We are anonymous, we are legion

SFLC Round Table Discussion on Personal Data Protection Bill

Admin — 2018-10-02T03:16:19Z

Shweta Mohandas participated in a Round Table Discussion on Personal Data Protection Bill, orgnanised by SFLC on September 25, 2018 in Bangalore. She also moderated the first session - Data Protection Principles (Rights and Obligations).

See the agenda of the event here.

For more details visit https://cis-india.org/internet-governance/news/sflc-round-table-discussion-on-personal-data-protection-bill

A trust deficit between advertisers and publishers is leading to fake news

sunil — 2018-10-02T06:44:55Z

Transparency regulations is need of the hour. And urgently for election and political advertising. What do the ads look like? Who paid for them? Who was the target? How many people saw these advertisements? How many times? Transparency around viral content is also required.

The article was published in Hindustan Times on September 24, 2018.

Traditionally, we have depended on the private censorship that intermediaries conduct on their platforms. They enforce, with some degree of success, their own community guidelines and terms of services (TOS). Traditionally, these guidelines and TOS have been drafted keeping in mind US laws since historically most intermediaries, including non-profits like Wikimedia Foundation were founded in the US.

Across the world, this private censorship regime was accepted by governments when they enacted intermediary liability laws (in India we have Section 79A of the IT Act). These laws gave intermediaries immunity from liability emerging from third party content about which they have no “actual knowledge” unless they were informed using takedown notices. Intermediaries set up offices in countries like India, complied with some lawful interception requests, and also conducted geo-blocking to comply with local speech regulation.

For years, the Indian government has been frustrated since policy reforms that it has pursued with the US have yielded little fruit. American policy makers keep citing shortcomings in the Indian justice systems to avoid expediting the MLAT (Mutual Legal Assistance Treaties) process and the signing of an executive agreement under the US Clout Act. This agreement would compel intermediaries to comply with lawful interception and data requests from Indian law enforcement agencies no matter where the data was located.

The data localisation requirement in the draft national data protection law is a result of that frustration. As with the US, a quickly enacted data localisation policy is absolutely non-negotiable when it comes to Indian military, intelligence, law enforcement and e-governance data. For India, it also makes sense in the cases of health and financial data with exceptions under certain circumstances. However, it does not make sense for social media platforms since they, by definition, host international networks of people. Recently an inter ministerial committee recommended that “criminal proceedings against Indian heads of social media giants” also be considered. However, raiding Google’s local servers when a lawful interception request is turned down or arresting Facebook executives will result in retaliatory trade actions from the US.

While the consequences of online recruitment, disinformation in elections and fake news to undermine public order are indeed serious, are there alternatives to such extreme measures for Indian policy makers? Updating intermediary liability law is one place to begin. These social media companies increasingly exercise editorial control, albeit indirectly, via algorithms to claim that they have no “actual knowledge”.

But they are no longer mere conduits or dumb pipes as they are now publishers who collect payments to promote content. Germany passed a law called NetzDG in 2017 which requires expedited compliance with government takedown orders. Unfortunately, this law does not have sufficient safeguards to prevent overzealous private censorship. India should not repeat this mistake, especially given what the Supreme Court said in the Shreya Singhal judgment.

Transparency regulations are imperative. And they are needed urgently for election and political advertising. What do the ads look like? Who paid for them? Who was the target? How many people saw these advertisements? How many times? Transparency around viral content is also required. Anyone should be able to see all public content that has been shared with more than a certain percentage of the population over a historical timeline for any geographic area. This will prevent algorithmic filter bubbles and echo chambers, and also help public and civil society monitor unconstitutional and hate speech that violates terms of service of these platforms. So far the intermediaries have benefitted from surveillance — watching from above. It is time to subject them to sousveillance — watched by the citizens from below.

Data portability mandates and interoperability mandates will allow competition to enter these monopoly markets. Artificial intelligence regulations for algorithms that significantly impact the global networked public sphere could require – one, a right to an explanation and two, a right to influence automated decision making that influences the consumers experience on the platform.

The real solution lies elsewhere. Google and Facebook are primarily advertising networks. They have successfully managed to destroy the business model for real news and replace it with a business model for fake news by taking away most of the advertising revenues from traditional and new news media companies. They were able to do this because there was a trust deficit between advertisers and publishers. Perhaps this trust deficit could be solved by a commons-based solutions based on free software, open standards and collective action by all Indian new media companies.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-sunil-abraham-september-24-2018-a-trust-deficit-between-advertisers-and-publishers-is-leading-to-fake-news

Find ways to trace origin of messages: Government to WhatsApp

Admin — 2018-09-24T02:53:23Z

Unhappy with the steps taken so far by WhatsApp, the government plans to trace the origins of incendiary messages spread on its platform.

The article by Surabhi Agarwal was published in Economic Times on September 20, 2018. Sunil Abraham was quoted.

The Ministry of Electronics and IT (MeitY) is drafting a letter — its third since July to the Facebook-owned platform — asking it to design a technology-led solution to the issue that in the past has led to mob lynching or riots in the country. Since India first raising its concerns, WhatsApp has announced measures such as limiting forwards to five groups at a time from the earlier 250, identifying forwarded messages, and a publicity campaign against fake news.

The government says these measures may not be enough. “It’s a reasonable demand from us, and very much doable. The third letter will reiterate that WhatsApp is not meeting all our concerns,” said a top government official, who did not want to be identified.

If WhatsApp feels the solution given by the government for traceability goes against its end-to-end encryption policy, then the company should be able to find a solution on its own which is technically feasible without compromising on its offering, the official said. “We are not asking them to look into the contents of the message, but if some message has been forwarded, say, 100 times and has caused some law and order problem, then they should be able to identify where it originated from,” he said, adding that WhatsApp cannot absolve itself from responsibility in the name of user privacy. “We are not being unfair since we can’t allow anonymous publishing.”

WhatsApp could not be immediately reached for comment.

Some analysts say the government’s demand from WhatsApp is reasonable and the company could provide traceability using metadata without compromising on encryption.

“For basic level of traceability, storing the metadata is enough,” said Sunil Abraham, executive director of Center of Internet and Society.

