As per Cybersecurity Ventures, the cybercrime will cost the world $6tn annually by 2021, this is up from $3tn in 2015.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, and theft of intellectual property, theft of personal and financial data, embezzlement, fraud, and post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

The work space is undergoing changes, robotics and artificial intelligence are going to play important roles and the customer will be more empowered in the digital environment. Data breaches in 2018 compromised the personal information of millions of people around the world.

The latest victims were Marriott hotels, which recently revealed that hackers had accessed the information of an estimated 500mn customers. Payment card information and personal data such as billing addresses, phone numbers and e-mails of British Airways were hacked. For Cathay Pacific, passenger data was accessed without authorisation. Centre for Internet and Society (CIS) also pointed out that about 130mn Aadhar numbers along with other sensitive data were available on the Internet.

The reason for the data leak was narrowed down to four government-run schemes ranging from National Social Assistance Programme by the Ministry of Rural Development, the National Rural Employment Guarantee Act (NREGA), also by the Ministry of Rural Development, Daily Online Payment Reports under NREGA by the government of Andhra Pradesh and the Chandranna Bima Scheme, also by the government of Andhra Pradesh.

The public and private partnership model should be adopted to face the challenges.

This can be done by establishing areas of common interest, supporting capacity building and resource pooling and developing benchmarks for resilience.

There are various reasons for cyber-attacks/data breach incidents – few of them are as follows. In effective vulnerability management, lack of security monitoring, human errors – accidental publishing, hacking, targeted attack, business e-mail compromise, phishing and social engineering attacks, inadequate encryption, on-adherence to strong password policy, state sponsored terrorism/attacks and corporate espionage.

The various cyber-attacks, which have left significant impact on global organisations. Institutions need to be more collaborative on security issues. Banks need to manage the change by redefining their business models to manage various stake holders such as customers, regulator and shareholders.

The involvement of the company’s board is required which should set the tone for enhancing security and determine whether the full board or a committee should have oversight responsibility.

Board of directors are starting to take note, particularly members of the audit committee, who list cyber security among their top concerns. Test effectiveness of existing security devices/ solutions and fine tune. Adopt new technologies such as artificial intelligence and machine learning to identify abnormal behaviour in networks.

Maintain IT system hygiene i.e., effective patching, hardening and baseline. Develop blue/red and purple teams to have balanced check on the vulnerability exploitation, effective threat monitoring and countermeasures. Develop cyber crisis management plan and establish breach response plan.

Qatar Central Bank has brought IT security strategy and technology risk circulars, which will provide directions for the banks to build their strategy while adopting advanced technologies.

It also took the initiative for formation of Banking CIRT (Critical incident response team), which will act as platform for sharing of security incidents and enable quick response for its members. The State of Qatar has brought cyber-crime prevention laws, data privacy law, monitoring bank websites and alert on probable cyber-attacks in the country.

“The GDPR becomes important in the light of all major banks and FIs in Qatar having their branches/offices where they are collecting personal information of EU resident customers and processing/storing such information in Qatar and EU.

The Qatar Data Privacy Law speaks about controls over the data in rest/processing/transmission and role & responsibilities of data processor/controller. “Risk integration is key towards cybersecurity management”.

For more details visit https://cis-india.org/internet-governance/news/gulf-times-february-24-2019-dr-r-seetharaman-risk-integration-is-key-to-better-cybersecurity-management

Any failure to resolve the Kashmir problem could lead the South Asia to a nuclear disaster

Admin — 2019-03-03T06:17:23Z

World Kashmir Awareness (WKA) Board in its meeting on February 23, 2019 regrets the death of 45 Indian soldiers recently killed at Pulwama, Kashmir.

The blog post was published in Kashmir Watch on February 25, 2019. Pranesh Prakash was quoted.

Further, WKA is saddened by the fast deteriorating human rights situation, particularly in the valley and Jammu. It calls up on Mr. Narendra Modi, the prime minister of India to address the human rights situation earnestly. We cannot escape the brazen disregard for the fundamental rights of Kashmiris shown by Prime Minister Modi and his most inhumane draconian apparatus in Kashmir. It is time that India joins the community of civilized nations and allows the people of Jammu and Kashmir to exercise the right of self –determination as agreed upon by both India and Pakistan, endorsed and accepted by the United Nations Security Council.

The gross human rights violations are documented by various international and impartial human rights agencies. A brief illustration of those violations are given below.

The crisis is so severe that the United Nations High Commissioner on Human Rights, for the first time in June 2018, released a report detailing atrocities committed [by the Indian occupation (uniformed) forces] in Kashmir. The report alludes to the special powers granted to the Indian occupation (security) forces allowing them total impunity. “No armed forces personnel have faced prosecution since the powers went into effect 28 years ago, and the authorities have made little effort to investigate various allegations, including reports of mass graves”, the report said. It criticized the Indian occupation forces, in particular, “for inflicting mass civilian casualties in response to escalating protests” and called for an “international investigation into these gross abuses”. The conflict “has robbed millions of their basic human rights and continues to this day to inflict untold suffering,” said the United Nations Human Rights Commissioner, while presenting the report.

Prior to this report, an Indian author Gautam Navlakha in his report “Internal War and Civil Rights: Disappearances in Jammu and Kashmir” in the Economic and Political Weekly, says that “The recent Amnesty International report examines the phenomenon of disappearances in Jammu and Kashmir. While some of the ‘missing’ may have crossed the border, by far the larger number have fallen victim to state terrorism – arrest, detention, torture and death at the hands of the security forces. Courts cannot provide much relief as court orders are ignored by bureaucrats and armed forces”.

