We are anonymous, we are legion

Symposium on India’s Cyber Strategy

Admin — 2018-10-02T06:02:59Z

CIS organised a Symposium on India’s Cyber Strategy.

The event saw a total of around 30 participants from industry, academia, law/policy, media, and civil society, and had a panel comprised of Asoke Mukerji, Madhulika Srikumar, and Parminder Jeet Singh.

Presentations

India’s Strategic Interests in the Norms Setting Process in Cyberspace (Presentation by Ambassador Asoke Kumar Mukerji, Former Permanent Representative of India to the United Nations)
The Potential for the Normative Regulation of Cyberspace (Presentation by Arindrajit Basu)

For more details visit https://cis-india.org/internet-governance/events/symposium-on-india2019s-cyber-strategy

World Library and Information Congress 2018

Admin — 2018-08-31T02:23:29Z

Swaraj Paul Barooah was a speaker at two panels during the World Library and Information Congress 2018 (WLIC2018), organised by the International Federation of Library Associations and Institutions (IFLA) in Kuala Lumpur on August 26 and 27, 2018.

Swaraj's first panel, titled "Intellectual Freedom in a Polarised World" was selected as one of 9 sessions to be live-streamed and recorded, out of 249 sessions in total. The recording can be accessed on YouTube.

Session 123 Intellectual Freedom in a Polarised World - Freedom of Access to Information and Freedom of Expression (FAIFE) Advisory Committee (SI)

Chair: Martyn Wade, United Kingdom

In many national contexts, citizens are seen to be either “with the government or against it,” leaving little opportunity to freely and safely express more nuanced views of current social, political or economic issues. While notable authoritarian regimes quite transparently monitor and limit societal discussion, others, ostensibly democratic, may work in practice to blunt potentially unfavourable social commentary on the pretence of defending political stability or public morality. IFLA’s Freedom of Access to Information and Freedom of Expression (FAIFE) Advisory Committee explores this phenomenon--and the potential role of civil society and information professionals in advancing freedom of expression--through the experience and insights of an NGO leader, an academic public intellectual, and an officer of UNESCO.

Presentations

Internet and the freedom of expression in Indonesia: opportunity and challenges - Indriaswati Dyah Saptaningrum, University of New South Wales; former Executive Director of the ELSAM human rights organization (Indonesia), Australia
Freedom of Expression in Malaysia - Azmi Bin Sharom, Faculty of Law, University of Malaysia, Malaysia
What's up with WhatsApp - polarisation and lynchings in India - Swaraj Paul Barooah, The Centre for Internet and Society, India
How to align national laws with international standards on freedom of expression? - Ming-Kuok Lim, Programme Specialist for Communication and Information, UNESCO, Indonesia

Session 140 To Have and not to Hold: The End of Ownership - CLM and FAIFE

The shift from buying physical library media to licensing digital content has profound impacts on the way libraries acquire and give access to content. From e-books that can disappear at the whim (or the mistake) of the owners of a server far away, to the limits on sharing and archiving imposed by some contracts. From the potential monitoring of reader behaviour, to the criminalisation of those who simply want to improve user experience. The dominance of digital media in information provision has both broadened the field of information to which we have access, but potentially made it shallower in terms of the use that libraries, and their users, can make of it. The joint CLM-FAIFE session will look at the question of the end of ownership from a legal and an ethical point of view, drawing on the experience and knowledge of the two communities.

Tomas A. Lipinski, School of Information Studies, University of Wisconsin, Milwaukee, USA – The Limits of Licensing.
Ann Okerson, Centre for Research Libraries, Chicago, USA – The Possibilities of Licensing.
Swaraj Paul Barooah, Centre for Internet and Society – The Balance among Licenses and Exceptions and Limitations to Copyright.
Brent Roe - Laurentian University, Sudbury, Canada – Privacy Concerns and Other Side Effects of Licensing.
Jonathan Hernandez-Perez, Researcher, Instituto de Investigaciones Bibilotecologicas, UNAM, Mexico City, Mexico (Invited) – Special Issues in the Developing World; Open Access as a Recapturing of Ownership.

For more details visit https://cis-india.org/internet-governance/news/world-library-and-information-congress-2018

Celebrating One Year of the Justice K.S. Puttaswamy v. Union of India Judgment

Admin — 2018-08-30T02:53:48Z

Shweta Mohandas was a panelist at the event, "Celebrating One Year of the Justice K.S. Puttaswamy v. Union of India Judgment", organised by Indian Council for Research on International Economic Relations, and the Centre for Communication Governance at National Law University Delhi. It took place on Friday, 24 August 2018 at India International Centre, New Delhi.

The event began with Dr. Usha Ramanathan's Opening remarks on the State of Privacy in India & the Challenges to Realising Puttaswamy’s Promise. This was then followed by two panel discussions, the first on Data Protection for a Free and Fair Digital Economy and the second on the Legacy of the Justice K.S. Puttaswamy v. Union of India Judgment. Shweta participated in the second panel. More details of the event here.

For more details visit https://cis-india.org/internet-governance/news/celebrating-one-year-of-the-justice-k-s-puttaswamy-v-union-of-india-judgment

20 years of Google: Privacy, fake news and the future

Admin — 2018-08-30T02:49:06Z

Google once directed you to information. Today, it’s often the source of information, using data you and others have shared, often without you realising it. Public knowledge goes where Google takes it. And 20 years on, not everyone’s happy with the journey.

The article by Rachel Lopez was published in Hindustan Times on August 26, 2018. Pranesh Prakash was quoted.

Happy Birthday, Google. The search engine is 20 this year, and what a ride it’s been! When Sergey Brin and Larry Page were developing software that searched better and loaded faster than Explorer, Navigator and AltaVista, the web itself consisted of just 1 lakh websites.

Google’s mission statement was succinct: To organise the world’s information and make it universally accessible. Their corporate code of conduct was even simpler: Don’t be evil.

Perhaps even Google didn’t realise where its mission would take it. The following decade brought Google News, Gmail, Maps and Chrome. By 2014, the internet had grown to 1 billion websites. The search engine, their core product, had become the default homepage of the Internet.

In May this year, Google quietly dropped the ‘Don’t be evil’ tag. The same month, its Android operating system crossed 2 billion monthly active devices. Seven products (including YouTube and Google Play) now reach a combined 1 billion users.