“For the kind of traceability that the Indian government is asking for, WhatsApp may have to break its end-toend encryption. But other kind of traceablity, such as who is messaging whom, how many times, who are the propagators of messages, and who are receivers, can all be seen through storing just metadata.”

Just like every organisation used to store copies of end-of-end encrypted emails on their own servers, similarly WhatsApp can either store copies of encrypted messages or the metadata, he said. Last month, at a meeting between Union minister for electronics and IT Ravi Shankar Prasad and WhatsApp CEO Chris Daniels, the government asked the company to appoint a grievance officer in India, set up an Indian entity, and ensure traceability of messages.
While the company agreed to register a corporate entity and build a team here, a stalemate over the issue of traceability continues.

“(WhatsApp) needs to find solutions to deal with sinister developments like mob lynching and revenge porn and has to follow Indian law,” Prasad said in August. “It does not take rocket science to locate a message being circulated in hundreds and thousands...

(WhatsApp) must have a mechanism to find a solution.”

WhatsApp has maintained that people rely on the platform for all kinds of sensitive conversations, including with their doctors, banks and families. “Building traceability would undermine end-to-end encryption and the private nature of WhatsApp, creating the potential for serious misuse. WhatsApp will not weaken the privacy protections we provide,” the company’s spokesperson said in August after the demand from the Indian government on traceability.

The official quoted earlier reiterated that the government is notasking the company to break its end-to-end encryption, adding that if the company could find ways to tag non-original content with ‘forward’ labels and flag some links as spurious, it could also find a way around this problem.

For more details visit https://cis-india.org/internet-governance/news/economic-times-surabhi-agarwal-september-20-2018-find-ways-to-trace-origin-of-messages-govt-to-whatsapp

Forecasting the Implications of the CLOUD Act Around the World

Admin — 2018-09-20T15:51:48Z

Elonnai Hickok participated in the event organized by the Global Network Initiative at the Russell Senate Office Building, Washington D.C. on September 18, 2018 as a speaker.

Elonnai spoke on the CLOUD Act from an Indian perspective based on the article that she co-authored with Vipul Kharbanda.

For more details visit https://cis-india.org/internet-governance/news/forecasting-the-implications-of-the-cloud-act-around-the-world

Conference on Data Protection

Admin — 2018-09-20T14:47:17Z

Sunil Abraham and Amber Sinha participated in a conference on data protection at NIPFP in New Delhi on September 4, 2018. The event was organized by National Institute of Public Finance and Policy.

Sunil Abraham and Amber Sinha were discussant in the session Disclosures in Privacy Policies: Does Consent Work?

Click to see the agenda

For more details visit https://cis-india.org/internet-governance/news/conference-on-data-protection

'What Security Breach?' The Unchanging Tone of UIDAI's Denials

Admin — 2018-09-19T14:14:53Z

This week brought with it another instance of Aadhaar déjà vu. The narrative is now eerily familiar to people with even a passing acquaintance with the matter.

The article by Karan Saini was published in the Wire on September 12, 2018

A security vulnerability in the Aadhaar ecosystem comes to light, usually through civil society stakeholders or the media. The Unique Identification Authority of India (UIDAI) issues a standard denial, refuses to publicly acknowledge that it has to course-correct and fix the problem, and the public waits for the process to repeat.

Following a three-month-long investigation by Huffington Post into the known and documented problem of cracked Aadhaar enrolment software, several security experts from within the country and elsewhere were able to conclude that the authenticity of entries within the Aadhaar database was likely compromised to an unknown extent. This was a direct result of a patched version of the enrolment software with stripped security features being circulated and used by potential hostile actors – among others.

The patched software bypasses several crucial security features of the enrolment client and could have also been used to get around the biometric authentication which legitimate enrolment operators would have to undertake before attempting to add new entries to the database.

The UIDAI responded to this report with a statement which is nearly identical to many of the authority’s previous press releases on alleged security incidents.

In its statement, the UIDAI said that “the claims made in the report about Aadhaar being vulnerable to tampering leading to ghost entries in Aadhaar database by purportedly bypassing operators’ biometric authentication to generate multiple Aadhaar cards is totally baseless”.

The statement which was issued by the authority seems straightforward but is actually cryptic in its very nature. The story published by Huffington Post did not categorically assert that the software bypass was being used ‘to generate multiple Aadhaar cards’, while the authority’s statement specifically refuted this claim.

This is, sadly, not new. The Aadhaar authority has always purposely misinterpreted what is actually being alleged in critical stories, and then presented their interpretations in their statements of rebuttal, which essentially amount to irresponsible dissemination of misleading information.

For instance, the UIDAI ignores that even without the issue of cracked enrolment software, there are already many proven cases of ghost entries in the database, including that of a Pakistani ISI spy as well as an Uzbek national involved in illegal sex-trade in the country. Both of these persons held real, valid Aadhaar cards which were issued to them under false identities.

The UIDAI also states that enrolments are verified at their backend system in order to prevent any such false entries from finding their way into the database. Given this, the question arises – how did these highlighted cases of false entries make it through the supposed checks and balances in place to the point where Aadhaar numbers for these persons were issued (and delivered)?

Similar events took place when in March 2018, ZDNet broke the story of an application programming interface (API) hosted on the website of utility provider Indane Gas, which could have been abused by hackers to steal information such as full names, Aadhaar numbers, names of linked banking institutions as well as details of the specific utility provider which a person uses for a major chunk of the population.

The UIDAI statement at the time baldly claimed that there was no breach of its central database (what is called the ‘CIDR’) and that biometric data were safe. The only problem? Neither of these issues were asserted or even hinted at in the original story.

Reporters from the publication had attempted to reach out to UIDAI repeatedly – and that too through several mediums of communication, such as phone, email and even direct messages to the official UIDAI Twitter account – all to no avail.

“We tried to contact UIDAI by phone and email after we learned of the Aadhaar data leak. We eventually sent all the details in a Twitter DM message — but only because UIDAI wouldn’t offer […] an email address to send this data leak issue to,” posted Zack Whittaker, the reporter who had broken the story for ZDNet, as a tweet on his public Twitter account.