In an interview published on August 28 2016, the South Asia Director of Human Rights Watch, Meenakshi Ganguly, while calling for the repeal of the Armed Forces Special Powers Act (AFSPA) and other draconian laws that provide Indian military and para-military immunity from prosecution, said the way “to persuade people to believe in rule of law is for the state to set an example by first and foremost, holding itself accountable.”

The interview was conducted at a time when 70 civilians had been killed, over 500 youth blinded by pellets in one or both eyes and over 5000 civilians injured by Indian rogue army in just 50 days immediately prior to the interview.

In a most despicable act, the rogue Indian Army does not even hesitate to use civilians in Kashmir as human shield. In its editorial entitled “Cruelty and Cowardice in Kashmir”, New York Times in April, 2017 wrote “Members of India’s armed forces reached a new low in the long history of alleged human rights abuses in the Indian state of Jammu and Kashmir when they beat and then tied a 24-year-old shawl weaver named Farooq Ahmad Dar to the front of a jeep on April 9, using him as a human shield against stone-throwing crowds”.

The New York Times reported that many in India expressed shock and revulsion on this report. Yet “large sections of India’s booming news media — some editors, some columnists — openly celebrated what could well be a violation of the Geneva Conventions”. India’s attorney general defended the use of human shields, praising the officer who made the decision. The army should be applauded, he said. The report went on to say that “A judge on India’s Armed Forces Tribunal, which hears court-martial appeals, tweeted that it was “an innovative idea.” Mr. Ahmad was turned into a war cry on prime-time television and on social media. Such is the status of Indian Democracy!?

During the same period, as Mr. Modi was going around the world projecting the “Greatness of India”, The Washington Post reported banning of 22 social media sites in Indian controlled Kashmir. Pranesh Prakash, policy director for the Indian advocacy group the Center for Internet and Society, called the ban a “blow to freedom of speech” and “legally unprecedented in India.”

And, where is Mr. Modi’s outrage regarding the ‘Dead Eyes’ Epidemic in Kashmir brought on by the use of lead pellets by his “courageous soldiers”, as reported by international press. In less than two months (July-August 2016), New York Times reported that “more than 570 patients have reported to Srinagar’s main government hospital with eyes ruptured by lead pellets, sometimes known as birdshot, fired by [Indian] occupation (security) forces armed with pump-action shotguns…..The patients have mutilated retinas, severed optic nerves, irises seeping out like puddles of ink”. The victim even includes recent victim an 18-month old toddler. “2016 will almost certainly be remembered as the year of dead eyes.”

Commenting on “Kashmir in Crisis”, The Editorial Board of New Times, yet again wrote that a “major cause of the uprising is the resentment among Kashmiri youths who have come of age under an Indian security apparatus that acts against civilians with impunity. Kashmir is subject to India’s Armed Forces Special Powers Act, or AFSPA, which grants the military wide powers to arrest, shoot to kill, occupy or destroy property. The result is a culture of brutal disdain for the local population.”

The Board trusts that the involvement of the international community, particularly the world powers in this matter will bring its influence to bear on both India and Pakistan to initiate a peace process with which the United Nations as well as the accredited leadership of the people of Jammu & Kashmir will be associated so as to ensure that settlement arrived at will be based on the principles of justice.

Lastly, the Board urges the Secretary General of the United Nations to bring this matter to the attention of the Security Council. Whether this could be done successfully depends on the attitudes and policies of the permanent members, but they should be left in no doubt that any failure to resolve the problem could lead the South Asian Subcontinent to a nuclear disaster, with incalculable consequences for the whole world.

For more details visit https://cis-india.org/internet-governance/news/kashmir-watch-february-25-2019-any-failure-to-resolve-the-kashmir-problem-could-lead-the-south-asia-to-a-nuclear-disaster

Participation in the meeting of BIS LITD 17

Admin — 2019-03-03T06:12:01Z

Gurshabad Grover participated in the fifteenth meeting of the Information Systems Security and Biometrics Sectional Committee (LITD 17) of the Bureau of Indian Standards (BIS), which was conducted online on February 26.

Some of the things we discussed included:

Participation of committee members at the ISO level in SC 27 'IT Security Techniques' working groups.
Update from the last SC 27 working group meetings (I updated the committee with some standards I was tracking and my participation as co-rapporteur in the 'Impact of AI on Privacy' study period).
Participation in the next SC 27 working group meetings, which will be held in April (where I will be participating in WG 1 'Information Security Management Systems' and WG 5 'Identity management and privacy technologies' meetings).

For more details visit https://cis-india.org/internet-governance/news/participation-in-the-meeting-of-bis-litd-17

Over 30 organisations, industry bodies oppose proposal to ban vape content

praskrishna — 2019-03-03T05:49:54Z

More than 30 organisations and industry bodies, including Ficci, CII and the Cellular Operators Association of India, have written to the Electronics and IT Ministry (MeitY), urging it not to ban online content related to the Electronic Nicotine Delivery Systems (ENDS).

The article by Press Trust of India was carried in the Times of India on February 28, 2019.

Other major organisations supporting this include Asia Internet Coalition, Broadband India Forum, Internet Freedom Foundation, Data Security Council of India, Heart Care Foundation of India, and The Centre for Internet and Society.

The draft amendment to the intermediary guidelines rules proposes new regulations for intermediaries (digital platforms), including a clause on banning online content that promotes ENDS.

These entities, in a statement on Thursday, said citizens have the right to access information on safer alternatives to smoking. The submissions form part of the 609-page document.

"...(These) organisations have opposed the ban on content related to ENDS citing overstepping of IT ministry's jurisdiction, violation of consumer rights, no legal backing for the action and use of vague terminology that can lead to misinterpretation and overregulation," it added.

Vape refers to electronic cigarettes or similar devices that simulate the experience of smoking a cigarette.

The statement quoted Association of Vapers India Director Samrat Chowdhery as saying that it is encouraging that many organisations concerned with public health have sought removal of the proposed ban on ENDS content.