Google once directed you to information. Today, it’s often the source of information (in ads and top-of-the-page blocs), using data you and others have shared, often without you realising it. Public knowledge goes where Google takes it. And 20 years on, not everyone’s happy with the journey.

“The key concern is that Google has grown so big,” says Pranesh Prakash, policy director at Bangalore’s Centre for Internet & Society. “It’s like the classic line from [Spiderman’s] Uncle Ben: With great power comes great responsibility. In Google’s case, its great size is what brought great power to begin with.”

For billions of Google users, the biggest concerns are now of privacy and accountability, says Nikhil Pahwa, founder of Medianama, which analyses digital and telecom businesses. “There are few checks on Google’s ability to take, retain and process information from users,” he says.

Hits and misses

For Google, all is going according to plan. Its search engine is now smart enough to complete your sentences. It’s learning constantly from what you search for, watch, spend on, share and regret; it knows your commute and your vacation plans. And it’s profiting from this knowledge.

In the UK, Google is being sued for bypassing iPhone privacy settings to track and collect data from 4.4 million users in 2011 and 2012. Information on race, physical and mental health, political leanings, sexuality, shopping habits and locations was apparently used to build advertising categories. Google also creates products for the US government, and has user data from around the world. “Any entity that has this much insight into us, and is in a position to use it, whether for the government or commercial gain, is cause for worry,” says Prakash. Most users aren’t worried, and that’s worrying too. We don’t realise how much data is being tracked or collected. The more we share, the more useful Google gets, and the greater its potential for misuse, for mapping say, beef-eaters, online dissenters, LGBT supporters or single women who work late.

The Internet’s other giant, Facebook, recently suspended 400 apps over privacy concerns, admitting that 87 million users may have had data compromised in 2016. Meanwhile, even non-Google apps are capable of hijacking data using software developed by Google. Weather apps look at your photo gallery, ride-sharing software keep tracking you after the ride, games are checking out your texts as you play. Gmail knows your flight timings, how many steps you’ve walked, and your last bank transaction.

Search for tomorrow

Perhaps the biggest concerns are with Google’s artificial intelligence technology, the brand’s great leap forward fuelled by its massive data reserves. The tech is already being criticised for being fed biased data, creating global services that mirror the prejudices of an insular, mostly white, mostly male, tech industry.

Sara Wachter-Boettcher, author of Technically Wrong, which looks at how technology reflects sexism and the biases of the people that create it, says this creates problems. “Google develops tools that other tech companies rely on to build other products,” she says. So its biases spread to other products too. As machines learn, Google is starting to unlearn too.

“Machine unlearning is basically recognising when a machine has learned something inaccurate, or biased, and then erasing that learning,” says Wachter-Boettcher. In Africa, the company (along with Facebook) now funds a Masters course in machine intelligence to improve the industry’s diversity. Last year, Google took its first steps to curb fake news hits on its search engines with tools that allow users to report misleading or offensive content.

But perhaps it’s time to work towards a future in which Google will be monitored in real time, in different countries, rather than depending on the company to offer a fix after a misstep. Prakash believes that the way forward is reimagining an Internet where Google isn’t the first and last word on everything. “This doesn’t mean more companies like Google but searching that happens in a more decentralised way,” he says. “We need to save the web from large monopolies in the long run.”

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-rachel-lopez-august-26-2018-20-years-of-google-privacy-fake-news-and-future

UNESCAP Google AI Meeting

Admin — 2018-09-20T15:47:42Z

Arindrajit was a panelist at the event on AI in public service delivery hosted by UNESCAP Bangkok on August 29, 2018. The event was co-organized by Economic and Social Commission for Asia and the Pacific and Google.

The discussion centered around the two questions (1) Is AI different from other technological advancements in the past and (2) Recommendations for policy-makers to enhance AI in Public Service Delivery.The other panelists were Dr. Urs Gasser (Berkman), Vidushi Marda ( Art.19), Malavika Jayaram (Digital Asia Hub) and Jake Lucchi ( Google) The panel was a platform to discuss some of our findings in our case studies on healthcare and agriculture, which we will receive comments on and will get published in November.

For more details visit https://cis-india.org/internet-governance/news/unescap-google-ai-meeting

India steps up vigilance against WhatsApp abuse

Admin — 2018-08-27T15:22:23Z

Delhi wants firm to open local office, appoint grievance officer as misinformation spreads.

The article by Debashree Dasgupta was published by Straits Times on August 24, 2018. Sunil Abraham was quoted.

In one of its strongest directives yet to WhatsApp, the Indian government has asked the California-based messaging service firm to set up an office and appoint a grievance officer in India.

Indian Information Technology Minister Ravi Shankar Prasad conveyed the request to WhatsApp chief executive Chris Daniels during a meeting on Tuesday. It came against the backdrop of the growing misuse of the messaging app to disseminate misinformation.

"I requested WhatsApp chief executive Chris Daniels to set up a grievance officer in India, establish a corporate entity in India, comply with Indian laws. He assured me that #WhatsApp will soon take steps on all these counts," Mr Prasad tweeted after the meeting.

"I further asked WhatsApp CEO... to work closely with law enforcement agencies of India and create public awareness campaign to prevent misuse of WhatsApp. He assured me that #WhatsApp will undertake these initiatives," he added in another tweet.

The firm has not yet provided a confirmation of these claims.

The spread of misinformation about child kidnappings through WhatsApp has been linked to a series of mob lynchings that have led to the deaths of least 28 people across India since April.

TAKING RESPONSIBILITY

When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators, they are liable to be treated as abettors and thereafter, face consequent legal action.

INDIA'S MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY

There are also concerns that the spread of fake news via the application could gather further momentum ahead of next year's general elections in India. The firm has more than 200 million active monthly users in India - its biggest market and a sizeable chunk of its 1.5 billion global user base.

WhatsApp, the most widely used messaging app in India, has struggled to control the spread of misinformation in India on its platform.

With the government demanding greater accountability from it, the firm has made it more difficult for users to forward content by removing shortcuts. It has limited to five the number of people a message can be forwarded to each time, and introduced a "forwarded" label for such messages.

But the authorities have found this inadequate given the enormity of the challenge and rampant abuse.

Last month, the Indian Ministry of Electronics and Information Technology said: "There is a need for bringing in traceability and accountability when a provocative/inflammatory message is detected, and a request is made by law enforcement agencies.

"When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators, they are liable to be treated as abettors and thereafter, face consequent legal action."