This was not the first time the authority had done such a thing (and neither was it the last, as we see with the Huffington Post story), as witnessed in the January 2018 incident with the Tribune; where the UIDAI did not respond to the paper’s attempts at communication at all before publication and later used it to state that no security incident had taken place altogether.

Reporters from the Huffington Post had also attempted to reach out to UIDAI prior to publication of the story; attempts at communication which the UIDAI willingly left unanswered. After UIDAI’s rebuttal, the Huffington Post published a statement of their own in which they asserted that they stood by the claims made in their story, while also making it known that the UIDAI had never responded directly to any of their communication.

The UIDAI’s most recent statement deploys a bizarre array of security jargon including buzzwords such as “full encryption”, “access control” and “tamper resistance” – without providing any elaboration on what any of these things would help prevent with regard to the issues raised in the media report.

This obfuscation is very troubling, and particularly so for those people who do not actively follow news regarding the troubles of the programme or other media organisations that are not equipped to understand the nuances of security reporting. For both groups of people, the statements issued by the UIDAI would be enough of an assertion to lead them to believe that all is well with the project and that anyone saying otherwise is an “unscrupulous element” with “vested interests”.

After the first few incidents, the authority’s cookie-cutter response seems to be part of the playbook through which they seek to protect their image: by retaining the ability to publicly deny an incident, even if it has already taken place; which is done by never confirming (or even acknowledging) an issue before publication. This is presumably done out of fear of the reputational damage which would inevitably be caused by admittance of a compromise or fault on their part.

Consider what happened with the Tribune breach report. The UIDAI officially denied it (even though some of their lower-level officials were quoted in the story), filed an FIR against the journalist. When the dust settled down, a prominent business newspaper ran a story which strangely enough quoted anonymous officials who highlighted the steps that were taken to fix the problem.

The UIDAI understands that ‘the first step in solving a problem is to recognise that it does exist’. Acknowledging problems within the Aadhaar project would be catastrophically damaging for the authority as well as the public’s perception of them. This is why we are always presented with almost indistinguishable statements of rebuttal and denial from the UIDAI, which too are never backed with any evidence.

Seeing as how the UIDAI’s statements almost always end up backfiring, their decision to employ a social media agency to monitor the internet for chatter on Aadhaar starts to make a little sense. For a while now, the authority has wished to undertake mass digital surveillance through social media and other online forums in order to track “top detractors” of the Aadhaar scheme and counter them to effectively “neutralise negative sentiments” surrounding the project.

This move, however, was challenged by petitioner Mahua Moitra who saw it as “an attempt by the State to overreach the jurisdiction of the Hon’ble Supreme Court in matters where the legality of social media surveillance and Aadhaar itself is under challenge”.

For now, the next time we are hit with a sense of déjà vu when it comes to an Aadhaar-related security incident, we should see through the UIDAI’s statements for what they truly are: hopeless attempts at damage control for a system that is crumbling at its very foundation.

For more details visit https://cis-india.org/internet-governance/news/the-wire-karan-saini-september-12-2018-what-security-breach-the-unchanging-tone-of-uidai-denials

Meeting of Information Systems Security and Biometrics Sectional Committee

Admin — 2018-09-19T14:08:23Z

Gurshabad Grover attended the 14th meeting of the Information Systems Security and Biometrics Sectional Committee (LITD 17) of the Bureau of Indian Standards (BIS), which was held at the BIS office in New Delhi on 14 September 2018.

This was Gurshabad's first LITD 17 meeting. The committee noted my co-option in the committee and registration in Working Group 1 (Information security management systems) and WG5 (Identity management and privacy technologies) of ISO JTC 1 / SC 27 / “IT Security Techniques”. Some of the items discussed included proposed standards for biometric information protection, mobile phone security, and data privacy engineering & management practices.

For more details visit https://cis-india.org/internet-governance/news/meeting-of-information-systems-security-and-biometrics-sectional-committee

'Why should we talk to Dunzo?' State regulators fume at liquor delivery

Admin — 2018-09-19T14:04:35Z

In 2016, the Chandigarh police ordered thirty bottles of liquor on getTalli, an online liquor ordering platform.

The blog post by Aroon Deep was published in Medianama on September 7, 2018

“We do not sell liquor. On your request, we procure liquor from a government authorized vendor on your behalf and deliver it to you,” getTalli explained on its website, according to a Hindustan Times report. The police weren’t exactly interested in consuming that liquor. The order was a trap. They arrested both Pratham Gupta and Anurag Awasthi, who founded the site. The two were charged with criminal conspiracy, fraud, and a state law prohibiting “unlawful import, export, transport, manufacture, possession, etc”. The site was shut down.

Excise is a state subject, so each state has varying levels of strictness in regulating services like Dunzo, which allow users to buy alcohol (among several other things) through them. Karnataka is among the stricter jurisdictions. Dunzo stopped delivering alcohol in the state when regulators made noise about online alcohol delivery not being a recognized mode of sale. “Why should we talk to [Dunzo]?” Rajendra Prasad, an excise official in Bangalore told MediaNama. Dunzo doesn’t seem to have government relations managers, so the company has chosen simply to shut down alcohol delivery rather than engage with regulators. Alcohol deliveries previously accounted for around one in thirty orders for Dunzo in Bangalore, an employee told The News Minute.

Alcohol delivery and the law

On the face of it, alcohol delivery — at least the kind used by Dunzo — doesn’t seem to be cause for regulatory concern. Third party delivery services can’t have their own inventory, so they must simply buy liquor from authorized retailers and deliver them to customers. This doesn’t seem to have any downsides, since the delivery is separately charged and taxed; and the tax on the alcohol is also paid. But regulators have continued to cry foul.

Aayush Rathi, a policy officer at the Centre for Internet and Society, pointed out that the Karnataka Excise Act — and possibly other states’ excise regimes — gives states a lot of control on regulating the movement of alcohol. “A ‘sale’ in the Karnataka Excise Act is defined as ‘any transfer otherwise than by way of gift’,” Rathi told MediaNama. This definition essentially makes online ordering and delivery of liquor illegal — even if the service doing it doesn’t maintain inventory. Since there is no license for online delivery of alcohol, there is little by way of legal standing services like Dunzo have when faced with regulatory scrutiny.