"India is reeling under a tobacco epidemic which causes nearly a million deaths a year. We stated in our submission that denying people access to information on safer alternatives will, therefore, be highly detrimental and in violation of Article 21 of our constitution," he added.

The Data Security Council of India (DSCI), a Nasscom initiative, said the terms and expressions used are ambiguous and may be deemed unconstitutional.

Amnesty India said it "is concerned that the rules use vague and overly broad terms to identify expression that can be restricted, going well beyond both Indian and international human rights standards on freedom of expression". SR SR HRS

For more details visit https://cis-india.org/internet-governance/news/times-of-india-pti-february-28-2019-over-30-organisations-industry-bodies-oppose-proposal-to-ban-vape-content

Feminist Internet Research Network (FIRN) Convening Design

Admin — 2019-03-01T01:08:54Z

Ambika Tandon attended a workshop organized by Association for Progressive Communications for grantees of the Feminist Internet Research Network as a panelist on a session on feminist research methods.. The workshop was held from 27 February to 1 March, in Malaysia. Represented from 8 organizations attended the workshop.

Objectives of the convenining

To inaugurate a network of feminist researcher in the field of digital technology for ongoing collaboration, advice and active solidarity.
To start trust building within the network through shared values and plot how it will work and how it will expand.
To facilitate exchange of learnings and capacity building among the network members and other resource persons, in particular.
To facilitate peer-feedback, collaboration and interdisciplinary discussions on research design, methodologies and research plans of the selected projects and other resource persons.
To get feedback on overall FIRN project research methodology/design.
To explore new and innovative methods, as well as get understand key developments and challenges in more established ways of collecting and analysing data in the four areas of the research initiative.

For more information click here

For more details visit https://cis-india.org/internet-governance/news/firn-convening-design

OWASP Seasides Conference

Admin — 2019-03-07T23:53:47Z

Karan Saini attended the OWASP Seasides security conference held on February 27 and 28, 2019 at Cavelossim, Goa. The event was organized by OWASP Seasides.

For conference details click here.

For more details visit https://cis-india.org/internet-governance/news/owasp-seasides-conference

February 2019 Newsletter

Admin — 2019-03-14T16:40:12Z

Our newsletter for February month below.

The CIS newsletter aims to highlight developments in copyright and patent, free speech and expression, privacy, cyber security, telecom, etc. as well as Industry 4.0, big data, additive manufacturing and so on which are revolutionizing and moving the digital world forward. Through this newsletter we look to engage you with our research and build a strong bond by bringing you insightful articles and blog posts which will be beneficial for you and your business. Throughout the year we will send you stories and insights from our board, staff and community leaders. We welcome your feedback, suggestions or comments regarding our newsletter or any other aspect of our research.

Highlights for February 2019

Maharashtra is a state which is rich in diversity in terms of language and culture seen in its various regions such as Konkan, Marathwada, Western Maharashtra, Northern Maharashtra and Vidarbha. Awareness needs to be created to make Wikimedia movement inclusive and diverse in these geographical regions as well as in their social strata. Keeping this in view CIS-A2K conducted five workshops in different parts of the state.
Marathi language department of Goa University has initiated the process to document the culture of Goa on Marathi Wikipedia and Commons. Subodh Kulkarni reports this in a blog entry.
Khetrimayum Monish Singh and Rajiv K. Mishra co-authored a research paper which was presented at the Young Scholars International Conference on “Margins and Connections,” organised by the Special Centre for the Study of North East India, Jawaharlal Nehru University, on February 7-8, 2019.
Following consultations with data protection, civil society, industry and others, during the Cybercrime Convention Committee (T-CY) meeting from 29 November 2018 onwards, the Cybercrime Convention Committee had sought additional contributions regarding the provisional draft text for a Second Additional Protocol to the Budapest Convention on Cybercrime (“Budapest Convention”). Vipul Kharbanda submitted comments on behalf of CIS.
CIS responded to the call for submissions from the UN Special Rapporteur on Freedom of Speech and Expression. The submission was on the Surveillance Industry and Human Rights.
CIS and University of Munich, Germany are co-organizing an event 'Internet Speech: Perspectives on Regulation and Policy' at India Habitat Centre on April 5, 2019.
Akriti Bopanna on behalf of CIS provided comments on the proposed draft of ICANN’s FY20 Operating Plan and Budget along with their Five-Year Operating Plan Update.
Harsh Bajpai, Ambika Tandon, and Amber Sinha have co-authored a case study 'The Future of Work in the Automotive Sector in India'. The case study highlights the impact of technologies such as artificial intelligence, industry 4.0, internet of things, and so on at industry workplace. The case study was edited by Rakhi Sehgal. Manav Mehta provided research assistance.
In a response to the Draft of The Information Technology [Intermediary Guidelines (Amendment) Rules] 2018, CIS examined whether the draft rules meet tests of constitutionality and whether they are consistent with the parent Act. The submission also examined potential harms that may arise from the Rules as they are currently framed and make recommendations to the draft rules that may enable government to meet its objectives while remaining situated within the constitutional ambit.
A UN high-level panel on Digital Cooperation issued a call for inputs that called for responses to various questions. CIS responded to the call for inputs. The response was drafted by Aayush Rathi, Ambika Tandon, Arindrajit Basu and Elonnai Hickok.

CIS and the News

The following news pieces were authored by CIS and published on its website in January:

Data Infrastructures and Inequities: Why Does Reproductive Health Surveillance in India Need Our Urgent Attention? (Aayush Rathi and Ambika Tandon; EPW Engage , Vol. 54, Issue No. 6, February 9, 2019).
Intermediary liability law needs updating (Sunil Abraham; Business Standard; February 9, 2019).
Resurrecting the marketplace of ideas (Arindrajit Basu; Hindu Businessline; February 22, 2019).
What I learned from going offline for 48 hours (Nishant Shah; Indian Express; February 24, 2019).