Mr Prasad, speaking to the media after the meeting, said: "I have said in the past that it does not take rocket science to locate a message being circulated in hundreds and thousands... You must have a mechanism to find a solution."

The Indian government's demand for WhatsApp to set up a local office is not unprecedented.

The European Union General Data Protection Regulation says a foreign firm that processes personal data of individuals in the EU "may be required" to appoint a representative in an EU state. However, calls by the government to detect messages and track down senders have prompted concerns over privacy violation, and pose a technical challenge.

Mr Sunil Abraham, executive director of the Centre for Internet and Society, a Bangalore-based nonprofit organisation, said: "Application-wide blocking of the same content is not possible on WhatsApp because it uses end-to-end cryptography, and there is no way WhatsApp can determine which messages are being forwarded."

But there are potential remedies that are less controversial, and easier to achieve.

Mr Abraham suggested that WhatsApp fund a large network of fact checkers and provide a "fact check this" button along with all forwarded messages. "This button could then transmit the suspicious message to a common database that is managed by the network for fact checkers," he added.

Last month, the Ministry of Electronics and Information Technology raised concerns on the expected roll-out of WhatsApp Payments, which lets users make financial transactions via the application. It has sought clarity on whether the service adheres to the Reserve Bank of India's security and privacy rules.

For more details visit https://cis-india.org/internet-governance/news/the-straits-times-august-24-2018-debarshi-dasgupta-india-steps-up-vigilance-against-whatsapp-abuse

Centre draws red lines for Whatsapp over fake news, says must comply with Indian laws

Admin — 2018-08-27T14:24:51Z

In a meeting with WhatsApp’s CEO Chris Daniels, Union minister Ravi Shankar Prasad said India put forward several demands, including that the company must have a grievance officer in India and have proper compliance of Indian laws.

The article by Nakul Sridhar was published in the Hindustan Times on August 21, 2018.

The Union government on Tuesday told the Facebook-owned WhatsApp to comply with Indian law, set up an Indian entity, and appoint a grievance officer in India to who people can reach immediately.

The directive comes at a when the government has pulled up the company for fake news spread on the social media platform serving as a contributory factor in several incidents of mob lynching across the country.

Ravi Shankar Prasad, Minister for Electronics and Information Technology, conveyed this to the global head of WhatsApp, Chris Daniels, who is in India this week. This is the first time that the government has spelt out its key expectations from the platform.

“I told him there have been sinister developments like fake news and revenge porn, which are criminal and against Indian laws. I suggested three points: they must have a grievance officer in India; they must comply with Indian laws; and they must have a local, corporate entity in India,” Prasad said.

Daniels, he added, had agreed to the three conditions. WhatsApp did not offer an independent confirmation or respond to questions.

Prasad said he also told Daniels that WhatsApp would have to comply with Reserve Bank of India (RBI) guidelines to start its payments services in India, saying that the firm would have to store the financial data it collects from India within the country.

After at least 30 lynchings in the past one year were linked to rumours and fake news spread through the WhatsApp platform, the IT ministry sent two notices to the company last month, asking it to curb the spread of such messages. WhatsApp’s chief operating officer, Matthew Idema, had met the IT ministry secretary Ajay Sawhneytowards the end of July to discuss the issue of fake news with the ministry and explain the steps it was taking in curbing its spread.

The application made it more difficult to forward media by removing shortcuts, limited the number of people a forwarded message can be sent to at a time to five, and introduced a ‘forwarded’ label for such messages after the push from the government.

Explaining its broad approach, a top government functionary, who asked not to be named, said, “We cannot accept digital imperialism. India is an open society. We have embraced technology and innovation. But no one should think they can come and do as they like. Firms like WhatsApp must conform to our rules, laws, and address problems.”

Reiterating his demand that WhatApp must find “a technological solution” to trace the origin of rumour-mongering messages, Prasad said, “It does not need rocket science to locate a message being circulated thousands and lakhs of times on the same day, on the same issue, in the same district and same state.” He said Daniels agreed to comply.

But experts believe that delivering on these demands will be challenging. “WhatsApp, according to my understanding, does not store metadata (such as phone number sent from) for text messages that are transmitted using their application or via the web client. Unfortunately, WhatsApp does not make this explicit in their public documentation,” said Sunil Abraham, founder of the think tank, Centre for Internet and Society.

“Therefore, many governments erroneously believe that sources of specific messages can be determined by big data analysis similar to the analysis of SMS metadata from telecom operators,” he said.

Metadata includes information such as the sender and recipient, date and time. “Now it would also include whether the message is forwarded,” said Abraham.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-august-21-2018-centre-draws-red-lines-for-whatsapp-over-fake-news-says-must-comply-with-indian-laws

Consumer Care Society: Silver Jubilee Year Celebrations

Arindrajit Basu — 2018-08-27T13:51:13Z

Arindrajit Basu delivered a talk the Silver Jubilee Celebrations of the Consumer Care Society (CCS )on 'Privacy and Security in the Age of the Internet.

CONSUMER CARE SOCIETY (CCS) is an active volunteer based not-for-profit organization involved in Consumer activities. Established as a registered society in the year 1994, CCS has for the past 3 decades functioned as the voice of consumer in many forums. Today CCS is widely recognized as an premier consumer voluntary organization (CVO) in Bangalore and Karnataka. CCS is registered with many goverenmental agencies and regulators like TRAI,BIS, Petroleum and Natural Gas Regulatory Board, DOT, ICMR at the Central Government levels and with almost all service providers at the State Level like BWSSB, BESCOM, BDA, BBMP.

Shreenivas.S. Galgali, ITS, Adviser, TRAI Regional Office, Bangalore and Aradhana Biradar, User Education and Research Specialist, Google were the other speakers at the event held at CCS.

For more details visit https://cis-india.org/internet-governance/blog/consumer-care-society-silver-jubilee-year-celebrations

Summer School on Disinformation

Admin — 2018-08-23T13:27:37Z

Sunil Abraham will participate as a speaker at the event organized by Digital Asia Hub, Hans-Bredow-Institut, University of Hamburg, Institute for Technology & Society of Rio de Janeiro - ITS Rio and Berkman Klein Center for Internet and Society at Harvard University from August 22 - 24, 2018 at Azure Room, Pullman, Jakarta in Indonesia.