But that is assuming that the regulatory scrutiny comes in the first place. While Punjab and Karnataka have chosen to use the vast regulatory powers the law grants them, other states haven’t done the same. In Gurgaon and Pune, though, alcohol deliveries continue unabated. HipBar, which delivers alcohol across India, told The News Minute, “HipBar is engaging with multiple states and their respective regulators to move the needle on last mile deliveries of alcoholic beverages with reasonable restrictions and safeguards in place, such that the letter and spirit of the excise policy is not vitiated.” That brings the question of whether the current model of last-mile delivery by services like Dunzo and HipBar violate the spirit of excise law in the first place.

For more details visit https://cis-india.org/internet-governance/news/medianama-september-7-2018-aroon-deep-why-should-we-talk-to-dunzo-state-regulators-fume-at-liquor-delivery

Gender and Privacy: Countering the Patriarchal Gaze

Admin — 2018-09-19T01:48:07Z

Ambika Tandon participated in a workshop on privacy and gender which was organized by Privacy International in United Kingdom on September 13 and 14, 2018. Ambika was part of a panel on reproductive rights and privacy in India. She also recorded a podcast on the same topic, as part of a series on privacy and gender being hosted by Privacy International.

Read the Agenda here

For more details visit https://cis-india.org/internet-governance/news/gender-and-privacy-countering-the-patriarchal-gaze

Haryana Cops Say Internet Shutdowns Hurt Police Operations

praskrishna — 2018-09-18T15:57:12Z

India sees a very high number of Internet shutdowns, often to preserve law and order, but Haryana cops are arguing against the practice.

The article by Gopal Sathe was published by Huffington Post on September 19, 2018.

Ahead of a Haryana court verdict in a rape case against Dera Sacha Sauda (DSS) head Gurmeet Ram Rahim Singh, mobile Internet services were shut down in nearby areas such as Panchkula and Mohali. The Hindustan Times reported that SMSes, mobile Internet and all services apart from voice calls were suspended to keep the peace.

But as a result of the shutdown, police in Panchkula faced a challenge in estimating the size of crowds gathered at different locations. "We were until then sharing information and photos on WhatsApp to figure out the number of people pouring in the city from various points as it helped identify problem areas. DSS followers had started gathering August 22 onwards," Panchkula police commissioner Arshinder Singh Chawla has said, according to a report by Manoj Kumar first published by the Centre for Internet and Society.

This was a replay of events during the Jat agitation of 2016 as well—protestors were present in much greater numbers than police personnel, who were not aware of the scenario on the ground. The police also worried about sending messages asking for help over the radio, as this could have been tapped into by the protestors, according to the report.

The lack of mobile Internet during the DSS-related Internet shutdown also affected the use of technology such as drone cameras, Chawla said. And because the police could not communicate with security personnel at the court complex, the police inside had to scale walls to leave safely, as they could not ask their colleagues for backup.

The report points out that this is in stark contrast to what happened in Mumbai, where former police commissioner Rakesh Maria made use of WhatsApp and SMS messages to prevent a scuffle from turning into a riot during Eid celebrations in early 2015.

A study by the Software Freedom Law Centre stated that India has already over 100 Internet shutdowns in 2018, Medianama reported. The five states with the most shutdowns are Jammu and Kashmir, Rajasthan, Uttar Pradesh, Maharashtra and Bihar. This has been criticised by many, including the UN, and as the Haryana police's experience show, the shutdowns are not just harming citizens, but are counter-productive to maintaining order as well.

For more details visit https://cis-india.org/internet-governance/news/huffington-post-gopal-sathe-september-17-2018-haryana-cops-say-internet-shutdowsn-hurt-police-operations

Symposium on Data Privacy and Citizen's Rights

Admin — 2018-09-18T15:18:37Z

Shweta Mohandas was a panelist at the Symposium on Data Privacy and Citizen's Rights on September 9, 2018. The Symposium was organised by the Tech Law Forum of NALSAR University of Law, Hyderabad.

Concept Note

The National Academy of Legal Studies and Research (NALSAR) University of Law, Hyderabad is organising a Symposium on DATA PRIVACY AND CITIZEN’S RIGHTS to provide multiple stakeholders one platform to discuss and deliberate on the BN Srikrishna Committee Report and Draft Bill.

The Committee headed by Retd. Justice BN Srikrishna released its Report and Draft Bill on the 27th of July, 2018. It comes at a time when there is increasing discussion about the individual privacy and surveillance by both private organisations and state authorities. Especially in light of the 9-judge Puttaswamy judgment affirming the Fundamental Right to Privacy, there was a need to concretise the right in the form of a statute. The Bill proposes an elaborate data protection framework by utilising concepts such as anonymisation, pseudonymisation, data localisation, guardian data fiduciary, among others. While the Bill has been lauded for providing a data protection framework largely similar to the one proposed by civil society, there are several areas of concern with the Bill such as the amendments suggested to the RTI Act, the impact of the Bill on Free Speech and the lack of substantial provisions regarding surveillance. There has been further criticism that the discussions regarding these issues have been conducted in silos, with little to no dialogue taking place between the various stakeholders and experts in the field.

We believe that there is a need to provide a common forum for these stakeholders to interact with each other in providing suggestions that are representative in nature and nuanced in their expression.

Themes

Privacy and Free Speech This interaction aims to examine the juxtaposition of the constitutional right to free speech and the now constitutionally affirmed right to privacy. Will a new data protection law impact the publication of leaked documents or sting operations like the Radia tapes or Tehelka’s ‘Operation Westend’? If so, how can journalists mitigate the risk of getting sued for breach of privacy? While the jurisprudence concerning the right to privacy is in its most nascent state, it becomes important for us to explore its contours in light of already established constitutional guarantees.