CIS in the News

CIS was quoted in these news articles published elsewhere:

Civil Liberties Groups Warn Proposed EU 'Terrorist Content' Rule a Threat to Democratic Values (Jessica Corbett; Common Dreams; February 5, 2019).
‘Willing to participate, but need more time’: Twitter on parliamentary panel hearing (Smriti Kak Ramachandran and Vidhi Choudhary; February 10, 2019).
What the government's draft IT intermediary guidelines say (Abhijit Ahaskar; Livemint; February 12, 2019).
Make our digital backyard safe (Nilanjana Bhowmick; Economic Times; February 13, 2019).
Even years later, Twitter doesn't delete your direct messages (Zack Whittaker and Natasha Lomas; Tech Crunch; February 15, 2019).
Are RSS's fears about Tik Tok true? Here's what you should know (Economic TimZack Whittaker and Natasha Lomases; February 20, 2019). Also published in Moneycontrol News on the same day.
Risk integration is key to better cybersecurity management (Dr. R. Seetharaman; Gulf Times; February 24, 2019).
Any failure to resolve the Kashmir problem could lead the South Asia to a nuclear disaster (Kashmir Watch; February 25, 2019).
Over 30 organisations, industry bodies oppose proposal to ban vape content (Times of India; February 28, 2019).
.

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Wikipdedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Marathi Wikipedia Workshop & 1lib1ref session at Goa University (Subodh Kulkarni; February 1, 2019).
Marathi Language Fortnight Workshops 2019 (Subodh Kulkarni February 26, 2019).

Media Coverage

Goa University students update ‘Goa’ Marathi articles on Wikipedia (Times of India; February 20, 2019).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Cyber Security

Submission

Comments on the Draft Second Protocol to the Convention on Cybercrime (Budapest Convention) (Vipul Kharbanda; February 25, 2019).

Privacy

Submissions

CIS Submission to UN High Level Panel on Digital Cooperation (Aayush Rathi, Ambika Tandon, Arindrajit Basu and Elonnai Hickok; February 7, 2019).
CIS Submission to the UN Special Rapporteur on Freedom of Speech and Expression: Surveillance Industry and Human Rights (Elonnai Hickok, Arindrajit Basu, Gurshabad Grover, Akriti Bopanna, Shweta Mohandas and Martyna Kalvaityte; February 20, 2019).

Participation in Event

BIS LITD 17 (Organized by the Bureau of Indian Standards; February 26, 2019). Gurshabad Grover participated in the meeting conducted online.

Gender

Workshop Organized

Unbox Festival 2019: CIS organizes two Workshops (Organized by CIS; Bangalore; February 15 - 17, 2019). CIS organized two workshops on What is your Feminist Infrastructure Wishlist? and AI for Good.

Participation in Events

Imagine a Feminist Internet: Research, Practice and Policy in South Asia (Organized by Internet Democracy Project and Point of View; Sri Lanka; February 21 - 22, 2019). Ambika Tandon was a speaker and presented a paper 'Framing Reproductive Health as a Data Problem? Unpacking ‘Dataveillance’ in India' which was co-authored by herself and Aayush Rathi.
Feminist Internet Research Network (FIRN) Convening Design (Organized by Association for Progressive Communications; Malaysia; February 27 - March 1, 2019). Ambika Tandon attended the event.

Free Speech and Expression

Submissions

Response to the Draft of The Information Technology [Intermediary Guidelines (Amendment) Rules] 2018 (Gurshabad Grover, Elonnai Hickok, Arindrajit Basu and Akriti Bopanna; February 7, 2019).
CIS Comment on ICANN's Draft FY20 Operating Plan and Budget (Akriti Bopanna; February 12, 2019).

Upcoming Event

Internet Speech: Perspectives on Regulation and Policy (Organized by CIS and the University of Munich (LMU), Germany; India Habitat Centre, New Delhi; April 5, 2019).

Participation in Event

Webinar on counter-comments to the draft Intermediary Guidelines (Organized by CCAOI and the ISOC Delhi Chapter; February 11, 2019). Gurshabad Grover attended the event.

Artificial Intelligence

Case Study

The Future of Work in the Automotive Sector in India (Harsh Bajpai, Ambika Tandon and Amber Sinha; February 8, 2019). Case study was edited by Rakhi Sehgal.

Participation in Event

2019 International Asia Conference (Organized by ITECHLAW; Bangalore; January 31 - February 1, 2019). Sunil Abraham was a panelist in the session "Policy Making for the Emerging Tech in India".

Researchers at Work (RAW)

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Research Paper

Media Infrastructures and Digital Practices: Case Studies from the North East of India (Khetrimayum Monish Singh; February 5, 2019).

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/february-2019-newsletter

Imagine a Feminist Internet: Research, Practice and Policy in South Asia

Admin — 2019-02-27T01:52:55Z

Internet Democracy Project and Point of View co-organized a two-day Imagine a Feminist Internet event in Sri Lanka on 22011 and 22 February 2019. Ambika Tandon was a speaker and presented a paper 'Framing Reproductive Health as a Data Problem? Unpacking ‘Dataveillance’ in India' which was co-authored by herself and Aayush Rathi.

The panel also had a presentation by Dr. Anja Kovacs, and was moderated by Eva Blum-Dumontet from Privacy International. Ambika also participated in a committee that drafted a declaration for policymakers based on the presentations at the conference, which is yet to be finalised. The agenda can be seen here.