Sunil Abraham will make a presentation on Disinformation and Online Recruitment. He will also be chairing the Roundtable on Platforms, Publics and Policies.

For more details visit https://cis-india.org/internet-governance/news/summer-school-on-disinformation

An Analysis of the CLOUD Act and Implications for India

Elonnai Hickok and Vipul Kharbanda — 2018-08-22T14:55:56Z

India houses the second largest population in the world at approximately 1.35 billion individuals. In such a diverse and dense context, law enforcement could be a challenging job.

Introduction

Networked technologies have changed the nature of crime and will continue to do so. Access to data generated by digital technologies and on digital platforms is important in solving online and offline crimes. Yet, a significant amount of such data is stored predominantly under the control of companies in the United States. Thus, for Indian law enforcement to access metadata (location data or subscriber information), they can send a request directly to the company. However for access to content data, law enforcement must follow the MLAT process as a result of requirements under the Electronic Communications Privacy Act (ECPA). ECPA allows service providers to share metadata on request of foreign governments, but requires a judicially issued warrant based on a finding of ‘probable cause’ for a service provider to share content data.

The challenges associated with accessing data across borders has been an area of concern for India for many years. From data localization requirements, legal decryption mandates, proposed back doors- law enforcement and the government have consistently been trying to find efficient ways to access data across borders.

Towards finding solutions to the challenges in the MLAT process, Peter Swire and Deven Desai in the article “A Qualified SPOC Approach for India and Mutual Legal Assistance” have noted the importance of finding a solution to the hurdles in the India - US MLAT and have suggested that reforms for the MLAT process in India should not start with law enforcement, and have instead proposed the establishment of a Single Point of Contact designated to handle and process government to government requests with requests emerging from that office receiving special legal treatment.

Frustrations with cross border sharing of data are not unique to India and the framework has been recognized by many stakeholders for being outdated, slow, and inefficient - giving rise to calls from governments, law enforcement, and companies for solutions. As a note, some research has also highlighted that the identified issues with the MLAT system are broad and more evidence is needed to support each concern and inform policy response.

Towards this, the US and EU have undertaken clear policy steps to address the tensions in the MLAT system by enabling direct access by governments to content data. On April 17 2018, the European Union published the E-Evidence Directive and a Regulation that allows for a law enforcement agency to obtain electronic evidence from service providers within 10 days of receiving a request or 6 hours for emergency requests and request the preservation or production of data. Production orders for content and transactional records can be issued only for certain serious crimes and must be issued by a judge. No judicial authorisation is required for production orders for subscriber information and access data, and it can be sought to investigate any criminal offense, not just serious offenses. Preservation orders can be issued without judicial authorisation for all four types of data and for the investigation of any crime. Further, requests originating from the European Union must be handled by a designated legal representative. Preservation orders can be issued for all four types of data. Further, requests originating from the European Union must be handled by a designated legal representative.

On the US side, in 2016, the Department of Justice (DoJ) put out draft legislation that would create a framework allowing the US to enter into executive agreements with countries that have been evaluated as meeting criteria defined in the law. Our response to the DoJ draft Bill can be found here. In February 2018, the Microsoft Ireland Case was presented before the U.S Supreme Court. The question central to the case was whether or not a US warrant issued against a company incorporated in the US was valid if the data was stored in servers outside of the US. On March 23, 2018, the United States government enacted the “Clarifying Lawful Overseas Use of Data Act” also known as the CLOUD Act. The passing of the Act solves the dilemma found in the Microsoft Ireland case. The CLOUD Act amends Title 18 of the United States Code and allows U.S. law enforcement agencies to access data stored abroad by increasing the reach of the U.S. Stored Communication Act, enabling access without requiring the specific cooperation of foreign governments. Under this law, U.S. law enforcement agencies can seek or issue orders that compel companies to provide data regardless of where the data is located as long as the data is under their “possession, custody or control”. It further allows US communication service providers to intercept or provide the content of communications in response to orders from foreign governments if the foreign government has entered into an executive agreement with the US upon approval by the Attorney General and concurrence with the Secretary of State. The Act also absolves companies from criminal and civil liability when disclosing information in good faith pursuant to an executive agreement between the US and a foreign country. Such access would be reciprocal, with the US government having similar access rights to data stored in the foreign country.

Though the E-Evidence Directive is a significant development, in this article - we focus on the CLOUD Act and its implications for cross border sharing of data between India and the US.

To read more download the PDF

For more details visit https://cis-india.org/internet-governance/blog/an-analysis-of-the-cloud-act-and-implications-for-india

DNA ‘Evidence’: Only Opinion, Not Science, And Definitely Not Proof Of Crime!

Elonnai Hickok and Murali Neelakantan — 2018-08-22T00:43:54Z

On August 9, 2018, the DNA Technology (Use and Application) Regulation Bill, 2018 was introduced in the Lok Sabha and we commented on some key aspects of it earlier.

The article was published in Bloomberg Quint on August 20, 2018.

Though taking some steps in the right direction such as formalising the process for lab accreditation, the Bill ignores many potential cases of ‘harm’ that may arise out of the collection, databasing, and using DNA evidence for criminal and civil purposes.

DNA evidence is widely touted as the most accurate forensic tool, but what is not widely publicised is it is not infallible. From crime scene to database, it is extremely vulnerable to a number of different unknown variables and outcomes. These variables are only increasing as the technology becomes more precise – profiles can be developed from only a few cells and technology now exists that generates a profile in 90 minutes. Primary and secondary transfer, contamination, incomplete samples, too many mixed samples, and inaccurate or outdated methods of analysis and statistical methodologies that may be used, are all serious reasons as to why DNA evidence may paint an innocent person guilty.

Importantly, DNA itself is not static and predicting how it may have changed over time is virtually impossible.

Innocent, But Charged

In April 2018, WIRED carried a story of Lukis Anderson who was charged with the first-degree murder of Raveesh Kumra, a Silicon Valley investor after investigators found Anderson’s DNA on Kumra’s nails. Long story short – Anderson earlier that day had been intoxicated in public and had been attended by paramedics. The same paramedics handled Kumra’s body and inadvertently transferred Anderson’s DNA to Kumra’s body. The story quotes some sobering facts that research has found about DNA:

Direct contact is not necessary for DNA to be transferred. In an experiment with a group of individuals sharing a bottle of juice, 50 percent had another’s DNA on their hand and ⅓rd of the glasses contained DNA from individuals that did not have direct contact with them.
An average person sheds 50 million skin cells a day.
Standing still our DNA can travel over a yard away and will be easily carried over miles on others clothing or hair, for example not very differently from pollen.
In an experiment that tested public items, it was found that items can contain DNA from a half-dozen people.
A friendly or inadvertent contact can transfer DNA to private regions or clothing.
Different people shed detritus at different levels that contain DNA.
One in five has some other person’s DNA under the fingernails on a continuous basis.