Right to Information and Right to Privacy How does the right to privacy impact the right to information? The guarantee of these two rights arise from diametrically opposite ideologies, in that privacy aims to shield from the public domain information and data concerning individuals and institutions while the right to information aims to promote transparency and disclosure of information held by the state. However, the question remains, is the existence of these two rights necessarily mutually exclusive? Will a new data protection law make it difficult to promote transparency under the Right to Information Act? Is there is a possibility of a clash between the Information Commissions and the proposed Data Protection Authority? This panel would analyze the co-existence and competitive nature of these two rights in the context of the Indian legal space.

Surveillance - As we move towards a form of governance that is increasingly capable of surveilling individual movements and actions, it becomes extremely necessary for us to understand the nature of surveillance. Can data privacy be compromised for surveillance that may be necessary for increased safety in our physical and virtual living spaces? Are there any provisions that protects data in cases of it becoming exploitable? What is the interaction of international statutes (like ICCPR) and the latest Indian statute in terms of its recognition of necessity of surveillance in contrast to the necessity of protection of data.

For more details visit https://cis-india.org/internet-governance/news/symposium-on-data-privacy-and-citizens-rights

August 2018 Newsletter

praskrishna — 2018-09-16T05:08:39Z

CIS newsletter for the month of August 2018.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights

India houses the second largest population in the world at approximately 1.35 billion individuals. In such a diverse and dense context, law enforcement could be a challenging job. Elonnai Hickok and Vipul Kharbanda throw light on the CLOUD Act and its implifications for India in a blog post.
On August 9, 2018, the DNA Technology (Use and Application) Regulation Bill, 2018 was introduced in the Lok Sabha. CIS had commented on some key aspects of the bill in many forums earlier. Elonnai Hickok and Murali Neelakantan in an article published by Bloomberg Quint have voiced their opinion on the bill.
Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta and Torsha Sarkar in an Op-ed in Bloomberg Quint have examined the National Health Stack, an ambitious attempt by the government to to build a digital infrastructure with a “deep understanding of the incentive structures prevalent in the Indian healthcare ecosystem. The authors have argued that collection of health data, without sensitisation and accountability, has the potential to deny healthcare to the vulnerable.
An article titled India's Contribution to Internet Governance Debates, co-authored by Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah and Akriti Bopanna, was published in the NLUD Student Law Journal, an annual peer-reviewed journal published by the National Law University, Delhi.
IT/IT-eS Sector and the Future of Work in India was organized at Omidyar Networks’ office in Bangalore, on June 29, 2018. Torsha Sarkar, Ambika Tandon and Aayush Rath co-authored a report.
Swaraj Barooah and Gurshabad Grover co-authored an article in Livemint that examines a few problematic provisions in the proposed Anti-trafficking Bill. The authors say that it may lead to censorship.
The Researchers at Work programme of CIS had invited abstracts for essays that explore dimensions of offline lives. Selected authors are expected to submit the first draft of the essay (2000-4000 words) by Friday, October 5, 2018.

Articles

Anti-trafficking Bill may lead to censorship (Swaraj Barooah and Gurshabad Grover; Livemint; July 24, 2018). The article was mirrored on CIS website in the month of August 2018.
The National Health Stack: An Expensive, Temporary Placebo (Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta, and Torsha Sarkar; Bloomberg Quint; August 6, 2018).
Digital Native: Double Speak (Nishant Shah; Indian Express; August 12, 2018).
India's Contribution to Internet Governance Debates (Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah and Akriti Bopanna; NLUD Student Law Journal; August 16, 2018).
National Health Stack: Data for Data's Sake, A Manmade Health Hazard (Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta and Torsha Sarkar; Bloomberg Quint; August 17, 2018).
DNA ‘Evidence’: Only Opinion, Not Science, And Definitely Not Proof Of Crime! (Elonnai Hickok and Murali Neelakantan; Bloomberg Quint; August 22, 2018).
Digital Native: Playing God (Nishant Shah; Indian Express; August 26, 2018).

CIS in the News

UNDP joins Tech Giants in Partnership on AI (UNDP; August 1, 2018). CIS is one of the partners.
UIDAI says asked nobody to add the helpline number to contacts (Komal Gupta; Livemint; August 3, 2018).
How Chinese apps are making inroads in Indian small towns (Mugdha Variyar; Economic Times; August 10, 2018).
The Big Eye: The tech is all ready for mass surveillance in India (Anand Murali; Factor Daily; August 13, 2018).
Centre draws red lines for Whatsapp over fake news, says must comply with Indian laws (Nakul Sridhar; Hindustan Times; August 21, 2018).
India steps up vigilance against WhatsApp abuse (Debashree Dasgupta; Straits Times; August 24, 2018).
India’s Biometric Database Is Creating A Perfect Surveillance State — And U.S. Tech Companies Are On Board (Paul Bluementhal and Gopal Sathe; Huffington Post; August 25, 2018).
20 years of Google: Privacy, fake news and the future (Rachel Lopez; Hindustan Times; August 26, 2018).

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Wikipedia

Blog Entry

మిసిమి పత్రిక గ్రంథాలయంలో తెలుగు వికీపీడియన్ల కార్యక్రమం (Pavan Santhosh; August 22, 2018).

Events Organized

వికీపీడియా:సమావేశం/గుంటూరు/అన్నమయ్య గ్రంథాలయం - భాగస్వామ్య కార్యక్రమం జూలై 2018 (Organized by CIS-A2K; Annamaya Library; Guntur; July 10, 2018).
Workshop of Publishers and Writers on Unicode, Open Source and Wikimedia Projects (Organized by CIS-A2K; Pune; July 25, 2018).
Workshop of River activists for building Jal Bodh - Knowledge resource on Water (Organized by CIS-A2K; Pune; July 25, 2018).
ವಿಕಿಪೀಡಿಯ:ಸಂಪಾದನೋತ್ಸವಗಳು/ಸಂಪಾದನೋತ್ಸವ ತುಮಕೂರು ವಿಶ್ವವಿದ್ಯಾನಿಲಯ ೨೦೧೮ (Organized by CIS-A2K; Tumakur University; July 25, 2018).
Intensive Personalised Wiki Training Session at Pune (Organized by CIS-A2K; August 2018).
Wikisource and Wiki technical session at MKCL (Organized by CIS-A2K; Pune; August 2018).
Wiki technical orientation session with PyLadies group (Organized by CIS-A2K; Cummins College of Engineering, Pune; August 7, 2018).
Indian Independence Struggle Edit-a-thon on Marathi Wikipedia (Organized by CIS-A2K; August 10 - 20, 2018).