For more details visit https://cis-india.org/internet-governance/news/imagine-a-feminist-internet-research-practice-and-policy-in-south-asia

Comments on the Draft Second Protocol to the Convention on Cybercrime (Budapest Convention)

vipul — 2019-02-25T16:48:18Z

Following consultations with data protection, civil society, industry and others, during the Cybercrime Convention Committee (T-CY) meeting from 29 November 2018 onwards, the Cybercrime Convention Committee has sought additional contributions regarding the provisional draft text for a Second Additional Protocol to the Budapest Convention on Cybercrime (“Budapest Convention”).

The Centre for Internet and Society, (“CIS”), is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, artificial intelligence, freedom of expression, and cyber-security. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the rights of stakeholders. CIS is thankful to the Cybercrime Convention Committee for this opportunity to provide feedback to the Draft.

The draft text addresses three issues viz. language of requests, emergency multilateral cooperation and taking statements through video conferencing. Click to download the entire submission here.

For more details visit https://cis-india.org/internet-governance/blog/vipul-kharbanda-february-25-2019-comments-on-draft-second-protocol-to-convention-on-cybercrime-budapest-convention

Resurrecting the marketplace of ideas

basu — 2019-02-22T02:18:53Z

There is no ‘silver bullet’ for regulating content on the web. It requires a mix of legal and empirical analysis.

The article by Arindrajit Basu was published in Hindu Businessline on February 19, 2019.

A century after the ‘marketplace of ideas’ first found its way into a US Supreme Court judgment through the dissenting opinion of Justice Oliver Wendell Holmes Jr (Abrams v United States, 1919), the oft-cited rationale for free speech is arguably under siege.

The increasing quantity and range of online speech hosted by internet platforms coupled with the shock waves sent by revelations of rampant abuse through the spread of misinformation has lead to a growing inclination among governments across the globe to demand more aggressive intervention by internet platforms in filtering the content they host.

Rule 3(9) of the Draft of the Information Technology [Intermediary Guidelines (Amendment) Rules] 2018 released by the Ministry of Electronics and Information Technology (MeiTy) last December follows the interventionist regulatory footsteps of countries like Germany and France by mandating that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.”

Like its global counterparts, this rule, which serves as a pre-condition for granting immunity to the intermediary from legal claims arising out of user-generated communications, might not only have an undue ‘chilling effect’ on free speech but is also a thoroughly uncooked policy intervention.

Censorship by proxy

Rule 3(9) and its global counterparts might not be in line with the guarantees enmeshed in the right to freedom of speech and expression for three reasons. First, the vague wording of the law and the abstruse guidelines for implementation do not provide clarity, accessibility and predictability — which are key requirements for any law restricting free speech .The NetzDG-the German law, aimed at combating agitation and fake news, has attracted immense criticism from civil society activists and the UN Special Rapporteur David Kaye on similar grounds.

Second, as proved by multiple empirical studies across the globe, including one conducted by CIS on the Indian context, it is likely that legal requirements mandating that private sector actors make determinations on content restrictions can lead to over-compliance as the intermediary would be incentivised to err on the side of removal to avoid expensive litigation.

Finally, by shifting the burden of determining and removing ‘unlawful’ content onto a private actor, the state is effectively engaging in ‘censorship by proxy’. As per Article 12 of the Constitution, whenever a government body performs a ‘public function’, it must comply with all the enshrined fundamental rights.

Any individual has the right to file a writ petition against the state for violation of a fundamental right, including the right to free speech.

However, judicial precedent on the horizontal application of fundamental rights, which might enable an individual to enforce a similar claim against a private actor has not yet been cemented in Indian constitutional jurisprudence.

This means that any individual whose content has been wrongfully removed by the platform may have no recourse in law — either against the state or against the platform.

Algorithmic governmentality

Using automated technologies comes with its own set of technical challenges even though they enable the monitoring of greater swathes of content. The main challenge to automated filtering is the incomplete or inaccurate training data as labelled data sets are expensive to curate and difficult to acquire, particularly for smaller players.

Further, an algorithmically driven solution is an amorphous process.

Through it is hidden layers and without clear oversight and accountability mechanisms, the machine generates an output, which corresponds to assessing the risk value of certain forms of speech, thereby reducing it to quantifiable values — sacrificing inherent facets of dignity such as the speaker’s unique singularities, personal psychological motivations and intentions.

Possible policy prescriptions

The first step towards framing an adequate policy response would be to segregate the content needing moderation based on the reason for them being problematic.

Detecting and removing information that is false might require the crafting of mechanisms that are different from those intended to tackle content that is true but unlawful, such as child pornography.

Any policy prescription needs to be adequately piloted and tested before implementation. It is also likely that the best placed prescription might be a hybrid amalgamation of the methods outlined below.

Second, it is imperative that the nature of intermediaries to which a policy applies are clearly delineated. For example, Whatsapp, which offers end-to-end encrypted services would not be able to filter content in the same way internet platforms like Twitter can.

The first option going forward is user-filtering, which as per a recent paper written by Ivar Hartmann, is a decentralised process, through which the users of an online platform collectively endeavour to regulate the flow of information.

Users collectively agree on a set of standards and general guidelines for filtering. This method combined with an oversight and grievance redressal mechanism to address any potential violation may be a plausible one.

The second model is enhancing the present model of self-regulation. Ghonim and Rashbass recommend that the platform must publish all data related to public posts and the processes followed in a certain post attaining ‘viral’ or ‘trending’ status or conversely, being removed.

This, combined with Application Programme Interfaces (APIs) or ‘Public Interest Algorithms’, which enables the user to keep track of the data-driven process that results in them being exposed to a certain post, might be workable if effective pilots for scaling are devised.

The final model that operates outside the confines of technology are community driven social mechanisms. An example of this is Telengana Police Officer Remi Rajeswari’s efforts to combat fake news in rural areas by using Janapedam — an ancient form of story-telling — to raise awareness about these issues.