A police office carries crime scene tape in Alexandria, Virginia, U.S. (Photographer: Andrew Harrer/Bloomberg)

In another case, the police in Idaho, USA, used a public DNA database to run a familial DNA search – a technique used to identify suspects whose DNA is not recorded in a law enforcement database, but whose close relatives have had their genetic profiles cataloged, just as India's DNA Bill seeks to do. The partial match that resulted implicated Michael Usry, the son of the man whose DNA was in the public database. It took 33 days for Michael to be cleared of the crime. That an innocent man only spent 33 days under suspicion could be considered a positive outcome when compared to the case of Josiah Sutton who spent four years convicted of rape in prison due to misinterpretation of DNA samples by the Houston Police Department Crime Laboratory, which is among the largest public forensic centers in Texas. The Atlantic called this out as “The False Promise of DNA Testing – the forensic technique is becoming ever more common and ever less reliable”.

Presently, there is little confidence that such safeguards exist – prosecutors do not share any exculpatory evidence with the accused and India does not even follow the ‘fruit of a poisonous tree’ doctrine with respect to the admissibility of evidence and India has yet to develop a robust jurisprudence for evaluating scientific evidence.

The 2015 Law Commission Report cites four cases that speak to the role and reliance on expert opinion as evidence. Though these cases point to the importance of expert opinion they differ on the weight that should be given to the same. International best practice requires the submission of corroborating evidence, training law enforcement, and court officers, and ensuring that prosecution and defence have equal access to forensic evidence.

Consider India with a population of 1.3 billion people – 70 percent mostly residing in rural areas and less educated and a heavy migrant population in urban centres, an overwhelmed police force in nascent stages of forensic training, and an overburdened judiciary and no concrete laws to govern issues of the admissibility of forensic techniques.

In such circumstances, the question is not only how many criminals can be convicted but also how many innocents could be convicted.

A pair of standard issue handcuffs sits on a table. (Photographer: Jerome Favre/Bloomberg)

The DNA Bill seeks to establish DNA databanks at the regional and national level but how this will be operationalised is not quite clear. The Bill enables the DNA Regulatory Board to accredit DNA labs. Will databases be built from scratch? Will they begin by pulling in existing databases?

The question is not if the DNA samples match but how they came to match. The greater power that comes from the use of DNA databases requires greater responsibility in ensuring adequate information, process, training, and laws are in place for everyone – those who give DNA, collect DNA, store DNA, process DNA, present DNA, and eventually decide on the use of the DNA. As India matures in its use of DNA evidence for forensic purposes it is important that it keeps at the forefront what is necessary to ensure and protect the rights of the individual.

Elonnai Hickok Chief Operating Officer at The Centre for Internet and Society. Murali Neelakantan is an expert in healthcare laws, and the author of ‘DNA Testing as Evidence - A Judge’s Nightmare’ in the Journal of Law and Medicine.

For more details visit https://cis-india.org/internet-governance/blog/bloomberg-quint-elonnai-hickok-and-murali-neelakantan-august-20-2018-dna-evidence-only-opinion-not-science-and-definitely-not-proof-of-crime

ICANN response to DIDP #31 on diversity

Akriti Bopanna and Akash Sriram — 2018-08-21T17:35:06Z

This post summarizes the response of ICANN to our inquiry on the diversity of their employees.

The file can be found here

In our 31st DIDP request, we had asked ICANN to disclose information pertaining to the diversity of employees based on their race and citizenship. ICANN states that they are an equal opportunities employer and to ascertain the extent of people from different backgrounds in their ranks, we were hoping to be given the information.

However the response provided to us did not shed any light on this because of two reasons; firstly, ICANN has this information solely for two countries namely USA and Singapore as legislation in these countries compels employers to record this information. In the US, Title VII of the Civil Rights Act of 1964 requires that any organization with 100 or more employees have to file an Employer Information Report wherein the employment data is categorized by race/ethnicity/, gender and job category. Whereas in Singapore, information on race is gathered from the employee to assess which Self-Help group fund an employee should contribute to under Singaporean law.

Secondly, for the two countries, they refused to divulge information on the basis of their conditions of nondisclosure. The conditions pertinent here were:

Information provided by or to a government or international organization, or any form of recitation of such information, in the expectation that the information will be kept confidential and/or would or likely would materially prejudice ICANN's relationship with that party.
Personnel, medical, contractual, remuneration, and similar records relating to an individual's personal information, when the disclosure of such information would or likely would constitute an invasion of personal privacy, as well as proceedings of internal appeal mechanisms and investigations.
Drafts of all correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication

We had only enquired about the percentage of representation of employees at each level by their race or citizenship but this was deemed dangerous to disclose by ICANN. They did not volunteer anymore information such as an anonymized data set and hence we will now file a DIDP to ask them for the same.

Given the global and multi-stakeholder nature of the processes at ICANN, it is also of importance that their workforce represents true diversity as well. Their bylaws mandate diversity amongst its Board of Directors and some of its constituent bodies but there is no concrete proof of this being imbibed within their recruitment ICANN also did not think it was necessary to disclose our requested information in the benefit of public interest because it does not outweigh the harm that could be caused by the requested disclosure.

For more details visit https://cis-india.org/internet-governance/blog/icann-response-to-didp-31-on-diversity

Use of Visuals and Nudges in Privacy Notices

saumyaa — 2018-08-22T13:16:15Z

Nudging in privacy notices can be a privacy-enhancing tool. For example, informing users of how many people would have access to their data would help them make a decision. However, nudges can also be used to influence users towards making choices that compromise their privacy. For example, the visual design of default options on digital platforms currently nudge users to share their data. It is critical to ensure that there is mindful use of nudges, and that it is directed at the well being of the users.