Event Participation

వికీపీడియా:సమావేశం/హైదరాబాదు/మిసిమి పత్రిక భాగస్వామ్య సమావేశం, జూలై 2018 (July 24, 2018). CIS-A2K held partnership discussions with Misimi Telugu monthly magazine.

Note: Event reports for all these were published in the month of August 2018.

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Privacy

Blog Entries

Use of Visuals and Nudges in Privacy Notices (Saumyaa Naidu; edited by Elonnai Hickok and Amber Sinha; August 18, 2018).
An Analysis of the CLOUD Act and Implications for India (Elonnai Hickok and Vipul Kharbanda; August 22, 2018).
Consumer Care Society: Silver Jubilee Year Celebrations (Arindrajit Basu; August 27, 2018).

Event Participation

Celebrating One Year of the Justice K.S. Puttaswamy v. Union of India Judgment (Organized by Indian Council for Research on International Economic Relations and Centre for Communication Governance at National Law University - Delhi; India International Centre; New Delhi; August 24, 2018). Shweta Mohandas was a panelist at the event.

Free Speech & Expression

Blog Entry

ICANN response to DIDP #31 on diversity (Akriti Bopanna and Akash Sriram; August 21, 2018).

Event Participation

Feminist Information Infrastructure Workshop with Blank Noise and Sangama (Organized by Sangama and Blank Noise; CIS, Bangalore; August 8, 2018). Akriti Bopanna, Swaraj Paul Barooah and Ambika Tandon conducted the workshop.
Summer School on Disinformation (Organized by Digital Asia Hub, Hans-Bredow-Institut, University of Hamburg, Institute for Technology & Society of Rio de Janeiro - ITS Rio and Berkman Klein Center for Internet and Society at Harvard University; Azure Room, Pullman, Jakarta; August 22 - 24, 2018). Sunil Abraham made a presentation on Disinformation and Online Recruitment.
World Library and Information Congress 2018 (Organized by International Federation of Library Associations and Institutions; Kuala Lumpur; August 26 - 27, 2018). Swaraj Paul Barooah was a speaker at two panels. Swaraj's first panel, titled "Intellectual Freedom in a Polarised World" was selected as one of 9 sessions to be live-streamed and recorded, out of 249 sessions in total. The recording can be accessed on YouTube.

Information Technology

Blog Entry

Future of Work: Report of the ‘Workshop on the IT/IT-eS Sector and the Future of Work in India’ (Torsha Sarkar, Ambika Tandon and Aayush Rath; edited by Elonnai Hickok. Akash Sriram and Divya Kushwaha; August 16, 2018).

Researchers at Work

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Call for Essays: Offline (P.P. Sneha; August 6, 2018). Selected authors are expected to submit the first draft of the essay (2000-4000 words) by Friday, October 5, 2018.

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/august-2018-newsletter

#NAMAprivacy: Data Protection Authority's regulatory and enforcement challenges

Admin — 2018-09-14T12:26:16Z

This is the second post in our series covering our events in Delhi and Bangalore on India’s Data Protection Law.

The blog post by Rana was published in Medianama on September 9, 2018. Amber Sinha was quoted.

“The Data Protection Authority of India, as it stands, performs legislative, executive and judicial functions. It’s not a bad thing,” said Alok Prasanna Kumar, Senior Resident Fellow at the Vidhi Centre for Legal Policy at the #NAMAprivacy discussion on the data protection bill in Bangalore last week. “But unlike other regulators, the DPA’s ambit is vast. It could potentially deal with every kind of company. So, there’s no way one entity could do this in regards to efficacy and no single entity should do it either.”

That was one of the many challenges that our panelists have suggested that the regulator may face when it is established. Panelists, however, were largely unsure on how the proposed regulator will impact consumers or businesses, given that the most regulations are yet to be defined in the Personal Data Protection Bill, 2018. To this extent, Renuka Sane, Associate Professor at the National Institute of Public Finance and Policy (NIPFP) said, “On most questions about this law, I would have one answer, that it is too early to say anything. We will have to wait and see how it will evolve.”

To reiterate, the draft bill, 2018 proposed establishing a regulatory body that will implement and oversee the data protection law in the country; the Data Protection Authority of India (DPA). The regulatory body will be empowered to impose penalties on data fiduciaries, accept complaints from data principals, prevent misuse of personal data, determine if the data protection law has been violated, and promote awareness of data protection. The authority will consist of six whole-time members and a chairperson, to be appointed by the central government, based on the recommendations of a selection committee that includes the Chief Justice of India (CJI), the Cabinet secretary and one CJI nominated expert.

The following are some of the key points made in both, Delhi and Bengaluru. Please note that these points are not necessarily listed in the order they were made and are not verbatim excerpts of the speakers’ remarks. We’ve edited them for brevity.

Regulatory and Enforcement by the DPA

Tasks to be undertaken: There are four main functions that the DPA has to undertake at some point of time –
1. The DPA will have to issues licenses to some players
2. It will have to come up with regulations as there are several places in the Act (Bill) that will be determined by regulations,
3. It will have come up with some sort of monitoring mechanism to gauge if you are abiding by the regulations are not and iv. It will have to determine violations and undertake enforcement actions. (Renuka Sane)

To increase transparency and credibility: Regulators have to demonstrate what is the problem that they are trying to solve before passing a regulation. Is the solution they are opting for, the most appropriate way of solving the problem? Have they considered all the available alternative solutions? They need to hold public consultations on all these issues in a transparent manner. Unless all these things are embedded in the law, we are not going to make much progress on the DPA. (Renuka Sane)

Regulatory balance: The regulators in India need to merge the two sides of responsive theory – compliance theory, where we put a lot of faith in businesses to self-regulate and comply with processes, with dissonance theory, where we have punishments, fines and criminal enforcement for noncompliance. (Amber Sinha, Senior Programme Manager at Centre for Internet and Society (CIS))If a DPA were to come in today and regulate everybody who is dealing with personal data at a significant level, there are more than 600 million entities that they have to regulate. (Beni Chugh, Dvara)

Accountability: When you create an extremely powerful agency like the DPA, you will have to put in place a system of regulatory governance, where the DPA is held accountable for its actions or else you will exhaustipate the asymmetry of power between the regulator and the regulated. (Renuka Sane)

One big feature, which has become a standard practice across regulators, that is missing in the DRA is a reporting board structure, where you are internally accountable to the management board and externally, you are accountable through self-reporting mechanisms. The functioning of the Chairperson is not defined well enough for us to see if there is enough internal accountability at the organisation. The internal governance of the regulatory body is what can improve the outcomes of the regulations. (Beni Chugh).