Given the complex nature of the legal, social and political questions involved here, the quest for a ‘silver-bullet’ might be counter-productive.

Instead, it is essential for us to take a step back, frame the right questions to understand the intricacies in the problems involved and then, through a mix of empirical and legal analysis, calibrate a set of policy interventions that may work for India today.

For more details visit https://cis-india.org/internet-governance/blog/hindu-businessline-february-19-2019-arindrajit-basu-resurrecting-the-marketplace-of-ideas

Are RSS's fears about Tik Tok true? Here's what you should know

Admin — 2019-02-22T02:13:35Z

Swadeshi Jagran Manch has flagged security, business and social risks posed by Chinese apps such as TikTok. The RSS fears may not be totally unfounded.

The article was published in Economic Times on February 20, 2019. Shweta Mohandas was quoted. The story was also published by Moneycontrol News.

Should India let Chinese social media apps and telecom companies proliferate in India? Swadeshi Jagran Manch (SJM), the economic wing of the Rashtriya Swayamsevak Sangh has written to Prime Minister Narendra Modi for a ban on these Chinese companies.

The statement comes days after the Pulwama attack by terrorists of Jaish-e-Muhammad (JeM). China has repeatedly helped Pakistan by blocking India’s efforts to get Pakistan-based JeM chief Masood Azhar listed by the UN Security Council as a global terrorist.

SJM has flagged security, business and social risks posed by Chinese apps such as hugely popular TikTok.

The RSS fears may not be totally unfounded.

TikTok, Kwai and LIKE have been downloaded by millions of smartphone users in small town India who are using them to share personal videos, away from the glare of scrutiny that falls on more mainstream social media platforms.

In November last year, ET reviewed more than 20 Chinese video apps that dominate the mobile entertainment network of tier-2 and tier-3 cities mostly thanks to titillating videos, suggestive notifications, risqué humour and raunchy content.

The Chinese apps pose several potential risks, Swetha Mohandas, policy officer at the Center for Internet and Society, an advocacy group, told ET in November last year. “The draft DP (data protection) Bill in the current stage provides greater responsibility on data fiduciaries to maintain the privacy of the individual and the security of the data,” she said. “There are a lot of questions that these apps pose with respect to the Bill, some of them being the security, the data storage provision, the personal data of children, and most importantly that these apps might have recordings that might be sensitive personal data.”

Most of these apps including TikTok explicitly state that though they have appropriate technical and organisational measures in place, “they cannot guarantee the security of your information transmitted through the platform”.

TikTok, the popular lip-sync app, is filled with 15-second clips of meme-friendly content featuring its youthful users miming to their favourite songs. The videos range from the harmless to the explicit, depending upon the users followed. The app has gone viral, having racked up close to 100 million downloads and with 20 million monthly active users in India.

While all such apps carry a disclaimer stating that they are not directed at children, their target audience encompasses preteens and adolescents in tier-2 and tier-3 cities, according to experts.

Despite the rapidly growing user base, apps like TikTok don’t have a grievance redressal officer in India. The government is insisting on this for all major social media platforms.

In its letter to the PM, SJM said it was the duty of all Indians to take steps to prevent the economic gains of any nation or individual that directly or tacitly supports terrorists.

Referring to India putting economic pressure on Pakistan, SJM said, “At such a time, we believe it is imperative that the government create similar hurdles for Chinese companies that are using India for their economic gain. As has been said often, data is now considered the new oil. We should not allow Chinese companies to capture Indian user data without any restrictions and monitoring.”

Bytedance's response: TikTok and Helo are committed to respecting local laws and regulations as well as maintaining a safe and positive in-app environment for our users in India. There is no basis for the factually incorrect claims raised by certain groups recently. We treat the safety and security of our user data very seriously. Moreover, we have robust measures to protect users against misuse, including easy reporting mechanisms that enable users and law enforcement to report content that violates our terms of use and community guidelines.

For more details visit https://cis-india.org/internet-governance/news/economic-times-february-20-2019-are-rss-fears-about-tik-tok-true

Webinar on counter-comments to the draft Intermediary Guidelines

Admin — 2019-02-22T01:51:19Z

CCAOI and the ISOC Delhi Chapter organised a webinar on February 11 to discuss the comments submitted to the Information Technology [Intermediary Guidelines (Amendment) Rules] 2018, and counter-comments that were due by February 14.

The agenda of the discussion was:

A brief introduction to the counter comment process [Shashank Mishra]
Invited stakeholders comment on key issues and perspectives on the submissions and the points to be countered.

The following people participated:

Amba Kak, Mozilla
Rajesh Chharia, ISPAI
Gurshabad Grover, CIS
Priyanka Chaudhari, SFLC
Divij Joshi, Vidhi Centre for Legal Policy

For more details visit https://cis-india.org/internet-governance/news/webinar-on-counter-comments-to-the-draft-intermediary-guidelines

CIS Submission to the UN Special Rapporteur on Freedom of Speech and Expression: Surveillance Industry and Human Rights

2019-02-20T10:48:24Z

CIS responded to the call for submissions from the UN Special Rapporteur on Freedom of Speech and Expression. The submission was on the Surveillance Industry and Human Rights.

CIS is grateful for the opportunity to submit the United Nations (UN) Special Rapporteur on call for submissions on the surveillance industry and human rights.1 Over the last decade, CIS has worked extensively on research around state and private surveillance around the world. In this response, individuals working at CIS wish to highlight these programs, with a special focus on India.

The response can be accessed here.