Edited by Elonnai Hickok and Amber Sinha

Former Supreme Court judge, Justice B.N. Srikrishna, who is currently involved in drafting the new data-privacy laws for India, was quoted recently by the Bloomberg^[1]. Acknowledging the ineffectiveness of consent forms of tech companies that leads to users’ data being collected and misused, he asked if we should have pictograph warnings for consent much like the warnings that are given on cigarette packets. His concern is that an average Indian does not realise how much data they are generating or how it is being used. He attributed this to the access issues with the consent forms presented by companies which are in the English language. In the Indian context, Justice Srikrishna pointed out, considerations around literacy and languages should be addressed.

The new framework being worked on by Srikrishna and his committee comprising academics and government officials, would make the tech companies more accountable for data collection and use, and allow users to have more control over their own data. But, in addition to this regulatory step towards privacy and data protection, the concern towards communication of companies’ data practices through consent forms or privacy notices is also critical for users. Currently, the cryptic notices are a barrier for users, as are the services that do not provide incremental information about the use of the service - for example, what data is being shared with how many people or what data is being collected at what point, instead relying on blanket consent forms taken at the beginning of a service. Visuals can go a long way in making these notices and services accessible to users.

Although, Justice Srikrishna chose the extreme example of warnings on cigarette packets, visually depicting the health risks of cigarette smoking using repulsive imagery, the underlying intent seems to be of using visuals as a means of giving an immediate and clear warning about how people’s data is being used and by whom. It must be noted that the effectiveness of warnings on cigarette packets is debatable. These warnings are also a way in which manufacturers consider their accountability met, which is a possible danger with privacy notices as well. Most companies consider that their accountability is limited to giving all the information to the users without ensuring that the information is communicated to help the user understand the risks. Hence, one has to be cautious of the role of visuals in notices so that they are used with the primary purpose of meaningful communication and accessibility that can be used to inform further action. The visual summary of the data practice in terms of how it will affect the user will also serve as a warning.

The warning images on cigarette packets are an example of the user-influencing design approach called nudging^{^[2]}. While nudging techniques are meant to be aimed at the users’ well being, it brings forward the question of who decides what is beneficial for the users. Moreover, the harm in cigarette smoking is more obvious, and thus the favourable choice for the users is also clearer. But, in the context of data privacy, the harms are less apparent. It is difficult to demonstrate the harms or benefits of data use, particularly when data is re-purposed or used indirectly. There is also no single choice that can be pushed when it comes to the use and collection of data. Different users may have different preferences or degrees to which they would like to allow the use of their data. This raises deeper questions about the extent to which privacy law and regulation should be paternalistic.

Nudges are considered to follow the soft or libertarian paternalism approach, where the user is not forbidden any options but only given a push to alter their behaviour in a predictable way^{^[3]}. It is crucial to differentiate between the strong paternalistic approach that doesn’t allow a choice at all, the usability approach, and the soft paternalistic approach of nudging, as mentioned by Alessandro Acquisti in his paper, ‘The Behavioral Economics of Personal Information’^{^[4]}. In the usability approach, the design of the system would make it intuitive for users to change settings and secure their data. The soft paternalistic approach of nudging would be a step further and present secure settings as a default. Usability is often prioritised by designers. However, soft paternalism techniques help to enhance choice for users and lead to larger welfare^{^[5]}.

Nudging in privacy notices can be a privacy-enhancing tool. For example, informing users of how many people would have access to their data would help them make a decision^{^[6]}. However, nudges can also be used to influence users towards making choices that compromise their privacy. For example, the visual design of default options on digital platforms currently nudge users to share their data. It is critical to ensure that there is mindful use of nudges, and that it is directed at the well being of the users.

The design of privacy notices should be re-conceptualised to ensure that they inform the users effectively, keeping in mind certain best practices. For instance, a multilayered privacy notice can be used, which includes a very short notice designed for use on portable digital devices where there is limited space, condensed notice that contains all the key factors in an easy to understand way, and a complete notice with all the legal requirements^{^[7]}. Along with the layering of information, the timing of notices should also be designed to be at setup, just in time of the user’s action, or at periodic intervals. In terms of visuals, infographics can be used to depict data flows in a system. Another best practice is to integrate privacy notices with the rest of the system. Designers are needed to be involved early in the process so that the design decisions are not purely visual but also consider information architecture, content design, and research.

Practice based frameworks should be developed for communication designers in order to have a standardised vocabulary around creating privacy notices. Additionally, multiple user groups and their varied privacy preferences must be taken into account. Finally, an ethical framework must be put into place for design practitioners in order to ensure that the users’ well being is prioritised, and notices are designed to facilitate informed consent. Further recommendations and concerns regarding the design of privacy notices, and the use of visuals can be read here.

Justice Srikrishna’s statement is an important step towards creating effective privacy notices with visuals. The conversation on the need to design privacy notices can lead to clearer and more comprehensible notices. Combined with the enforcement of fair collection and use of data by companies, well designed notices will allow users more control and a real choice to opt-in or out of a service and make informed choices as they engage with a service. Justice Srikrishna’s analogy seems to recommend using visuals to describe what type of data is being collected and for what purposes at the time of taking consent. Though cigarette warnings may not be the most appropriate analogy, this is a good start, and it is important to explore how visuals and design can be used throughout a service - from beginning to end - to convey and promote awareness and informed choices by users. It is also important to extend this conversation outside of privacy into the realm of security and understand how visuals and design can inform users’ awareness and personal choices around security when using a service.

^{^[1]} https://www.bloomberg.com/news/articles/2018-06-10/tech-giants-nervous-as-judge-drafts-first-data-rules-in-india

^{^[2]} http://www.ijdesign.org/index.php/IJDesign/article/viewFile/1512/584

^{^[3]} https://www.andrew.cmu.edu/user/pgl/psosm2013.pdf

^{^[4]} https://www.heinz.cmu.edu/~acquisti/papers/acquisti-privacy-nudging.pdf

^{^[5]} https://www.heinz.cmu.edu/~acquisti/papers/acquisti-privacy-nudging.pdf

^{^[6]} https://cis-india.org/internet-governance/files/rethinking-privacy-principles

^{^[7]} https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/ten_steps_to_develop_a_multilayered_privacy_notice__white_paper_march_2007_.pdf

For more details visit https://cis-india.org/internet-governance/blog/use-of-visuals-and-nudges-in-privacy-notices

National Health Stack: Data For Data’s Sake, A Manmade Health Hazard

Murali Neelakantan, Swaraj Barooah, Swagam Dasgupta and Torsha Sarkar — 2018-09-16T05:01:18Z

On Oct. 5, 2017, an HIV positive woman was denied admission in Hyderabad’s Osmania General Hospital even though she was entitled to free treatment under India’s National AIDS Control Organisation programme. Another incident around the same time witnessed a 24-year-old pregnant woman at Tikamgarh district hospital in Madhya Pradesh being denied treatment by hospital doctors once she tested positive for HIV. The patient reportedly delivered the twins outside the maternity ward after she was turned away by the hospital, but her newborn twin girls died soon after.