Penalties for violation of privacy laws

Criminal penalties: According to me, the threshold for a criminal offence is low in this bill. If the law were to be implemented today, a vast majority of the businesses would be criminally charged. There are three provision in the bill that deal with criminal penalties, they essentially deal with data processors breaching individual rights in a reckless or in a grossly negligent fashion. There are legal standards on how to construed ‘reckless’ behavior, particularly from the domain of tort law. However, what will trigger an enforcement action is still kind of open to speculation because the language of the bill open to interpretation. (Amber Sinha, CIS)

The bill enables the Data Protection Authorities to impose penalties of up to Rs 15 crores or 4% of the annual global turnover, whichever is higher, for violating privacy laws.

Penalties for govt authorities: Even if you levy a heavy fine on a government authority for breaching any laws, it’s you and I who will be paying for their fault, because its ultimately going from the Budget. I think that’s where the criminal offense part of it becomes important. You can hold people personally liable. (Beni Chugh)An individual liability on a government official or secretary may be the way to go and I find that the bill has that provision In (Bill) 96 (3). (a member of the audience)I think that there are several exceptions given to the state and perhaps that will make it more difficult to define whether there has been a violation by the state. (Renuka Sane)

Impact on consumers and businesses

Onerous task for consumers: The problem with the bill is that it assumes a lot of active understanding of the law. For a consumer to file a grievance, she has to say that there was a violation and it is likely to (or) has caused her harm. But, since harm is not well defined, how are you going to file a grievance? (Beni Chugh)
Uncertainty over regulations: I’m uncertain about the impact the bill would have on businesses because many of the obligations that one needs to abide by, are not well defined. (Beni Chugh)
Bill will become less ambiguous once the DRA creates regulations. (Renuka Sane)

Other notes

One thing that the bill does fairly well is defining the obligations of a data processor. (Amber Sinha)
There are certain discrepancies which exist between the approach that the report seems to espouse and what is actually reflected in the Bill. (Amber Sinha)
On most questions about this law, I would have one answer that it is too early to say and we will see how it will evolve. (Renuka Sane)
There are various metrics based on which you can define if the DRA is an independent organisation. Based on few of them, it could be independent, but based on others, it could not be. (Renuka Sane)
I think that there are several exceptions given to the state and perhaps that will make it more difficult to define whether there has been a violation by the state. (Renuka Sane)
I predict that the DPA will treat NPCI as any other fiduciary, even if the data it processes will be marked as critical. (Manasa Venkataraman, Associate Fellow, The Takshashila Institution)
In the EU, they have had the luxury of spending 10 years (on GDPR) because they already had a data protection law. But for us, we never had one, this is the first one. So, in that sense, it is definitely much more urgent for us. We have to get it right, we can’t rush it but there is much greater urgency in our jurisdiction. (Amber Sinha)

For more details visit https://cis-india.org/internet-governance/news/medianama-rana-september-9-2018-namaprivacy-data-protection-authoritys-regulatory-and-enforcement-challenges

Artificial Intelligence in the Governance Sector in India

Arindrajit Basu and Elonnai Hickok — 2018-09-14T11:37:58Z

The use of Artificial Intelligence has the potential to ameliorate several existing structural inefficiencies in the discharge of governmental functions. Our research indicates that the deployment of this technology across sub-sectors is still on the horizons.

Ecosystem Mapping:Shweta Mohandas and Anamika Kundu
Edited by: Amber Sinha, Pranav MB and Vishnu Ramachandran

Much of the technological capacity and funding for AI in governance in India is coming from the private sector - a trend we expect will continue as the government engages in an increasing number of partnerships with both start-ups and large corporations alike. While there is considerable enthusiasm and desire by the government to develop AI-driven solutions in governance, including the release of two reports identifying the broad contours of India’s AI strategy, this enthusiasm is yet to be underscored by adequate financial, infrastructural, and technological capacity. This gap provides India with a unique opportunity to understand some the of the ethical, legal and technological hurdles faced by the West both during and after the implementation of similar technology and avoid these challenges when devising its own AI strategy and regulatory policy.

The case study identified five sub-sectors including law enforcement, education, defense, discharge of governmental functions and also considered the implications of AI in judicial decision-making processes that have been used in the United States. After mapping the uses of AI in various sub-sectors, this report identifies several challenges to the deployment of this technology. This includes factors such as infrastructural and technological capacity, particularly among key actors at the grassroots level, lack of trust in AI driven solutions and adequate funding. We also identified several ethical and legal concerns that policy-makers must grapple with. These include over-dependence on AI systems, privacy and security, assignment of liability, bias and discrimination both in process and outcome, transparency and due process. Subsequently, this report can be considered as a roadmap for the future of AI in India by tracking corresponding and emerging developments in other parts of the world. In the final section of the report, we propose several recommendations for policy-makers and developers that might address some of the challenges and ethical concerns identified. Some of these include benchmarks for the use of AI in the public sector, development of standards of explanation, a standard framework for engagement with the private sector, leveraging AI as a field to further India’s international strategy, developing adequate standards of data curation, ensuring that the benefits of the technology reaches the lowest common denominator, adopting interdisciplinary approaches to the study of Artificial Intelligence and developing fairness,transparency and due process through the contextual application of a rules-based system.