For more details visit https://cis-india.org/internet-governance/blog/cis-submission-to-the-un-special-rapporteur-on-freedom-of-speech-and-expression-surveillance-industry-and-human-rights

Civil Liberties Groups Warn Proposed EU 'Terrorist Content' Rule a Threat to Democratic Values

Admin — 2019-02-19T00:49:00Z

Requiring filtering tools would be "a gamble with European Internet users' rights to privacy and data protection, freedom of expression and information, and non-discrimination and equality before the law."

The blog post by Jessica Corbett was published by Common Dreams on February 5, 2019. Centre for Internet & Society was a signatory.

Dozens of human rights groups and academics have signed on to an open letter (pdf) raising alarm about the European Union's proposed Regulation on Preventing the Dissemination of Terrorist Content Online, warning that its call for Internet hosts to employ "proactive measures" to censor such content "will almost certainly lead platforms to adopt poorly understood tools" at the expense of democratic values across the globe.

One of those tools is the Hash Database developed by Facebook, YouTube, Microsoft, and Twitter. The 13 companies that use the database—which supposedly contains 80,000 images and videos—can automatically filter out material deemed "extreme" terrorist content. However, as the letter explains, "almost nothing is publicly known about the specific content that platforms block using the database, or about companies' internal processes or error rates, and there is insufficient clarity around the participating companies' definitions of 'terrorist content.'"

"Countering terrorist violence is a shared priority, and our point is not to question the good intentions of the database operators. But lawmakers and the public have no meaningful information about how well the database or any other existing filtering tool serves this goal, and at what cost to democratic values and individual human rights," notes the letter, whose signatories include the American Civil Liberties Union (ACLU), the Brennan Center for Justice, the Electronic Frontier Foundation (EFF), and the European Digital Rights (EDRi).

As an EDRi statement outlines, among the groups' main concerns are the following:

Lack of transparency of how the database works, and its effectiveness, proportionality, and appropriateness to achieve the goals the Terrorist Content Regulation aims to achieve;
How filters are unable to understand the context and therefore they are error-prone; and
Regardless of the possibility of filters to be accurate in the future, the pervasive online monitoring on disadvantaged and marginalized individuals.

Given the uncertainties over the effectiveness and societal costs of such tools, the letter charges that "requiring all platforms to use black-box tools like the database would be a gamble with European Internet users' rights to privacy and data protection, freedom of expression and information, and non-discrimination and equality before the law."

With those fundamental rights under threat, the groups are calling on members of the European Parliament "to reject proactive filtering obligations; provide sound, peer-reviewed research data supporting policy recommendations and legal mandates around counter-terrorism; and refrain from enacting laws that will drive Internet platforms to adopt untested and poorly understood technologies to restrict online expression."

Read the full letter:

Dear Members of the European Parliament,

The undersigned organizations write to share our concerns about the EU’s proposed Regulation on Preventing the Dissemination of Terrorist Content Online, and in particular the Regulation’s call for Internet hosts to use “proactive measures” to detect terrorist content. We are concerned that if this Regulation is adopted, it will almost certainly lead platforms to adopt poorly understood tools, such as the Hash Database referenced in the Explanatory Memorandum to the Regulation and currently overseen by the Global Internet Forum to Counter Terrorism. Countering terrorist violence is a shared priority, and our point is not to question the good intentions of the Database operators. But lawmakers and the public have no meaningful information about how well the Database or any other existing filtering tool serves this goal, and at what cost to democratic values and individual human rights. We urge you to reject proactive filtering obligations; provide sound, peer-reviewed research data supporting policy recommendations and legal mandates around counter-terrorism; and refrain from enacting laws that will drive Internet platforms to adopt untested and poorly understood technologies to restrict online expression.

The Database was initially developed by Facebook, YouTube, Microsoft, and Twitter as a voluntary measure, and announced to the public in 2016. It contains digital hash “fingerprints” of images and4videos that platforms have identified as “extreme” terrorist material, based not on the law but on their own Community Guidelines or Terms of Service. The platforms can use automated filtering tools to identify and remove duplicates of the hashed images or videos. As of 2018, the Database was said to contain hashes representing over 80,000 images or videos. At least thirteen companies now use the Database, and some seventy companies have reportedly discussed adopting it.

Almost nothing is publicly known about the specific content that platforms block using the Database, or about companies’ internal processes or error rates, and there is insufficient clarity around the participating companies’ definitions of “terrorist content.” Furthermore, there are no reports about how many legal processes or investigations were opened after the content was blocked. This data would be crucial to understand to what extent the measures are effective and necessary in a democratic society, which are some of the sine qua non requisites for restrictions of fundamental rights. We do know, however, of conspicuous problems that seemingly result from content filtering gone awry. The Syrian Archive, a civil society organization preserving evidence of human rights abuses in Syria, for example, reports that YouTube deleted over 100,000 of its videos. Videos and other content which may be used in one context to advocate terrorist violence may be essential elsewhere for news reporting, combating terrorist recruitment online, or scholarship. Technical filters are blind to these contextual differences. As three United Nations special rapporteurs noted in a December 2018 letter, this problem raises serious concerns about free expression rights under the proposed Regulation. It is far from clear whether major platforms like YouTube or Facebook adequately correct for this through employees’ review of filtering decisions—and it seems highly unlikely that smaller platforms could even attempt to do so, if required to use the Database or other filtering tools.

Failures of this sort seriously threaten Internet users’ rights to seek and impart information. The pervasive monitoring that platforms carry out in order to filter users’ communications also threatens privacy and data protection rights. Moreover, these harms do not appear to be equally distributed, but instead disproportionately disadvantage individual Internet users based on their ethnic background, religion, language, or location—in other words, harms fall on users who might already be marginalized. More extensive use of the Database and other automated filtering tools will amplify the risk of harms to users whose messages and communications about matters of urgent public concern may be wrongly removed by platforms. The United Nations Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism has expressed concern about this lack of clarity, and said that Facebook’s rules for classifying organizations as terrorist are “at odds with international humanitarian law”.