The op-ed was published in Bloomberg Quint on August 14, 2018.

Apart from facing the severity of their condition, patients afflicted with diseases such as HIV, tuberculosis, and mental illnesses, are often subject to social stigma, sometimes even leading to the denial of medical treatment. Given this grim reality would patients want their full medical history in a database?

The ‘National Health Stack’ as described by the NITI Aayog in its consultation paper, is an ambitious attempt to build a digital infrastructure with a “deep understanding of the incentive structures prevalent in the Indian healthcare ecosystem”. If the government is to create a database of individuals’ health records, then it should appreciate the differential impact that it could have on the patients.

The collection of health data, without sensitisation and accountability, has the potential to deny healthcare to the vulnerable.

We have innumerable instances of denial of services due to Aadhaar and there is a real risk that another database will lead to more denial of access to the most vulnerable.

Earlier, we had outlined some key aspects of the NHS, the ‘world’s largest’ government-funded national healthcare scheme. Here we discuss some of the core technical issues surrounding the question of data collection, updating, quality, and utilisation.

Resting On A Flimsy Foundation: The Unique Health ID

The National Health Stack envisages the creation of a unique ID for registered beneficiaries in the system — a ‘Digital Health ID’. Upon the submission of a ‘national identifier’ and completion of the Know Your Customer process, the patient would be registered in the system, and a unique health ID generated.

This seemingly straightforward process rests on a very flimsy foundation. The base entry in the beneficiary registry would be linked to a ‘strong foundational ID’. Extreme care needs to be taken to ensure that this is not limited to an Aadhaar number. Currently, the unavailability of Aadhaar would not be a ground for denial of treatment to a patient only for their first visit; the patient must provide Aadhaar or an Aadhaar enrolment slip to avail treatment thereafter. This suggests that the national healthcare infrastructure will be geared towards increasing Aadhaar enrollment, with the unstated implication that healthcare is a benefit or subsidy — a largess of government, and not, as the courts have confirmed, a fundamental right.

Not only is this project using government-funded infrastructure to deny its citizens the fundamental right to healthcare, it is using the desperate need of the vulnerable for healthcare to push the ‘Aadhaar’ agenda.

Any pretence that Aadhaar is voluntary is slowly fading with the government mandating it at every step of our lives.

Aadhaar Seva kendra. (Source: Aadhaar Official Account/Facebook

Is The Health ID An Effective And Unique Identifier?

Even if we choose to look past the fact that the validity of Aadhaar is still pending the test of legality before the apex court, a foundational ID would mean that the data contained within that ID is unique, accurate, incorruptible, and cannot be misused. These principles, unfortunately, have been compromised by the UIDAI in the Aadhaar project with its lack of uniqueness of identity (i.e, fake IDs and duplicity), failure to authenticate identity, numerous alleged data leaks (‘alleged’ because UIDAI maintains that there haven’t been any leaks), lack of connectivity to be able to authenticate identity and numerous instances of inaccurate information which cannot be corrected.

Linking something as crucial and basic as healthcare data with such a database is a potential disaster.

There is a real risk that incorrect linking could cause deaths or inappropriate medical care.

The High Risk Of Poor Quality Data

The NITI Aayog paper envisages several expansive databases that are capable of being updated by different entities. It includes enrollment and updating processes but seems to assume that all these extra steps will be taken by all the relevant stakeholders and does not explain the motivation for stakeholders to do so.

In a country where government doctors, hospitals, wellness centres, etc are overburdened and understaffed, this reliance is simply not credible. For instance, all attributes within the registries are to be digitally signed by an authorised updater, there must be an audit trail for all changes made to the registries, and surveyors will be tasked with visiting providers in person to validate the data. Identifying these precautions as measures to assure accurate data is a great step towards building a national health database, but this seems an impossible task.

Who are these actors and what will incentivise them to ensure the accuracy and integrity of data?

In other words, what incentive and accountability structures will ensure that data entry and updating is accurate, and not approached from a more ‘jugaad’ ‘let’s just get this done for the sake of it’ attitude that permeates much of the country. How will patients have access to the database to be able to check its accuracy? Is it possible for a patient (who will presumably be ill) to gain easy access to an updater to change their data? If so, how? It is worth noting that the patient’s ‘right’ to check her data assumes that they have access to a computer that is connected to the internet as well as a good level of digital literacy, which is not the case in India for a significant section of the population. Even data portability loses its potential benefits if the quality of data on these registries is not reliable. In this case, healthcare providers will need to verify their patients’ health history using physical records instead, rendering the stack redundant.

Who will be liable to the patient for misdiagnosis based on the database?

A sonographic image is displayed on a monitor as a patient undergoes an ultrasound scan in Bikaner, Rajasthan, India. (Photographer: Prashanth Vishwanathan/Bloomberg)

Leaving the question of accountability vague opens updaters to the possibility of facing dangerous and unnecessarily punitive measures in the future. The NITI Aayog paper fails to address this key issue which arose recently. Despite being a notifiable disease, there are reports that numerous doctors from the private sector failed to notify or update TB cases to the Ministry of Health and Family Welfare ostensibly on the grounds that they did not receive consent from their patients to share their information with the government. This was met with a harsh response from the government which stated that clinical establishment that failed to notify tuberculosis patients would face jail time. According to a few doctors, the government’s new move would coerce patients to go to ‘underground clinics’ to receive treatment discreetly and hence, would not solve the issue of TB.

The document also offers no specific recommended procedures regarding how inaccurate entries will be corrected or deleted.

It is then perhaps not a stretch to imagine that these scenarios would affect the quality of the data stored; defeating NITI Aayog’s objective of researchers using the stack for high-quality medical data.