It is crucial that policy-makers do not adopt a ‘one-size-fits-all’ approach to AI regulation but consider all options within a regulatory spectrum that considers the specific impacts of the deployment of this technology for each sub-sector within governance - with the distinction of public sector use. Given that the governance sector has potential implications for the fundamental rights of all citizens, it is also imperative that the government does not shy away from its obligation to ensure the fair and ethical deployment of this technology while also ensuring the existence of robust redress mechanisms. To do so, it must chart out a standard rules-based system that creates guidelines and standards for private sector development of AI solutions for the public sector. As with other emerging technology, the success of Artificial intelligence depends on whether it is deployed with the intention of placing greater regulatory scrutiny on the daily lives of individuals or for harnessing individual potential that augment rather than counter the core tenets of constitutionalism and human dignity.

Read the full report here

For more details visit https://cis-india.org/internet-governance/blog/artificial-intelligence-in-the-governance-sector-in-india

India’s post-truth society

swaraj — 2018-09-12T12:16:31Z

The proliferation of lies and manipulative content supplies an ever-willing state a pretext to step up surveillance.

The op-ed was published in Hindu Businessline on September 7, 2018.

After a set of rumours spread over WhatsApp triggered a series of lynchings across the country, the government recently took the interesting step of placing the responsibility for this violence on WhatsApp. This is especially noteworthy because the party in power, as well as many other political parties, have taken to campaigning over social media, including using WhatsApp groups in a major way to spread their agenda and propaganda.

After all, a simple tweet or message could be shared thousands of times and make its way across the country several times, before the next day’s newspaper is out. Nonetheless, while the use of social media has led to a lot of misinformation and deliberately polarising ‘news’, it has also helped contribute to remarkable acts of altruism and community, as seen during the recent Kerala floods.

While the government has taken a seemingly techno-determinist view by placing responsibility on WhatsApp, the duality of very visible uses of social media has led to others viewing WhatsApp and other internet platforms more as a tool, at the mercy of the user. However, as historian Melvin Kranzberg noted, “technology is neither good nor bad; nor is it neutral”. And while the role of political and private parties in spreading polarising views should be rigorously investigated, it is also true that these internet platforms are creating new and sometimes damaging structural changes to how our society functions. A few prominent issues are listed below:

Fragmentation of public sphere

Jurgen Habermas, noted sociologist, conceptualised the Public Sphere as being “a network for communicating information and points of view, where the streams of communication are, in the process, filtered and synthesised in such a way that they coalesce into bundles of topically specified public opinions”.

To a large extent, the traditional gatekeepers of information flow, such as radio, TV and mainstream newspapers, performed functions enabling a public sphere. For example, if a truth-claim about an issue of national relevance was to be made, it would need to get an editor’s approval.

In case there was a counter claim, that too would have to pass an editorial check. Today however, nearly anybody can become a publisher of information online, and if it catches the right ‘influencer’s attention, it could spread far wider and far quicker than it would’ve in traditional media. While this does have the huge positive of giving space to more diverse viewpoints, it also comes with two significant downsides.

First, that it gives a sense of ‘personal space’ to public speech. An ordinary person would think a few times, do some research, and perhaps practice a speech before giving it before 10,000 people. An ordinary person would also think for perhaps five seconds before putting out a tweet on the very same topic, despite now having a potentially global audience.

Second, by having messages sent directly to your hand-held device, rather than open for anyone to fact-check and counter, there is less transparency and accountability for those who send polarising material and misinformation. How can a mistaken and polarising view be countered, if one doesn’t even know it is being made? And if it can’t be countered, how can its spread by contained?

The attention market

Not only is that earlier conception of public sphere being fragmented, these new networked public spheres are also owned by giant corporations. This means that these public spheres where critical discourse is being shaped and spread, are actually governed by advertisement-financed global conglomerates. In a world of information overflow, and privately owned, ad-financed public spheres, the new unit of currency is attention.

It is in the direct interest of the Facebooks and Googles of the world, to capture user attention as long as possible, regardless of what type of activity that encourages. It goes without saying that neither the ‘mundane and ordinary’, nor the ‘nuanced and detailed’ capture people’s attention nearly as well as the sensational and exciting.

Nearly as addicting, studies show, are the headlines and viewpoints which confirm people’s biases. Fed by algorithms that understand the human desire to ‘fit in’, people are lowered into echo chambers where like-minded people find each other and continually validate each other. When people with extremist views are guided to each other by these algorithms, they not only gather validation, but also now use these platforms to confidently air their views — thus normalising what was earlier considered extreme. Needless to say, internet platforms are becoming richer in the process.

Censorship by obfuscation

Censorship in the attention economy, no longer requires blocking of views or interrupting the transmission of information. Rather, it is sufficient to drown out relevant information in an ocean of other information. Fact checking news sites face this problem. Regardless of how often they fact-check speeches by politicians, only a minuscule percentage of the original audience comes to know about, much less care about the corrections.

Additionally, repeated attacks (when baseless) on credibility of news sources causes confusion about which sources are trustworthy. In her extremely insightful book “Twitter and Tear Gas”, Prof Zeynep Tufekci rightly points out that rather than traditional censorship, powerful entities today, (often States) focus on overwhelming people with information, producing distractions, and deliberately causing confusion, fear and doubt. Facts, often don’t matter since the goal is not to be right, but to cause enough confusion and doubt to displace narratives that are problematic to these powers.

Viewpoints from members of groups that have been historically oppressed, are especially harangued. And those who are oppressed tend to have less time, energy and emotional resources to continuously deal with online harassment, especially when their identities are known and this harassment can very easily spill over to the physical world.

Conclusion

Habermas saw the ideal public sphere as one that is free of lies, distortions, manipulations and misinformation. Needless to say, this is a far cry from our reality today, with all of the above available in unhealthy doses. It will take tremendous effort to fix these issues, and it is certainly no longer sufficient for internet platforms to claim they are neutral messengers. Further, whether the systemic changes are understood or not, if they are not addressed, they will continue to create and expand fissures in society, giving the state valid cause for intervening through backdoors, surveillance, and censorship, all actions that states have historically been happy to do!

For more details visit https://cis-india.org/internet-governance/blog/hindu-businessline-swaraj-paul-barooah-september-7-2018-indias-post-truth-society