Due to the opacity of the Database’s operations, it is impossible to assess the consequences of its nearly two years of operation. The European public is being asked to rely on claims by platforms or vendors about the efficacy of the Database and similar tools—or else to assume that any current problems will be solved by hypothetical future technologies or untested, post-removal appeal mechanisms. Such optimistic assumptions cannot be justified given the serious problems researchers have found with the few filtering tools available for independent review. Requiring all platforms to use black-box tools like the Database would be a gamble with European Internet users’ rights to privacy and data protection, freedom of expression and information, and non-discrimination and equality before the law. That gamble is neither necessary nor proportionate as an exercise of state power.

EU institutions’ embrace of the database and other filtering tools will also have serious consequences for Internet users all over the world, including in countries where various of the undersigned organizations work to protect human rights. For one thing, when platforms filter a video or image in response to a European authority’s request, it will likely disappear for users everywhere—even if it is part of critical news reporting or political discourse in other parts of the world. For another, encoding proactive measures to filter and remove content in an EU regulation gives authoritarian and authoritarian-leaning regimes the cover they need to justify their own vaguely worded and arbitrarily applied anti-terrorism legislation. Platforms that have already developed content filtering capabilities in order to comply with EU laws will find it difficult to resist demands to use them in other regions and under other laws, to the detriment of vulnerable Internet users around the globe. Your decisions in this area will have global consequences.

Signatories:
Access Now; Africa Freedom of Information Centre; Agustina Del Campo, in an individual capacity (Center for Studies on Freedom of Expression CELE); American Civil Liberties Union (ACLU); ApTI Romania; Article 19; Bits of Freedom; Brennan Center for Justice; Catalina Botero Marino, in an individual capacity (Former Special Rapporteur of Freedom of Expression of the Organization of American States; Center for Democracy & Technology (CDT); Centre for Internet and Society; Chinmayi Arun, in an individual capacity; Damian Loreti, in an individual capacity; Daphne Keller, in an individual capacity (Stanford CIS); Derechos Digitales · América Latina; Digital Rights Watch; Electronic Frontier Finland; Electronic Frontier Foundation (EFF); Electronic Frontier Norway; Elena Sherstoboeva, in an individual capacity (Higher School of Economics); European Digital Rights (EDRi); Hermes Center; Hiperderecho; Homo Digitalis; IT-Pol; Joan Barata, in an individual capacity (Stanford CIS); Krisztina Rozgonyi, in an individual capacity (University of Vienna); Open Rights Group; Open Technology Institute at New America; Ossigeno; Pacific Islands News Association (PINA); People Over Politics; Prostasia Foundation; R3D: Red en Defensa de los Derechos Digitales; Sarah T. Roberts, Ph.D., in an individual capacity; Southeast Asian Press Alliance; Social Media Exchange (SMEX), Lebanon; WITNESS; and Xnet.

For more details visit https://cis-india.org/internet-governance/news/jessica-corbett-common-dreams-february-5-2019-civil-liberties-groups-warn-proposed-eu-terrorist-content-rule-threat-democratic

2019 International Asia Conference

Admin — 2019-02-19T00:23:43Z

ITECHLAW organized the 2019 edition of International Asia Conference at JW Marriott hotel in Bangalore on January 31, 2019 and February 1, 2019. Sunil Abraham was a panelist in the session "Policy Making for the Emerging Tech in India".

The rush of emerging technologies of Machine Learning, Internet of Things (IoT) and Virtual Reality (VR) is revolutionising the landscape in which humans exist. Innovators of the generation are ambitious, and their contributions have significantly impacted on various fields like healthcare, media and entertainment, agriculture, and other service models. As these technology advancements are driving new business and service models, there is a need for stakeholders and governments to ensure security and stability of the market without stifling innovations, stigmatising incentives or creating obstacles. Rapid spreading technology applications are resulting in drastic changes in today’s regulatory model, posing the difficult challenges for regulators. In India, the expeditiously developing start-up ecosystem and online consumer base, has stirred the regulators.

Intermediary liability, surveillance, data and privacy, digital taxation, data governance and sovereignty are the dominating debatable topics in India. The debates are not only between regulators and stakeholders, but consumers also joining in it. As the competition between Indian and Foreign Technology intensifies in the turf, the debate on tech-policy is considerably being mentioned in run-up of political parties to the general elections as well. Over the past one year, the country has witnessed some landmark judgments and contentious government proposals related to data and privacy, implications of which have affected over-the-top (“OTT”) services, online media, social media, e-commerce platforms, IoT services etc. The Indian regulatory framework on tech-policy is becoming stricter due to a very disruptive phase last year. The tech-giants like Facebook, Google, Twitter, and Amazon are themselves realising their enormous market influence. After the episodes of lynching, hate speeches etc., they are participating in policy-making efforts related to fake news and digital malfeasance. In this process legal industry is making considerable lobbying efforts for corporations to work with government to curb the menace of digital malpractice and make the internet safer.

As the legal industry is participating in the process of creating an innovators-friendly regulatory regime, they are also striving to understand the disruptive technologies and adopt them for their own convenience. However, legal firms must understand that the technology cannot do their job for clients but can only upgrade the business model for them. The traditional law firm business model is not in sync with legal buyers. Effective deployment of technology will ameliorate the factor of its approachability to its clients.

With the growing technology-based start-ups in India, it is going to be a hub for investments by big corporations. In order to keep attracting the investors there is a need for government to remove the potential hindrances that may make investors double-think. The government should prepare a level-playing field in the market by making citizens aware of the standard tech-policies and fostering the innovators-friendly regulatory regime.

For more info see the website

For more details visit https://cis-india.org/internet-governance/news/2019-international-asia-conference