The reason why the quality and integrity of data is at the head of the table is that all the proposed applications of the NHS (analytics, fraud detection etc.) assume a high quality, accurate dataset. At the same time, the enrolment process, updating process and disclosed measures to ensure data quality will effectively lead to poor quality data. If this is the case, then applications derived from the NHS dataset should assume an imperfect data, rather than an accurate dataset, which should make one wonder if no data is better than data that is certainly inaccurate.

Lack Of Data Utilisation Guidelines

Issues with data quality are exacerbated depending on how and where it is used, and who uses it. The paper has identified some users to be health-sector stakeholders such as healthcare providers (hospitals, clinics, labs etc), beneficiaries, doctors, insurers and accredited social health activists but misses laying down utilisation guidelines. The foresight to create a dataset that can be utilised by multiple actors for numerous applications is commendable, but potentially problematic -- especially if guidelines on how this data is to be used by stakeholders (especially the private sector) are ignored.

In order to bridge this knowledge gap, India has the opportunity to learn from the legal precedent set by foreign institutions. As an example, one could examine the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. which sets out strict guidelines for how businesses are to handle sensitive health data in order to maintain the individual’s privacy and security. It goes one step further to also lay down incentive and accountability structures in order that business associates necessarily report security breaches to their respective covered entities.

If we do not take necessary precautions now, we not only run the risk of poor security and breach of privacy but of inaccurate data that renders the national health data repository a health risk for the whole patient population.

There’s also the lack of clarity on who is meant to benefit from using such a database or whether the benefits are equal to all stakeholders, but more on that in a subsequent piece.

A medical team uses a glucometer to check the blood glucose level of a patient at a mobile clinic in Pancharala, on the outskirts of Bengaluru, India. (Photographer: Dhiraj Singh/Bloomberg)

It’s Your Recipe, You Try It First!

If the NITI Aayog and the government are sure that there is a need for a national healthcare database, perhaps they can start using the Central Government Health Scheme (which includes all current and retired government employees and their families) as a pilot scheme for this. Once the software, database and the various apps built on it are found to be good value for money and patients benefit from excellent treatment all over the country, it could be expanded to those who use the Employees’ State Insurance system, and then perhaps to the armed forces. After all, these three groups already have a unique identifier and would benefit from the portability of healthcare records since they are likely to be transferred and posted all over the country. If, and only if, it works for these groups and the claimed benefits are observed, then perhaps it can be expanded to the rest of the country’s healthcare systems.

Murali Neelakantan is an expert in healthcare laws. Swaraj Barooah is Policy Director at The Centre for Internet and Society. Swagam Dasgupta and Torsha Sarkar are interns at The Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/bloomberg-quint-murali-neelakantan-swaraj-barooah-swagam-dasgupta-torsha-sarkar-august-14-2018-national-health-stack-data-for-datas-sake-a-manmade-health-hazard

India's Contribution to Internet Governance Debates

Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah and Akriti Bopanna — 2018-08-16T15:38:02Z

India's Contribution to Internet Governance Debates", an article by Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah and Akriti Bopanna, was recently published in the NLUD Student Law Journal, an annual peer-reviewed journal published by the National Law University, Delhi.

Abstract

India is the leader that championed ‘access to knowledge’ and ‘access to medicine’. However, India holds seemingly conflicting views on the future of the Internet, and how it will be governed. India’s stance is evolving and is distinct from that of authoritarian states who do not care for equal footing and multi-stakeholderism.

Introduction

Despite John Perry Barlow’s defiant and idealistic Declaration of Independence of Cyberspace1 in 1996, debates about governing the Internet have been alive since the late 1990s. The tug-of-war over its governance continues to bubble among states, businesses, techies, civil society and users. These stakeholders have wondered who should govern the Internet or parts of it: Should it be the Internet Corporation for Assigned Names and Numbers (ICANN)? The International Telecommunications Union (ITU)? The offspring of the World Summit on Information Society (WSIS) - the Internet Governance Forum (IGF) or Enhanced Cooperation (EC) under the UN? Underlying this debate has been the role and power of each stakeholder at the decision-making table.States in both the global North and South have taken various positions on this issue.

Whether all stakeholders ought to have an equal say in governing the unique structure of the Internet or do states have sovereign public policy authority? India has, in the past, subscribed to the latter view. For instance, at WSIS in 2003, through Arun Shourie, then India’s Minister for Information Technology, India supported the move ‘requesting the Secretary General to set up a Working Group to think through issues concerning Internet Governance,’ offering him ‘considerable experience in this regard... [and] contribute in whatever way the Secretary General deems appropriate’. The United States (US), United Kingdom (UK) and New Zealand have expressed their support for ‘equal footing multi-stakeholderism’ and Australia subscribes to the status quo.

India’s position has been much followed, discussed and criticised. In this article, we trace and summarise India’s participation in the IGF, UN General Assembly (‘UNGA’), ITU and the NETmundial conference (April 2014) as a representative sample of Internet governance fora. In these fora, India has been represented by one of three arms of its government: the Department of Electronics and Information Technology (DeitY), the Department of Telecommunications (DoT) and the Ministry of External Affairs (MEA). The DeitY was converted to a full-fledged ministry in 2016 known as the Ministry of Electronics and Information Technology (MeitY). DeitY and DoT were part of the Ministry of Communications and Information Technology (MCIT) until 2016 when it was bifurcated into the Ministry of Communications and MeitY.

DeitY used to be and DoT still is, within the Ministry of Communications and Information Technology (MCIT) in India. Though India has been acknowledged globally for championing ‘access to knowledge’ and ‘access to medicine’ at the World Intellectual Property Organization (WIPO) and World Trade Organization (WTO), global civil society and other stakeholders have criticised India’s behaviour in Internet governance for reasons such as lack of continuity and coherence and for holding policy positions overlapping with those of authoritarian states.

We argue that even though confusion about the Indian position arises from a multiplicity of views held within the Indian government, India’s position, in totality, is distinct from those of authoritarian states. Since criticism of the Indian government became more strident in 2011, after India introduced a proposal at the UNGA for a UN Committee on Internet-related Policies (CIRP) comprising states as members, we will begin to trace India's position chronologically from that point onwards.

Download the paper published in NLUD Student Law Journal here
For a timeline of the events described in the article click here
Read the paper published by NLUD Student Law Journal on their website

For more details visit https://cis-india.org/internet-governance/blog/nlud-student-law-journal-sunil-abraham-mukta-batra-geetha-hariharan-swaraj-barooah-and-akriti-bopanna-indias-contribution-to-internet-governance-debates